John Eric Hart, CISSP

3286 Hunters Rest Dr.

Charleston, SC  29414

843.518.2581 (m)

gehosaphat@wowway.com

 

 

POSITION:  Project Manager, Senior Information Assurance and Cyber Security Engineer

 

SECURITY CLEARANCE:  ACTIVE TOP SECRET/SCI (eligible)

 

Offering over 25 years’ of experience and formal education in Information Systems technology coupled with 15 years of advanced Information Assurance and Cyber Security experience, John brings a wealth of knowledge to the table.  He is a proven leader, as is evidenced by his 20 years of U.S. Naval service, mostly at the CPO level, and previous management of a Network Operations Center at the classified level in which he not only built from the ground up, but took the helm and managed it and his teams successfully for almost 8 years.

 

John’s Naval service saw him initially as a Sonar Technician on Spruance Class Destroyers, and then to a Master Training Specialist Instructor of graduate level studies of Anti-Submarine Warfare theory and sensor/weapons employment at the US Navy Surface Warfare Officers School Command for future Department Heads, Executive Officers, and Commanding Officers of various surface combatant platforms.  He retired from the Navy after successfully performing the duties as a 3M-Coordinator on a surface combatant deployed to the Persian Gulf.

 

 

EDUCATION:

Feb 14:BS in Information Technology, Kaplan University.

Jan 94/95:Attended Southern Illinois University, Majoring in Vocational Education.

June 1975:Bel Air Senior High School, Bel Air, MD.

 

OTHER EDUCATION AND TRAINING:

Sept 13:Completed ACAS Training (Retina replacement)

Jun 10:Certified CISSP, CPE’s up to date.  Recertified June 2016.

Feb 10:DTC CISSP CBK Training.

May 09:Taclane (KG 175D) Micro Operator Course.

Aug 01:Fastane (KG-75 Operator course.

Aug 01:Taclane (KG 175) E100 Operator Course.

Apr 96:Technology Standards Group Fiber Optic Installation and testing Course.

May 93: USN LAN Communications Theory, Novell Installation and System Administrator.

May 93:USN UNIX Operator / Administrator Course.

Feb 92:SONAR Supervisor and Acoustic Analysis Course.

Dec 91:Navy Leadership Course for Chief, Senior Chief, and Master Chief Petty Officer.

Mar 85:Nuclear Weapons Procedures Supervisor Course.

June 82:Navy Instructor Training Course

June 82:AN/UYQ-25 Oceanographic Range Prediction Computer Course.

Dec 80:Mark 116 Anti-Submarine Warfare Fire Control System Maintenance Course.

May 79:AN/SQS-53A SONAR Maintenance Course.

Feb 78:SONAR Advanced Electronics Intermediate Course.

 

SUMMARY OF QUALIFICATIONS:

·               20 years of electronics experience.

·               23 years of information systems experience.

·               15 years of information security experience.

·               Certified USN Master Training Specialist (retired from USN after 20 years of service).

·               Experience with SSC LANT DCAO Information Assurance DIACAP packages.

·               Experience with DISA eMASS IA Authorization and Accreditation tool (DIACAP and RMF).

·               Experience with Telos Xacta IA Management tool.

·               Experience with many different flavors of Unix/Linux to include RedHat, Fedora, SuSE, Ubuntu, HP-UX, AIX, and Solaris.

·               Experience with all MS Windows Operating Systems.

·               Experience with VMWare and Oracle VM Virtual Box.

·               Experience with DIACAP, NISPOM (to include Chapter 8 overprint), DCID 6/3, NIST 800 series, ODNI, DODIIS, CNSS, DIA, NSA, ICD 503 Certification and Accreditation (expert).

·               Experience with various network vulnerability assessment and security tools (Retina, Nmap, Nessus, SCAP, CSET, SECSCN, WASSP, Flying Squirrel, etc.).

·               DISA Gold Disk, DISA STIGS, DISA SRR, JTF-GNO IAVA management (expert).

·               Experience with various network appliances and components (Cisco, Juniper, Foundry, EndRunTechnologies, and KG-175 D Taclane).

·               Experience with many different server types (Dell, Sun, HP, and IBM).

·               Experience with virtually all MS Office applications (Word, PowerPoint, Excel, Access, Project, and Visio).

·               Experience with the following Wide Area Networks:

o             DREN

o             SDREN

o             NiPR

o             SiPR

o             JWICS

o             SPAWAR RDT&E

o             FEMA Enterprise Network (FEN)

o             FEMA Classified Network

 

WORK EXPERIENCE:

 

Tangible Security, Inc.

May 2015 to Present

Project Manager, Senior Information Assurance and Cyber Security Engineer

Supervisor:  Provided upon request

 

Currently assigned as a Project Manager / Senior IA Engineer for the SPAWAR System Center Charleston IA validation effort in support of DISA System Engineering and Integration.  Performs IA validation, management of personnel, and validation site visit scheduling.  Since this is basically a start-up company in the Charleston area, I wear many hats and still get my “hands dirty” by going on site visits, conducting STIG, documentation, and system scan reviews (ACAS), reporting all findings and recommendations to the DISA Division chief and SCA.  DIACAP and RMF expert.

 

Network Security Systems Plus (NSSPlus), Inc.

Oct 2013 to May 2015

Senior Information Assurance Engineer / Senior Cyber Security Engineer

Supervisor:  Provided upon request

 

Assigned to the DHS / FEMA Office of the Chief Information Officer (OCIO) Authorization, Accreditation, and Assessment project. This effort is a very aggressive and high Op-Tempo contract created for the sole purpose of assessing the security and posture of every IT-based FEMA site in the continental USA.  This had to be performed within one fiscal year.  Responsible for the independent verification and validation of security settings for all network and stand-alone IT assets at each site visited.  Performed Nessus scans with FEMA accredited policies and audits, WebInspect for web server vulnerability scanning, and AppDetective scanning for database vulnerabilities.  Generated NIST-based documentation for the site to have and maintain (SAP, SAR, Risk Assessments, etc.).  Generated final out-brief presentation which the FEMA CISO goes by and displays during her presentation to each site at the conclusion of each visit.

 

Previously assigned to the Certification and Accreditation Team for the Defense Health Agency (DHA) effort.  Responsible for conducting classified network systems security scans, manual verification of IA controls in accordance with the DIACAP governing authority, personnel interviews, assist sites with remediation/mitigation of any findings that may occur, and validating POAM entries.

 

Scientific Research Corporation (SRC), North Charleston, SC

Jan 2013 to Oct 13

Senior Systems Analyst

Supervisor:  Bill Sanders 843.308.2482

Supervisor:  Susan Zitnick 843.308.2523

 

Assigned to the SPAWAR Systems Center Atlantic Data Center Consolidation Application Optimization Team located in Charleston, SC (SSC LANT, DCAO).  Responsible for Information Assurance packages with systems transitioning into the SSC New Orleans, LA Data Center from their like legacy systems which currently reside in various areas of the continental United States.

 

·   Authoring DIACAP packages for transitioning systems seeking ATO or ATO MOD from USN ODAA

o   Generating and updating systems in eMASS

o   Risk Assessment Reports

o   POAM

o   DIACAP Scorecard

o   C&A Plan

o   Network Diagrams

o   All supporting DIACAP documentation

o   Security Risk Assessment Reports

·   Heavily involved in data center system security testing

o   Retina Scanning

o   Completed ACAS (Nessus) training for the 2014 transition from Retina to ACAS

o   DISA STIG compliance

o   SCAP scanning

o   DISA manual STIGs (operating systems and applications)

o   Work with transitioning sites in mitigating and/or remediating CAT I/II/III findings

 

Covenant Security Solutions, Inc.

Jan 2011 to Jan 2013

Senior Information Assurance Engineer

Supervisor:

Ricardo Newman     703.909.3034

 

Authoring and reviewing customer network security documentation packages, verifying compliance with DCID 6/3, DIACAP, NIST 800 series, DODIIS, ODNI, CNSS, and/or NSA governing authorities.  Visit sites to conduct Organizational/System Risk Assessments, System Certification/Accreditation, thus determining validity of organizational and network security posture, and compliance with governing directives.  Assist sites in generating Certification Test Procedures for operating systems and applications.  Specific accomplishments include:

·   Heavily involved with SAIC (Hanahan, SC) in the C&A process with the Vigilant Pursuit vehicle CENTCOM accreditation.  Performed vehicle vulnerability scanning, providing results and mitigation recommendations to the prime contractor for review and consideration.  Sent recommendation for total vehicle contingency and disaster recovery planning to the prime for consideration as well.

·   Participated in the preparation for the Certification and Accreditation of the US Army 513^th Military Intelligence Brigade’s DCGS-A System on JWICS.

o        Interviewed key personnel to ensure employee compliance with the governing authorities’ specifications.

o        Conducted system scans to include “war-driving” for open wireless networks, and providing results and recommendations for documenting and securing of the same.

o        Assisted the customer in securing all JWICS DCGS-A Virtualization Machines, Operating Systems and applications.

o        Reviewed documentation sets and provided feedback in weak areas (Continuity of Operations, Disaster Recovery, and Contingency Planning).

o        Successfully conducted “dry-runs” prior to formal Certification by the US Army G2 certifier.

·   Generated Certification Test Procedures for Operating Systems and applications on the JWICS network, accepted by the US Army’s 513^th MIB.

 

Secure Mission Solutions, Inc. (formerly WareOnEarth Communications, Inc.)

Sep 2000 – Jul 2010

Information Assurance Manager, Information Systems Security Manager, SDREN NOC Support Team Lead

Supervisors:

John Hearton:843.529.0678 (w)

843.412.0098 (m)

John Rubritz:843.529.0678 (w)

843.670.2649 (m)

 

SDREN NOC Support, IDS/GATOR, and Training Dept. Team Supervisor; SDREN NOC and WCI DREN Information Assurance Manager / Information Systems Security Manager (IAM/ISSM)

Responsible for the successful operation of the Department of Defense, High Performance Computing Program Secret Defense Research and Engineering Network Operating Center (HPCMP SDREN NOC) to include confidentiality, integrity, and availability of systems and services to the SDREN Community to include web, system security tools, email, WAN monitoring, and WAN appliance control services.  Ensure proper and up to date site documentation is available to NOC personnel.  Responsible for the implementation of all security measures germane to the operation of the NOC, as well as ensuring maximum uptime of all NOC systems.  Maintain system accreditation in the form of ATO/ATC.  Items worthy of note are:

 

·   Solely authored the SDREN NOC DIACAP Package, both Executive and Comprehensive.

·   Generated DIACAP Standard Operating Procedures (SOP) for use with the SDREN NOC enclave.

·   Solely authored the WCI DREN Enclave DIACAP Package, both Executive and Comprehensive.

·   Solely authored the DSS Master System Security Plan (MSSP) for the SDREN NOC, thus maintaining system accreditation.  Received Authority to Operate at the “DOD Secret System High” level to include self-certification of like systems on 21 May 10.

·   Conducted unannounced, periodic testing of disaster recovery procedures to ensure prompt recovery of the failed systems and/or entire enclave.

·   Periodically exercised the Continuity of Operations / Contingency Plan for offsite recovery.

o        Generated MOA between SDREN NOC and Patuxent River Naval Air Station AICNOC for the purpose of SDREN NOC offsite disaster recovery.

·   Passed all SDREN NOC Defense Security Service (DSS) annual security assessments.  Included in these assessments were system, network, and physical security inspections.  Maintained Authority to Operate at the DOD secret system high level (ATO).

·   Passed the customer driven DOD Comprehensive Security Assessment (CSA).  Maintained Authority to Connect to the SDREN (ATC).

·   Built-up, secured, and deployed IDS units using Solaris 7, RedHat Linux or Mandrake Linux operating systems on Sun, Gateway, IBM and Dell platforms for use on ATM and GigE networks.

·   Provide System Administrator and remote site support to the SDREN community.  Provide Network and System Administrator support to the WCI DREN enclave (Linux and Windows).

·   Configured, secured, and installed Linux servers for the SDREN NOC.

·   Promoted to “Team Lead” of SDREN NOC Systems Support, Joint Intrusion Detection Systems (JIDS) and Training Departments.

·   Accepted additional duties as Information Assurance Manager / Information Systems Security Manager (IAM/ISSM) for the local DREN network and SDREN NOC.

·   Created a Linux driven Clustered Server system out of units destined for disposal.

·   Spec’d out, sent to customer for approval, and upgraded all SDREN NOC servers.

·   Received commendable grades during Defense Security Service’s SDREN NOC reaccreditation.

·   Built-up and deployed prototype Intrusion Prevention Systems to key DREN Network Access Points and NIPRNET peering points.

·   Established, chartered, and chaired the Configuration Control Board (CCB).

·   Established a SDREN NOC Systems Auditing Team.

·   Overall responsible for the deployment and operation of approximately 65 IDS systems in the field.  Provided troubleshooting support and rapid replacement in the event of a system casualty.

·   WCI DREN IAVA Manager, ensuring proper dissemination of IAVA vulnerability alerts to all local users, assigning deadlines for system patches, assisting users with system patch implementation, and reporting compliance to the DOD High Performance Computer Modeling Office (HPCMO) IAVA Coordinator.

o   Validated total enclave and NOC compliance with the use of the Retina Scanning application.

·   Ensured that the training department was provided with the tools, equipment, and classroom facility needed to train paying customers in the operations and maintenance of NSA Type 1 network encryption devices.

·   Evaluated instructor’s performance at random intervals, thus ensuring quality courses of instruction conveyed to the customers.

 

Eagan, McAllister Associates, Inc.

Nov 1999 – Sept 2000

Systems Security Analyst / Administrator

 

System Administrator of the U.S. Navy’s InfoSec Sun Ultra series web server suite at SPAWAR Systems Center Charleston.  Responsible for maintaining web server operations on a 24 x 7 basis for both UNIX and Windows NT servers.  The entire US Navy relies on the server suite for up to date anti-virus updates and real-time policy mandates.   Manages local user access to eight classified and unclassified servers in the suite.  Rapidly troubleshoot and resolve problems within the suite when they arise.  Specific accomplishments include:

 

·   Successfully migrated user mail accounts on the classified (SIPRNET) network to allow access to mail accounts from any workstation on the classified net.

·   Successfully moved all servers behind the recently installed Cisco 7200 router resulting in increased security.

·   Installed/configured Smart UPS control features on all UNIX servers.

·   Configured classified web server to host password-protected fleet database lists with SSL engaged.

·   Provided interim fix for passive FTP download problem from fleet units during a temporary “passive ftp port-range” blockage.

·   Obtained and installed DOD PKI certificates for all unclassified Unix Apache and Netscape web servers.  A first for this area.

·   Created password protected directories (SSL) on all Apache servers.

·   Reconfigured server backup regimen to allow for complete backup of the US Navy InfoSec server on a daily basis.  Stored and rotated most recent weekly backups in a secure facility on base in the event that disaster recovery was required.

 

PE Systems Inc.

July 1995 to Nov 1999

Network Engineer

 

Provide on and off site support to the US Army 841^st Transportation Battalion's Novell, Windows NT and UNIX Network systems home-based in Charleston, SC; with remote sites in Savannah, GA; Jacksonville and Cape Canaveral FL.  Upgraded and secured all hardware and software at each of these sites.  Responsibilities include:

·   Instructed six System Administrators in the operation, maintenance, and security of the respective networks in their charge.

·   Monitored remote site network performance daily to pre-empt any potential disaster.

·   Assisted with the planning and implementation of fiber optic infrastructure upgrade.

·   Upgraded current 10 base 2 to FDDI and 10 BaseT CAT 5 architecture.

·   Upgraded existing file server hardware to a duplexed Compaq Proliant 1500 Pentium 133 with external SCSI 8mm DAT tape devices for unattended backups using Arcserve 6.1 Enterprise version for Netware.

·   Migration entire command from a Novell network operating system to Windows NT 4.0.

·   Constructed a “pseudo enterprise” storage solution for remote sites to backup their data daily to the 841^st TTB during off-hours so as not to conflict with network bandwidth, thus ensuring continuity of operations.

·   Installed the new operating system(s) on three Compaq Proliant 3000 servers directly connected to the NIPRNET via a fractional T1 gateway, protected by intruder detection devices and a border security router.

·   Upgraded 50 workstations with new IBM and HP workstations with Windows NT as OS.

·   Configured laptops for remote connectivity to home-based applications and Microsoft Outlook email services using the Army's ISP.

 

UNITED STATES NAVY

(Total years of active duty service:  1975 to retirement in 1995)

 

USS NICHOLSON (DD 982)

APRIL 1992 TO SEPTEMBER 1995

UNIX SNAP II/Novell Fiber-Optic (FDDI) LAN Administrator, 3M Coordinator

 

As the ship's Maintenance, Management, Material (3M) Coordinator, supervised 320 personnel in the documentation and completion of shipboard and contractor maintenance, which improved the ship's combat readiness and survivability.  Final outcome of all inspections yielded no less than 96%.  Personally orchestrated a total ship maintenance and upkeep project that markedly improved the ship's combat readiness while deployed for six months to the Persian Gulf. 

 

As the ship's HP Apollo 9000 Model 750 UNIX-Ported SNAP II (HP-UX UNIX) and Novell 100 user LAN/System Administrator, was key to the successful installation of this prototype just prior to the ship's deployment.  Items worthy of note:

·   Trained and monitored individual subordinate performance as well as LAN operations to ensure no malfunctions occurred.

o        The only LAN out of six deployed overseas that experienced no down-time.

·   In one day, relocated the entire system from the ship to an office building in preparation for entering an industrial environment (overhaul).  Again, no malfunction occurred, and the system was placed on-line in record time.

·   Trained my relief in LAN/System Administration

·   Solely authored an "abbreviated, in-house" technical manual to ensure that any malfunctions or catastrophic events would be repaired with ease.

·   Trained the school that trained me in creating a contingency plan in the event of a disaster, which included performing remote system backups during off-peak hours from the deployed ship to NAVMASSO Chesapeake over the INMARSAT satellite communications system.

 

SURFACE WARFARE OFFICER'S SCHOOL COMMAND, NEWPORT, R.I.

JANUARY 1989 TO JANUARY 1992

Instructor, Combat Systems Training Department

 

Certified “Master Training Specialist” instructor of graduate level studies in Anti-Submarine Warfare systems and tactics to prospective Division Officers, Department Heads, Commanding Officers, and Executive Officers.  Streamlined, and brought up to currency the Anti-Submarine Warfare theory portion of the course.  Personally developed the course curriculum of, and taught the Navy's newest underwater sensor and fire control equipment operations (AN/SQQ-89, and all variants, plus the Mk 116 ASW Control System to include the Mk 41 Vertical launch System for DD963, CG47, DDG51 and FFG7 class war ships).  System Administrator for the Department Head Combat Systems Training Department prototype LAN.

 

USS THORN (DD 988)

JANUARY 1985 TO JANUARY 1989

Combat Systems Supervisor

 

Assigned as the Anti-Submarine Warfare Combat Systems Leading CPO.  Responsible for the material readiness condition and tactical employment of the ship's Anti-Submarine Warfare electronics and weapons suite.  Supervised and managed over 35 personnel.  During the ship's one-year overhaul, demanded no less than 100% effort and quality from personnel assigned, including outside civilian contractors.  Chief Quality Assurance inspector for all electronic, hydraulic, and structural work in the division.  Spearheaded the one-year repair and calibration (RAC) of the ship's SONAR and weapons system subsequent to a funding cut of anticipated overhaul monies to the primary contractor.