Email: HoumanR@yahoo.com

 

SUMMARY

 

·            Information Technology professional with demonstrated experience in a variety of areas including networking, security, IT Audit & Compliance, user management and hardware/software troubleshooting.

·            Works well independently or as team member with excellent management and interpersonal communication skills

·            Assist with the Certification and Accreditation (C&A) process in evaluating, testing and authorizing systems prior to or after a system is in operation

·            Analyze Nessus vulnerability scan reports to assess patch management integration, and vulnerability analysis of  the information systems security posture

·            Assist with evaluating known vulnerabilities and execute a Plan of Action and Milestones (POA&M), in order to mitigate any known weaknesses.

·            Ensured all critical security patches and upgrades are implemented as required.

·            Performed risk assessments of the IT infrastructure to identify and correct vulnerabilities.

·            Provide Security Monitoring and incident response to information security alert events

·            Analyze network traffic and IDS alerts to assess, prioritize and differentiate between potential attempts and false alerts.

 

EDUCATION

 

George Mason University, Fairfax, VA

Bachelor of Science       

 

CERTIFICATIONS

 

·            Certified Ethical Hacker (CEH) & Certified Penetration Tester (CPT)

·            CSAM Certified (via Department of justice)

·            Certificate, Interconnecting Cisco Network Devices

·            Certificate, Introduction to Linux Redhat 5.2

·            Certificate, Network Engineering and Management

 

TECHNICAL SKILLS

 

Networking: Pre-installation, planning, design and implementation of LAN/WAN’s. pfSense, Sonicwall, PaloAlto, Cisco and Netgear, Cisco switches, Novell NetWare and  Windows Server family, network performance and management, diagnostic and troubleshooting of HW/SW issues, remote system management, and implementation of network copiers and printers (Sharp, Nauticon, Richo)

 

 

 

 

 

 

Operating Systems: Windows Server family 20xx, Windows 7, Vista, XP, Linux Redhat, Ubuntu

 

Software: Nessus, IBM BigFix, Splunk, SCOM, McAfee ePolicy Orchestrator, McAfee Enterprise Security Manager (Nitro), WireShark, NetWitness, Websense TRITON, NMAP, BackupExec, Egnyte, Bomgar, Symantec Nav, Ghost, PuTTY, MS Office Suite 20xx,  Google full suite solution, Adobe, AllwaySync, MS Exchange, Lotus Mail and Organizer 2.1, ProComm PLUS, Remedy, Cisco VPN, VNC and Lenel security system

 

 

 

PROFESSIONAL EXPERIENCE

 

DataWiz                                                                                                       May  2013 – Present

Client: Department of Labor (OIG)

Security Analyst

·               Assist in developing processes and procedures associated with log management

·               Support existing Splunk infrastructure Log Management

·               Oracle Audit Vault  ( Log alert management )

·               SCOM (System Center Operations Manager) Log management and alert setup

·               IBM Bigfix ( compliance and vulnerability management )

·               PaloAlto networks  monitoring traffic to investigate security alerts

·               Determine compliance with security controls and address control deficiencies including Plan of Action and Milestones (POA&M), Corrective Action Plans, Scheduling, and Resource Requirements

·               Perform network security scans, analysis and risk management using Nessus

·               Assess/calculate risk based on threats, vulnerabilities and shortfalls uncovered in testing

·               Briefs management on the status of action items

·               Skilled in working in line with security policies to perform network discovery and prioritization, vulnerability assessment, risk rating, threat correlation, asset-based remediation management, and measurement and reporting

 

 

 

SiloSmashers                                                                                   January 2013 – April 2013

Client: GSA

Security Analyst

·               Providing technical skill and knowledge, reassessment in support of Authorization and Accreditation (A&A).

·               Participate in the creation of enterprise security documents (Security plans and Risk Assessments)

·               Review system documentation, technical scans and other documentation pertaining to government systems in order to identify and create System Analysis Reports, POA&Ms and other documentation in support of the information systems.

·               Key contributor to compliance and risk mitigation efforts, to include POA&M management and continuous monitoring efforts in support of the client

 

 

 

 

 

Chickasaw Nation Industries (CNIIT), LLC                           September 2012 – January 2013
Client: U. S. Food and Drug Administration (FDA)

Information Security Specialist                                                  

 

·            Use TAF ( Trusted Agent FISMA ) in performing Security assessments and developing System Security Plans (SSPs).

·            Work with Information System owners to assist with achieving an ATO (Authorization To Operate).

·            Identifying and assessing risk, using NIST 800 Special Publication, FIPS publications and (FISMA) guidelines to assess and reduce risk to acceptable measures.

·            Responsible for the management of Plan of Action and Milestones (POA&M), to identify, assess, prioritize, and monitor the progress of corrective actions pertaining to information security weaknesses found within programs and systems.

·            Work closely with Information System owners to perform annual assessment.

·            Protecting systems and resources from unauthorized access by determining the level of authorization needed to system and network resources

·            Perform Ad-HOC Nessus scans to confirm mitigation actions.

 

 

 

 

 

 

Wireless Facilities Inc.                                                         October 2000 – March 2012

IT Manager (March 2006 – March 2012)

Network Engineer III / Helpdesk Manager (June 2003 – March 2006)

System Administrator (October 2000 – June 2003)

·            Participated as a member of the North American Leadership team which entailed giving weekly updates to the CEO and the Senior Department Heads, as well as participation in daily discussions regarding corporate operations and long-term strategic planning.

·            Worked directly with HR Department to ensure proper procedures were in place and updated for onboarding and offloading of employees, plus asset recovery.

·            Worked directly with general counsel supporting contract reviews in order to adhere to clients’ contractual guidelines and to assist with investigations and data recovery during litigation. 

·            Designed and executed security guidelines for physical access and monitoring at headquarter and all satellite offices.

·            Assisted with drafting Sarbanes Oxley (SOX) IT internal controls and implemented processes corporate-wide to meet SOX requirements.

·            Implement NIST guidelines in controlling software development and security controls

·            Ensured that access to corporate resources was controlled by an approval process on an as-needed basis. 

·            Provided training and guidance to IT staff regarding corporate policies and procedures.

·            Ensured all critical security patches and upgrades were implemented as required.

·            Implemented server backup and disaster recovery procedures to ensure full data recovery.

·            Tested and implemented company-wide PC data backup and recovery solution.

·            Performed risk assessments of the IT infrastructure to identify and correct vulnerabilities.

·            Analyzed Nessus reports assessing the security vulnerability of the infrastructure.

·            Responsible for all aspects of system security including log management.

·            Implemented secure cloud files server solution for data sharing with vendors and clients.

·            Designed and set up project offices for Samsung, Sprint and T-Mobile to adhere to clients’ corporate guidelines and compliance demands.

·            Assisted Facilities department with client (AT&T) inventory, access and security monitoring.

·            Managed and maintained Avaya phone system. 

·            Served as the vendor point of contact for IT issues, contract negotiation and troubleshooting

·            Implemented Bomgar solution to provide remote end user support, server management and online training and presentations.

·            Managed all corporate mobile devices including ordering, activation and troubleshooting.

·            Managed BES server, including account setup / deactivation and wipe of lost or stolen devices.

·            Managed offsite hosting solution (DBSi), planed scheduled maintenance and troubleshooting.

·            Managed daily helpdesk operations, helpdesk queue, and staff productivity.

 

 

User Technology Associates         April 1997 – October 2000

Network Engineer (Client: Truland Inc.)

·            Maintained weekly network status updates for senior staff.

·            Volunteered to help launch the commercial IT support division at UTA.

·            Installed, configured and managed servers, routers and switches.

·            Designed and installed air gap solution with swappable drives for optimal LAN security.

·            Involved with the design and infrastructure upgrade (token ring to CAT 5 Ethernet).

·            Migrated client from Novell to Microsoft servers’ platform.

·            Maintained corporate hardware and software inventory.

·            Responsible for data backup and recovery procedures.

·            Designed and implemented satellite offices, setup and closures.

 

 

 

PERSONAL QUALIFICATIONS

·            United States Citizen ·            United States Security clearance (Secret and Pre-approved TS)