Organized, detail-oriented information security, technical, customer support professional with 20+ years experience in government (Department of Energy) and private sectors (Engineering, Manufacturing and Banking); designing, developing, and managing comprehensive security policies and controls for business management systems, server and application administration. Strong customer service skills and experience managing corporate/regional helpdesk technical support infrastructure. Strong leadership skills, particularly in the area of team building and working in a matrix oriented project team environment. Demonstrates intuitive problem solving skill set which augments education and experience. Currently hold Department of Energy and Department of Defense Security Clearances. Memberships include being a Member of Infragard, US-CERT thru GFIRST, ISC2, ISACA, SANS.
- ISACA Certified Information Security Manager (CISM)
Certification number: 1116897 (December 2010) Valid thru Dec. 31, 2014
- GIAC Security Leadership Essentials for Managers (GSLC) - Silver,
MGMT - 512 (December 9, 2007)GSLC Analyst 1612 - Recertified thru Dec. 2015
- Certified Information Systems Security Professional (CISSP - 93285)
May 2006 - Valid thru May 31, 2012
- ISACA Certified in Risk and Information Systems Control (CRISC)
Certification number: 1002450 November 2010 Valid thru Dec 31. 2013
(Onsite contractor thru CDI)
Information System Security Officer (ISSO) 10/2011 - Present
- Verify that all security measures are consistent with the system security plans and in compliance with the National Industrial Security Program Operating Manual (NISPOM) Chapter 8
- Verify all systems, stand-alone and networked have an accredited plan.
- Ensure proper security procedures are developed and implemented in compliance with the Defense Security Service, Industrial Security Field Operations (ISFO) Process Manual
- Perform weekly technical reviews of the systems and verify that only connections that are accredited and exhibited on the topology diagram are connecting to the system.
- Manage Desktop Authority software package for control of desktop, asset tracking and security control.
- Provide user awareness training and security briefings
- Draft System Security Plans for new accreditations
- Evaluate the impact of system and network changes and apply for re-approval of the Security Plans as appropriate.
- Supports the ISSM in their efforts to implement security requirements as mandated by the NISPOM
- Management of small Active Directory Domain
- Management of McAfee ePolicy Orchestrator (ePO)
- Management of Windows Software Update Service (WSUS)
- Department of Defense Clearance - Secret
(Onsite contractor on the ITES Contract supporting 1800 users across 4 major sites, Pittsburgh PA, Morgantown WV Houston TX, Albany OR thru 4 Prime Contractors in 6 years)
Cyber Security Information Assurance Team Lead 4/2010 - 9/2011
- The ITES contract was awarded to a new Prime contractor in April 2010. I was brought over to the new Prime and during the reorganization of the Cyber Security Team, my title and specialized role changed from Technical Lead to Information Assurance Team Lead.
- All duties remain the same as below
- Support of Platinum Solutions Department of Defense contracts
Principal Analyst - Cyber Security Manager - Technical Lead - Senior Tech Writer 2/2005 - 4/2010
- The ITES contract provides IT services and engineering for the Department of Energy (DOE) National Energy Technology Lab (NETL) at Morgantown, Pittsburgh, Houston Texas and Albany Oregon locations including enterprise engineering, software application development and sustaining engineering, desktop support, networks, cyber security, and computing facility operations in support of approximately 1800 users.
- Registration Authority for PKI - Entrust security certificates, individual and web SSL certifications.
- Responsible for Project Management for the completion of Plan of Action and Milestones and Action Items generated from Certification & Accreditation, vulnerability, audit reviews.
- Perform yearly reviews of existing NETL and ITES procedures for updates and changes.
- Creation of new NETL Orders, Procedures, Operating Plans and Forms
- Prepare updates for the Program Cyber Security Plan, RTM, Risk Analysis, COOP/Disaster Recovery documents.
- On a daily basis, work with DOE-CIRC and US-CERT security notifications
- Performed Security Impact Analysis (IT audits) for activities going through the Change Control Board.
- IT Contingency Plan ITES coordinator
- Member of the IT Architecture Board
- Member of Technical Architecture Review Board (TARB)
- Member of the Change Control Review Management (CCRM) team
- RSA token, appliance and user administration
- Lead investigations - web violations, targeted spear phishing, intrusions, legal violations, malware etc
- FISMA, OMB, DOE Data Call, audit reporting
- Perform Certification and Accreditation of NETL's systems
- Led a team of 5. Responsibilities include Checkpoint Firewall, IBM ISS IDS/IPS, NESSUS, general vulnerability scanning, vulnerability review, technical writing, audit, logical security for NETL
- Provide Cyber Security support as needed for other Prologic supported contracts including to the Department of Transportation
- Department of Energy Clearance (L) Secret
Confidential, 10/2004 - 1/2005
IT Audit - Compliance
- Contracted thru TekSystems, audit of Telecommunication groups' projects for 2004 to bring them into compliance for Sarbanes-Oxley and PriceWaterhouseCoopers requirements. Reviewed ASAT tests for the year and updated/corrected them to make them compliant and to make certain that future tests would be brought into compliance. Reviewed and updated software groups' activities involving asset tracking supporting them in achieving better contract terms and compliance.
Confidential, 3/1997 - 7/2004
Helpdesk/Technical Manager - Assistant North Region CSC Manager
- Performed the duties of the Customer Service Center North Region Manager in his absence.
- Responsible for physical tracking of all IT Assets. Software/Hardware Audits required for Norton, Microsoft, Novell, Autodesk, Microstation etc using Assetmetrix and Zenworks.
- Created Service Level Agreements for IT service to the Business.
- Project Management included Y2K for entire Baker Corporation including International and US. Worked with internal/external auditors to provide as much information to prove Best Effort. Met with all levels of management to review their needs and requirements to fulfill obligations.
- Oversee the activities associated with the identification, prioritization, and resolution of reported problems.
- Ensures that all phases of help desk support are coordinated, monitored, logged, tracked and resolved appropriately. 2400 end users
- Assigns personnel to various operations and directs their activities.
- 8 direct reports, 15 indirect
- Establishes help desk system for task management and tracking selecting the appropriate database and workflow tools.
- Creates long-term strategies for growth and maintenance of the help desk department making budgetary recommendations to upper management.
- Confers with staff, users, supervisors and managers to determine requirements for new or modified software and hardware.
- In charge of and ran the Change Management meetings.
- Hosted bi-weekly North Region staff meetings attended by all Digitals Service agents and representatives from Procurement, Business Solutions, Architecture, and Infrastructure to coordinate our efforts.
- Carried on below responsibilities as Helpdesk Manager.
Senior Systems Analyst - Business Information Systems Team (1997-2001)
- Responsible for the DEC Alpha that the corporation Financial (CFMS) and HR (PeopleSoft) ran on.
- Administered Cisco, Raptor and Bordermanager VPNs.
- Used Solarwinds to monitor all Network devices.
- NT Server Administration ; Novell 5.x Security administration
- IIS support, EFTP support, Employee self-service support
- Support of Rezprise (resume tracking software).
- Backup support for Filenet Corp Imaging
Confidential, (thru TAD)5/1996 - 3/1997
Technical Support Specialist
- 24x7 on-site outsourcing services support for Armco Inc (Steel Manufacturing) Butler PA and 4 other steel producing sites.
- Supported personnel with computer system operations and management.
- Monitoring a MAC and PC environment, printers and
- System Administrator for (130+ nodes) DEC ALPHA and VAX servers/systems.
- First line support of the AS400 system.
- Utilized many system management skills that I already had to support the full time system management team.
- Minor MS Exchange exposure.
- Used Remedy and Target Helpdesk software. Over 1000 end users
Confidential, 2/1987 - 5/1996
Operations, Communications, Hardware Management
- Responsible for hardware and data communications maintenance, design, support and purchase.
- Disaster Recovery Coordinator. Designed, Built, Implemented in house. $25k year savings.
- Utilized Disaster Site for system testing/R & D later spun off group to Sanchez Computer Assoc.
- Management of DEC VAX and PC operating systems and software.
- Management of DEC Pathworks and NT network.
- Responsible for all maintenance agreements.
- Management of the 24 x 7 operation of multi bank operations and processing.
- 5 years as Supervisor of the Datacenter Operations Group 5 direct - 7 indirect
- ACH Coordinator
- Reconcilement of all bank accounts for County of Butler.
- Purchase and decision approval of all computer equipment.
- Handled all maintenance agreements of hardware and software on the DEC and WANG VS systems and peripherals.
- Responsible for creating custom reports using Report Writer for user community.
- Responsible for updates of daily processing and scheduling of operators and operations
- Responsible for overseeing the encoding of documents, balancing of POD system.
- SEC 566 Implementing and Auditing the Twenty Critical Security Controls - In Depth - Network Security Administration, SANS Institute (December 2010)
- SEC 401 Security Essentials Boot Camp - Network Security Administration, SANS Institute
- AUD 507.2 Auditing the Perimeter/AUD 507.3 Network Auditing Essentials - Network Auditing, SANS Institute
- SEC 517 Cutting Edge Hacking Techniques - Security, SANS Institute
- RSA Administration/Installation - Forsythe Technology
- Certification and Accreditation - The Performance Institute
- Certification Agent Training/ Designation Authorization Authority Training - US Department of Energy
- Building and Managing a World Class Helpdesk - Techlink
- Associate Specialized Business - Computer Programming/Business Accounting
- Enrolled in BS Computer Science Program 1994-1998. Did not finish program. AICS merged with another school and did not accept prior credits earned.