SUMMARY OF EXPERIENCE

• I have 14 years of professional experience with years of experience in the certification and accreditation C A and information assurance IA arena conducting C A activities for Government systems. Currently I am working as a Sr. Technical Consultant for Acuity-Dept. of State where I use my past and present experience to develop System Security Plans, Contingency Plans, Configuration Management Plans, Privacy Impact Assessments, Business Impact Assessments, Security Assessment Reports, Risk Assessment Reports and Plan of Actions Milestones using the National Institute of Standards and Technology NIST guidelines.
• I have a clear understanding of implementing security programs in a large corporate and governmental environment. I actively participate in the enforcement of corporate and governmental security strategies, and enterprise wide policies and standard. My particular expertise are the understandings of the Methodologies within NIST 800 series particularly the Guide for the Security Certification and Accreditation C A of Federal Information Systems SP 800-37, Risk Management Guide for Information Technology Systems SP 800-30, Guideline on Network Security Testing SP 800-42, Security Controls for Federal Information Systems and Organizations SP 800-53,Security Metrics Guide for Information Technology Systems SP 800-55, Computer Security Incident Handling Guide SP 800-61, Security Considerations in the Information System Development Life Cycle SP 800-64. NIST recommendations for the use of Triple Data Encryption Algorithm TDEA BLOCK CIPER, Public Key Technology and the Federal PKI Infrastructure, Cryptographic Algorithms and Key Sizes for Personal Identity Verification. The integration/standardization of ISO 9001, FISMA and HIPPA.

EXPERIENCE

Senior Technical Consultant

Confidential

• Develop and manage project time lines and resources supporting the C A efforts of all Information Systems and Applications within the client space in accordance with FIPS-199/200,and NIST SP 800-18,37, 47 and 60 ensuring bureau FISMA compliance.
• Conduct system security assessments and documentation activities associated with the IA and the C A of systems and applications housed on the clients Network.
• Ensure appropriate implementation of C A security controls, documentation of findings and remediation efforts in regards to Plans of Action and Milestones POAMs regarding National Institute of Standards and Technology NIST and client guidance along with entire C A project documentation.
• Develop project time lines to allow for on-time mandatory updates of the offices contingency plan, security plans and cyclic accreditation along with annual system security test and evaluations of the bureaus' security practices.
• Implement all information systems security policies and guidelines and ensuring their interpretation and application on this LAN meets the intent of client regulations and federal guidelines.
• Ensure that Continuous Monitoring is executed by performing annual self-assessments, tabletop Contingency Plan walkthroughs for Moderate categorized systems, and fully executed Contingency Plan exercises for High categorized systems.
• Routinely perform the duties of the Information System Security Officer ISSO in their absence and within the limits of liability. Ensure control and limit automated information system access to the level necessary for users to perform their official duties. Ensure established Rules of Behavior policies for email, internet, and application use are adhered to.
• Ensure all automated information systems AIS are properly labeled with the appropriate classification stickers. Follow up on all security incident investigation and reporting.
• Ensure all personnel with access to systems have received site-specific role-based AIS security training. Maintain server room logs and visitor log book for server room.
• Responsible for the encryption of all portable devices.
• Serve as the IT Contingency/Disaster Recovery Plan coordinator

Security Analyst, BAE Systems

Confidential

• Perform tracking of all reported security events/incidents and their resolution.
• Perform escalation and reporting of customer inputs using proper procedures.
• Develop assessments and reports, weekly trends of incidents, and security events.
• Coordinate/synchronize strategic analysis in support of computer security incidents.
• Identify patterns in reported compromises and identify additional compromises as part of the same incident.
• Perform forensic analysis of digital information and physical evidence.
• Provide specialized support by gathering, handling, examining, preparing, entering, searching, retrieving, identifying and/or comparing digital and/or physical evidence.
• Uses forensically sound procedures to determine results.
• Observes proper evidence custody and control procedures, documents procedures and findings and prepares comprehensive written notes and reports.
• Analyze network/computer threats and mitigate vulnerabilities while limiting operational impact.
• Tools used to conduct vulnerability scans and daily job functions include: Wireshark, Ncircle IP 360, Webapp 360, Appdetective, Nessus, McAfee ESM, Sourcefire as well as Symantec AV.

Security Analyst

Confidential

• Prepare security authorization C A documentation including system security plans SSP , risk assessment RA , configuration management plan CMP , privacy impact analysis PIA , and other artifacts required for the ATO package
• Develop and test contingency plans
• Develop information policy and procedures
• Assist the annual FISMA security authorization tasks including planning, notification, evaluation, validation, and report preparation of annual FISMA control assessment, IT risk assessment, contingency plan testing
• Perform independent Security Control Assessments SCA and Security Test Evaluations ST E
• Develop and track corrective action plans CAP from audit findings
• Develop and manage Plan of Actions and Milestones POA M reports for agency
• Support IT security audits, reviews, data calls by clients
• Assist with the preparation of new or revising of out-of-date IT security policies and procedures
• Research, evaluate, and recommend vital IT security-related technologies and services Assist the Information Assurance Director in executing various tasks and initiatives of the corporate IT governance program.
• Tools used to conduct vulnerability scans included Ncircle IP 360, Webapp360, Appdetective, Nessus as well as the CIS Benchmarks.

Senior Cyber Security Analyst

Confidential

• Support the Material Weakness Remediation Support MWRS initiative for the U.S. Department of Veterans Affairs conducting internal audits in advance or concurrently with OIG staff.
• Close as many weaknesses as possible that exists prior to audits
• Detect as many previously unknown weaknesses as possible and closing them prior to the IG audit
• Observe or assisting the site staff during the IG audit, and identifying 'false positives findings before these are included in the IG report
• Develop plans to close or remediate weaknesses that could not be closed immediately
• Detect patterns of weaknesses or agency-wide weaknesses to be addressed
• Update documents to reflect findings, corrective actions plans CAPS , plans of actions and milestones POA M and tracking the completion of work

Project Lead/Senior Security Analyst/Senior Test Lead

Confidential

• Responsible for development of C A packages for Government systems in accordance with the National Institute of Standards and Technology NIST , and Office of Management and Budget OMB A-130 guidance. All work for these efforts have followed the procedures, policies, and processes mandated by NIST, GSA and CIO security policies, as appropriate .
• Perform independent Security Control Assessments SCA and Security Test Evaluations ST E
• Develop and track corrective action plans CAP from audit findings
• Develop and manage Plan of Actions and Milestones POA M reports for agency
• Provide technical guidance on security configuration, analysis, and testing of Windows Linux operating systems, networking components such as firewalls, routers, intrusion detection systems, network architectures in the performance of the certification efforts
• Review every Risk Assessment/Security Assessment and Plan of Action Milestone document before it goes to final.
• Tools used to conduct vulnerability scans included WebInspect, Appdetective, Foundstone, DISA Stigs, Nessus as well as the CIS Benchmarks.

Network Engineer

Confidential

• Responsible for support on Veterans Administration Virtual Private Network and Internet Gateways
• Assist end users and other IT personnel in applying security techniques
• Troubleshot wireless connectivity
• Assist users with installing vpn software and configuring firewalls. Maintain and update virus protection for end users. Modify class A, B C ip's within ACL's

Network Communication Specialist/ISSA

Confidential

• Serve as the principal point of contact POC for systems/major applications concerning C A issues
• Prepare C A documents using NIST, OMB A-130, Trusted Agent FISMA and Risk Management RMS tool
• Audit operating system logs and conduct the annual system review and coordination of contingency plan and Crash Recovery Kit tests
• Complete documentation on information categorization for systems per FIPS 199 to FIPS 200
• Prepare security authorization C A documentation including system security plans SSP , risk assessment RA , configuration management plan CMP , privacy impact analysis PIA , and other artifacts required for the ATO package
• Assist the annual FISMA security authorization tasks including planning, notification, evaluation, validation, and report preparation of annual FISMA control assessment, IT risk assessment, contingency plan testing
• Perform independent Security Control Assessments SCA and Security Test Evaluations ST E
• Develop and track corrective action plans CAP from audit findings
• Develop and manage Plan of Actions and Milestones POA M reports for agency
• Periodically review computer systems and networks for changes
• Ensure system users receive training
• Enforce access control policy
• Report security violations such as unauthorized access, viruses, etc
• Enforce the capability to track user activity on a system and report misuse
• Ensure security requirements for the major applications or general support systems are being met
• Ensure requests for C A of computer systems are completed in accordance with the published OSC policies and procedures
• Ensure compliance with all legal requirements concerning the use of commercial proprietary software, such as respecting copyrights and obtaining site licenses

System Security Analyst / VPN Telecomm Engineer/ IDS Support

Confidential

• Investigate and report suspicious packet data traffic
• Research, analyze, and test computer/network technical vulnerabilities
• Identify affected systems and location of fix action
• Document and catalog data into database system
• Maintain help desk for Veteran Affairs VPN support
• Troubleshot site to site connectivity
• Add and modified ACL's. Created and modified VPN user accounts in ACS servers
• Log trouble tickets in local intranet help desk
• Create and update SOP's for VA Medical Center.
• IDS Toolset included Manhunt, Snort, ISS Realsecure. Dragon and Sourcefire.

Microcomputer Support Specialist

Confidential

• Perform network Installation Hybrid of NT and 2000 Servers
• Perform PC repair and installation including Network connectivity
• Provide Network Troubleshooting and help desk support for 120 pc's and 10 servers
• Provide Software Troubleshooting and Installation including Microsoft Office 97, 2000 with Exchange Server support, Windows 95,98,2000,NT, ME. PC Anywhere and Norton Ghost Enterprise
• Create Policies and Procedures for PC Imaging Software that decreases repair turnaround time

System Support Analyst

Confidential

• Manage AS/400 system and connected devices
• Provide user support for AS/400 including Setting up new users and maintain menu options for users on AS/400
• Perform full system saves
• Install networks
• Perform PC repair including hardware and software

PC Technician / Intern

Confidential

• Provide user support for software
• Install user software for home based computers
• Troubleshoot software errors via telephone
• Install hardware for system upgrades