SUMMARY:

• 23+ years of IT and cybersecurity experience with progressive levels of responsibility.
• A results - driven professional who has assumed key positions in the IT security field for Federal Government clients.
• Served as Information Assurance and cybersecurity subject matter expert.

PROFESSIONAL EXPERIENCE:

Program Manager

Confidential, Vienna, VA

• Planned, directed, and coordinated cross-functional team activities to manage and implement interrelated ATO related projects from initiation to the operational stage
• Developed and established, of goals, processes, and procedures
• Reviewed and evaluated compliance automation, network engineering and cybersecurity program operations to improve managerial processes
• Developed and carried out strategic planning activities
• Monitored and reviewed all program finances resources, and risks
• Analyzed program requirements and developed metrics to measure success Achievements:
• Implemented a central repository for Authorization to Operate (ATO) related documentation. This system improved the standardization of the cybersecurity document management process
• Developed and implemented a standardized method for systems continuous monitoring as mandated by the Federal Information Security Modernization Act (FISMA) of 2014 and Office of Management and Budget Memoranda OMB-14-03

Deputy Strategic Advisor/Deputy Project Manager/ Information Security Engineer Principal

Confidential, Washington, DC

• Planned, directed, and coordinated cross-functional team activities to implement interrelated Authorization to Operate (ATO) of 65 projects from the initiation to the operational stage
• Oversaw a team of 35 Full time Employees (FTEs) which included 31 Information System Security Officers (ISSOs), three ISSO Team Leads, and one (1) Special Projects Analyst
• Analyzed program requirements and developed metrics to measure success
• Served as the Deputy Strategic Advisor to the Chief Security Officer in strategic planning efforts, new FBI Head Quarters IT/IS efforts, system assessments, and project schedule development
• Assisted the Financial Division’s Senior Strategic Advisor in the development and implementation of the client’s IT/IS Strategic Plans
• Ensured compliance with annual FISMA deliverables, data calls, and reporting metrics
• Researched/Investigated information technology and cybersecurity incidents
• Conducted research on new technology solutions and identified their security vulnerabilities
• Developed and maintained all Assessment and Authorization (A&A) documentation repository and cybersecurity policies to improve the Bureau’s cybersecurity posture
• Researched and analyzed the development of Information Assurance (IA) policy documents to address government driven priorities and emerging policy needs
• Supported content of IA policy web pages including but not limited to IA policy presence and SharePoint team site, participating in monthly content reviews and updates of a site for quality, currency and relevance is required
• As a cybersecurity subject matter expert, contributed to Confidential business development by providing new leads for future opportunities and feedback on proposals
• Developed an application to estimate the ATO level of effort and cost. This application calculated ratio of systems per ISSO depending on the size and complexity of each system. This application saved approximately $100k/year
• Developed and maintained a database with cybersecurity policy, templates and standard operating procedures to reduce the search time and improve efficiency in the division
• Developed the strategy and implemented NIST 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations) as required by FISMA and OMB
• Implemented a project schedule with all the A&A tasks to reduce the time of the ATO process and report progress to upper management. This effort increased the team efficiency by 30%

Information Assurance Engineer

Confidential, Washington, DC

• Researched and assessed the Program Executive Office (PEO) Aircraft Carriers systems to comply with current Department of Defense (DOD) Information Assurance policy and regulations
• Implemented DoD Instruction 8510.01, NIST Risk Management Framework (RMF) for DOD Information Technology
• Maintained and disseminate IA policies, procedures, guidelines and processes, which are necessary to improve the security posture of the organization
• Provided guidance and support for cybersecurity efforts as well as, develop specific information system(s) risk management implementation plans
• Maintained systems of record for all PEO systems, and performs regular certification status audits
• Conducted and mediate PEO’s Information Systems Certification Reviews
• Monitored information systems activities to ensure systems integrity
• Conducted reviews of audit trails in accordance with RMF and the DoD Information Assurance Certification and Accreditation Process (DIACAP)
• Ensured all cybersecurity military and civilian staff met training and certification requirements per DoD 8570.01-M
• Established and maintained documentation to track and managed all open security-related problem reports and enhancements
• Ensured that systems meet its security requirements and that all risks have been mitigated to an acceptable level
• Improved the patch management process by developing and implementing an SOP to reduced patch implementation from 12 months to two weeks
• Improved the change management process by establishing a new methodology to register, implement and monitor change requests.

Quality and Compliance Manager

Confidential, Herndon, VA

• Managed a team of five FTEs in charge of analyzing policy, security controls, A&A methodology, and other security processes and documentation
• Interfaced with the Chief Information Security Officer’s (CISO) team and other leaders to ensure that security goals and policies were supported by well-defined processes
• Ensured that key configuration change procedures were exercised, measured, and monitored to ensure predictable results
• Coordinated regularly with leadership supporting the CISO
• Served as a key resource in promoting quality and cybersecurity policy compliance
• Contributed to the development of training resources
• Measured progress and success, by identifying weaknesses and remediation processes
• Provided weekly project status to the CISO
• Contributed to policy development and implementation as it relates to NIST guidance
• Coordinated across the organization to ensure that all leadership was aware of cybersecurity goals and requirements
• Managed cybersecurity policies
• Developed an enterprise-wide cybersecurity strategy, policies, governance structure, and compliance program for the United States Postal Service (USPS). This strategy was created to align USPS with NIST methodology to manage risk using NIST SP 800-37 Guide for Applying the RMF to Federal Information Systems: A Security Life Cycle Approach as one of the most important guidelines

Compliance Officer

Confidential, Washington, DC

• Reviewed policies and procedures and assisted in the review of FISMA A&A compliance reports, questionnaires, procedures, and A&A documents
• Recommend means to improve a system's security, through both hardware and software solutions
• Developed, implemented, maintained, and revised policies and procedures related to cyber security
• Identified potential areas of compliance vulnerability and risk and develop/implements corrective action plans for resolution of problematic issues, and provides general guidance on how to avoid or deal with similar situations in the future
• Designed, implemented, monitored and oversaw the implementation of a SharePoint A&A portal to coordinate all FISMA compliance activities and documentation management

Sr. Consultant

Confidential, Herndon, VA

• Participated in security control assessments for a federal General Support Systems and Major Applications to ensure compliance with FISMA security framework controls
• Verified cybersecurity requirements on all systems
• Determined completeness and compliance of A&A documentation
• Verified that the agency security controls and requirements had been satisfied
• Worked on executive reports, for the CISO, Cyber Security Team, and CIO that depicted vulnerabilities and suggested mitigations that could be used to improve the system(s) security posture
• Interviewed Federal employees and contractors with security responsibilities during systems security assessments

Incident Management Center (IMC) Security Manager

Confidential, Washington, DC

• Managed a team of 21 FTEs, members of the Department of Transportation Incident Management Center
• Recommend ways to improve and update the security of the enterprise's computers
• Recommend the means to improve a system's security, through both hardware and software solutions
• Revised and implemented user policies
• Set up countermeasures that protected the system when an unauthorized user attempts to gain access to the system
• As a member of the team that supported the DOT Office of the Secretary (OST), executed managerial responsibilities as the Incident Management Center and as Senior Security Manager
• Provided an integrated approach to IT security services for monitoring and responding to Infrastructure and Network Incidents throughout the DOT COE (Common Operations Environment) with over 6,000 users
• Created and developed a comprehensive set of operational procedures and guidelines that helped DOT’s mission and ensure compliance with Federal and DOT security requirements
• Created a POA&M management SOP, and resolution database as part of the vulnerabilities resolution strategy that increased the number of closed vulnerabilities by 30%

HQ Operations Project Services Team PM

Comfidential, Washington, DC

• Managed a team of 11 FTE’s to develop the Authorization to Operate (ATO) packages for the Navy
• Accountable for DIACAP and project management teams that provide security engineering, operations, and maintenance support to NAVSEA systems
• Managed the systems project schedule, technical execution, contractual compliance and customer satisfaction in coordination with an internal PMO
• Managed the project Control team that ensures that HQ NAVSEA IT systems conform to the DoD/DoN Governance Chain including federal, civilian and military regulations
• Provided security guidance in Information Assurance (IA), Certification and Accreditation (C&A), network security, security lifecycle management, risk management, and security awareness
• Ensured that Department of the Navy, DoD, DIACAP and NIST security requirements and processes are properly implemented Achievements
• Developed and implemented two applications for C&A support at TWD. One application for C&A package verification with canned findings and the other creates a status report to justify TWD and Associates presence at the client

Senior Information Systems Analyst

Confidential, Alexandria, VA

• Supported the Information Assurance Manager (IAM) on the oversight of information systems security for automated information systems assigned to the PEO Mission Assurance and Network Operations
• Implemented, and complied with all policies and procedures identified in DoDD 8500.1, DoDI 8500.2, and DoD 8570.01-M
• Developed and maintained the organization of DoD information system-level IA program that identifies its IA architecture, requirements, Security Plan, objectives, and policies
• Supported the client by providing automation support to the end users technical issues
• Supported the Directorate Equipment Custodian in receiving, tracking, issuing, and disposing of all Automated Data Processing Equipment

Senior Data Security Analyst

Confidential, Alexandria, VA

• Developed, implemented, enforced, and communicated security policies or plans for data, software applications, hardware, telecommunications, and information systems security education/awareness programs
• Carried out all phases of information systems/networks security program that involves access to computers and computerized data enabling the company to meet contractual requirements for network security
• Researched, evaluated, tested, recommended, and implement new security software or devices
• Conducted regular audits to ensure that systems were operated securely
• Ensured that information systems security policies and procedures were implemented as defined in security plans
• Conducted investigations of computer security violations and incidents, reporting as necessary to management
• Identified and recommended solutions to security exposures
• Tested firewalls, intrusion detection systems, enterprise anti-virus systems, and software deployment tools
• Worked with commercial computer product vendors in the design and evaluation of state-of-the-art secure operating systems, networks, and database products
• Coordinated tasks with project teams for system consolidation, information security software upgrades, and contingency management planning
• Prepared interagency security reports to regulatory agencies such as Departments of Defense or Energy
• Used systems like Xacta AI Manager (User and Administrator), Gold Disk, and Retina to reduced open vulnerabilities by 85%

Network Design Engineer

Confidential, Reston, VA

• Analyzed local and wide area network systems, including planning, designing, evaluating, selecting operating systems and protocol suites
• Oversaw network communications, protocols and change requests for Cisco routers and switches.
• Resolved interoperability problems to obtain operations across all platforms including E-Mail, file transfer, multimedia, teleconferencing
• Configured and hardened systems for secure user environments
• Supported the acquisition of hardware and software as well as subcontractor services as needed
• Evaluated and modified training materials for the Census’ the Office Computing Environment (OCE) and the Mobile Computing Equipment (MCE)