SUMMARY:

• Confidential has 20+ years of Information Security, information technology (IT), systems engineering and technical information security experience supporting a broad range of programs, systems/applications in commercial, federal civil, and DoD environments. He has used his information security/assurance, systems engineering and IT skill set to lead and support numerous efforts in programs/projects, an abbreviated list of Confidential ’s extensive federal agency program/project experience includes
• HHS (NIH, PSC, CMS, FDA, etc.), DoD (Army, Navy, Military Health System/Tricare, DLA, etc.), DOJ, DHS, DOL, DOT, Treasury, DOI, DOC, etc. Confidential extensive commercial/industrial sector experience includes: Health Care, Entertainment, Chemical/Petroleum, Pharmaceuticals, Financial, Technology, etc. holds a Bachelor Science Degree in Electrical Engineering from Washington University in St. Louis and is a Certified Information Systems Security Professional (Cert # 307622).
• 20+ Years total IT /IT Management experience
• 10+ Years IT Security/Information Assurance/Infosec. Auditing Experience
• Extensive Technical Program and Project Management Experience
• Extensive IT Security Consulting Experience and Enterprise and Security Architecture Experience (Zachman Framework, TOGAF, DoDAF, etc)
• Exceptional System and Software Engineering, Design, and Development Skills
• Multiple Platform Expertise (Windows\Linux\Unix\Mainframe and Cloud Infrastructures)
• Multiple ERP/Business Applications (SAP (R/3 and ECC 6.0), PeopleSoft, Oracle ERP, Oracle BRM, Oracle AERS, SOA, etc.)
• Excellent Communications/Customer Service, Interface and Problem Solving Skills
• Proficient at developing and executing strategic and tactical IT/IT Security plans
• Extensive IT Security Management/Engineering and IT Security Operations Experience
• Cloud Service Provider Security (e.g., Amazon Web Services (AWS))
• Secure Software Development Methodologies (S - SDLC)
• Access Control and Identity Management
• Information Assurance/IT Security Consulting
• Enterprise Security Architecture/Engineering Development and Analysis
• SOX, PCI DSS, COBIT, ISO 27001, ISO 2 799), ISO 27005, HIPAA and FISCAM/FISMA Compliance; FEDRAMP, NIST, and NIST /FIPS 199
• Security and Accreditation (NIST/DIACAP), NIST and
• IT Security Compliance Tools (eMASS, Trusted Agent, RMS and CSAM)
• Penetration Testing/Vulnerability Scanning and Assessments
• Infrastructure, Web, Database and Application Security
• Data Loss Prevention (DLP), Web Services and Source Code Testing/Review
• Web, Database and Network Security Engineering
• Security Programs/Policy Development and Management (IT Security Governance)
• NOC/SOC Development/Management (incident response, intrusion detection, etc.)

PROFESSIONAL EXPERIENCE:

Confidential

Sr. Security Architect/Sr. Principal IT Security Consultant

Responsibilities:

• Clients/Projects listed below ( ) were work performed via corp-to- corp (C2C) or subcontract agreements with Confidential LLC.

Confidential, Reston VA

Responsibilities:

• Subject Matter Expert and Lead Security Architect for the development and implementation of Secure System Development Lifecycle (S-SDLC), Service Oriented Architecture (SOA) and Webservices Projects. ERP/SAP, Cloud Computing and migration to milCloud/FEDRAMP/AWS, SAP GRC/Access Control, SAP Application Security/Authorizations, Oracle IAM, Oracle Directory Service and Microsoft Active Directory. Project Lead for development of secure coding and S-SDLC techniques for SAP (ABAP/4 and Java) and eSOA applications. Developed security/control gates for software development lifecycle (traditional waterfall and agile development efforts). Lead security architect for the development and implementation of platform and infrastructure security projects for DLA’s Enterprise Business System (EBS). DIACAP, NIST and RMF Security Authorizations and security metrics efforts.

Confidential, Falls Church VA

Responsibilities:

• Architecture Development and Review. Completed several PHI/PII discovery, monitoring and management efforts in support of DLP implementations. DoD Policy Development, Review and interpretation. IA Best Practices and Development Vulnerability Scanning (Retina, Gold Disk, Unix and Oracle SRR scripts, etc.). Infrastructure, application, source code, and web services vulnerability reviews. IT Security Program Evaluations and SOA Security Assessment and Reviews.

Confidential, Washington DC

Responsibilities:

• Enterprise-wide Security Architecture development using TOGAF as baseline, PCI DSS Compliance support efforts, IT Security Policy Development, ISO 27001/ISO 27002/NIST Control reviews. Credit Card data and PII discovery, monitoring and management techniques. Data Loss Prevention (DLP) recommendations and review (Symantec DLP, OpenDLP, CA DataMinder and Control Case). Symantec outsourced IDS and SIEM implementation review and recommendations. Firewall audits and Web Application vulnerabilities (OWASP top 10) scanning/remediation. SOX Compliant Access Control/Provisioning (Courion IAM), SolarWinds

Confidential . Rockville, MD

Responsibilities:

• IT Security requirements development; Application, Database and Network Security Engineering and Project Management; Access Control and Identity Management (Oracle SSO and Active Directory integration) FISMA Compliance, NIST and NIST Based Security and Accreditation (C&A), Data Loss Prevention (DLP) tools/techniques/policy development (Websense), PII/PHI discovery tools, Vulnerability Scanning/Testing and Remediation and Secure Windows and Unix baseline configuration development. System Security Plans (SSP), Risk Assessments, and COOP development.

Confidential, Vienna VA

Responsibilities:

• PCI and SOX Compliance reviews, Federal IT Security and Accreditation (NIST revision 1) effort for a multi-agency (federal & state governments) web based application. NIST revision 3 Control Testing and Web Application Security Penetration Testing (OWASP top 10) support. Privacy Reviews/Impact Analysis, POA&M Management and IT Security Vulnerability Scanning and Penetration Testing.

Confidential, Washington DC

Responsibilities:

• IT Security Consulting supporting the Department of Labor’s IT Security Program. Primary Duties: IT Security Program Management, FISMA Compliance/Reporting, NIST Control Testing, A-123/FISCAM Controls Testing, and NIST based and Accreditations (C&A). Privacy Reviews/Impact Analysis, POA&M Management and IT Security Compliance Tools (CSAM) use. Websense implementation/management, Vulnerability Scanning and Penetration Testing. NIST Revision 1 transition planning and support.

Confidential, Fairfax VA

Responsibilities:

• Provided IT Security, Privacy Consulting and Governance Services, to Federal Government Clients. Duties included: IT Security Program Management, FISMA Compliance, NIST and NIST and DIACAP Based and Accreditations (C&A). Privacy Reviews/Impact Analysis, IT Security Compliance Tools (Trusted Agent, RMS and CSAM), Security Architecture Reviews and Software and System Security Engineering. IT Security Process and Procedure Improvement/Development, Systems Development and Design/Engineering. Enterprise Architecture, Program and Systems Requirements Development and Review. Program and Project Management, Software Engineering and SOA/Source Code Review (security vulnerabilities).

Confidential, Reston VA

Responsibilities:

• Information Assurance consulting services to Department of Homeland Security’s Immigration and Customs Enforcement (DHS\ICE) component. This encompasses the following: Technical Team and Programmatic Leadership for a staff of 20 Risk Analyst, IT Security Program Management, FISMA Compliance, NIST / and DIACAP Based and Accreditations (C&A). IT Security Compliance Tools (Trusted Agent, RMS and CSAM), Privacy Reviews/Impact Analysis, Enterprise (Zachman Framework, TOGAF, etc.) and Security Architecture Review/Integration and Software and System Security Engineering. IT Security Process and Procedure Improvement/Development, IT Security Vulnerability Testing (infrastructure, application, code reviews, web services, etc.), SOC review and IT Security Program Evaluations. SOA Security and C&A efforts.

Confidential, Arlington VA

Responsibilities:

• Principal Security Consultant/Program Manager Supporting the Department of Justice (DOJ) and Drug Enforcement Administration (DEA) Information Technology Security Programs.
• Primary Duties: Project and Team leader for a staff of eight (8) IT security analysts/engineers. Provided Information Assurance Consulting, FISMA Compliance and Risk Management, Security C&As (NIST/DIACAP) and IT Security Compliance Tools (Trusted Agent and CSAM), Vulnerability Scanning and Assessments, Privacy Impact Assessments (PIA), Change
• Control/Configuration Management, Application Security Testing (White/Black Box Testing)/System Security Consulting, Web, Database and Network Security Engineering, Security Programs Development and Management (IT Security Governance); Security Architecture Analysis and Engineering, Security Product Evaluations.

Confidential, Arlington VA

Responsibilities:

• Principal Security Expert in support of SAIC’s, DEA Information Security Services Contract. Consulting expertise was provided in the following areas: Project and Team Leadership for a staff of 15 IT security analyst/engineers; IT Security Governance, Information Security Program Development/Management, Information Penetration Testing and Vulnerability Assessments, C&A Activities, IT Security Compliance Tools (Trusted Agent and CSAM), FISMA Compliance, Security Engineering/Architecture Analysis, Secure Software and Application Development Techniques, Security Policy and Guidance Development, Network Securit
• Engineering, PKI and HSPD-12, Wireless Communications Security, Web Services, Network, Application and Database Security Techniques, Secure Code Development Techniques, Security Testing Techniques, and IT Security Requirements for Software/System Development Efforts. Security Team, Development and Management; Security Product Evaluations; Security

Confidential, McLean, Va

Lead Information Systems Engineer

Responsibilities:

• Project Manager/Team Lead for various DOD Information Assurance activities: Common Access Card and PKI programmatic and technical lead; DISA, Pentagon and Joint Services Network and Security Engineering Projects, Security Operations Center (SOC) Development and Management; System, Application and Telecommunications Architecture Design and Analysis, Enterprise Resource Management Techniques, SAP/GCSS-A, Computer and Network Security; Information Systems Engineering, Web and Portal Based Technologies, Fault Tolerant Computing Systems, Enterprise Architecture Development (DoDAF, Zachman Framework, TOGAF, etc.); Strategic and Tactical IT Planning,. Security White Paper and Position Paper Development.

Confidential, Lanham, Md

Program Manager/Senior Principal Systems Engineer

Responsibilities:

• Primary duties were focused on Program/Project Management activities that supported “state-of-the-market” technology insertion into the Federal Aviations Administration’s (FAA) National Airspace System (NAS). The NAS is also known as the Air Traffic Control System. Responsibilities related to this effort included the following
• Program and Project Management, IT acquisition strategy planning and recommendations, Web Based Technologies, Software and System Development, Integration, and Methodologies; Communications Infrastructures, Client-Server Integration, Information/Network Security, System and Network Management Technologies and Architecture Development.

Confidential, Bethesda, Md

Sr. Principal Information Technology and Network Consultant

Responsibilities:

• Provided IT and Network Infrastructure Consulting Services to various Confidential . Commercial, Federal, State and Local Government clients in the following areas: Computer, Communications and Telecommunications and Network Engineering; Enterprise-wide Computing, Client-Server Computing, Telecommunications and Communications Integration. Technical Project and Program management, Data Center Development and Management, Network Control Center Operations, Security Operations and Business Continuity Planning; Web and Database Management System Design and Development, Storage Management (Large System and Server Based) Methodologies and Integration; Network and Computer Security.

Confidential, McLean, Va

Program Manager and Senior Telecommunications Engineer

Responsibilities:

• Primary Duties: Project and Program Planning and Management for Telecommunications Equipment and Services Provisioning. Network Engineering and Acquisition Planning for GSA’s Telecommunication’s contracts. Provided extensive program management support for GSA’s Contract vehicles

Confidential, Bethesda, Md

Senior Project Engineer

Responsibilities:

• Project and Technical Team Lead in the planning, design, development, and implementation of an Enterprise-Wide Network. Developed Network Operations Center (NOC) concept of operation and supported the design, planning and implementation of NOCs to multiple geographically separated locations.