Post Job Free

Resume

Sign in

Engineer Security

Location:
Prince George's, MD
Posted:
December 12, 2013

Contact this candidate

Resume:

Sr. Information Security & Network Infrastructure Engineer

acbm6i@r.postjobfree.com

301-***-****

Mr. Tatum has extensive experience DoD Information Technology Security

Certification and Accreditation Process (DITSCAP) and the DoD Information

Assurance Certification and Accreditation Process (DIACAP) in accordance

with DISA, DoDI 5200.40, DoDI 8500.2 and applicable directives. His

experience in DoD Defense Information Systems Agency DISA, DoD

Instructions, and National Institute of Standards and Technology (NIST) and

Federal Information Security Management Act of 2002 (FISMA) security

standards coupled with his in-depth knowledge in Cisco network

infrastructure engineering makes him and excellent candidate for

implementing information security in any complex networking environment.

This Cisco technical experience enables him to provide guidance in defense-

in-dept concepts as well as learning new information systems for the

purpose of operating, securing and applying new security assessment

techniques. Mr. Tatum has lead and implemented vulnerability assessments on

various complex enterprise networks as well as provides security guidance

resulting in the enhancement of system and network security posture.

Key Strengths

Provide Network Security Active (Top Secret) Implementing Department of

Guidance and Clearance Defense Information

Defense-in-Depth Assurance Certification

Strategies and Accreditation Process

(DIACAP)

Implementing Certification Network Infrastructure Vulnerability Assessment

and Accreditation Cisco Engineer

Education

Information Security Training

Comp TIA Security + Certification Course / Red Seal Network Advisor

training / Red Seal Vulnerability Advisor training / Retina Vulnerability

Scanner training / DISA Gold Disk training / CISSP Boot Camp Course /

Internet Security Scanner (ISS) (Vulnerability Scanner) course / System

Scanner (server vulnerability scanner) course / Database Scanner

(database vulnerability scanner) course / AppDetective (database

vulnerability scanner) course / DISA SRR Scripts course / Understanding

DISA STIG's course / DITSCAP Boot Camp /

Information Technology Training

Building Cisco Multi-Layer Switched Networks / Cisco Internetwork

Troubleshooting / OSPF Configuration / BGP Advanced Configuration /

Telecommunications Wide Area Networking / Troubleshooting

Telecommunications / Wide Area Networking / Computer Electronic

Technician Course / Advanced Cisco Router Configuration / Introduction to

Bridges Routers and Switches / Introduction to Cisco Configuration /

Installation and Maintenance Cisco Routers / Check Point NG Firewall

Course / SourceFire 3D System

Certifications

CompTIA Security + Certified

Professional Experience

EXPERIENCE: Information Security

Cyber Security Research and Solutions Corporation ? La Plata, MD

Sr. Security Engineer (Fort Meade) Jan 2012 - Present

Key Contributions:

. Perform security evaluation on the RedSeal product.

. Performed product test and evaluation on the RedSeal product.

. Develop test procedures for RedSeal to confirm product functionality .

. Provide the RedSeal Networks staff members an understanding of the

necessity to integrate DISA STIG requirements into their product.

. Provide guidance to DISA DECC network engineer personnel on how to

properly implement the red seal product within DISA's live network

environment.

. Provided information technology and information security technical

insight and guidance to the DISA client.

Professional Solutions, Arlington, VA

Vulnerability Analyst/ Remediator Professional Solutions July 2011 - Jan 2012

Key Contributions:

. Validate existing security mechanisms, implicitly verify adherence to

organizational policies such as password protection policies, discover

critical vulnerabilities, and determine the effectiveness of the

Computer Network Defense (CND) services being provided.

. Implementing Security Assessments on a regular basis for every DoD

Component and CNDSP.

. Regularly review security IA policies and practices.

. Analyze performance-based assessments to current policies and

practices with recommendations and fixes to increase the IA posture of

the DoD GiG.

. Evaluate and resolve findings within DoD Components IT/IA

configuration control processes.

. Ensure that system/network configurations are meeting the policies and

procedures.

. Harden Components Networks and ensure that CNDSP's services are

effective.

. Document systemic issues within the DoD GiG.

. Locate network design issues with routers, firewalls, system auditing,

intrusion detection alignment, and other aspects of CND services to

include Protect, Detect, Respond, and Sustainment.

. Research, analyze and assess vulnerabilities to determine the

potential impact to the DoD Networks and Information Systems.

. Determine and direct appropriate actions to remediate, mitigate, POA&M

vulnerabilities affecting DODIN systems.

. Communicate with vendors to determine their level of insight and

guidance to address identified vulnerabilities within their products

to ensure IT systems are adequately protected.

. Apply fixes to the targeted system to remove vulnerabilities. Any

vulnerability that cannot be fixed at this time will be mitigated or

POA&M'd. Remediators will continue efforts to:

< Research, analyze and assess vulnerabilities to determine the

potential impact.

< Develop and apply mitigation strategies when justified. Develop

POA&Ms.

Superior Technical Resources Inc., Andrews Air Force Base and Quantico

Marine Base

Information Assurance Specialist (7 Month Project)

Dec

2010 - June 2011

Key Contributions:

Client: United States Air Force Office of Special Investigations (AFOSI)

. My duties included analyze Information Assurance-related issues and

provide engineering, technical, and management solutions. I enabled

the integration of information assurance solutions and technologies

which helped streamline efforts to secure servers, PCs, and network

systems. I customized a Certification and Accreditation process in an

effort to compliment the Air Force Office of Special Investigation's

Defense Base Closure and Realignment Commission (BRAC) objectives.

. Using the DODI 8500.2 and various DISA STIGs, I analyzed and provided

guidance on security requirements for operational systems as well as

systems under development. As issues surface I, developed, engineer,

and implement solutions that meet established security requirements.

. I performed vulnerability and risk analyses of all AFOSI information

systems and applications, during all phases of the system development

life cycle. Implement the DITSCAP, FISMA, DISA STIGS, NIST and DIACAP

process and IA controls. I also conduct weekly vulnerability scans of

NIPRNET, SIPRNET and JWICs networks and identify vulnerabilities and

the mitigation process at Andrews AF Base and Quantico Marine Base.

. Developed security assessment process to streamline efforts of

building new servers, having them thoroughly security assessed then

approving these systems to be moved to the Quantico Marine Base. This

process also incorporated performing a security assessment of all

AFOSI information systems during the Defense Base Closure and

Realignment Commission (BRAC).

. Developed a Vulnerability Matrix to track and report all findings

detected by vulnerability assessment tools. Developed a process for

updating the Vulnerability Matrix in support of the BRAC. Train

permanent contractors within the IA Team to use eEye Digital Retina,

DISA Production Gold Disks and Certification and Accreditation

process.

SRA International, Inc., Arlington, VA

Sr. Information Security Engineer

June 2008 - Dec 2010

Key Contributions:

Using my background in DoD Defense Information Systems Agency DISA, DoD

Instructions, and National Institute of Standards and Technology (NIST)

and Federal Information Security Management Act of 2002 (FISMA) security

standards coupled with my network infrastructure engineering experience I

provide information security and information technology support for

multiple SRA International, Inc. client organizations and government

agencies.

SRA Client: National Institutes of Health (NIH)

. Assist implementing Compliance Monitoring for the National Institutes

of Health's DSS and FLEAR system by conducting system security status

assessment. I also supported the development of IA policy and

procedures. Provided security documentation support by acquiring IA

Security Control compliance statements for the DSS and FLEAR system

then documenting the IA system compliance within the NIH's NCAT

system.

SRA Client: Joint Chiefs of Staff (Pentagon)

. As the Sr. Information Security Engineer on the Joint Chiefs of Staff

project I designed and provided guidance on implementing Certification

and Accreditation process customized to the unique needs of the Joint

Chiefs of Staff's NIPRNet and SIPRNet networking environment to

properly secure their information systems in accordance with DoD

Defense Information Systems Agency (DISA), DoD Instructions, and

National Institute of Standards and Technology (NIST) security

standards. The Objective of my support was to prepare the client for

their January 11th, 2010 DISA security audit. Upon the conclusion of

DISA's one week security assessment of the Joint Chiefs of Staff

networking environments DISA reported a 98% passing score.

. I provided recommendations and guidance to integrate and provide

operational structure to the client's automated security scans being

performed by two separate security teams in an effort to maximize the

quality of service to the client. I consistently provided extensive

enterprise security expertise in the operational environment

supporting and helping to develop and streamline an IT vulnerability

management program for the client organization.

. Provided weekly recommendations and guidance in chaotic situations to

address security issues and obstacles that would threaten the success

of preparing the client's for the DISA security audit.

Additional support included:

< Provide guidance for implementing vulnerability management

detected on Information Technology systems.

< Assessing the client's current network infrastructure to

identify key risks areas and ensure adequate level of

security controls is in place to address those risks.

< Performing vulnerability scanning on information systems to

validate protection has been put in place on all information

systems.

< Provide solutions to reduce security risks to information

systems.

< Provided guidance in the development of vulnerability

remediation plans.

< Provided recommendations and guidance for reporting

information system security posture.

< Perform vulnerability scans in accordance with customer

directives; review the accuracy of reporting data and

incorporate vulnerability scan data into reports.

< Conduct analysis of vulnerability scan data.

SRA Client: U.S. Securities and Exchange Commission

. Developed a Continuous Monitoring program in accordance with the NIST

SP800-37 publication for the U.S. Securities and Exchange Commission

government agency. Upon completion of the SEC Continuous Monitoring

program I provided guidance for its implementation.

SRA Client: Department of Defense Civilian Personnel Management Service

. Provided security guidance to enhance the security posture of the

Department of Defense Civilian Personnel Management Service's

Enterprise Staffing Solution (ESS). Played the lead roll in ensuring

the ESS system is properly evaluated against the Department of Defense

Information Assurance Certification and Accreditation Process (DIACAP)

in pursuit of an authority to operate (ATO). Provided information

security guidance in securing the SRA-CPMS Enclave within the SRA

network infrastructure.

. Provided DoD security guidance to CPMS to enable secure communication

to a commercial organization via the Non-Secure Internet Protocol

Router Network (NIPRNET).

. Perform a security assessment of the SRA network infrastructure using

various vulnerability scanners. Evaluated discovered security findings

and provided guidance for bringing information technology systems to

NIST security compliance.

. Performed research analysis on information technology systems via the

internet needed for upgrading and securing SRA network infrastructure.

. Provided real world security experience in the development of SRA's

SAFE 201 course.

Security Associates Corporation,

Information Security Consultant Dec 2007 - June 2008

Key Contributions:

. Implemented DoD Information Technology Security Certification and

Accreditation Process (DITSCAP) in accordance with DISA, DoDI 5200.40,

DoDI 8500.2 and applicable directives. Performed on-site Information

Assurance vulnerability scans and remote assessments on various naval

computer systems and network devices. Performed assessments using DoD

approved vulnerability assessment tools. Provide technical guidance to

enhance the security posture of the Navy's Third Fleet systems.

Provided wireless security guidance to Cryptek Inc. (client of

Security A.C.) based upon DISA security standards.

Apptis Inc., Arlington, VA

Sr. Infrastructure Information Systems Security Officer Feb. 2007 - Dec. 2007

(ISSO) (Secret Clearance)

Key Contributions:

. As an ISSO I'm responsible for providing network security guidance for

all systems within the Transportation Security Administration (TSA)

network including the network infrastructure itself. This is

accomplished by enforcing security requirements in accordance to

Department of Homeland Security (DHS), National Institute of Standards

and Technology (NIST) and Federal Information Security Management Act

of 2002 (FISMA) security standards. Perform security walk through of

TSA controlled areas of over 400 airports to ensure all physical

security standards are exercised.

. Evaluate new technology to ensure the integrated security controls

meet the necessary security requirements observed by the NIAP Common

Criteria Evaluation and Validation Scheme for IT Security (CCEVS).

Use the Internet to research new technology to acquire in-depth

understanding of the technology for possible integration to the TSA

network infrastructure. Provide technical guidance to ensure new

technology is properly integrated to the designed of the TSA network

infrastructure and fulfills the intended design objective of the

product.

. Provide Defense-in-Depth strategies to enhance the security posture of

the TSA networking environment. Evaluate Information Assurance

vulnerability assessment scan results from multiple airports Local

Area Networks (LAN) within the TSA network intranet. Review and

provide technical and security guidance for system

vulnerabilities/findings detected on TSA systems and network devices.

Assist in the development of the Certification and Accreditation

packages for various TSA systems. Brief the Designated Approving

Authority of the security posture of the overall TSA network.

Network Security Systems Plus, LLC,

Sr. Network Infrastructure Security Engineer (Secret Jan 2003 - Feb 2007

Clearance)

Key Contributions:

. Responsible for performing DoD Information Technology Security

Certification and Accreditation Process (DITSCAP) in accordance with

DoDI 5200.40, DoDI 8500.2 and applicable directives. Performed on-site

and remote Information

Assurance vulnerability assessment scans on multiple Network

Infrastructures and Systems using various vulnerability assessment

tools. Provide technical guidance to enhance and maintain the security

posture of all DoD TRICARE Management Activity (TMA) Contractor's

Automated Information Systems and Network Infrastructure security

posture in accordance to DoD Defense Information Systems Agency DISA

security standards.

. Provided reports from assessment tools indicating the vulnerabilities

determined from the scans along with recommended resolutions.

Responsible for the certification of multiple system platforms and

networks infrastructures in compliance with DoDI 5200.40, DoDI 8500.2,

and other applicable directives.

. TMA Lead Engineer - As a member of a TRICARE Management Activity (TMA)

Team I was responsible for leading the DITSCAP engineering effort in

the Information Assurance security assessment of all Department of

Defense (DoD) TMA contractors pursuing an Authority To Operate (ATO)

from the DoD TMA Designated Approving Authority (DAA). Establish a

Certification and Accreditation Boundary by identifying and

documenting system platforms and network infrastructure devices that

process, store, transmit, connect, or manipulate Department of Defense

(DoD) Sensitive Information (SI). Determine what vulnerability

assessment tools to be used to assess the TMA contractor undergoing

the DITSCAP.

. TMA South Regional Sr. Lead Engineer - Managed all TMA South Regional

Engineers on the TMA project ensuring proper execution of DITSCAP.

Interface with TMA contractor and TMA engineer personnel to address

Information Assurance security issues.

. TMA Regional Support Group (RSG) Sr. Engineer - Provide DITSCAP

engineering support to TMA North, South, and West Regions. Providing

engineering support for vulnerability assessment tools, Certification

and Accreditation Boundary issues. Providing DITSCAP guidance and

recommendations to TMA Management, TMA engineers and TMA contractors

in accordance DoD security standards. Ensure DoD TMA contractors are

granted an Authority to Operate (ATO) Certification and Accreditation

by adhering to the guidelines of the DoD Defense Information Systems

Agency (DISA) Security Technical Implementation Guides (STIG).

. Lead the DITSCAP Engineering effort resulting in the following TMA

contractors awarded an Authority to Operate Certification and

Accreditation by the DoD TMA Designated Approving Authority (DAA):

. TRICARE Management Activity Contractors granted the Authority to

Operate (ATO)

V Brighton Marine Health Centre

V Health Net Federal Services

V Pacific Medical Centers

V Wisconsin Physicians Service

. Execute Certification and Accreditation (C&A) Plans against a

negotiated timeline. Assist the TMA Certification Authority (CA) and

Designated Approving Authority (DAA) in defining all applicable

Information Assurance and security requirements in compliance with all

applicable DoD polices, directives, and guidance.

. Review security design documents (SDDs) identifying the information

technology in place to customize the Information Assurance assessment

scan. Conduct Periodic Review of accredited applications, systems, or

networks to ensure configuration stability and continued compliance

with DoD Defense Information Systems Agency (DISA) Security Technical

Implementation Guides (STIG) security requirements.

. Conduct Physical Security Assessments in compliance with DoD policy,

directives, and guidance. Conduct Ports and Protocol audits in

compliance with DoD policy, directives, and guidance. Conduct Test of

Readiness Reviews validating schedule and readiness for manual and

automated scanning of computing environment components.

. Implemented and Designed an Information Assurance Test and Training

Lab consisting of two 3750 layer three Cisco switches, five 2950 Cisco

switches, one 2800 Cisco router, and one PIX 515E Cisco firewall.

Installed and configured lab infrastructure to support two T1

connections and one DSL. Prepare comprehensive Risk Assessment Reports

to support interim accreditation and Accreditation Reports to support

full accreditations.

EXPERIENCE: Information Technology

The Centech Group,

Network Infrastructure Engineer (Secret Clearance) Jun 1999 - Jan 2003

Key Contributions:

The Centech Group Client: USAID

. Working for The Centech Group on the USAID project (Government

contract). Providing Telecom and Network Management support within

the USAID WAN.

Maintain a complex Cisco switched LAN, consisting of two 6509 layer

three switches and sixty one 6000 switches, twelve 2950 switches, and

twenty seven 3750 layer thee switches.

. Provide network solutions for Bureaus within the USAID LAN (within the

Ronald Reagan Building) to accommodate special networking needs.

. Upgrade Cisco Router and Switch Software Release and IOS for optimal

network performance.

. Utilized Cisco Works 2000 and Netsys to manage Cisco devices

Provide Wide Area Network design recommendation to improve Intranet

network performance and enable future network growth.

. Maintain and troubleshoot Cisco Routers and Switches. Configured USAID

Switches and Routers to support IP, OSPF, BGP, IP, IGRP, EIGRP, ISL,

HSRP, Spanning-Tree, PPP, DDR, ISDN, and Frame-Relay.

Boeing Information Services

Network Infrastructure Engineer Jun 1997 to Jun 1999

Key Contributions:

Boeing Client: RCAS project

Working for Boeing Information Services on the RCAS project (Government

contract). Providing Network engineering support for the U.S. ARMY

NATIONAL GUARD and U.S. ARMY RESERVE Wide Area Network.

. Duties included upgrading maintaining, Cisco routers.

. Redesigning the WAN to support network growth for future technologies.

. Redesigning the WAN to increase data through put and Internet access.

. Configured Cisco routers to support Dial on Demand, PPP, Frame Relay,

ATM, IP, RIP, IGRP, EIGRP, BGP,and OSPF.

. Install /Troubleshoot Wire Hubs/Network Cable 10Base-2, 10Base-T.

. Test and customize new technology to be introduced to the Customer's WAN.

. Establish new business opportunities for the company.

. Diagnose and test network designs using Cisco's Netsys and Cisco Works.

GTE,

Field Network Infrastructure Engineer May 1996 - Jun 1997

Key Contributions:

RCAS project

. Contracted to Boeing Information Services on the RCAS project (Government

contract). Boeing provided network support for the U.S. ARMY NATIONAL

GUARD and U.S. ARMY RESERVE Wide Area Network. I was part of Network

Control Center maintaining over 6000 Cisco routers.

. Managed over 6,000 Cisco Routers on a 55,000 user Wide Area Network

. Managed Cisco 1000, 2500, 4000, and 7000 series router with IOS software

version 10.x, 11.x

. Utilized HP Open View to monitor all Cisco Routers and Windows NT

servers.

. Maintained, Troubleshoot, Install, Customize and Configure all Cisco

Routers remotely or by direct connections.

. Configured Cisco routers to support PPP, Frame Relay, ATM, IP, RIP, IGRP,

EIGRP, BGP,and OSPF.

. Maintained Wide Area Network graphical presentation on HP Open View's IP

map.

. Network Control Center Lead.

InterAmerica,

NetWare Engineer Jan 1996 - May 1996

Key Contributions:

. Maintain NetWare Server(s) in Various Congressman and Committee Offices

at the CAPITOL BUILDING, U.S. HOUSE OF REPRESENETIVES and its Annexes.

. Install, Configure, Troubleshoot Cisco routers.

. Maintain/Troubleshoot Network Servers Using Novell NetWare Operation

Systems.

. Install, Configure and Troubleshoot NetWare Servers and Workstation

Clients.

. Install, Configure and Troubleshoot MS Windows For Work Groups.

. Maintained Internet access. Implement Memory Management.

. Install /Troubleshoot Wire Hubs/NetWork Cards/NetWork Cable 10Base-2,

10Base-T.

HardWare and Software Installation, Configuration and Upgrade.

U.S. Navy, Long Beach, CA

Operations Specialist (Secret Clearance) July 1990 - July 1994

Key Contributions:

. Operate Ship's Wide Area NetWork (WAN) Using Naval Tactical Data System

(NTDS)

. Supervised Data Communications

. Troubleshoot/Maintenance Electronics Systems

. Supervised 10 Member Workgroup

. Managed Intelligence Information Over the Network

References Available Upon Request



Contact this candidate