PROFESSIONAL SUMMARY

• Experienced Information Security/Information Assurance Professional with skills in Risk Assessment/Management,
• Vulnerability/Security Assessment, Cybersecurity, Security Monitoring, IT Regulatory Compliance,
• IT Security Audit, Security Compliance, Network Security, Security Authorization, and Incident Response
• Management, where I can effectively become a part of the team and put my knowledge and skills into action

SKILLS

• Information Security
• Vulnerability Assessments, Nessus Scans (Linux/Windows based), Web Application Security,
• Intrusion Detection Systems, Retina Security Scanner, Threat Risk Modeling,
• Incident Response Management, Nmap, Security Audits, Application Security Code Review,
• Various Security Tools, SDLC, USCYBERCOM Information Assurance Vulnerability Management (IAVM),
• Security Architecture and Design Review, correcting security deficiencies, Plan of and Milestones (POA&Ms)
• Operating Systems
• Windows XP/Vista/7, Windows Server 2003/2008, Active Directory, Linux/Unix, Mac OS,
• Basic Windows/Linux/Unix Command Lines
• Applications/Internet Applications
• Microsoft Office (Word, Excel, PowerPoint, Outlook, Project), SDLC, Extensible Markup Language (XML), SharePoint, Mozilla Firefox, Internet Explorer, Adobe Acrobat, DISA’s Vulnerability Management System
• Networking
• TCP/IP, OSI Model, Network Diagnostic Tools, Routers, Firewalls, VPN, Internet/Network Ports and Protocols,
• Public Key Infrastructure

 EXPERIENCE

Confidential , Fort Belvoir, VA 

Information Assurance Manager

• Provide security architecture, policy and design guidance for business systems andnetworks; provide Information Security Certification and Accreditation Support for
• applications, systems and networks in accordance with appropriate DOD policies and
• processes; review, coordinate, and recommend IA standards and protocols for cost effective
• application in accordance with the Department of Defense’s (DOD) Defense in Depth
• (DID) strategies and supporting documentation for each task; ensure compliance with
• Federal, DOD Information Technology and security requirements, policies, procedures
• and standards as applicable; conduct DIACAP analysis and configuration assessments for
• computing environments; develop and execute the DIACAP package to include submission of
• proposed updates to the accreditation boundary; identify, conduct impact analysis, track, and
• present outstanding program DIACAP findings through the use of a POAM and work to resolve
• issues; produce C&A related information and documentation required by DISA to obtain connection
• approval; manage computing environment vulnerability through the use of Vulnerability
• Management System (VMS); performs technical writing, presentation preparation, and work
• collaboratively with agency partners; manage the DIACAP Package through the use of Enterprise
• Mission Assurance Support System (eMASS); track the expiration of all Accreditation Decisions
• such as authority to operate (ATO), Interim Authority to Operate (IATO), Denial of Authority to
• Operate (DATO), and the submission of DIACAP packages throughout the system’s development
• lifecycle; analyze the DIACAP package, assess the adequacy of the required protective measures, assess
• residual risk, provide support to determine the readiness of the system for accreditation; recommend
• for detected vulnerabilities that could preclude accreditation, management, operational, or technical
• controls to include human procedures, software configuration parameters, system changes to mitigate
• the risk associated with the vulnerability; perform technical reviews of documented security
• certification results normally submitted in the DIACAP format to assess their completeness and
• identify system vulnerabilities and weaknesses; Analyze vulnerability scans and Security Readiness
• Review (SRR) results, STIG compliance and deficiencies of all forms identified during internal and
• external IA reviews.

Confidential, Washington, DC 

Senior Information Assurance Analyst

• Conduct C&A process for Operational, Research, Development, Test and Evaluation
• (RDT&E) Information Systems and networks within the Navy eMASS in accordance
• with DoD 8510.01; conduct in - depth technical reviews of C&A documentation from
• field activities seeking accreditation by the Authorizing Official with
• appropriate policies and procedures and develop recommendations accordingly;
• complete reviews and provide appropriate feedback within the timelines; review and
• complete documentation such as Certification Test & Evaluation (CT&E) test reports,
• Retina Scans, System Identification Profile (SIP), DIACAP Implementation Plan (DIP),
• C&A plans, risk assessments, Plan of Action & Milestones, etc; assist in executing the
• C&A portion of the CS/IA Compliance Inspections as required; analyze and review the
• results of network and system vulnerability scans and validate implementation of IA
• controls in accordance with DoD 8500.2; maintain the C&A package repository in
• the corporate document management system; perform quality assurance reports
• that support the Authority to Operate (ATO) approvals; analyze Information Systems
• security requirements to be implemented during system design.

Confidential Washington, DC,

Information Systems Security Officer 

• Develop Security Assessment & Authorization (SA&A) documentation and maintain the
• System Security Plans; create PKI certificates (encryption and digital signatures);
• review application, system, and security audit logs; oversees system recovery
• processes; consult IT Security and Information Security incidents or violations;
• scan systems for vulnerabilities; ensure compliance with information awareness
• training; ensure security policies, procedures, standards, and guidelines are followed;
• appropriately protect information collected, processed, transmitted, stored, or
• disseminated; ensure access to information systems are controlled; ensure system security
• requirements are addressed during all phases of the system lifecycle; monitor all changes
• to Information Systems software, firmware, hardware, and documentation; review NIST
• 800 series and security controls; manages review and release of media and memory components;
• disseminate information concerning common vulnerabilities and threats; ensure awareness
• and precautionary measures are exercised to prevent introduction and proliferation of
• malicious code; respond and investigate to all information security-related incidents or
• violations, maintain records, and prepare reports; review and update system security plans,
• policies and procedures; conduct risk analysis to protect Information Systems; assist with
• mitigating risks on Information Systems; ensure Plan of Actions and Milestones (POA&M)
• are mitigated and closed; update antivirus signatures; review security controls. Assist with
• DIACAP Packages; support preparing artifacts and additional documentation related to
• systems or applications; review the findings and identify a mitigation solution; provide
• support in order to maintain the ATO as software changes/upgrades occur; support the
• utilization of the automated validation capabilities of the Enterprise Mission Assurance
• Support Service (eMASS) for preparation of the DIACAP Package; work with Application
• Security & Development STIGs; prepare the supporting documentation required for the
• DIACAP requirements Plan of Actions and Milestones (POA&M),System Security Plan (SSP),
• actual validation results in the Vulnerability Management System (VMS) and eMASS,
• Configuration Management Plan (CMP), artifacts associated with implementation of IA controls.

Confidential Baltimore, MD, 

Information Assurance Protection Specialist

• Performed network vulnerability scans/assessments and thoroughly analyzed vulnerability
• scan results for Computer Network Defense (CND) Subscribers; evaluated DOD
• Information Assurance Certification and Accreditation (C&A) packages; monitored
• and tracked CND Subscribers compliance to report to JTF-GNO/USCYBERCOM on
• NIPRNet (unclassified) and SIPRNet (classified) network; evaluated security posture
• through various aspects of documentation and meetings; recommended system
• enhancements to improve information security deficiencies; assisted with securing system
• configurations and installing security IA tools; researched and analyzed a wide variety of
• vulnerabilities for multiple operating systems and applications; reviewed Incident Response
• Procedures and DISA STIGs; disseminated Situational Awareness Reports and Malware
• reports to CND Subscribers; made recommendations for enhancements to improve efficiency,
• reliability, and security; evaluated and enhanced security policies and procedures. 

Confidential,  Arlington, VA, 

Associate Technical Analyst

• Researched and understood current phishing methodologies and techniques including web
• kit deployment, spam, and malware distribution and associated activities related to identify theft,
• social engineering and online scams; performed response activities related to reports of phishing
• attacks and brand infringement violations against Cyveillance customers; tracked the process of
• unresolved cases to ensure their successful completion or escalate to the appropriate individuals or
• rganizations based on established guidelines and procedures; fostered the development of
• relationships with providers while succeeding in the removal of malicious account from their networks.

 LLC, Columbia, MD, 

Computer Security Specialist

• Security Certification and Accreditation activities; network and web
• application vulnerability assessments; analyzed security logs; scanned
• networks and/or hosts for vulnerabilities on a monthly basis; analyzed and
• produced vulnerability/remediation reports in response to scans; updating and
• monitoring periodic scans; maintained configuration of the nessus scanner;
• security test and evaluation preparations (gather information from systems
• with security tools); audited systems; periodically updated
• security procedures and other IT security documentations.

.Vienna, VA,

 Information Assurance Analyst

• Worked with on-site personnel and provided security expertise as
• requested; supported agency computer security awareness training;
• provided recommendations for consolidating or developing IA
• policies and procedures; supported Computer Emergency Response Team
• (CERT) and computer security incident inquiries and investigations;
• worked on Certification and Accreditation (C&A) application problems
• involving all phases of systems analysis to provide IA solutions; developed
• system security plans (NIST SP 800-53); supported Federal Information Security

 Miami, FL,

IT Security Internal 

• Lead the analysis, documentation and remediation of
• Foundstone security vulnerability management; scanned
• the environment for security vulnerabilities; analyzed the
• data in order to rank the severity of the vulnerabilities; researched
• for remediation tools; executed process for identifying components,
• vulnerabilities and servers.

 Miami, FL,

Computer Technician 

• Assisted users with technical problems on computers, laptops, IT network, and printers;
• deployed and configured computers and peripherals; updated resolutions in Track IT
• helpdesk database; stored and delivered data backup tapes; installed approved softwares;
• re-imaged computers using ghost disk; configured/resolved computer network issues.