Cyber Security and IT Administration background with over ten years of experience. Bachelor's degree in Information Systems Security. Department of Energy Q clearance CISSP and Security certifications and knowledge and experience with security tools, methodologies and best practices. Experience in protecting computing resources/data, intellectual property and national security interests in a compliance-oriented, high-stress and high-demand environment while working under tight budget constraints. Offers value-add to organizations by having the skills and willingness to perform multiple functions and the enthusiasm and tenacity to embark on new opportunities.
Cyber Security Specialist
- Building a Cyber Security program that is compliant with all applicable federal regulations, guidelines and directives in regards to the OMB Circular A-130, NIST SP 800-53, FISMA, FIPS 140-2 as well as the U.S. Gov't FedRAMP guidelines for Cloud infrastructures
- Recommends and procures software solutions, tools and best practices that will help improve and strengthen the Natural Resource Manager's NRM Cyber Security program and security posture with the goal of protecting the confidentiality, integrity and availability of NRM's data
- Provides security guidance and oversight for various IT projects
- Educates users in sound cyber security principles and best practices
- Represents the NRM cyber security group during project meetings to assist project managers and stakeholders with security-related items and to make recommendations as required by federal guidelines to secure NRM's assets
- Creating security guidance documents to assist in creating NRM's organizational standard operating procedures SOPs
- Ensuring all regulations, guidelines, directives, policies and procedures are being followed and that security checklists/hardening guides are being employed to establish a standard baseline and to satisfy federal cyber security requirements
- Proposing solutions, tools and best practices to strengthen NRM's web/application/database security as well as an effective configuration and change management system CMS
- Assists in the process to reduce the current number of Plan of Action and Milestones POA Ms identified in previous Office of Inspector General OIG audits and propose solutions to prevent future POA Ms from occurring
- Working with NRM federal and contract personnel to address security incidents and issues involving users, information systems and data
- Identifies current NRM security-related issues due to vulnerabilities, access, deficiencies, separation of duties/least privilege SOD/LP , insufficient controls, etc. and offers recommendations and viable solutions to correct problems and ensure all federal guidelines and directives are followed accordingly
Cyber Security Analyst
- Executed site-related security functions and job duties from the Y-12 Cyber Security Operations Center SOC which provided 24x7x365 continuous monitoring and cyber security support.
- Participated and contributed in biweekly U.S. Department of Energy DoE Cyber Security meetings to discuss cyber-related events and activities and to share cyber intelligence within the DoE community. Topics included malware analysis/research APTs and other malicious actors and targeted threats/attacks such as spear-phishing, hostile attachments, watering hole attacks, drive-by attacks, command and control C2 , etc.
- Responsible for the deployment and management of several defense-in-depth technologies on the classified and unclassified network environments to augment the site's cyber security posture and to help prevent/detect advanced persistent threats APTs and other internal/external threats
- Worked closely with Y-12 internal organizations e.g., Helpdesk, Network Support, Desktop Support, Software Support, Email Support, etc. and other U.S. Department of Energy DoE /National Nuclear Security Administration NNSA sites to resolve user, network and security-related issues
- Conducted log analyses for tracking suspicious network activity due to malware, intrusions, internal threats, APTs and other malicious actors failed/blocked websites waste, fraud and abuse and for troubleshooting purposes related to software, hardware and network issues
- Responsible for the deployment and management of the site-wide network-based intrusion prevention system IPS . Successfully configured and deployed the IPS in a test environment to monitor and understand it's functionality in real-world situations and to observe its response to simulated attacks via pen testing methodologies. IPS duties included but are not limited to managing the IPS central manger network implementation of IPS sensors software upgrades emergency signature installs released by the vendor creating custom Snort rules and attack signatures creating custom firewall rules and exceptions creating and managing policies managing the IPS quarantine and analyzing attacks
- Configured, deployed and maintained strategically placed network-based IPS sensors to maximize visibility within the infrastructure while operating within budget constraints
- Responsible for the network proxy/anti-virus servers. Duties included but are not limited to creating and managing proxy policies and categories reviewing user requests and applying or creating policies which grants/denies access accordingly and reviewing and submitting uncategorized websites to the proxy vendor for categorization
- Maintained a custom block list that downloaded malicious URLs, domain names and IPs from internal and external sources that was automatically imported into the network proxies to deny users and systems from accessing malicious domains
- Provided a form of malware remediation by isolating or blocking infected or compromised hosts from internal and external resources until a plan could be implemented to contain and remediate its impact
- Scanned and reviewed external and 3rd party media for malware and other discrepancies
- Configured, deployed and maintained the network data loss prevention DLP appliance
- Conducted an ongoing threat analyses to determine the site security posture due to vulnerabilities, APTs and other malicious actors as well the latest situational awareness reports SARs /intelligence released by federal agencies and the private sector
- Created and deployed Snort rules into the network-based intrusion detection system IDS sensors
- Experience with incident response procedures such as chain of custody and documentation detecting and identifying that an incident as occurred containing and isolating the incident and preserving evidence adding the indicators of compromise IOC to a custom block list and/or creating and deploying attack signatures eradicating the incident by removing/blocking the affected system from the network and monitoring the network to observe for similar or new abnormal activity
- Assisted in several forensic investigations ranging from malware infections to the 'evil-admin' insider
- Experience with network forensics. Conducted proxy and firewall log analyses as well as IDS/IPS alert correlation due to malware waste, fraud and abuse and APTs and other malicious actors. Analyzed logs and alerts via the enterprise security information and event management system SIEM to verify if an intrusion, compromise or misuse has taken place and determine if an additional investigation or further action is required such as a packet capture analysis PCAP , media inspection and/or sanitization, notifying senior-level management, etc.
- Contributed to the certification/accreditation process by performing network, system and software vulnerability assessments via security tools and walk-downs. Analyzed results to determine the level of risk they pose, both internally and externally, and contacted system owners to propose recommendations to resolve or lower the security level or to mitigate or accept the risks associated with the vulnerabilities
- Entered and tracked security-related events, incidents and alerts in the Y-12 cyber security event management system. This included but is not limited to tracking malware/APTs phishing emails government- related situational awareness reports SARs and security alerts published from various federal and private agencies and technical bulletin alerts regarding the latest security vulnerabilities associated with certain types of hardware and software including Industrial Control Systems ICSs
Technologies Technician / IT Administrator
- IT Administrator responsible for managing the corporate WAN with offices located in Knoxville, TN, Cookeville, TN and Orlando, FL. Supported users in a Microsoft Windows environment who was responsible for all corporate hardware and software. This included but was not limited to the corporate WAN optimizer, firewall, proxy, switches, domain controllers, file servers, Exchange server, backups, workstations, laptops, mobile devices, printers/plotters, etc.
- Other responsibilities included but are not limited to maintaining the corporate Intranet diagnosing hardware, software and connectivity issues testing backups and data recovery methods malware remediation documenting and tracking all network inventory deploying new/existing software, updates, patches and configurations building and repairing computer systems monitoring and reviewing network activity and logs maintaining software licenses managing domain user accounts, groups and policies automating network tasks via batch scripts training users regarding proper usage of company resources as well as the corporate computer policies, procedures and standards and staying up-to-date with the latest security threats and practices
Mechanical/Plumbing/Fire Protection Design Engineer
- Backup IT Administrator responsible for managing and supporting a LAN in Knoxville, TN. Supported a small group of users in a Microsoft Windows environment who was responsible for company servers, workstations, firewall/IPS, printers/plotters and software.
- Other duties included but are not limited to deploying new/existing software updates, patches and configurations training users regarding computer usage and new software building and repairing new computer systems installing and managing new computer systems, applications and network appliances malware remediation reviewing system configurations and logs conducting vulnerability scans to determine system and network risk levels and mitigation strategies staying up-to-date with the latest security threats and practices and customizing CAD applications created and maintained custom-made AutoCAD menus and toolbars to establish standards and to improve productivity .
- Design Engineer duties included but are not limited to designing, coordinating and drafting various types of commercial and residential facilities e.g., hospitals, schools, churches, office building, apartments, condominiums, etc. .