Summary:

• Systems Security Engineer
• Information Assurance Specialist
• Certification and Accreditation C A Engineer
• ISSO
• IATO and Authority to Operate
• IT Security Policy and Procedure Compliance
• Security and Privacy Standards
• Certified Information Systems Auditor
• Project Management Professional
• Active Top Secret Clearance
• Experience in ST E reviews, Security Plans, Risk Assessment, Contingency Plans

Confidential

Quality Assurance Analyst

• Improved Program Management Office processes within Department of Energy's review and comment on Cyber Security and Information Assurance Interagency Working Group, NIST, Whitehouse National Security Staff, and Department of Homeland Security Information Assurance plans, strategy, guidelines, and pre-decisional executive orders. Developed process defect measurement to support implementation of PMO transformation focused on achievement of improved results.
• Performed review and comment on Cyber Security and Information Assurance Interagency Working Group, NIST, Whitehouse National Security Staff, and Department of Homeland Security Information Assurance plans, strategy, guidelines, and pre-decisional executive orders.

Confidential

Information Assurance Analyst

• Prepared process documentation for Defense Logistics Agency, covering SAP financial system access controls, change controls, disaster recovery, help desk, technical infrastructure, and application problem management. Reviewed and recommended improvement of functional specifications, internal control implementation and design, data mapping, and edits and validations for key controls over financial application systems.

Confidential

Information Systems Security Officer

• Developed Certification and Accreditation documents including security flaw remediation implementation for Homeland Security Investigations intelligence systems, Immigration and Customs Enforcement, Department of Homeland Security. Directed the activities of the ST E team's application system and technical infrastructure systems security assessment from planning to generation of systems engineering solutions addressing IT security findings of vulnerabilities. Wrote and directed the implementation of the plan of action and milestones POA M mitigation plans. Developed security plans detailing Intelligence System's system specific security safeguards, operating characteristics, and technical IT system internal controls needing to be implemented. Wrote the certification package.. Wrote and tested the application systems contingency plans. Performed technical vulnerability assessment, logging and monitoring, security incident handling, and other information assurance activities. Developed and implemented IT monitoring systems and procedures. Oversaw and conducted table-top disaster recovery exercises for application systems. Approved all changes to IT infrastructure and application systems. Planned and oversaw migration to real-time mirrored data disaster recovery. Experienced using RMS and Trusted Agent FISMA tool sets, monitoring compliance with the DHS 4300A Sensitive Systems Handbook, FIPS 200, 199, and NIST 800 series Special Publications, including 800-53, 800-53A, 800-18, 800-30, 800-60. Conducted application systems security vulnerability testing using automated tools and manual testing.

Confidential

Information Security Assurance

• Accomplished significant forward changes in computer security posture enterprise wide. Conducted forensics investigations involving IT security breaches. Developed hardware and software product selections and security feature configuration plans for Metropolitan Washington Airport Authority and their third party contracted IT service providers. Directed completion of corrective actions, including encryption of data. Performed single sign-on planning. Assisted in planning and implementation of Tripwire and Sourcefire monitoring solutions. Selected targeted areas for review, initiated and managed technical information systems reviews from start to finish. Evaluated alternative means of correcting discovered vulnerabilities. Held kick-off and exit meetings, wrote audit reports, maintained policy, procedures, and audit standards. Execution of technical vulnerability NMAP and NESSUS scans.

Confidential

Information Technology Audit Supervisor

• Managed information systems audits for Inspector General Federal government clients: Federal Communications Commission, Environmental Protection Agency, DC Courts.
• Execution of technical vulnerability assessment with NMAP and NESSUS FISMA scans in support of certification and accreditation. Evaluated potential solutions and developed mitigation plans.

Senior Consultant, Global Public Sector

• FISMA financial audit and information technology controls mitigation recommendations and provided quality assurance.
• project management for deployment of automated audit trails and automated reconciliation of detail sub-ledgers to the general ledger. Assisted with planning and implementing application system regression tests. Executed quality assurance services in support of the CMMI certification of a large development team. Experience with Informatica and Serena software tools.
• financial restatement and current financial reporting Sarbanes Oxley 404 IT control testing. Performed information security reviews and risk assessment. Identified gaps in internal controls, and developed remediation measures based upon analysis of alternative solutions to information security weaknesses. Recommended security software products and configuration changes. Areas covered included review of regression testing results, access controls, change controls, segregation of duties, and logging and monitoring. Special assignments included reviews of general computer controls specific to Unix and Tandem operating system platforms and their hosted computer application systems.
• information technology A-123 control assessment for HUD, including certification and accreditation review based on NIST security control requirements Special Publication 800-53 . Developed the test approach, documented the control environment, identified issues for remediation and wrote the information technology section of the A-123 report, including alternative mitigation actions. Recommended configuration changes.

IT Audit Sarbanes-Oxley Consultant

• Conducted Sarbanes-Oxley IT security reviews of the effectiveness of internal control over financial reporting Section 302 404 of the Sarbanes-Oxley Act . Performed general controls audits, including risk assessment, controls documentation, test preparation, access re-certification, user provisioning, and controls testing. Areas of focus included technical access controls, network security test plans, change control, physical facilities security, operating system integrity, and disaster recovery testing. Responsible for designing Sarbanes-Oxley compliance methodologies for multiple Fortune 500 clients. Developed configuration changes and recommended security software alternatives to meet the need for security controls. Conducted reviews of client's IT infrastructure and supporting procedures to identify SOX related risks, vulnerabilities, and remediation. Developed and executed detailed audits to review controls over application development processes. Audited IT controls of a Microsoft SQL Server environment.

IT Specialist/ Risk Manager

• Experience with implementation of security control over SQL injection and cross site scripting, and conducted forensics investigations. Provided daily technical security management of production network security systems such as firewalls, intrusion detection, antivirus, patch management, data encryption. Evaluated operating system, database, and network configurations for security vulnerabilities, threat sources and risks. Identified mitigation steps and procedures, allocated resources, selected intrusion detection products and directed mitigation efforts. Performed SAS analytics data mining business analytics security testing. Produced information assurance security plans, risk assessments, and contingency plans. Used MS SharePoint for version control of certification package components. Managed a team of information security professionals implementing the IT security program, network security operations and FISMA reviews of IT security controls. Directed the deployment of IT security measures and re-tested again to ensure implementation was successful. Assisted in development and implementation of contingency plans. Implemented self-audits and in-house web-based software development self-testing, access re-certification, and user provisioning. Developed IT security benchmarks and metrics. Developed and implemented intrusion detection system continuous monitoring. Researched and deployed security control products and services. Designed and implemented system-based controls. Recommended process changes to reduce information technology risks, uncovered root causes of security problems, and improved communication of roles and responsibilities. Surveyed/ evaluated vendors and solution providers. Developed forecasts of new security vulnerability exposure. Presented written analysis of IT security market trends, information security vendor functional fit to requirements, and implementation best practice. Consulted with parent organization on policy development and exercised leadership over policy implementation. Experience with Citrix, SAS data marts, Active Directory, Microsoft Windows network, .NET, Xiotech. Also, experience with OCTAVE risk and control assessment, Xacta IA Manager, SecureInfo, Foundstone, Bindview, Nessus vulnerability scanner, SPI Dynamics WebInspect web application vulnerability scanner.

Systems Security Engineer Project Manager

• Managed team of 24 systems security engineers and analysts working on reviewing, critiquing the implementation of security products and practices. Reviewed Federal IT systems software using manual tests of host and network configuration of UNIX, MS Windows. Utilized Internet Security Systems' ISS Internet Scanner, and ISS' Database Scanner to audit system software and Oracle database and network security configuration. Assessed capability maturity level of Federal Civil Agencies as part of the NIST sponsored FISMA then GISRA assessments, and wrote mitigation options report. Used in depth knowledge of FISCAM, National Information Assurance Certification Accreditation NIACAP , GISRA, and NIST special publications to plan and perform reviews. Developed recommendations for computer security control improvement for the Federal Emergency Management Agency FEMA , the Department of the Interior DOI , Environmental Protection Agency EPA , National Science Foundation NSF , and United States Patent and Trademark USPTO . Improved the security posture of Federal Government enterprise-wide security programs and integrated superior security performance within the life cycle for EPA, NSF, and USPTO. Devised a patch management process and a system security lifecycle process for NSF. Experience with access re-certification, user provisioning, certification and accreditation of networks and major applications, including security tests and evaluations, FIPS publication encryption for NSF and USPTO.

Senior Information Assurance Engineer

• Initiated an internal audit/ quality control self-review and security program at the Health Care Financing Administration HCFA now CMS covering vulnerability assessment, access re-certification, user provisioning, risk assessment, review of security controls, and security program planning. Identified sensitive information stores and data in transit. Initiated project to re-authorize authentication and access control. Planned and conducted HIPAA, FISCAM based reviews and developed alternative remediation strategy for external audit findings. Wrote and influenced adoption of key security policy and procedure changes. Instrumental in strategic planning for successful implementation of emerging technologies. Researched, planned, and developed HCFA's HIPAA compliant Enterprise Information Technology Security Architecture governing future information technology deployment. SABSA and FEAF based IT security architectural expertise.

Systems Engineer

• Reviewed security of Lockheed Martin Corporation's human resources, benefits/ payroll administration system. Conducted survey, performed gap analysis and developed security requirements. Coordinated security control integration of PeopleSoft HR benefits/ payroll with existing legacy and SAP ERP systems.

Senior Technical Information Systems Auditor

• Experience with advanced data extraction techniques. Recreated complex financial application logic. Wrote and maintained Audit Command Language ACL data analytics scripts in support of year-end financial audit. Identified established business rules and re-performed control activities and financial system calculations on physical assets. Compared results of internally developed scripts to the financial application results. Developed tools for security access reporting. Conducted IT infrastructure and technical systems technology audits. Performed technical computer security research, analysis and internal audits of computer security controls. Developed white paper for senior management comparing the security assurance capability of Windows network operating system and UNIX. Audited SAP basis controls. Formulated evaluation approach and conducted electronic commerce systems development audits.