Lise G. Cloniger
316 Decatur Road
Stafford, Virginia, 22554
lggc@comcast.net
703-927-1700 cell
SUMMARY OF QUALIFICATIONS
Dedicated and resourceful cybersecurity leader with excellent skills in verbal and written communication,
IT project management, technical staff management, System Development Life Cycle (SDLC), eDiscovery
and Computer Forensics (EnCase), Computer Incident Response, Validation & Verification,
security and network engineering, Federal government and DoD regulations and reporting, Certification
& Accreditation - RMF, DIACAP, FISMA, NIST, PII/PIAs and HIPAA regulations. A leader who is
analytical and a goal-focused problem solver able to effectively multi-task in fast-paced, demanding
environments and provide support to Executives, CIOs, IT staff and security personnel.
SECURITY CLEARANCE
Interim Secret (JPAS)
Previously Held Secret and TS (SCI) as of 5/31/2015
CERTIFICATIONS
CISSP (Certified Information Systems Security Professional – ISC2 #213978)
CISM (Certified Information Security Manager – ISACA #1013077)
CISA (Certified Information System Auditor – ISACA #1086001)
IEM (INFOSEC Evaluation Methodology - NSA)
IAM (INFOSEC Assessment Methodology NSA)
CAP (Certified Authorization Professional - ISC2 #213978)
ISSO (Information Systems Security Officer – State Department)
MCSE (Microsoft Certified Systems Engineer)
A+ (CompTIA)
PROFESSIONAL EXPERIENCE
Internetwork Consulting Services, LLC
January 11, 2016 to present
Sr. Cybersecurity Analyst
·
·
Support the CIO and IT Director for Information Assurance and Cybersecurity
Perform and review monthly Nessus scans and work with System Admins to correct
vulnerabilities
· Conduct manual STIG reviews of 2012r2, 2008r2, Windows 7, SQL 2014, SQL 2012,
Applications and Development, Firewalls, VPN, Routers, Switches, SharePoint 2013, SQL
Server and various printers
· Review and revise IT document concerning client’s IT Policy
· Review and revise client’s IT Procedures such as Continuity Of Operations Plan (COOP),
Disaster Recovery Plan (DRP), Backup Plan, Computer Security Incident reporting, etc.
· Work with NOC to closed vulnerabilities from third party assessment
· Conduct monthly Best Practice Analyzer (BPA) on all servers, selected software, and forward
discrepancies to NOC for correction
·
·
Prepare status briefings for CIO and other IT staff
Participate in the installation of NAT
· Conduct quarterly reviews of firewall rules, router/switch config files, Active Directory and VPN
· Review and follow up on Intrusion Prevention Systems (IPS) daily reporting
· Review and follow up on Virtual Private Network (VPN) daily reporting
· Review and follow up on Web Usage daily reporting
·
·
·
Participate in review of proposals submitted for IT RFP for Managed Security Service Provider
Participate in Symantec quarterly meetings
Prepare ad-hoc reports using System Center 2012 Configuration Manager (SCCM)
· Work with remote office IT personnel for resolution of security issues
· Work with SharePoint personnel to mitigate vulnerability findings
· Conduct hardware and software inventory through SCCM and manual checklist, updating internal
inventory application
Family and Medical Leave
February 2015 to January 2016
DIGICON
October 2010 to February 2015
Senior Cybersecurity Analyst
· Designated the Cybersecurity Analyst SME and Defense Contract Audit Agency (DCAA) HQ
Technical Area Security Officer (TASO), provide direct support to the Senior Information
Assurance Officer (SIAO), the agency Information Assurance Manager (IAM), the DCAA
Privacy Office, the DCAA Records Management Office and the Chief Information Officer (CIO)
for the Defense Contract Audit Agency (DCAA)
Lead cross-functional teams, remote and on-site
·
· Work with 278 off-site system administrators to security harden remote regional networks
· Conducted remote and on-site manual and automated vulnerability assessments
· Conducted remote and on-site computer forensics and ediscovery cases
· Work across IT disciplines, acquisition and legal directorates, and Privacy Office to direct
personnel in the requirements, design and implementation of new technology and security into the
network and enclave boundary for a network supporting over 5,000 personnel located stateside
and overseas
·
Prepared, maintain RMF and DIACAP packages and Plan of Action and Milestones (POA&M)
and deliver executive briefings for 3 enclaves, 2 sites and over 50 business applications
· Conducted all activities to obtain IATTs for Wireless and VOIP pilot installations at HQ
· Conduct IA reviews of software change requests (SCRs)
·
Perform Terminal Area Security Officer (TASO) duties to include review and approval of user
and personnel change requests (DD2875) requests for computer access for DCAA Headquarters
personnel
· Conduct quarterly reviews of firewall rules, router/switch config files, Active Directory, VPN and
sensor readings
·
Conduct hardware and software inventory through SCCM and manual checklist, updating internal
inventory application
· Update all Certification & Accreditation (C&A) supporting documentation for 3 enclaves, 2 sites
and various applications. Documentation includes: System Security Plan (SSP), VISIO network
architectural diagrams, POA&M, Risk Analysis reports, PIA reports, Scorecard, Ports Protocols
& Services (PPS), System Identification Profile (SIP), Continuity of Operations (COOP),
Disaster Recovery Plan (DRP), Incident Response Plan (IRP), Vulnerability Management (VM)
Plan, Backup Plan,
·
Performed the IA Control Annual Review for 3 enclaves, 2 sites and over 50 business
applications
· Conducted IA reviews of waiver requests, prepared waiver memos and briefs prior to submitting
to CA
·
·
Perform monthly scans and reviews of all SSCM, Retina, Gold Disk, SCAP and other
vulnerability scans. Compare and document open findings for resolution by sysadmins. Assess
and document false-positives prior to incorporation in the POA&Ms.
Trained software developers on implementation of STIG in the SDLC. Conducted MS Lync
weekly meetings to resolve software developers security programming issues
· Managed ten (10) software developers in conducting STIG reviews of over 50 business
applications
· Develop agency IT backup plan and incorporating it into the agency DRP and COOP.
·
Perform research into IA security issues such as Wireless Security Technical Implementation
Guide (STIG) settings, Windows 2008R2 Group Policies, DoD Directives, Regulation’s,
Instructions, FISMA, FIPS and NIST Special Publications.
· Attend monthly Regional Information Technology Agenda (RITA) meetings, vendor meetings
and presentations. Provide assessments of products
·
·
Provide assessments of products to ensure FIPS 140-2 compliance and adhering to the DoD
Authorized Products List
Provide IA responses to information technology (IT) security issues.
· Review and provide input on the IA Annual Security Awareness Training program content and
online training course.
· Review and provide input on the Agency System Development Life Cycle (SDLC) guide
·
·
Prepare briefs for various IA issues such as Personally Identifiable Information (PII), and Federal
Desktop Core Configuration (FDCC).
Prepare Privacy Impact Assessments (PIA)
· Conduct computer incident investigations and prepare USCERT reports and/or Privacy Officer
notification, as needed.
· Develop agency computer usage policy incorporating laptop wireless usage requirements.
·
Prepare Encryption User Manuals for flash, emailing and CD storage of files for 3 operating
systems.
· Develop other training manuals such as Adobe pdf document signature, User Manuals for agency
conversion from XP to Windows 7, Annual IA Security Awareness training, EnCase computer
forensics procedures and processes, etc.
·
Wrote the IA portion of Request for Proposals (RFPs) and provided editor services for other RFP
sections.
EDC Consulting, LLC
March 2010 to September 2010
Senior Information Assurance Analyst/Information Assurance Officer
· As the IA SME and designated IAO, lead the IA support for a Business Transformation Agency
(BTA) program in the Concept phase, pre and post milestone A/B.
· Remotely managed cross-functional teams for security architecture, business case analysis and
system development life cycle (SDLC)
· Develop the IA Strategy, ISP, PPP documentation for submittal to the IRB and Military
Department’s (MILDEPs)
· Develop the IA requirements and the Security Requirements Traceability Matrix (SRTM), and
start the DIACAP process by completing the SIP and the DIP.
· Review and provide IA comments for the Hosting Strategy, Solutions Strategy, Testing Strategy,
Interface Strategy, Data Conversion Strategy, Data Management Strategy, Data Quality Strategy,
Architecture Strategy, Risk Management Strategy, Data Flow diagram requirements and Request
for Proposal documents.
·
Provide IA insight of DoD Directives, Instructions, Guides, STIGS, FIPS, NIST Special
Publications, CTOs and other DoD regulations to government PMO and contractor personnel.
· Develop detailed IA Work Breakdown Structure (WBS) and mapping of IA controls to DIACAP
documents required for compliancy validation
· Respond to IA data calls.
· Attend bi-weekly IA meetings, weekly contractor staff meetings, BTA IA IPT meetings
·
Prepare IA agenda for bi-weekly meetings, brief PM to gain input into meeting agenda
Technology Associates International Corporation (TAIC)
July 2008 to March 2010
Technical Manager / Senior Information Assurance Analyst
·
Serves as a Senior Information Assurance Analyst at Technology Associates. In the position of
Technical Manager (Team Lead), provide IA subject Matter Expertise and daily operations
management for the Director of Marine Corp systems Command (MARCORSYSCOM) SIAT IA
and the Government IA Team in support of the new SIAT IA contract.
·
Provided remote subject matter expert (SME) to PM’s and other technical personnel
· Under the previous incumbent: 1) Developed a system tracking spreadsheet for the government
NG client and provided user training; 2) Provided on-base government facing IA expertise to
government client for NG; 3) managed and performed, with 6 team members, the CA review of a
high-priority system, with a NIPR and SIPR component, in 4 days; and 4) over 3 months, through
on-site and telecom, provided guidance to the IRSS developer in the development of
system Certification & Accreditation (C&A) documentation.
· Contributed the written IA portion of the new SIAT contract proposal (contract awarded from the
incumbent) and provided editor services for other Request for Proposal (RFP) submissions.
· Defined the team skill requirements and participated in the staffing interviews for the SIAT
contract proposal, managed staff, performed team HR responsibilities.
· Developed the concept and technical requirements for a database to fulfill the SIAT proposal
contractual requirements.
·
·
Provide government client with hardware and software inventory through manual checklist
Provides daily management of processes and changes, work load and delegation, staff
management, customer support, meeting support, training support, oversight of adherence to
government regulations, staff certification training and human resource issues, payroll and leave
issues, weekly reports, system status updates, quarterly report inputs, and approval of expense
reports.
· Developed processes, procedures and templates for the new SIAT IA contract, including a Risk
Analysis to be used in the C&A reviews.
· Upon contract award, worked to implement the contract by securing office space, phone,
computers, staffing, implemented technical requirements outlined in proposal, while maintaining
open relations with the government client and continuing the C&A review work.
· Documented detailed DB requirements and design to meet technical requirements stated in the
proposal.
· Developed one source of IA Control C&A review templates, information and wording to be used
in providing standardized MFR C&A review and Risk Analysis reports.
·
Perform C&A, IACID, DIP reviews and management oversight of the IV&V Validation Team
· Mentor 6 team members
Softworld, Inc.
May 2006 – June 2008
Senior Information Assurance Analyst
·
Provide IA Project Management services on two IA programs for the Defense Information
Systems Agency (DISA) Program Management Office (PMO), on a DISA IA/Computer Network
Defense (CND) contract – one being User Defined Operational Picture (UDOP) and the other was
Host Based Security Suite (HBSS)
· Conducted remote project management (PM) meetings
·
Perform PMO oversight and technical reviews of Certification and Accreditation (C&A),
Training, KnowledgeBase, AKO/DKO project portal, Configuration Management, Testing &
Evaluation and Implementation; updated master PM schedule, developing processes and
procedures for each area
·
Team Lead for the development of McAfee online and classroom training content, and worked
with Carnegie Mellon developers to review design documents, storyboards and audio for CBT
training development
· Developed and maintained AKO/DKO project portal while training replacement
·
Prepare C&A documentation, Strategic Plans, CONOPs, SSAA's, MOA's/MOU's/ULAs,
InterOffice Memorandums, CM and SE documents, Test Plans and Templates, User Manuals,
pilot test program User Survey’s and white papers
· Review and provide comments for documentation and presentations prepared by
government/military personnel and other contractors
·
·
Participate in presentations, briefings, meetings and TAG's for agency directors, military and
government personnel on network architecture, engineering and CND
Provide assessments of products to ensure FIPS 140-2 compliance and adhering to the DoD
Authorized Products List
· Member of Configuration Management Team providing final review and comments on test plans,
NSA and SAAT testing and software development
· Develop Baseline Change packages, briefings and release announcements
DiSYS
June 2005 - April 2006
Senior Information Assurance Analyst
•
•
Team Lead, remote and on-site, in developing a National IT Security Program for the CIOs
Office of the Bureau of Land Management
Prepared, maintained and delivered executive briefings on the Plan of Action and Milestones
(POA&M), IT Security project plan, FISMA and OMB reports
• Developed IT Security policies and procedures, IT security training courses, CM security review
training, and a Master IT training program with designation of appropriate training per technical
job description
• Annually conduct government client hardware and software inventory through manual
checklist, coordinating with SysAdmins in State Branch Offices
•
Performed IT security reviews and risk analyses for National CM program and represented the
CIO as a voting member of the Nation CCB
• Organized and hosted the 1st bureau-wide 3-day IT Security Conference, interviewed and
arranged guest speakers, training courses, facilities, accommodations, IT services, taught a course
on security in the CM process and compiled participant surveys
•
·
·
•
Provided direct oversight of National IT Testing Lab, IT Security Managers and security test
plans
Provide assessments of products to ensure FIPS compliance
Performed final review of C&A packages, prepared briefings for the CIO and DAA on emerging
technologies, prepared white papers on a variety of research issues
Performed oversight and support of Web scans, vulnerability remediation, and briefed the CIO on
IT security recommendations for reconnection of multiple bureau-wide web sites
SECURITY CONSULTANT
January 2005 - June 2005
Information Assurance Analyst / Network Security Engineer Consultant
Project I:
• Developed a network security program for a property management company to include policies,
procedures, C&A, ST&E, CP, SSP and prepared risk analysis and remediation reports
• Worked with SA to remediate findings, rescan and prepare final reports
Project II:
• Developed a network security program for a real estate company
•
Performed a ST&E, prepared remediation and risk analysis reports
IMG, INC.
September 2004 - January 2005
Senior Information Assurance Analyst / Senior Network Security Engineer
•
Performed technical project management, personnel management on a US Army contract
• Developed architecture and installed a stand-alone network testing lab, maintained servers and
clients within DoDIIS, DCIS 6/3, DITSCAP and 8500 series standards and verified network
security posture
• Developed Requirements Traceability Matrix’s (RTM), test plans, testing schedules, and daily
test status reports
•
·
·
•
Prepare and install desktop and laptop images to be used in the testing environment
· Developed written software testing procedures and multiple Installation Guides for technical
personnel software installations using various operating systems
Managed daily testing suite/programs, regressions test plans, bug reports and testing reports
STIG’d test network, ghosted images, developed CM plan and presented findings to the client
Performed testing of military software to ensure functionality and adherence to DoDIIS, DCIS
6/3, DITSCAP and 8500 series standards
STG, INC.
September 2003 - August 2004
Senior Network Security Engineer
•
•
•
Performing Certification and Accreditation for the Department of State
Utilized NIACAP, DITSCAP, NIST 800 series and FAM 600 series standards, BTK, ISS &
HarrisStat to perform Standardized Testing and Evaluation (ST&E) on network systems and
applications
Conducted Self-Assessment interviews of SAs/Network Engineers and ISSO’s, ran BTK and
Gold Disk san tools, analyzed raw scan data, prepared remediation reports, presented findings to
ISO and PM, prepared final ATO/IATO reports and Certifying Agent memo’s for the DAA
signature
•
•
•
•
Prepared the Risk Analysis report and developed VISIO network diagrams
Developed technical implementation guidance documents on System Security Plans (SSP),
POA&Ms, Contingency Plans (CP) and other NIST documentation
Worked with contractors, CIO, ISSOs, Security Teams and SAs
Developed training manuals for in-coming CA Security Analysts
WHEELER NETWORK DESIGN
January 2003 - June 2003
Technical Manager / Network Security Engineer
•
•
•
•
Team Lead, with staff management responsibilities, on a network security design and
implementation project for the Department of State
Provided technical assistance and training in conducting Self-Assessments, the development of
SSPs, the IV&V process, FAM 600 series and NIST 800 guidelines, and the preparation of
Remediation Reports
Provided Level III technical assistance for domestic and international locations
Performed final QA on all OpenNet+ Remediation Reports packages prior to briefing the DAA
September 2002 - January 2003
Regional Technical Lead, International Team - Network Security Engineer
•
•
Provided technical expertise on network security solutions for a State Department project
Performed IV&Vs, analyzed raw scan data, prepared remediation reports, provided technical
assistance to SAs and ISSOs, performed technical reviews of Post and Bureau corrective action
reports and prepared final reports for submittal to the DAA
GETRONICS GOVERNMENT SOLUTIONS
May 2000 – July 31, 2002
Senior Network Administrator (Pentagon)
•
•
•
•
•
Performed Network Administration for a classified and unclassified OSD/P&R network
Developed and maintained disaster recovery plan, security patch & IAVA program, online
backup program, SSP, CP, VISIO network diagrams, Security Briefing Program, performed
Security Self-Assessment and acted as liaison to the C&A team
Prepare desktop and laptop images
Monitored firewalls, routers, gateways, VPN, IIS and network connectivity
Worked with the ISSO to develop and assess security policies and procedures
•
•
•
•
•
•
•
·
•
Designed, built, configured and install servers, and other hardware/software
Installed a testing lab, performed integration testing and deployment to production environment
Project Manager for several multi-vendor high profile classified projects mandated by the
Office of the Secretary of Defense including the OSD/PR SiprNet email migration to the OSD
level (24 team members)
Annually conduct government client hardware and software inventory
Provide assessments of products to ensure FIPS compliance and adhering to the DoD
Authorized Products List
Work with contractor to ensure new cabling adheres to network diagrams
Developed/trained new user in-process procedures, security briefing and procedures
Developed training and user manuals for clients
Custom designed computers for several disabled government users
MANAGEMENT SCIENCES FOR HEALTH
December 1998 – April 2000
Computer Support Administrator - Partnership for Child Health Basics I & II Project
•
•
•
•
•
•
•
•
•
•
Responsible for 7 server, 100 user multi-platform HQ network and 10 overseas networks
Performed IT security self-assessments, security patch installations, network hardening
Developed a Configuration Management, Patch Management and Backup Program
Monitored IDS, IPS, firewall, routers, switches and hubs
Developed IT security policies and procedures, business continuity and disaster recovery plan
Performed IT setup and supported end-of-project presentations for a 3-day government
conference
Developed annual MIS budgets, researched new technology, performed Y2K testing and
implemented HW/SW upgrades
Prepared and presented monthly IT reports to Project Directors
Performed a Needs Analysis then developed and taught end-user training
Designed and maintained the organization’s intranet and internet website
WFI, INC. (FORMERLY ENTEL TECHNOLOGIES, INC.)
August 1996 – December 1998
MIS/Office Manager
•
•
•
•
•
•
•
•
•
•
•
Performed Novell 4.x system administration for 3 server HQ network
Responsible for IT needs analysis, HW/SW purchasing, network setup and remote management
for 10 new out-of-state offices
Managed developers, network engineers and administrative staff
Developed IT security policies, Configuration Management, Patch Management and Backup
Program
Prepared a business continuity and disaster recovery plan
Performed network security self-assessments, managed security patch program, maintained
firewall and ACL’s
Prepared and presented monthly IT reports to company President and VP of Engineering
Developed annual MIS budgets, researched new technology and managed IT projects
Developed IT Purchasing and Inventory Procedures
Synchronized company relocation from Arlington to Reston, Virginia, completing task in one
night
Performed oversight of tenant build-out of new company facility
EDUCATION AND SPECIALIZED TRAINING
CAPELLA UNIVERSITY – Graduation expected 12/2016
M.S. Information Technology / Information Assurance and Security
UNIVERSITY OF PHOENIX – 8/2007
B.S. Business Management
NORTHERN VIRGINIA COMMUNITY COLLEGE – 5/1996
A.A.S. Computer Information Systems
Additional Training:
EnCase e-Discovery
EnCase Forensics
Host-Based Security System (HBSS) - McAfee
AKO/DKO Training Online - DISA
DITPR - DISA
VTE – The Software Engineering Institute's (SEI) Virtual Training Environment
eMASS - RMF
eMASS - DIACAP
Department of Interior University
USALearning.gov
Strayer University
Nextec, Inc.
HP E-Learning
Ryder Systems, Inc.
PROFESSIONAL AFFILIATIONS
ISACA
Information Systems Security Association (ISSA)
Information Systems Security Certification Consortium, Inc. (ISC2)