OBJECTIVES

I like a handson management role in strategy architecture, policy procedures, operations maintenance, implementation regulatory compliance, awareness training, communication, and business development in information technology IT , information assurance, cybersecurity, privacy, identity theft, security engineering, wireless cloud security, healthcare information security, enterprise security, defenseindepth, IV V, gap analysis, audit, security testing evaluation, plan of action milestones, continuous monitoring, contingency planning, disaster recovery, continuity of operation, business impact assessment, risk reduction asset protection, assessment authorization, certification accreditation, IT risk management, and customer satisfaction. I have served federal state governments, corporations, healthcare organizations, and universities for 35 years. I taught Cybersecurity, CISSP, Security , and MCSE classes for 15 years at University of Maryland as an Assistant professor. My credentials include degrees like Doctor of Management ecommerce/cybersecurity/privacy/identity theft , BS/MS IFSM , MS Biology , and six certificates CISSP, CISM, CAP, IAM, IEM, Certificate in Cybersecurity .

PROFESSIONAL TRAINING

IT risk management, information assurance, communications and wireless security, cyberspace, cyber threats, cyber weapons, cybercrimes, cyber warfare, cybersecurity, privacy, identity theft, intrusion detection, intrusion prevention, incident response, digital forensics, eDiscovery, chainofcustody, disaster recovery, business impact assessment, continuity of operation, eCommerce, enterprise security architecture, identity access management, Cain Abel, Nmap, Wireshark, MBSA, AVG, Nessus, cyberphysical system security, cryptography, hashing, digital signature, cloud security, malware protection, NISTSP800 guidelines, security documentation, security audit, IV V, gap analysis, security test evaluation, plan of action milestones, certification accreditation, continuous monitoring, cybersecurity assessment management security acts, regulations, HIPAA, GLBA, SarbanesOxley, FIPS standards, ISO 27000 series, COBIT, SDLC, EVMS, NIST guidelines, regulatory compliance, project management, business development.

RELATED SKILLS

• SME Subject Matter Expert in cybersecurity, digital privacy, policy, procedures, configuration management, hardening, information assurance, building secure system, and IT risk management
• SME in security categorization, system security planning, security testing evaluation, plan of action milestones, certification and accreditation C A , continuous monitoring, and training
• 15 years in teaching Cybersecurity, CISSP, Security , MCSE classes at University of Maryland
• 10 years in business development strategy, technical writing, implementation methodologies
• SME in enterprise security architecture, disaster recovery, and continuity of operations COOP
• SME in contingency planning, emergency preparedness, and conducting exercise/drills/testing
• SME in defenseindepth, regulatory compliance FISMA, HIPAA, ISO 27000 series, OWASP, COBIT, GLBA, SOX, FIPS standards , NISTSP800, IV V, gap analysis, and common criteria
• SME in FISMA audit and recording in cyber security assessment and management CSAM tool
• SME in eCommerce, cloud security, managing multicultural and crossfunctional team, budget

WORK EXPERIENCE

Confidential

Management Consultant IT Risk Management, Cybersecurity, Privacy, Identity Theft

Responsibilities: Responsible for IT risk management and regulatory compliance management consultant, training business development in the area of information technology, information assurance, cybersecurity, policy, procedures, network cloud security, wireless security, secure architecture, identity control, access management, eCommerce, eGovernance, PII, PHI, privacy impact assessment, healthcare information security, security testing and evaluation, POA M, IV V, gap analysis, and certification accreditation. Manage cybersecurity/privacy laboratory. Teaching handson practicing Nmap, MBSA, AVG, DVWA, Wire shark, SNORT, and Nessus tools. Helped three large/medium corporations of Washington DC area in business development.

Confidential

Assistant Professor/Course Chair, Cybersecurity/Computer Technology Departments

Responsibilities: Teaching since 2000. Taught cybersecurity, privacy, risk management, CISSP, Security , Network , MCSE, enterprise security architecture, application telecommunication security, and different threat modeling including OWASP. Served as a course chair for 3 years and academically supervised 12 faculty members. Served as the content expert of the Network class. Guided projects in security architecture, cyberspace, cyber threat, cyber weapon, cyber warfare, cyberattack, cybercrime, cybersecurity, privacy, eAuthentication, PII, privacy impact assessment, cloud security contingency plan, disaster recovery plan, continuity of operation plan COOP , and their exercises/drills secure access control, identity access management IAM , singlesignon SSO , public key infrastructure PKI , digital signature, IPSec, DNS, and DHCP virtual private networking VPN , demilitarized zone, intrusion detection system IDS , intrusion prevention system IPS , penetration testing, ethical hacking vulnerability scanning, analyzing, reporting threats and threat agents trusted communication networking security categorization, configuration management, system security plan SSP change control management, business impact analysis common, hybrid, and system specific security controls internal/external audit, independent verification validation IV V , gap analysis, risk assessment, security testing evaluation ST E , plan of action milestones POA M , certification accreditation C A , continuous monitoring, patch management, hardening, and defenseindepth cryptography hashing confidentiality, integrity, and availability CIA incident response, digital forensics, legal evidence, chainofcustody, risk assessment report, and IT risk management. Evaluated US/International acts and regulations on IT security/privacy including OMB, FISMA, FISCAM, SOX, GLBA, HITECH, and HIPAA mandates FIPS, ISO 27000 series, and PCIDSS standards industry best practices COBIT, NIACAP, DISTCAP, OCTAVE, and NISTSP800 guidelines.

Confidential

Director Cybersecurity, Privacy, Information Assurance, and IT Risk Management

Responsibilities: Was responsible for designing, developing, operating, and managing its new national international consultancy services in information technology, information assurance, cybersecurity, digital privacy, network security, healthcare information security, cloud security, identity control and access management, eCommerce, disaster recovery, COOP, and IT risk management. The scope included the gas petroleum industries in Nigeria, workshops, training, testing, certification, conferences. Conducted an IV V, gap analysis, and security compliance testing of personally identifiable information, protected health information, and completed a privacy impact assessment PIA for the Health Exchange Program of Hawaii State and its stake holders including healthcare providers and insurance companies using Center for Medicare and Medicaid Services CMS guidelines. Completed design, planning, and projection of two stateoftheart facilities for research/training on investigative, defensive, and offensive cybersecurity.

Confidential

Senior Manager Information Assurance, Cybersecurity, Certification Accreditation

Responsibilities: Was responsible for security policy, procedures, architecture, identity access management, cybersecurity, privacy, cloud security, eCommerce, assessment validation, plan of action milestones POA M , certification accreditation C A , continuous monitoring, hardening, patching, and regulatory compliance. Designed, tested, and documented C A of four DOT/FAA IT systems Information Security Business Portal, Logical Access and Authorization Control Service, Investment Management Tools, and System Architect and seven DHS/FLETC systems Financial Accounting Budgeting System, Emergency Security Solution, Information Security Architecture, FLETC Collaboration System, Artesia Administrative Network, Internet System, and Environmental Data Integration System . Implemented federal regulations, FISMA, OMB circulars/memorandums FAA, FLETC, DOT, and DHS orders/guidelines FIPS standards, NIST guidelines 80018, 80030, 80034, 80037, 80039, 80047, 80053 R4, 80053A, 80060, 80083, 800122, 800137, 800153, etc. security requirements traceability matrix SRTM , and industry best practices. Designed, developed, reviewed, examined, and tested security policies, procedures, system security plan SSP , IAM plan, configuration management, IT change management process, disaster recovery plan, COOP, business impact analysis BIA , security categorization, privacy threshold analysis, privacy impact assessment, contingency plan CP CP training, testing, and drills security testing and evaluation ST E plan, ST E testing, and reporting security posture, risk assessment, POA M, security assessment report SAR , executive summary, certification and authorization memorandums, and continuity of operations. Designed Cybersecurity, Privacy, and Information Assurance division for the company. Attended management retreat. Participated in the 5/15 years corporate strategic planning. Wrote technical contents for business development. Helped in customer satisfaction/retention process.

Confidential

Program Manager Information Assurance, C A / IT Risk Management Framework

Responsibilities: Subject matter expert SME in cybersecurity, information assurance FISMA, FISCAM, and OMB compliances certification and accreditation C A , IT governance, IT risk management framework, FIPS standard and NISTSP800 guidelines, cloud security, enterprise cyber security architecture, security program planning, policy, procedure, personally identifiable information PII , privacy impact assessment, identity theft, data privacy, awareness and training, contingency plan CP , disaster recovery plan DRP , continuity of operations COOP , incident response and exercise, and business impact assessment BIA was responsible for cybersecurity, information assurance, C A program management, business process development, staff training, mentoring, technical guidance, customer satisfaction. Lead cross functional teams. Facilitated, communicated, and reported activities. Conducted risk assessment, security testing evaluation ST E , management assessment, continuous monitoring, independent verification validation IV V , gap analysis. Developed computer based training on incident response IR . Developed security categorization, systems security plan SSP , configuration management plan, security assessment report, executive summary, and plan of action milestones POA M . Was author of CSAM Cyber Security Assessment and Management tools for risk assessment and POA M management visited FAA facilities in Boston MA and Washington DC, and completed C A and authorization of five systems of ARP AST lineofbusiness. Analyzed RFP/RFI, mapped organizational resources to clients' need, provided technical contents, and developed IT business.

Confidential

Program Manager Information Assurance, C A, Risk Management, Secure Software

Responsibilities: Served as a subject matter expert in information security, security architecture, C A, cybersecurity in NOAA/NESDIS and provided program management services FISMA, FISCAM, and OMB regulatory compliance technical guidance, customer satisfaction guided and conducted FISMA audits, risk assessment, security categorization, vulnerability scanning, system security planning SSP , privacy, contingency planning CP , disaster recovery planning DRP , continuity of operation COOP planning, contingency exercise, personally identifiable information, privacy impact assessment, access control, IV V, gap analysis, security testing and evaluation ST E , plan of action milestones POA M , certification accreditation C A , and continuous monitoring for critical infrastructures, major application, general support system, and industrial control system ICS reviewed policy, procedures, SOP, SOW was responsible to procure, recruit, train, assign, facilitate, mentor, monitor, deliver, and report on contractual tasks provided consultancy service in building secure systems by incorporating security during SDLC.

Confidential

Information Security Consultant C A, IT risk Management, Regulatory Compliance

Responsibilities: Developed business. Served Bureau of Alcohol, Tobacco, and Firearms ATF and Department of Commerce DOC as a lead certification and accreditation C A consultant and subject matter expert SME in information assurance, cybersecurity, security architecture, media protection, FISMA audit, and CSAM tools. Contributed in policies, procedures, security categorization, system security plan SSP , access and audit controls, physical and environmental controls, personally identifiable information PII , privacy impact assessment PIA , contingency plan and exercise, disaster recovery plan, continuity of operations COOP , incident response plan, security testing and evaluation ST E , plan of action and milestones POA M management, security assessment report SAR , certification and accreditation C A , awareness and training, independent verification and validation IV V , gap analysis, risk based decision RBD , and continuous monitoring. Conducted IT risk assessment, IT vulnerability and threat analysis, waiver management, IT configuration management, and business impact assessment BIA . Counseled system owners, designated security officers, and contingency coordinators on security governance, intrusion detection and prevention, eauthentication, secure communication, encryption, digital signatures, patch management, vulnerability scanning, incident reporting, IT forensic, chainofcustody, and media sanitization. Implemented FISMA, FISCAM, OMB, SOX, GLBA and other regulatory compliance FIPS standards, NISTSP800 guidelines, and industry best practices. Developed and validated service level agreements, memorandums of understanding, standard operating procedures SOP , and interconnection security agreements ISA . Analyzed concept of operations, security architectural design, and requirement traceability matrix, Assured separation of duty, least privilege, hardening, and defenseindepth. Contributed to the architectural working group, change control board CCB , integrated project team IPT , and building secure IT systems.

Confidential

Chief Information Security Officer FISMA Compliance, C A, Risk Management

Responsibilities: Established strategic vision and business planning on information technology IT , information assurance IA , cybersecurity, privacy, and IT risk management. Implemented FISMA, FISCAM, and other regulatory security compliance. Served as the subject matter expert SME . Developed policy, procedures, and guidelines. Conducted independent verification and validation, gap analysis, ST E, and certification accreditation C A of FLETC Federal Law Enforcement Training Center information systems. Developed contingency plan, disaster recovery plan, and continuity of operation plan. Conducted drills/exercise. Developed business.

Confidential

Subject Matter Expert Information Assurance, FISMA Compliance, C A, IV V

Responsibilities: Served as a subject matter expert SME in cyber security and data privacy at OPM and USDA implemented FISMA, FISCAM, OMB, FIPS, NISTSP800, other regulatory compliance, security mandates, standards, and guidelines developed security policy, procedures, system security plan SSP , contingency plan, and disaster recovery plan conducted CP excises monitored security control, access control, personally identifiable information PII conducted privacy impact assessment, IV V, gap analysis, risk assessment, change management, business impact analysis, ST E testing, POA M management, and certification accreditation C A of Learning Management Systems LMS . Monitored awareness and beginner/refresher training.

Confidential

Principal Analyst IA and Privacy regulatory compliance, risk management, IV V

Responsibilities: Worked for the Department of Interior DOI , distributed tasks and ensured quality of deliverables from subcontractors, kept security documents updated, performed risk assessment and gap analysis of governments systems, managed plan of action and milestones POA M , coordinated rolebased training, developed contingency plan, incident response plan, and C A guidelines. Contributed in FISMA, SOX, and HIPAA compliance security plan, risk management, security control matrix, business development, security architecture, and privacy.

Confidential

IS Project Manager C A for NIH and Maryland State Voting IV V for USDA

Responsibilities: Implemented FISMA, FISCAM, OMB, and other information security IS regulatory compliances conducted risk assessment, independent verification and validation IV V , and gap analysis of 200 systems of United States Department of Agriculture USDA evaluated system security plan SSP , security selfassessment, incident response plan, security testing and evaluation ST E results, plan of action and milestones POA M , trusted facility manual TFM , IT security features user guide SFUG , contingency plan CP , systems control compliance matrix, and privacy impact assessment. Conducted an IV V and gap analysis on the risk assessment documents of the State of Maryland Voting Systems. Conducted C A of a NIH system. Evaluated and validated SSP, ST E, action plans, and other C A deliverables to NIH.

Confidential

Information Security Analyst C A, Policy and Procedures, and FISMA Compliance

Responsibilities: Conducted security control testing and risk assessment at U.S. Mint. Analyzed PII documents updated privacy impact assessment, configuration management plan, security categorization document, system security plan, and contingency plan CP and conducted CP drills. Recommended role based training RBT . Drafted Standard Operating Procedures SOP .

Confidential

Position: Project Manager Business Software Development, Integration, and Implementation

Responsibilities: Managed development of large scale financial system tools coordinated with business managers assessed risks implemented GLBA SOX regulations analyzed, designed, coded, quality/user acceptance tested, integrated, implemented, and maintained was responsible for budget, industry best practices, staff recruiting, training, awareness, change and configuration management, contingency planning, security, management reporting, and customer satisfaction.

Confidential

Position: Systems Analyst, Database Engineer, Network Administrator, Analyst Programmer

Responsibilities: Performed risk analysis initiated, analyzed, designed, programmed, QA tested, validated, integrated, deployed, managed, and maintained twelve database application systems in the Environmental Health and Occupational Safety division analyzed, designed, developed, and deployed a Students Enrolment, Placement, and Training System for School of School of Social Work designed and developed a Vaccination Monitoring System for Maryland State Police was responsible for training, data privacy, database engineering, information assurance, configuration and change management served as database administrator, Netware/NT Network Administrator.

Confidential

Database Developer, Vaccine Testing Unit of the Department of International Health

Responsibilities: Developed 3 interactive database application systems for vaccine trial, vaccine testing, and health care projects of Johns Hopkins Hospital, Johns Hopkins Travelers Clinic, and Navajo Vaccine Trial Projects performed users' requirements analysis, system design, coding, acceptance testing, integration, deployment, users' training, and maintenance developed user's guide, IT contingency plan managed vaccine trial databases, and generated management reports.

Confidential

Archive Manager, Senior Data Management Officer, Project Manager

Responsibilities: Designed, developed SDLC , deployed, and managed 7 database applications for hospitals, diagnostic/research laboratories, and vaccine trial programs archived hospital and laboratory data and live specimen was responsible for strategic planning, business development, budget, interdepartmental liaison, business process reengineering, contingency planning, incident handling, emergency preparedness, disaster recovery, COOP, documentation, and reporting and managed cost recovery, data collection, validation, privacy, integrity, processing, and helpdesk.

Confidential

Data Processing Officer IT Head , Procurement/Supply Officer, FSO Fac. Sec Off.

Responsibilities: Directed IT programs lead procurement and supply teams was responsible for corporate vision, strategic planning, policy, standard, guideline, process, audit, liaison, budget, recruiting, training, team building, regulatory affairs, management reporting, communications. Analyzed, designed, developed, and implemented applications on aviation governance, air traffic management, aircraft inspection, passenger movement, toll collection, HR/payroll management, accounts and assets management, stock control, procurement, supply management, regulatory compliance served as the counterpart to ICAO expert and in National Air Transport Committee.

Confidential

Adjunct Faculty, MIS Department

Responsibilities: Designed curriculum, selected text books, developed teaching and examination materials taught classes on systems analysis, programming, networking infrastructure, database design, and information technology management and evaluated skills for undergraduate degree.

Position: Instructor MCSE Department

Responsibilities: Designed, developed, and coordinated certification curriculum in information systems networking supervised and taught MCSE Microsoft Certified System Engineering classes at multiple centers conducted examinations and issued course completion certificates.

Confidential

Professor of Biological Science Honorary Service

Responsibilities: Designed and developed course curriculum on Botany and Zoology. Delivered classroom lectures. Guided students' handson laboratory exercises. Conducted semesterending tests and annual examinations. Evaluated and graded students' performance for class promotions.

Confidential

Head of the Biology Department, Director of Sports, and Superintendent of Dormitory

Responsibilities: Served as the Chair of the Department of Biology. Designed and developed course curriculum on Botany and Zoology. Scheduled class, delivered classroom lectures, and guided students' handson laboratory exercises. Supervised/conducted semesterending tests and annual examinations. Evaluated and graded students' performance. Managed indoor and outdoor sports. Supervised student dormitories. Served in the Board of Directors and lead drives for fund.