SKILL PORTFOLIO:

• Information Technology IT 30 years
• IT Security Manager 7 years
• Cyber/Information Security Program Manager 15 years
• Cyber/information security specialist interpreting Federal cyber security regulations DOE, DoD NISPOM Chapter 8, Orange Book, NIST, FISMA and developing/establishing IT security principles, policies, procedures, processes, controls for the Office of Designating Approving Authority ODAA approval
• Experience performing vulnerability assessments, risk assessments, inspections/reviews at Industrial DoD supplier/vendor and Shipyard facilities
• Experience reviewing Physical, Personnel, Training procedures and Computer/Information security plans/controls at DoD Suppliers/Vendors and Shipyards. Which include reviewing security plans, procedures, training material used on IT systems/networks, testing of systems standards on classified and unclassified systems
• Experience in the software development process including project management, workflow requirements, development of software documentation, code development/reviews and managing commonality of production sites
• Seasoned with interfacing directly with lines - of-businesses, cross functional agencies/organizations, Federal ODAA's, DSS and customers/vendors for the approval of IT systems and services
• Experience with being on the front-line and dealing direct with difficult and complex issues
• Strong Customer focus mentality for determining customer needs and working towards win-win solutions
• Strong oral/written communication skills, organization skills, analytical and problem resolution skills
• Experience working on remote customer sites and frequent travel
• Facility construction experience dealing with computer data center projects

WORK EXPERIENCE

Confidential

Program Manager Information Security

As program manager my responsibilities include: identifying risks to the IT infrastructure and information assets, managing multiple Global IT Risk and Security project spanning network, client end-point, application and supplier security programs. Provide staff support for security budging, staffing, Vendor management and strategic security planning. Assignment requires working in a Global shared services environment managing programs and projects across multiple time zones.

Confidential

Computer/Information Security Consultant

On assignment at the NYS Department of Labor located in Albany, New York providing Information, Personnel, and Facility Security consulting support. Primary focus is performance of infrastructure assessment in the above areas to Federal NIST/FISMA federal security requirements. Position responsibilities include the identification of security GAPS in compliance and the recommendation and implementation of modification to their information security environment.

Confidential

Computer/Information Security Consultant

• Semi Retirement
• Pursued development of IT Security Consulting assignments
• Completed ITIL v3 Foundations certification

Confidential

Manager Computer Security

• Promoted into this position as the manager of Computer Security for both the Schenectady and Ballston Spa sites. This was based on my IT and computer security experience. These two sites comprised approximately 4000 employees, contractor and Navy personnel. Position included the interfacing with various agencies/organizations as Lockheed Martin, Bechtel Corporation, Schenectady Naval Reactors, Naval Reactors headquarters in Washington, DOE DoD ODAA's and various DoD Shipyard/suppliers/vendors through-out the US.
• This position included the supervision of 6 people providing computer security program management covering IT systems processing DOE/Naval Reactors secret, classified, unclassified sensitive and unclassified information processed on various IT platforms and networks.
• Responsible for the certification of all IT systems and recommendations for accreditation to the Federal Government DAA agencies.
• Management skills developed in this position were personnel management including hiring, performance appraisals, salary administration, preparation of budgets and training. On the technical side scheduling project work, setting of priorities and meeting customer obligations and service level agreements.
• One of three Information Security Steering Committee ISSC members representing the 2 New York sites. The other two members represented two sites located in Pittsburg PA. This responsibility included the development of strategic direction for cyber/information security programs and providing recommendations to the Government. Our responsibilities spanned protection of major WAN environments to policies governing the business use of the internet and mobile computing.
• Examples of ISSC developed standard policies/procedures included: Business Use of the Internet, Personal Use of the Internet, Protection of Personal Identifiable Information PII data containing SS, DOB, Strictly private data, Password generation and use, Need-To-Know controls for information access and mobile computing configuration, etc.
• Major responsibilities included managing the Cyber Security program in a large LAN/WAN environment in accordance with the Department of Energy cyber security regulations DOE 5639.6A, DOE 205.1, DOE 471.2A and NISP Chapter 8 for IT systems. The IT technologies/infrastructures included Windows, Linux, Unix and HPUX systems.
• Our agency just started implementing the requirements of the Federal Information Security Management Act FISMA during the summer of 2007. We developed documented and implemented our FISMA Program Cyber Security Plan PCSP which represents a policy to provide information security for all IT systems that support program operations. Also developed was a program for monitoring security controls and configurations of all systems rooted in a risk based framework in accordance with NIST publications 0-53 . Our agency also started adopting the NIST certified standard configurations for IT systems in an effort to reduce manpower in the in-house development of security configuration guides. I established an agency wide membership with the Center for Internet Security for access and downloading of approved configuration guides and benchmarking tools.
• Responsible for the execution of the IT security certification process of various IT hardware/software solutions including the formal documentation of security plans and policies, oversight of the testing of systems and submittal of recommendations to the Gov't for accreditation and production use. My staff managed approximately 220 formal IT security plans and the 220 Information System Security Officers ISSO's who were responsible for the protection of their IT platforms.

Confidential

Manager Computer Security

• My staff was responsible for providing initial cyber security in-briefs for new employees and follow on annual refresher training on various cyber security topics. Targeted security awareness training was also developed for organizations who were experiencing cyber/information security issues on various topics such as password protection, file access controls, etc. Developed a communication plan for our site for security awareness which utilized weekly site news letter, senior staff meeting notes and use of the site electronic sign board.
• Most recent project included development of a mobile computing secured configuration strategy for the protection of unclassified sensitive/PII data while being process external to agency sites. Solution included use of Guardian Edge full disk encryption for protection of data at rest and encryption of removable media CD's/DVD's . The establishment of Cisco remote access VPN servers and use of RSA secured ID tokens.
• Skills used and developed in this position included: Project/Program Management of various cyber security initiatives, Customer relations, IT integration skills, Strong communication and organization skills, Interfacing on a daily basis with Senior Management, Local and Washington DC government customers, the performing of assessments of risks/audits associated with the implementation of IT solutions to insure data protection, the development of self assessment program s to ensure/measure the success of the computer security program. Cause/coordinate development of both disaster recovery and business continuity of operation plans.
• Developed auditing programs/self-assessment programs, Incident response policies/procedures and performed investigation on various computer/information security incidents. Developed a small forensics' platform for initial data analysis and establishment of chain-of-custody controls.
• 2007 the ISSC developed a Shared Service organization Matrix for managing the cyber security program across the 2 New York and 2 Pennsylvania sites. This included the creation of five operational support teams OST's for cross site management and staff loading of various components of the computer security business ex. Regulatory Compliance, Technical/ Future Studies, Certification/Accreditation, DoD External connected sites and User Support.
• IT environments spanned IT platforms from High performance computing in a Linux environment, UNIX, Linux, Windows NT, XP, 2000 environments and various Oracle applications.
• While managing this group I also work on other IT department staff level assignments which included program managing facility related projects for the landing of new fiscal year high performance computing platforms. This responsibility included working with various facility organizations for electrical, chilled water cooling and facility construction. In this capacity I established work break down structures, establishment of milestones, identification of resources and risks associated with the project. I developed my facility construction experience working on two large scale efforts which were in the 800K to 1M total facility upgrade cost range. I worked closely with the central data center management team, finance and facility engineering teams for the project management of the construction effort s .
• 2007 supported in a consulting capacity an effort for the development of disaster recovery processes for the central IT infrastructures and development of business continuity of operation processes for various lines-of-businesses.
• Proficient in the use of various Microsoft products such as Word, PowerPoint, some Access and Excel, some exposure to MS Project.

Confidential

Manager Computer Services Computer Security

• I was promoted into my first formal manager role based on experience and success gained through 20 years of IT experience.
• This position included the supervision of 6 people providing IT services at our Ballston Spa facility.
• Services included managing the support for add, moves and changes for PC's on the classified and unclassified networks. Providing trouble shooting for hardware/software and network issues. Providing support for telephone system, copy machine and Fax machine use on the site.
• Responsibility also included the program management of the cyber security program. The site Information System Security Manager ISSM reported into my organization. Responsible for the review/evaluation of IT systems, networks and other telecommunications systems security plans at the site for ODAA accreditation.

Confidential

Manager Computer Services

• Management skills developed in this position were personnel management including hiring, performance appraisals, salary administration, preparation of budgets and training. On the technical side scheduling project work, setting of priorities and meeting customer obligations and service level agreements.
• Responsible for the cyber security program at this site which included the certification/accreditation of all IT systems, cyber security awareness, IT system audits and execution of the annual self assessment program.
• Responsible for the sites Communication Security COMSEC account.

Confidential

Wide Area Network

• Applied and was promoted into this WAN Security Advisor role based on experience and success as the ISSM.
• Our agency was on the front end of developing a WAN to span the entire country and my role was to act as the point person to go out and conduct customer assessment of DoD supplier/vendor/Shipyard facilities and IT systems to develop security policies for the connection of their facilities and systems to our classified network.
• I reviewed/approved various IT system security plans, processes, procedures, training materials and wrote recommendations to the ODAA for their accreditation and production use for government approval. This included security controls for both DOE and DoD NISP, NISPOM Chapter 8 procedures.
• Position required daily communication with various DoD customers/vendors, shipyard and government DAA personnel for supporting the connection of various IT platforms. This position required extensive travel within the US.

Confidential

Program Manager

• Applied and was promoted into a formal program manager's position in the computer/information security organization based on my extensive IT and application software background.
• This position required the interpretation of Government DOE DoD NISPOM Chapter 8 computer/information security requirements and to develop formal policies, procedures, and processes for ODAA approval for the protection of IT systems that process program data at Prime Contractor, DoD shipyard, vendors and supplier locations.
• As program manager I was responsible for the application of the government regulations on all IT assets that processed both classified and unclassified information. Systems included in this program spanned IT platforms from IBM mainframes, UNIX, Linux, Windows environments and various Oracle applications. I had to work closely with the Information System Security Officers ISSO's to ensure they were constructing their security plan in accordance with government requirements.
• Position required the interfacing with various IT customers, senior management, and local DAA and Washington DC government customers.
• During this time frame I received the DOE Information System Security Manager ISSM certification which was required for this position.
• Skills developed on this assignment included gaining an understanding of various network and IT hardware/software platforms in order to provide certification of systems for production use. I was responsible for conducting various audits/investigations of IT systems to ensure they were in compliance with their system's security plan. This position required very strong verbal and written communication skills in order to be able to interact at all levels the company and government.

Confidential

Sr, Programmer Analyst / Software Designer / Project Manager

• During this time frame and based on my extensive experience in software development and network database design IDMS I received a promotion to this position.
• Primary responsibilities were to project lead the implementation of the Cullinet IDMS Purchasing application. This responsibility included a continuation of all aspects of the application development life cycle including: determining customer functional requirements, developing detailed design specifications for the development of and modification of software modules, designing and developing data feeds to and from the purchasing systems into other inventory and finance systems, project schedule development, software module design, identification of programming resources, programming, unit testing, support of functional user testing, user training, and production implementation. On this assignment I assigned/tracked progress on programming work to a pool of software developers ensuring the project milestones were being achieved and customer requirements were being satisfied. Responsible for changes in project scope and the identification of potential risks associated with the projects.
• During this time frame work on a total re-design and re-programming of the Comprehensive Financial System CFS . Was assign lead on various portions of the multi-year effort commitment accounting, shop order processing and various feeds into other supporting information systems.
• During this time frame I was also responsible for production maintenance of various inventory applications, accounts payable and other related enterprise business applications.

Confidential

System's Analyst / Project Manager

• Due to consolidation of GE business units my group was re-assigned to the GECON Software Services organization.
• In this position I was assigned to the State of New York Department of Mental Health on 44 Holland Avenue in Albany, N.Y. I was Co-project manager for the development of the Patient Cash IDMS application for use at all NYS Mental Health facilities. Responsibilities included project management for various aspects for determining customer functional requirements, developing database schema's, data records, data elements, software module design, programming, unit testing, support of functional user testing, user training, and production implementation.

Confidential

Sr. Programmer Analyst / Project Lead

In this position I was promoted to continue my support of the Dial Comm. Network billing system and took on a new project as co-lead for the development of GE Network Inventory Control system. This new project developed skills in the IDMS Network database design and ADSO programming language. Responsibilities included determining customer functional requirements, developing database schema's, data records, data elements, software module design, programming, unit testing, support of functional user testing, user training, and production implementation.

Confidential

Programmer/Analyst

During this time fame I was promoted to my first programming position. Provided programming support in COBOL GMAP Honeywell machine language on data center application projects. This included finance billing systems, designing/programming software modules to bill back department on their mainframe computer usage, inventory systems, and personnel systems. During this time frame I took responsibility for the GE Dial Comm. telephone billing system programming support. This assignment laid the foundation for gaining an understanding of the software development life cycle.

Confidential

Computer Operator

Operations of IBM/Honeywell systems, provided data Backup and recovery support, hard drive assembly HDA swap-outs, general I/O processing and offline printing operations, etc . In this position I gained a solid understanding of data center operations and data processing processes and procedures. This facility was one of 2 major data processing centers for GE Corporation at the time.

Confidential

• Worked in various manufacturing positions during this time period which included: machinist, metal brazing, welder, final assembly of large AC/DC motors and generators. Became a Layout Technician training candidates on the GE Apprentice program. Proficient in reading blueprints.
• During this time frame I enrolled in the GE Manufacturing Studies program night classes to broaden my experience to achieve more responsible positions.