Leadership/TrainingRequirements
AnalysisProgram Management
Career History
Aquilent
Laurel, MD2015
LEAD TECHNICAL CONSULTANT - CYBERSECURITY
Served as the Security Lead for Center
for Medicaid/Medicare Services (CMS) AWS Cloud Enterprise system providing
Platform as a Service (PAAS) for all CMS Cloud Applications.
•
Security Advisor for cloud architects
and developers standing up new Virtual Private
Cloud (VPC) environments for CMS applications
•
Ensured FISMA and CMS compliance for
new Virtual Private Cloud (VPC) environments for CMS
applications
•
Reviewed FEDRAMP documentation and
applied to documentation as applicable
•
Led effort for Security Controls
Assessment (SCA) for AWS Cloud system leading to system acquiring an
Authority to Operate (ATO)
•
Led effort for SCA leading to
ATO for 7 CMS application systems supported by AWS
Cloud GSS
•
Responsible for providing education on
Cloud Computing/Security to SCA Auditors
•
Directed Cloud Support Team in closing
SCA findings
•
Provided Incident Response for all CMS
Cybersecurity Incident Center (CCIC) Alerts
•
Researched all Indicators of
Compromise (IOC) identified in CCIC Alerts
•
Coordinated Trend Micro support for
incidents involving malware
•
Coordinated technical testing (scans,
load tests and penetration tests) for new applications
•
Reviewed vulnerability and compliance
scans and verified remediation for steady-state systems
•
Updated security documentation and
uploaded to CFACTS (FISMA repository similar to CSAM) as needed
Attain
Mclean, VA2014-2015
IT SECURITY MANAGER/SPECIALIST
Served
as the designated Information System Security Officer (ISSO) for Federal agency
enterprise-wide systems, working closely with the project teams, system
administrators, database administrators, and the client’s security director
to ensure compliance with security policies and procedures and System
Security Plans.
•
Instrumental in acquiring Authority to
Operate (ATO) on two critical systems on compressed timelines
•
Responsible for Project Management of
Security Assessment and Authorization (SA&A) of a new system and a move
of an existing system (outsourced to in-house)
•
Maintained all FISMA-type
artifacts/documents, continuously monitored and updated documentation, and
led the annual security controls review and audit processes
•
Performed vulnerability and compliance
scanning on a monthly basis
•
Reviewed vulnerability scan results and
facilitated the resolution of all high and medium vulnerabilities in a timely
manner
•
Ran and reviewed CIS hardening
compliance scans and ensured system compliance with the client’s baselines;
worked with system/database administrators to resolve discrepancies
•
Managed and helped to close Plan of
Action and Milestone (POA&M) items
•
Developed a disaster recovery plan and
support the client’s execution of the DR plan
•
Developed an incident response plan and
led the team through a simulated incident response test
Juniper Networks
Herndon, VA2013
SENIOR IT SECURITY MANAGER
Assessed
the IT security environment and advised on information security policies and
procedures within all IT systems for Fortune 500 company. Mentored and
evaluated the work of subordinates contributing to security posture and policy.
Evaluated and made recommendations on IT Security tools.
•
Acted as the lead response and advisor
to the security director on incidents.
•
Wrote multiple policies and procedures,
developed presentations for upper management and contributed IT Security
articles for the corporate security newsletter.
•
Participated in the security awareness
program and assisted to increase the participation and completion
percentages, including the implementation of metrics to conduct tracking.
•
Mentored and provided leadership and
work guidance to subordinates.
•
Evaluated and provided recommendations
for security products and vendors
•
Identified weaknesses in Security
posture and recommended mitigation strategies
Department of Justice (DOJ)
Washington, DC2009-2012
SENIOR CERTIFICATION AND ACCREDITATION/IT SECURITY
ANALYST
Assessed security posture and advised on information
security policies and procedures for all Asset Forfeiture IT systems.
Acquired the Authority to Operate (ATO) for systems through the DOJ
Certification and Accreditation process. Developed and evaluated IT Security
documentation to include the system security plan, security and risk
assessments, plans of action, milestones, and privacy documentation. Utilized
various tools to include IBM Tivoli Endpoint Management (BigFix) and Cyber
Security Assessment and Management (CSAM) system to manage risk and track
security posture.
•
Tracked IT security items for AFMS
systems and coordinated with support personnel and the System Owner, the
Information Systems Security Officer and the Information Systems Security
Manager to facilitate the remediation and removal of identified risk items
•
Responsible for Project Management of
DOJ-mandated annual controls assessment, leading to consecutive awards
recognizing branch for timely completion
•
Responsible for Project Management of
Certification and Authorization (C&A) of a new Single-Sign On (SSO)
system
•
Coordinated the annual Contingency Plan
and Incident Response Plan testing
•
Reviewed systems to determine if they
are in compliance with established standards and security requirements
•
Achieved manpower and monetary savings
by facilitating a shift in management mindset to include IT Security at onset
of new programs rather than retrofitting it in later when faults appear
•
Acted as the lead author for Cyber
Security Assessment and Management (CSAM) software for all systems
•
Mentored and provided leadership and
work guidance to subordinates
Department of Homeland Security (DHS)
Washington, DC2009
INFORMATION SYSTEMS SECURITY OFFICER (ISSO)
Managed multiple information systems in various
stages of the systems development lifecycle. Assessed security posture and
advised on information security policies and procedures. Utilized Risk
Management System (RMS) and Trusted Agent FISMA (TAF) software systems to
manage risk and track security posture.
National Oceanic and Atmospheric Administration
(NOAA)
Silver Spring, MD2006-2008
INFORMATION SYSTEMS SECURITY ANALYST
Supported the Data Dissemination branch of the
National Weather Service, engaging in scheduling and the completion of all IT
security tasks and milestones for three separate systems that conveyed
critical weather data for public and international air traffic safety.
•
Developed & oversaw programs to
ensure mandated scanning of remote NOAA Weather Radio sites for security
risks
•
Authored and reviewed IT Security
documentation and updated and recommended changes as required
•
Developed and disseminated IT security policies
and procedures
•
Acted as the lead author for Cyber
Security Assessment and Management (CSAM) software for all systems
•
Developed IT security portions of RFPs,
contract modifications, and other acquisition documents
U.S. Army National Guard
Virginia1982-2007
COMMUNICATIONS MANAGER/CHIEF (E-8)
Maintained and kept operational all electronic
communications systems, developing policy and managing programs for
communications operations and maintenance. Extracted communications requirements
from higher headquarters and developed associated plans for maintenance
requirements. Supervised the maintenance and operations of communications
equipment, and managed the supervision and training of subordinates to
improve performance and assist them in reaching professional goals.
•
Managed program for scheduled
maintenance of all Battalion communications equipment
•
Served as NCOIC (Non-commissioned
Officer in Charge) of radio communications, telephones and computers for
Pentagon Security taskforce during Operation Enduring Freedom deployment
•
Volunteered as Battalion representative
on morale improvement committee during Operation Enduring Freedom deployment
•
Attended various management, program
management and leadership courses
•
Mentored and provided leadership and
work guidance to subordinates
Breakwater Security Associates (Federal Division)
Arlington, VA2005
IT/VOIP SECURITY SPECIALIST
Performed certification and accreditation for the
Veteran’s Health Administration, conducting security assessments of telephone
and computer network/systems at multiple field offices across the U.S. Tested
networks and systems to assess security issues and the overall configurations
for Windows active directory domains, Oracle servers, Voice Over IP (VoIP)
devices and other systems.
•
Developed progress briefings, reporting
VA compliance with baseline security controls, created remediation
strategies, and proposed a process and methodology for continuous monitoring
of systems/networks that have undergone C&A
Mantech International
Norfolk, VA2004
TRANSITION SITE COORDINATOR
Provided program management support and acted as the
Program Manager during absences to transition sites throughout the National
Capital Region to Navy-Marine Corps Internet network. Surveyed sites and
determined requirements for the transition to new systems. Collaborated with
units and various subcontractors to schedule and coordinate the installation
of infrastructure, networks and equipment.
PRIOR CAREER HISTORY:
Staff Systems Engineer, Mantech International, Norfolk VA (2002-2004)
Communications Manager, Army National Guard (active duty), Pentagon,
Washington, DC (2003-2004)
Computer Engineer, Naval Facilities Engineering Command, Norfolk, VA
(1993-1999)
Instructor (Computer Networking; A+
Computer Repair), Tidewater Tech,
Chesapeake, VA (2000-2001)
Education
and Professional Development
BSCpE
(Computer Engineering), Old
Dominion University, Norfolk, VA (1992)
Certifications:
Comptia
Security+
Microsoft
Certified Systems Engineer
Microsoft
Certified Professional;
Microsoft
Certified Professional + Internet
Sigma
Six Yellow Belt
Studying
for Certified Information Systems Security Professional certification