Stephanie Peel

*** ****** ****

Athens, GA *****

Mobile: 706-***-****

Email: acqzy4@r.postjobfree.com

Work Experience:

TekSystems

Point Mugu, CA United States

**/**** – Present

Information System Security Engineer

Supervisor: Adam Coffey 805-***-****)

Conducting risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs. Promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations’ visions and goals. Conducting systems security evaluations, audits, and reviews. Assessing security events to determine impact and implementing corrective actions. Ensuring the rigorous application of information security/ information assurance policies, principles, and practices in the delivery of all IT services. Develop IS accreditation support documentation which includes Risk Assessment, System Test and Evaluation (ST&E), Disaster Recovery Plan. Annually test Contingency Plan, PII, and security policies and coordinate penetration test on the network in accordance with Federal Information Security Management Act (FISMA). Establish local security policies, defines scope and objective for the IA program. I have up to TS level clearance

University of Georgia

101 Cedar Street

Athens, GA 30602 United States

06/2013 – 09/2014

IT Security Analyst Specialist

Supervisor: Will Laney 706-***-****)

Coordinate with key stakeholders to plan and conduct penetration test for critical systems prior to implementation. Analyzed application security threats, determined countermeasures and identified vulnerabilities and risk. Report findings and recommend corrective actions to the Information Security Officer. Review aggregate vulnerability data, assessment data, and threat trends to identify significant vulnerabilities. Facilitate processes for hardening of systems, application design prior to implementation. Conduct routine security audits including access audits, network audits, default password scans. Conduct routine tests of systems, applications to verify security configuration and to identify vulnerabilities. Performed manual and automated scans. Monitor remediation activities. I was the Liaison for 3rd party penetration test. Provide the highest level of technical expertise and support to clients, management of staff members in risk assessments and the implementation of appropriate data security procedures and products.

IP PLUS Inc

Sumter, SC United States

06/2009 - 05/2013

Information Security Engineer

Supervisor: Calvin Rhodes 443-***-****)

Manage Information Assurance Vulnerability Management (IAVM) compliance. Ensure IA Awareness Training is conducted yearly to 1,400 network users. Audit/ analyze RETNIA scans for vulnerabilities and non-compliance in security patches; provide weekly updates to the Director on how to mitigate non-compliance systems. Provide consultation and assist in developing IA policies and procedures. Conduct IG Security audits on different commands that are under Army Central and provide written solutions to the commands on regulatory requirements and how to mitigate any non-compliant policies. Trusted Agent (TA) for Alternate Common Access Card (CAC). Perimeter Security Audit (IPC, NAC, Firewall and Proxy servers). Provide subject matter expertise and guidance on the DOD Information Assurance Certification and Accreditation Process (DIACAP). Provide assistance in the installation and monitoring of Host Base Security System (HBSS). Monitor Change configurations/Updates IA portal pages/Investigate all computer incidents, document and prepare written synopsis. Create/update Memorandums of Understanding (MOU), Service Level Agreements (SLA) between Programmed Managed Systems (PMS), Contingency Plans, Incident Response Plans, and PII policy. Created windows batch files to uninstall and reinstall programs and to push anti-virus agents to workstations. Work on the Army Training database to create spreadsheet on privileged user accounts to ensure they have the proper training to be administrators on the network. Audit Virtual servers for vulnerabilities and policy compliance. I held a Top Secret Clearance.

Department of Defense/US Navy

Athens, GA United States

09/1987 - 06/2009

IT/Management Analyst

Supervisor: CAPT Stephanie Miller 313-***-****)

IT Department Head, develop long term plans and projects, annual budgets and resource forecasting. Serve as the Command Information Assurance Manager (IAM) to 8 Learning Sites. Supervised 2 Help Desk Technicians and Management Analyst. Work with our Learning Sites on accreditation of their classrooms. Manage Navy Knowledge Online (NKO) training and NKO web portal pages. Base Realignment and Closure (BRAC) IT Project Manager. Command IAM and advisor to the Commanding Officer on all security issues. Provides IA Awareness Training and network security to 1100 users within 9 countries. Develop IS accreditation support documentation which includes Risk Assessment, System Test and Evaluation (ST&E), Disaster Recovery Plan. Annually test Contingency Plan, PII, and security policies and coordinate penetration test on the network in accordance with Federal Information Security Management Act (FISMA). Establish local security policies, defines scope and objective for the IA program. Conducted monthly RETINA scans and analyzed for network vulnerabilities, insured systems were patched and Security Technical Information Guides (STIGS). Conducted IG security audits on different Commands in 4 countries and prepared reports, which includes findings and recommendations for correction of deficiencies. Manage the Computer Security Incident Response Plan. Detailed as Training Officer for one year, supervising 4 local nationals. Collaborated on Lean Six Sigma projects. Throughout my career with the Government, I have worked in doing IT work in 6 different countries.

Education:

George Washington Carver Chicago, IL United States

High School or equivalent

Cerro Coso Community College Ridgecrest, CA United States

Some College Coursework Completed

Relevant Coursework, Licenses and Certifications:

Certified Information Security Manager (CISM) #0403863

Certified Risk Information System Controls (CRISC) #1002996

Senior IA Systems Manager - CNSSI 4012

Systems Certifier - NSTISSI 4015

Information System Security Professional - NSTISSI 4011

Additional Information:

TECHNICAL PROFICIENCIES

Platforms: Windows 7 /XP/VISTA, Unix/Linux, Active Directory (AD)

Networking: TC/IP, LAN/WAN, IPX/SPX, SMS/SQL, DNS, VPN, Ethernet, DHCP, Wireless, IDS/IPS, SIEM (AcrSight/AlienVault), Data Loss Prevention (DLP), and Log Management

Hardware: Server, Hubs, Router, Switches, Laptops, and Desktops

Languages: HTML, Java, Basis UNIX

Tools: ActivCard Gold Smart Card Agent, MS Office, Oracle, SQL, Dbase, Exchange, Firewall, MS Visio, Citrix, Tivoli, Macromedia Dream weaver & Flash, Adobe Products, Dameware, Veritas MS Projects, Remotely Possible, THINQ, ForeScout (CounterACT), BIGFIX, ERP, PeopleSoft, NESSUS, Nexpose, OWASP, Nikto, Metasploit, BurpSuite, Wireshark, NMap, Backtrack

Government SW: Retina Scanning, Hercules, DynaComm, Reflections, Turboprep, Evolutions, Perseus, Host Base Security System, QTip, Flying Squirel, Security Content Automation Protocol (SCAP), ACAS, eMass

Understanding of the following frameworks: NIST 800-53, ISO 27001, SOX, HIPAA-HITECH, and PCI

Understanding of the following security controls: Window servers/workstations, Linus, Unix and Oracle

Professional Training:

Network Certifier Course, 52hrs, 7/2007; SANS Network Security, 40hrs, 10/2008; BIGFIX, 40hrs, 08/2009; SANS Auditing Networks Perimeters and Systems, 40hrs, 3/2010; SharePoint for Project Managers, 32hrs, 4/2010; CounterACT 6.3.3, 40hrs, 7/2010; Host Base Security System (HBSS). 40hrs, 1/2011; FISMA/NIST RMF Training, 32hrs, 6/2012; Certified Ethical Hacker, 40 hrs, 11/2013; RMF Training 32 hrs, 10/2014

Contact this candidate