SUMMARY:

Accomplished information security leader with over 15 years of experience in IT security, risk management, incident response and investigations. Technical security leader skilled at ensured security compliance in public and private corporations and government agencies. Adept at developing and implementing cost effective and efficient security policy, procedures, practices and training. Proven talent in gaining consensus and securing internal and external partnerships. Excellence in identifying, eliminating risks and redundant capabilities, which ensures cost savings and business success.

TECHNICAL SKILLS:

OFFICE TOOLS: Virtual CISO, MS Project, MS Office, MS Excel, MS Visio, Technical writing, Browser applications, Online research, SQL reporting, eMASS, XACTA.

VULNERABILITY TOOLS: CIS CAT and RAT, Retina, Gold Disk, Nessus, Qualys, AppScan, SRR scripts and other scripting tools.

SECURITY TOOLS: Octave, Tripwire, Flying Squirrel, AirSnort, Aircrack, Wireshark, Virus protection, VPN, Cisco/Pix FW configurations, Patching, WebSense, IDS/IPS, CA RealSecure, CA Top Secret, MARS, BlackIce, Snort, ArcSight.

PROFESSIONAL EXPERIENCE:

Confidential, Austin, TX

Partner / Chief Information Security Officer

• Lead strategic direction, while inspiring the implementation of innovative solutions and best practices to address company’s business needs and priorities. Manage direct and indirect resources across organization. Advise executives and subordinates throughout organization on matters pertaining business operations, information security, information systems, and technology.
• Develop contract proposals for information security projects. Oversees and supports all government compliance activities; develops security and business continuance standards and action plans; oversees and develops security architecture and policies based on business needs, risk assessments, and regulatory requirements; oversees information security risk analysis and system audits; perform client project oversight as information security subject matter expert.
• Orchestrate and implement cyber security training programs for the company and clients. Plans, assigns, and supervises the work of others.
• Successfully develop and implement business opportunities; foster teaming/partnership agreements
• Reduce business risks in - line while maintaining business needs and priorities

Confidential, Austin, TX

Senior Consultant

• Completed Independent Verification and Validation (IV&V) team assessment reports for multiple State of Texas agencies. Technical team lead for compliance reviews of CMS, MITA, NIST, TAC 202, and State of Texas business requirements. Validated and documented non-compliant findings. Authored assessment reports and performed peer reviews. Developed security presentations for clients. Developed company’s new hire guide.
• Client accepted & acknowledged 4 quality business assessment reports
• Client accepted & recognized 3 quality confidential security assessment reports

Confidential, Austin, TX

Technical Project Manager

• Manage large Texas state agency application (OWASP) and information security (NIST-RMF) project assessment under a multi-million dollar, multi-year contract. Led information security, network security and application (secure software development life cycle) assessment teams (14 members) across broad technical and business disciplines, including web applications.
• Deliverables received on time, within budget and with client satisfaction
• Entire team received the Superman Award for superior performance in overcoming challenging project requirements

Confidential, Port Hueneme, CA

Project Manager / Senior Security Engineer

• Manage DIACAP security validation projects for Navy NAVFAC at Navy Information Technology Center (NITC), Port Hueneme, CA. Re-accreditation and certification of Navy business information systems (Windows, Linux, VMware, and Network devices). Developed DIACAP packages, annotated Information Assurance findings within the scorecard and Plan of Action and Milestones (POA&M).
• Teamed to develop proposals and bids. Participate in the NITC Information Technology Infrastructure Library (ITIL) working group for IT Service Management. Improved the Configuration Management, Change Management, and Release Management processes. Test the Cyber Incident Response Plan and procedures, as well as, testing the information assurance controls.
• Delivered complex security assessment products on schedule, within budget, ensured quality standards, and customer satisfaction
• Cultivated strong professional relationships and partnerships with key project managers and IT team leads

Confidential, CA

IA Deputy Program Manager for Western Range (Contractor)

• Managed the information assurance (IA) team and the systems engineering projects along the entire west coast that support to the Air Forces Space and Missile Command (SMC) Western Range (WR) Launch and Test Range System (LTRS) that support Space and Airborne Systems (SAS) programs.
• Work with executives and managers to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Managed & performed DIACAP Certification and Accreditation (C&A) and ISO, SANS, NIST compliance activities.
• Identified and resolved issues within existing project schedules and Basis of Estimate (BOE).
• Follow and ensure compliance with Engineering Change Requests (ECR) and Production Readiness Reviews (PRR) requirements.
• Perform reduction in system manufacturing costs, attributable to specific process/production improvements, improved quality of Work Instructions and tooling implementation.
• Improve delivery process of all projects to increase success within the revenue cycle.
• Developed and maintained relationships with business partners, external auditors and internal compliance groups in order to coordinate activities as appropriate on specific projects.

Confidential, San Antonio, TX

Senior Security Engineer

• Travel to Army sites to perform DIACAP self-assessments and/or Independent Verification and Validation (IV&V). Verified that sites were in compliance with Information Security and Cyber security requirements, such as patch management policies, Cyber Incident Response Planning (CIRP), Contingency of Operations Planning (COOP), Disaster Recovery Planning (DRP) and other best practices. Reviewed and analyzed TEMPEST (EMSEC) and COMSEC for compliance.
• Assessed numerous Army unit’s for DIACAP accreditation compliance that led to letters of Authority to Operate (ATO)
• Validated and reported non-compliance of DIACAP requirements, which resulted in a letter of Denial of Authority to Operate (DATO) to one Army Unit.

Confidential, Austin, TX

Owner / Consultant

• Perform Profit/Loss (P&L) responsibilities. Ensured various client projects were delivered on time / within budget, good quality. Effectively perform NIST, FISMA, DIACAP, ISACA’s COBIT, HIPAA and HITECH security and privacy assessments Texas state agencies, medical offices, IT businesses and a CPA audit firm. Perform audit assessments (SSAE-16/SAS70) in compliance with GAGAS. (Sample of Clients: Northrop Grumman, Fort Hood, TX; CACI, Austin, TX; First Data Government Solutions, Austin, TX; Overwatch/Textron, Austin, TX; HHSC, Austin, TX; BAMC, San Antonio, TX; University of Texas in Austin, Austin, TX)
• Led security programs and reduces costs through effecting managing of resources
• Increased accuracy in reporting through more effective use of available data
• Complete audit to the client’s satisfaction, and provided areas for improvement as well as solutions
• Recognized for development of online security certification program for UT at Austin.
• Successfully accredited multiple LANs under DIACAP

Confidential, Austin, TX

Information System Security Officer

• Managed the Austin Automation Center’s (AAC) 24/7 large data center (Multiple terabytes of data) for the Confidential (DVA) and franchise fund clients. Managed security assets in excess of multi-million dollars. Responsible for oversight of IT security and controls. Monitored compliance with anti-virus and malware protections, vulnerability and patch management, system secure builds. Performed penetration, vulnerability and user functional testing for a “Sensitive but
• Unclassified” Mainframe, Mid-Range, Windows and UNIX WAN / LAN networks to include the use of authentication and access control solutions. Ensure compliance with FISMA, NIST Special Publications (800-53, 800-30), OMB A-130, Federal IT and security requirements, and State and Federal Legal, Privacy and data protection requirements. Partnered with federal (GAO, IG) and client internal and external IT security audits and reviews. Support security requirements reviews on firewalls, routers, communications protocols, and IDS/IPS. Previous position: Perform System Administration and System Programmer duties for maintaining computing systems (Windows client servers and OS/390 Mainframe). Install, secure configuration, harden and monitor systems, and COBOL application development.
• Implemented, tailored, maintained and monitored the intrusion detection system resulting in identification and prosecution of individuals for unauthorized access and system damage
• Develop and implement security incident response plan and incident forensic policy and procedures
• Prepared and oversaw disaster recovery, business continuity plans and warm site exercises
• Presented at public speaking engagements on various IT and Security subjects for local Conferences and DVA events.

Confidential, Austin, TX

Customer Service Representative

• Performed customer service computer technical assistance for level 1 and 2 issues. Performed new hire training and development. Developed and disseminated working aids and guides throughout department.
• Successful resolved customer system issues within a timely manner
• Improved customer service rep. training

Confidential

Manager / Master Intelligence Analyst

• Managed national security projects at various Confidential locations. Brief senior leadership and staff on current situation activities for specified areas of interest. Lead teams up to 25 intelligence personnel. Performed training development and trained new hires. Authored classified technical intelligence articles and reports.
• Successful Captured and Reported First Reports of New Activity
• Reduced Mission Costs through Creative Acquisition of Authorized Products and Supplies