|
2015 – PresentDirector
of Digital SecurityDMS
Int’l – Silver Spring, MD
§
Contributing to Enterprise Improvement, Business
Development, Proposal Writing efforts at DMSI Corporate level.
§
Department
of State – Diplomatic Security (DS) & Information Resource Management
(IRM)
ú Working
with System Owner to compile data, gather information, develop RMF
documents & artifacts to submit for A&A action. Supporting DS
& IRM leadership and Vendor management directly.
2009 – 2015Director of Cyber OperationsEpsilon – Washington, DC
(Transitioned
from part-time Consultant (Dec 2009) to full-time Employee (Oct 2011))
§
Contributed significantly to Enterprise Improvement,
Business Development, Proposal Writing efforts at Epsilon Corporate
level. Over five year tenure, responsible for up to one-third of all
contract wins in areas of DIACAP, IA, C&A.
§
Naval
Sea Systems Command (NAVSEA) – Certification &
Accreditation Team
(Dec 2013 – Feb 2014) then again (Oct 2014 – Aug 2015)
ú Worked with System Owners to compile data, gather
information, develop DIACAP documents & artifacts to submit for C&A
action. Supported IA & C&A Branch Chiefs directly to develop
& revise team processes, procedures, workflows to reflect NAVSEA’s new
way of doing business.
ú Led effort to test (security &
functionality) then deploy & manage iPhone 5s & iPad Air 2 by end
of FY2015. Developed white papers for review & consideration by
NAVSEA Senior Leadership: Wireless Networking Implementation, RMF
Transition & Conversion Process, ACAS Deployment & Utilization.
§
Army
Software Engineering Center (SEC) Software Assurance Division (SwAD)
Security Assessment & Compliance Test Team(Jun 2014 – Sep 2014)
ú Conducted security assessment & compliance
testing on Army networks & systems on behalf of ACA. Made use of
Retina, SCAP Tool, STIG Viewer, Vulnerator for testing; and SwAD’s own
DIACAP Package Generator (DPG) for reporting. Specialized in VMware
ESXi and McAfee ePO & HBSS compliance auditing. Developed processes & workflows, captured
instructions & lessons learned, compiled tips & tricks – to educate
& inform Test Team, reduce confusion, minimize risk to both Epsilon and
Army SEC.
§
REI
Systems – Health Resources & Services Administration (HRSA)
Corporate System Admin & HRSA DB Admin Teams(May 2014 – Aug 2014)
ú On Corporate SysAdmin Team, worked directly under
Vice President to: update equipment
inventory in both Telecom Closet and Server Room; catalog all hardware
& software in use; update rack elevation diagrams to reflect current
state of networks & systems. Also, developed templates
for policies & procedures, such as Launch Management Plan, System
Declaration & Registration Form, System Operations Guide.
ú On HRSA DB Admin Team, worked directly under
Director to: develop procedures & instructions for configuring
SQL Server 2012 on virtual servers; then execute such procedures &
instructions to configure 25 new servers in eight weeks. Also,
assisted in developing semi-automated scripts to reduce work time for
configuration of each server from approximately 60 minutes to only 15
minutes.
§
F-35
Lightning II (Joint Strike Fighter) Program Office (JPO)
Information Assurance & System Admin Teams(Oct 2012 – Dec 2013)
ú Co-led IA team on SABI & SAP activities.
Assigned by CIO and IAM to oversee high-visibility efforts across JSF
Enterprise, to include: weekly vulnerability scanning & patching
of NIPR & SIPR assets; ongoing testing & patching of Java vulnerabilities
per US CYBERCOM IAVM Program; hosting 24th
Air Force Scope EDGE NHA event in February 2013; hosting DISA CCRI event in
June 2013; conducting hardware & software security assessments; monitoring McAfee ePO & HBSS
installations on servers & workstations; investigating data &
information spillage or suspect user activity; managing team & staff
expectation and morale during transition and recompete periods.
§
U.S.
Marine Corps University (MCU)
Certification & Accreditation Team(Nov 2012 – May 2013)
ú Provided background guidance & support to
onsite IA & C&A teams in short-term effort to re-accredit four
major networks & systems simultaneously: Gray Research Center
(GRC), DoN Heritage Asset Management System (DONHAMS), Expeditionary War
School (EWS), and CampusNet. After
150-day effort, achieved completion & submission of all four C&A
Packages by mid-April for successful Navy CA review & system
re-accreditation.
§
U.S.
Army Information Technology Agency (ITA)
Enterprise Information & Mission Assurance (EIMA) Team(Oct 2011 – Oct
2012)
ú Supported large-scale transition & migration
activities after multiple organizational, team, & staff realignment
initiatives by both GOV and CTR teams over six month period.
Participated in McAfee ePO & HBSS implementation & rollout
efforts. Managed team & staff expectation and morale during
tumultuous times.
ú Led CAP & C&A teams to refine systems
& processes, policies & procedures to realign and rejuvenate
EIMA. Successfully supported and
passed in-house Penetration Test activities, DISA CNDSP Audit,
accreditation/re-accreditation of multiple networks & systems (Pentagon
backbones of NIPR, SIPR, Top Secret, as well as multiple Clients &
Tenants).
2011Systems
Engineer, Lead PrincipalPragmatics
– Reston, VA
§
Transportation Security Administration (TSA) –
Enterprise Architecture, Secure Infrastructure
ú Assisted Branch Chief in leading “security
technologies” task to test & evaluate new appliances & tools, then
design & develop physical & logical safeguards to protect assets on
TSANet. Led efforts to test
functionality and perform “basic” hacking & forensics on mobile
computing devices, to include: iPhone 4, iPad 2, Motorola Xoom,
BlackBerry Smartphones, BlackBerry PlayBook. Worked with
Good Device Server and Good Messaging Server to manage mobile devices in
support of “Secure Mobile Computing” initiative for both TSA Senior
Leadership Team and Federal Air Marshal Service (FAMS).
ú Due
to prior experience, was designated to review C&A documents &
artifacts for TSA Security Technology Integrated Program (STIP), and
provided inputs to C&A Team for pending re-accreditation activities.
2009 – 2011Vice
President, OperationsInfoSecure
Tech – Washington, DC
§
Department of Homeland Security (DHS) – U.S. Citizenship
& Immigration Services (USCIS) – Incident Response & Digital
Analysis (IRDA) Team
ú In direct support of Branch Chief, conducted security investigations and data
extractions on networks, systems, mobile devices in cooperation with CIS
Security & Network Operations Center (CIS SNOC):
-- Complied with DHS 4300A & 4300B policies & procedures,
as well as those established by USCIS OCIO. Enforced QA & CM on
IRDA hardware & software assets. Managed McAfee ePO & HBSS
installations on servers & workstations.
-- Utilized
AccessData Forensic ToolKit, Guidance Software EnCase Forensic, WireShark,
inSSIDer, WirelessMon, various COTS & Open Source applications &
utilities.
§
DHS – USCIS – Infrastructure Protection Team
& FISMA Compliance Team
ú In
direct support of Branch Chief, installed
& configured diverse vendor hardware & software for demonstration
and T&E use, as follows:
-- Barracuda Spam & Virus Firewall, ArcSight NSP & Logger,
Splunk HW & SW, NetWitness Broker/Concentrator/Decoder/Informer à for integration with existing Infrastructure,
NIDS, HIDS at strategic nodes with CIS SNOC.
-- IBM Tivoli NetCool, EMC2 VoyenceControl, Cisco MARS, Cisco
Works, Cisco Security Manager à for network monitoring & control, as well as network traffic
analysis.
-- AppSec DbProtect, HP AppDetective & WebInspect, Core Impact,
Coverity Static & Dynamic Analysis, IBM AppScan, Nessus, Retina, McAfee
ePO à for web, application, database development &
testing, as well as security auditing and compliance tracking.
2009Principal
Member, Engineering StaffMTS
Tech – Arlington, VA
§
Department of Navy & U.S. Marine Corps – US101
Program
ú Led
IV&V and IA C&A tasks to ensure DIACAP compliance of all IA-enabled
navigation, electronic, communication, IT systems. Conducted face-to-face interviews and hands-on
vulnerability scans and security assessments of systems to verify &
validate compliance with DoD 8500.x and DCID 6/3 IA Controls.
Evaluated IA requirements and applied C&A procedures per DCIDs 6/3
& 6/9 and JAFANs 6/3 & 6/9. Coordinated &
worked directly with client/partner Engineering and IA teams to track
vulnerabilities and report status on POA&Ms.
2008Sr. Project
EngineerJorge Scientific
Corp – Arlington, VA
§
U.S. Army Research Laboratory (ARL) –
Constant Hawk Program
ú Co-led Systems Engineering efforts in designing
& documenting requirements for persistent surveillance systems in Iraq
Theater of Operations, to include imagery sensor & gimbals, aircraft
platform & payloads, data processing systems. (Also, was responsible for technical elements of bid
& proposal effort to implement similar program in Afghanistan Theater
of Operations.)
ú Developed
CONOPS and performed feasibility analysis for entire system, plus
components. Developed SOWs and tracked subsystem requirements for
vendors & subcontractors. Contributed to DIACAP and C&A
efforts to secure networks & systems, including imagery processing
servers, data storage arrays, INTEL analysis workstations.
Coordinated & worked directly with partner/client Engineering & IA
teams across 12-hour time difference.
2006 to 2008Staff Engineer, ITDSCI – Mays Landing, NJ
§
Transportation Security Laboratory (TSL) – FAA,
DHS, TSA Programs
ú Tested
& validated Transportation Security Equipment (TSE); gained SCAP
certification & authorization/accreditation for TSE before deploying to
airports nationwide.
2003 to 2006Lead Member, Engineering StaffLM MS2 – Moorestown, NJ
§
Deepwater Test & Integration Laboratory (DTIL) – Coast
Guard Deepwater
ú Tested
& validated communication & navigation systems for small &
medium ships; gained DITSCAP certification & accreditation for systems
before deploying on ships.
|