PROFESSIONAL SUMMARY:

Experience Information Security professional with a thorough understanding of Information Assurance (IA), Security Authorization (SA) processes, and project management in various environments. These skills are supported by an education in computer science and twelve years of experience in information technology, networking, application development and customization, end user support, and system administration.

TECHNICAL SKILLS:

Proficient in: Webinspect, Retina, Nessus, NMap, DISA Gold Disk, DISA SRRs, AppDetective, DoD 8500.2 IA Controls, Application Security, Eight years experience with and Confidential S&A Processes

Knowledge of, and experience with, the Confidential 800 series publications to include: 800 - 30, 800-37, 800-53 and 800-53a, 800-137, 800-47. 800-60 , 800-61, 800-39.

Computer Science/languages: Assembly, BASIC, C, Clarion, Java, VB

PROFESSIONAL EXPERIENCE:

Certification Agent/ISSO Lead

Confidential, DC

Responsibilities:

• Track security activities of assigned systems and brief senior leadership on said activities and advise ISSOs on successful completion of System Security Plans, Contingency Plans, FIPS 199 and E-Authentication Workbooks.
• Serve as ISSE to support Enterprise Network modernization project and ensure product reviews are conducted on all assets, verify assets are FIPS-140-2 compliant, ensure all assets are tested in TDL successfully prior to Production deployment, coordinate meetings with Engineering, SOC and NOC to ensure proposed implementations on network are scrutinized by design and testing.
• Ensure all Windows OS, Linus OS, Databases and Network devices are DISA STIG. Execute STIG viewer on assets checklist, oversee engineers applying DISA STIGS and ensure SCAP tools are used for compliance testing.
• Responsible for implementing Confidential Risk Management Framework 800-37 and Confidential Information Security Continuous Monitoring 800-137 on FEMA Enterprise Infrastructure system and collaborate with FEMA management in executing all phases of the Risk Management Framework.
• Provide network infrastructure, web application and database vulnerability assessments to ensure the systems security controls are sufficient to meet Confidential, Confidential 800-53, and other technical standards & guidelines. Ensure databases, operating systems and applications are patched regularly. Utilize penetration testing methods, assessment tools and manual methods to ensure compliance & continuous monitoring requirements.
• Ensure security testing of major applications and general support systems using ISS, Retina, Nessus, IBM Appscan, WebInspect, BurpSuite etc. as part of C&A activities.
• Developed appropriate security test reports and provide final recommendations for systems Security Authorizations.
• Developing Plan of Actions and Milestones to track the correction of any security deficiencies as well as assisting the customer in correcting the deficiencies while utilizing the Secure Content Automated Protocol Methodology (SCAP).
• Responsible for reporting activities of FEMA systems on all phases of the Security Authorization to FEMA management to ensure compliance and provide guidance on IT Security requirements for FEMA’s Information Systems.
• Develop unified guidelines and procedures for conducting Authorizations and/or system-level evaluations of federal information systems and networks including the critical infrastructure of FEMA.
• Act as liasion on behalf of FEMA Office of Cyber Security and FEMA Regional ISSO’s to support FEMA accredited Infrastructure and Mission systems and provide oversight to meet monthly goals.
• Ensure metric for Confidential scorecard is accurate and meets Confidential requirements.
• Provide SME guidance to FEMA’s ISSO community on Security Authorization activities.
• Act as the Subject Matter expert in creation of Plan of Action and Milestone as a result of an assessment and report results to FEMA management.
• Act as the subject matter expert for on enterprise level Systems within FEMA. Provide peer review of critical security design of IT infrastructures and systems. Examples of projects are Authentication Systems, DLP deployment, Cloud deployment, Virtualization, data center network segmentation and Confidential Enterprise level Common Controls.
• Develop unified guidelines and procedures for conducting Authorizations and/or system-level evaluations of federal information systems and networks including the critical infrastructure of FEMA.
• Responsible for ensuring assigned systems are decommissioned and Disposed according to Confidential and FEMA Media Sanitization Policies.

Information Security Consultant

Confidential, Annapolis, MD

Responsibilities:

• Implement Agencies security vulnerability compliance testing strategy that addresses measured system security weaknesses and gaps.
• Determine the technical scope and conduct agency or business unit vulnerability assessment and penetration testing.
• Perform enumeration activities to identify, classify and assign risk for systems, devices, and network services available on agency or business unit networks.
• Conduct network and application vulnerability scanning and penetration testing activities, internally, or in conjunction with trusted external third party resources.
• Select and develop tools to support efficient security assessment methodologies.
• Communicate information related to security threats, assessment, mitigation activities and incident response to a wide audience ranging from users to technical peers to executive management.
• Provide subject matter expertise to state agencies, partners and stakeholders for vulnerability assessment and penetration testing.
• Create detailed assessment reports and security briefings related to vulnerability and mitigation activities found during vulnerability and penetration assessments to management.

Primary Assessor

Confidential, Reston, VA

Responsibilities:

• Responsible for implementing Confidential Risk Management Framework 800-37 and Confidential Information Security Continuous Monitoring 800-137 on Confidential Enterprise Infrastructure system and collaborate with Confidential management in executing all phases of the Risk Management Framework.
• Provide network infrastructure, web application and database vulnerability assessments to ensure the systems security controls are sufficient to meet Confidential, Confidential 800-53, and other technical standards & guidelines. Ensure databases, operating systems and applications are patched regularly. Utilize penetration testing methods, assessment tools and manual methods to ensure compliance & continuous monitoring requirements.
• Performed security testing of major applications and general support systems using ISS, Retina, Nessus, IBM Appscan, WebInspect, BurpSuite etc. as part of C&A activities
• Developed appropriate security test reports and provide final recommendations for systems Certification & Accreditation
• Utilize Nessus, Appdetective and IBM Appscan assessment tools to ensure compliance & continuous monitoring requirements.
• Developing Plan of Actions and Milestones to track the correction of any security deficiencies as well as assisting the customer in correcting the deficiencies while utilizing the Secure Content Automated Protocol Methodology (SCAP).
• Responsible for reporting activities of Confidential systems on all phases of the Security Authorization to Confidential management to ensure compliance and provide guidance on IT Security requirements for Confidential ’s Information Systems.
• Develop unified guidelines and procedures for conducting Authorizations and/or system-level evaluations of federal information systems and networks including the critical infrastructure of Confidential .
• Implement Confidential Ongoing Authorization Methodology on Confidential ’s accredited
• Infrastructure and Mission systems and provide oversight to meet monthly goals.
• Ensure metric for Confidential scorecard is accurate and meets Confidential requirements.
• Act as the Subject Matter expert in creation of Plan of Action and Milestone as a result of an assessment and report results to Confidential management.
• Act as the subject matter expert for on enterprise level Systems within Confidential . Provide peer review of critical security design of IT infrastructures and systems. Examples of projects are Authentication Systems, DLP deployment, Cloud deployment, Virtualization, data center network segmentation and Confidential Enterprise level Common Controls.
• Develop unified guidelines and procedures for conducting Authorizations and/or system-level evaluations of federal information systems and networks including the critical infrastructure of Confidential .
• Track security activities of assigned systems and brief senior leadership on said activities and advise ISSOs on successful completion of System Security Plans, Contingency Plans, FIPS 199 and E-Authentication Workbooks.
• Responsible for ensuring assigned systems are decommissioned and Disposed according to Confidential and Confidential Media Sanitization Policies.

Senior Application Security Engineer

Confidential, Lorton, VA

Responsibilities:

• Conducted vulnerability assessments using various scan tools (Nessus, Retina, App Detective and manual Checklists)
• Developing Study Center Security Plans for system accreditation detailing the system’s compliance with Confidential SP 800-53 rev 3.
• Performing Risk Assessments and formal Study Center Security Assessments to document the effectiveness of security controls.
• Developing Plan of Actions and Milestones to track the correction of any security deficiencies as well as assisting the customer in correcting the deficiencies.
• Assisting in developing any additional certification and accreditation documentation such as Contingency Plans, Configuration Management Plans and Incident Response Plans.

Senior Security Engineer

Confidential, Falls Church, Virginia

Responsibilities:

• Conduct web application and system testing/assessments using penetration testing tools and checklists.
• These tools include Webinspect and AppDetective, Retina, Disa Gold Disk and Nessus.
• Carefully considers OWASP top 10 vulnerabilities among many others
• Provide DIACAP certification and accreditation (C&A) engineering support for Department of Defense, Military Health Service (MHS) / Tricare Management Activity (TMA) contracts throughout the U.S.
• Provide C&A documentation support for several MHS/TMA commercial and government client sites.
• Lead engineer on multiple teams to support C&A efforts for applications and systems.
• Develop update, and test cyber security documentation for several TMA commercial client sites.
• Interact with system developers, administrators, government personnel to ensure that the systems were developed in accordance with specific guidelines.
• Develop timelines, technical, and managerial documentation to support reporting to Designating Approving Authority and TMA management.
• Conduct Ports and Protocols audits in compliance with DoD policy, directives, and guidance.

Application Support Engineer

Confidential

Responsibilities:

• Provide DIACAP certification and accreditation (C&A) engineering support for the Confidential Legislature.
• Provided data analysis, reports, and identification of security vulnerabilities for remediation within local area networks.
• Design and develop data extract programs to extract data from databases, analyze customer information and generate management reports and graphs. Write extract programs to dump midrange computer data onto the local area network using Visual Basic.
• Designed and developed an Overtime Scheduling System in Visual Basic and SQL Server.
• Developed intranet web sites using various web tools and evaluated and procured departmental development/test laboratory (hardware and software).
• Designed, developed, deployed, and maintain the business applications using Clarion, Visual Basic and Microsoft Access.
• Maintained the legislature budgeting application and designed, developed, and deployed application enhancements and ad-hoc modification of production reports.
• Gathered and specified requirements for internal and external IT projects. Participated in contingency planning for the testing and recovery of critical applications and the local area network.
• Designed, developed, implemented, maintained, and operated department information Systems residing on midrange platforms and the local area network.
• Produced related periodic and special reports for use by the legislature senior management and as required by various local government agencies. Prepared budgetary graphs using Confidential Graphics.
• Developed computer system design documents, input/output formats, flowcharts, and data storage requirements and translated flowchart logic into coding instructions.
• Coordinated testing and acceptance of computer systems. Wrote system and program documentation, user procedures and computer operations instructions.
• Assisted Systems Analyst to analyze and design system interfaces.