A results-oriented IT professional with successful achievements in policy creation, host-policy compliance management, and strategic implementation of policy management with client deliverables. A highly qualified project leader with 12 years of experience in all aspects of professional C&A services, operations management and telecommunications.

PROFESSIONAL EXPERIENCE

Senior Information Security Engineer (Security Analyst II)
Confidential, Columbia, MD 
Contracted to Office of the Comptroller of the Currency (OCC), Washington, DC July 2008-Present

• Creates C&A General Support System packages for OCC utilizing National Institute of Standards and Technology (NIST) standards. Provides security expertise using various NIST 800 series (NIST 800-18, 800-53A Rev 2 &3), FIPS and OMB guidelines. Provides total quality assurance as a technical writer proofreading, editing and incorporating changes to OCC security documentation for internal use and for OCC wide distribution.
• Researches baseline configurations for OCC platforms and tools utilizing NIST, Center for Internet Security (CIS) and internally developed security standards.
• Develops Annual Assessments for OCC utilizing Consensus Audit Guidelines (CAG) and NIST guidance. Provides security expertise using various NIST, FIPS and OMB guidelines.

Senior Information Security Engineer
Confidential, Rockville, MD
May 2004-July 2008

• Spearheaded the entire NCICB C&A program. Created entire C&A packages and recertified expiring C&A packages. Resolved subsequent audit findings and Plan of Actions and Milestone (POA&M) tasks. This also included creating, designing and testing NCI Center for Bioinformatics Disaster Recovery Plan.
• Provided security expertise using NIST (800-18, 800-92, 800-53, 800-37), FIPS 199 & 200 with OMB guidance to secure numerous web-based systems built using open source products within a 4-tier architecture. This environment utilized a technology stack of predominantly TomCat, JBoss, Apache, Oracle, and Zope on RedHat Linux, Windows, and Solaris operating system platforms.
• Provided security expertise about HIPAA, 21 CFR-part 11, as well as other useful information about the industry standards for several ongoing Information Technology projects. Orchestrated the feasibility of NIST SP 800-92 - Guide to Computer Security Log Management.
• Created and designed security documentation for NCI environment which included emergency evacuation procedures Standard Operating Procedures (SOPs), E-Authentication Data Calls, Federal Desktop Core Configuration (FDCC) training, Memorandums of Understanding (MOUs), Privacy Impact Assessments (PIAs) etc. Updated System Development Life Cycle policies to include security as an intricate part of system and application development.
• Reviewed Tripwire, SARA Scan and AppScan reports for security deficiencies or abnormalities. Submitted these reports to facilitate firewall exceptions or worked with developers to correct security issues prior to new system launches and upgrades.

Information Security Engineer
Confidential, Fairfax, VA
Contracted to Office of the Inspector General (OIG), Washington, DC April 2003-April 2004

• Created C&A packages using NIST and DoD Information Assurance Certification and Accreditation Process (DIACAP) and DoD Information Technology Security Certification & Accreditation Process (DITSCAP) for all Health and Human Services (HHS) OIG Major Applications (MA) and General Support Systems (GSS).
• Provided total quality assurance as a technical writer proofreading, editing and incorporating changes to HHS security documentation for internal use and for HHS wide distribution.

Information Security Engineer
Confidential, Fairfax, VA
Contracted to Federal Communications Commission (FCC), Washington, DC October 2002-January 2003

• Maintained library of system security plans for MA and GSS systems updating plans for systems which had undergone major changes and upgrades.
• Planned and executed FCC first annual Computer Security Week. Computer Security Week was derived from the internationally recognized Computer Security Day held on November 30th of each calendar year.
• Served as task leader for FCC Desk Reference Guide Rainbow Series that provides guidance about all FCC related security parameters. Developed FCC computer security web page content. Periodically updated the FCC computer security intranet page to reflect the newest computer security notice or the latest FCC virus alert. Used REMEDY help desk management software to resolve FCC help desk calls related to computer security.

Network/System Security Analyst 
Confidential, Arlington, VA
Contracted to Federal Communications Commission (FCC), Washington, DC August 2001-September 2002

• Developed system security plans for numerous applications and the FCC GSS. Resolved several General Accounting Office (GAO) and IG audit findings directly related to the computer security program. Formulated results and created responses to 2002 and 2001 Government Information Security Reform Act (GISRA/FISMA) for the FCC network.
• Assisted in the development of a computer security strategic plan, an FCC Incident Response Guide and computer security courseware for training new or reassigned system users. Assisted in developing and conducting monthly computer security awareness and training courses utilizing computer and web-based products, and maintained training database. Performed audits on Internet usage, servers and modem usage using automated software tools like WEBTRENDS. Analyzed results and generated reports.
• Developed security awareness topics for monthly FCC Computer Security Notices. Several have been posted to NIST website as examples of security best practice. Developed Rules of Behavior for individual systems. This information was subsequently incorporated into the overall guidance provided to FCC developers.

Information Systems Security Analyst 
Confidential, Chevy Chase, MD
Contracted to Federal Deposit Insurance Corporation (FDIC), Arlington, VA January 2000-June 2001

• Developed security and integrity requirements applicable to each system, and analyzed the compliance of the security measures in place or planned, based on federal and FDIC regulations. Provided total quality assurance in the composition of reviews by noting discrepancies in FDIC security procedures.
• Completed several GSS and MA security reviews within six FDIC divisions. Served as team lead for Windows NT domain reviews to include the creation and interpretation of KANE Security Analyst (KSA) audit reports. The findings of the review were documented, categorized, and recommended corrective actions were suggested.
• Delivered monthly large scale PowerPoint presentation at FDIC headquarters which served as risk assessment/independent security review process information sessions. Developed program guide illustrating the Abacus Independent Security Review process.

Telecommunications Associate 
Confidential, Arlington, VA December 1998-January 2000

• Communicated basic telephony to various clients with the foresight of possible disaster recovery or business continuity situations and integrated this information into the design of the facility’s telecommunications build and layout.
• Surveyed and augmented building blueprints and layouts for the measurement and quantification of category 3 (Cat3) or category 5 (Cat5) wiring drops for the integration of data lines and (Plain old telephone system) POTS lines to upgrade or rewire facilities for PBX systems as needed.
• Facilitated the telecommunication Year 2000/Y2K/millennium bug changeover for numerous companies in the Maryland and DC area with the introduction of year 2000 compliant operating systems and system software through AT&T Lucent private branch exchange (PBX) equipment.

TOOLS, TRAINING AND CERTIFICATIONS
Tools - AppScan, Nessus, NCAT, SARA Scans, CIS Oracle 10g Testing Tool, Enterprise Wizard, and REMEDY. 
Training - de-identification, 21 CFR part-11 training, disaster recovery training, Trusted Agent FISMA.

Bachelor of Science in Marketing