SUMMARY:

• Results driven IT professional with over 10 years of experience in IT security, Project Management and network engineering.
• In - depth expertise in all facets of project lifecycle and accreditation process and guideline development.
• Articulate communicator who can fluently speak the languages of both people and technology, blending technical expertise with exceptional interpersonal skills while interacting effectively with senior management, customers, sales staff and technical/engineering teams.
• Proven ability to lead and motivate to ensure success. Solid track record for diagnosing complex problems and consistently delivering effective solutions.
• Expertise in Information Assurance & Security; Confidential (Federal Information Security Act); Confidential RMF (National Institute of Standards and Technologies Risk Management Framework); Security Policy and guideline development and Certification & Accreditation and Continuous Monitoring using Archer/CSAM/ Confidential

PROFESSIONAL EXPERIENCE:

Confidential, Washington, DC

IT Project Manager/Information Assurance Analyst

Responsibilities:

• Performed as Project Manager for staff of security assessors, QA analysts, and privacy experts
• Serve as subject matter expert (SME) to the ISSO of the Confidential
• Responsible for migrating the Confidential TAS and MyPAA financial applications from Confidential
• Perform security assessments on Confidential legacy financial applications (4) at the FIPS moderate level
• Perform quarterly Development, Modernization, and Enhancement (DM&E) security related assessments
• Responsible for managing all electronic record compliance reporting via CSAM which includes management/approval of security artifact updates of all authority to operated (ATO) security package contents (i.e., FIPS199, PTA, PIA, RA, SCAP, SAR and SSP)
• Responsible for developing and maintaining System Security Plans and Manage System POAMs
• Respond to agency IT Data Calls and advise the ISSO of the Confidential on recommended remediation for identified deficiencies
• Develop and maintain Configuration Management Plan, Contingency Plans, Continuous Monitoring Plans/Schedules
• Conduct re-test of failed security controls to close-out documented Plan of Actions and Milestones (POAM’s)
• Performing Modernization and Enhancement Efforts (DM&E) pro security testing
• Perform audits on Confidential Security Controls, COOP Testing and Develop and maintain IT System MOU’s and ISAs
• Coordinate system vulnerability scans and provide and document Incident Response Plans
• Manage the Confidential IT Security Team staff and Confidential Project schedules and deliverable as required by the contract

Confidential, Tysons, VA

Deputy Project Manager/Compliance Manager

Responsibilities:

• Responsible for managing all electronic record compliance reporting via Confidential and Archer that includes management/approval of security artifact updates of all authority to operated (ATO) security package contents (i.e., FIPS199, PTA, PIA, RA, SCAP, SAR and SSP)
• Provided guidance on meeting IT security compliance in accordance to the Library of Congress (LC) Directive 01 and guidelines
• Worked with LC service units to provide security advisor guidance on the security impact of new systems and performed assessments on Confidential Service Unit application at the LOW, MOD and HIGH levels
• Provided the customer with IT security requirements and worked on accomplishing predefined objectives and strategies for risk assessment and security evaluation as accepted within the LC risk tolerance model
• Developed information assurance procedures and processes and prepared project work breakdown schedules (WBSs) for all related assessment and authorization
• Managed Confidential project schedules and supervised the GBTI ITSG Security Advisor Team
• Led the Confidential agency wide migration from Confidential to RSA Archer and managed the Confidential and Archer user community

Confidential, Rockville, MD

IT Security Manager/InfoSec Risk and Compliance Analyst

Responsibilities:

• Worked with the system administrators to examine and test the security posture of the systems and applications.
• Managed team of security analysts performing security assessments and prepared documents for SA packages
• Responsible for performing annual assessments on FDA major applications and GSS and advised system owners on recommended remediation for identified deficiencies
• Interviewed system owners, information system security officers, system administrators, database certifiers, developers and end users to determine the security posture of the system and to assist in the completion of the Confidential SP800-53a test steps and performed IV&V on final SA packages for agency centers
• Analyzed vulnerability and compliance scan results on Windows, Solaris and Linux systems
• Generated Plans of Action and Milestones findings for the non-compliant settings and security deficiencies

Confidential, Bethesda, MD

IT Security Analyst

Responsibilities:

• Served as IV&V Team Lead and managed vulnerability to POAM weakness process
• Provided SA&A/RMF support to NIH customers and validated Confidential system information
• Performed Confidential administrative duties (account/system creation, deletion, management)
• Assisted in the development and maintenance of the overall system security documentation, e.g. the Information System Security Plan, which contains all necessary security procedures, instructions, operating plans, and guidance
• Administered Trusted Agent Confidential training to users and conducted weakness validations for various NIH ICs
• Compiled ATO certification packages for final review by the DAA for all NIH enterprise systems
• Provided various information assurance support throughout the system development lifecycle (SDLC)
• Validated and reviewed SA&A Packages completed by NIH ICs and ensured conformity to NIH CIO guidelines

Confidential, Rockville, MD

IT Security Manager/Information System Security Officer Support

Responsibilities:

• Briefed clients on the SA&A Process and ST&E Testing Procedures, conducted interviews and POA&M mitigation
• Provided oversight and monitor Information Security activities as well as tracking and monitoring statistics related to meeting Federal, and Health & Human Services (HHS) compliance requirements
• Worked with system owners to ensure audit trails are reviewed periodically and audited archived records
• Developed enhanced Certification and Accreditation (SA&A) packages using System Categorization and previous SA&A documents provided by system owners for Enterprise Service Center classified and unclassified General Support Systems composed of networks, servers, workstations, and major applications
• Advise System Owners and Administrators on Confidential guidance and publications
• Used Confidential and FIPS 199 knowledge to perform SA&A assignments
• Reviewed and edited the System Security Plan, Incident Response, and Contingency Plan to ensure Confidential compliance
• Manage and update a portfolio of 30+ System Security Plans
• Developed enhanced Certification and Accreditation (SA&A) packages using System Categorization and previous SA&A documents provided by system owners for Enterprise Service Center Support Systems composed of networks, servers, workstations, and major applications and Conduct quarterly reviews of IT systems for Confidential reporting
• Track and generate security document via Trusted Agent Confidential
• Perform interpretations of monthly vulnerability scan results of assigned systems/perform continuous monitoring
• Assist in the development and maintenance of the overall system security documentation, e.g. the Information System Security Plan, which contains all necessary security procedures, instructions, operating plans, and guidance
• Administered Computer Security Awareness Training to ensure the systems were operated, used, maintained and disposed of in accordance with security policies and practices
• Initiated risk mitigation countermeasures; reported security incidents to the appropriate personnel when necessary

Confidential, Suitland, MD

Information Assurance Consultant

Responsibilities:

• Conducted re-test of failed security controls to close-out documented Plan of Actions and Milestones (POAM’s)
• Advised System Owners and Administrators on Confidential guidance and publications
• Performed risk assessments on U.S. Census Bureau general support systems and major applications and recommended Information Assurance solutions
• Developed System Security Plans, Contingency Plans, Plan of Actions and Milestones of general supports systems and major applications
• Documented residual risks identified during Certification and Accreditation in the Security Assessment Report (SAR)
• Presented SAR and certification recommendations to high level officials to aide in the accreditation decision
• Reviewed various technical security documentation and provide recommendations to update documentation according to Confidential 800-37 Certification and Accreditation guidance
• Provided recommendations to high level Census Bureau officials on information assurance trends and solutions
• Performed risk assessments on U.S. Census Bureau general support systems and major applications and recommended Information Assurance solutions
• Developed System Security, Contingency and Plan of Actions/Milestones of general support system/applications
• Reviewed various technical security documentation and provide recommendations to update documentation according to Confidential 800-37 Certification and Accreditation guidance
• Provided recommendations to management on information assurance trends and solutions
• Provided various information assurance support throughout the system development lifecycle
• Analyzed various scanning output to document vulnerabilities associated with Census major applications/systems
• Developed the Quality Assurance (QA) process to ensure reports conform to the defined requirements and standards specified by the customer
• Assisted with reviewing site certification packages, documented results, drafted/forwarded accreditation recommendations to the appropriate Census Officials and used Confidential and FIPS 199 knowledge in SA&A assignments

Confidential, Washington, DC

Cyber Security Analyst

Responsibilities:

• Served as key point of contact for the organizations (IM-63) quarterly Confidential reporting and Scorecard reporting.
• Worked with the Cyber Security Assessment Team to write and evaluate documentation for all phases of the SA&A process on numerous Major Applications and General Support System
• Developed security categorizations using FIPS 199, System Security Plans using Confidential 800-18, Risk Assessments using Confidential 800-30, Contingency Plans using Confidential 800-34
• Packages include Application Hosting Environment Servers for Unix and Windows, PKI, nCase application, VoIP system, DOE Email System, the entire DOE Network (DOENET)
• Used Confidential 800-53 to determine required security controls for information systems and Confidential 800-53a for assessing controls
• Conducted interviews with system owners for application testing purposes
• Developed a POA&M remediation plan with client in order to close any existing vulnerabilities
• Validated and Reviewed Certification and Accreditation Packages that were completed by 3rd party contractors ensuring packages conform to the guidelines set out by the Department
• Conducted gap analysis on various documents including the System Security Plan and Contingency Plan
• Used Confidential and FIPS 199 knowledge to perform SA&A assignments
• Briefed clients on the SA&A Process and ST&E Testing Procedures, conducted interviews and POA&M mitigation
• Developed enhanced Certification and Accreditation (SA&A) packages using System Categorization and previous SA&A documents provided by system owners for Enterprise Service Center classified and unclassified General Support Systems composed of networks, servers, workstations, and major applications
• Conducted Confidential self-assessments and Developed and reviewed Cyber Security policy
• Analyzed and created spreadsheets detailing vulnerability results for each package
• Reviewed and edited the System Security Plan, Incident Response, and Contingency Plan to ensure Confidential compliance
• Documented, reported and submitted Federal Information Security Management Act ( Confidential ) performance metrics, including DOE OCIO Scorecard compilation and IT System Plans of Action and Milestones (POAMs)

Confidential, Washington, DC

Program Management Analyst

Responsibilities:

• Provided oversight activity support to ensure program compliance with DOE Directives and Federal Laws.
• Participated in the development of guidelines, manuals and procedures used by Headquarters Federal and contractor staff in the implementation of the Cyber Security Program
• Audited cyber security management plans and procedures against established DOE Headquarters policies and procedures that ensure information systems reliability and accessibility, and that prevents and defends against unauthorized access to the systems, networks, and data utilized by DOE Headquarters Enterprise
• Assisted the OCIO Quality Assurance Program (QAP) Director in developing, documenting, and implementing QA processes and procedures to assure that IT solutions includes ample reviews contractually of the Most Efficient Organization (MEO) of quality requirements
• Analyzed management information requirements to develop program and administrative reporting systems.
• Assisted in policy and program development in the areas of Enterprise-Wide Strategic sourcing, including Enterprise License Agreements, IT Asset Management, IT Hardware acquisition planning by conducting research and submitting information and data to the managers and staff as required
• Provided administrative services for identification, budget and acquisition of products and services
• Participated in the review and evaluation of site security agreements and plans for implementation of the classified and unclassified cyber security programs
• Generated and maintained certification and accreditation reports. Maintain the existing database that identifies and tracks all of the Headquarters classified information systems
• Supported the Information Systems Security Site Manager (ISSM) with ISSM, ISSO, and HSO Self-Assessment efforts. This support includes the tracking of organizational corrective actions and associated reports
• Assisted the Office of the ACIO for Enterprise Operations in the management, preparation and tracking of performance measures in quarterly and annual quality assurance and contract compliance reviews. In addition, manage and maintain the official document repository for the Quality Assurance Implementation Plan and its associated Quality Assurance compliance reports for substantiating contractor performance and cost
• Assisted the Office of the ACIO for Enterprise Operations with process and procedural management issues related to the implementation of an efficient and effective corporate-wide Enterprise License Agreement Program.
• Research and developed Security Standard Operating Procedures for Enterprise Operations
• Managed communications and information for the ACIO and supporting federal and contract staff members
• Researched and investigated new and/or improved business and management practices for administrative support to agency programs and operations
• Assisted federal staff in policy development by conducting research and preparing written drafts

Confidential, Arlington, VA

Supervisory Security Support Specialist

Responsibilities:

• Designed, Revamped, and implemented databases reducing format and process times reducing back logs by 75%.
• Communicated with non-technical, and Database Development staff members providing feedback regarding recommendation for new system modifications, error correction, and improvements
• Supervised Administrative Specialist in Scoping reports and procedures for entry into DOHA database. Validate training by testing individual performance against the training received
• Prepared summaries of derogatory and mitigating information contained in investigative Reports
• Prepared Notices of Proposed Action and interrogatory letters to resolve suitability/security concerns
• Reviewed and evaluate personnel security investigations to determine suitability for employment and or eligibility for a security clearance in accordance with applicable regulations, Executive Orders, and guidelines