SUMMARY OF EXPERIENCE:

• I am currently supporting the Department of Homeland Security as a Security Architect. I act as the technical point of contact with regards to information security matters. I analyze proposed solutions for their security implications and provide recommendations for approval or denial. In the event of a denial, I will provide alternatives that will satisfy operational requirements while not sacrificing the security posture of the system.
• I supported the Federal Bureau of Prisons as a Security Analyst, providing Certification and Accreditation support. I assessed the currently implemented security controls in order to ensure that mandated requirements are being met. I also provided support during audits by external agencies and provided security oversight during system development.
• I have supported the Department of Homeland Security previously as a Security Engineer, providing technical support to the Information Assurance efforts, running network scans, and configuring security tools and applications used to protect the infrastructure.
• I have supported the Joint Strike Fighter program by providing support to the Designated Approving Authority in making accreditation decisions for their IT Systems. I reviewed DIACAP documentation, verified that all of the proper security controls are being addressed and provide recommendations to the DAA.
• I have worked as a Certification and Accreditation Consultant supporting hospitals affiliated with the National Children's Study for the National Institute of Health. I provide Information Security support in the development and operation of Information Systems, writing documentation, developing requirements and overseeing the system's progress towards receiving an Authority To Operate from the National Institute of Health
• I have been responsible for the day-to-day security operations of FBI Systems. This included: Developing Certification and Accreditation Documentation Being the primary Point of Contact for audits and security incidents ensuring that security relevant activities are performed on a regular basis vulnerability scans, audit log reviews, security awareness training for Privileged Users, etc .
• I have extensive experience as a Systems Administrator both Windows and UNIX Operating Systems as well as a Systems Engineer supporting FBI and DoD systems providing Third-Tier technical support for systems.

DETAILED EXPERIENCE:

Confidential

Science and Technology Directorate,

• I am serving as a primary technical point of contact for the Science and Technology Directorate's Information Assurance Team. My duties include:
• Providing technical analysis of proposed changes to the infrastructure to ensure no changes to the established security posture
• Providing technical oversight over the Security Test Team including selection and configuration of any new scanning tools and analysis of test results. I establish the policies and practices followed by the Test Team, coordinate scanning and testing efforts and I oversee the results of any testing for quality control.
• Overseeing the Security Operations Center and acting as the Incident Response Manager which makes me the primary point of contact for any information security incident within the directorate. I coordinate all Incident Response efforts as well as act as the interface between the Science and Technology Directorate and the DHS Headquarters Security Operations Center.
• I am also the COMSEC Account Manager for the Science and Technology Directorate, which makes me responsible for all of the COMSEC Equipment including Secure Telephones and Encryption devices
• I act as the technical point of contact with regards to the purchasing and maintenance of the security tools supporting the directorate. I provide section criteria and help develop Functional Requirements and Purchase Requests. I also maintain the licenses of the software packages and tools procured by Chief Information Security Officer and oversee the tools overall use.
• I oversee the performance of the contractor support personnel providing Security Testing support and Security Engineering, keeping track of their current tasking and ensuring that appropriate resources are made available as needed.

Confidential

Security Analyst, Federal Bureau

• I provided Information Security Certification and Accreditation support to the Federal Bureau of Prisons. My duties included:
• Maintaining Security Certification and Accreditation Packages registered by the Federal Bureau of Prisons with the Department of Justice
• Tracking the progress of Plan of Actions and Milestones and other corrective actions
• Providing support during audits and security assessments
• Providing security oversight during system development and ensuring security requirements are addressed during all phases of the system lifecycle

Apex Systems, Security Engineer, Confidential

• I served as a primary technical point of contact for the Science and Technology Directorate's Information Assurance Team. My duties included:
• Performing periodic network scans to validate compliance with DHS Policies
• Performing Security Test and Evaluations in support of Certification and Accreditation efforts
• Analyzing and configuring security tools for use within the enterprise
• Providing technical analysis of proposed changes to the infrastructure to ensure no changes to the established security posture

Confidential

Joint Strike Fighter Program ,

• I served as a Certification and Accreditation specialist for the Joint Strike Fighter program supporting the Accreditation efforts for their Information Systems. Duties include:
• Reviewing DIACAP Packages and other appropriate security documentation
• Assisting the Designated Approving Authority with making an accreditation decision
• Tracking the progress correcting findings from the Plan of Actions and Milestones document
• Performing continuous monitoring of Information Systems to ensure that a proper security posture is maintained throughout the systems lifetime

Confidential

Information Assurance Support

• I have served as the Information Systems Security Officer ISSO for several systems in the FBI's production environment. Duties Include:
• Assisting in developing any additional certification and accreditation documentation such as Contingency Plans, Configuration Management Plans and Incident Response Plans
• Developing Plan of Actions and Milestones to track the correction of any security deficiencies as well as assisting the customer in correcting the deficiencies.
• Performing Risk Assessments and formal Study Center Security Assessments to document the effectiveness of security controls.
• Developing Study Center Security Plans for system accreditation detailing the system's compliance with NIST SP 800-53
• I have served as the Lead Certification and Accreditation Consultant for several hospitals interfacing with the National Institute of Health. Duties Include:
• Developing System Security Plans for systems accreditation in accordance with the DCID 6/3 and NIST SP 800-53.
• Acting as the interface between the certification testers and the system owners during the whole process.
• Acting as a primary security Point of Contact for any assessments performed on the systems by independent auditors.
• Monitoring system audit logs to detect system abnormalities or abuses.
• Providing a 'single source of information' about the security posture of our systems.
• Advising others who interface with our systems as to policies and procedures that must be followed.
• Sitting on the Technical Configuration Control Board which manages any changes proposed for the systems. I provide security and technical input to the board to help with the decisions to approve any changes.
• Working with the Vulnerability Management Program which assesses our systems for vulnerabilities and works to address any that are found. As part of the program, we are also responsible for Patch Management and the implementation of security solutions to address any system shortcomings

Confidential

Systems Engineer,

• I have also served as a UNIX Systems Administrator, responsible for maintaining both test systems and production environments. My duties included:
• I also have served as a Primary Systems Engineer integrating security solutions to test and production systems. My duties included:
• I served as Alternate ISSO for two years. I have assisted in developing an SSP for systems accreditation in accordance with the DCID 6/3. My Duties included:
• Making sure that the document is properly updated as the system is modified new functionalities, etc .
• My duties also include overseeing day-to-day security operations including system monitoring, performing security audits and handling security incidents investigating unauthorized user accesses, etc. .
• Working with the customer to develop processes and procedures to ensure that proper security concerns are addressed in all aspects of system operations and maintenance.
• Gathering system security requirements and developing solutions
• Developing a Systems Security Authorization Agreement SSAA in accordance with the DoD Information Technology Security Certification and Accreditation Process DITSCAP .
• Walking a system through the Certification and Accreditation process to earn Authority to Operate ATO .
• Developing Test Plans for various security controls in order to assess their effectiveness
• Operating System and software installations
• Applying security hardening scripts and problem troubleshooting.
• Maintaining a strict baseline and documenting any changes to the environment including any test software installations