OBJECTIVE:

Support security and data surety of government, industry, corporate, and personal information.

PROFILE:

• Solution - oriented, results-focused cyber security professional with solid, business/mission awareness of security engineering technology realities central to information protection compliance.
• Experience supporting simple and complex programs and projects at the Program Management Office and Program Executive Office levels.
• Strong analysis, troubleshooting and collaborative problem-solving skills with a proven track record of “success within budget
• Certified IT professional with 18+ years of experience in the field.
• Solution - oriented, results-focused with solid business / mission awareness of security engineering realities central to Information Security productivity and compliance.
• Strong analysis, troubleshooting and collaborative problem-solving skills with a proven track record of success in producing quality documents / protecting government, commercial/industry, and PII/PHI/PTI.

AREAS OF EXPERTISE:

• COV/VITA RSA ARCHER, KEYSTONE EDGE SERVICE-NOW, VAARNG CBRN

• FISMA - FEDRAMP - AWS
• Scanning Tools
• CYBERSCOPE - VRAM
• Legal Compliance
• Fed Acquisition - DoDAF
• Risk Management (RMF) eMASS / XACTA / CSAM
• Lifecycle Planning/SDLC
• Confidential /CNSS 1253-DSS
• POA&M Management
• ITIL & ISO 9000 series
• Quality Control
• FIPS-Security Compliance
• C&A / A&A
• Control Validation
• Disaster Recovery - COOP
• DIACAP to RMF
• PCI DSS - PKI/PKE
• Medical PHI - HIPAA
• EAL / NIAP
• NVD
• Confidential &E/DT-OT systems
• IOT Internet of Things
• Smart Control Systems
• Microsoft Office
• STIG / SRG / NISTR
• Defense In Depth
• EAL/NIAP/Best Practice
• Technical Writing & Curriculum Development

PROFESSIONAL EXPERIENCE:

Confidential

Responsibilities:

• Details of special deliverables and project accomplishments as Confidential Lead include:
• Refresh of Nessus Scanner and other tools / processes after many years of being forced into the canned reports from ePO and Tenable.
• Developed targeted environment scans for Confidential in support of the Mid Term Elections; as well as Virginia Department of Taxation & Virginia Department of Social Services to resolve overdue IRS Federal Audit findings - identifying broken McAfee signature databases, certificate problems, configuration problems, patch non-compliance, and unauthorized software.
• Discovered and analyzed urgent findings in support of State Agency workstations and servers (Previously unticketed, yet high and moderate risk issues) in time to remediate or mitigate the risk for Department of Elections, and Department of Taxation prior to urgent event windows.
• Cyber Security Assessment & Authorization, continuous monitoring, and CFACTS RMF Package Management / Reporting of FISMA security baseline compliance for CMS/ Confidential .
• The Baltimore Confidential contract paused because of a stop work order.

Confidential

Technical Writer

Responsibilities:

• Proposal Development for SEAPORT proposal supporting Confidential Sea Systems Command supporting Research & Developmental Test & Evaluation ( Confidential &E) Cyber Security.
• Temporary gap fill short task for Risk Management Framework baseline control for Platform IT Industrial/Maritime control system Cyber Security.

Confidential

Technical Writer

Responsibilities:

• Temporary gap fill for a person who was leaving US Patent & Trademark Office for Confidential .
• This included semi-manual Confidential 800-53 baseline compliance of RMF standards using Cyber Security
• Assessment & Management (CSAM) tools, STIG/SRG auditing, etc.

Confidential

Technical Writer

Responsibilities:

• Developed Confidential SEAPORT contract response to a solicitation for Confidential Surface Warfare Center, Dahlgren Division for Cyber Security on unclassified and classified networks.

Confidential

Responsibilities:

• Medical Devices and systems, transitioning the assessment and authorization of special purposed medical devices from DIACAP and medical platform IT to RMF.
• Collaborated with Confidential approved device manufacturers, DLA, and DHA cybersecurity IT procurement/sustainment to mitigate and document baseline tailored control compliance.
• Maintained DIACAP / RMF transition documents, artifacts, and POA&M vulnerability information including risk mitigation, remediation schedules and milestones. Entry of scan results, assessment procedure test results, and STIG/SRG results from the test/assessment plans.
• Applied tailored Privacy Act and HIPPA tailored baseline control sets of the Confidential SP 800-53, assessing raw risk that could not be remediated and documenting mitigations that reduced the risk to a level that the authorizing official would accept.
• Expert in management of EMASS or equivalent packages, artifacts, COTS vendor collaboration, inheritance and common control management resolving package inheritance and compliance issues via documentation of technical evidence or policy.

Confidential

Fully Qualified Validator

Responsibilities:

• Processed Test Results (Test & Evaluation Master Plan and System Assessments including scan and STIG/SRG results in EMASS Asset Manager, maintenance of package POA&M Raw and Residual risk entries and milestone schedules. Periodic Refresh of PIA and E-Authentication Memos.

Confidential

Fully Qualified Validator

Responsibilities:

• Sort term emergency task. Took an inadequate package from an IATO extension (2nd iteration) so that baseline compliance could be properly documented or POA&M’d with realistic milestones to achieve more than a temporary short-term authorization. The accomplishment was significantly thorough enough to gain the e-Votes necessary for a full (3-year) ATO even though the Navy had announced no full ATO’s would happen as the RMF Transition was scheduled to start.
• Pre-RMF identification of common controls allowed a modular technical writing approach to be utilized, reutilizing important resources and enabling critical suspense deadlines to be met.
• Accomplishments included pulling service ACAS scan info from external Ft George Meade DISA/ARL service providers, correctly categorizing findings to correct earlier package errors, manually mapping findings in EMASS, mitigating the raw findings and presenting residual risk to the Navy Certification Authority chain for collaboration review. This system was a package shipwreck where none of the test results met the assessment and validation procedure standards.
• Performed a 100% rebuild of the package to include repair of issues that could be fixed in time to meet the required submission date and refreshed POA&M entries of system and control level issues that could not be resolved by authorization termination (ATD), avoiding system disconnection and DATO.
• After subsequent ISSO and ISSM review, performed baseline validation and collaboration with the Confidential &E SCA & NAO and the package obtained a supposedly “impossible” three-year ATO within the allotted time window requirements.

Confidential

Fully Qualified Validator / ISSE

Responsibilities:

• Special short term onsite task supporting Submarine Warfare Federated Tactical System (SWFTS) TI-14 and SWFTS family, Afloat Platform IT and (System of Systems) under NAVSEA Echelon II.
• ONI and Confidential cross domain solutions including Radiant Mercury, legacy systems, HBSS and PKI waivers avoiding ‘stop-work’ orders at Electric Boat on Virginia Class Submarines.
• To meet short acquisition category 1 (ACAT) suspense dates, validated the required baseline compliance actions to POA&M vulnerabilities, weaknesses, and non-compliance with mandatory controls, mapping the path to ATO.

Confidential

Fully Qualified Validator / ISSE

Responsibilities:

• Maintained DADMS/DITPR- Confidential registrations, maintained eMASS packages for deployed and newly migrated systems.
• Served as IAO, ISSE/SME, Navy validator in support of Confidential -AA Echelon II staff.
• Collaborated with Navy SCA and NAO to bring compliance documentation into alignment with Navy Business Rules.
• Managed DIACAP migration of Confidential Audit applications from SSC Pac San Diego to MCB Quantico NCIS Russel Knox data center.
• Authored RFP responses for SEAPORT RFP supporting Confidential Sea Systems Command NAVSEA cyber security sustainment, system package documentation, for NSWC Confidential &E field activities.