Post Job Free

Resume

Sign in

Security Manager

Location:
United States
Posted:
May 28, 2015

Contact this candidate

Resume:

DARLENE R. YOUNG

***** #*** ****** *** *****, MacDill AFB, Tampa FL 33621 acpw3n@r.postjobfree.com 843-***-****

SPECIAL QUALIFICATIONS

Results driven Cyber Security Professional with over 30 years’ experience in planning, developing and implementing

solutions to address both operational and business requirements. Natural leader with over 20+ years of leadership and

management experience. Proven experience in providing Information Assurance (IA) focused business processes and

policies for the Federal government, Department of Defense, and Intelligence Community based on business

requirements and industry best practices.

SECURITY CLEARANCE: Current Top Secret (SCI Eligible)

CERTIFICATIONS

• •

Certified Information Systems Security Certificate Senior Systems Manager (CNSHSI

Professional (CISSP) #40374 4012)

• •

Certified Information Security Manager (CISM) Fully Qualified Navy Validator (FQNV #I0303)

#0301390 Certificate Enterprise Data at Rest (DISA)

• •

Certified in Risk and Information Systems Preparing for CISA Exam 2015

Control (CRISC) #1000897

• Certified CEH; preparing for v8

• Certificate Information Systems Security

Professional (NSTISSI 4011)

AREA OF EXPERTISE

• Security Risk Management Compliance

Demonstrated experience in Cyber Security policies and activities for networks, systems and applications including

Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring.

• Certification and Accrediation (C&A) Assessment and Authorization

Subject Matter Expert in details and intricacies of DIACAP, Risk Management Framework (RMF), ICD503, NIST,

HIPPA, laws, regulations and standards. Hands-on experience to verify, validate, and authorize activities, and creating

Risk Mitigations and Remediations, manage POA&Ms for approval to operate for system life cycle. Develop all

supporting documentation.

• Program Project Management

Strategic Project/Task manager with 20+ years of experience. Results driven professional, able to multitask and

optimize resources. Thrives in a fast paced environment.

• Leadership Communications

Proven superior interpersonal communications skills. Identifies problems; determines accuracy and relevance of

information; uses sound judgment to generate and evaluate alternatives for closure. Work closely with clients ensuring

their needs are understood and provide quality services for complete customer satisfaction.

PROFESSIONAL EXPERIENCE

1

DARLENE R. YOUNG

All Positions Listed are Full Time – 40+ hour work week (Monday – Friday)

Falconwood Incorporated Charleston SC June 2013 – Present

Risk Management Compliance

Providing support to the SPAWAR System Center, Naval Enterprise Networks (NEN) Program Management Office

(PMW 205). Direct report to the Chief Information Security Officer (CISO) as a trusted advisor and Subject Matter

Expert (SME). Established the first ever NEN PMW 205 Cyber Security governance framework for risk management

and reporting for the Navy Marine Corps Intranet (NMCI) enterprise network. This was a critical driver for ensuring

consistent standards, and practices to measurably increase efficiency and effectiveness for the largest intranet in the

U.S. government, ensuring the confidentiality, integrity, and availability of systems, networks, and data.

• Led efforts to ensure compliance with Federal Information Security Management Act (FISMA), Fragmentary

Orders (FRAGO), Operations Orders (OP ORDs), and Information Assurance Vulnerability Alerts/Bulletins

(IAVAs/IAVBs)

• Research, assessed and provided comprehensive analysis on current and emerging Cyber threat warnings,

bulletins, alerts, vulnerability trends in support of requirements and compliance.

• Created dashboards, briefings and status reports from the Online Compliance Reporting System (OCRS),

Vulnerability Remediation Asset Manager (VRAM), and other resources in support of the Risk Management

• Developed Communications Plan, Standard Operating Procedures for collaborating with PMO, NetOps, and PORs

owners for emerging Cybersecurity policies, best business practices and governing requirements

Fully Qualified Navy Validator Certification and Accrediation Analyst

Supporting NMCI Certification and Accrediation, Assessment and Authorization services for Enterprise, Solutions and

Sites.

• Assess Security Controls, and make recommendations for reduction of risk

• Validate, and make recommendations for improvements for security documentation supporting C&A

• Analysis of NMCI compliance for Department the Navy Application and Database Management System

• Managed and updated the Enterprise Network Ports, Protocol, and Services Management (PPSM) for packages

during validation in accordance with DoD regulations, policies, and guidelines.

• Provide DIACAP to RMF standardized processes and transition requirements

• Training and mentoring new employees; assuring that product deliverables are accurate, and meeting quality

requirements to obtain Authorization to Operate

• Continuous collaborations with HP Engineering, Action Officers, Approving Authorities, Stakeholders, PMs and

PEO

Scientific Research Corporation Charleston SC November 2009 – June 2013

Senior Information Security Analyst

2

DARLENE R. YOUNG

Provided Cyber Security support to the Navy Space and Warfare Systems Center Charleston, DIA and US Central

Command establishing and maintaining a collaborative strategy across several projects to enhance and meet

stakeholder’s objectives, reduce cost, schedules and performance goals. Subject Matter Expert leading a team

providing Cyber Security, information privacy, physical security, incident response, and business continuity planning

& disaster recovery.

SME supporting the Defense Intelligence Agency, Inter-Agency Task Force Counterintelligence and Human

Intelligence Center (DCHC), Requirements Reporting and Operations Management Environment (CHROME)

program.

• Conducted research, and building of Ontology concepts

• Conducted business analysis for the development of Analysis-of-Alternative (AoA) by selecting and

recommending the most efficient alternative Ontology solution

• Identified, defined and documented the methodologies to build the Ontology by entities, attributes and

processes

• Conducting evaluation of technologies for content intelligence information retrieval. Building of the Ontologies

and conducting information extraction of natural language for the testing of the proof of concept under

development

o AoA products reviewed included the General Architecture for Test Engineering, Protégé Ontology editor,

and Protégé Web Ontology Language

o Developed an overview brief and user guide on the AoA product

IA Lead Subject Matter Export (SME)

Provided support to United States Central Command Joint Combined Technology Demonstration (JCTD) project, One

Box-One Wire (OB-1). Project demonstrated, assessed solutions and innovative concepts to address transformation of

the existing Department of Defense air-gapped networks (NIPR, SIPR, etc.) to an environment that allows the user to

access all networks from a single PC terminal while still preserving the separation and security of data flows.

• Provided reports on products performance and capabilities to meet DOD security guidelines for supporting cyber

security requirements to address the joint, coalition and interagency operational gaps in meeting the needs of the

Warfighter

• Lead for the Security Assessment Team performing assessment of the OB-1 solution against the DIACAP, and

NIST 800-53 800-53A Management, Operational and Technical controls

• Developed all supporting Artifacts including the System Security Plan that reflected the installation and security

provisions, Concept of Operations, and the Contingency Plan

SAIC Charleston SC October 2008 – November 2009

Information Security Analyst

Provided system support to the SPAWAR System Center Program Management Office (PMW 160) Tactical Networks

Software Support Activity, Integrated Shipboard Network Systems (ISNS) as the Technical Point of Contact (TPOC).

Lead of Software Support Activities working directly with engineers, installers and program agents to ensure

aggressive installation schedules for mission support to US Navy surface ships and submarines.

3

DARLENE R. YOUNG

• Acted as the designated Point of Contact between the Information System Security Manager (ISSM), System

Owners, Program Manager, and Infrastructure Lead concerning day-to-day system activities, vulnerabilities, and

overall security posture

• Reviewed and analyzed reports for the discovery and identification of Critical, High, and Medium system

weaknesses and coordinated remediating efforts in support of the ISNS

• Supported the generation, editing and maintaining critical system documentation and artifacts Managed and

processed Navy Change Request

• Responsible for toolkit production, established and documented baseline and performed quality assurance prior to

release to ISNS

CACI Chantilly VA July 2005 – July 2008

Senior Information Security Analyst

Lead provided ITIL based support and expertise in the area of Information Assurance (IA) to the Veterans

Administration, Washington DC. Responsibilities included requirements for Risk Management, Certification and

Accreditation, Business Impact Assessments, Contingency Planning, Disaster Recovery Plans. Developed risk

mitigation and remediation strategies, which included documenting, implementing, maintenance of risk.

• Re-directed the activities of the project team members to accomplish project objectives and turned a troubled

project around with complete success

• Day-to-day collaboration with the customer and team members ensured this project was a completed successfully.

We won the re-compete for the project

• Conducted risk assessment and risk mitigation strategy, which included implementation, maintenance, and

documentation of risk, as well as remediation recommendations

• Managed project resources, developed Information Assurance deliverables. Managed and mentored local and

virtual staff on internal and external project tasks. Developed, and presented client project plans and managed

technical implementation

Developed capture and milestone plans working directly with Vice President for the business unit and other executives.

Developed the Information Assurance Strategy for the Business Unit. Captured new business opportunities, and

participated in proposal development and reviews. Documented past performance, bid opportunity tracking, bid/no-

bid analysis, teaming strategies and technical solutions development. Evaluated cost benefit, economic, and risk

analysis in decision making processes.

• Supported Information Assurance and Certification and Accrediation for strategic business objectives in support of

division milestones and strategic alliance reviews. Key contributor to capturing new business opportunties while

leveraging technical successes of proven company innovations

• Performed analysis of services for improvements that resulted cost savings, better use of resources, and meeting

security requirements without increasing overall budget

• Fostered client relationships and expanded new opportunities

SAIC (EMA) Charleston SC November 2004 – July 2005

Information Security Analyst

4

DARLENE R. YOUNG

Provided direct hands-on support to the Naval Medical Information Management Center (NMIMC) enterprise network

Certification and Accrediation.

• Recommended policies, procedures, and actions as appropriate to achieve Approval to Operate for the NMIMC

enterprise network

• Provided Information Systems Security Assessments, and advised the client on legislations and regulations to

include Certification and Accrediation requirements, HIPAA and FISMA compliance

• Determine the process used to accomplish goals, properly document processes, directed team members, ensured

efficient work flow, identify opportunities for synergy and integration, and simplify complex processes for

complete project success

SAIC Columbia MD June 2004 – November 2004

Senior Information Security Analyst

Performed the duties of an Information System Security Officer (ISSO) in support of the Trailblazer Project. Provided

assistance to establish an approved process for handling security incidents or vulnerabilities. Monitor system recovery

processes and ensure proper restoration of information system security features, development supporting System

Security Plans and Contingency Plans.

• Continuously interfaced with government Project Management, to discuss requirements and provide status reports

to both Client and Corporate Management. Liaison with developers and engineer team to ensure requirements

were met in accordance with Client specifications

• Ensured that systems were certified and accredited using applicable Government standards. Prepared

documentation and coordinate with accreditors

• Prepared and reviewed documentation to include System Security Plans (SSPs), Risk Assessment Reports, and

System Requirements Traceability Matrices (SRTMs). Supported security authorization activities in compliance

with NSA/CSS Information System Certification and Accreditation Process (NISCAP)

• Key author of the backup, disaster recovery (DR), and continuity of operations planning (COOP) plans

Lockheed Martin Corporation Elkridge MD May 2001 – May 2004

Information Security Analyst

Supported the National Security Agency (NSA) R&D INFOSEC Attack, Sensing, Warning and Response, Protection

of Vital Data program. Analyzed, installed and evaluated Intrusion Detection Technology for detecting host and

network based intrusions. Documented the characterization and attribution of threats, and reported on the findings for

situational awareness, and the development of mitigation strategies.

• Lead a multi-disciplined team of engineers, technicians, and developers in execution of computer network attack

vectors, exploitations and emerging IDS threat detection technologies

• Provided support in the development of the NSA Intrusion Detection Comprehensive Capabilities (IDCCL) testing

criteria. Developed test plans, and conducted testing, and reported results. Participated in Red/Blue Team

exercises

5

DARLENE R. YOUNG

Computer Science Corporation Hanover MD May 1999 – April 2001

Principal Security Engineer

Provided Information Assurance support for the National Security Agency, Multi System Security Initiative Team.

Integrated and conducted comprehensive testing on security exploitation techniques and vulnerabilities that could have

been leveraged to launch an attack against critical data and information systems.

• Developed solutions that provided reliable interoperability, well-protected security perimeters, and optimal

configuration of security devices on the network infrastructure. Installed, configured and tested various security

products for readiness requirements to increase system/network security

• Developed standardization and interoperability documentation, and test plans in support of Defense Messaging

System (DMS) Transitional User Agents. Conducted testing and evaluation

• Certified Certificate Authority Workstation (CAW) Administrator. Provided guidance and direction in the

methodologies for the DMS infrastructure

Information Assurance Analyst

Lead IA analyst supporting the United States Agency for International Development (USAID) PRIME contract.

Developed and implemented the Information System Security Program. Ensured the integrity and protection of

networks, systems, and applications by technical enforcement of organizational security policies. Developed

certification and accreditation documentation including Incident Response and Contingency Plan.

• Performed system audits and vulnerability assessments ensuring full compliance

• Authored the General Support System Security Plan for the Enterprise Network migration plans to Windows 2000

• Key author of the State of Maryland Security Policy, including the Data Center Remote Access Policy. Worked

closely with state agencies and institutions to ensure policy took into account unique business needs, best practices

and were tailored for client’s environments

RGII Technologies Corporation Annapolis MD March 1998 – April 1999

Information Assurance Analyst

Provided support to the Navy Space and Warfare Systems Center Charleston, Supporting the Naval Medical

Information Management Center (NMIMC) Enterprise network Certification and Accrediation.

• Performed network/system assessments as related to system accreditation procedures and protected information

resources using advanced Vulnerability Assessment techniques and technologies

• Developed Certification and Accrediation artifacts in support of operations capabilities

• Developed a turnkey Security Awareness Training program and all associated curriculums

• Conduct training, awareness exercises and seminars for users and administrators as directed by the COR,

including annual information assurance training, awareness briefings, and new employee orientation

6

DARLENE R. YOUNG

• Researched requirements for the Protection of Health Information (PHI). Prepared supplemental technical papers

ensuring security requirements were met

TELOS Corporation Arlington VA (Pentagon) September 1997 – March 1998

Information Assurance Analyst

Direct support to the Director of Security, Single Agency Management, Information Technology Services, Pentagon.

• Developed the IA policies and procedures for insertion into the Pentagon Security Manual

• Authored several papers for the SAM on network security, intrusion detection, and virus protection

• Conducted system analyses on SAM networks/systems, and provided reports of findings and mitigation

recommendations for risk mitigation and reduction of overall risks

• Responsibilities including Certification and Accrediation for all of SAM systems and network

• Conduct Information Assurance training, awareness exercises and seminars for users and administrators, including

annual information assurance training, awareness briefings, and new employee orientation

United States Navy

Cryptologic Technician Administration Senior Chief (CTACS) June 1980 – October 1997

Defense Courier Service Ft. George G. Meade, MD November 1995 – October 1997

Information Assurance Manager/Assistant Special Security Officer

Principle advisor to the Commander Defense Courier Station Ft Meade, exercised through USTRANSCOM supporting

global courier networks and facilities for the expeditious, cost-effective, and secure distribution of highly classified

and sensitive material. Responsibility included Certification and Accrediation management for all Defense Courier

Stations

• Served as the advisor and representative for matters pertaining to Security Management, Special Security

Officer duties and SCIF matters, including physical security requirements for courier stations worldwide

• Ensured personnel security investigations, clearances and accesses were properly recorded and maintained

• Developed security procedures, including visitor control to all courier stations. Conducted site visits, Information

Assurance training, awareness exercises and seminars for users and administrators, including annual information

assurance training, awareness briefings, and new employee orientation

7

DARLENE R. YOUNG

Naval Computer and Telecommunications Area Master Station Eastern Pacific Wahiawa Hawaii

November 1992 – October 1995

Assistant Special Security Officer/Administrative Manager

Assistance SSO reporting directly to the Commanding Officer. Managed the Information Security (INFOSEC)

program command wide. Directed SSO staff, controlled all classified materials, Sensitive Compartmented Information

(SCI) and Special Access Programs. Top Secret Control Officer. Conduct Information Assurance training for

commend personnel, including annual information assurance training, awareness briefings, and new employee

orientation. Managed oversight and control off all Personnel Security Investigations.

• Managed all Visitor Access Control to command SCI Facilities

• Managed and tracked all security violations and incident handling

Naval Security Group Activity Northwest Chesapeake VA November 1989 – September 1992

Administrative Manager/Command Career Counselor

Provided direct support to the Commanding/Executive Officers as the Administrative Manager, ensuring operationally

readiness. Performed additional duties as the Command Career Counselor - lauded by the Commanding Officer for

services provided to the entire command staff. Received numerous awards for the Command Career Programs

Naval Security Station Washington DC May 1986 – August 1989

Administrative/Security Assistant

Performed administrative functions including personnel and security duties for the Naval Security Station. Supervised

and oversight of supporting staff. Maintained control of all incoming and outgoing materials and mail for the

command and the HQs Naval Security Group

Defence Courier Station Pacific GUAM March 1984 – April 1986

Defense Courier

Provided Courier Services to Department of Defense, and Diplomatic Courier Services for the expeditious, cost-

effective, and secure transmission of qualified classified documents and material worldwide. Developed standard

operation procedures for DCS staff ensuring control of all materials worldwide. Provided emergent responses for

delivery and transfer of qualified shipments during contingencies and emergency activities.

• Performed duties as the Security Assistant to the Officer In Charge

Naval Security Group Activity Adak AK March 1982 – March 1984

8

DARLENE R. YOUNG

Administrative Assistant/Technician

Performed administrative functions including personnel and physical security duties for the Naval Security Group and

Intelligence Community.

9



Contact this candidate