EXPERIENCE SUMMARY:

A Cyber Security, Information Assurance and Information System Development IA specialist with over 28 years of experience in operation security, physical/personnel security, documentation preparation, Enterprise and Organization Risk Management, risk and threat analysis, policy development, systems security/administration, programming, customer support, and backup procedures. Perform as senior level position contractor for: FISMA NIST Certification and Accreditation program subject matter expert SME , ST E testing support and Risk Framework implementation for Commercial, Federal and Department of Defense customers. Navy certified as an Information Systems Security Officer ISSO , Information Security Officer ISO, CSO , Information System Network Certifier NISTISSI 4015 and ISC2 CISSP. Demonstrated experience with DoD and NIST C A tools to include E-eye Retina, Telos Xacta, DISA STIGS, SRRs and similar standard tools to generate C A artifacts and assessments. Demonstrated disciplines with Federal Information Security Management Act FISMA , Health Insurance Portability and Accountability Act, Sarbanes-Oxley SOX-OX , threat, risk, and mitigation analysis for implementation with various Certification and Accreditation C A processes. A primary contributor to Air Force Instruction for the Certification and Accreditation of Air Force Industrial Control Systems ICS and SCADA a Cyber Security Program . Expert Risk Management Adviser provides end-to-end comprehensive evaluation and management of all Risks thorough accepted, Security, Business, Operational and Project risk management practices. Risks are articulated to Senior Stakeholders and customers considering the tone, culture and operational contractual concerns, briefs, white papers and documentation updates. He has provided organization customer's since 1996 with the assurance of contractual obligations met, exceeded and captured defined requirement deficiencies from the customer's perspective. An Information Technology Expert with years working with developers and customers, held the capacity of the customer and funding source for over 300M in IT development signatory for customer acceptance. He understands the Enterprise Architecture, Enterprise Security Architecture, Software as a Service SaaS and the host of similar services in IT environments such as Google hosting services and internal corporate hosting services. He has experience in defining, presenting and negotiating the plan forward that enables contract execution to avoid arbitration or breach of contract legal actions which become costly and ultimately slow developer delivery of capability to the customer. Has the unique ability to impartially represent and understand both sides of the IT requirement. Evaluates expected, explicit and implicit arguments to ensure a fair settlement/resolution is obtained to all stakeholders. This Adviser is experienced in providing Senior Leaders with the decision alternatives and the repercussions. He is skilled in bridging the gap between IT and Business communities at the Senior Level understanding the needs of both and strengthens those relationships through mutual understanding the concerns of both. He describes complicated IT solutions in business terms with realistic goals that address needs of operations to requirements and obligations. The end product always ensures the customer's full functionality is enabled as soon as possible and that the capability is operating within the customer's legal, regulatory parameters and the business mission goals are being met.

EXPERIENCE DETAILS:

Confidential

• Certification Authority Representative CAR SME for Army G6/CIO Senior Information Assurance Officer SIAO . Provided independent residual risk assessment for SES and General Officer level signature and review. As an Army CAR directly interface with Army IAPM's, System Owners, DAAs and Army Senior Leadership. Provide technical and mission residual risk and recommendation. Speak for the SIAO in all communications regarding system Cyber Security measures. Perform as a team lead, team member and individual in a fast paced high performance environment.
• Army CA Office reviews and recommends approval for all IT used in the U.S. Army inventory, under development, and demonstration tests of new technologies. Maintain subject matter expertise in all legacy, current and developmental IT. Subject Matter Expert detail IT implementation weaknesses from Cloud to SCADA IT implementation. Define the weaknesses, mitigations, remediation, compliance to all regulatory requirements and mission. Support Army mission.

Responsibilities:

• Evaluate risk of all Army IT conduct Risk Assessment and residual risk to mission and network.
• Prepares formal Memorandums for Army SIAO to GO and SES level detailing risk acceptance.
• Negotiate and capture risk tradeoffs between mission, organization and IT.
• Perform as Army SME for IT risk, brief, train, capture and document.

Confidential

Senior Staff Tools Designer Enterprise MCEN Enterprise Management

Provide leading edge capabilities evaluation and assessment for all Marine Corps Enterprise tools. Provide compliance, latest regulation and statutory requirements for operation of the MCEN/JIE. Ensure current inventory of tools retain usefulness, compliance requirements. Develop gap analysis between current and future compliance and regulatory requirements. Advise Government for Architecture, system and operations support required to meet and comply with newly developing concepts and regulations. MCEN is an automated network it is one of the largest WAN network of interconnected locations and world-wide. MCEN operated from the MCNOSC Quantico delivers IT Services from the business desktop to the fox hole in support of U.S. Marines world-wide.

Confidential

• Provide Information Assurance Program support as Information Assurance Manager IAM a CETA contractor at Defense Logistics Agency DLA Project Management Office named Next Generation Resource Management System NGRMS . Responsible for the secure and compliant acquisition, procurement, source selection and secure system development of DoD Budget this is a major application. NGRMS has Financial, Budget, multi-level security as well as multiple stakeholders from DoD Component to United States President. NGRMS is the automated system which delivers and provides justification for the entire DoD Budget to Congress and United States taxpayer.
• NGRMS will utilize emerging technology, processes, trends, capabilities and techniques to incorporate state-of-the-art information technology enabling the ability to process, administer and report resource management data and to automate business processes within a more robust analytical environment within the Office of the Under Secretary of Defense Comptroller OUSD C . NGRMS will replace redundant inefficient legacy systems to provide for the effective formulation and justification of the Defense Budget.

Responsibilities:

• Ensures compliance with Federal, DOD and DLA information technology and security requirements, policies, procedures and standards as applicable per DoD Business Capability Lifecycle BCL acquisition and development DTM.
• Review all requirements, interfaces, design documents and test plans to ensure compliance with security requirements and Privacy Act compliance.
• Support the program office with the accreditation process by developing, supporting and maintaining DIACAP packages develop IA related artifacts as required per BCL guidance monitor software development for security issues, perform assessments of software releases and update documentation as necessary perform informal security assessments monitor and coordinate security actions for new interfaces provide support to initiate and monitor corrective actions.
• Develop and establish PMO Risk Management Program.
• Create IA related System Development Lifecycle documentation for PMO required for Milestone Decision Authority, Milestone A, B, C.
• Establish IA programmatic processes and programs.
• Establish PMO IA program.
• Speak for Title 10 PMO on all IA related issues as Government
• Responsible to DLA CIO and DAA for IA Program and all IA related issues.
• Coordinate with DLA Certification Authority CA , OSD CIO CA/DAA for hosting security requirements and building body of evidence to support application hosting.
• Source Selection Board Member for NGRMS contracts award.
• Coordinate with Contracting Officer, Contracting Officer Representative, and Program Manager for all NGRMS specific IA language, constraints and IA requirements.
• Develop and defend NGRMS Acquisition Information Assurance Strategy AIAS

Confidential

Senior Information Assurance/Security Auditor Independent Assessor

Provide Information Assurance consultant services for NASA Mission Systems Chief Information Assurance Officer CISO and Chief Information Officer CIO . Provide NIST and FISMA based IV V Certification and Accreditation for NASA Mission Systems. NASA mission systems are primary NASA services which provide many external entities, US Government, Foreign Governments, Corporations capability for launching and control of space vehicles and ground control stations. Type of systems: Mission Satellite Control , Mission Control Rocket Launch Control , Business, LAN, WAN, Enclaves, Data Centers, Network Operations Center NOC , Security Operations Center SOC , Industrial Controls Systems ICS , SCADA, SAP, Enterprise resource planning ERP , Science, Research and Development SR D , Research, Test and Development, Industrial Control Systems ICS .

Responsibilities:

• Provide NIST and FISMA based Certification and Accreditation for NASA Mission Systems.
• Determine risk to organization, data and customers.
• Provide NIST based certification packages, Security Assessment Risk and Residual Risk statement and out brief with Authorizing Officer AO .
• Manage customer expectations and insight services for proposal submission including content and structuring. Capture the work break down schedule to meet or exceed customer expectations.
• Negotiates acceptable risk and Plan of Actions and Milestone entries for NASA internal organizations.
• Conduct security assessments, ST E and IV V as the Independent Auditor.
• Interpret and apply the following policy and guidance to NASA IT Systems evaluations:
• NIST SP800-18 Guide for Developing Security Plans for Federal Information Systems.

• NIST SP800-30 Risk Management Guide for Information Technology Systems.
• NIST SP800-53 rev3 Recommended Security Controls for Federal Information Systems.
• NIST SP 800-53A rev1 Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans.
• SP 800-82 Guide to Industrial Control Systems ICS Security.
• NASA and NASA Goddard procedures and best practices.

• Responsible as a corporate entity to the NASA Goddard CIO and Authorizing Officer AO/DAA for accurate assessments of CIO IT Systems.
• Responsible for business development and contact development
• Responsible as a Team Lead for product and deliverable
• Responsible to certify the assessment products

Confidential

Business Development Information Assurance Consultant-Principle

• He provided consultant services for corporate business development efforts and contractual risk, project risk. Provide fresh perspective to drive Intekras business forward in the areas of: Business Growth Planning, Strategic Marketing Planning, and Cost Reductions Restructuring. Enable growing business relationships within the Information Assurance IA business community. Provides expertise in Intekras' IA business line and future of the IA and Cyber Security business line to the Partner's for business growth. Analyzes, recommends and provides long and short-term business strategy to capitalize on IA and Cyber Security community opportunities. Advises CEO and Corporate Partners on Federal, DoD and Corporate IA needs, targets specific business marketing strategies and opportunities that meet and grow the business vision. Using IA and Business expertise executes service as Red/Gold Team IA SME. Provides customer expectations and insight services for proposal submission for content and structuring the work break down to meet or exceed customer expectations within the proposal. Provides customer expectations and insight services for proposal submission for content and structuring the work break down to meet or exceed customer expectations within the proposal.
• Advise on upcoming opportunities as technology, regulation and current business needs evolve within the IT business space government and commercial. Advise on company positioning to better capture niche specialty work within the next area of contracting and increase sales.

Responsibilities:

• Provide Red Teaming and Gold Teaming services.
• Maintain relations with useful external entities to produce corporate relationships.
• Analysis of corporate structure.
• Provide briefs to CEO and business staff of potential customer needs.

Confidential

Subject Matter Expert Information Assurance SME IA

• Support National Guard Bureau Directorate of Air Communications NGB/A6 Chief Information Officer CIO as an embedded contractor to extend the Government's workforce with specialized expertise. Core responsibilities include risk management, risk mitigation strategy development, enterprise and enclave compliance and Mission Assurance Subject Matter Expertise IA SME to the ANG/CIO and ANG/CISO. Responsible include IT capability investment, requirements and procurement compliance with OMB CPIC/ITIM capture, reduce and mitigate risk to the portfolio. Provide key decision presentations of Air Force, NIST, OMB and Congressional mandates and instructions on matters of C A, IA, mission assurance, IT Security, IT Investment, enterprise resiliency responsible execution of Enterprise Program Office responsibilities, technical security implementation, and Information Assurance and Security Program analysis. He provides SME services for FISMA implementation, ANG and ANG Program Mangers for Business Process Analysis and IA Compliance and Oversight using AF EITDR and EMASS. Directly advises the Chief Information Security Officer. During provides IT Portfolio Management with return on investment, requirements for capabilities to functionality review. Is one of two people designated in writing to represent NGB/A6 to the Air Force DIACAP TAG advisory body to the AF-CIO, represents ANG interest on multiple working groups on behalf of NGB/A6 normally a GS-13/14 position.
• Present Air National Guard IA Strategy and Concept of Operations to Senior Air Force Leadership AF-DAA, Senior IA Officer and the AF CIO offices. Briefs and provides Air National Guard unique Enterprise and Managed Services implementation strategy for Senior Leader Buy-in, provide ANG concerns for AF change in business process of IA, investment and Security strategy. Represent ANG interest and convey impacts to Senior Leaders at AF Working Groups, High Performance Teams for IT, IT Security, IT Governance and C A strategies, capture, reduce and mitigate risk to the ANG CIO Enterprise IT Strategic Plan, evaluate DISA STIG implementation and impacts to strategy and plans. Working with other AF top level SME and Government Leaders deliver future strategy, impacts and vet decisions prior to Agency and organization implementation. Member of core AF SME working group develop Air Force C A Transition from DIACAP to NIST security standards.
• Air National Guard Portfolio Manager PfM ANG IT Investment Management OMB ITIM established, maintain, govern and monitor compliance with OMB Circular A-11 Section 300.7 through Capital Planning and Investment Control CPIC processes. CPIC structure ensures that all IT investments align with the Enterprise Architecture EA , capability and functionality are appropriately applied to a mission and investments support business needs while minimizing risks and maximizing returns throughout the investment's lifecycle. ANG CPIC relies on a systematic approach to IT investment management in three distinct phases: select, control, and on-going evaluation, to ensure each investment's objectives support the business and mission needs throughout the lifecycle. As PfM managed and responsible for all Air National Guard's IT Portfolio Management program acting as decision authority and Adviser for ANG EITDR Program Manager's System Development Life Cycle SDLC through Enterprise IT Investment Repository EITDR and ANG AF instance of EMASS. Developing policies, procedures, and methodologies for assessing the operational effectiveness, return on investment, capability overlap, and strategic/policy alignment of IT systems, applications, networks, and other infrastructure assets to comply with OMB CPIC and ITIM. Capture, reduce, mitigate and develop Plan of Actions and Milestones for risk to the Investment Portfolio. Skilled with optimizing IT portfolios, identifying duplication systems/assets/technologies/ capabilities /functionality within the organization, and conducting alternatives analysis AoA to determine the optimal approach for eliminating unnecessarily redundant assets, and maximum return on Agency investment resulting in customer purchase decisions. Advise and assist System Owners and their Program Management Offices with preparation of Exhibit 53 and Exhibit 300s. Exhibit 53 is the budget report on Information Technology expenditures. The report contains basic information that links internal planning, budgeting, acquisition, and management of IT resources. Exhibit 300 is the budget justification and reporting document that is required by OMB for major IT investments. Exhibit 300s provide continued Business Case to Senior Agency Leaders normally applied to investments of three million dollars or more, or those investments, capability or functionality that have high executive visibility.
• In capacity of SME provide IAM/ISO guidance for IA and Security implementation. As the primary CISO IA resource guides the 256 ANG enclaves/networks, PMOs, ANG Directorates and ISOs with ANG centralized interpretation of ANG, AF, DISA and DISA STIGs, DoD, OMB and Congressional mandates, policy and implementation. Analyze and advise ANG/A1, ANG/Medical for records, transactional and financial regulatory SAP/ERP role based requirements and requirement implementation. Provided guidance and assistance takes the form of: Site Assistance Visits for local IAM DIACAP and FISMA assessments, email, phone conversations and monthly CCC TV broadcasts to the ANG IAMs, PMOs, ISOs and Stakeholders for trends, questions and assistance. Translates and elevates IA local trends and issues to DISA Connection Office, AF CA/DAA Space A6 , SIAO SAF A6O and SAF OCIO SAF A6 for resolution document and provide DIACAP TAG with agenda items for AF wide resolution. Develops White Papers and similar analytical deliverables, developed the ANG 2010 FISMA Implementation Plan that resulted in 89 ANG Wide compliance an average of 45 increase over the last three years. He provided the planned strategy to establish ANG SBU Enterprise this collapsed 250 Unit enclaves under one governance and program construct which enhances the IT security of ANG Units and implements an Enterprise Centric IA Program, increases security and reduces cost. He provides CISO analysis for IA Program improvement for Oversight and Compliance, Capability Portfolio Management, IT Investment Portfolio Management and Organization and Enterprise Information Assurance Governance.
• Lead for Air National Guard ISR C4 Tactical Predator and Reaper Remotely Piloted Aircraft system security design capture, reduce and mitigate risk to the PMO and Intelligence customers. Provided Raytheon development team and NGB/A2 Program Manager to ensure design met acceptable criteria and requirements in implementation to meet ANG mission requirements. Responsible for briefing Intelligence Senior Leadership on requirements IA and Resiliency strategy, status, certification and testing of system functional and security criteria. Information Assurance Manager / Information Security Officer standing up IA Program during development retained acting IAM for transition to operational units. During time with ANG remained on call for System/Mission Owner IA consultation. Provide Programmatic, regulatory, IA and Security consultation with Air National Guard System and Mission Owners external to Communication Directorate. Provide the gap between mission, business needs and IT requirements. These included financial systems, weapon systems, personnel systems, medical systems, official records systems. Negotiated the accreditation of the ANG PMO system between SAF/A2 IC DAA, AF DAA Space A6 , AF Certifying Authority AFNIC and ANG/A2 ISR . Result: implemented goal/project risk management to successfully deliver ANG ISR capability to the warfighter, mission and end IC customers three months before expected and scheduled operations.

Responsibilities:

• Provide SME capability to ANG CIO office.
• Provide ANG IA Architecture for ANG Enterprise.
• Represent and defend ANG CIO positions to external organizations DISA, Air Force, Army Guard, DSAWG, Intel Community, and National Guard Bureau .

Confidential

Business Development Information Assurance Consultant-Principle

He provides consultant services for corporate business development efforts advising for contract proposal submissions that have an Information Assurance focus to ensure feasibility and quality content. Provide Red Team IA SME services advising on customer expectations and insight for proposal submission for content and structuring the work break down expectations.

Responsibilities:

• Provide Red Teaming and Gold Teaming services.
• Maintain relations with useful external entities to produce corporate relationships.
• Analysis of corporate structure.
• Provide briefs to CEO and business staff of potential customer needs.

Confidential

Subject Matter Expert Information Assurance SME IA to DHS ICE CIO

• Support Immigration and Customs Enforcement ICE a component of Department of Homeland Security DHS . Provide Information Assurance Subject Matter Expert SME Information Assurance services in accordance with NIST, OMB, DHS mandates and Congressional Federal requirements. Capacity of only project SME provided FISMA Performance Plan for IAD Component implementation, Component wide Business Process Analysis for IA Compliance and Oversight and Information Assurance Governance branches. FISMA compliance analysis, Office of Management and Budget OMB mandate compliance, support services include: Business Review and Analysis and follow on analysis and assessment report development. In capacity of SME provided White Papers and similar analytical deliverables to capture, reduce and mitigate risk to the project, and customer strategy for compliance. He provided CISO type analysis for IA Program improvement for Oversight, Compliance and Information Assurance Governance.
• Identity Management - During SME support by IdM Program Office Manager for DHS/ICE HSPD-12 Identity Management Office requested consult on Program Risk. He evaluated DHS/ICE implementation and execution of the Identity Management Program for Program Risk and resolution. Recommendations that resolved Program and Project risk factors were satisfactory delivered to the customer. Evaluation resulted in a deliverable and executable strategy for customer implementation. Alternatives and inter-agency-component actions were included that would lead to successfully implement HSPD-12 DHS/ICE CaC Card and PIV 201 compliant credential program. Plan of Actions and Milestones for the Project and Program level execution included: evaluation of Program objectives and timelines, evaluation and assessment of Active Directory execution and Active Directory technical implementation to meet PIV 201 technical requirements.

Responsible:

• Managing customer relationship
• DHS ICE FISMA compliance
• Providing Organization wide Governance
• Interacting with external stakeholders for CIO positions

Confidential

Senior Security Analyst

• Supported clients by providing Security C A Subject Matter Expert SME services in accordance with NIST: 800-53 Security Controls , 800-26 Self Assessment / FISMA Self Assessment, 800-37 C A of Federal Systems , 800-34 Contingency Planning , 800-32/35 PKI , 800-30 Risk Management , 800-27/64 SDLC IA , 800-18/61 Security Planning , 800-42/85A Security Testing/PIV Testing . Also testing and compliance with Federal Information Processing Standards FIPS : 191 Analysis Network Security , FIPS 199 Security Categorization , FIPS 200 Security Requirements , FIPS 201 PIV and all federal mandates such as FISMA, Homeland Security Presidential Directive - 12 HSPD-12 , HIPPA, Department of Defense Intelligence Information Systems DoDIIS and Department of Defense Information Assurance Certification and Accreditation Process DIACAP requirements and DISA STIG implementation. Support services include: System Security Authorization Agreements SSAA , System Security Plans SSP , Review and Analysis, System Security Plan Review and Analysis, Security Control Assessments Planning and Implementation, and Security Certification Documentation. Perform follow on analysis and assessment report development. In capacity of SME provided SCAP application standards and technologies integration and deployment analysis to DISA DISA STIGs and NIST TIGs. As SME mentor and train employees, clients and customers on technologies, techniques and customer requirements. In capacity of SME provide executive level briefs, and customer interface for issue analysis and solution implementation capture, reduce and mitigate risk to the company, customer, project plan and the IT solution and opportunity for point of sale.
• C A Team Lead FISMA Veterans Affairs O IT FISMA and VA6500 Certification for 604 systems in a 10 month time frame at Hospitals, Finance Centers, Central Pharmacies. As Team Lead coordinated team C A efforts, established senior technical representative on site and managed customer expectations for Information Security Officers, Chief Information Officer, Facility Director, and System Owners. Operate, review and recommend improvement into IA2 software suite development SCAP compliant tool . FISMA certification captured reduced and mitigated risk to the technical and operation of VA systems, hospitals, projects and programs.
• E-Commerce / E-Authentication Security Consultant State of Delaware Internal Revenue Service GRT Program. Provided SME services E-Commerce Security Technical, Programmatic, source code development, High Level and Low level design analysis to the GRT E-Commerce Enabled Program within the Delaware State complex network. Evaluation provided identified IT and holistic risk approach resulting strategy reduced and mitigated risk to the GRT Program. For GRT Program provided a secure web-enabled e-commerce compliant solution used by 80 of the United States incorporated companies for corporate tax E-Filing with the State of Delaware. Provide solution recommendations to meet IRS environmental, IT Architecture, and training constraints to produce a best solution to client's IT and Security requirements. GRT system resides inside the State of Delaware's secure complex enterprise infrastructure in a Mid-Tier environment.
• C A Project and Technical Lead FISMA Veterans Affairs PIV HSPD-12 Identity Management Program Lead for DSA.inc C A team resulting in the certification of the Veterans Affairs Personal Identity Verification credential Program. Provided VA PIV project C A for the body of evidence to include VA policy, government regulations and compliance for OMB regulations A-123, A-127, A-130 , FISMA law, NIST and FIPS requirements. He represented DSA and sub-contractors to the Government Customer as Project Manager and Technical Lead.
• C A Project and Technical Lead Identity Management HSPD-12 Commercial Capacity of the FiXs Security Lead Certification Authority evaluated all FiXs systems and solution for risk acceptance. Certification Authority responsibilities executes independent Security Control Assessments, provides for Implementation Technical Guidance of established security requirements and concepts and manages all authorized system POA Ms to provide a complete FiXs Risk Assessment. Evaluates all applying companies and organization systems documents SDLC, Business, Security Risk Assessment and assigns recommended Plan of Actions and Milestones POA M to reduce the FiXs Organization's Risk. Evaluation includes applying company's proposed environmental and technical implementation and a holistic evaluation and impacts assessment. Final delivery to FiXs.org Board provides a recommendation to the FiXs Chairperson/DAA Authorizing Authority and the FiXs Board.
• The Federation for Identity and Cross-Credentialing Systems FiXs - Executed DMDC DEERS C A using NIACAP process, DoDi 8500.2 and NIST 800-53 security control standards. Project resulted in successful establishment of DoD Cross-Bridge of FiXs and DEERS CaC systems. FiXs Certification Authority CA provides the Federation for Identity and Cross-Credentialing Systems FiXs C A and authorizing through the FiXs Authorizing Official AO, DAA . Provides support as the only authorized CA for FiXs. CA is responsible for advising the FiXs AO and applying companies for Certification disposition, evaluation and certification body of evidence of petitioning systems to NIST, FIPS and FiXs Policy, Guidelines and Business Practices. FiXs is a not-for-profit HSPD-12 compliant dispersed organization for IdM solutions that meet FiXs and use FiXs certified credentials. As a solution to IdM commercial requirement the CA represents a point of sale. For FiXs provided key technical expert evaluation on applicant company SDLC Test Plans, program development and penetration testing.
• C A Project and SME DoD NNPI-U DIACAP Enterprise Identity Management Credentialing Program - Pre-assessment C A of Northrop Grumman NG PKI system to support connection with Navy Nuclear Propulsion Network NNPI-U within the DoD network. This required the evaluation, gap-assessment, and generation of the POA M for NG PKI to meet DIACAP requirements within the US Navy's C A program. Mediator for Interconnection and Memorandum of Agreement between Authorizing Officer, Certification Authority and customer to support National Guard Judge Advocate General requirements. This project was a separate contract from other NG contracts sales of service provided pre and execution of contract.
• Provide C A Consultant for GSA System Development and Integration Requirements Provided SME services for Northrop Grumman PIV Identity Management Managed Services in support of a 66 million dollar General Services Administration GSA contract. Provided the project with detailed pre-assessment for meeting the GSA FISMA requirements GSA functionality and capability requirements, role based schema requirements for ERP/SAP mandatory separation of duties and user ease of use implementation. He guided the establishment of the programs, documentation, and SDLC required support for certification of the project to all DoD, OMB, Federal and IC requirements. Provide selection options and implementation of Enterprise Resource Planning ERP tool. Provided complex government GSA execution implementation guidance for secure Role Based ERP Database requirements functionality, capability and mandatory regulatory compliance. Implemented ERP/SAP OMB security clearance investigation repository Multi-Dimensional Model BM, MM, CRM financial repository tracking orders cost and documentation of implementation capability and functionality requirements to meet GSA contracted requirements. This contract required weekly solution presentation and briefs to NG Business Line Presidents and Vice Presidents buy-in on the NG Program Manager's direction, remaining requirements and current progress.
• Associated Press D.C. Headquarters new facility/building - Provided AP HQ IT Architecture and IT Security Architecture planning, capability functionality and documentation. This project provided for all AP's D.C. HQ IT needs and sales of hardware and software for final product. This project final sale was 8 Million. AP representatives were very pleased with the final sale price compared to a similar architecture and build out had just been completed in the New York, NY AP HQ at 12 Million.
• C A DoD DITSCAP/DIACAP FiXs Trusted Gateway Broker TGB Provided DITSCAP/DIACAP C A services for Northrop Grumman as the contracted provider of the FiXs TGB to support Defense Manpower Data Center DMDC Certification. The FiXs identity-credentialing network currently is the only network certified to interoperable with the Defense Cross-Credentialing Identification System DCCIS infrastructure, the credentialing network of the DoD.

Confidential

• Established and maintained Information Assurance Program, Certification and Accreditation Program and Operational Requirements for Component Level programs. Executed Program Manager of IA Team for six sailors and 3 contractors to successfully implement IA and C A tasks to meet DIACAP and DITSCAP requirements capture, reduce and mitigate risk to the Submarine Enterprise, PMOs and Operational Commanders. Provided Submarine Fleet with DAA and Developmental DAA interface for all Ashore facilities, Afloat units and developmental systems of the Undersea Enterprise. Position required resource scheduling, budgeting, technical proposal review, technical guidance capture, reduce and mitigate project risk and individual training to the IA Team. As N66 established Team working environments for complex technical problems involving all aspects of Information Assurance and IT Operational Programs to provide resolution. Participate in Navy IA/IAM/ISSM working groups, responsible for implementation and execution of SECNAV M-5239 establishing Submarine Force working groups, plans and strategies for execution. Analyze Program needs and current security regulations and guidelines to determine and address Information Assurance Program solution and Request for Proposal requirements. Provided direct oversight and managements of data collection and DoD reporting for all activities. Performed reviews, analysis, tests and evaluations, and produced reports, presenting findings and recommendations, to DAA and other Executive groups. Performed Certification and Accreditation and FISMA Compliance Reviews within the Undersea Enterprise to meet DoD requirements. Update component Guides and Templates, in accordance with published DoD and NIST standards. Managed and approved weekly and monthly Status reports, scorecards and other management tools to achieve 100 compliance with DoD requirements. Conduct quality assurance on all tasks and contractor deliverables prior to submission to Executive Groups. Evaluated personal performance of IA Team Members for career advancement, and provided evaluation of contract performance to COTRs.
• Submarine Force Information Systems Certification and Accreditation Compliance and Implementation, All Information Systems Requirements Manager, Mentor, SME
• Submarine Force IT Operational, Developmental Requirements and Security Manager, SME
• Includes: Identify IA, security and operational system issues, research and recommend preventative/mitigation controls, develop recovery strategies, conduct business impact and privacy impact analysis, C A compliance, system security control assessment, development of continuous monitoring program, configuration management and control, Interconnection Agreement development and compliance.
• Submarine Force IAVM Information Assurance Vulnerability Management Program - Manager, SME
• Submarine Force PKI implementation, planning, policy - Manager, SME
• Submarine Force Command and Control - Manager, SME
• Submarine Force Certification and Accreditation to DITSCAP, DIACAP and DoDIIS requirements - Manager, SME
• Submarine Force Wide Network Inspections Shore and Afloat - Manager, SME
• Submarine Force IS Policy, Documentation, Training, Planning, Metrics - Manager, SME
• Member DoD IAWG Information Assurance Working Group Developing DoD 8500-1M impacts
• Member Navy IAWG Provide validated requirements and provide priority to Navy IA implementation
• Member COSG Development Working Groups interacting with Contractors/Program Offices to provide Leading Edge IT solutions that meet requirements and recommend acceptance IA SME DoD IIS, DITSCAP, DIACAP, HME, Verification and Validation IV V .
• SWFTS federated architecture incorporating a multi-level SCI, Secret, Confidential periods processing environment, DoDIIS, DIACAP standard IA, C A, process and development review- Customer acceptance.
• Submarine Smart Engine Room Project Started the nuclear reactor room Smart Engine Room project to decrease man power requirements through supplementing with IT innovation and continuous remote monitoring of all aspects of the engine room and nuclear reactor spaces. Focus of my participation: Operational/business requirements, IT requirements, IT Security requirements, Submarine liaison to NCR and NAVSEA-08 Nuclear Power , approval and oversight of the Submarine Program Executive Office execution of the IT portions of the project through the subordinate Program Management Offices.

Confidential

At COMSUBFOR focused on command and control IT and tactical systems development specific to the Navy and Intel communities with embedded and compliant security. This involves the development of technical and security architectures to deploy managed security systems. The technical security architectures included routers, firewalls, VPN's, host and network IDS. Created System Security Authorization Agreements SSAA for Submarine Force, writing Policy, provide customer user input and signature on all Submarine IT projects from SPAWAR, NAVSEA, NAVAIR adhering to the DITSCAP, DoD IIS and NIACAP processes to include acceptable mitigation policy and procedures.

Project Manager

• Executed primary contact point for Program Managers representing the Submarine Force as the customer speaking for COMSUBFOR three-star organization. Managed the overall contract effort and made decisions on as the customer and COTR relating to contract performance. Primary point of contact for COMSUBFOR, requirement officers and Government managers, for all IT and security related development. Evaluation of performance, problem resolution, defines and interprets objectives and priorities, provides coordination and assigns projects and duties, defines and capture risk designs and implements strategies to reduce and mitigate associated. Maintain Oversight of projects and schedules using Microsoft Project and submission of weekly status reports to the Commander of U.S. Forces Submarines.
• Key player in a 35 person workforce to plan and execute all submarine operations in the Atlantic, including safe submarine routing and water space management, operations directives for actual and training events, and strategic operations.
• Helped develop the Submarine Force Campaign plan the first integrated global plan for submarine deployment.
• Assisted the development of integrated asset management system including development and fielding of the first online deployment schedule that dynamically integrated vital modernization plans, National/ Strike Group deployments, maintenance, and training. The asset management product and its processes were adopted as Fleet standard.

Test Manager

Managed the Test and Evaluation phase CT E team - responsible for creating test scripts and certifying new IT solutions, and site certification. Managed Testing of all new Navy IAVA software patch , validating script implementation.

Confidential

Lead Advance Network Administrator supervising a team of three for 120 users, four domains, eight servers, sixty workstations, two Cisco Routers, two Xylan Switches, Dell Power Edge 4200 raid server, TAG Raid Server, Dell Optiplex desktop computers, Dell Latitude Laptops, Panasonic CF-47, 48, 50 Laptops.

Fire Control Division Officer

• Led Fire Control Team including Tomahawk cruise missiles strikes during Operation Iraqi Freedom. Coordinated strike efforts with Launch Area Coordinator, Battle Group and multi-national forces.
• Upgraded security level of networks from CONFIDENTIAL to SECRET meeting C A requirements of DITSCAP process
• ISSM Information Security System Manager
• Upgraded security level of networks from CONFIDENTIAL to SECRET meeting C A requirements of DITSCAP process
• Adviser to DAA on meeting all Information Security requirements and regulations
• Maintained all networks in compliance with DoD and Navy directives
• Wrote all local policies and instructions for meeting DoD and Navy directives
• Wrote local SSAA documentation to meet DITSCAP requirements
• Implemented industry best practices
• Provided Network Administrator, DAA and 120 User's training

Confidential

• Assistant Leading Petty Officer in charge of a division of 8 technicians
• Local Area Network Administrator
• ISSM Information Security System Manager
• Managed three major software releases

Confidential

• Lead Instructor for Command and Control Junior Officer Missile Course 10 days revamped outdated course to meet Fleet and training Submarine needs. Obtained Type Commander's concurrence of new Command and Control course curriculum.
• Instructor for UYK-7 computer Digital Theory, Maintenance, Troubleshooting course 58 days
• Instructor for Auxiliary Plots course 5 days
• Lead Instructor for C4I Command and Control, Communications and Management course 5 days
• Instructor for Tactical Simulation labs Fire Control weapons and Launching systems
• Instructor for Perspective Commanding Officer's. This course is personally led by the COMSUBPAC Type Commander Two-Star for O-5 and O-6 evaluation to become a Submarine Captain. This course has a 75 student drop rate.

Confidential

• Assistant Leading Petty Officer in charge of a division of 7 technicians
• Performed, directed, scheduled maintenance on computer systems using 3M PMS
• Prepared, managed, scheduled, developed and provided training

Confidential

• Section Leader for 200 man watch team: maintained scheduled and supervision
• Administrative Support Unit Physical and Personal Security Services