SUMMARY

• Extensive knowledge of Information internet protocols such as HTTP(S), DNS, IRC, SSH, FTP, TCP and UDP,
• Expert at rigorous application of information security procedures, practices and policies, and resolving interface and interoperability problems, recoverability challenges and maintaining system integrity through system fixes, technological updates and software/hardware enhancements
• Extensive experience with logging systems (i.e., syslog, Windows Event Log)
• Demonstrate strong problem solving skills
• Technical expertise in the specification, implementation, integration and management of Microsoft Windows operating systems 2000/XP/2008/2010 Professional, hardware capabilities and configuration, system interfaces, performance tuning, and management techniques for critical production systems
• Proficient in Windows XP Professional Remote Desktop Connections, establish and control Remote Assistance connections, Virtual Private Network (VPN) and authentication protocols (PAP, SPAP, CHAP, MSCHAP1, MSCHAPv2) and encryption
• Over 10 years of experience with telecommunications and electronic communications systems, network system installation and maintenance experience and UNIX system administration
• Provided over 10 years of experience providing technical support to various clients (Federal Government and the private sector)
• Demonstrate team building and leadership
• Strong Mentoring and training security team and staff per security awareness per security compliance
• Demonstrate ability to work in a fast - paced environment
• Excellent multi-tasking, communication, and organizational skills
• Strong work ethic - detail oriented, proactive, and enthusiastic

TECHNICAL SKILLS

Security Technologies: SSH, SSL, Digital Certificates, Antivirus tools (Symantec, Sophos, McAfee, CA etc)

Information Security Tools & Software: ArcSight, Tealeaf Technology CX Mobile, Dragon, Malzilla, Site Protector (ISS), AltirisEncase, SIEM event Management, Nmap, Wireshark, Symantec Vontu DLP (Data Loss Prevention), Mandiant Information Collector, Splunk, Fire Eye, Qradar - SIEM, Juniper Security Firewalls NSM, Netwitness, Sourcefire

Networking Systems/Standards: TCP/IP; IPSEC; ICMP; RDP; DHCP; DNS; LAN/WAN; SMTP; HTTP(s); LDAP; POP3, Firewalls Ethernet

Operating Systems: UNIX; Windows 7/ 98/NT/XP/ ; Windows 2000/ Servers; DOS; Solaris

Software: Microsoft Office (Word, Excel, Access, and PowerPoint); MS Outlook 2008 & 2010; Quest Software; E-Trust; PC Anywhere; Remote Desktop, PSexec

Hardware: Dell Server; IBM-compatible PC’s, ArcSight CS 1000 Connectors

Programming Languages: C++; Visual Basic 6.0; HTML; dBase 1 and 2, Red Hat Linux, JavaScript, ASP.Net, SQL

PROFESSIONAL EXPERIENCE

Confidential, Germantown, MD

Senior Cyber Security Consultant

Responsibilities:

• Responsible for verifying and implementing the detailed technical design solution to the problem as identified by the Project/Technical Manage
• Principal Consultant who analyzes and develops enterprise technology solutions
• Managed contingency planning and developed Incident Response, Disaster Recovery and Crisis Management policies and planning
• Regularly leads in the technical assessment and delivery of specific technical solutions to the customer
• Lead team in the delivery of multiple deliverables across multiple technologies
• Lead others in the gathering of requirements, designs, plans and estimates.
• Lead and/or provides expertise to functional project teams and participate in cross-functional initiatives. Sustained and consistent contribution at the work group level.
• Demonstrate innovation and communication of new deliverables and offerings
• Re-using existing experience to develop new solutions to take to market
• Providing team structure conducive to high performance, and manages the team lifecycle stages.
• Coordinates implementation of new installations, designs, and migrations for technology solutions in one of the following work domains: networks, applications or platforms
• Collects and determines data from appropriate sources to assist in determining customer needs and requirements
• Manages and own knowledge sharing within Cyber Security community
• Ensures team members support knowledge sharing and re-use requirements of project. Proactively encourages membership and contributions of others to professional community and coaches others in area of expertise
• Produce internal published material such as knowledge briefs, service delivery kit components and modules, etc. Presents at multi-customer technology conferences.
• Manage documentation and providing detailed technical design (IR) Incident Respond plan, Tabletop exercise and other designs/presentations for enterprise solutions
• Use product and application knowledge along with internals or architectural knowledge to develop solutions
• Manages bids, or major input into the sales lifecycle.
• Manages activities and provides qualitative and quantitative information for successful sales. Produces complete proposals for smaller engagements within area of expertise.
• Actively grow Confidential portfolio with existing customers through new opportunities and change management. Assists with multiple customers.
• Proactively encourage membership and contributions of others to professional community and coaches others in area of expertise
• Present within own area of Cyber Security expertise as part of a customer sales presentation, putting forward domain-specific information within the context of an Confidential sales campaign.

Confidential, Alexandria, VA

Sr Security Consultant

Responsibilities:

• Performing security support within a 24/7/365 Network and Security Operations Center (NOC/SOC) environment.
• Maintaining integrity and security of enterprise-wide to assure Cyber systems and networks and support Cyber security initiatives through predictive and reactive analysis,
• Performing ad hoc vulnerability scans as well as rudimentary penetration testing of existing production network components such as WAN, LAN, VLAN, sub-networks, networks devices, systems and software as authorized, requested or required.
• Conducting and compile cyber threat gathered through research on emerging security threats and potential customer impact.
• Articulating recommendations on continuous improvement of the processes architecture supporting overall Cyber Security Operations.
• Performing deep diving forensics via system logs, codes
• Performing NETFLOW and PCAP analysis using tools such as Wireshark, FireEye etc.
• Collaborating and analyzing attacks and security threats reviewing traffic and logs via Proxies, Antivirus MacAfee, Fire Eye, Qradar, and Firewall etc.
• Ensuring the effective operations of customer IT systems and network defenses, providing effective incident response capabilities, including usable and effective reporting that address overall situational awareness as well as ensuring management approves reports within mandated timelines.
• Using a variety of tools to correlate information and synthesize data into usable and actionable events.
• Mentored and trained client team and new Government/private security members
• Build and modified incident response plans (SOPs) and project plans to improve defense in depth security posture with existing toolset as needed, required or requested.
• Maintaining high customer service levels and coordinating team members
• Supporting various additional endeavors include wring responses to RFPs, RFIs etc.
• Provide the actionable intelligence used in organizational IT Asset protection, strategic cyber threat trending & situational awareness.

Confidential, Washington, DC

SME Network Security Incident Response Specialist

Responsibilities:

• Management and implement incident response plans and process (SOPs) to ensure systems are conformed per NIST for auditing
• Developed and implemented information assurance/security standards and procedures
• Developed work load and process per customer preferences
• Coordinated, developed, and evaluating security programs
• Recommending information assurance/security solutions to support customer requirements
• Manage Security team Strategic planning to improve SLA per customer requirement in responding to security incidents
• Serve as a SME (Subject matter expert) in incident response, remediation and proactive services
• Ensure current policies and procedures are maintained regarding federal, and departmental mandates and guidelines
• Create formal process and procedures to mitigate security incidents and vulnerabilities
• Providing direction and guidance per junior analysts, reporting status to customer and leadership per Security incidents
• Management of Splunk implementation and process, according to Confidential standards and guidelines
• Manage threats and incidents impacting the agency’s information resources.
• Develop and maintain reporting metrics and mechanism used to execute and measure SOC activities
• Identifying security risks and gaps, evaluating and recommending appropriate security measures, from a strategic perspective
• Interact with various staff and other IT agency unit services, to cooperatively achieve the successful goal of information security program.
• Educate employees about their information security and privacy protection responsibilities.
• Risk Management planning to identify and avoid or minimize (mitigate) the impact of threats to information and Confidential technology assets
• Mentored and trained cyber security staff on dynamics and process

Confidential, Laurel, MD

Security Startup Business Consultant

Responsibilities:

• Successfully oversee the start-up and strategy development, distribution and marketing Managementof a consulting firm
• Oversee and assisted the strategic management and operational oversight of the company's Global Business Development and Operations in order to provide streamlined operations, reduced operating costs, and greater profitability.
• Interface with partners and large clients to develop and maintain organizational strategies, operational efficiencies, and proposals for increasing technical efficiency and improving profitability.
• Initiating an on-going future business plan per Information Security development, in both institutional and strategic financing during difficult economic conditions.

Confidential, Baltimore, MD

Incident Response Remediation Security Specialist/Tier III

Responsibilities:

• Coordinated incident response activities with level one monitoring group, and responded to alerts as needed
• Reported recent Security Standard activities, failures and trends to management and other affected community members
• Made remediation recommendations for recovery, containment, and prevention to site network administrators Responded to tickets by Security Engineers analysts or analysts
• Ran various malware removal and remediation tools
• Developed a remediation strategy, focusing on the issues identified
• Developed and managed strategic plan per SLA requirements via security incidents response requirements
• Contained outbreaks as needed
• Performed on- going scans for threats, vulnerabilities, and malware
• Demonstrated strong problem solving skills
• Researched, recommended and implemented changes to procedures and systems to enhance security
• Actively participated with 3rd party vendor and customers to review/assess solutions, identifying any incompatibilities, challenges, or issues; worked with appropriate individuals and team(s) to resolve issues
• Performed forensic Investigation and analysis of user and device activities, using Encase, Malzilla and other forensic tools.
• Determine if other infrastructure is also infected
• Validating Alerting from a variety of monitoring technologies, to include Intrusion Detection Sensors
• CAPRS (In-House Trouble Ticketing System)
• Acted as Security Event Manager
• Developed Antivirus, Anti Malware, and cyber threat Reports

Confidential, Columbia, MD

Security Server Log Manager

Responsibilities:

• Demonstrated the development and structure of Sever Log Management team from scratch (Server Microsoft 2003 & 2008)
• Developed and implemented incident response policies and procedures
• Mentored, Trained and lead team and Server Log Management issues and resolution
• Worked hand & hand with customer and Management to ensure all requests are being met per customer to resolve any Security Log issues
• Implemented cross function teams to address operational, strategic, & security challenges
• Served as a leader for publishing strategic intellectual capital and development of formal frameworks and methodologies
• Demonstrated strong l writing and presentation skills for customer/clients per Cyber Security enhancement and new policies
• Approached customer requirements, leveraging existing intellectual capital and developing new innovative concepts
• Conducted and provided security architecture direction to on-going programs for security logs enhancement per organization
• Created policy per NIST series 800 guidelines via best organization practice on Server security logs
• Developed and enhance documentation for all Server Log Management Team activities to include Work Instructions, training material, procedure process
• Created, developed and modified Certification and Accreditation (C&A) documents to ensure that systems conform to NIST, and CDC security policies, standard operating procedures (SOP) and guidelines.
• Assisted with Security Authorization (formerly Certification and Accreditation) planning to comply with government regulations and guidance reviewed security control assessments and security authorization package documentation, including system security plans, contingency plans, incident response plans
• Developed Webpage per Security Server Log Management Instructional manual, Training, templates, procedure and process
• Provided remediation implementation per incident, vulnerabilities per security compliance violation or misconfiguration
• Configured ArcSight (SIEM) Connectors CS 1000 for deployment per sector via Red Hat Linux programming
• Worked with ArcSight Engineers to assure server logs/events were generated properly from ISS (Site Protector) into ArcSight
• Managed/developed server logs content development per ArcSight to correlate and capture security logs/events
• Analyzed of policy violation, unauthorized server logons, security policy change, vulnerabilities of 4000+ servers globally
• Monitored security server logs of, mis-configuration, Brute Force attack and anomalous activity per Arcsight

Confidential, Linthicum, MD

Information Systems Security Engineer II

Responsibilities:

• Detected and respond using IDS/IPS to monitor the security of the Confidential network on various operating systems
• Monitored the infrastructure, analysis and resolution of incidents using Arcsight, Site Protector, Sophos, MIC Management etc.
• Monitored and made recommendations per improvements to security policy
• Provided support and monitored per Symantec Vontu Data Loss Prevention (DLP), including analysis and implementation of DLP requirements
• Performed and Reviewed DLP policy violation alerts, per investigation and resolved
• Developed and implemented SOPs for the entire security infrastructure
• Analyzed threats and vulnerabilities to the Confidential global computing environment
• Detected and respond to all malicious/suspicious activities inbound/outbound traffic
• Identified, analyze, remediate, and report all cyber security incidents
• Web inspect for web scans, appdetect for database & applications, vulnerability scanner for OS using ISS & MacAfee
• Tested Web applications for common security vulnerabilities as defined by OWASP including SQL injection, cross-site scripting, session management
• Managed projects and delivered on time cyber threat reports to management
• Managed and investigate correlation using various incident management systems tools
• Managed & investigate remediation of Viruses, unauthorized software etc. using various incident management system
• Created instruction manuals and training guides of protocols and procedures for the Security Team & train new hire
• Monitored and investigate event logs, firewall logs, proxy logs, intrusion detection, and other security systems using Arcsight, Site Protector, MIC etc
• Investigated any malicious activities internal or external via packages or sessions Confidential global wide
• Reviewed firewalls logs across NG global wide
• Correlated & analyzed security inputs from multiple sources but not limited to IDS/IPS consoles, firewall logs, real-time packet trace, host logs
• Researched and perform risk assessment and recommendation on announced vulnerability assessment
• Performed forensic on suspicious files on various devices during investigation process using Encase and other forensic tools
• Investigated all malicious threats targeting devices global wide via internet or email
• Performed Application and OS vulnerability scans to assure all security compliance are being met per NG security policy
• Developed weekly reports summarizing activity observed and action taken and log incidents as they occur SIM
• Analyzed incoming and outgoing network traffic to assure security compliance are met
• Investigated machines that has been compromised work with Security Officers for immediate shut downs per policy
• Made determination of shutdowns on compromised machines on suspicious activities per policy verseen a large and complex Cyber Security and Investigate global NG wide
• Provided forensic analysis support and incident response to the 24x7 Security Operations Center
• Used various tools for cyber security experience using various tools and techniques for investigation
• Managed security information and event management products (SIEM) per Symantec and ArcSight to collect,analyze andassess security and risk information
• Provided deep dive analysis and correlation of log data from multiple sources
• Provided vulnerability scans on servers before production going on NG network
• Worked a various operating system environment such as Windows, Linux, Unix etc.

Confidential, Washington, DC

Network Administrator/Lead

Responsibilities:

• Supported an Outlook 2000 & 2003 on Exchange 2003 server for e-mail and file and print migration for the Department of Transportation Federal Highway Administration (FHWA)
• Supported of email server migration, file and print, OWA, front-end system administration of Active Directory creating groups, email account, assigned permissions, Group Policy Objects (GPO), remove/disabled accounts, reset passwords
• Provided support for Microsoft Outlook Web Access (OWA) and front-end system administration of Active Directory by creating groups and email accounts; assign permissions and Group Policy Objects (GPO); remove/disable accounts and reset passwords
• Post migration, provide Tier II level support for e-mail, file and print, and other technical systems to the Office of the Secretary of Transportation (OST) and other newly migrated end-users resolving WINS, DNS, internet and intranet issues, utilize Quest utility tool emwprof.exe ensuring exportation of user exchange settings to new mail server e remotely manages an eTrust Antivirus Admin Server; routinely determine those clients running the latest version of the eTrust Antivirus application on the network which is configured to scan the local subnet
• Performed responsibilities and duties as a migration analyst collecting user data such as screen shots of desktop, Outlook 2000/2003 server names, location of .pst, .oab, .ost and .pab files, delegates, rules wizard, network drives and printers, ensure network connectivity
• Collect information regarding the existing Exchange environment
• Perform Migration Analyst duties by collecting user data such as screen shots of desktops, Outlook 2000/2003 server names, the location of .pst, .oab, .ost, and .pab files, delegates, rules, network drives, and printers; also ensure network connectivity
• Provide Tier II level support for e-mail, file and print, and other technical systems to the Office of the Secretary of Transportation (OST) and other newly migrated end users, post-migration
• Resolve WINS, DNS, and internet and intranet issues
• Utilize the emwprof.exe utility tool (Quest Software) by ensuring the exportation of user exchange settings to the new mail server
• Deliver exceptional customer service and timely end-user support to FHWA’s headquarters and field sites by accomplishing the OneDOT initiative that supports the Presidential directive of advancing the e-Government strategy
• Monitor and resolve assigned Outlook migration tickets in the Support Magic ticketing system
• Update tickets in a timely manner by entering problem resolution information into the Support Magic knowledge management tool
• Effectively work with the MS Exchange 2003 Cluster, Windows Server 2000/2003, DHCP, LAN, and DNS
• Remotely manage and update an E-Trust Antivirus Admin Server; routinely determine those clients running the latest version of the E-Trust Antivirus application on the network which is configured to scan the local subnet
• Responsible for the deletion and clean-up of GroupWise/Exchange domain email accounts utilizing Novell Console One
• Execute full data migrations and imaging of over 1000 user workstations by utilizing the File Transfer wizard, administrative sharing, and Norton Ghost
• Review unattended installations with answer files, update NTFS permissions, change inheritance information, and assign permissions

Confidential, Baltimore, MD

Image Capture Specialist/Project Management

Responsibilities:

• Traveled 100% of the time to Confidential (SSA), OHA, and DDS sites 3-5 weeks per site
• Provided project management of SSA training, site setups, knowledge transfer, and inventory control
• Consistently met deadlines for production according to government requirements
• Initiated and participated in on-site meetings with DDS and OHA staff; managed the agenda items along with site survey scheduled and conducted conference calls with the DDS and OHA administrators to perform a pre-arrival review of the site's compliance with items in the survey
• Trained IT staff on the maintenance of the 2650 Dell Servers and daily operations
• Performed installation, configuration, and testing with Connect Direct and Message Print Operation (MPO) on production, training and fax servers
• Executed testing and validation of local scanning and software applications
• Participated in conference calls to configure and test the T1/PRI fax line
• Managed and monitored the sites’ inventory of Dell 2650 servers, workstations, UPS 9125, and server tape back-ups
• Supervised the setup, construction, network connections, and connection of all the varied components and peripherals of the DMA server and scan station equipment, including UPS, switch boxes, etc.
• Conducted knowledge transfer and training to SSA IT staff of event logs, daily maintenance of servers, and the backing up of the production server with the fax server
• Modified system variables such as Back-up Domain Controller (BDC) and “lclsvr” to accommodate network settings for backing up the system
• Administered the set up of the fax, production, testing, and training servers
• Managed all configuration settings, installations, and troubleshooting of the Windows 2000 Dell 2650 servers and Dell workstations using Solaris
• Provided the proper safety specifications and set up of a UPS 9125 and other government equipment
• Configured the system variables for a Windows 2000 network
• Performed maintenance of the production, fax, and testing servers for implementing Fujitsu scanners for SSA

Confidential, Arlington, VA

Help Desk Engineer/Network Administrator

Responsibilities:

• Provided installation, configuration, and troubleshooting of various software and web-based applications on laptops and desktops
• Deployed and configured new computers and laptops for new hires using the Ghost tool; created images
• Recorded and prepared live tapings of talents for FBR on stations such as CNBC and Bloomberg
• Enhanced speed and performance along with maintenance on PC’s by cleaning up the registry and checking for viruses
• Performed troubleshooting of network problems, cabling, and installation of network equipment
• Wired and activated ports for Network Engineers
• Created and reset network, VPN, Sync ticket, and Event Desk log-in passwords for users utilizing Active Directory
• Provided desktop and phone support remotely, using PC Anywhere, to users world-wide
• Resolved any hardware and software issues; resolved any issues with web-based applications, as well
• Worked with System Administrators and Developers to resolve network and application issues
• Set up projectors, audio sounds, and network connections for conferences
• Worked with domains and network protocols such as TCP/IP, DHCP and SNMP
• Upgraded PC and hardware devices, drivers, and RAM storage
• Replaced hard drives, power supplies, and NIC cards; communicated with vendors such as Confidential
• Utilized various Compaq/Dell desktops and laptop devices
• Provided LAN administration utilizing Windows 2000 and XP
• Supported and installed software such as MS Office, MS Outlook, Bridge, Factset, Rumba, and Excel add-in tools
• Provided desktop and phone support to 1000+ users

Confidential, Washington, DC

PC Specialist/Junior Administrator/Migration Team Lead

Responsibilities:

• Oversaw the effective implementation and execution of departmental guidelines and processes, encompassing normal and high-volume operations
• Responsible for assembling the task team, assigning individual responsibilities, identifying appropriate resources needed, and developing the schedule to ensure the timely completion of the task milestones and final acceptance
• Prepared activity and progress reports regarding all assigned tasks via security team
• Provided written and oral results to company and client representatives
• Completed tasks within estimated time frames and budget constraints.
• Trained/supervised employees on AC and SC (database) and the Ghosting tools
• Created manuals and training guides of protocols and procedures for the PC Deployment Team; implemented plans to allow the PC deployment team to function more effectively
• Installed, upgraded, troubleshoot, and configured back ups of data and the system; maintained the network storage using the Ghosting tool
• Migrated various operating systems such as Windows 95, 98, NT, XP Professional; migrated network operating systems such as Novell and Windows NT
• Supported various software applications such as MS Office and MS Outlook
• Provided desktop support systems to 1000+ users within SLA
• Maintained local area network hardware and software, such as personal computers’ software applications and printers; supported Blackberry devices
• Trained users on assigning attributes
• Established and maintained network users, the user environment, directories, and security settings
• Troubleshooted Peregrine working with Asset Center 5.0 and the wizard chain code
• Debugged error messages
• Tested and packaged software upgrades for Confidential using Wise Package Studio
• Remotely troubleshooted user’s PC’s by performing system management activities such as computer management, account management, and performing tuning
• Coordinated all migration activities
• Developed technical reports and other required documentations; prepared all daily and weekly reports via security team
• Set team goals and promoted overall team motivation and communication/teamwork
• Managed and updated deployment team appointments and inventory stock using Asset Center and the Peregrine (Service Center) database system