OBJECTIVE

Explore opportunities to apply extensive experience in Information Technology/Cyber Security in a challenging career environment where strong communication, troubleshooting, and performance optimization skills can be effectively utilized. I am a committed professional, who is highly organized, adjusts well to all types of environments, and learns new procedures quickly.

SUMMARY OF QUALIFICATIONS

• Approximately thirty two years of experience analyzing and solving complex hardware and software problems including servicing, troubleshooting, testing, and maintaining mid-range computers, including four years supporting Novell networks, five supporting NT 4.0 networks, three years Win 2K 13 years servicing IBM-compatible computers, printers, controllers, terminals, and a variety of Personal Computers.
• Extensive Experience and a thorough knowledge of distributed computing hardware and software components.
• Ten years associated with Cyber Security/Information Assurance IA activities. Experience evaluating DOD and US Federal Government activities classified and unclassified networks to determine compliance with appropriate IA controls and prepare detailed security certification and accreditation documentation in accordance with DIACAP and NIST methodologies.
• Cyber Security experience encompasses the entire spectrum of security policy, documentation, risk assessments, networks, systems security, vulnerability assessment and security compliance evaluations
• Experience with NIST and FISMA guidelines to plan and implement the Risk Management Framework Security Authorization Process for Federal Enterprise Systems
• Demonstrated effective working relationships with customers
• Customer-focused, service-oriented, seasoned IT professional
• Excellent skills in teamwork, time management, communication, analysis and problem solving
• Highly effective analytical and problem-solving skills
• Detail oriented and self-motivated
• Demonstrated high level of skills in the Information Assurance compliance aspects of information security management
• Experience with developing DIACAP packages based on the analysis of 8500.2 IA Security Controls

DETAILED PROFESSIONAL EXPERIENCE:

Confidential

Principle Information Assurance Analyst

• Provide Information Assurance IA support to the IA Manager in maintaining the customer's IA program and the IA accreditation status of six test and development Zone A-D networking enclaves, closed test networks, and operational networking environments connecting to public Internet , unclassified NIPRNet , classified SIPRNet/JWICS or classified Coalition transport WANs.
• Work as a member of a 4-person IA Team in applying the DoD IA Certification and Accreditation Process DIACAP in validating and certifying systems, applications and networks and preparing DIACAP accreditation packages for formal approval.
• Provide IA Subject Matter Expertise SME support to assessment teams involved in assessing/testing Command and Control C2 interoperability of and between DoD and Coalition COTS and GOTS applications, systems, systems of systems and Service Oriented Architecture SOA applications to ascertain the security and IA accreditation readiness of assessed systems and architectures.
• Evaluate system and network device configurations for compliance with DoDI 8500.2 IA Controls to ascertain the accreditation readiness of commercial COTS and Government GOTS systems, applications, and architectures including SOA environments .
• Participate as a system security/Information Assurance SME in support of functional interoperability assessment teams and engineering design teams to identify and assess computer/network security and made recommendations concerning overall security accreditation readiness and compliance with Information Assurance guidance and best practices.
• Perform security compliance evaluations of US Army enclave Network Enterprise Centers NEC . Generate certification recommendations to the US Army Certifying Authority CA based on the analysis of the 8 subject areas of the DoDI 8500.2 security controls, Army AR-25-2 and Installation Campus Area Network ICAN Best Business Practices BBP for DOD activities as an Agent for the Certifying Authority ACA .
• Conduct security assessments of Army NEC's overall security posture of Information Assurance vulnerabilities and residual risks.
• Analyze Technical, management and operational security posture of activities by conducting security compliance evaluations of documentation artifacts, DISA Gold Disk, Retina and SCAP vulnerability scan results, infrastructure device configurations and manual checks using DISA Security Technical Implementation Guides STIG and Security Readiness Review SRR checklists. Use the DISA STIG viewer to view Retina scan results checklist files and STIGS
• Perform network security analysis and risk management for designated unclassified and classified networks.
• Prepare detailed security certification and accreditation documentation in accordance with DIACAP, NIAP and FISMA NIST methodologies advising supported activities on IA requirements and processes.
• Complete compliance validation results in the DIACAP package scorecard of DOD activities for the CA to review. The results documented in the DIACAP package is the basis for the Designating Approving Authority DAA to determine if an Authority to Operate ATO for the activity will be granted.

Confidential

Cyber Security Analyst II

• Conduct preparation for the DISA Command Cyber Readiness Inspection CCRI at DLA headquarters by gathering and organizing artifacts to related DIACAP security control
• Conduct DISA Gold Disk scans of supported operating systems base image and validating security compliance
• Provide DIACAP Security guidance and document review for 16 DoD Projects
• Develop DIACAP documentation including System Security Plan SSP , Scorecard, DIACAP Implementation Plan DIP , System Identification Profile SIP and Plan of Action and Milestones POA M for DoD projects
• Update DOD Project DIACAP Package including SSP and enclave system owner appointment Letter
• Support SRA Corporate and IT Security with the development of cyber security policies and procedures
• Conduct security assessment of the SRA Network as part of the Security Assessment and Authorization SA A process. Update the SRA SSP security control status resulting from the security assessment in accordance with NIST moderate impact SP 800-53 rev 3
• Conduct IA program/system security status assessments, security compliance and documentation support

Confidential

Information Technology Specialist

• Support the computer network at the Navy Submarine Torpedo Facility at Confidential.
• Responsibilities included network Administration, end user desktop support in a Windows NT and 2000 environment. Maintain MS Exchange 5.5 email server, MS Windows NT 4.0 BDC, NT and Win 2K file and print member servers
• Maintain tape backup system using VERITAS Back up Executive and restore data when necessary
• Support the Automated Process Control System APCS application on the NMCI network. This system will contain all Torpedo maintenance instructions and activities when the migration from the current book based system is completed
• Support security measures as the command Information Assurance Manager IAM maintaining compliance with DOD by responding to Information Assurance Vulnerability Alerts IAVA and implementing applicable security controls. Conduct systems security risk assessment and maintain certification documentation in response to Security Test and Evaluation ST E
• Used patch management software to push critical updates remotely to all workstations and servers for IAVA compliance
• Develop and maintained Vulnerability Management Plans to include IAVA, Bulletins, and Technical Advisories
• Report IAVA compliance of all servers and workstations to the Online Compliance Reporting System OCRS web site
• Maintain Interim Authorization to Operate documentation for the Command
• Maintain command server and software status in the DON Application Database Management System DADMS
• Perform hardware and software upgrades on Servers, Network equipment and PCs
• Provide Application Support, instruction and maintenance for mission critical SQL based application HTTDS system
• POC for the NMCI initiative, providing network infrastructure hardware and software information. Prepared the Command to cutover to the NMCI network
• Manage DIACAP Certification and Accreditation for the Command
• Generate Certification Recommendations to the Command Certifying Authority based on the analysis of 8 subject areas of 8500.2 IA Controls , using Gold Disk scans, Retina scans, DIACAP Scorecard, and DIACAP package
• Apply experience with DOD and Joint Staff directives/guidance that apply to the assessment/access of customers to the NIPRNet. e.g., CJCSI 6211.02B, DODI 8500.1 and .2
• Set up a LRA compliant workstation and learned the process for issuing PKI certificates to the command. Trained our Admin secretary on how to be an LRA and myself as a trusted agent for requesting PKI certificates to all users

Confidential Desktop support/helpdesk

• Provide hardware and software support for local and remote users in a Windows NT environment. Set up new users in MS Exchange and Windows NT, also managed users in the Gallagher financial software
• Used Ghost image software to reload computers. Troubleshoot hardware and software problems including thin clients using Win terms to connect to a terminal server and laptops using a VPN or dial up networking.