WARNER S. STERLING, CAP, CISA, CISSP, PMP
CLEARANCE:
Top Secret (SSBI) with SCI
SPECIALTIES:
* Federal Audits * Project Management
* Security Assessments * Risk Management Framework
* Security Authorization * FISMA Policy Development
CERTIFICATIONS:
Certified Information Systems Security Professional (CISSP)
Project Management Professional (PMP)
Certified Information Security Auditor (CISA)
Certification and Accreditation Professional (CAP)
ITIL V3 Foundation Certificate in IT Service Management
NSA Information Security (INFOSEC) Assessment Methodology (IAM)
NSA Information Security (INFOSEC) Evaluation Methodology (IEM)
EDUCATION:
B.A., Government & Politics, University of Maryland at College Park, 1994
EXPERIENCE:
SRA INTERNATIONAL, INC., ARLINGTON, VA, 2009 TO PRESENT
Data Center Manager, February 2014 to present (Stuttgart, Germany)
• Manage primary USEUCOM data center containing both classified and unclassified systems
• Track all systems and changes to systems resident in data center
• Administer Nortel CS1000E Phone Switch and all related applications including call center
software
Project Manager, January 2013-Present (Stuttgart, Germany)
• Manage projects within an IT Services & Support environment supporting two Department of
Defense (DoD) combatant commands (USEUCOM & USAFRICOM)
• Manage projects end-to-end, from project initiation to scope definition to development,
deployment and project close out
• Facilitate all project meetings
• Manage resources, scope and schedule
ITIL Release Manager, June 2012-January 2013 (Stuttgart, Germany)
• Developed ITIL-based processes to support Release Management within an IT Services & Support
environment supporting two DoD combatant commands
Managed release process end-to-end, from planning of release content to release deployment to
•
production
Facilitated all release meetings
•
Planned the deployment of software releases of products and in-house applications
•
Improved release performance and reliability by monitoring progress and employing appropriate
•
metrics and management reports
Information Assurance Lead, August 2011-June 2012 (Stuttgart, Germany)
• Led a team of 7 employees in creating DoD Information Assurance Certification and Accreditation
(C&A) Process (DIACAP) accreditation packages for US Africa Command (AFRICOM) systems
• Led effort to update and maintain enterprise network C&A package to reflect new network
architecture and to achieve and maintain DIACAP accreditation
• Performed Security Assessments based on Defense Information Systems Agency (DISA) Security
Technical Implementation Guides (STIG) and Information Assurance Vulnerability Alerts (IAVA)
Information Assurance Project Manager, September 2009-July2011
• Performed Security Test and Evaluation (ST&E) based on National Institute of Standards and
Technology (NIST) guidelines
• Developed corporate Certification and Accreditation (C&A) program based on NIST guidelines
• Led effort to update and maintain enterprise network C&A package to reflect new network
architecture
• Led team in creating Department of Defense Information Assurance Certification and
Accreditation Process (DIACAP) accreditation packages for ten Department of Defense (DoD)
systems
• Trained junior team members on FISMA and NIST methodologies
KPMG LLP, WASHINGTON, DC, 2008 TO 2009
Team Lead, Federal Deposit Insurance Corporation (FDIC), September 2008-September 2009
• Supported the FDIC Office of Inspector General (OIG) by performing audits of various systems
and programs
• Audits performed include FISCAM and performance audits in keeping with generally accepted
government auditing standards (GAGAS)
• Researched criteria, interviewed clients, collected and evaluated provided-by-customer (PBC)
items and developed work papers to support the deliverables
SRA INTERNATIONAL, INC., ARLINGTON, VA, 2004-2008
Project Manager, Department of Education, October 2007-August 2008
• Managed project to update and improve C&A, including reviewing C&A packages for Department
of Education (ED) systems
• Defined and documented new templates, policies and procedures to streamline and improve ED's
C&A process
• Performed critical assessments of emerging information assurance concepts and technologies,
methodologies and tools to provide monthly reports to customer
• Managed schedule, customer expectations and contract requirements and supervised work quality
to ensure outstanding results
• Trained junior team members on FISMA and NIST methodologies
Information Assurance Engineer and Team Lead, USDA Forest Service, August 2007-October 2007
• Assisted the USDA Forest Service to develop policies and procedures to meet FISMA
requirements in keeping with NIST SP 800-53 rev.1 and USDA policy
Served as Team Lead of the Technical Controls Team with responsibility for all technical controls
•
Information Assurance Engineer, US Citizenship and Immigration Service, June 2007-August 2007
• Led a two-person team at the United States Citizenship and Immigration Service (USCIS) to
collect data and interview at three regional offices
• Managed multiple teams using collected data to create System Security Plans (SSP) and self-
assessments for eighteen sites in under two months
• Enabled USCIS to achieve a passing FISMA score
Information Assurance Engineer and Team Lead, USDA Forest Service, January 2007-June 2007
• Helped the USDA Forest Service to develop policies and procedures to meet FISMA requirements
in keeping with NIST SP 800-53 and USDA policy
• Supported the effort as Team Lead of the Technical Controls Team with responsibility for all
technical controls
Information Assurance Engineer, Department of Commerce, October 2006-January 2007
• Supported the Department of Commerce Office of the Inspector General by auditing agency
security documents and performing Technical Vulnerability Assessments (TVA)
Information Assurance Engineer, Department of Labor, September 2006-October 2006
• Supported the Department of Labor Office of the Solicitor by developing a C&A package for a
new web application
• Led the effort as project manager while also helping to develop the documentation
• Handled the customer’s request to add an extra task by creating updated schedules and budget
estimates based on multiple scenarios
Information Assurance Engineer, Bureau of Land Management, August 2006-September 2006
• Supported the Bureau of Land Management (BLM) by completing a Technical Vulnerability
Assessment (TVA) of their Washington, Denver and Portland offices
• Worked on-site along with the lead contractor’s tech lead to develop the test plan and the
memorandum of agreement, which specified the nature and boundaries of our testing
• Ran Nessus vulnerability scans at each site and then vetted and documented the results
Information Assurance Engineer, Internal Revenue Service, August 2005-August 2006
• Supported the Internal Revenue Service (IRS) in developing C&A packages for a large number of
applications that process personal and corporate tax returns
• Led a team of ten in developing documentation for a list of applications which were regularly
reprioritized, so proper resource utilization was imperative
• Maintained a balance between spend and quality, as the customer required a very tight schedule
• Trained junior team members on FISMA and NIST methodologies
Information Assurance Engineer, Internal Revenue Service, July 2005-August 2005
• Developed a NIST SP800-53-compliant Security Test & Evaluation (ST&E) template for the IRS
to use as part of their security testing regime
Information Assurance Engineer, National Institute of Health, May 2005-July 2005
• Developed a System Security Plan (SSP) for the National Institute of Health (NIH) listserv system
• Interviewed staff and reviewed documentation to create a solid baseline document
Information Assurance Engineer, Defense Information Systems Agency, March 2005-May 2005
Assisted with various aspects in the development of a Trade Study Analysis Document for Defense
•
Information Systems Agency’s (DISA) Defense Collaboration Tool Suite (DCTS) Program
Management Office (PMO) for use in determining a future plan of action
Performed a capabilities analysis, an interoperability analysis and then created a document based
•
on this and other analyses
Reviewed the DCTS v2.02 security architecture from the DISA Security Technical Implementation
•
Guides (STIGs) perspective in anticipation of future platform modifications
Test Engineer, Drug Enforcement Agency, December 2004-March 2005
• Provided project support by building test servers for testing software and hardware additions to the
Drug Enforcement Agency’s (DEA) Firebird enterprise network
• Tested software and hardware for such inclusion as part of infrastructure upgrades on a mix of
Windows NT 4.0, Windows 2000 Server and Professional and Windows XP Professional
Information Assurance Engineer, Defense Information Systems Agency, January 2004-December 2004
• Provided requirements and testing support for Defense Collaboration Tool Suite (DCTS)
• Provided systems administration support for the DCTS NIPRNet Pilot at NORTHCOM, helping to
install and configure the suite to secure it and to support users
• Provided ongoing Information Assurance (IA) support for DCTS Version 3, including the creation
and updating of the System Security Authorization Agreement (SSAA) and other IA
documentation
• Supported the C&A process for DCTS Version 3 IATO and ATO approval, working to find and
close or mitigate C&A findings and advising the development team on IA-related issues (as a DoD
project, DCTS follows DITSCAP (DoD Information Technology Security Certification and
Accreditation Process) for C&A under the jurisdiction of the FSO (Field Security Organization),
which is a unit of DISA (Defense Information Systems Agency)
• Provided ongoing Infosec support to software developers, using knowledge of STIGs and
DITSCAP
SPRINT CORPORATION, RESTON, VA, 1997-2003
Product Manager, Web Hosting, 2001-2003
• Provided central management of Sales, Marketing, Engineering, Operations and Finance for a
product portfolio of the Internet hosting division (E Solutions)
• Analyzed financial justification, developed requirements for engineering and architectural
specifications including security, SLA’s (Service Level Agreements) and vendor evaluation and
developed requirements for internal business processes to support customers (operations and
ordering/billing)
• Assisted sales teams with complex customer opportunities as a subject matter expert on servers,
operating systems, applications and web servers, resulting in key competitive wins
• Developed and presented training for system architects
• Implemented technologies including: Sun, Compaq, Dell, Microsoft Windows 2000 Advanced
Server, Red Hat Linux, iPlanet Web Server, Microsoft IIS, Covalent Apache and Sun One
Messaging and Calendar Server
Network Design Engineer, 1999-2001
• Implemented and configured nationwide network edge and backbone infrastructure including
Cisco concentrators and Gigabit Switch Routers (GSR)
• Designed and implemented mission-critical, integrated on-demand network: Dynamic Host
Configuration Protocol (DHCP), Domain Name Service (DNS), and Trivial File Transfer Protocol
(TFTP) network infrastructures, using Sun Netra Servers and Sun Clustering
Conducted intrusion detection system tests, system performance/benchmark tests and wrote
•
network planning documents
Designed, implemented and configured CacheFlow web-caching technology to optimize customer
•
network performance for availability, reliability and security
Designed and implemented network and server security to harden operating systems and prevent
•
intrusion.
Network Systems Management Analyst, 1997 to 1999
• Supported the nationwide access network for AOL (America Online, one of Sprint’s largest
customers)
• Administered, maintained and upgraded Sun and UltraSparc servers running Solaris operating
systems
• Managed Radius authentication and accounting network and conducted troubleshooting
• Implemented, monitored and maintained HP/Openview, Tivoli Network and System Management
Server, DNS, Simple Mail Transport Protocol (SMTP), Netscape Web Servers and network
routing
RADIX NET, OXON HILL, MD, 1995-1997
System Administrator, 1995-1997
• Designed, configured and installed customers’ in-house networks (Average size of 20-30 nodes)
• Conducted systems administration, configuration, upgrades, maintenance, diagnostics and repair
on Sun Sparc 20 Servers, Intel x86 Servers and Cisco 2000 class routers
• Supported a wide range of customers’ heterogeneous Internet hosts, networks and services to
include: 2,500 interactive dial-up customers; 15 dedicated networks ranging in size from ten PC’s
to a 250-node remote location; 100 commercially-domained virtual web sites
• Systems and services supported included: distributed e-mail servers; domain name registration
and maintenance; user services; routing; firewalls; mailing lists; scripts; accounting and customer
support
HONORS AND AWARDS:
• US Africa Command Certificate of Appreciation for support of command in obtaining an Interim
Authority to Operate (IATO) for the Joint Enterprise Network (JEN)
SRA-Letter of Commendation and Certificate of Appreciation for support of DCTS NIPRNET
•
Pilot
Sprint – Four Sprint Excellence Awards
•
PROFESSIONAL AND PERSONAL REFERENCES AVAILABLE BY REQUEST