SUMMARY:

• Results oriented professional with experience in management information systems and security. Proven success in coordinating and conducting working groups and developing technical documentation using data acquired from management, engineers and technicians. I have excellent planning, organizational and communication skills. I am capable of working in a fast paced environment, while prioritizing and executing multiple tasks. Dedicated to quality assurance, accuracy and customer satisfaction. Currently preparing for the CISSP exam
• Over 7 year’s progressive experience in the Information Technology industry. My work experience is complimented by a BS Degree Management Information System, Microsoft Certified Technology Specialist(Windows 7) and Comptia Security + and A+ .
• Experienced in writing and contributing to system security plans for complex information systems. I am also experienced in conducting security reviews and system audits. I have security and auditing knowledge of Windows operating systems. Experienced with development and implementation of security baselines for Windows operating systems.
• I am experienced in the roles of System Administrator, Network Administrator, and Information Assurance. I have thorough knowledge and experience in planning, implementing, and configuring Windows XP, Vista, 7 and 2000, 2003, and 2008 servers and workstations as well as strong server/pc migration, planning and implementation skills.
• I am proficient in installing, configuring, troubleshooting, and supporting midsize to large networks.
• I am also experienced in monitoring and maintaining accurate metrics on vulnerabilities for IAVA compliance.

TECHNICAL SKILLS:

NETWORKING: TCP/IP Configuration of Windows NT/98/2000, Experience troubleshooting LAN Connectivity problems, DHCP, DNS, and Ethernet

INTRUSION dETECTION sYSTEMS: Host - Based Security Systems (HBSS), Symantec Network Security 4.0, Qradar, Symantec Manhunt, Symantec System Center Console, Consolidated Event Database 4.6, ArcSight, Intruder Alert, Event Comb, Cisco, Sidewinder, Netranger, wireshark tOOLS: /Applications:MS Office Suite, Tivoli, NetMeeting, Radia, RSAM, Prism Patch Link, Norton Anti-Virus, Symantec Anti-Virus, McAfee Antivirus, Symantec Ghosting, VPN, REM, Qtip, Information Security Systems (ISS), ADT, DISA Gold Disk, Retina, Juniper Netscreen, ISS Scanner, Harris Stat Scanner, BDNA, Pstools, Etrust, Hercules, and VM Ware, C++, Java, Turbo Pascal, HTML, MS VisualBasics

DATABASE: Access, SQL, Remedy, Heat

OPerating Systems: Windows NT/95/98/2000/XP/Vista/ 7/Server 2000/Server 2003/Server 2008

PROFESSIONAL EXPERIENCE:

Confidential

Information Assurance Engineer

Responsibilities:

• Responsible for installation, configuration, integration, and maintenance of HBSS components and deployment of Agent modules and approved policies.
• Perform troubleshooting of HBSS components and applications when ePO policies are preventing application operations.
• Maintain the latest HBSS configuration to address known exploits using the Host Intrusion Prevention System (HIPS).
• Develop automated reporting dashboards within the existing ePO system to provide near real - time reporting of computer system compliance information and maintain overall visibility for all connected assets.
• Monitor the HBSS for alerts, assess and modify the HBSS operational parameters (filters, signatures, rules, etc.) when requested.
• Provide subject matter expertise for applying STIGs and other HBSS operational requirements and configuration guidelines to the ePO security suite.
• Conduct vulnerability scanning for new information system deployment or systems temporary connected to Navy Unified Capabilities enclaves to support APL testing. Ensure new information systems are configured in accordance with current DISA STIG s and DoD/DoN Directives.
• Conduct scheduled network security vulnerability assessments (using ACAS, e-Eye Retina and SCAP) and liaison with network administrators to correct identified problems.
• Review Information Assurance Vulnerability Alerts (IAVA) for applicability and impact to the various networks. Ensure that all systems are patched and report compliance or problems in achieving compliance to the IA Manager.
• Evaluate information systems for compliance with Defense Information Security Agency (DISA) Security Technical Implementation Guideline (STIG) and review measures needed to bring systems into compliance.
• Assist in evaluation of Information Systems for compliance with Government statutes, DoD 8500.2 IA Controls, DoD FISMA directives, policies and regulations.
• Perform regular required reporting, monitor applicable security resources for updated requirements and compliance directions supporting DoD/US Navy SPAWARSYSCEN Atlantic Task Orders.
• Collaborate with other Information Assurance personnel in reviewing current intelligence for relevant threats and assist in development of appropriate actions/response.
• Verify all virus signatures are kept up-to-date, and automated and manual virus scans are documented, scheduled and are being completed.

Confidential

Computer Specialist

Responsibilities:

• Deployed ROMII (OCONUS/CONUS) to the Navy Fleet and provided shipboard on the usage of ROMII.
• Managed multiple teams in various locations to support the US Navy ROMII and PCI compliance efforts.
• Experienced with DoD and Accreditation effort (DITSCAP/DIACAP) and associated DoD 8500 series guidance including preparation of C&A artifacts/ Plan of Actions and Milestones (POA&M).
• Worked with the Navy Exchange Service Command Information Assurance Manager to obtain new ATO for ROM II by updating C&A plan and IA controls.
• Identify and mitigate security threats/risks, and provides information assurance subject matter expertise throughout the program life cycle of ROMII; develops functional security requirements for ROMII.
• Worked with DoD approved security tools (DISA Gold Disk, SCAP, and Retina) to reduce the security risk of the ROMII system.
• Perform internal reviews on IT systems to ensure compliancy with IT Security policies and procedures.
• Responsible for Information Assurance Vulnerability Management program.
• Ensure monthly vulnerability scans are performed.
• Review and evaluate results of monthly vulnerability scans and work with appropriate technical groups to ensure vulnerabilities are mitigated.
• Ensure the IA program and IA - enabled software, hardware, and firmware comply with appropriate security configuration guidelines.
• Review system recovery processes to ensure Information Assurance features and procedures are properly restored.
• Assist in developing, implementing and enforcing Information Assurance policies and procedures.
• Assist in preparing and maintaining plans, instructions, guidance, and standard operating procedures concerning the security of network operations.
• Assist in providing direction to IT personnel by ensuring that IA security awareness, basics, literacy, and are provided to operations personnel commensurate with their responsibilities.
• Assist in gathering and preserving evidence used in the prosecution of computer crimes.
• Perform annual Contingency Plan testing.
• Prepared/maintain and patched various variations of the ROMII system.
• Maintain and imaged using GHOST each variations of the ROMII system currently being used by the fleet.
• Maintain database of each Navy Ship ROMII system and peripheral devices connected to ROMII system.
• Provide technical assistance to Fleet request, this includes: troubleshooting PDTs, password reset, Navy Cash/ROMII issues, and resolving hardware issues.

Confidential

Information Systems Security Analyst VVR Team

Responsibilities:

• Perform and/or review vulnerability scans, conduct risk assessments, and implementing or overseeing of the implementation of vulnerability assessments
• Analyze customer's requirements regarding applicable security disciplines (physical, personnel, information, communications, and computer)
• Evaluate customer's security policy and provide recommendations
• Provide guidance on Information Assurance matters during configuration design and modification of information systems; review system designs for IA directive compliance; recommend changes, mitigations and remediation
• Monitor and review periodic vulnerability and IA compliance testing
• Verify that applicable security measures identified by the IA Vulnerability Management (IAVM) program are applied
• Provide IA and risk analysis support; provide level of effort Technical Support on - site
• Provide augmentation support to observe and support security testing of new and existing systems at multiple locations across the United States

Confidential

HBSS System Administrator

Responsibilities:

• Configure, maintain, administer, deploy and troubleshoot the various software components that make up HBSS. Create custom Host Intrusion Detection/Prevention signatures, host firewall rules, and filter out false positive events as they are reported.
• Provide detailed reports on system status, module deployments, and event trends.
• Conduct analysis of malicious data - sets and publicly known exploits or vulnerabilities for the creation of custom detection and prevention methods.
• Assist remote administrators with troubleshooting the installation of HBSS components and issues that arise with deployment of custom signatures and firewall rules.
• Maintain heightened awareness of current threats and trends.
• Provide guidance on current network threats and trends.
• Track and report on enterprise deployment of HBSS tool.
• Examine potential security violations to determine if the Network Environment (NE) has been breached, assess the impact, and preserve evidence.
• Support, monitor, test, and troubleshoot hardware and software IA problems pertaining to the NE.
• Perform IA related support functions including installation, configuration, troubleshooting, assistance, and/or, in response to agency requirements for the NE.
• Analyze system performance for potential security problems. Assess the performance of IA security controls within the NE.
• Install, test, maintain, and upgrade network operating systems software and hardware to comply with IA requirements.
• Evaluated potential IA security risks and take appropriate corrective and recovery action.
• Perform system audits to assess security related factors within the NE.
• Implement applicable patches including IAVAs and IAVBs for their NE.

Confidential

Senior Network Security Engineer

Responsibilities:

• Assist with the design and implementation of all networking devices of USMC site.
• Responsible for ensuring all IA controls was compliance according to DoD 8500.2
• Perform Retina, DISA Gold Disk, and SRR scans.
• Documented and made all FW and IPS changes to the network
• Perform STIGs on all workstation and servers
• Perform vulnerabilities assessment and remediation on all workstations (windows, unix) and servers (windows, Red hat).
• Responsible for building and deployment of Host Based Security System (HBSS) to USMC network.
• Responsible for tracking and managing IAVAs.
• Responsible for the design, development, implementation, and/or integration of a DoD IA (Information Assurance) architecture, system, or system component for use within the New Breed enterprise.
• Performs risk analyses for functional areas to identify points of vulnerability, single points of failure and identifies risk avoidance and mitigation strategies.
• Advises New Breed on the specific data technologies that support or enhance the organization for the long - term strategic responsibilities of New Breed systems.
• Designs, develops, reviews and implements system security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.
• Designs, develops, reviews and implements security designs for new or existing technology system(s). Ensure that the design of hardware, operating systems, and software applications adequately address IA security requirements for the computing environment.
• Ensures security deficiencies identified during security/ testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate authorized representative.
• Ensures that the implementation of security designs properly mitigate identified threats.
• Participates in enterprise strategy development, including environmental analysis, opportunity identification, value cases and business innovation portfolio development regarding all areas of IT security and BC/DR functions.
• Documents system security design features and provide input to implementation plans and standard operating procedures.
• Based on current and future business requirements, define configurations necessary for a disaster recovery site.
• Ensures/implements the rigorous application of Information Security/Information Assurance policies, principles, and practices in the delivery of Systems, Applications and/or Services (Hardware & Software).

Confidential

Network Security Engineer

Responsibilities:

• Responsible for the automated deployment of Host Based Security System (HBSS) to Legacy and Excepted Naval Networks throughout the U.S.
• Work independently at predetermined Navy sites and communicate with a Network Operation Center (NOC) Engineer to ensure end - to-end connectivity (clear path) to the end-user workstation from the HBSS ePolicy Orchestrator (EPO) server.
• Change firewall rules and documenting firewall rules for clear path ePolicy Orchestrator server.
• Ensure successful delivery/installation of HBSS to all End User Devices (EUDs) (Microsoft workstations only to include various Windows 32-bit operating systems XP and above) in that network and all stub networks, behind site premise, in accordance with (IAW) the project plan.
• Work with site IT staff to deploy HBSS through Active Directory or other approved method IAW the Standard Operating Procedures (SOP).
• Investigate problems associated with deployment of HBSS software to EUDs to ensure successful delivery.
• Support development of the discovery planning, execution, and administration for the CARS Due Diligence phase. Support includes managing mulitple teams while on deployment, developing or identifying the necessary tools, templates and needed to successfully complete the Due Diligence execution.
• Conduct, review and validate network scan data from an engineering perspective.
• Conduct data analysis and security review of solutions to migirate applications and systems to Navy enterprise enclaves, or to decommission Navy legacy networks.
• Inform and advise site representatives, Central Design Authorities and Program Managers on the process by which legacy systems are transitioned to Navy enterprise enclaves.
• Recommend a technical solution for enterprise review to facilitate enterprise wide solutions.
• Ensure disposition of systems/applications/networks is properly documented.
• Provide quality - engineering consulting for the development of technical processes, procedures, and solutions to problems preventing the successful transition of legacy systems to enterprise enclaves.
• Perform vulnerability assessment on workstation and servers thru out the entire Navy Legacy network using IIS, Harris Stat and Retina scanner.
• Perform computer and network systems problem resolution of legacy networks maintain oversight and provide operations and maintenance support for Navy networks (ONENET, IT21 and Legacy). As well as establish the operational standards and reporting metrics.

Confidential

Sr. Network Data CommunicationAnalysts

Responsibilities:

• Routinely field phone calls during off - duty hours for assistance with scanner troubleshooting, attend and input to CNDWO Weekly Brief and weekly OLS Meetings. Also provide constant guidance and direction to NAVCIRT OLS Watch and Day Staff.
• Continue coordination of Navy retina vulnerability scans worldwide in support of Directed scans, IAVA, SSAA, IATO, ITO, etc. Frequently troubleshoot via conference call or phone calls for long periods, sometimes over two hours
• Begin coordination of UTN and Internal scans for six high-level NavAir sites, as follow-on to scans conducted last year.
• Provide technical support for Government rep while on-site SupShip Portsmouth, chair two OLS JQR Oral Boards. Develop and submit short-fused Course of Action (COA) input to N3 Senior Watch Officer for Naval Station Rhode Island scan results conducted on-site by NCDOC Mobile Response Team.
• Develop and provide written guidance and feedback to OLS Watch regarding drafting of scanner results via formal naval message feedback.
• Continue coordination with ISS Internet Scanner help desk support request regarding Hacker Defender Root Kit and possible false-positive response to PSTOOLS Installation.
• Identify know network security vulnerabilities and assists in prioritizing threats for remediation.

Confidential

Information Assurance Compliance Team

Responsibilities:

• Perform vulnerability assessment on workstation and servers thru out the entire Marine Corp network using IIS, Harris Stat and Retina scanner.
• Install and update scan engine for Retina Network Security scanner and Harris STAT scanner to ensure availability and functionality.
• Perform file share audit thru out Marine Corp domains for the presence of open network shares.
• Built Dictionary files (a cryptographic hash of password) use for auditing the Marine Corp enterprise for user and service accounts with transition passwords.
• Audit the NMCI enterprise SLA sites for a particular month, to ensure compliancy to metrics outlined in IA SLAPC: 106.4
• Perform different Intrusion Detection Test cases using NMAPs, Hydra, Sticks, Unicodes, Superscan, and rogues.
• As Shift Lead trained/mentor new hires on the basic duties of IA watch officer.
• Conduct network and packet analysis in support of ever - evolving DOD, Local, firewall, and Intrusion detection System (IDS) policies
• Review logs from firewalls, other boundary protection devices, applications, Operating systems, and websites
• Assist with security vulnerability assessments
• Employ managed and unmanaged sensors to develop and maintain a baseline of normal system, network and application activity, provide trend analysis, and identify anomalous trends or events
• Maintained and troubleshot network security services/devices such as Firewalls, SAV parent/client servers, Antivrus/Hacktool threats, IDS, ITA, Send mail Servers, and VPN mesh on the NMCI infrastructure of 100,000 users
• Ensure system availability by collecting and analyzing statistical data derived from network devices
• Strong Knowledge of NMCI Marine Network IP space as well as monitor the network traffic using Intrusion Detection devices by reviewing and recommending new signatures for implementation
• Analyze and correlate TCP/IP packet dump information with other analysis tools in relation to security incident investigation and vulnerability assessments
• Detect, report, mitigate, and document rogue machine intrusions, network incursions, and attempted virus infections on a daily basis
• Detect, report, and document NMCI Red Team attacks to test the vulnerability of our information assurance structure, per rules of engagement; consistently met or exceeded the Service Level Agreements of Red Team detection each month