Lee R. Neeper, CISSP

819 Pheasant Ct. Hummelstown, PA  17036

Telephone (814) 577-9056

LRN5000@gmail.com

 

 

Education & Certifications

 

Bachelors of Science Degree in Information Sciences and Technology with Integration and Application Option and Networking Option                                                                                    May 2008

   

The Pennsylvania State University, State College, PA

GPA: 3.3/4.00

 

DoD Top Secret Security Clearance

DoD Secret Clearance

Position of Trust Clearance

CISSP – Certified Information System Security Professional

 

Work Experience

 

Veris Group, LLC (September 2011 – Present)

Client:  Defense Logistics Agency (DLA)

Program:  Information Assurance (IA)

Title:  Deputy Project Manager of Information Assurance Group

·  Manage a team of 5 C&A auditors as they perform DIACAP Certification & Accreditation (C&A) reviews within the Department of Defense (DoD) Defense Logistics Agency (DLA).

·  Review and certify company and client time cards, expenses, and training as required.

·  Perform new hire, training, and termination duties for all onsite employees.

·  Assign government supplied tasks, requirements, and directives to team members to meet contract and individual project deadlines.

·  Coordinate and plan future tasks and projects with government COR and TCOR.

·  Responsible for conducting C&A reviews in direct support of Federal Information Security Management Act (FISMA) compliance.

·  Working to transition all legacy DIACAP packages to the new FISMA required NIST standard RMF (Risk Mangement Framework).

·  Conducting DIACAP activities on over 30 network enclaves and applications in the United States and overseas. 

·  Conducted full phase DIACAP services using eMASS as the Certification and Accreditation tool. Used 8500.2 controls to conduct Security Testing and Evaluation and conducted analytical and technical testing onsite.

·  Audit or produce the following C&A documentation as required, Disaster Recovery Agreements (DRAs), System Security Plans (SSPs), Configuration Management Plans (CMPs), Contingency Plans (CPs) [including Continuity of Operations Plans (COOPs) and Disaster Recovery Plans (DRPs)] and Plan of Action and Milestones (POA&Ms).

·  Provided knowledge of National Institutes Standards of Technology (NIST) certification methods.

·  Use 8500.2 controls to conduct Security Testing and Evaluation and be able to conduct testing analytical and technical testing onsite. 

·  Provided experience using DODI 8500.2 controls and awareness of all DOD and NIST standards used in Certification and Accreditation.

·  Reviewed Security Technical Implementation Guidelines (STIG).

·  Provided knowledge of wireless infrastructure and associated security requirements typical in a large distribution facility.

·  Reviewed, analyzed, and processed output from security tools, such as eRetina or DISA Gold Disk, to assist Information Assurance Officers (IAO) and administrators in the discovery of IA vulnerabilities.

·  Knowledge of Configuration Control Board (CCB) processes typical for a major headquarters organization.

 

General Dynamics Information Technology (November 2010 – September 2011)

Client:  Pennsylvania Army National Guard (PA-NGB)

Program: Mission Training Center (MTC)

Title:  Senior Information Security Analyst Level III

·  Provide security C&A support for the MTC.

·  Ensure DIACAP compliance at all times.

·  Perform system test and evaluation on Windows 2008 Server systems.

·  Interview end users and collect data that will be critical for the development of C&A packages.

·  Ensure DISA Gold Disk, DISA STIG, and DoD C&A policy guidance.

·  Analyze collected data and write C&A documents per DIACAP and USA policies, including System Security Plans, Risk Assessment Plans, Privacy Impact Assessments, Plans of Actions and Milestones, Security Test and Evaluation Plans, and Contingency Plans.

·  Perform security analysis of approved Active Directory Forest architectures based on applicable DoD and Army server configurations.

·  Generate type and site certifications for deployed systems.

·  Generate documentation for interim authority to connect.

·  Document and provide to the Government system architecture and operating environment. Develop and maintain the System Security Plan. Participate in information system risk assessments and Security Test & Evaluations (ST&E) during the Certification and Accreditation (C&A) process. Develop, document, and integrate technical security solutions.

·  System testing, evaluation and configuration of Red Hat Enterprise Linux Server and workstations.

·  Planning, installing and configuring a McAfee ePO server.

·  Installing, configuring, and scanning with eEye Retina vulnerability scanner.

·  Purge classified and unclassified hard drives using the Army Universal Purge Tool (UPT).

 

SRA International (September 2009 – October 2010)

Client:  Federal Aviation Administration (FAA)

Program:  Cyber Security Management Center (CSMC)

Title:  Information Assurance Engineer

·  Performed on a daily basis: Packet-level Analysis, Intrusion Analysis, Intrusion Detection, Penetration Testing, Ethical Hacking, Computer Forensics, and System/Network Administration.

·  Reviewed millions of security events daily using ArcSight console.

·  Supports a Civilian Agency Computer Emergency Response Team (CERT) organization protecting the network security of tens of thousands of users supporting elements of the nation’s critical infrastructure.

·  Perform in-depth analysis in support of Network Monitoring and Incident Response operations supporting multiple Cabinet-Level Federal Agencies.

·  Worked with a team of approximately thirty information assurance professionals working with Intrusion Detection System (IDS) software and hardware, analyzing IDS data, writing reports, briefing event details to leadership, and coordinating remediation with personnel throughout the globe.

·  Developed requirements for technical capabilities for cyber incident management

·  Recommended configuration changes to improve the performance, usability, and value of cyber analysis tools.

·  Ensured technology employed by the incident response team compliments operational processes.

·  Identify, analyze, remediate, and report on cyber security incidents.

·  Interacted with cyber intelligence analysts conducting threat analysis operations as well as numerous IT professionals performing varying technical roles within the client organization.

·  Provided verbal briefings to clients on pending cyber incidents.

·  Analyzed malware to determine direct threat to client organization.

·  Coordinated with US-CERT as necessary to convey incident information.

·  Maintained detailed incident logs in analysis database.

·  Maintained a VMware lab for testing of malware and exploits to better understand the effects and damage experienced by the client organizations.

 

Weis Markets (April 2009 – September 2009)

Title:  Project Coordinator

·  Manage and collaborate projects between the 5 internal IT organizations.

·  Implement software and hardware solutions to over 165 store locations in 4 states.

·  Design project plans using Microsoft Project 2007.

·  Develop scope of work and function requirement documents for IT projects.

·  Review and approve statement of work documents from company consultants.

·  Test new systems in lab environment and at test pilot locations.

·  Develop and update store system documentation.

·  Work with vendors and external consultants on projects.

·  Attend weekly meetings with all internal IT organization managers.

·  Manage and track project schedules for current and future IT projects.

·  Design, Test, and Implement IBM 4690 point of sale operating system and controller.

·  Design, Test, and Implement IBM automated checkout lanes.

·  Design, Test, and Implement wireless Motorola MC 9090 hand held scanners.

·  Design, Test, and Implement interior and exterior wireless point of sale system.

·  Setup and configure Motorola WS2000 wireless switch.

·  Setup and configure Motorola access points.

·  Using Air Defense servers monitor all wireless traffic over WIP sensors.

·  Manage and configure Motorola hand held’s using Motorola MSP server.

·  Configure and test VeriFone MX 870 pin pads for PCI transaction compliance.

·  Research and verify that the company is abiding by all PCI standards.

·  Perform risk assessments to network devices that have been compromised.

 

Nittany Computer Service, LLC (June 2008 – January 2009)

Title:  Office Manager

·  Manage all aspects of the business and the performed labor.

·  Worked with 19 subcontracted clients to manage multiple Windows server clusters.

·  Managed and maintained all clients active directory and group policy’s ranging from 50 – 200 local and VPN clients.

·  Managed and maintained Exchange Server 2003 for 4 clients consisting of 50 – 300 attached email addresses.

·  Remotely managed client’s anti-virus protection via Symantec Endpoint Protection Server.

·  Perform upgrades, repairs, and maintenance to customer’s computer equipment.

·  Work in conjunction with various vendors, such as Dell, IBM, Toshiba, and Acer to acquire replacement parts and upgrade parts.

·  Work in conjunction with multiple businesses who are not in need of a full time IT person, however still require weekly IT work.

·  Work with small to large businesses managing all aspects of their computer systems, networks, and proprietary software and hardware.

·  Worked with medium to large new office buildings to design network scheme’s including all necessary hardware and network equipment so that the building can then be wired for tenants upon completion of construction.

·  Maintain and test client offsite backup data via web based applications.

·  Performed vulnerability scans using Nessus vulnerability scanner.

·  Implemented Symantec Endpoint Protection anti-virus server.

·  Setup 3Com wireless networks with hot spot and range increasing antennas.

·  Wire office buildings with Category 6 networking cable and coaxial cable.

·  Service and repair all Hewlett Packard laser printers, color laser printers, and MFP printers.

·  Consult clients on how to improve design and usability of company websites and web portals.

·  Provide training on multiple software suites to end users.

·  Produce company advertisements and graphics.

 

RE/MAX Centre Realty (September 2006 – June 2008)

Title:  Network Administrator

·  Manage 72 individual agent PC’s including 8 central staff PC’s.

·  Designed and implemented all office wide security and internet use policies.

·  Instruct users on “Safe Computing” during staff meetings on an as needed basis.

·  Responsible for maintenance of Windows Server 2003 Active directory consisting of 80 clients.

·  Set and enforced group policies to over 80 clients.

·  Responsible for creation and maintenance of multiple Windows Server 2003 domains.

·  Manage two Windows 2003 servers powered by Dell; serving out multiple network shares and also serving Symantec Anti-Virus definition files to over 80 clients.

·  Migrated Dell server and all client machines from Symantec Corporate Edition to Symantec Endpoint 11.0.  Setup automated virus notification on discovery of a potential threat or network attack.

·  Re-imaged central staff computers weekly via Norton Ghost 12.

·  Perform SCSI hard drive upgrades due to increased data expansion.

·  Manage 5 central Hewlett Packard networked printers including one PDF writing printer.

·  Migrated office network from one LAN into 40 separate VLAN networks to provide security and office separation.

·  Manage 2 300 port patch panels.

·  Manage 4 Cisco 2950 and 2960 switches.

·  Manage 1 D-Link DSS-24 switch.

·  Manage 1 Netgear 24 port switch.

·  Manage 1 Cisco PIX 506e firewall with VPN access.

·  Manage 1 Cisco based T1 router.

·  Manage Cisco 15310 fiber router.

·  Update and maintain Cisco IOS software on all Cisco network equipment.  Backup Cisco IOS software locally and to offsite location for disaster recovery.

·  Manage 10 Linksys Routers providing firewall protection between individual clients.

·  Created multiple network shares with various permissions to accommodate different levels of information access.

·  Maintained system tape backups using Veritas Backup Exec.

·  Facilitate and test offsite and local backup data weekly to ensure quick disaster recovery.

·  Monitor network activity for office policy violations.

·  Install and maintain multiple D-Link security cameras stored on Dell Poweredge server with RAID 1 array.

·  Using Windows SMS deployed operating system repairs and reinstalls, patch management, and software distribution to central staff computers.

·  Work with Palm and Windows Mobile operating systems on a variety of PDA’s.

 

IST Intern, The Pennsylvania State University, DuBois, PA (September 2005 – May 2006)

Title:  Intern

·  Under direct supervision of the director of IST.

·  Responsible for maintenance of Windows Server 2003 Active directory consisting of 300 clients.

·  Assisted intern advisor in creation and implementation of Group Policy standards to all End-Users and Staff of Penn State Dubois Campus.

·  Maintained Exchange Server 2003 with over 200 IST user accounts.

·  Configured and maintained two servers serving out the Penn State Dubois IST website via an IIS 5.x server and Apache HTTP server.

·  Worked with 3 other interns in supporting over 50 Dell Optiplex PCs, 8 Dell Poweredge servers, and 4 IBM servers.

·  Managed and maintained 22 HP Tablet PCs for use by other Penn State IST students.

·  Organized and maintained 12 HP Tablet PCs through the Penn State Wildlife students and faculty, often resulting in accompanying students in field work to troubleshoot problems on site.

·  Assisted in designing, securing, and preparing labs for IST students.

·  Installed CAT 6 network cable, corresponding punch panels, and junction boxes.

·  Networked and maintained 5 individual server racks, each with 2 Cisco Catalyst 2950 switches, Cisco routers, and IBM SCSI servers.

·  Setup and maintained Exchange server 2003 with over 100 attached email addresses.

·  Performed penetration testing against all configured lab devices.

·  Designed and setup an SQL 2000 server to be used in day to day class exercises and testing exercises.

 

Information and Technology Skills

Ø      Information Assurance: ArcSight 4.5, AirDefense Enterprise, AirDefense Mobile, Wireshark, Sourcefire, Snort, PuTTY, WinSCP, Paros Web Proxy, and Blue Coat Proxy, eEye Retina, Universal Purge Tool (UPT).

·  Operating Systems:  Windows NT/95/98/ME/HOME/2000/XP/Vista/7, Windows Server NT/2000/2003/2008, Linux Red Hat 9, Palm PDA, Windows Mobile PDA, IBM 4690.

·  Applications:  All Microsoft Office Programs, Microsoft Exchange Server 2000/2003, Visio 2003, Lotus Notes, Sametime Connect Adobe Photo Shop 9, Adobe Illustrator CS3, Microsoft Windows Media Player, Symantec Antivirus Corporate Edition, Symantec Endpoint Protection, Norton Ghost, All QuickBooks Suites, Remote Desktop, and VNC Server and Client.

·  Networking:DNS, TCP/IP, SMTP, FTP, Cisco Routing and Switch configuration software, Cisco IOS, Wireless Network setup and security, Network design and setup, Installation of network and coaxial cable, including all connectors and wall outlets.

·  Data Base: My SQL and PHP

 

References

 

·  Kyle Snavely, Veris Group, LLC, Vulnerability Group

Lebanon, PA  17042

(717) 769-1091kyle.snavely1@gmail.com

 

·  Joshua Arkey, Army National Guard, Battle Command Training Center IAM

Jonestown, PA  17038

(717) 519-7698joshua.arkey@gmail.com

 

·  William Ainge, Defense Logistics Agency (Retired), Information Assurance Officer

New Cumberland, PA  17070

(717) 877-5460wtasmped3@aol.com

 

·  Tyler Helsel, MSI Technologies, Senior Network Administrator

Pittsburg, PA  15237

(412) 584-9713thelsel85@gmail.com

 

·  Jason Long, MSIS, Instructor of IST

102J DEF Technology Education Building, Penn State DuBois

(814) 372-3000jel115@psu.edu