Lawrence Loftley Jr
327 Peaceford Ave
Raeford, NC 28376
Phone: (910)
224-1196
Email: lawrence.loftley@gmail.com
MCP, MCSE, MCSA, MCTS SQL, CCNA, A +,
Network +, Security +, VCP 5, ITIL Foundation Service Management (2011), ITIL
Intermediate Service Operations (2011), Comptia Advanced Security
Practitioner (CASP), MBA-Information Security Management, Top Secret
Clearance 2013 with SSBI
OBJECTIVE
Currently seeking a
position with a company where my 20+ years of strong IT Professional
experience, leadership, analytical/ technical skills, education, and training
can help the company achieve strategic technical objectives.
EDUCATION
St. Leo University -
St. Leo, FL - MBA
with a concentration in Information Security Management, Graduated 04/2009
St. Leo University -
St. Leo, FL -
BS - Computer Information Systems, Graduated 01/2007
CURRENTLY PURSUING and COMPLETED TRAINING
·
Pursuing a
PhD in Information Technology Management with a concentration in Information
Assurance and Security, Capella University – Minneapolis, MN
·
Pursuing
Certified Information Systems Security Professional (CISSP) certification
·
Completed
certification courses in CISSP (Certified Information Systems Security
Professionals) conducted by Logical Security, Inc. in Atlanta, GA in 2011
while working at the CDC.
·
Familiarity
with Developing, assessing, maintaining and managing NERC CIP v5 compliance
and SCADA related process and methodology.
·
Familiarity
with managing critical assets based on IA controls in accordance with NIST,
FIPS 140/199/200, FISMA, and NIFS/ NEI 08-09 guidance
·
Completed
HA100E – SAP HANA – Introduction course – SAP ID S00011446105
·
Completed
HA300E - SAP HANA - Implementation and Modeling course -SAP ID-S00011446105
DOD 8570 CERTIFICATIONS
SAP Certified
Application Associate (Edition 2013) – SAP HANA - Certified
SAP Certified
Technology Associate - System Administration (MS SQL DB) with NetWeaver 7.0 -
Certified
Comptia Advanced
Security Practitioner (CASP) - Certified-COMP001020686030
Comptia Security +
Certified - COMP001020686030 (8570 Baseline)
Microsoft Certified
Systems Engineer (MCSE) Certified - Microsoft ID: 1205525 (8570 Computing
Environment)
Microsoft Certified
Systems Administrator (MCSA) Certified - Microsoft ID: 1205525 (8570
Computing Environment)
Cisco Certified
Networking Associate: (CCNA) Certified - CSCO10234384 (Expired but meets 8570
Computing Environment)
ADDITIONAL CERTIFICATIONS
PMI member ID:
619898
Comptia A +
Certified - COMP001020686030
Comptia Network +
Certified - COMP001020686030
Microsoft Certified
Professional (MCP) Certified - Microsoft ID: 1205525
Microsoft Certified
Technology Specialists: SQL 2005 (MCTS) Certified - Microsoft ID: 1205525
VMware Certified
Professional on vSphere 5 (VCP) VCP certification Number: 121770
VMware Certified
Professional 5 on Data Center Virtualization (VCP5-DCV) VCP certification
Number: 121770
ITIL Service
Management (2011) Certified
ITIL Intermediate
Service Operations (2011) Certified
EXPERIENCE
Database Manager /
Knowledge Manager –Crystal Clear
Technologies
June 2015 - Present
U.S. Army Fort
Bragg, NC
Provide specialized
database and information management support across a range of operational and
administrative disciplines in support of classified information, including
serve as principal advisor on deployment of both existing legacy and newly
deployed information technology infrastructure. Support the knowledge
management applications of specialized services and support the Knowledge
Management Center of the U.S. Army Combined Arms Center. Plan, track
and apply IT support for each training evolution, and transfer critical data
and knowledge between and among the Sponsor’s command elements and disparate
and segregated components. Manage and maintain the implementation,
deployment, and management of a controlled, limited access, and proprietary
database in support of the Sponsor’s command structure along with instruction
and applications. Provide security consultation as needed.
SAP HANA Technology
Consultant for Hewlett Packard – Insight
Global
Jan 2015 – June 2015
Remote Work from
Home, Raeford, NC
·
HP SAP HANA Consultant (Work from
home, remote position), providing support for the SAP HANA Deployment
Accelerator service. Plan and review documentation relative to the SAP
Implementation. Performing 70%-80% Travel. Incorporate the HP AppSystem for
SAP HANA into the Customer's local network. Perform validation on the SAP
HANA environment (hardware setup, network connectivity, and bandwidth). SAP
HANA software patching, if required. Install SAP HANA Studio on one PC or
workstation. Implementation of SAP HANA Test Import some sample test
data into SAP HANA and run sample reports using Excel plug-in. Provide
knowledge transfer on the use and operation of the SAP HANA system: Hardware,
Configuration, Networking, HANA Studio, System Administration, Roles and
Users, and Backup and Recovery. Provide services as an HP Consultant by
traveling to assigned customer sites to deploy and configure the Converged
System 300 for Microsoft Analytics Platform (formerly Parallel Data Warehouse
(PDW)) and the data loading or backup server, connect them to the customer’s
network, configuring the 5120 Ethernet switches according to the customer’s
specifications, and test the system using TPC-H test data, which HP will
generate. Also configure the HP Insight Remote Support (IRS) server or VM,
and connect and configure the Converged System 300 for Microsoft Analytics
Platform to the IRS server. Support Microsoft SQL server 2012 for Data
Warehouse. Provide knowledge transfer of the appliance and conduct a hand off
to the customer.
Senior Information
Security Analyst – STG, Inc. Oct 2014 – Jan 2015
U.S. Army Forces
Command (FORSCOM) - Fort Bragg, NC
·
Managing a Team of highly
knowledgeable and experienced team of Information Security Analyst and
Engineers which ensure the highest level of security compliance are adhered
to in accordance with the Department of Defense (DoD), Department of the Army
(DA), and the federal government by providing technical knowledge and
analysis of information assurance, to include applications, operating
systems, physical security, networks, risk assessment, critical
infrastructure continuity and contingency planning, emergency preparedness
and security awareness and training.
·
Conducting security analysis on
existing system's vulnerabilities to possible intrusions, resource
manipulation, and resource denial of service and destruction of resources.
Performing research on the DoD Information Assurance Certification and
Accreditation Process (DIACAP) to Risk Management Framework (RMF) Transition
to support the Army-wide Certification and Accreditation efforts. Develop,
manage, maintain, conduct assessment, and review current DIACAP packages for
updates and changes. Review current processes within FORSCOM for improvement
and development. Develop, manage and maintain the required accreditation and
certification for mission service applications and the development/test
network IAW DoD Information Assurance Certification and Accreditation Process
(DIACAP and the Army's Certificate of Networkthiness (CoN) process.
·
Provides technical support and
analysis to document organization information protection framework, and
support policy and procedures preparation and implementation.
·
Manages the Information Assurance
Vulnerability Management (IAVM) program currently in place in support of
FORSCOM and Army Enterprise Network. Provide technical analysis and
support to document and implement the SIPRnet Public Key Infrastructure (PKI)
for SIPRnet users. Maintain and manage ACAS/NESSUS Scanning tool, Symantec
Endpoint Protection, McAfee Antivirus endpoint solution, eEye Retina, Host
Based Security System (HBSS), System Center Configuration Manager (SCCM), and
Windows Server Update Services (WSUS).
·
Provide weekly and monthly status
reports of mission service applications to ensure IAVA compliance based on
NEC-provided IAVA scan reports and reviewing logs.
·
Possess strong knowledge and
familiarity DoD and NIST IA policies, NERC / CIP compliance, SCADA
related processes, and risk assessment methodology.
·
Perform analysis on programs,
policies, procedures, and processes to evaluate compliance in accordance with
Department of Defense and National Institute of Standards and Technology
(NIST) Information Assurance policies, North American Electric Reliability
Corporation (NERC) / Critical Infrastructure Protection (CIP) compliance, SCADA
related processes, and risk assessment methodology. Where necessary,
recommended improvements, closed gaps, and removed extraneous information.
·
Conduct incident investigations by
using forensic tools and procedures in efforts to gather evidence in the
event that an incident has occurred, consisting of identifying, collecting, and
preparing submissions in response to evidence requests.
·
Assisted in audit preparation
activities, including writing responses for the Reliability Standard Audit
Worksheets (QRSAWs) and identifying, collecting, and preparing submissions in
response to evidence requests. Provided validation during regional audits and
internal mock audits. Provided compliance support to internal business
partners, such as System Protection, Field Operations, Telecom, Management
and Process Control Systems, and others.
·
Provided input and prepared
self-reports of compliance violations; technical feasibility exceptions
(TFE); internal exceptions to cyber security policy; and periodic reports to
regional entities, such as self-certifications, Part B reviews of accepted
TFEs, and quarterly and annual TFE filings. Developed mitigation /
remediation plans and implemented measures to mitigate risk. Communicated
status updates to senior-level stakeholders.
·
Ability to communicate technical
terms effectively in front of an audience and interpret regulatory guidance.
Experience in writing and executing test cases, POA & M's and policies.
Experience in reviewing/editing/writing technical documents. Capable in
conducting high level briefings, presentations and perform public speaking task
when needed.
·
Familiar with technical knowledge
of network devices and interconnections (i.e., routers, switches, IDS/IPS,
firewalls and DNS) and configuring or testing computer systems according to
DISA Security Technical Implementation Guides (STIGs) or similar
configuration guidance.
·
Possess experience working in a
Network Enterprise Center, a Network Operations or Security Center. Dynamic
and results-oriented Information Assurance Engineering professional
supporting customer requests, managing, monitoring and investigating all
incident response activities. Training and mentoring analysts. Participate in
an on call after hours to allow for reporting of incidents by customers or
supporting analysts with investigations.
Senior Information
Assurance Engineer – Verizon Business Solution / Ampcus, Inc.
Feb 2014 – Oct 2014
USARC G-6
Information Assurance Department – Incident Response
United States Army
Reserve Command- Fort Bragg, NC
·
Dynamic and results-oriented
Information Assurance Engineering professional supporting customer requests,
managing, monitoring and investigating all incident response activities.
Training and mentoring analysts. Participate in an on call after hours to
allow for reporting of incidents by customers or supporting analysts with
investigations. Solid and diverse experience in a variety of fields managing
overall operations and optimizing organizational processes. Highly reliable
and analytical computer security analyst, efficient in meeting goals and
ensuring utilization of manpower and resources, problem analysis, consulting,
deploying vulnerability management strategies, DOD and army approved
information assurance tools and problem-solving skills adept at engaging
requirements while designing solutions based on strong technical expertise
and experience. Enthusiastic individual and an excellent communicator
recognized ability to establish and maintain effective working relationships
across cross-functional teams and diverse individuals at any levels.
Conduct a maturity assessment of IT operations using a template to assess the
overall level of IT maturity. Coordinate, plan, and perform effective
provisioning, installation/configuration, Information Assurance, operation,
and maintenance of systems hardware and software. Server Administration
duties are: install servers and operating systems, patches and program
releases for specified servers. Administer and manage VMware and physical
environments. Ensure all servers are IAVA and STIG compliant.
·
Install/update all O/S patches as
required. Perform security vulnerability scans on current servers and
environment using Gold Disk and eRetina scanning tools. Familiar with
managing vulnerability and threats using tools such as Nessus, Maintain and manage
ACAS/NESSUS Scanning tool, Symantec Endpoint Protection, McAfee Antivirus
endpoint solution, eEye Retina, Host Based Security System (HBSS), System
Center Configuration Manager (SCCM), Windows Server Update Services (WSUS),
QRadar and Imperva and providing end to end protection using SIEM for DLP.
Ensure all servers have current anti-virus software IAW customer
specifications. Perform periodic backups within the physical and virtual
environment. Conduct incident investigations by using forensic tools
and procedures in efforts to gather evidence in the event that an incident
has occurred, consisting of identifying, collecting, and preparing
submissions in response to evidence requests. Maintain and manage the
SharePoint 2007/2010 environment as the Site Collections system administrator
and Content Manager for C4IM services. Provide guidance to the technical
staff on the functional procedures/processes/policies reflecting detailed
knowledge of the following functional areas: software engineering, communications,
and system integration. Interfaces with Government management personnel and
functional proponents. Performed all security scans, remediated
vulnerabilities, Developed DIACAP Artifacts and POA&Ms. Assisted with the
completion of security requirements in support of the Service Level
Management Project. Familiarity with managing critical assets based on IA
controls. Work with the process team to develop ITIL-based processes, include
process diagramming and description to re-engineer processes based on ITIL
best practices.
·
Manage United States Army Reserve
Command (USARC) Information Security Posture by maintaining the maintaining
the compliance of the USARC network environment in accordance with DODs, Army
standards and regulations AR 25-2, DODi 8500.1, DODi 8500.2, Federal
Information Security Management Act (FISMA) and the National Institute of
Standards and Technology (NIST) documentation. Possess strong knowledge and
familiarity DoD and NIST IA policies, NERC / CIP compliance, SCADA
related processes, and risk assessment methodology. Perform analysis
on programs, policies, procedures, and processes to evaluate compliance in
accordance with Department of Defense and National Institute of Standards and
Technology (NIST) Information Assurance policies, North American Electric
Reliability Corporation (NERC) / Critical Infrastructure Protection (CIP)
compliance, SCADA related processes, and risk assessment
methodology. Where necessary, recommended improvements, closed gaps, and
removed extraneous information. Assisted in audit preparation activities,
including writing responses for the Reliability Standard Audit Worksheets
(QRSAWs) and identifying, collecting, and preparing submissions in response
to evidence requests. Provided validation during regional audits and internal
mock audits. Provided compliance support to internal business partners, such
as System Protection, Field Operations, Telecom, Management and Process
Control Systems, and others.
·
Provided input and prepared
self-reports of compliance violations; technical feasibility exceptions
(TFE); internal exceptions to cyber security policy; and periodic reports to
regional entities, such as self-certifications, Part B reviews of accepted
TFEs, and quarterly and annual TFE filings. Developed mitigation /
remediation plans and implemented measures to mitigate risk. Communicated
status updates to senior-level stakeholders.
Performed
all security scans, remediated vulnerabilities, Developed DoD Information
Assurance Certification and Accreditation Process (DIACAP), Risk Management
Framework (RMF) Artifacts and POA&Ms. Assisted with the completion of
security requirements.
Conducted
periodic scans and remediation using DISA Gold Disk, Army Gold Master, DISA
STIGs, SCAP, VMS, NESUS, and Eye-Retina. Provided reports indicating current
security posture and remediation strategies. Developed SOPs, POA&Ms, Risk
assessments, Certification and Accreditations package to manage the relative
IA controls. Performed all security scans, remediated vulnerabilities, Developed
DoD Information Assurance Certification and Accreditation Process (DIACAP),
Risk Management Framework (RMF) Artifacts and POA&Ms. Assisted with the
completion of security requirements.
Familiarity
with managing critical assets based on IA controls in accordance with NIST,
FIPS 140/199/200, FISMA, and NIFS/ NEI 08-09 guidance, NERC / CIP compliance,
SCADA related processes, and risk assessment methodology.
IT SLM Capability
Manager / Deputy Program Manager –RLM CommunicationsDec 2012 – Feb
2014
IT Service Level
Management Project
United States Army
Reserve Command- Fort Bragg, NC
·
As an IT Service Level Management resource responsible for
the development and implementation of ITIL processes and best practices at
the USARC G-2/6 using ITSM integrated tools. Conduct requirements
analysis and information gathering by meeting with representatives within the
USARC, RSCs and installations. Analyze data related to current processes.
Identify gaps within IT operations current practices and provide solutions in
which to resolve those gaps using ITIL best practices.
·
Develop and improve processes
using ITIL best practices. Develop and execute a plan which will utilize the
IT resources and provide the organization the best benefit. Provide effective
solutions in accordance with ITIL best practices. Develop and coordinate the
execution of ITIL Disciplines across services provided as an end-to-end IT
services management solution between the organization, suppliers, and the
vendors. Conduct a maturity assessment of IT operations using a template to
assess the overall level of IT maturity.
·
Coordinate, plan, and perform
effective provisioning, installation/configuration, Information Assurance,
operation, and maintenance of systems hardware and software. Server
Administration duties are: install servers and operating systems, patches and
program releases for specified servers. Administer and manage VMware and
physical environments. Ensure all servers are IAVA and STIG compliant.
·
Install/update all O/S patches as
required. Perform security vulnerability scans on current servers and
environment using Gold Disk and eRetina scanning tools. Remediated and
mitigated vulnerability and threats using tools such as Nesus, QRadar and
Imperva and providing end to end protection using SIEM for DLP. Ensure all
servers have current anti-virus software IAW customer specifications. Perform
periodic backups within the physical and virtual environment.
·
Maintain and manage the SharePoint
2007/2010 environment as the Site Collections system administrator and
Content Manager for C4IM services. Provide guidance to the technical staff on
the functional procedures/processes/policies reflecting detailed knowledge of
the following functional areas: software engineering, communications, and
system integration. Interfaces with Government management personnel and
functional proponents. Performed all security scans, remediated
vulnerabilities, Developed DIACAP Artifacts and POA&Ms. Assisted with the
completion of security requirements in support of the Service Level
Management Project. Familiarity with managing critical assets based on IA
controls.
·
Work with the process team to
develop ITIL-based processes, include process diagramming and description to
re-engineer processes based on ITIL best practices. Interact with all levels
of client staff, including senior-level decision makers and executives and
conduct qualitative and quantitative analyses in support of solution
development. Assists with the development of metrics and measures assess
compliance and process success. Participate in disperse, collaborative team
environment and maintain a key role in conducting the initial analysis and
developing the process solution. Develop and implement lifecycle management
plan relating to the adding, deleting, decommissioning of USARC C4IM
Services.
·
Performed all security scans,
remediated vulnerabilities, Developed DIACAP Artifacts and POA&Ms.
Assisted with the completion of security requirements in support of the
Service Level Management Project. Familiarity with managing critical assets
based on IA controls in accordance with NIST, FIPS 140/199/200, FISMA, and
NIFS.
Systems
Administrator / Subject Matter Expert –
SAIC
Aug 2011 – Dec
2012
Advanced IT Systems
(AITS) program / Reserve Component Automated System (RCAS)
United States Army
Reserve Command- Fort Bragg, NC
·
Serves as the subject matter
technical expert on to the Advanced IT Systems (AITS) program project.
·
Coordinate, plan, and perform
effective provisioning, installation/configuration, Information Assurance,
operation, and maintenance of systems hardware and software.
·
Server Administration duties are:
install servers and operating systems, patches and program releases for
specified servers. Administer and manage VMware and physical environments.
Ensure all servers are IAVA and STIG compliant.
·
Install/update all O/S patches as
required. Perform security vulnerability scans on current servers and
environment using Gold Disk and eRetina scanning tools. Conducted scans,
managed, remediated and mitigated vulnerability and threats using tools such
as Nessus, Maintain and manage ACAS/NESSUS Scanning tool, Symantec Endpoint
Protection, McAfee Antivirus endpoint solution, eEye Retina, Host Based
Security System (HBSS), System Center Configuration Manager (SCCM), Windows
Server Update Services (WSUS), QRadar and Imperva and providing end to end
protection using SIEM for DLP. Ensure all servers have current anti-virus
software IAW customer specifications. Ensure all servers have current
anti-virus software IAW customer specifications. Perform periodic backups
within the physical and virtual environment. Provide guidance to the
technical staff on the functional procedures/processes/policies reflecting
detailed knowledge of the following functional areas: software engineering,
communications, and system integration. Interfaces with Government management
personnel and functional proponents.
·
Performed all security scans,
remediated vulnerabilities, Developed DIACAP Artifacts and POA&Ms.
Assisted with the completion of security requirements in support of the
Service Level Management Project. Familiarity with managing critical assets
based on IA controls in accordance with NIST, FIPS 140/199/200, FISMA, and
NIFS.
·
Possess strong knowledge and
familiarity DoD and NIST IA policies, NERC / CIP compliance, SCADA
related processes, and risk assessment methodology.
·
Perform analysis on programs,
policies, procedures, and processes to evaluate compliance in accordance with
Department of Defense and National Institute of Standards and Technology
(NIST) Information Assurance policies, North American Electric Reliability
Corporation (NERC) / Critical Infrastructure Protection (CIP) compliance, SCADA
related processes, and risk assessment methodology. Where necessary,
recommended improvements, closed gaps, and removed extraneous information.
·
Assisted in audit preparation
activities, including writing responses for the Reliability Standard Audit
Worksheets (QRSAWs) and identifying, collecting, and preparing submissions in
response to evidence requests. Provided validation during regional audits and
internal mock audits. Provided compliance support to internal business
partners, such as System Protection, Field Operations, Telecom, Management
and Process Control Systems, and others.
·
Provided input and prepared
self-reports of compliance violations; technical feasibility exceptions
(TFE); internal exceptions to cyber security policy; and periodic reports to
regional entities, such as self-certifications, Part B reviews of accepted
TFEs, and quarterly and annual TFE filings. Developed mitigation /
remediation plans and implemented measures to mitigate risk. Communicated
status updates to senior-level stakeholders.
·
Maintain Inventory in support of
lifecycle replacement of Hardware and Software products relating to the
Reserve Component Automated System (RCAS)
·
Reports in writing and orally to
Contractor management and Government representatives, including the
Government CO and COR.
Encryption Engineer
/ Security Analyst III- Chickasaw Nation Industries
March 2010 – Aug 2011
Center for Disease
Control and Prevention- OCISO- Atlanta, GA
·
Project Manager for the McAfee
Biometric Encrypted USB drive Enterprise project providing centrally managed
encrypted mobile devices in an enterprise environment. Provide consultation
and technical support for Installing, maintaining, updating and deploying
security products (hardware and software). Perform research, analysis,
development, evaluation and testing of current or new security products.
Implemented life cycle management process within the deployment and
implementation of the McAfee Biometric Encrypted USB drive Enterprise
project.
·
Collect, record, analyze,
synthesize and report data and information related to computer security
events and incidents in accordance with the IR Plan and related policies,
procedures and directions. Recommend and/or implement mitigation actions in
response to incidents in accordance with the IR Plan. Participate in ongoing
operation, maintenance and user support of cyber security tools including,
but not limited to, firewalls, scanning tools and systems, traffic analyzers,
sniffers, asset management and vulnerability management tools, forensics
tools, etc. Administer Windows 2003, Windows 2008 server, SQL 2008 Server.
Administer and maintain Linux platforms, create users, provide rights and
permissions, install applications, update patches, security updates, and
troubleshoot issues. Perform provisioning, installation/configuration,
operation, and maintenance of systems hardware and software and related
infrastructure for Windows 2000 / XP Pro, Windows 2000 / 2003 Server, 2008
Server, Linux, Solaris, and VMware environment. Manage OS and Security
Patches. Implement updates, patches, service packs for Solaris, red hat,
windows servers.
·
Administer and maintain VMware
development and production environments. Create new VMs for different
platforms. Familiar with VM ware technology such as Solaris containers, xen,
and kvm. Manage and maintain active directory organizational units, create
users, provide rights permissions, group policies when applicable. Experience
in implementing, mitigating vulnerabilities reported using NESUS/ eRetina/
AppScan. Evaluate results from NESUS/ eRetina/ AppScan and perform validation
during the Certification & Accreditation System Testing and Evaluation
process.
·
Conduct incident investigations by
using forensic tools and procedures in efforts to gather evidence in the
event that an incident has occurred, consisting of identifying, collecting,
and preparing submissions in response to evidence requests.
·
Conducted scans, managed,
remediated and mitigated vulnerability and threats using tools such as
Nessus, Maintain and manage ACAS/NESSUS Scanning tool, Symantec Endpoint
Protection, McAfee Antivirus endpoint solution, eEye Retina, Host Based
Security System (HBSS), System Center Configuration Manager (SCCM), Windows
Server Update Services (WSUS), QRadar and Imperva and providing end to end
protection using SIEM for DLP. Ensure all servers have current anti-virus
software IAW customer specifications.
·
Conduct POA&M Validation, RMW
Validations, and False Positive Validations. Maintain SAN storage
environments. Performed proof of concept for research and development of new
architectural concepts and design. Perform tape backups on Windows 2003,
Solaris 10 and Red Hat Linux servers. Provide project management and
consultation for the backup solution. Conduct meetings with stakeholders to
ensure critical data is being captured securely and proficiently. Design,
configure, implement and test a new backup solution with encryption. Create,
develop and manage the Backup and Disaster Recovery Plan / Solution.
Performed all security scans, remediated vulnerabilities, Developed DIACAP
Artifacts and POA&Ms. Assisted with the completion of security
requirements in support of the Service Level Management Project. Familiarity
with managing critical assets based on IA controls in accordance with NIST,
FIPS 140/199/200, FISMA, and NIFS. NERC / CIP compliance, SCADA
related processes, and risk assessment methodology.
·
Possess strong knowledge and
familiarity DoD and NIST IA policies, NERC / CIP compliance, SCADA
related processes, and risk assessment methodology.
·
Perform analysis on programs,
policies, procedures, and processes to evaluate compliance in accordance with
Department of Defense and National Institute of Standards and Technology
(NIST) Information Assurance policies, North American Electric Reliability
Corporation (NERC) / Critical Infrastructure Protection (CIP) compliance, SCADA
related processes, and risk assessment methodology. Where necessary,
recommended improvements, closed gaps, and removed extraneous information.
·
Assisted in audit preparation
activities, including writing responses for the Reliability Standard Audit
Worksheets (QRSAWs) and identifying, collecting, and preparing submissions in
response to evidence requests. Provided validation during regional audits and
internal mock audits. Provided compliance support to internal business
partners, such as System Protection, Field Operations, Telecom, Management
and Process Control Systems, and others.
·
Provided input and prepared
self-reports of compliance violations; technical feasibility exceptions
(TFE); internal exceptions to cyber security policy; and periodic reports to
regional entities, such as self-certifications, Part B reviews of accepted
TFEs, and quarterly and annual TFE filings. Developed mitigation /
remediation plans and implemented measures to mitigate risk. Communicated
status updates to senior-level stakeholders.
·
Responsible for aiding in own
self-development by being available and receptive to all training made
available by the company. Plans daily activities within the guidelines of
company policy, job description and supervisor's instruction in such a way as
to maximize personal output. Provide security consultation and support to CDC
ISSO’s. Providing guidance, support, documentation, configuration, and
processes of the encrypted hardware devices and Software in a centralized
manner. Conduct training via go to meeting. Create training videos for users
to assists users with installation and administration. Document and provide
support for users and internal security staff. Troubleshoot, configure,
and analyze checkpoint pointsec issues and document resolutions
EXPERIENCE CONTINUED
2009-2010US Army -
School of Information TechnologyInformation Assurance Technical Trainer
2009-2009Center for
Disease Control and Prevention
(CDC) Senior Systems
Engineer – BioSense
2006-2009
Center for Disease Control and Prevention
(CDC) Application
Integrated Systems Engineer – PHINMS
2007-2007 US
Army - Womack Army Medical Center Information Technology Specialist (Customer
Support) GS-09
2006-2007Center for Disease Control and
Prevention(CDC)Application Integrated Systems Engineer – PHINMS
2004-2006Center for Disease Control and
Prevention(CDC)Helpdesk Support Specialist-PHIN
2003-2004US Army Active Duty
("Enduring Freedom")Information System Security Officer (ISSO)
2003-2004US Army Active Duty
("Enduring Freedom")Information Management Officer (IMO)
2000-2004United
States Army Reserve CommandRemedy Administrator- RCAS
2000-2004United
States Army Reserve CommandTelecommunications Network Systems Analyst III -
RCAS
1998–2000 SunTrust
Bank Client Technology Support Spec III
1999-1999 DHR / Key
Resources Office Technical Support
1997-1999 New
Horizons PC / Network Tech
1997-1998 NCR Technical
Helpdesk analysts
1996-1997 GE Capital
NEC Helpdesk Support Technicians
1993-1996 US Army,
267th Finance BN73D20/44C Accounting Specialist
1992-1993 World Span
Corporation / Olsten Computer Refurbishing Technician
1988-1992 US Navy,
USS Cowpens (CG-63) Vertical Launching System Technician