DIACAP-RMF/NIST/FIPS/NIAP/NSA/DOE-NUCLEAR- Cyber Security - C4ISR Systems Engineering Information Assurance System Security Engineer IASSE

EXPERIENCE SUMMARY:

• Fifteen years of extensive and diverse military, civilian, technical, nuclear, financial/banking, training, and supervisory experience gained on a variety of command, control, communications, computer, intelligence, surveillance, Cyber Security and reconnaissance C4ISR systems and subsystems.
• Well versatile on Certification Accreditation via DIACAP-RMF/DCID-6/3, Army Regulation 25-2, NSA Type 1/2, FIPS 140-2, NIST 800-37/53r4/NIAP/NISPOM/FIPS-199/200, Common Criteria CC , PCI, for some of the following enterprise systems:
• 1. Information Systems IS , Intelligence, Nuclear Power Grid Systems, Federal State systems, Financial Banking systems, Surveillance and Reconnaissance Aircraft, Missile Defense Systems, Meteorological and Weather Systems, Naval Weapon Systems, Telemetry, Navigational Aids NAVAIDS , Satellite Communications SATCOM . Security Compliance, Policies and Procedures Development, Risk Management, Security Assessments, etc.
• 2. More than 10 years of experience in IT project/ program management, line of business management, and/or corporate strategy Experience managing security intelligence functions, including working with various Security Protocols and Standards. Manages relationships with Cyber Security Standards bodies to ensure that Standards continue to meet the business, product, and customer needs. Collaborates with leadership from internal business units and aligns technology development, engineering, support, and external partners. Conducts meetings with leadership and key stakeholders to validate understanding of business goals and effectively communicate/ align strategy with development and engineering teams. Acts as an external liaison to industry partners and organizations, maintaining key relationships for alignment with internal programs.
• 3. Experience with Procedure Development and Revision with Nuclear/DOE - Department of Energy/DOD: NERC CIP regulations version 3 5. Responsible for assisting Power Generation in the development, implementation, and communication of the information security practices, policies NEI 08-09/NAP14-1.D NIST 800-30/53r4, and procedures which promote a secure and uninterrupted operation of Power Generation Industrial Control and SCADA systems. Risk Management assessment, mitigation, and implementation , Commercial Items CI and Non Developmental items NDI , Disaster Recovery, Business Continuity Planning, Change Management, Configuration Management, and Network Management.
• 4. Airborne Communication Systems, Air Traffic Control ATC Communications, Avionics, and Instrumentation Systems, Command and Control Centers Missile Range Mission Flight Control Centers , Ground Radio Communications Systems, Point-to-Point, Ground-to-Air, Air-to-Air, and Air-to-Ground, Airport Electronics and Communications, Automated Information Systems AIS ,
• 5. Foreign Affairs Handbooks FAHs , Foreign Affairs Manuals FAMs and DoS IRM/IA C A Tool Kit, CNSSI 1253 NIST Special Publications SPs including SP 800-30/53r4 and SP800-37 / SP800-37 Rev 1. National Security Agency NSA Certification Accreditation for Type-1, 2 3 Cryptosystems, and security appliances.
• 6. Secure Configuration Compliance Validation Initiative SCCVI , GOLD Disk, Feasibility and Trade Studies. COMPUSEC, COMSEC AR 380-41, 380-5, 380-19, and 380-40 , ELSEC, EMSEC AFM 33-214, AFI 33-203, NSTISSM/TEMPEST 1-95/2-95, 7010 , INFOSEC, NISPOM, OPSEC, TRANSEC, and TEMPEST. Requirements definition, tracking and monitoring, Dynamic Object Oriented Requirements System DOORS .

SECURITY CLEARANCE:

• Department of Defense DoD clearance: Active Secret clearance: Granted April 1983. Updated Feb. 2012. Interim TS.

WORK EXPERIENCE:

Confidential

Lead Cyber Security Information Assurance Analyst/Consultant

• Certified Accredited many of the Systems of the Dept. of the Social Services of S. Carolina. Small and complex Networks involving Servers, Web-App Servers, Databases SAN , VPNs, Fire Walls, IDS/IPSs, Switches, Routers, Antivirus, and specialized Software to Interconnect with other State agencies and the IRS.
• Application of the NIST/FIPS, financial business Standards to produce Polices Procedures for the entire State and Social Services. Risk Management Framework RMF , Risk Analysis and Mitigation Techniques via STIGS to harden Servers, Op. Systems, etc.
• Perform detailed requirements gathering, compile business and functional design documents, create and execute test plans, and assist with user acceptance testing and end user training. Participate in the configuration of applications to meet business requirements Interface between IT and the end-users during systems development. Developed complex reports for all levels of management. Analyzes and re-engineers business processes to solve complex problems. Developed high-level design documents.
• Apply all the NIST 800-53r4 Information Assurance Controls to all the Systems to be accredited. Mapped all the NIST 800-53 Controls with the appropriate DIACAP-RMF and Common Criteria CC IA controls. Developed extensively all the necessary NIACAP artifacts System Implementation Plan SIP , NIST Implementation Plan NIP , NIST Scorecard, IT POA M and the System Security Plan SSP in order to certify the systems. The SSP is been developed according to the NIST SP 800-18.
• Also worked with the Chief Information Officer to verify that all the Inherited Controls are covered from the State Security Plans e.g. Disaster Plan, Contingency Plan, etc. . Worked with the Sr. IA Officer, the Certification Accreditation Officers and the DAA to produce a Risk free System or close to it. Worked in hardening the Operating Systems as needed according to Government State STIGS. Developed Test Procedures to validate and verify Test Cases.

Confidential

Information Assurance consultant/analyst

• Supporting the ARMY's C4ISR Center of Excellence for all Cyber Security IA programs. This involves the Crypto Modernization Program for most Crypto Units, Radios, and ANDROIDS, Cross Domain Solutions, JTRS radios the new MNVR , JTRS Waveforms especially the new WNW, MUOS new SRW/EP , Handheld Radios, PDAs, HAIPE devices, Secure phones, Android Tablets Smart Phones, via NSA, FIPS 140-2, NIST/NIAP, DIACAP/Army Regulation 25-2. Analysis of the IA controls, and generating all the DIACAP-RMF/NIST artifacts: SIP, DIP, Scorecard, POA M, Sys Sec Plan, Sec Test Eval files for the C A effort Deliver to customer the DIACAP/NIST packages for review and comments. Worked with DoD SRGs and DISA STIGs on the System Security Policy Plan for all Projects. Draft copies were generated for Gov. customer review. Worked with the Gov. representatives to resolve IA issues and finalize all the DIACAP-RMF/NIST C A Packages for IATO/ATO.
• Expertise in security of multiple operating systems, especially: HPUX, Linux, Windows, other OSs access control, authorization and authentication technologies: PAM, Active Directory, LDAP. Securing fundamental networking protocols: DNS, HTTP, TCP, UDP, TLS, IPSEC, 802.1x, NFS. Encryption fundamentals techniques symmetric/asymmetric, ECB/CBC operations, AES, etc. .
• Worked with NIST SP 800-30/37/61 federal Gov. Security regulations, NIST SP 800-53r4, NISPOM, DoD PKI LDAP etc.
• Working with the Department of Energy Nuclear/DOE - NERC CIP regulations version 3 5. Responsible for assisting Power Generation in the development, implementation, and communication of the information security practices, policies, and procedures NEI 08-09/NAP14-1.D which promote a secure and uninterrupted operation of Power Generation Industrial Control and SCADA systems.
• Overseeing the Key Management Infrastructure KMI with the development of a Software Application KMI2 to transfer Black Keys from KMI-MGC to flow into an existing ACES workstation down to the Brigade level.
• Worked on the New SRW-EP Waveform for the Army and the New MNVR radio. Supporting all the IA Security architecture and the overall HW/SW architectures including the Special Features, e.g. Advanced Routing, MIMO Project Management, Interference Cancellation, Directional Networking, EW Scenario development, etc. SRW-EP will run in Un-Classified and Classified mode. Supporting the COMSEC TRANSEC issues with NSA and key Management.

Confidential

Sr. Information Ass. Cyber Security Analyst/Consultant Confidential

• Leading the IA Security team at Eglin Air Force base, FL for the DIACAP-RMF SIP, DIP, Scorecard, POA M, Sys Sec Plan SSP Sec Test Eval Certification Accreditation of the Air Combat Training Systems. The architecture involves air to ground radios, Aircraft processors, NSA Crypto devices e.g. KG-250X HAIPE devices and Cross Domain Solutions CDSs . Also includes simulated weapons processors so the pilot can do training in a LIVE and SIMULATED environment up in the air. The training involves F-15s, F-18s, JSFs F-35 and other NATO aircraft. This is a Multilevel Security domain Air Combat Training exercises. Expertise in security of multiple operating systems, especially: HPUX, Linux, Windows, other OSs Expertise in access control, authorization and authentication technologies: PAM, Active Directory, LDAP. Securing fundamental networking protocols: DNS, HTTP, TCP, UDP, TLS, IPSEC, 802.1x, NFS. Vulnerability assessment process and tools experience a strong plus: OWASP, Burp Suite, SpiDynamics, etc. Understanding of risk modeling concepts and frameworks e.g. STRIDE, DREAD, FAIR.Strong background in data driven information security decision making and prioritization Strong understanding of the attacker kill chain.
• Also leading the IA Security of a Hand held device for an R D Army/Marines project. Involved in the HW SW architecture of the whole Hand-held and particularly in the Cyber Security architecture. Involved in customer and NSA meetings to further develop the DIACAP-RMF Certification Accreditation of the system. The system involves an Android smart phone, a Crypto SUITE B engine and a Tactical Rifleman radio. The Android phone will run an ARMY application called FBCB2. This App is running in a secure OS environment. The smart phone provides user authentication via 2 factors and user roles. All messages back forth to the Android are encrypted via a Type 3 FIPS 140-2 crypto engine.

Confidential

As a Senior Information Security Engineer, Mr. Georgoulis was the team lead for the United States Air Force Reserve Command W. Robins, GA supporting the Department of Defense Information Assurance DIACAP-RMF Certification and Accreditation SIP, DIP, Scorecard, SSP, POA M files for the C A effort activities of the Video Teleconference System the Information Warning System IWS , and various Telephone Switches. Responsibilities included registering DoD IS with Enterprise Information Technology Database Repository EITDR/eMASS developing DIACAP-RMF comprehensive and executive packages, System Security Plan SSP , support documentation and artifacts conducting security hardening using DISA STIGs, SRRs, and security checklists Conducted independent verification and validation IV V , and security test and evaluation ST E testing activities conduct risk and vulnerability assessments, document, mitigate, and remediate deficiencies. Vulnerability assessment process and tools experience a strong plus: OWASP, Burp Suite, SpiDynamics, etc.

Confidential

• As a Sr. Information Security Consultant, Mr. Georgoulis provided certification and accreditation support to the Spacelift Range System Contract SLRSC for the Vandenberg Air Force Base Telemetry Receiver Site VTRS . Responsibilities include reworking DIACAP-RMF C A packages SIP, DIP, Scorecard, POA M files for the C A effort including the SSP, and ST E. Conducting ST E testing and reviewing raw test data. Developing the Security, Test and Evaluation ST E plan, test cases and generating reports. Develop DIACAP-RMF Comprehensive Executive packages support documentation and artifacts. Make recommendations and comments to improve the success rate for project documentation. Identify, review, document, verify, test, and validate IA controls, safeguards, and countermeasures.
• Conduct peer reviews. Provide expert technical guidance, interpretation, and implementation oversight of applicable information security policies, processes, and practices to support continued operational availability and integrity for DOD information systems and IT processes e.g. security of multiple operating systems, especially: HPUX, Linux, Windows, other OSs access control, authorization and authentication technologies.
• Implementing IA Cyber Security via Operating Security Centers OSC such as Emerson, and Honeywell. DSPs, PLCs, PAM, Active Directory, LDAP. Securing fundamental networking protocols: DNS, HTTP, TCP, UDP, TLS, IPSEC, 802.1x, NFS Encryption fundamentals techniques symmetric/asymmetric, ECB/CBC operations, AES, etc.

Confidential

Sr. Information Ass. Cyber Security Consultant

• As a Senior Information Assurance Engineer Team Lead , Mr. Georgoulis supported the GDLS/GDC4S JTRS-HMS Project. He conducted Department of Defense Information Assurance Security Certification and Accreditation Process DIACAP-RMF via the SIP, DIP, Scorecard, Sys Sec Plan SSP , POA M files for the C A effort and IATO/ATO Vulnerability assessment process and tools: OWASP, Burp Suite, SpiDynamics, etc. Understanding of risk modeling concepts and frameworks e.g. STRIDE, DREAD, and FAIR. Strong background in data driven information security decision making and prioritization
• Strong understanding of the attacker kill chain activities for several platforms to include the JTRS-HMS radios e.g. Rifleman Type 2 , Type 1 radios and the R D HAIPE Type 1 Vehicle Radio NSA Type 1 Certification Accreditation Also supported the Future Combat Systems FCS , Abrams New Evolution Tank, Stryker Family of Vehicles, Joint Light Tactical Vehicles JLTV and MUOS waveform. Responsibilities include developing DITSCAP C A packages, support documentation and artifacts identifying and documenting security requirements conducting security hardening activities using DISA and NSA Type 1 security technical implementation guides STIGs , security readiness reviews SRRs and security checklists, and industry best practices. Conduct risk and vulnerability assessments IAW DISA PSSM/CAP policies and procedures conduct independent verification and validation activities conduct risk management activities assessment, mitigation and remediation . Mr. Georgoulis was the subject matter expert for several Cross Domain Solutions CDS , and for HAIPE Type 1 devices.

Confidential

Sr. Information Ass. Security Analyst/Consultant

As a Senior Information Assurance Engineer Team Lead , Mr. Georgoulis supported the JTRS Ground Mobile Radio GMR , Airborne Marine Fixed AMF , and Future Combat Systems FCS project. Responsibilities included conducting NSA, NIACAP, DIACAP/NIST certification accreditation packages. Conduct DITSCAP to DIACAP transitioning Expertise in security of multiple operating systems, especially: HPUX, Linux, Windows, other OSs access control, authorization and authentication technologies: PAM, Active Directory, LDAP. Securing fundamental networking protocols: DNS, HTTP, TCP, UDP, TLS, IPSEC, 802.1x, NFS. Encryption fundamentals techniques symmetric/asymmetric, ECB/CBC operations, AES, etc. Vulnerability assessment process and tools experience a strong plus: OWASP, Burp Suite, SpiDynamics, etc. Understanding of risk modeling concepts and frameworks e.g. STRIDE. Strong background in data driven information security decision making and prioritization Strong understanding of the attacker kill chain. Conduct security test and evaluation, ST E , configuration, test and evaluation CT E , and independent verification and validation IV V activities. Conduct risk and vulnerability assessments. Conduct risk management activities assessment, mitigation and remediation . Conduct security hardening activities using DISA STIGs, SRRs, and security checklists. Develop C A packages, support documentation and artifacts. Map security requirements to system requirements. Develop security test and evaluation test cases. Evaluate defense in-depth architecture and designs and made recommendations for improvements.

Confidential

Sr. Information Security Lead

As an Information Assurance Engineer Team Lead , Mr. Georgoulis supported the Multi-sensor Command and Control Aircraft platform MC2A with C4ISR Intelligence, Surveillance and Reconnaissance sensors and associated subsystems for the United States Air Force. Enter security requirements into the DOORS database. Develop DITSCAP certification and accreditation packages, support documentation and artifacts. Conduct security test and evaluation ST E activities, and developed ST E test cases. Conduct risk and vulnerability assessments. Conduct risk management activities assessment, mitigation and remediation . Configure system components, and employ DISA/NSA STIGs.

Confidential

Information Security Consultant

As an Information Assurance Engineer Team Lead , Mr. Georgoulis supported the FAA/NASA Aeronautical Telecommunication Network ATN . Responsibilities included installing and configuring the public key infrastructure PKI . Supervise a team of 10 IA engineers. Develop the Air to ground digital protocol VDL M2 IAW OSI methodology utilizing ICAO VDL M2 and SARPS. Develop DITSCAP C A packages, support documentation and artifacts. Develop ST E plan, test cases, and conduct testing activities.

Confidential

Sr. Systems Consultant

As a Senior System Engineer, Mr. Georgoulis supported the Air Traffic Control Division/Software Integration. Responsibilities included develop system design and architecture, and documentation. Defining system requirements and mapping requirements to system architecture. Conduct system and networking activities. Conduct network modeling and simulation activities, and coordinate and schedule system integration activities.

Confidential

Senior Systems Engineer

As a Senior System Engineer Team Lead , Mr. Georgoulis Manage testing activities to Design with a team effort various test stations for DOD projects. The Test stations will test various LRUs, such as radars, radios, antennas, etc.