Information Technology professional

A detailed-oriented professional with an extensive knowledge of various Information Assurance methodologies to include Defense Information Systems Agency DISA DoD Information Assurance Certification and Accreditation Process DIACAP and National Institute of Standards and Technology NIST Federal Information Security Management Act FISMA processes. Demonstrated ability to function keenly as a team player as well as work independently.

Confidential

Duties and Responsibilities: Performed daily compliance management duties for Blue Cross Blue Shield of South Carolina TRICARE North and South regional contracts. Technical duties included: tracking of DoD Information Assurance Vulnerability Alerts IAVAs and patch implementation. Ensured weekly vulnerability scans with various DoD approved tools to include E-eye Retina, DISA Platinum Gold Disk, DISA AppDetective and other scanning software. Performed liaison with Cognizant Security Agencies for requesting information, security inspections, violations and abnormal events on AIS. Led a team of IA professionals in support of covered enclave systems. Coordinated with Client System Administrators to ensure AIS asset compliance. Researched and authored System Security Authorization Agreements Artifacts as part of the Defense Information Assurance Certification and Accreditation Process DIACAP methodology. Ensured corporate configured IT devices complied with DoD security controls.

Confidential

Position: C/Senior Systems Security Analyst

Duties and Responsibilities: In support of Cynergy's IA contract at theConfidential , provided support as the project lead for all COBRA IA activities responsibilities included developing the IA Plan of Action and Milestones POA M , providing the client with resource and cost estimates relative to IA technologies, participates in System Design Reviews SDRs , Critical Design Reviews CDRs , and In Progress Reviews IPRs , and documents IA concerns, and providing recommendations and remediation strategies. In addition, modified the COBRA Phase I System Security Accreditation Agreement SSAA and appendices associated with the C A process, plans, prepared and managed the Certification Testing and Evaluation CT E for the COBRA system prior to its deployment to the LCS Fleet , and conducted analysis of the CT E results. Also conducted quality control reviews of all IA artifacts for the client, in particular Risk Assessment and Risk Mitigation reports. Developed the Information Assurance Vulnerability Management IAVM program for COBRA, and managed the Configuration Management CM process in response to Information Assurance Vulnerability Assessment IAVA alerts, bulletins and task orders. Developed a Trusted Facilities Manual TFM for the program, which ensures that when deployed, all systems will operate in an environment that is compliant with the necessary security protections required for COBRA. Also developed and tested a comprehensive Continuity of Operations Plan COOP which will address contingency planning and disaster recovery options for specific, and reasonable threats to COBRA given its operational environment. Was also responsible for the development of the COBRA classification guide which clearly outlines the classification thresholds and marking requirements assigned to the data associated with, stored in, processed by, and transmitted within COBRA. In addition, reviewed system user roles, responsibilities and operating guides to ensure adequate compliance with security mandates.

Confidential

Position: Technical Manager

Duties and Responsibilities: In this capacity, served as the primary technical manager for a myriad of IA and IT initiatives. This included planning and coordinating the development of System Security Authorization Agreements SSAA for the Secret and Unclassified Networks prescribed by the DOD Information Technology Security Certification and Accreditation Process DITSCAP . Developed the DITSCAP POA M, identified resources, reviewed work products and analyzed process results for future process improvements. Through continuous coordination with stakeholders my actions were instrumental in both networks obtaining an Authorization to Operate ATO by the National Security Agency on time and within budget. Also managed and participated in building a secure command web server, subsequently developing a mitigation process which resulted in zero security findings during the vulnerability assessment phase of the C A for this server. Also oversaw daily system administration activities which included: managing DNS operations, coordinating activities relative to loading client workstations and securely configuring operating systems and application software, ensuring efficient help desk services were being provided to client sites, managing security scans, and security software upgrades, and creating procedures for the effective management of user accounts. Accomplishments included improved daily operations of network routers and firewall configurations for three networks encompassing 30 servers and over 300 client workstations, resulting in 99.6 network availability. In taking on the task of revising the command's technical resource database, was able to replace an unreliable system with a complete and 99.9 accurate database system for over 1000 pieces of equipment spanning a 60,000 square foot facility. The database became the repository for life-cycle-management and projected equipment expenditures.

Position: Project Manager Naval Information Vulnerability Assessment Program NIVAP

Duties and Responsibilities: In this capacity, was responsible for Certification Test and Evaluation CT E and Independent Verification and Validation IV V of IT systems supporting new submarine construction, Unmanned Aerial Vehicle and Tomahawk Cruise Missile development. Developed a documentation review process for all CT E artifacts and streamlined network vulnerability scan procedures which were conducted in conjunction with new system development. Conducted a review of all business processes related to these activities and subsequently consolidated or integrated processes ensuring no additional time was added to the project NSGA projects. In the areas of application security, oversaw Information Assurance testing for two Navy software programs. He ensured compliance with DOD Information Technology Security Certification and Accreditation Process DITSCAP and the National Industrial Security Program Operating Manual NISPOM directives and Commander Operational Test and Evaluation Force COMOPTEVFOR .

Position: Technical Manager Telecommunication Services, Information Systems Security Manager

Duties and Responsibilities: As the Division Chief, was responsible for project and technical management for the command. This included managing cross-functional teams in the planning and execution of all data, voice and video information distribution across the Southwest Asian Arabian Gulf Area of Responsibility using a defined life cycle methodology as well as a defined project management methodology. In this capacity, implemented equipment and personnel security standards in accordance with DCID 6/4 policies and DOD Information Technology Security Certification and Accreditation Process DITSCAP . Also created a new method of Air-to-Ground communications control allowing greater continuity and flexibility by granting control to ships closer to track of airplane. These changes resulted in fewer breaks in Air-to-Ground communications and more aircraft generated tactical reporting.

Position: Technical Manager Information Systems Security Manager, Special Security Officer, Information Technologies

Duties and Responsibilities: In this capacity, project and technical leadership career highlights include leading an 8 member IT center responsible for IT operations for seven departments spanning two geographical locations. Provided Executive-level staff support through tactical/strategic planning, IT requirements development and testing, procedure development, process measurement, and staffing. Developed IT security requirements, managed personnel security procedures, developed continuity planning and was responsible for the department's IT budget. Was successful in managing the completion of numerous C A efforts conducted in accordance to requirements established in the DOD Rainbow Series and Information Technology Security Certification and Accreditation Process DITSCAP .