WORK EXPERIENCE

Confidential

Information System Security Analysts 4

In support of FEMA Performed computer, network security assesments and document IA control compliance assessments for systems and major applications. These tasks include conducting application and vulnerability scans using security scanning tools. Develop technical documentation e.g. network diagrams, inventory control, data flows and perform reviews of the technical sections of A A artifacts including verification and validation of IA Controls. Review vulnerability scans to identify false positives, mitigation strategies, and system fixes. Assist with the establishment of accreditation boundaries and the validation of completed POA M items. Completed assessment package deliverables and conducting technical testing using automated tools. Initiated and review artifacts in compliance with NIST RMF process. Provided SME support, for the project developing accredidation packages and performing quality assurance reviews of A A artifacts.

Confidential

Information Assurance Officer

Provided computer security within the wing and subordinate units. Provided Information Assurance oversight of multiple classified and unclassified networks. Developed, implemented, and enforced computer policies. Ensured compliance with Air Force Process and Certification and Accreditation. Developed and maintained appropriate Certification and Accreditation documentation. Provided and assisted in certification testing. Developed and Administered computer security user training. Provided Media Sanitation, Media Control, Incident clean-up. Developed and implemented secure data extractions procedures. Assisted in providing Vulnerability testing and protection measures, Conducted Audits. Provided account management. Conducted security inspections of Information Systems

Confidential

Provide support to all aspects of information security, technical and engineering during the entire lifecycle of Cross Domain Solutions and ISR networks, systems, applications and databases. Develop, define, and implement security architectures, plans, policies, and procedures to improve organization and project security evaluate and assess compliance with established information assurance security policies and regulations evaluate the security posture of computer/network information systems and make recommendations for certification and approval develop, research, publish, test, and update SOPs and Methodologies: standard operating procedures, tools, techniques and procedures, Forensic and Malware Analysis, and Incident Handling provide technical and administrative support to government staff during the identification, resolution, and tracking of computer security incidents or events provide long-term and near-term computer network defense analysis and planning for resolving systemic and enterprise computer events or intrusions conduct assessments of IT architectures to ensure compliance with current and emerging Computer Network Defense CND doctrine and concepts of operation and provide reports with recommended changes to the government CND architecture conduct Analyzes and responds to real-time and near-real-time security events. Performs real-time alerting and problem resolution.

Confidential

Security Control Assessor

In support of USAF provided information systems information security solutions that identify the technical, physical, and administrative controls required to share information with coalition partners while adequately protecting the confidentiality, integrity, and availability of resources. Performed comprehensive assessments of the management, operational and technical security controls employed within or inherited by information systems to determine the overall effectiveness of the controls. Conducted independent assessments as Trusted Agents as well as alongside government assessors. Review Artifacts which create the body of evidence prior to assessment. Assist in the development of the Certification Test Report CTR , Plans of Actions and Milestones POAM's for the site and the system. Prepare Approval to Operate ATO or Interim Approval to Test IATT documents, present documents to Authorizing Official with the Certification Test Report if applicable for assessment. Coordinate with sites for assistance with questions, and provide reference materials as needed.

Confidential

Security Control Accessor

In support of a government client performed scheduling and automated scans of system hardware and software and conducted interviews with key system personnel as necessary. Provided support in vulnerability assessment and continuous monitoring of the organization's information systems following ICD 503 standards and best practices. Provided various levels of Information assurance, including patch management, certification testing, incident response, FISMA testing, and Red Blue team assessments. Provided recommendations concerning safeguarding of information systems and conducted comprehensive assessments of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls. Performed risk analysis and risk assessments based on NIST SP 800-30 guidelines on clients systems and providing customer support during the A A process. Developing System Security Plans SSP based on NIST SP 800-18, 800-37 and SP 800-53 guidelines. Performing Security Controls Assessments on various applications and networks systems by initiating network scans, physical inspections and interviews with key personnel using security assessment procedures based on NIST SP 800-53A and DCID 6 3 and ICD 503. Preparing and reviewing Security Assessment Reports SAR and providing guidance on remediation procedures for known security vulnerabilities. Developing Plans of Action and Milestones POA Ms to document risk mitigation and vulnerability remediation efforts, and FISMA testing. Briefing the CA and DAA on the results of the security risk assessments and providing recommendations for accreditation decisions.

Confidential

Information Security Specialists

In support of a government client operated and maintained network security equipment and implement security solutions. Performed information security event analysis, Security management and operations in a classified environment, intrusion detection systems, firewalls and enterprise anti-virus appliances, Assisted in managing and responding to and resolving situations caused by network attacks, Network management, Assisted in engineering network and security solutions using current monitoring technologies such as: Cisco MARS, Arcsight ESM, Snort, Wire shark, Source Fire, Assessed information network threats such as computer viruses, exploits, and malicious attacks. Operates vulnerability assessment equipment in support of intrusion analyses, Provided solutions to issues detected in a timely manner, Support information security assessments, Assisted in creating SOP's and policies, able to communicate effectively both in writing and orally.

Confidential

Systems Administrator II

In support of a government client performed daily administration of Cyberguard Firewalls and Linux DNS servers, Assists engineers in migration off of Raptor Firewall software solution, Cyberguard Consolidation, Implement requirements to add / update endpoints, rules, protocols to Control Interface CI devices, Troubleshoot anomalies with remotes to ensure proper passing of data, Patch / upgrade firewall, Analyze firewall logs, system logs, and other forensic data to determine if systems have been compromised, DNS, and Webwasher OS and software , Maintain DNS tables and troubleshooting connection issues with remotes Administration, installation/trouble shooting firewalls. Providing internet security of network, Email and Web content security and filtering, PKI Certificate issue, Ensure the appropriate level of protection and adherence to the goals of the overall information security strategy, Analyze and Mitigate threats, TCP dump, assist in network scanning, Antivirus Administration

Confidential

Information Systems

Maintain and manage IS databases. Test, code, implement and install new software and hardware. Expand or modify systems to serve new purposes or improve workflow. Maintain switches, routers as directed, rebuild, install, and maintain servers. Improve and maintain security of Laptops and Desktops, network security. Setting up and securing/hardening all network servers. Maintain user's accounts. Patch management. Assist in Security assessments. Responsible for managing helpdesk operations. Systems and anti-virus updates. Assisted and provided network reconnaissance reports and briefings. Assisted Rehab center staff with user issues as needed. Install and configure computers on the local network. Helped facilitate transition to EMR, Assisted in SharePoint administration, and deployment, Assisted in configuring the Wireless environment. Firewall and system log reporting, Network scanning, Snort

Confidential

Information Systems Part-Time Aug 2007 Jul 2011

Established and maintain computing systems for small business. Assisted in Network, systems security, and anti-virus administration. Assisted in updating and implementing policies, Maintain security regarding logical and physical access to systems, email security, firewall, desktop, and laptop security, and antivirus administration. Install and update software as needed. User Account administration. Provide user support, training, and solves various issues related to hardware and software. Responsible for managing the help desk operations, the support team and providing efficient and excellent customer support to the end users, Assisted with testing of installed systems to ensure protection strategies are properly implemented and working as intended, Assisted in Recommended preventive, mitigating of threats internal and external. Network scanning, Wire shark

Confidential

ITG / Technician

• Diagnosed and resolved various personal computer hardware and software problems. Monitored and
• Entered work completed in a ticket system, Installed computers on the local network. Updated inventory
• System when computer changes were made. Ordered warranty replacement parts through IBM website and
• various servers, Switches and router work as directed.

Confidential

Computer Operator

• Maintained and monitored online ATM network, monitored and assisted in port security on switches,
• Processed and Secured Federal transactions, monitored network

TECHNICAL SKILLS AND TRAINING

• IP Professional Course Windows XP, Vista, Win7
• Security Certified MS Office Suite
• C EH Certified Microsoft 2274 managing a Windows server 2003 environment
• CISM certification in progress MS Data Protection Center Management 2007
• Windows Server 2003 Risk Management and Risk Management Planning
• Windows Server 2008 IA Awareness user Training
• DOD IA Training CISSP Training in progress
• Active Directory Policy Planning and Implementation
• Exchange Server Business Continuity and Disaster Recovery
• Arcsight ESM certificate
• eEye Retina XACTA IA/Manager
• Secscn WAASP
• ACAS Nessus
• AppDetective WebInspect