SUMMARY OF SKILLS

• Compliance and solution-oriented Information Technology IT Security Professional with remarkable success directing a broad range of enterprise IT initiatives while participating in planning and implementation of information-assurance IA and cyber security solutions in direct support of mission and vision objectives.
• Distinguished managerial career and outstanding leadership for over fourteen years in leading the planning, staffing of technology and operations for organizations throughout the United States Navy. Expert in IA, information systems IS , and RF communications, knowledge management, organization development, quality/performance improvement, C4ISR, and C5I. Track record of increased responsibility and scope of authority in securing networks and full lifecycle project management. Demonstrated capacity to implement innovative security programs that drive awareness and decreasing exposure. Hands-on experience leading all stages of system development efforts, including requirements definition, design, architecture, testing, support and compliance.
• Core Competencies: IA, Cyber/Network Systems Security IA Controls Computer Network Defense CND Regulatory Adherence and Compliance Data Integrity/Recovery Disaster Recovery Planning Contingency Planning Research Development Risk Assessment Certification Accreditation Project Coordination/Management, Skilled policy-maker through industry and government best practices and policy Federal Information Systems Management Act FISMA Software Development Lifecycle SDLC and National Institute of Standards and Technology NIST . Fluent in eMASS and S eMASS as well as Microsoft Operating Systems OS and Microsoft Office Suites to include: Word, PowerPoint, Visio, Excel, Access, Project.
• Professional Affiliations Certifications: Certified Information Systems Security Professional CISSP - ISC2 95599 Certified Information Systems Manager CISM - ISACA 0707842 Certified Information Systems Auditor CISA - ISACA 0976016 Certified in Risk and Information Systems Control CRISC - ISACA 1000160 Certified Ethical Hacker C EH EC-Council ECC983437 Certified Network Defense Architect C NDA EC-Council ECC983437 Certified FISMA Compliance Practitioner CFCP - FISMA Center 112608 DISA Security Readiness Review SRR -Network Corporate Fully Qualified Navy Validator I0264 SPAWAR Information Technology Infrastructure Library ITIL v3 Foundations OGC/EXIL DOD 8570.01M IAT-III/IAM-III/CND Auditor/Service Provider SP /IASAE-II Compliant.

PROFESSIONAL EXPERIENCE

Confidential

Senior Systems Security Engineer Validator

Preparation, development, formatting, and maintenance of all artifacts required for the Certification and Accreditation of NCDOC excepted networks and systems, leveraging current IA controls DIACAP and FISMA , guidance, and methodologies eMASS S-eMASS , and industry best practices and policy. Specific disciplines include NIST 800-34 Contingency Planning NIST 800-37 Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach NIST 800-50 Building an Information Technology Security Awareness and Training Program NIST 800-53 Security Controls for Federal Information Systems and Organizations NIST 800-61 Computer Security Incident Handling NIST 800-88 Media Sanitization NIST 800-137 Information Security Continuous Monitoring for Federal Information Systems and Organizations.

• Concurrently, provides strategic level Certification and Accreditation, and Network Incident metrics suitable for NCDOC Senior Leadership review. Accordingly, develops detailed technical and non-technical briefings as well as develops, executes, validates, and audits organizational policy. Provides compliance reports, feedback, and updates to chain of command via IAM regarding current and future development, implementation of measurements, and data strategies concerning cyber compliance statutes, regulations, and audits/inspections. Focal point in, analyzing, completing and responding to business, IT, and IA data-calls.
• Maintains responsibility for ensuring all efforts meet confidentiality, integrity and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, enhancement of information systems, and direct consultation and edifying role with the command IAM. Participates in discussions with Navy CA ODAA, working groups, organizational PMO, and meetings regarding data sharing and data requirements when requested and as required by the IAM.
• Develops and maintains STIG checklists in accordance with current DISA mandates/requirements. Sustains network CIA through daily reviews, assessments, and audits of Bluecoat and LogLogic reports. Frequently scans network utilizing EyeRetina. Designated as the FISMA Lead and accountable for documenting and tracking over 1200 pieces of network hardware and software. Designated as the Department Lead for CND Service Provider inspection.

Confidential

Principal Information Security Analyst

• As a member of the Agent of the Certification Authority ACA for the Department of the Army DA , the position supported DoD and US Federal Government activities in designing and implementing secure network and IT systems solutions defining and refining security requirements formulating sound security architectures implementing technical security solutions conducting technical security tests and evaluations conducting risk and vulnerability assessments of IT systems
• Provided detailed risk mitigation recommendations, including detailed security certification and accreditation documentation in accordance with DIACAP, NIACAP or NIST methodologies and advised supported agencies on Information Assurance requirements and processes. Direct support and assessment was provided through assist visits, VTC, and site evaluation for the DA Network Enterprise Center NEC and Data Centers.
• Demonstrated in-depth knowledge of DoD and US Government security regulations and methodologies as well as evaluating IA controls and preparing C A documentation experience using automated vulnerability assessment tools. Likewise, conveyed a strong working knowledge of IT systems and networking technologies, specifically, security and the security features contained in today's mainstream IT technologies

Confidential

Senior Information Security Engineer Deputy Project Manager

• Provided leadership in critical support to a high-visibility Department of Navy DoN and Military Sealift Command MSC initiative. Responsibilities include leading the execution of IT network, system, communication security assessments and the data gathering, assembly, and submission of the C A packages. As the lead member of a Security Engineering Team, self-motivation, flexibility, and team-orientation were all orchestrated in all activities related to project, remediation, and C A efforts. In addition, supported in a senior advisory capacity was provided when conducting IA questionnaires and interviews with DoN Personnel, perform System Test Evaluations ST Es and translation of collected data points into compliance documents as they pertain to the DoD Information Assurance, Certification and Accreditation Process DIACAP .
• As a Deployment Lead, complete oversight for logistics of security test and evaluation T E teams that supported scanning for remediation through security patch installation as well as operating system registry fixes. Concurrently, responsible for efforts in support of C A through scanning of EyeRetina and DISA Gold Disk. To date, efforts have resulted in over 56 site visits and 85 site hardening efforts in support of remediation and C A.
• As a Deputy Project Manager and lead In loco parentis , day-to-day duties also involved close coordination with the government manager s in order to anticipate and prepare for upcoming events, requirements, challenges, and mandated international scope. Concurrently, duties also include acting as a centralized liaison working with the IAM and Designated Approval Authority DAA representatives in submitting C A packages for approval. Responsible for the development, refining completion, submission and monitoring and control of: Monthly Status Reports, Meeting Support, Project Deliverables, Data Calls, and Whitepapers.

Confidential

• Computer Information Science CIS Adjunct Instructor Instructs academic subjects, Introduction to Operating Systems, Introduction to Microsoft Office Applications, Introduction to Networking Network , Network/Cyber Security Concepts Security , and Advanced Countermeasures and Defenses for Networks to groups or individuals requiring private instruction, adapting curriculum to meet individual's needs. Meets regularly with students requiring academic improvement, providing assistance in better understanding of a specific subject and developing basic skills and study skills, with or without computer-aided instruction.
• Maintains and develops records on students, curriculum, course syllabi, lesson plans, records of student attendance, evaluating and following up on students' individual progress. Administers exams to class as well as an accurate and fair grading policy. Post grades according to schedule. Ensures that students adhere to school policies. Motivates, encourages, and assists students with career and course selection, as well as class attendance. Maintains current and accurate information and techniques related to subjects taught. Attends in-service training, faculty meetings, and required committee meetings. Assists in development of academic policies and procedures. Serves as academic advisor to designated students.

Confidential

• Information Assurance Case Manager Validation Quality Assurance Responsible for the Information Assurance Certification Accreditation C A process supporting documentation of the Cyber Asset Reduction Security Task Force CARS TF process in the ITIL format. Implemented and reviewed standard processes and procedures for CARS TF Case reviews to be used by all Information Assurance personnel, thereby, ensuring expedited, proficient, and accurate documentation and artifacts are available for validators and adjudicators in the C A process.
• Managed 8 personnel in the certification and accreditation of systems and applications on Navy Legacy Networks to facilitate the migration of the systems and applications to more secure NMCI Network. Ensured work flow documentation for the C A validators employing NIST Special Publication 800-37, NIST Special Publication 800-53A, and formal risk documents/policies/procedures relating to Risk Assessment before presentation to the Navy Certification Authority CA and/or Navy Designated Accrediting Authority DAA for an adjudicative decision, i.e., an Interim Authority to Operate IATO or an Authority to Operate ATO .
• Daily collaboration with system/application/network owners, Navy CA representatives, and the Navy DAA representatives to move system/application packages to receive an Interim Authority To Operate IATO or a final three year Authority to Operate ATO with the intention to migrate the system/application off the Legacy Network so that the Legacy Network can be shut down
• Led the IA initiative in support of Excepted Network EN doctrine, policy, and Concept of Operations CONOPS . Specifically, three major initiatives were developed, reviewed, updated, and commissioned to include the Navy Higher Education Network NHEN , Excepted Network, and CNIC-MWR Network Concept of Operations. As part of the EN Configuration Review Board CRB process, over 250 networks were purified for IA C A information as well as network circuit CCSD validation.

Security/IA Test Evaluation Project Lead/Manager Confidential

Directed the Security Test Evaluation team in support of C A over six Naval Regions. Led the Excepted Network Enterprise IA/Computer Network Defense CND initiative and IA/CNDS Suite. Supported initiatives at the highest levels in the development implementation of IA/CND doctrine policies.

Senior Information Security INFOSEC Engineer, Professional Confidential

• Implemented knowledge expertise in information assurance/security as well as certification accreditation C A standards and procedures DIACAP Asserted direction on security programs current best practices in IA/INFOSEC Cyber security, analyzing information assurance-related technical problems and providing basic engineering and technical solution support.
• Oversaw migration of legacy networks and systems into the Navy Enterprise enclave worldwide. As an IA/IT security manager and technical expert in support of the CARS initiative, responsible for all aspects of security including but not limited to personnel and Privacy Act information, general government and contractor sensitive information, test and evaluation, scientific, technical, military data. Also provided IA security oversight and management of all approvals for certifications and accreditation SSAA, DITSCAP, and DIACAP , acquisitions, and security review of all information. These documents included on-line submission and management of all legacy and excepted network information into the Department of the Navy Application and Database Management System DADMS , Department of the Navy IT Portfolio Repository DITPR and the CARS Case Tracking Tool.

Confidential

Knowledge Management Analyst

• Led the design, development, and implementation of Knowledge Management KM strategies to include effective configuration identification change management programs, organizational impacts, intellectual capital sharing, institutionalization, IT alignment, and performance measures for KM under USJFCOM J7 JWFC .
• Applied expertise in SharePoint 2007 and MOSS 2007 through consulting leader on current best practices in KM, portal design, and content management resulting in development of new KM governance, business rules, and best practices. Analyzed business processes, interviewed stakeholders, and evaluated strategic and IT plans to develop KM governance structures and processes for implementing KM programs and systems.

Confidential

Information System Officer ISO , Information Assurance Manager/Officer IAM/IAO , Cyber-Defense Analyst, Project Management/Coordinator

• Directly oversaw the certification accreditation, security test evaluations, risk management and scanning probes of over 23 legacy and research, development, technology engineering networks for Command Naval Sea Systems Command Dam Neck, including, the organizational SIPRNET HREN connection and the C5I-visioned Cooperative Engagement Capability CEC Horizontal Fusion Web Server that allowed the first-ever display of CEC tactical data transmitted through SIPRNET. Identified, validated, and documented mission-essential requirements for a Protected Distribution System PDS in support of Command Strike Force Training Atlantic and Command Naval Sea Systems Command Dam Neck to procure an increased security posture, ensure classified network integrity, and improve future coalition interoperability. Intimately familiar with the DOD 8500-DON 5239 series. Utilized DISA Gold Disk, Eye Retina, Internet Security Scanner, NESSUS.
• Planned, directed, and overhauled cooperative operations and the strategic training baseline between Command Strike Force Training Atlantic, Naval Information Operations Command NIOC , and the Carrier and Expeditionary Strike Groups. Led joint planning, preparation, and initiatives with NIOC Red Teams on computer network attacks CNA and exploitations CNE , employing state-of-the-art hacking techniques and capabilities that identified strike group network vulnerabilities, exploits, and exposures resulting in network and IT mitigation, hardening, and certification of tactical networks for proficient inter-operability. As the Cyber White Cell for Naval Information Operations Command and IA/Cyber authority for Strike Force Training Atlantic, responsibilities included exercise planning, forensic analysis, strategic authorization, operational balanced risk management, metrics capture, evaluation, and recommendations to senior commanders during deployment exercises SUSTEX JTFEX and certifications C2X . The CND efforts resulted in identified network and application specific security problems and evaluated security patch compliance. In addition, efforts captured metrics that supported proposed courses of action COA , provided commanders security recommendations, and network engineering solutions of state-of-the-art technologies. Long term evaluations resulted in the first Lean Sigma Six CND Process Improvement Initiative sponsored by COMNAVNETWARCOM, COMSECONDFLT N7, and SPAWAR to re-standardize courses of action, concepts of operation CONOPS , and procedures for implementation and design of detection tools for integration into multi-level security architectures for the Strike Groups, Deployed Units, and NIOC Blue Team Training and preparation.
• Ensured compliance with hundreds of Naval Computer Tasking Orders CTO , Information Assurance Vulnerability Management IAVM , and IA data-calls. Furthermore, was responsible for supervising and documenting the sanitization of over 400 unclassified and classified hard drives. Administered over 130 Public Key Infrastructure PKI accounts and certificates. Attained a passing score for two DISA Enhanced Compliance Visits ECV with one site attaining zero high and medium findings. Instrumental in the Developmental Designated Accrediting Authority commissioning. Identified and prevented a mis-categorization of two electronic spillages that saved the Department of the Navy over 25,000 in network sanitization expenses.
• As a Legacy and Business Applications Analyst, served as the focal point for the organizational-wide Navy Marine Corps Intranet NMCI cutover and transition through supervision of over 380 NMCI seats, including, the configuration identification and management of 110 NMCI Science and Technology S T seats for Command Naval Sea Systems Command Dam Neck
• Responsible for and administered the premiere IT-21 LAN and communications suite on the Atlantic Cruiser-Destroyer waterfront for USS CAPE ST. GEORGE CG 71 .
• Knowledge Management
• Provided subject matter expert mission support and mentorship of the Navy's information and data management requirements for seamless information flow as the Collaboration at Sea CAS Administrator. As Knowledge Web-Master K-Web , enhanced the Navy's ability to disseminate lessons learned, battle rhythm, strategic planning and exercise requirements to Strike Group staffs for Atlantic Fleet exercises and strike groups.
• Spearheaded the collaboration efforts to adopt new Naval Mission Essential Tasks in knowledge Management. Specifically developed, verified, validated, and documented the Navy's new metrics for KM, providing commanders with actionable information on which to base critical operational decisions.
• Improved information sharing, archiving, and data labeling through a conducted five month analysis of share drive utilization and employment
• Conceptualized, designed, and created the organizational IA Intranet page for Command Naval Sea Systems Command Dam Neck to include a central point for all IA questions, references, and resources.

Command, Control, Confidential

• Maintained the Electronic Key Management Systems EKMS account for USS CAPE ST. GEORGE CG71 in impeccable and flawless condition. Obtained a perfect score in a command/staff EKMS inspection with a noteworthy remark by the inspector for the account as, the best they had ever seen.
• Led the radio suite for USS CAPE ST. GEORGE CG71 in HF Mobile Command Network exercise to an unprecedented perfect score for transmission and response in summer 2000
• Instrumental in the radio suite renovation and communications upgrade for USS CAPE ST. GEORGE CG 71 including NAVMACS II and SHF installations. Coordinated a HF whip antenna self-help project with saved the Department of the Navy 50,000 in scarce repair funds.

Human Resource Affairs and Team Leadership

Led both military and civilian divisions and projects of up to 140 personnel including 12 Information Assurance Officers with full responsibility for work assignments, scheduling, performance review, disciplinary action, budgeting, and long-term career planning, training lectures, professional development, and promotion. Expert in evaluating personnel needs and developing responsive training programs in IA and CND/CNA.

• Managed the tracking, monitoring, and quality assurance of over 800 job control numbers JCN and 120,000 man-hours to include the completion of over 100 quality assurance inspections for USS DWIGHT D. EISENHOWER CVN 69 .
• Responsible for the implementation and completion of 11 process improvement plans in support of a 2006 Department of the Navy Inspector General Audit.
• Specialized Commercial Training DISA, USN, IA, KM, Leadership Schools
• Certified Ethical Hacker C EH - 2013
• Planning Administering Server 2008 Servers 2013
• Configuring Troubleshooting Server 2008 Network Infrastructure - 2013
• Configuring Identity Access Solutions with Server 2008 Active Directory
• Configuring Troubleshooting Server 2008 Active Directory
• Microsoft Server 2008: Configuring and Hardening Active Directory, ECPI University - 2012
• DISN Services, DISA-2011
• E-Mass Training, DON-2011
• DIACAP Training, DISA-2010
• Department of Defense IA Boot Camp, DISA-2008
• VISTA Security, DISA-2008
• NETOPS 100, 200, 300, 400 , DISA-2008
• COMSPAWARSYSCOM C4ISR-IT Seminar, USN-2004 2007
• Department of the Navy Chief Information Officer Knowledge Manager Course, USN-2007
• Afloat Knowledge Manager Course, USN-2007
• Staff Tactical Watch Officer Course, USN-2006
• Information Communication Manager's Course, USN-2006
• Network Security Readiness Review, DISA 2005
• Information Assurance Manager NEC 2779 , USN-2003
• Electronic Key Management Systems Course, USN-1999
• Information Systems Officer Course, USN-1999
• Surface Warfare Officer School, USN-1999