PURPOSE STATEMENT:

A highly diligent and motivated IT Security Professional seeking a befitting role where my education, experience and skills can be utilized.

SUMMARY STATEMENT:

A security professional with over about 20 years of sterling IT experience including 5 years of related security experience of which 3 is in IT program security management, bringing a well - rounded understanding of security technologies, concepts, tools and industrial best practices.

SKILL SUMMARY:

• Network and Systems Security
• System monitoring
• Vulnerability Assessment
• Authentication and Access Control
• Development of IT Security documents such as SSP, policy documents, PIA/PTA, POA&M etc.
• Risk Management Framework, RMF
• Knowledge of FISMA/NIST government regulations and policies
• Understanding of the ISO 27000, 27001 frameworks etc.
• Certification & Accreditation- FedRAMP
• Hardening guidelines/benchmarks- CIS, STIGS

TECHNOLOGY SKILLS SUMMARY:

Systems: Windows (all), Unix- RedHat Linux.

Networking: LANs, WANs, VPN, TCP/IP

Software: MS Office Suite (all versions), Visio.

Database: Oracle

Security Tools: Network Vulnerability Scanners (nCircle IP360, Retina, Nessus, LanGuard etc.), Network Sniffers (Wireshark), Anti-Virus Tools (Norton, Symantec), Firewalls, Intrusion Detection Systems (Snort, OSSEC), Forensics analysis tools (FTK, dd etc.), SIEM (Splunk), Burp suite, Accunetix, AppDetective etc.

Pentesting Tools: Nmap, BackTrack, SuperScan etc.

PROFESSIONAL EXPERIENCE:

Adjunct Professor

Confidential, Adelphi, MD

Responsibilities:

• Teaching and grading courses in the computer Information Technology Dept. which include but not limited to CompTIA A+, Security+ etc.

Instructor

Confidential

Responsibilities:

• Providing instructor-led trainings for candidate seeking certification in various fields of IT and IT Security.
• Among courses being taught are CompTIA A+, Security+, Network+, ISC2 CAP etc.

Information Systems Security Manager

Confidential, Falls Church, VA

Responsibilities:

• Vulnerability Management
• Maintenance and remediation of POA&Ms findings.
• Performance of continuous monitoring to meet FedRAMP requirements
• Development and review of security documents including SSP, Policies and procedures etc.
• Conduct of security trainings including but not limited to Incident Response, Disaster Recovery etc.
• Engagement with government agencies security personnel to meet mandatory security requirements.
• Engagement with government appointed security auditors to ensure accredited system continue to maintain optimal security posture.
• Take leadership on security projects to enhance cloud based application security such as multifactor authentication requirement.
• Performing authorization projects for multiple clients’ agencies to obtain Authority To Operate (ATO) for CSP cloud based application instances.
• Conducting an agency Authority to Operate for DHS- HQ as the designated ISSO for the instance of FedHR Navigator.
• Using Xacta to perform the RMF process steps for the ATO.
• Meeting weekly with agency ISSM and other stakeholders to provide weekly status update.
• Providing continuous monitoring and POA&M management support.
• Conducting an agency Authority to Operate for DHS-NPPD as the designated ISSO for the instance of FedHR Navigator.
• Using Xacta to perform the RMF process steps for the ATO.
• Provided client with a project schedule required for completing the project
• Providing continuous monitoring and POA&M management support.
• Provided bi-weekly status update to system owner and other stakeholders

Sr. Network Security Analyst

Confidential, Baltimore, MD

Responsibilities:

• Performed vulnerability analysis on network hosts.
• Performed hosts remediation based on defined organization procedures.
• Developed SOPs and other technical manuals for organization use.
• Assisted data center to remediate vulnerabilities so as to improve security postures.
• Performed vulnerability research to help clients and vendor eliminate false positives.
• Prepared security reports for upper management for review.
• Generated monthly report cards for data center to provide insight into security posture and advise them on how to improve posture.

Security Administrator

Confidential

Responsibilities:

• Perform periodic and on-demand system audits and vulnerability assessments of hosts and network using approved organization tools.
• Perform system and network patches based on vulnerability reports
• Prepare incident reports to upper management for review.

Sr. Systems Analyst

Confidential, SW Washington, DC

Responsibilities:

• Users’ account management account setup, unlock, password management etc.
• Access Control management of network resources such as printers, network folders etc.
• Virtual Private Network management such as setup and assisting users to securely access the enterprise network.
• In coordination with the SOC team, conducted threat and vulnerability tests on systems using anti virus systems when such threats are suspected.
• Performed blackberry server (BES) management duties including responsibilities such as account setup, termination, remote device wipe in case of loss/theft etc.
• Forensics responsibilities such as data recovery, data wiping etc.