CHRISTOPHER M. BALL, CISSP®
Mobile: 681-242-7631
Office: 304-724-2914
94 Drawing Arm Lane
Martinsburg, WV 25403
Email: ChrisBall1123@yahoo.com
Top Secret Clearance (TS Active) SCI Eligible
Summary
Mission focused IT Security Engineer with over 15 years of hands-‐on technical and management experience. Proven
results in assessing, developing, maturing, and securing Information Technology (IT) Portfolios and IT Service Catalogs.
Keen ability to determine the business value of IT solutions and ensure that resource allocations align with regulatory
compliance, organizational policies, strategic goals, and mission objectives in the most expedient, secure, and cost
effective manner.
My Security Enhancement Approach
Discovery Phase: Recon, Scanning and Exploiting.
The first thing I like to start with is a full external and internal
vulnerability and penetration analysis to discover the current
patch levels, open ports, network size, topology, public data recon
(ARIN), running services, databases, applications, countermeasure
and external attack surface. If authorized I will additionally run
exploits, social engineering attacks, wifi attacks, SQL injections,
brute-force attacks and a host of other web exploits to validate
the vulnerability findings. Once this is completed I will provide a
full report of my findings to all interested parties.
Discovery Tools Used: Kali Suite, Nessus, OpenVAS, Tripwire
IP360, Metasploit, NMAP, ZENMAP, AppDetective, Uniscan,
Netsparker, WireShark, Snort, Niko, Whois, Yersinia,
WebSlayer, SQLNinja, Cain and Abel, Hydra, Social
Engineering Toolkit (SET), AirCrack –ng, Fern and
various other DOXers, DORKs, proxies,
bruteforcers and scanners.
Harden & Secure Phase: System Hardening,
Countermeasure Deployment and Enhancement.
Once the security architecture has been fully
analyzed I will work to strengthen policies, procedures,
compliance, systems and countermeasures.
Configuration Changes & Audits of: Firewalls, IPS, routers,
switches, wireless access points, web-gateways, mail-gateways,
NACS, SIEM, HBSS, HIPS, Databases, Data Loss Prevention (DLP)
systems, servers and workstation.
Publication and Process Improvement of: Incident Response
Plan, Rules of Behavior, approved software list, security training
requirements, security change management processes, security
improvement plans, program plans, policies, procedures,
standards, requirements, security technical implementation
guides (STIGs), system security plans (SSPs), security test and
evaluation (ST&E) plans, security assessment reports (SARs), and
plan of action and milestones (POA&Ms)
Monitor & Audit Phase: Review of Countermeasures & Logging
In this phase of my security analysis I review the security
architecture and audit the firewall logs, IPS logs, web-gateway
events, network access control systems (NACS) email-gateway
events, application logs, database activity logs, HIPS Events, SIEM
events alerts and alarms against my discovery findings. Basically
I’m looking at how my attack was handled by the
countermeasures, how it was logged and what actions were taken
by the Security Operations Center staff to stop my attack .
Monitoring and Auditing Tools Used: McAfee SIEM, McAfee
HBSS, McAfee NSM IPS, McAfee Web-Gateway, McAfee EmailGateway,
McAfee Database Activity Monitor, McAfee Rogue
System Detector, Alienware’s USM, Syslogs,
WMI logs, Netflow events, Snort, Suricata, Cisco CSM
Critical
Data
Juniper’s Junos, TripWire IP360/SIH, Windows NPS,
and various other NACS ,CCM, (DLP) & antimalware
tools.
Policy & Procedure Phase: Review of Security
Programs policies, procedures & compliance.
Security problems often stem from organizational
issues. A well trained security conscious staff adhering
to well defined policies and procedures can greatly reduce
an organization’s security risk. In this phase I will carefully
review organizational governing mandates, standards, policies,
procedures and training plans against industry best practices to
provide a comprehensive security assessment report and
security improvement plan tailored to meet the organizations
regulatory and business requirements.
Experience Utilizing: PMI, ITIL,ISC2, TOGAF, FEAF, ITIL and COBIT
methodologies and enforcing DHS-4300, FISMA, HIPAA, GLBA,
SOX, EFTA, FACTA, FAR, ADA 504, Clinger-Cohen Act, SarbanesOxley
and the Federal Information Security Management Act
regulatory compliance.
Experience
United States Coast Guard (USCG) – Security Operations Center
Security Information and Event Management (SIEM)
IT Security Engineer (Contractor – Versa IS)
October 2014 – Present
Currently serving as a Senior Security Operations Center (SOC) Engineer specializing in McAfee’s Security Information
and Event Management (SIEM) system for The United States Coast Guard (USCG) Integrated Health Information System
(IHiS). Duties include the engineering and implantation of:
• Developed a Cyber Security Program that places numerous information system controls, plans, processes,
procedures and countermeasures around the IHiS architecture to ensure the Confidentiality, Integrity, and
Availability of this PHI and PII system.
• The Development and implantation of a Incident Response Plan that defines Roles and Responsibilities, Security
Incidents, Privacy Incidents, Reportable Events, Incident Assessment, Severity Determination, Incident
Prioritization, Response Times, Reporting and Incident Review/Post Analysis for lessons learned and security
improvement.
• Authored organization level security plans, policies, procedures, standards, requirements, security technical
implementation guides (STIGs), system security plans (SSPs), security test and evaluation (ST&E) plans, security
assessment reports (SARs), and plan of action and milestones (POA&Ms)
• Engineered and implemented automated security network controls based upon DHS, USCG's and HIPAA policies
and procedures in McAfee’s Security Information and Event Management (SIEM), ePolicy Orchestrator (ePO),
Virus Scan Enterprise, Host Intrusion Prevention System (HIPS), Next Generation Firewall, Intrusion Protection
System, Data Loss Prevention, Application Data Monitor, Web Gateway, Email Gateway, Rogue System Detector,
Database Activity Monitor and Database Vulnerability Manager.
• Engineered and implemented an Enterprise Log Management System that provides 100 percent coverage with
real time system logging, event analysis, log correlation and incident alerts/alarms.
• Run weekly security patch vulnerability assessments and PCI-‐DSS compliance scans through Nessus’s System
Vulnerability Scanner
• Provide external penetration testing multiple time a weak to constantly test and evaluate our countermeasure
effectiveness
Federal Emergency Management Agency – Security Operations Center
IT Security Engineer (Contractor – Clutch INC)
October 2012 – October 2014
Served as an IT Security Engineer for the Security Operations Center (SOC) of the Federal Emergency Management
Agency (FEMA).
SOC into a world class SOC.
I work on a small team of four highly skilled senior security engineers that transformed the legacy FEMA
I engineered and deployed several IT Security systems including a continuous vulnerability
monitoring system, Security Incident Event Management (SIEM) system and put several access control systems in place
that allow our cyber security analyst teams to provide fast and effective responses and mitigation of cyber incidents that
prevents intruders from gaining access or escalating their attacks. Additional engineering efforts included the design
and implantation of a Network Access Control System (NACS), Configuration Compliance Management (CCM) System,
Data Loss Prevention (DLP) System, and various enterprise malware prevention and analysis tools. Additional duties
include firewall architectural design and implementation, Enterprise Wireless authentication support, FEMA mobility
security testing, and the remote management of all component firewalls in the FEMA environment.
• Continuously monitored and ensured the confidentiality, integrity and availability of FEMA enterprise networks
and data systems through the expert use of McAfee SIEM/EPO, TripWire’s IP360, Nessus’s Security Center and
various other COTS information assurance based systems.
• Facilitated the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes
• Served as a subject matter expert for IT Security Configuration Items during the Weekly FEMA Change
Management Board
• Managed, maintained and administrated a SharePoint Site for drafting and publishing organizational processes,
procedures, system baselines and associated documentation
• Authored security improvement plans, program plans, policies, procedures, standards, requirements, security
technical implementation guides (STIGs), system security plans (SSPs), security test and evaluation (ST&E) plans,
security assessment reports (SARs), and plan of action and milestones (POA&Ms)
• Provided professional security recommendations to Federal Management to bring systems into compliance with
FISMA, DHS 4300 and other governing directives, policies and procedures
• Proposed and implemented automated security network controls based upon FEMA's policies and procedures in
TripWire’s IP360, McAfee SIEM/EPO, Nessus Security Center and Splunk
• Created custom Alerts, Alarms, logs and Reports/Metrics utilizing McAfee’s SIEM tools, Tripwire’s IP360 Suite
and Nessus’s Security Center, and various other syslogging tools.
• Provided Security Engineering support and solutions utilizing Nessus SRX and CISCO ASA Firewalls
• Performed monthly Nessus Security Center 4 United States Government Configuration Baseline (USGCB) Scans
• Administrated McAfee Nitro SIEM
• Prepared the monthly executive vulnerability report for the FEMA Enterprise
• Administered and maintained Cisco ACS
• Administered Cisco Security Manager System
• Disseminated and remediated security events
• Implemented FEMA System Change Request (SCR) Firewall Configuration Changes
• Troubleshoot and remediated VPN connectivity problems.
• Designed, implemented and managed Window’s Network Policy Servers (NPS) for wireless authorization.
• Provided professional security recommendations to Federal Management.
• Engineered, configured and maintained FEMA emergency response ASA and VPN architecture
• Scanned the FEMA network infrastructure for security vulnerabilities, patch levels, viruses, and provide detailed
reporting with remediation strategies
Mission 1st Technologies (M1st) LLC
President
July 2007- September 2012
I was the Owner/President of Mission 1st Technologies (M1st) a Service-‐Disabled Veteran-‐Owned Small Businesses
(SDVOSB) Limited Liability Corporation (LLC). I have documented success in providing enterprise level consulting in IT
Governance, Enterprise Architecture (EA), Network Architecture, Program/ Project Management, IT Security and
Operational/Strategic Planning. I have experience in leveraging ISC2, FEA, TOGAF, PMI, ITIL and COBIT Processes and
frameworks to help clients understand their current (as-‐is) architectural state and effectively communicate and realize a
future (to-‐be) architectural vision that sustains and extends their organization’s strategies and objectives.
• As President of M1st I was responsible for all facets of the company this includes the writing of proposals, the
forging of business relationships, drafting teaming agreements, defining schedules, milestone dates,
deliverables, and developing strategic responses to customer Request for Proposals (RFP) and Request for
Information (RFI).
FBI Technical Planning and Controls Unit – IT Governance Group
IT Governance Analyst (Contractor – Mission First Technologies)
September 2009- September 2012
As an IT Governance Analyst I provided IT governance support services to the FBI’s Clarksburg WV Criminal Justice
Information Services (CJIS) Information Technology Management Section (ITMS) Technical Planning and Control Unit
(TPCU).
I aided in the establishment of IT controls and governance processes and procedures.
I helped CJIS establish an
IT governance framework, and I authored division level process, procedures, and policies. I assisted in the development
and maturing of the CJIS’s Enterprise Architecture (EA), Service Oriented Architecture (SOA) and Services Catalog. I
routinely developed IT Enterprise Architectural strategies and actively identified and mitigated risks relative to
scheduling and regulatory requirements. Additionally I designed, deployed and administered a Project Management
Server that integrated Microsoft Office SharePoint Server (MOSS), Microsoft Project Server, Dekker’s Trakker and
iPursuit programs. Utilizing this server I created and hosted the CJIS Master Scheduler, Executive Dashboard and
provided a web front end for the CJIS Enterprise Services Catalog. This site provided real time scheduling updates,
reflected the lead time for each enterprise service, allowed for critical path analysis, what if analysis, clearly defined
cross project dependencies, showed bottle necks in scheduling and resource allocations, demonstrated the impact of
schedule slips across the enterprise and assisted Project Managers in creating costing models and SLAs. Additional
duties included serving as an IT governance Board chair member, planning IT spending allocation across offices, program
and projects management, and business case development and financial modeling.
• Used analytic methods to define work problems while meeting at least monthly with CJIS PMs and Enterprise
Service Providers (ESP). Participated in Integrated Project Teams (IPTs), Technical Review Boards (TRBs) and
other formal and informal meetings to discuss possible scheduling contention issues and review any cross
project implications for upcoming changes. Rigorously tracked 12 project schedules with tens of thousands of
activities in CJIS’s first Integrated Project Schedule (IPS) and routinely notified PMs and ESPs whenever there
was a potential or imminent conflict.
• Served as a Change Management Subject Matter Expert; Tracked various Configuration Items to determine
their overall architectural significance, identify cross project dependencies, and float critical issues to executive
management
• Data mined Key Performance Indicators (KPI) for Executive Dashboards through the use of Microsoft Office
SharePoint Server (MOSS) Business Intelligence (BI) features
• Developed an IT Governance data warehouse MOSS that centralize CJIS Project data, schedules, deliverables and
artifacts
• Created a Visual Basic (VB) program for the CJIS Enterprise Architecture (EA) Group that was used to identify
architecturally significant artifacts from the metadata from multiple data warehouses. This program scored,
categorized and labeled artifacts based on a taxonomy I created using the Federal Enterprise Architecture (FEA).
The taxonomy was utilized to;
o Consolidate like services across the enterprise
o Identify, establishing and maturing services for use Enterprise Use
o Catalog services and migrating programs, projects and initiatives to appropriate organizational units
required for transitioning to a Service Oriented Architecture (SOA)
• Reviewed requirements, gathered information, and prepared several reports in the course of assisting the CJIS
Architecture group facilitate the adoption of SOA
• Analyzed Project documentation and identified common proposed technical solutions that provided
management with opportunities for cost avoidance and the elimination of replicated services
• Conducted project/product-‐level milestone reviews of CJIS projects through each phase of the FBI’s life cycle.
• Routinely briefed FBI Executive Management (FBI Assistant Director, CIO, PMO, IT Governance Secretariat and
various CJIS Program and Project Managers) on ongoing IT Governance and Enterprise Architectural efforts
• Developed and managed a SharePoint/Project Server Web Portal to host technical reports, documentation, and
Project Schedules
• Utilized Dekker’s iPursuit to create complex charts and graphs as required for briefings. Some examples of these
dashboards include critical path method Gantt charts, issue tracking bar charts, executive overview charts with
drilldown capabilities and a Virtual Blade utilization chart all processed in Dekker and rendered in Excel
FBI Communications Technology Unit – Engineering and Analysis Group
Principal Network Engineer (Contractor – DHA)
October 2007 – September 2009
While employed with David Hale Associates (DHA) I provided network engineering support and project oversight of the
Criminal Justice Information Services (CJIS) Network Consolidation Project (NCP) for the FBI in Clarksburg WV. My duties
included engineering support, design, configuration, development, integration, and the deployment of an enterprise
network that utilized scalability and integration of Commercial off-‐the-‐shelf (COTS) hardware and software. This design
ensured faster throughput, increased port densities, full redundancy, logging and auditing capabilities, remote
monitoring and management and permitted for lateral expandability for future development. Additionally I configured
and deployed campus wide infrastructure changes and upgraded old existing Cisco network devices to support the latest
technologies.
• Met with multiple stakeholders of legacy networks to determine system transition requirements and perform
traffic analysis
• Developed and implemented network transition plans for legacy system transitioning into SEN
• Routinely gathered technical requirements devised solutions and communicated the business value of
recommended solutions to stakeholders; Presented various project synopses and system solutions to CJIS PM’s
and enterprise service providers.
• Prepared numerous Engineering Change Requests and championed them through various engineering review,
and Technical Interchange Boards. Additionally conducted workshops, developed system security plans (SSPs)
and completed proof of concepts.
• Leveraged remote management technologies to deploy enterprise network changes across the WAN
• Engineered and Configured Cisco devices on the CJIS Core, Distribution, Access and DMZs utilizing 7600’s,
6500’s, 4500’s, and 3500’s
DHS Office of the Chief Information Officer
Tier III Network Engineering and Telecommunications Tier II MS Active Directory (Contractor – TWD)
October 2005 – October 2007
While employed with TWD I worked as a Network\Telecommunications Engineer for the Department of Homeland
Security (DHS). While employed with TWD I served as a Network\Telecommunications Engineer for the Department of
Homeland Security (DHS). I provided network design, operational support, hands-‐on implementation and configuration
of routers, switches, hubs, cabling, and phone systems for DHS COOP Headquarters Services Division. I managed,
designed, and maintained campus-‐level multi-‐area OSPF networks using large-‐scale network devices such as catalyst
3500, 4500, 6500, and 7600 series switches. I actively designed, implemented, and troubleshoot VLANs using Spanning
Tree Protocol, VLAN Trunking Protocol, inter-‐VLAN routing, and trunking with ISL and 802.1q. Additional duties included
designing, installing, and maintaining secure networks by utilizing Taclanes. I managed a secure Redcom IGX switches
that was used for TS and bellow STE-‐R conferences calls. I Routinely tested and evaluation procedures for computer
systems, switches, phone lines (ISDN, analog, digital), and phone systems to determine efficiency, and reliability.
I often worked directly with senior federal management from multiple agencies to determine operational requirements,
engineer solutions, devise timelines, develop procedures, and create standard operating procedures. I assisted the DHS
IT security team in documentation, testing, and evaluations of network components for preparation of the Certification
and Accreditation related activities. I followed Configuration Management policies and Procedures and regularly created
Engineering Change Requests.
• Applied analytical techniques in course of designing, installing, and maintaining diverse information systems for
various federal entities. Provided technical assistance and maintained complex systems and subsystems, using
vendor engineering releases and utilities.
• Worked with DHS to define new configuration Management policies and procedures. Regularly creating
Engineering Change Request and championed them through the Security Review Board, Engineering Review
Board, and Configuration Management Board.
National Geospatial-Intelligence Agency (NGA)
Infrastructure (Contractor – Intervise Consultants)
March 2005 – October 2005
Worked with NGA Bethesda on LAN upgrades, where I was responsible for the installation of fiber optic and copper
backbone, ZDB's, Cable Tray, Liskey Boxes, ZIPs, copper terminations, punch downs, fiber-‐optic terminations, and fusion
splicing. I'm fully trained and experienced on UNICAM, epoxy, and hotmelts SM, MM, SC, ST, LC, SFF, and MTRJ fiber-optic
terminations. I've also installed and repaired conduits, cables, wires, and auxiliary equipment following blueprints.
Further, I maintained detailed paperwork and test logs for all cable installation plans.
United States Navy - Cryptologic Technician Maintenance (CTM) Petty Officer 2nd Class
January 1999 –January 2005
National Security Group Activity (NSGA) Naples Italy
Work Center Supervisor
April 2003 – January 2005
While stationed at NSGA Naples Italy I directly supervised 8 Maintenance Technicians. Analyzed workflow, assigned, and
created schedules to meet command initiated priorities and goals. I was directly responsible over all command
equipment that provided cryptologic communications and secure network access to COMFIFTHFLT, COMSIXTHFLT, local
Commands and NATO forces operating throughout Southern Europe, and the Indian Ocean. My work center provided
alternate communications to LANT and WESTPAC Commanders. I directed daily operations of the department and
coordinated project activities with other departments. I provided leadership and training of trouble-‐shooting techniques
to subordinates that streamlined operations and added to overall command productivity. I led by example by serving as
an on-‐call technician, responding to operational trouble calls. As a collateral duty I served as the Command Safety
Officer where I received my OSHA Certification. Duties as Safety Officer included, monthly safety training to over 100
Navy personnel, and the reporting of all command incident reports. Additional duties performed as the Command Safety
Officer included weekly fire and health inspections as well as weekly safety reports to the Commanding Officer and
monthly safety reports to NAVOSH. I was awarded the Navy and Marine Corps Achievement Medal for outstanding
performance of primary and collateral duties while stationed at NSGA Naples Italy.
NSGA Sugar Grove
Maintenance Technician
April 2000 – April 2003
While stationed at NSGA Sugar Grove (WV) I worked as a maintenance technician where I performed preventive and
corrective maintenance on multi-‐million dollar COMSAT equipment, communication and microcomputer systems,
emergency radio communications equipment, phone and networking systems as well as other peripheral devices. I was
responsible for command initiated installations and upgrades on information systems, LAN/WAN networks, computer
systems and power. I assisted watch floor operations with hardware and software problems, performed maintenance of
information systems, satellite modems, converters, multiplexers, routers, switches, hubs, and workstations. I quickly
identified problems and provided appropriate solutions. I was promoted to a Maintenance Watch Supervisor where I
was directly responsible for the supervision and training of 5 personnel and was responsible for ensuring the proper
operation of over 20 systems and circuits. I was awarded Navy and Marine Corps Achievement Medal for outstanding
performance of duties.
NSGA Corry Station
Maintenance Technician
April 1999 – April 2000
Attended CTM A and C Schools where I was trained on how to perform corrective maintenance of sophisticated
cryptologic equipment, networks and systems. Additional training included install, test, troubleshoot, repair or replace
cryptologic networks, physical security systems, electronic equipment, antennas, personal computers, auxiliary
equipment, digital and optical interfaces and data systems; and configure, monitor and evaluate Information Operations
(IO), Information Warfare (IW) systems and Information Assurance (IA) operations.
RTC Great Lakes
Maintenance Technician
January 1999 – April 1999
Attended United States Navy Boot Camp.