PAUL C. KRATZ                                                                                         260 Bonita Glen Dr. Apt. X17                                                                                              Chula Vista, CA 91910                                                                                                   Cell:  (619)947-3645                                                                                                         E-mail:  kratzp321@yahoo.com

OBJECTIVE:  Position as an Information Assurance Specialist with emphasis in Accreditation / Certification and Network Security Vulnerability Analysis / Assessment.  Currently hold an active secret security clearance.

SKILLS SUMMARY:

Certification and Accreditation experience in DoD, DITSCAP, DISA Stigs, and DISA Security Checklist experience.  Complete Security Policy Knowledge and Development, IAVA – Information Assurance Vulnerability Alert / VRAM – Vulnerability Remediation Assessment Management, EMASS – Enterprise Mission Assurance Support Center, DON Application Database Management System (DADMS), DoD IT Portfolio Repository – DON (DITPR-DON), Security Readiness Review, DoD 8500, and DoD 8570.01  Scanning tools and methods used include Assured Compliance Assessment Solution (ACAS) which replaced eEye Retina, SCAP Compliance Checker SCC Tool which replaced the DISA Gold Disk, and DISA’s Vulnerator Program.

Information Assurance Specialist – SERCO NA San Diego, Ca. from 11 April 2016 – February 29, 2016

·   Responsible for all aspects of IA on the Training and Operational Readiness Information Services (TORIS) Enterprise program.  Managed the Information Assurance Vulnerability Alert (IAVA) process by updating the U.S. Navy’s OCR Website acknowledging and updating the required IAVA/IAVB/IAVT after the identified vulnerability had been corrected.  Transitioned to the Vulnerability Remediation Asset Manager for the TORIS Enterprise consisting of 6 Virtual Servers in the Navy Enterprise Data Center (NEDC) and the PACFLT-ATGPAC DEVLAN (Developer) Intranet Network consisting of 2 Physical Servers, 5  Developer workstations (Windows 2012 R2), 11 User Workstations (Windows 7), 13 Virtual Servers (Windows 2012 R2), 1 System Administrator Workstation, 2 Database Manager workstations (Microsoft 10), and 1 Assured Compliance Assessment Solution (ACAS) Laptop (Linux 6). 

·   Coordinated with Navy Enterprise Data Center (NEDC) with the transfer of the TORIS Program from the Regional Information Technology Service Center to the (NEDC) SSSCPAC CLIN27 Hosting Enclave (SCHE) consisting of two web virtual servers and four virtual database servers as mandated by the United States Navy.  Worked with NEDC Personnel to provide the necessary information for the Engineering Analysis and Accreditation / Certification documentation (Certification / Accreditation Plan, and Contingency Plan, Retina Scans, and SCAP Scans) to receive the ATO MOD from the Designated Approving Authority.

·   Setup the DITSCAP Accreditation / Certification process (Retina Scans, SCAP Scans, Security Controls in EMASS  Certification / Accreditation Plan, Contingency Plan / Disaster Recover Plan, Incident Response Plan, Test Plan, Risk Assessment Report (RAR), STIG Checklists for the move from the NEDC SCHE to the NEDC Extension demilitarized zone  (EDMZ) (Purgatory) Zone to receive the IATO, and at the same time setup the new TORIS Production Servers (3) and TORIS QA Servers (3) in the NEDC Test & Evaluation zone receiving the Authority to Operate (ATO).

·   Upload monthly PACFLT-ATGPAC DEVLAN (Developer) Intranet Network ACAS Scan data into the Vulnerability Remediation Asset Management System monthly.

·   Q/A monthly Microsoft Security Patching performed by Navy Enterprise Data Center (NEDC) personnel on the TORIS Production Servers and TORIS QA Servers twice a month (after Microsoft Tuesday) by following a precise test plan to ensure the suite of TORIS Applications (EOM repository, TORIS Supply, AEPP 2, work correctly. 

·   Continued to execute and test the SOP for all 5 members of the Development team to run the Radia program allowing them to download and execute the required Microsoft Security patches on S&T NMCI workstations on a weekly basis.

·   ATGPAC Central point of contact to submit trouble tickets to the NEDC Helpdesk tracking them to closure such as:  Data Center Hosting – Outages, Microsoft Security Patching, VMware Security Vulnerabilities, Citrix Account Creation, ACAS Scan Analysis, SCAP Program.

·   Initiated and monitored the Annual Cyber Security Training to be completed for all TORIS team personnel as mandated by the Department of Defense on an annual basis.

·   Streamlined the Account process for TORIS team personnel to receive accounts on the TORIS Servers in the Navy Enterprise Data Center by initiating the SAAR-N request to be completed by the person, sending them to the  Government Representative for signature, SERCO Security Manager for verification, and finally submitted to the Navy Enterprise Data Center (NEDC).

·   DON Application Database Management System (DADMS) and DoD IT Portfolio Repository – DON (DITPR-DON) Subject Matter Expert for TORIS .  These 2 records are updated on a continual basis to ensure accuracy of the record for the Annual Security Review conducted by DoD Echelon I and COMPACFLT ECH II ensuring FISMA Compliance.

·   Currently working on the Accreditation / Certification of the PACFLT-ATGPAC DEVLAN (Developer) Intranet Network consisting of 2 Physical Servers, 16 Virtual Servers, 5 Developer Workstation (Windows 2012 R2), 11 User Workstations (Windows 7), 1 System Administrator workstation (Windows 2012 R2), 2 Database Administrator Workstations (Microsoft 10) and 1 ACAS Laptop (Linux 6).  Completed Security Controls in EMASS, uploaded the following artifacts – Certification/Accreditation Plan, Contingency Plan, Incident Recovery Plan, Test Plan, Risk Assessment Report, ACAS Scans, Security Content Automation Protocol (SCAP), and Security Technical Implementation Guides (STIGs) checklists – 85% complete.   Utilized the DISA Vulnerator program to input the ACAS Scan results, SCAP Scan results, and STIG Checklists to produce excel mitigation spreadsheets for analysis and provide corrective action for vulnerabilities identified.

Information Assurance Manager/Vulnerability Assessment Specialist – Global System Technologies San Diego, Ca from May 12, 2007 – January 22, 2010

·   Downloaded, installed, and managed Symantec Endpoint Antivirus Software and managed the signature file update process providing maximum protection against virus attacks and malicious code for 2 NMCI clin27 Windows 2000/2003 servers.

 

·   Managed the Information Assurance Vulnerability Alert (IAVA) process by supervising and monitoring the DoD JTF (Joint Task Force) and U.S. Navy OCR’s website updating required IAVA/IAVB/IAVT after the identified vulnerability had been corrected.

 

·   Executed and analyzed Eeye Retina Network Security Scans on 2 clin27 Windows 2000/2003 servers and 3 Solaris servers identifying security vulnerabilities and how to fix (via patch, registry key modification, local security policy  modification, or system services modifications) providing weekly statistical data to superiors.

 

·   Utilized DISA STIGS, and DISA Security Checklists to identify security holes, category, and how to fix to further eliminate security vulnerabilities to maintain accreditation requirements.

 

·   Initiated Annual DoD Information Assurance Training for 13 personnel providing the required NMCI Navy User Acknowledgement form outlining the terms, conditions and proper use for operating, managing, and accessing NMCI IT resources.

 

 

 

 

 

 

.

Systems Administrator / Helpdesk Coordinator – Global Systems Technologies San Diego, Ca from May 12, 2007 – January 22, 2010

·   Downloaded and installed DADMS Approved SQL Server 2005 software and loaded SQL Server 2005 Native client software on NMCI Workstations ensuring connectivity For MOCC Norfolk/MOCC San Diego/and worldwide supported Navy and Marine Corp. unites in preparation for MEASURE operations to transition to Oracle Database.

 

·   Setup and loaded 3 offline computer workstations as servers with Microsoft 2000 Server software to serve as Offline Backup storage for 7 MOCC San Diego Windows 2000 network drives (5 application drives, 1 user data storage drive and 1 Admin drive).  XCOPY was performed daily from the online servers to a 120GB Seagate External Hard drive then XCOPIED to offline servers on a daily basis.

 

·   Procured and installed 1 HP DAT 160 GB tape drive with HP Data Protector software to perform System Drive backups and Network backup saves daily, weekly, and monthly incremental daily full weekly and full monthly backups for 2 Windows 2000/2003 Servers on the NMCI Network.  More data was saved at less cost per tape.

 

·   Researched, procured, setup, and installed 2 Windows 2003 Dell R710 servers estimated cost of over $14000 as replacement servers of 2 Windows 2000 servers on the NMCI Network period running and eliminating high category security vulnerabilities prior to connecting to the NMCI Network Domain.

·   Executed Microsoft Defragmentation utility on 2 Windows 2000/2003 servers systems drives and network drives twice weekly to improve servers performance for increased daily workloads.

 

·   Initiated and administered 2 NMCI Clin27 Security Groups populating the groups with authorized users to access data  and preventing un-authorized users to access the systems possibly causing security threats.

 

·   Created Microsoft Access program to be used to document NMCI Computer problems to NMCI Helpdesk identifying the problem, corrective action taken, and time/date when completed.

 

·   Created, tested, and trained MOCC Supply personnel to use the Microsoft Access program to track inventories, determine when to order supplies and provide superiors with reports when necessary.

 

·   Setup SOP’s for ADP Personnel to run Retina Scan Reports and execute Symantec Antivirus Network Scans.

Access Database Administrator – MANCON (Management Consultants, Inc. San Diego, CA. from October 23, 2006- May 12, 2007

·   Created, tested, and administered 3 Microsoft Access Databases utilizing queries to produce reports to track personnel man hours, Lead Contracting Executives Initiatives, and dollars appropriated/used for all COMFISCS/FISCS Contracts.

Education: 

Bachelor of Science with Major in Computer Science.  Southeast Missouri State University Cape Girardeau, Missouri – Graduation December 1980

·   DoD Cyber Awareness Challenge V2

·   Introduction to DIACAP

Active Duty Military from August 1982 – August 2006.  Retired Honorably 2006.