SUMMARY

Cyber Security and IT Administration background with over ten years of experience. Bachelor's degree in Information Systems Security U Department of Energy Q clearance CISSP and Security certifications and knowledge and experience with security tools, methodologies and best practices. Experience in protecting computing resources/data, intellectual property and national security interests in a compliance-oriented, high-stress and high-demand environment while working under tight budget constraints. Offers value-add to organizations by having the skills and willingness to perform multiple functions and the enthusiasm and tenacity to embark on new opportunities.

PROFESSIONAL EXPERIENCE

Confidential

Cyber Security Specialist

• Worked with Natural Resource Manager NRM federal and contract personnel to establish a Cyber Security program that is compliant with all applicable Federal regulations, guidelines and directives in regards to the OMB Circular A-130, NIST SP 800-53, FISMA, FIPS 140-2 as well as the U.S. Gov't FedRAMP guidelines for Cloud infrastructures
• Recommended and procured software solutions, tools and best practices that would help improve and strengthen the NRM Cyber Security program and security posture with the goal of protecting the confidentiality, integrity and availability of NRM's data
• Provided security guidance and oversight for various IT projects
• Educated users in sound cyber security principles and best practices
• Represented the NRM Cyber Security Organization during project meetings to assist stakeholders and to make recommendations regarding cyber security as required by federal regulations and guidelines
• Created security guidance documents to assist NRM in producing organizational standard operating procedures SOP's
• Ensured all regulations, guidelines, directives, policies and procedures are being followed and that security checklists/hardening guides are being employed to establish a standard baseline and to satisfy federal cyber security requirements
• Proposed solutions, tools and best practices to strengthen NRM's web/application/database security as well as establish an effective configuration/change management system CMS
• Assisted in the process to reduce the current number of Plan of Action and Milestones POA M's identified by NRM Cyber Security as well as previous Office of Inspector General OIG audits and to propose solutions to prevent future POA M's from occurring
• Worked with NRM federal and contract personnel to address security incidents and issues involving users, information systems and data
• Identified current NRM security-related issues due to vulnerabilities, access, deficiencies, separation of duties/least privilege SOD/LP , insufficient controls, etc. and offered recommendations and viable solutions to correct problems and ensure all federal regulation, guidelines and directives are followed accordingly

Confidential

Cyber Security Analyst

• Executed site-related security functions and job duties from the Y-12 Cyber Security Operations Center SOC which provided 24x7x365 continuous monitoring and cyber security support.
• Responsible for the deployment and management of several defense-in-depth technologies on the classified and unclassified network environments to augment the site's cyber security posture and to help prevent/detect advanced persistent threats APT's and other internal/external threats
• Participated and contributed in biweekly U.S. Department of Energy DoE Cyber Security meetings to discuss cyber-related events and activities and to share cyber intelligence within the DoE community. Topics included malware analysis/research APT's and other malicious actors and targeted threats/attacks such as spear-phishing, hostile attachments, watering hole attacks, drive-by attacks, command and control C2 , etc.
• Worked closely with Y-12 internal organizations e.g., Helpdesk, Network Support, Desktop Support, Software Support, Email Support, etc. and other U.S. Department of Energy DoE /National Nuclear Security Administration NNSA sites to resolve user, network and security-related issues
• Conducted log analyses for tracking suspicious network activity due to malware, intrusions, internal threats, APT's and other malicious actors failed/blocked websites waste, fraud and abuse and for troubleshooting purposes related to software, hardware and network issues
• Responsible for the site web proxies and anti-virus servers. Duties included but are not limited to Internet policy and web content filtering enforcement creating and managing proxy policies and categories reviewing user requests and applying or creating policies which grants/denies access accordingly and reviewing and categorizing unidentified sources and websites
• Responsible for the deployment and management of the site-wide network-based intrusion prevention system IPS . Successfully configured and deployed the IPS in a test environment to monitor and understand it's functionality in real-world situations and to observe its response to simulated attacks via penetration testing methodologies. IPS duties included but are not limited to managing the IPS central manger network implementation of IPS sensors software upgrades emergency signature installs released by the vendor creating custom Snort rules and attack signatures creating custom firewall rules and exceptions creating and managing policies managing the IPS quarantine and analyzing attacks
• Configured, deployed and maintained strategically placed network-based IPS sensors to maximize visibility within the infrastructure while operating within budget constraints
• Maintained a custom block list that downloaded malicious URL's, domain names and IP's from internal and external sources that was automatically imported into the network proxies to deny users and systems from accessing malicious domains
• Provided a form of malware remediation by isolating or blocking infected or compromised hosts from internal and external resources until a plan could be implemented to contain and remediate its impact
• Scanned and reviewed external and 3rd party media for malware and other discrepancies
• Configured, deployed and maintained the network data loss prevention DLP appliance
• Conducted an ongoing threat analyses to determine the site security posture due to vulnerabilities, APT's and other malicious actors as well the latest situational awareness reports SAR's /intelligence released by federal agencies and the private sector
• Created and deployed Snort rules into the network-based intrusion detection system IDS sensors

• Experience with incident response procedures such as chain of custody and documentation detecting and identifying that an incident as occurred containing and isolating the incident and preserving evidence adding the indicators of compromise IOC to a custom block list and/or creating and deploying attack signatures eradicating the incident by removing/blocking the affected system from the network and monitoring the network to observe for similar or new abnormal activity
• Assisted in several forensic investigations ranging from malware infections to the 'evil-admin' insider

• Experience with network forensics and SIEM/SEM technology. Conducted proxy and firewall log analyses and IDS/IPS alert correlation due to malware waste, fraud and abuse and APT's and other malicious actors. Analyzed logs and alerts via network security controls to verify if an intrusion, compromise or misuse has taken place and determine if an additional investigation or further action is required such as a packet capture analysis PCAP , media inspection and/or sanitization, notifying senior-level management, etc.
• Conducted penetration tests to identify security weaknesses and potential threats establish baselines and test new and existing systems after new software installations, upgrades or when configurations/changes were implemented.
• Contributed to the certification and accreditation C A process by performing network, system and software vulnerability assessments via security tools and walk-downs. Analyzed results to determine the level of risk they pose, both internally and externally, and contacted system owners to propose recommendations to resolve or lower the security level or to mitigate or accept the risks associated with the vulnerabilities

• Tracked security-related events, incidents and alerts in the Y-12 cyber security event management system. This included but is not limited to tracking malware/APT's phishing emails government-related Situational Awareness Reports SAR's , security alerts/bulletins and threat advisories published from various federal agencies and the private sector and technical advisories regarding the latest security vulnerabilities associated with certain types of hardware and software including Industrial Control Systems ICS's

Confidential

Technologies Technician / IT Administrator

• IT Administrator responsible for managing the corporate WAN with offices located in Knoxville, TN, Cookeville, TN and Orlando, FL. Supported users in a Microsoft Windows environment who was responsible for all corporate hardware and software. This included but was not limited to the corporate WAN optimizer, firewall, proxy, switches, domain controllers, file servers, Exchange server, backups, workstations, laptops, mobile devices, printers/plotters, etc.

• Other responsibilities included but are not limited to maintaining the corporate Intranet diagnosing hardware, software and connectivity issues testing backups and data recovery methods malware remediation documenting and tracking all network inventory deploying new/existing software, updates, patches and configurations building and repairing computer systems monitoring and reviewing network activity and logs maintaining software licenses managing domain user accounts, groups and policies automating network tasks via batch scripts training users regarding proper usage of company resources as well as the corporate computer policies, procedures and standards and staying up-to-date with the latest security threats and practices

Confidential

Backup IT Administrator

Mechanical/Plumbing/Fire Protection Design Engineer

• Backup IT Administrator responsible for managing and supporting a LAN in Knoxville, TN. Supported a small group of users in a Microsoft Windows environment who was responsible for company servers, workstations, firewall/IPS, printers/plotters and software.
• Other duties included but are not limited to deploying new/existing software updates, patches and configurations training users regarding computer usage and new software building and repairing new computer systems installing and managing new computer systems, applications and network appliances malware remediation reviewing system configurations and logs conducting vulnerability scans to determine system and network risk levels and mitigation strategies staying up-to-date with the latest security threats and practices and customizing CAD applications created and maintained custom-made AutoCAD menus and toolbars to establish standards and to improve productivity .

• Design Engineer duties included but are not limited to designing, coordinating and drafting various types of commercial and residential facilities e.g., hospitals, schools, churches, office building, apartments, condominiums, etc. .