Gerald L. Mack Jr.
|
Certifications
CCSK, 2013
CISSP, 2011
Security+,
2009
CAP, 2008
AWS
Certified Solutions Architect – Associate, 2014
Key
Skills
Cloud Computing Security
Risk Management
Policy and Planning
Vulnerability Assessments
Authentication & Access Control
Secure Computing
Regulatory Compliance
Security Authorization (Certification and
Accreditation)
Contingency Planning
Clearances
Top Secret
Education
Virginia Tech, Blacksburg, VA
BS in Biological Sciences, 2006
|
|
INFORMATION
SECURITY SPECIALIST
Qualifications
include a diverse background in Information Assurance and Security
Engineering from policy creation to implementation, maintenance, continuous
monitoring, and securing cloud environments; CISSP, CAP, CCSK, AWS
Certified Solutions Architect designations; system administration;
knowledge of security tools, technologies and best practices. Seven years
of experience applying information security guidelines and best
practices.
Technology Summary
|
|
Security Compliance
|
FedRAMP,
FISMA, NIST Special Publications, FIPS, DISA STIGs, Department of State
Security Configurations, Center for Internet Security (CIS), IRS
Publication 1075
|
|
Security Technologies:
|
Amazon
Web Services (AWS), Nessus Security Scanner, DISA Gold Disk, McAfee
Foundstone, Secutor Prime Threatguard, Anti-Virus Tools (Norton, Symantec,
etc.), Router Auditing Tool (RAT), SCAP, Content Management Systems (CMS)
|
|
Systems:
|
Unix-Based Systems (Linux,
OSX), Windows (all)
|
|
Software:
|
MS
Office (Word, Excel, Outlook, Access, PowerPoint), Joomla, WordPress,
Powershell, Bash scripting, VIM
|
|
IT Experience
|
Veris Group (3PAO)
Associate
June 2013 - Present
|
·
Served
as Technical Project Lead for multiple FedRAMP and FISMA assessments
·
Management
duties included management of budget ($100k+), scoping, testing
objectives, and creation of deliverables and assessment
documentation.
·
Reviewed
cloud infrastructure security configurations (IaaS, PaaS, SaaS)
|
|
Logic Method IT (Part
Time)
System Administrator
June 2012 – June 2013
|
·
Provided
system administration (Windows and Linux) support to several large
commercial organizations including financial institutions.
·
Utilized
Amazon Web Services to host and manage web applications.
·
Provided
security recommendations and guidance during the design, implementation,
and management of cloud based products.
·
Provided
incident response services including detection, prevention, and forensic
analysis.
|
|
Verizon
Security Engineer
June 2012 – June 2013
|
·
Provided
FedRAMP and Continuous Monitoring support and guidance for design,
development, and support of Department of Homeland Security (DHS) and
National Institutes of Health (NIH) information systems.
·
Provided
security recommendations and guidance as the security point-of-contact on
a $5 million+ government cloud application.
·
Developed
mitigation strategies for identified and potential system threats.
·
Reviewed,
researched, and tested security products and tools to meet system
security compliance requirements.
|
|
Booz Allen Hamilton
Information Security Engineer
April 2009 – June 2012
|
·
Gathered
requirements from clients and authored Security Control Assessment Plans,
IT Contingency Plans, Planned Actions and Milestones (POAMs), Security
Assessment Reports, etc. for dozens of federal government information
systems.
·
Conducted
system configuration audits on Windows (XP, 2003), UNIX, Active
Directory, and networking components.
·
Managed
the resources and budgets for $50,000+ in Certification and Accreditation
efforts.
·
Performed
policy and procedure analysis on 25+ agency security submissions.
|
|
Deloitte
(BearingPoint),
Information Security Consultant
November 2007 - April 2009
|
·
Supported
the documentation review and Security Test and Evaluation (ST&E) of a
multi-million dollar information system.
·
Managed
500+ Planned Actions and Milestones (POAMs) for Census Bureau information
systems.
|
|
Qinetiq
Business Analyst
June 2006 - March 2007
|
·
Created
and executed test scripts, provided QA services on development
applications.
|
|
|
|
|
|
|