Thomas Joseph Duffey IV
2543 Costmary Lane,
Unit
11
Home: 910-399-4949
Wilmington, NC
28412
Cell: 919-791-8090
northcarolinaman@gmail.com
|
SECURITY CLEARANCE:
|
Active Secret Clearance – Valid until
2020 (eligible for TS or TS/SCI upgrade)
|
|
PROFESSIONAL SUMMARY:
|
Diverse, customer-focused IT risk management and IA/CyberSecurity
professional with 20+ years of experience working as a vice president,
business owner, project manager, team lead, network administrator, and
instructor. Expertise in information assurance, DIACAP / RMF,
C&A, consulting, threat/vulnerability management, administration,
curriculum/courseware design, and instruction within DoD, commercial, and
educational environments. Experience working for, consulting with,
and training multiple military branches (U.S. Army, Navy, Air Force,
Marines, Army Reserve, Air National Guard) at numerous worldwide CONUS and
OCONUS facilities.
·
Experienced Compliance Officer and Auditor familiar with
multiple CyberSecurity and Risk Management frameworks: NERC CIP, DIACAP,
NIST RMF, HIPAA, ISO and others.
·
Leader and team player with a strong work ethic who
contributes to a high-performing, positive work environment; works well in
group situations and independently; and is adept at breaking complex
problems down into simpler forms, enabling effective resolution.
·
Information System Security Officer (ISSO), DIACAP/RMF
Program Manager, and Project Manager providing guidance, coordination and
leadership for a team of CyberSecurity Engineers, Auditors, and Analysts;
Utilizing DoD and military regulations; contributing to organizational
tactical and strategic goals and objectives to obtain/maintain current
3-year Authority to Operate (ATO) and successfully pass CCRI/DAIG
inspections.
·
Natural talent in building strong trusting relationships
with Senior Military and DoD civilian personnel; interacting with
internal/external on-site customers; communicating with on-site resources;
multitasking and working several complex and diverse tasks with near
simultaneous deadlines; determining methods and procedures to be utilized
on projects; and maintaining accountability for completion of high-quality
deliverables.
·
Participates in strategic design process to translate security
and business requirements into effective risk mitigation strategies;
integrating CyberSecurity requirements to proactively manage computer and
information security throughout the global enterprise.
·
Strong written and oral communicator currently working
on Doctoral degree. Extensive experience interpreting, creating,
review, editing and maintenance of Policies, Procedures, POA&Ms, and
other documentation; effectively presenting information to active duty
military, government, contract, and civilians, facilitating
IA/CyberSecurity and business success.
·
Seasoned Mobile Travel Team instructor instrumental in
standing up military training program for Federal government civilians,
including creating presentation materials for the Project Management
Professional (PMP) program facilitating DoD civilians and FA53 ISM active
duty personnel with utilization of proper project management techniques for
support of global military missions.
|
|
PROFESSIONAL CERTIFICATIONS:
|
DoD 8570.01-m Baseline: CISSP (IAT III,
IAM III, IASAE II); CAP (IAM I, IAM II)
Computer Network Defense (CND): CISA (CND-AU),
CISM (CND-SPM)
Technical/Computing Environment
(CE):
A+, AIS, CCDA, CCDP, CCNA Security, CCNP Security, CCSP, CHCP, CIWCI,
CIWMA, CIWMD, CLA, CTT+, CWNA, FOI/FOT, I-Net+, Linux+, LPIC-1, MASE, MCT,
MCTS Vista, MCSA Windows 7, MCSE+I NT4, MCSA 2000/2003, Network+,
Security+, Server+
Management: PMP, IT
Project+, FITSP-M, ITIL v3 Foundations, PHR, C|CISO, CRISC
|
|
FORMAL EDUCATION:
|
Northcentral University
·
D.B.A.,
Computer and Information Security, (4.0 GPA, expected 05/2018)
Southern New
Hampshire University
·
M.B.A.,
Business Administration, 05/2004
New Hampshire College
·
Graduate
Certificate in Training and Development, 09/2001
·
M.S.,
Business Education, 03/2000
University of
Tennessee
·
M.S.,
Engineering Science, 08/1997
West Virginia University
· B.S., Mechanical Engineering, 08/1993
|
|
TECHNICAL SKILLS:
|
Platforms:
Windows
NT/2K/2K3/Vista/7, HP-UX, Red Hat Linux 7/8/9/EL3, Novell 4.x
Networking:
Routers/Switches, Firewalls, Proxy Servers, VPN, IPS/IDS, SAN, Wireless
Applications: MS
Office/Project/SharePoint, HP OpenView, SMS 2K3, VMWare, NetApp Data ONTAP,
Ethereal/Wireshark, Network Monitor
Environment: Microsoft,
Cisco, Juniper, Aruba, McAfee, FireEye, ArcSight, Bluecoat, Ironmail
Military/DoD:DIACAP / RMF,
FISMA, NIST, Army ITC/ABIC (April 2010)
|
|
PROFESSIONAL EXPERIENCE:
|
USARC G-6 IA/Cybersecurity
/ Verizon Federal Security Management (FSM) 2011-Present
(DIACAP/RMF
Program Manager, ISSO and IA/Cybersecurity Team Lead)
ISSO, DIACAP/RMF Program
Manager, and On-site IA/CyberSecurity Division compliance branch project
manager for a 10-person USARC G-6 IA/Cybersecurity team supporting a large
scale global enterprise network with 1000+ sites, approximately 50,000+
assets and 150,000+ users for Networx Managed Network Services (MNS)
contract. Demonstrating subject matter expertise and working
cooperatively and cohesively in a dynamic fast-paced multi-disciplinary
setting of SMEs, vendors, contractors and clients where project deadlines
are critical and multiple projects run in parallel. Providing
supervision, guidance, and conflict resolution for IAVM, Networthiness,
PPSM, and IA/Cybersecurity Engineering personnel. CND-SPM/IAM II
compliance officer managing 100+ project team members in ATCTS.
Coordinating and completing assigned tasks with team, resolving minor
concerns/issues, Assisting with UDCI incident response using SIPRNET.
Working with IA/CyberSecurity government (IAPM, IAM, IANM) and contract
personnel of the Policy, Compliance and Network branches to mitigate risks;
help ensure continuous operation of the Army Reserve network throughout the
system development life cycle (SDLC), and successfully maintain current
3-year Authority to Operate (ATO). Preparing for upcoming CCRI/DAIG
inspections. Requirements definition and gathering related to organization
mission, goals, and strategies. Evaluating current security products
(hardware and software), programs, and trends. Analysis, design,
development, engineering and implementation of security solutions to comply
with multi-level organizational security needs. Security principles include
Security Trends, Information Security, Risk Management, Access Controls,
Security Architecture and Design, Physical and Environmental Security,
Telecommunications and Network Security, Cryptography, Business Continuity
Planning, Regulations and Compliance, Applications Security,
Operations Security, Certification and Accreditation, Web Security,
Authentication, Messaging Security, PKI, Access Security, Ports and
Protocols, Network Security, Wireless Security, Remote Access Security,
Auditing/Logging and Monitoring, Vulnerability Testing, and OS Defense in
Depth, PPSM, DAPE, DMZ Separation of Duties, Least Privilege, and
Hardening. Coordinating/consulting with engineers in Enclave Computing
environment to help ensure strong Defense in Depth implementation of DoD,
Army, and USARC regulations, and policies. Application of DoD 8500
series, AR25-2, DAIG, and NIST SP 800-53 Rev 4 controls, along with Army
BBPs and DISA Security Technical Implementation Guides (STIGs).
Management of DIACAP/RMF documentation (SIP, DIP, Scorecard, POA&M),
including C&A TdB database uploads. Creation and maintenance of
supporting Certification and Accreditation artifacts (Policies, STIG
waivers/POA&Ms, SSP, SOPs, MFRs, Project Plans, etc.). Preparing PowerPoint
presentations for Weekly In-Progress Reviews (IPRs) and coordinating with
Senior Military, DoD Civilian, and Contractor personnel. Development
of documentation and training to assist Subject Matter Experts (SMEs) with
hardening and applying DISA STIGs. Assisting CIO G-6 Agent for the
Certification Authority (ACA) personnel with facilitation of on-site
Security Testing and Evaluation (ST&E). Interfacing with CIO G/6
Certifying Authority Representative (CAR) as part of IA/CyberSecurity team
remediating ACA findings. Escalating identified high-risk issues to
MNS Program Manager and customer POCs. Interfacing with Data Center,
Applications Branch, SOC/CIRT, NOC, Telecom, Security, Plans, and IMO
divisions of USARC G-6. Project Lead for Enterprise Subordinate
Certificate Authority (CA) standup. Cyber Security duties include
interfacing with USARC Information Assurance/Cybersecurity, Security
Operations, Network Operations, Incident Response, Unified Communications,
Services and Applications, Enterprise Operations, Plans, and Information
Management Divisions, along with Networx/MNS Contract Program Manager
regarding technical, security and project issues.
|
|
|
TCI/Fort Gordon
2010-2011
(Vice President of Operations, Project
Manager and Lead Technical Instructor)
Management of instructors, delivery
operations, scheduling, budgeting, and processes for DoD contractor.
Providing expert-level advice, analysis and functional expertise to
tasks. On-site delivery of Project Management Professional (PMP) courses
to U.S. Army FA53 Information Systems Managers at TRADOC IDMD SIT meeting
DoDI 8570.01-m IAT and IAM Level I, II, and III requirements. Review
requirements and task documentation for accuracy and applicability.
Project manager for DoD iPhone and Android mobile applications
development. On-campus delivery of PMP and MS Project courses.
Project Management principles included Initiating, Planning, Executing,
Monitoring/Controlling, Closing, Integration, Scope, Time, Cost, Quality,
Resources, Communications, Risk and Procurement. Strong focus on
applicability of principles to DoD environments and the Military Decision
Making Process (MDMP), sensitivity of information, and workflow.
|
|
|
U.S. Army Fort Gordon School of
Information Technology/AGM2009-2010
2009-2010
(Technical
Instructor/Writer for TRADOC SIT IDMD/CP34 program)
Technical
instruction in Microsoft MCSE/MCITP 2003/2008, WSS, MOSS, SCCM, ITIL v3
Foundations, PMP, MS Project, and NetApp courses for U.S. Army and DOD
civilian personnel in order to meet meeting government security and DOD
TRADOC Instructor
Qualified (ITC/ABIC). Assisted with standup and execution of CP34
program for education of U.S. Army personnel. Duties included
technical instruction and courseware design of PMP, MS Project, Microsoft
MCSE/MCITP 2003/2008, WSS 3.0 /MOSS 2007, SCCM 2007, ITIL v3 Foundations,
PMP, and NetApp courses for U.S. Army and DOD civilian personnel.
Target audience included government civilians, and active duty FA53 ISM’s,
254 Warrant Officers, 442, TRADOC SIT personnel, and Eisenhower hospital
personnel. Requirements definition and gathering related to
organization mission, goals, and strategies. Evaluated current security
products (hardware and software), programs, and trends. Analysis,
design, development, engineering and implementation of security solutions
to comply with multi-level organizational security needs. Security
principles included Web Security, Database Security, SharePoint Security,
Cryptography, Authentication, Messaging Security, DAC, RBAC, PKI, Access
Security, Ports and Protocols, Network Security, Wireless Security, Remote
Access Security, Auditing/Logging and Monitoring, Vulnerability Testing,
Organizational Security, Business Continuity, TCP/IP, and OS
Hardening. Project Management principles included Initiating,
Planning, Executing, Monitoring/Controlling, Closing, Integration, Scope,
Time, Cost, Quality, Resources, Communications, Risk and Procurement.
Cyber Security duties included hardening and security of Windows XP
Workstations, 2003 Domain Controllers and Member Servers in multiple-forest/multiple-domain
configurations, SharePoint 2007 Servers, SCCM 2007 Servers, SQL 2005
Servers, IIS Web Servers, VMware, Virtual Server, and NetApp Storage.
U.S. Navy/Air Force/GK/TTA2008-2009
2009-2010
(Contract
Technical Instructor and Consultant)
Provided MTT DoD mandatory initiative 8570.1
IAT and IAM Level I and Level II security plus Computing Environment
training to Air Force and Navy IT personnel at various CONUS and OCONUS
military facilities, allowing them to properly utilize and support the
components for the LAN/WAN infrastructure necessary for operations of
United States military forces domestically and in overseas countries
where. This instruction and facilitation was necessary and mandatory
in many cases for DOD personnel to maintain their employment with the
federal government. Requirements definition and gathering related to
organization mission, goals, and strategies. Evaluated current security
products (hardware and software), programs, and trends. Analysis, design,
development, engineering and implementation of security solutions to comply
with multi-level organizational security needs. Security principles
included Web Security, Cryptography, Authentication, Messaging Security,
DAC, RBAC, PKI, Access Security, Ports and Protocols, Network Security,
Wireless Security, Remote Access Security, Auditing/Logging and Monitoring,
Vulnerability Testing, Organizational Security, Business Continuity,
TCP/IP, and OS Hardening. Cyber Security duties included security of
DOS, Windows 95, 98, NT 4.0, 2000 and XP Workstations, Windows 2000 and
2003 Domain Controllers and Member Servers in
multiple-forest/multiple-domain configurations, and IIS Web Servers.
U.S. Marines/Navy/UKI2008-2009
2009-2010
(Contract
Technical Instructor and Consultant)
Provided MTT DoD mandatory initiative 8570.1 IAT and IAM Level I and Level
II, plus Computing Environment security and operational training to Marine
and Navy personnel at various CONUS facilities, allowing them to properly
utilize and support the components for the LAN/WAN infrastructure necessary
for operations of United States military forces domestically and in
overseas countries. This instruction was necessary in many cases for
DOD personnel to maintain federal government employment. Requirements
definition and gathering related to organization mission, goals, and
strategies. Evaluated current security products (hardware and software),
programs, and trends. Analysis, design, development, engineering and
implementation of security solutions to comply with multi-level
organizational security needs. Security principles included Web
Security, Cryptography, Authentication, Messaging Security, DAC, RBAC, PKI,
Access Security, Ports and Protocols, Network Security, Wireless Security,
Remote Access Security, Auditing/Logging and Monitoring, Vulnerability
Testing, Organizational Security, Business Continuity, and OS
Hardening. Cyber Security duties included security of Windows XP
Workstations, Windows 2003 Domain Controllers and Member Servers in
multiple-forest/multiple-domain configurations, and Exchange 2003 Mail
Servers.
NC State University
2007-2009
(Contract
Technical Instructor and Consultant)
Contract professional IT networking and security training for CISSP
certification to professionals in the Research Triangle Area. Requirements
definition and gathering related to organization mission, goals, and
strategies. Evaluated current security products (hardware and software),
programs, and trends. Analysis, design, development, engineering and
implementation of security solutions to comply with multi-level organizational
security needs. Security principles included Security Trends,
Information Security, Risk Management, Access Controls, Security
Architecture and Design, Physical and Environmental Security,
Telecommunications and Network Security, Cryptography, Business Continuity
Planning, Regulations and Compliance, Applications Security,
Operations Security, Certification and Accreditation, Web Security,
Authentication, Messaging Security, PKI, Access Security, Ports and
Protocols, Network Security, Wireless Security, Remote Access Security,
Auditing/Logging and Monitoring, Vulnerability Testing, and OS
Hardening.
U.S. Army/New Horizons2006-2008
2009-2010
(Contract
Technical Instructor and Consultant)
Provided MTT DoD 8570.1 initiative CISSP training
for U.S. Army IAT and IAM Level II and Level III personnel to assist in
meeting mandatory requirements, performing their duties, and maintaining
employment. Provided instruction for CCNA, Microsoft Windows 2003
MCSE Security. Requirements definition and gathering related to
organization mission, goals, and strategies. Evaluated current security
products (hardware and software), programs, and trends. Analysis,
design, development, engineering and implementation of security solutions
to comply with multi-level organizational security needs. Security
principles included Security Trends, Information Security, Risk Management,
Access Controls, Security Architecture and Design, Physical and
Environmental Security, Telecommunications and Network Security,
Cryptography, Business Continuity Planning, Regulations and Compliance,
Applications Security, Operations Security, Certification and
Accreditation, Web Security, Authentication, Messaging Security, PKI,
Access Security, Ports and Protocols, Network Security, Wireless Security,
Remote Access Security, Auditing/Logging and Monitoring, Vulnerability
Testing, and OS Hardening. Cyber Security duties included security of
Cisco Catalyst Switches, Cisco 2600 and 3600 Series Routers; Windows XP
Desktops, Windows 2003 Domain Controllers and Member Servers.
Eastman/Techpeople USA2006
2009-2010
(Contract
Technical Instructor and Consultant)
Contract
professional IT networking and security training in a commercial
heterogeneous environment. Requirements definition and gathering
related to organization mission, goals, and strategies. Analysis,
design, development, engineering and implementation of security solutions
to comply with multi-level organizational security needs. Security
principles included Web Security, Cryptography, Authentication, Messaging
Security, DAC, RBAC, PKI, Access Security, Ports and Protocols, Network
Security, Wireless Security, Remote Access Security, Auditing/Logging and
Monitoring, Vulnerability Testing, Organizational Security, Business
Continuity, and OS Hardening. Cyber Security duties included security
of Novell 3.x, Novell 4.x, Windows 95, Windows 98, and Windows 2000
Workstations, Domain Controllers, and Member Servers in a combined Ethernet
and Token Ring environment.
U.S. Air Force/Thomson/NetG/TTA2005-2007
2009-2010
(Contract
Technical Instructor and Consultant)
Provided MTT DoD
mandatory initiative 8570.1 IAT and IAM Level I and Level II security
training to Air Force communications 3A and 3C and IA personnel at various
CONUS and OCONUS military facilities, allowing them to properly utilize and
support the components for the LAN/WAN infrastructure necessary for
operations of United States military forces domestically and in overseas
countries where. This instruction and facilitation was necessary and
mandatory in many cases for DOD personnel to maintain their employment with
the federal government. Requirements definition and gathering
related to organization mission, goals, and strategies. Evaluated current
security products (hardware and software), programs, and trends.
Analysis, design, development, engineering and implementation of security
solutions to comply with multi-level organizational security needs.
Security principles included Web Security, Cryptography, Authentication,
Messaging Security, DAC, RBAC, PKI, Access Security, Ports and Protocols,
Network Security, Wireless Security, Remote Access Security, Auditing/Logging
and Monitoring, Vulnerability Testing, Organizational Security, Business
Continuity, and OS Hardening. Cyber Security duties included security
of Windows XP Workstations, Windows 2003 Domain Controllers and Member
Servers in multiple-forest/multiple-domain configurations, and IIS Web
Servers.
U.S. Air Force/NetG/TTA2003-2005
2009-2010
(Contract
Technical Instructor and Consultant)
Provided MTT DoD
IT security training to Air Force communications 3A and 3C and IA personnel
at various CONUS and OCONUS military facilities, meeting federal
requirements and allowing them to properly utilize and support the
components for the LAN/WAN infrastructure necessary for operations of
United States military forces domestically and in overseas countries where
the federal government has presence. This included security and operations
of hardware, software, LAN/WAN networking infrastructure routing and
switching technologies, software security update systems, email systems,
firewalls, proxy servers and databases used for military defense.
Focus on DOD mandatory initiative 8570 IAT and IAM Level I and II.
Requirements definition and gathering related to organization mission,
goals, and strategies. Evaluated current security products (hardware and
software), programs, and trends. Analysis, design, development,
engineering and implementation of security solutions to comply with
multi-level organizational security needs. Security principles
included Web Security, Cryptography, Authentication, Messaging Security,
DAC, RBAC, PKI, Access Security, Ports and Protocols, Network Security,
Remote Access Security, Wireless Security, Auditing/Logging and Monitoring,
Vulnerability Testing, Organizational Security, Business Continuity, and OS
Hardening. Cyber Security duties included security of Windows XP
Workstations, Windows 2003 Domain Controllers and Member Servers in
multiple-forest/multiple-domain configurations, and IIS Web Servers.
TECCME
2003-2004
(Contract
Technical Instructor and Consultant)
Contract training
and consulting for professional IT system administration classes. Red
Hat Linux 8.0 and Windows 2000/2003 multi-server environment for Network+,
Security+, Linux+ and MCSE 2000/2003 MCSE Security Track classes.
Requirements definition and gathering related to organization mission,
goals, and strategies. Evaluated current security products (hardware and
software), programs, and trends. Analysis, design, development,
engineering and implementation of security solutions to comply with
multi-level organizational security needs. Security principles
included Web Security, Cryptography, Authentication, Messaging Security,
DAC, RBAC, PKI, Access Security, Ports and Protocols, Network Security, Remote
Access Security, Auditing/Logging and Monitoring, Vulnerability Testing,
Organizational Security, Business Continuity, and OS Hardening. Cyber
Security duties consisted of a Red Hat Linux 8.0 Workstations and Servers;
IPChains/IPTables Firewalls and SQUID Proxy Servers; Windows 2000
Workstations, Domain Controllers and Member Servers; Windows XP
Workstations; and Windows 2003 Domain Controllers and Member Servers.
CTS
2003
(Contract
Technical Instructor and Consultant)
Contract training
and consulting for professional IT system administration classes.
Windows 2003 multi-server environment for MCSE Server 2003 Security Track
classes. Cyber Security duties included Windows 2003 Workstations,
Domain Controllers, and Member Servers in multiple-domain
configurations. Requirements definition and gathering related to
organization mission, goals, and strategies. Analysis, design,
development, engineering and implementation of security solutions to comply
with multi-level organizational security needs. Security principles
included Cryptography, Authentication, DAC, RBAC, PKI, Access Security,
Ports and Protocols, Network Security, Remote Access Security,
Auditing/Logging and Monitoring, Vulnerability Testing, Organizational
Security, Business Continuity, and OS Hardening. Cyber Security duties
included security of enterprise environments consisting of Windows XP
Workstations, Windows 2003 Domain Controllers, and Member Servers in
multiple-forest/multiple-domain configurations.
U.S. Air
Force/Wave/TTA
2002-2003
(Contract
Technical Instructor and Consultant)
Provided MTT IT
security training to CONUS Air Force communications squadron and IA
personnel, meeting federal security requirements and allowing them to
properly utilize and support the components for the LAN/WAN infrastructure
necessary for operations of United States military forces. Training
for the 3A and 3C career fields focused on security and operations of
hardware, software, networking infrastructure routing and switching
technologies, TCP/IP, firewalls and proxy servers used for military defense
systems throughout the U.S. and overseas countries where the federal
government has presence. Requirements definition and gathering
related to organization mission, goals, and strategies. Evaluated current
security products (hardware and software), programs, and trends.
Analysis, design, development, engineering and implementation of security
solutions to comply with multi-level organizational security needs.
Security principles included Cryptography, Authentication, Messaging
Security, DAC, RBAC, PKI, Access Security, Ports and Protocols, Network
Security, Wireless Security, Remote Access Security, Auditing/Logging and
Monitoring, Vulnerability Testing, Organizational Security, Business
Continuity, and OS Hardening. Cyber Security duties consisted of
security for Cisco 10/100 Catalyst Switches, Cisco 2500 Series Routers,
DOS, WFW 3.1, Windows 95, Windows 98; Windows 2000 Workstations, Domain
Controllers, and Member Servers; and various other LAN/WAN equipment.
|
|
|
TTA
2000-2009
(Contract
Technical Instructor, Curriculum Developer, and Consultant)
Contract
Technical Instructor and Curriculum Developer for various IT Professional
and Security classes, and Boot Camps, including A+, Network+, Security+,
HDI, CIW Security Track, Windows Server 2000/2003 MCSE Security Tracks,
Proxy Server 2.0, and ISA Server 2003. Requirements definition and
gathering related to organization mission, goals, and strategies. Evaluated
current security products (hardware and software), programs, and
trends. Analysis, design, development, engineering and implementation
of security solutions to comply with multi-level organizational security
needs. Fiber Optic installation. Partial client list includes
Burgess Computer, CompUSA, PPI, Training Camp, MVCC, and others.
Security principles included Web Security, Cryptography, Authentication,
Messaging Security, DAC, RBAC, PKI, Access Security, Ports and Protocols,
Network Security, Wireless Security, Remote Access Security,
Auditing/Logging and Monitoring, Vulnerability Testing, Organizational
Security, Business Continuity, and OS Hardening. Cyber Security duties
included security of DOS, Novell 3.x, Novell 4.x, WFW, Windows 95, Windows
98, Windows NT 4.0 Domain Controllers and Member Servers; Windows 2000
Workstations, Domain Controllers, and Member Servers in multiple-forest/multiple-domain
configurations, Exchange 2003 Servers, and IIS Web Servers.
Daniel Webster
College/TMT
2000-2005
(Project Manager,
Adjunct Professor, Contract Technical Instructor and Consultant)
Project Manager,
Adjunct Professor, and Contract Technical Instructor and Consultant for
Windows 2000 MCSE Security Administration track at Daniel Webster
College. Student body consisted largely of IT professionals from
organizations locate in Boston and New Hampshire. Requirements
definition and gathering related to organization mission, goals, and
strategies. Evaluated current security products (hardware and software),
programs, and trends. Analysis, design, development, engineering and
implementation of security solutions to comply with multi-level
organizational security needs. Managed and Spearheaded partnership
between Techmarket Training and Daniel Webster College, successfully
launching MCSE/MCSA program for 2 campus sites, still in existence
today. Daily supervision, management and mentoring of junior
instructor/administrator to assume lead duties at secondary site upon
expansion. Instruction of administration and security implementation
for Windows 2000 Servers, Proxy Server 2.0, ISA Server 2000, IIS 4.0,
and upgrades from Windows NT 4.0 environments. Security principles
included Cryptography, Authentication, Messaging Security, DAC, RBAC, PKI,
Access Security, Ports and Protocols, Network Security, Wireless Security,
Remote Access Security, Auditing/Logging and Monitoring, Vulnerability
Testing, Organizational Security, Business Continuity, and OS Hardening.
Cyber Security duties included security of enterprise environments
consisting of Cisco 3600 series routers, Windows 2000 Workstations, Domain
Controllers, and Member Servers in multiple-forest/multiple-domain
configurations, Proxy 2.0 Server and ISA 2000 Server Gateways, and IIS 4.0
Web Servers.
Germaine
Lawrence
2000-2001
(Professional
Consultant)
Professional IT
and Security Consulting. Security of Windows NT 4.0 network with
various client operating systems to prevent access by unauthorized personnel.
Y2K consulting and correction services. Requirements definition and
gathering related to organization mission, goals, and strategies. Evaluated
current security products software, programs, and trends. Analysis,
design, development, engineering and implementation of security solutions
to comply with multi-level organizational security needs. Security
principles included Authentication, DAC, RBAC, PKI, Access Security,
Network Security, Auditing/Logging and Monitoring, Vulnerability Testing, Organizational
Security, and OS Hardening. Cyber Security duties included Windows 3.x,
Windows 95, Windows 98, Windows 98 SE, Windows NT 4.0 Workstations, Domain
Controllers, and Member Servers, and Windows 2000 Workstations and Domain
Controllers.
New Hampshire
College
2000
(Adjunct
Professor, Contract Technical Instructor and Consultant)
Adjunct Professor
and Consultant for Windows 2000 MCSE Security Administration track at New
Hampshire College in the lakes region of New Hampshire. Student body
consisted of IT professionals from organizations located in New
Hampshire. Instruction of administration and security implementation
for Windows 2000 Servers. Requirements definition and gathering
related to organization mission, goals, and strategies. Evaluated current
security products (hardware and software), programs, and trends.
Analysis, design, development, engineering and implementation of security
solutions to comply with multi-level organizational security needs.
Security principles included Cryptography, Authentication, DAC, RBAC, PKI,
Access Security, Ports and Protocols, Network Security, Remote Access
Security, Auditing/Logging and Monitoring, Vulnerability Testing,
Organizational Security, Business Continuity, and OS Hardening. Cyber
Security duties included Windows 2000 Workstations, Domain Controllers and
Member Servers.
Pinnacle
Training
1999-2000
(Contract
Technical Instructor and Consultant)
Contract
professional training at various locations and for various clients of
Pinnacle Training. Instructor for A+, Network+ and Windows NT 4.0
MCSE classes, including TCP/IP and security configuration for Hardware and
Software. Requirements definition and gathering related to
organization mission, goals, and strategies. Evaluated current security
products (hardware and software), programs, and trends. Analysis,
design, development, engineering and implementation of security solutions
to comply with multi-level organizational security needs. Security
principles included Cryptography, Authentication, Messaging Security, DAC,
RBAC, PKI, Access Security, Ports and Protocols, Network Security, Wireless
Security, Remote Access Security, Auditing/Logging and Monitoring,
Vulnerability Testing, Organizational Security, Business Continuity, and OS
Hardening. Cyber Security duties included DOS 6.0, Windows 95, Windows 98,
and Windows NT 4.0 Workstations, Domain Controllers and Member Servers.
Vantive/RHI
1998-1999
(Contract System
Administrator and Consultant)
Contract
professional system administration and consulting for various clients of
RHI, including system security services for Windows Desktops and
Servers. Company-wide administration for a major software development
environment. Security principles included Authentication, DAC, RBAC,
Access Security, Network Security, and OS Hardening. Cyber Security
duties involved security of HP-UX Servers, Windows 95/98 Desktops and
Windows NT 4.0 Member Servers.
Freudenberg
NOK/Intepros
1998
(Contract System
Administrator and Consultant)
Contract
professional system administration and consulting in a global Novell
3.x/4.x, HP-UX, and Windows 95/NT4.0 enterprise environment for a major
automobile manufacturing organization. Assisting with support
of HP-UX and Novell servers. Administering and maintaining redundant
Windows NT 4.0 Compaq Proliant 4.0 servers running Checkpoint Firewall-1
software and high-level WebSense content filtering software.
Requirements definition and gathering related to organization mission,
goals, and strategies. Evaluated current security products (hardware and
software), programs, and trends. Analysis, design, development,
engineering and implementation of security solutions to comply with
multi-level organizational security needs. Security principles
included Authentication, DAC, RBAC, Access Security, Network Security,
Auditing/Logging and Monitoring; Ports, Protocols and Services, Content
Filtering; Organizational Security, and OS Hardening. Cyber Security duties
involved security of Novell 3.12 Bindery, Novell 4.1 NDS, Windows NT 4.0
Workstations, Domain Controllers, and Member Servers, Checkpoint Firewalls,
and Web Sense content filtering.
Self Employed Professional
Consultant
1997-Present
1997 – Present
Provided
project management, consulting, network administration, technical training,
and courseware design to various clients within a wide range of DoD,
commercial, and educational organizations. Requirements definition
and gathering related to organization mission, goals, and strategies. Evaluated
current security products (hardware and software), programs, and
trends. Analysis, design, development, engineering and implementation
of security solutions to comply with multi-level organizational security
needs. Facilitated, consulted with, and instructed multiple branches
of United States armed forces civilians, contractors and active duty
personnel in properly defining and preparing to meet government IT security
objectives required to perform military duties. Spearheaded
industry-academia partnerships. Security principles included Security
Trends, Information Security, Risk Assessment, Analysis and Management,
Access Controls, Security Multilevel Architecture and Design, Physical and
Environmental Security, Telecommunications and Network Security,
Cryptography, Business Continuity Planning, Regulations and Compliance,
Applications Security, Operations Security, Certification and
Accreditation, Web Security, Strong Authentication, Messaging Security,
PKI, Access Security, Ports and Protocols, Network Security, Wireless
Security, Remote Access Security, Auditing/Logging and Monitoring, Audit
Analysis, Vulnerability Testing, and OS Hardening. Networking
technologies included routers, switches, firewalls, proxies, VPN, IDS/IPS,
SAN, and wireless. High-level applications included, but were not
limited to, MS Project, MS SharePoint, VMWare, NetApp Data ONTAP,
Ethereal/Wireshark, Network Monitor, etc. Cyber Security duties
included security of Cisco Catalyst Switches; Cisco 2500, 2600 and 3600 Series
Routers; Cisco ASAs; DOS 4.x, 5.x, and 6.x Desktops, Windows 3.x, 95, 98,
ME, 2000, XP, Vista, and 7 Workstations, Windows NT 3.x, 4.0, 2000, 2003
and 2008 Domain Controllers and Member Servers; HP-UX, SGI, SUN, and IBM
Unix Workstations and Servers; Turbolinux, Red Hat Linux 8, 9, and EL3
Workstations and Servers; Novell 3.x and 4.x, OS/2 1.x, 2.x, and 3.x Warp
Servers, MS Proxy 2.0 and ISA 2000 Servers, HP OpenView, SQL 2000, and SMS
2003 Servers.
Parametric
Technology/ATSI
1997-1998
(Technology
Support Specialist)
Assisted
customers with installation and security of ProEngineer® premium software
products and high-level applications (approximately $40-$60K per seat) in
major enterprise environments. Provided global technical support for
Windows 95, Windows NT 3.5/4.0, HP-UX, SGI, IBM, and Sun high end servers
and workstations. Implementation of security functionality.
This included Windows “registry hacks” and Unix scripts for increased
functionality and security. Security principles included
Authentication, DAC, RBAC, Access Security, Network Security, Remote Access
Security, Auditing/Logging and Monitoring, Organizational Security, and OS
Hardening. Cyber Security duties involved security of multiple Unix
Proprietary OS’s, and Windows 95, Windows NT 3.5, Windows NT 4.0 high end
CAD Workstations and Member Servers.
Knight Systems
Computers
1993-1997
(Owner, Manager,
and Consultant)
Founded
company while obtaining first Master’s degree to provide financial
support. Provided consulting, PC and server installation, sales and
support to local businesses and students. Designed, developed and
engineered and implemented solutions. Worked with various DOS, OS/2,
Windows 3.x/95, Windows NT 3.x/4.0 and Turbo Linux operating systems.
Security principles included Authentication, DAC, RBAC, Access Security,
Network Security, Remote Access Security, Auditing/Logging and Monitoring,
Organizational Security, and OS Hardening. Cyber-Security duties
involved working with security of WFW 3.11, Windows 95, Windows NT 3.1,
Windows NT 3.5, Windows NT 4.0 and OS/2 Warp.
|
|
PROFESSIONAL MEMBERSHIPS:
|
AFCEA (Armed Forces
Communication Electronics Association)
ASTD (American
Society for Training and Development)
ISACA (Information
Systems Audit and Control Association)
ISSA (Information
Systems Security Association)
PMI (Project
Management Institute)
SHRM (Society for
Human Resource Management)
SCRA (Signal Corps
Regimental Association)
|
|
HONORS AND ACTIVITIES:
|
Member of EC-Council C|CISO Exam Writing
Team,
2014
Bronze Order of
Mercury,
2014
Verizon Award for IA Excellence, 2011
Military “Coins”
-
Fort Gordon Signal Center
of Excellence Command Sergeant Major, 2011
-
For going “above and
beyond” by Misawa AFB upper base Commander, 2009
Delta Mu Delta (National Honor
Society)
Delta Pi Epsilon (Business
Education Honorary)
Pi Tau Sigma (Mechanical
Engineering Honorary)
National Deans
List
Eagle Scout
Order of the
Arrow
|
|