OBJECTIVE:

A Senior Information Technology Security management position where I can effectively utilize my expertise in certification and accreditation, risk management, personnel management, technical analysis, research and development of information systems to insure mission success.

SUMMARY:

Over twenty eight years of experience in the Information Security (INFOSEC) field. Professional INFOSEC experience consists of providing Information Security services to Department of Defense clients and other Federal Civil Agencies. Have experience with INFOSEC, Cyber, FISMA, DIACAP, DITSCAP Certification & Accreditation (C&A),Oracle Database design, Common Criteria (CC), DISA STIGs, Department of Defense, USMC, Army and Air Force, Department of Treasury, Department of Interior, Department of Justice, and NIST methodologies. Responsible for analyzing the technical and functional needs of a customer and then providing appropriate security recommendations so the customer can meet identified guidelines to ensure accreditation of computer systems. DoD IAM Level III qualified. I am a holder of the ISC2 Certified Information Systems Security Professional (CISSP) certification since 2001.

PROFESSIONAL EXPERIENCE:

Confidential,Charleston, SC

Information Assurance Engineer

Responsibilities:

• Information Assurance Vulnerability Manager for the Sotera/SPAWAR GCSS - MC Team responsible for assuring and tracking compliance and coordinating IAVM status and responsibilities between different contractors and the government.
• Perform IA inspections, tests, and reviews of GCSS Marine Corps systems using DISA Gold Disk, Retina, Nessus, DISA SRR Scripts, DISA Manual STIG checks, and the documentation of personnel interviews and document reviews.
• Performing compliance monitoring, review the results, and provide mitigations or corrective recommendations for Engineering Teams to evaluate for implementation .
• Review Oracle Database vulnerabilities and document them. Work with the DB team in developing fixes and mitigations for the databases.
• Produce, develop, update, and maintain multiple Plan of Action and Milestones, report compliance and actions into DoD/DoN Tracking Systems (OCRS, VRAM, eMASS, and VMS), ensuring compliance with DoD and DoN Standards for the Certification and Accreditation of DoD Information Systems.
• Secure and maintain appropriate security posture of operational and developmental GCSS family of systems.

Confidential, VA

Senior Information Assurance Engineer

• Providing Information Assurance support to the MCSC Product Group 10 for the PM MCNIS for the Regional Support Services contract for the Quantico G-6. Providing support to the G-6 IA Manager during the transition from contractor operated to government operated network. Assisting in the development, implementation and management of IA policies, documentation, certification and accreditation process (C&A), standard operating procedures (SOP) and cyber assessment analysis. Provide internal IA SME support for SURVICE Engineering as required.

Confidential, VA

Senior Information Assurance Engineer

• Working for the Prime Contractor (Oracle) as they develop the GCSS-MC system and helping their Information Assurance team review the program to ensure it meets the customers’ requirements. Reviewing and commenting on IA policies, assisting in the correction of the IA policies and procedures. Also, duties included reviewing testing procedures and assisting in the testing of the GCSS-MC system. Duties also included working with the various engineering and Oracle Database teams to help them solve the various IA vulnerabilities that would appear.
• In Aug 2011, I was assigned as the IA Team Lead for a new sub-project of the GCSS-MC System. As the IA Team Lead I was responsible for ensuring the accreditation of a new sub-system that will include Automated Identification Technology (AIT) using Radio Frequency Identification (RFID) technology. Developing the C&A packages and associated documents and policies that will all this AIT project to connect to the GCSS-MC Enterprise System. Working closely with the Oracle Database Developers and System Architects to help them understand the IA requirements and to help solve any of the IA vulnerabilities early-on to keep this fast moving project on schedule.

Confidential,VA

Senior Information Assurance Officer

• The Senior Information Assurance Officer responsible for leading and supporting the DIACAP C&A efforts and FISMA compliance efforts for over 70 systems in accordance with Army Regulation 25-2, DoDI 8510.bb (DIACAP) DoDI 5200.40 (DITSCAP), DoDI 8510.1-M, DoDI 8500.1 and DoDI 8500.2. I managed extensive evaluations of major information security networks, and as the Senior Government team lead, would prepare evaluations reports and present recommendations to Program Managers and Sr. PEO EIS Staff. I was the personal IA Subject Matter Expert for over 60 PM/PDs providing research and answers on a wide variety of IA subjects.
• I was in charge of developing, coordinating and reviewing IA policy for implementation by PEO EIS and PMs. Conducted trade off analyses of products to help PMs determine optimal information security solutions.
• Developed a milestone process that kept senior leadership apprised of all systems C&A efforts. This enabled the leadership to step in when needed to get the C&A effort back on track rather than waiting until the DAA had to approve extra time or they did not receive an accreditation.

Confidential, VA

Site Manager

• I was Senior Information Assurance Officer at the US Army’s PEO EIS Office of Certification & Accreditation responsible for an office of 6 people. Leads and supports DIACAP C&A efforts for over 90 systems in accordance with Army Regulation 25-2, DoDI 8510.bb (DIACAP) DoDI 5200.40 (DITSCAP), DoDI 8510.1-M, DoDI 8500.1 and DoDI 8500.2. Manages extensive evaluations of major information security networks, prepares evaluation reports and presents recommendations to Program Managers and Sr. PEO EIS Staff.
• Conducts trade off analyses of products to help PMs determine optimal information security solutions. I was the IA Subject Matter Expert for over 40 PMs providing research and answers on a wide variety of IA subjects.
• Develops, coordinates and reviews IA policy for implementation by PEO EIS and PMs. Improved the C&A % of PEO Systems from 60% to 90%. I received recognition from SES for my contributions. I was the On-Site Manager for Confidential, VA, responsible for managing CACI personnel, developing contracts and maintaining customer satisfaction.

Confidential, VA

Principal Computer Systems Security Technologist

• Information Assurance (IA) Team Lead, responsible for the Certification and Accreditation (C&A) effort including testing and certifying, a secure and global Ballistic Missile Defense System (BMDS) communications system, in accordance with of DoDI 5200.40 (DITSCAP), DoDI 8510.1-M, DoDI 8500.1 and DoDI 8500.2. Duties include performing Certification Test and Evaluations and vulnerability audits in support of Type and Site accreditations.
• Lead Certifier using Nessus, NMap, Saint and other vulnerability assessment tools. Performed research, analysis and documented IA related vulnerabilities. I participated in site surveys, installation and checkout activities. I also developed, maintained and tracked System Security Authorization Agreements (SSAA) and Interim Authority to Operate (IATO) /Authority to Operate (ATO) documentation.

Confidential,VA

Sr. Information Assurance Engineer

• Responsible for providing information security and assurance, information assurance policy, risk management, vulnerability and threat analysis, and program management support to the federal government and commercial firms. I led program plan development, policy analysis, development of policy, implementation of guidance and DITSCAP Certification and Accreditation activities for DTRA Cyber Security and Counter Intelligence Division. He also led the effort at a Federal Government Agency, providing NIST 800-37 certification and accreditation of Information Systems, developed Contingency Plans and templates for future contingency planning and E-Authentication planning for agency systems.

Confidential, VA

Information Assurance Engineer

• I developed Information Assurance products for Federal Government clients. I also helped assess the security of automated information systems. Collaborated with Federal and Military clients to develop and implement security policies, plans, and strategies. Assisted Federal and Military clients in the design and development of integrated security system solutions, and recommended solutions that ensure systems are protected.

Confidential, HI

Information Assurance Manager

• I was responsible for the protection of information, processes and equipment in the automation and telecommunications environment. Formulated, published and disseminated information systems security policy and procedures. Advised and assisted commanders, staff officers, and security managers in all areas of information systems (IS) security. Conducted risk assessments to determine vulnerabilities and recommended countermeasures to be implemented based on DISA STIG requirements.
• I implemented the DITSCAP certification and accreditation process and ensured all systems were accredited prior to data processing and reaccredited in accordance with the DITSCAP policy.