PROFESSIONAL PROFILE

• Senior Cyber Security Engineer Versatile and highly motivated individual with 25+ years of experience in Information Security. IT professional with strong organizational, entrepreneurial, and customer relations skills. Communicate Information Security concepts clearly and usefully to all types of audiences. Demonstrate reliability and high degree of accuracy. Work productively with internal management and outside companies to achieve objectives. Show keen insight in Information Security, Infrastructure Issues, and Problem - Solving. Keep current on threats and vulnerabilities in order to formulate mitigating strategies.

PROFESSIONAL EXPERIENCE

Confidential, Huntsville, AL

Sr. Cyber Security Engineer/Information Systems Security Officer

Responsibilities:

• Design, Implement, and Test Dependable geographically dispersed DoD systems to support Missile Range operations at the Pacific Missile Range Facility (PMRF). Design and Implement Cyber Security labs in order to test application software, OS and network device patches, perform vulnerability management, and enforce configuration management.
• Lead multiple efforts securing DoD networks using the DoD RMF framework and facilitate with the transition from DIACAP to RMF. Provide leadership and direction in shaping and enhancing the security posture of MDA systems supporting missile flight test communications operations. Develop and issue security procedures governing MDA information systems and operations.
• Confirm MDA systems RMF compliance with DoD security policies by monitoring and auditing RMF controls. Oversee MDA information systems configurations by managing all aspects of Configuration Management to ensure a high security posture, and a stable computing environment. Act as a bridge between MDA IA personnel and IA mandates.
• Provide Assured Compliance Assessment Solution (ACAS) training to MDA personnel. Perform Plan of Action and Milestones (POA&M) maintenance in eMASS to ensure high security posture on MDA systems.

Confidential, Pocasset, MA

Sr. Information Assurance Engineer

Responsibilities:

• Lead Confidential ’s RMF and DIACAP DoD Cyber Security programs, Autonomous Underwater Vehicles Cyber Security projects. Provide Cyber Security guidance, consultation, and expertise to meet the requirements Implementation
• Assured Compliance Assessment Solution (ACAS) in DOD environments. Directs the implementation of DISA ACAS Tactics, Techniques, and Procedures (TTP) in order to provide commanders situational awareness of the health of their network, and enabling them to quickly validate Information Assurance Vulnerability Management (IAVM) compliance status, and respond to United States Cyber Command (USCYBERCOM) directives. Direct Comprehensive Security Assessment (CSA) teams in order to uncover and remediate vulnerabilities in DoD and Confidential networks.
• Directs Confidential ’s Information Technology security related programs which include Risk Management, Policy Development and Compliance Monitoring, Procedure Development and Implementation, System Authorization, Security Awareness, Incident Management, Contingency Planning, Business Continuity Planning, Auditing, Resource Management, and Physical Security. Verify compliance with information security requirements in related legislation, policies, directives, instructions, standards, and guidelines.
• Develop and implement policies to effectively manage risk and protect the core missions and business functions being carried out by the organization, reduced security incidents significantly by implementing Policy Enforcement, Network Monitoring, User Awareness Training, Patch Management, Password Management, Email Security, Vulnerability Scanning, and System Hardening.
• Designed and implemented a DOD Cyber Security Lab for testing patches and updates on Windows/Linux systems, and network devices in order to enforce configuration management best practices, and ensuring stable computing environment. Created custom IDS rules to protect against buffer overflow, TCP SYN attacks, and other emerging threats. Developed custom security tools and exploitation scripts in Python to probe the security posture of Operating Systems and network devices.

Confidential, Huntsville, AL

Security Officer

Responsibilities:

• Provide On-Site DoD Information Assurance expertise, guidance and direction to U.S. Army customers. Provide DIACAP Certification and Accreditation expertise, training, support and advice to U.S Army customers.
• Plans and coordinate pre-assessment activities for the Annual Review of IA Controls on accredited systems.
• Perform Technical IA compliance verification by performing Security Content Automation Protocol (SCAP) scans, and Retina network scans on accredited systems in order to ensure continued compliance with applicable
• Security Technical Implementation Guides (STIGs). Create entries, log actions, and track resolution for Computer Incident Response activities. Lead DIACAP to RMF transition

Confidential, Huntsville, AL

Senior Information Security Analyst

Responsibilities:

• Design, configure, test, implement and sustain trusted computing systems, networks and applications
• Perform Information security consulting including penetration testing, application testing, web application security assessment, operating system assessment, social engineering, wireless assessment, and IDS/IPS system assessment
• Secure operating systems by applying Group Policies, closing unnecessary ports and services, and removing unused accounts
• Perform Test and Evaluation (T&E), and Ethical Hacking in order to assess vulnerabilities in Windows Server 2008, SQL Server 2008, Internet Information Services (IIS7), Linux, Cisco ASA 5510 firewalls, 3925 routers and 3750 switches
• Review and author policies and procedures pertaining to Information Assurance and Incident response in accordance with NIST guidelines
• Conduct forensic analysis of suspect computer media for evidence of misuse from internal and external sources using Access Data Forensic Toolkit
• Lead Intrusion Detection System (IDS) Incident Response System efforts relating to incidents involving IT infrastructure, to include system compromise, unauthorized user, poor security practices, PII incidents, and classified spillage
• Implement policies and procedures for secure enterprise information system infrastructure design, implementation and sustainment, redundancy, information assurance, application security best practices, OS and application hardening, network protection, security risk management, patch management, physical security, network security, authentication, vulnerability, and incident management and privacy
• Create Risk Management plans in to identify and quantify risks and their impact, and develop plans for mitigating high impact risks
• Identify and analyze information systems security risks on an on-going basis in order to mitigate and minimize risk to ensure information integrity, confidentiality, and availability