Personal Information:

Mrs. Barbara Kochis

**** *. ******** ****** ******, OK 73026, United States

Mobile Cell: 405-***-**** – Email: ad4czo@r.postjobfree.com

U.S. Citizen, Secret Clearance, No Veteran experience

Security + Certification since 2014

Current Experience: 9 Years Network Analyst Cybersecurity Analyst Active Directory / Information System Security Manager (ISSM)

AIR FORCE USA TINKER OKLAHOMA CITY BASE

Tinker 72ABW/CE Civil Engineering

7535 N 5th Street Building 400 Oklahoma City, OK. 73145, United States

12/2015 to Present

Salary: Hours per week: 40 Series 0855 Pay Plan: GS12 Grade 7-12

Title: Civilian Electronics Engineer 0855 Official Information Security System Manager ISSM /

Cybersecurity Liaison:

I manage the HQ Network Tinker AFB for all of their Security Controls outlined in the NIST 800-53. I developed baseline for RMF I set 800 security Controls what risks are associated with those environments, and how that relates in context with our business goals these are crucial to having success with the Risk RFM Framework Management. Annually I documented all changes per Industrial Control Systems. I developed and tracked Configuration Changes those changes year to year and led the change board.

12/2015 to Present

TITLE: Civilian Electronics Engineer 0855

Supervisor- Willie Washington

Duties, Accomplishments and Related Skills: My skills are Communication, End Point management, Computer Science, Incident Response, I am the IT ISSM for RMF, IT Security Engineering, IT Security Manager, IT Security Officer, RMF-Certification and Accreditation Process, Conducting Vulnerability Analysis, Developing Mitigation Plans, Performing Penetration testing, Password Protection testing and Application Security Testing, Excellent Customer Service, Interpersonal is Excellent, I have excellent verbal and Written Communication Skills. I plan, schedule, use Project. I have uncanny Timing and when to Begin a process and or event. Security Sockets Layer SSL - Transport Layer Security – is updated version of SSL. I have Expertise in the following applications ISE, VPN, IKEv1, SSL, VPN, AnyConnect, IPsec is critical Mass for any protected IT environment meant for secure business tractions. Network Administration and I manage network updates and Command Post Upgrades across this nation. SCADA, System Deployment, NIST usage, Firewalls, Automation, Stabilization to the network plan. I script SQL, Linux, Cisco, Python, I controlled ALL devices connecting to the network end point security. I handed vendors updated compliant laptops and monitored the transfer of their proprietary software to this device checked it again for configuration and compliance and then allowed it to connect to grant vendor updates to my managed environment I have never had one issue. I am currently assisting in the area of access control of our primary network for the 72ABW/CE here are some of the tasks I have overtaken. Active Directory, Access Control: validating identities and granting access to different systems, facilities, etc. Awareness and Training: Giving employees and others the ability to be part of my cybersecurity plan, I plan education and training. Data Security: Manage data according to company standards the cybersecurity laws policies NIST to mitigate cybersecurity risks, and protect its Availability, Integrity, and Confidentiality proactively. Information Protection Processes & Procedures: Put in place the policies, processes, and procedures that you need to manage the protection of your assets. Maintenance: Continuously repair your Information System components and mitigate them. Protective Technology: It is my duty to deploy security solutions according to policies in place at a minimum and as needed for our protection, Some examples of ways to attain these requirements are: I assist in preventing data breaches by using 2FA, and MFA, and controlling access to all of your environments and data. It is my job to ensure our employees are knowledgeable and are properly trained on how to handle your company's critical data and their various levels of access. I prevent accidents incidents spillage to the letter of my guidance and if I feel there are layers that could be applied in addition then I educate my management to the benefits of adding new technology to aid my job tasking as much as possible. I make sure our data is encrypted, in motion, and protected in all ways possible including static and dynamic.

I am the Tinker Air Force Base 72nd ABW/CE, Information Security System Manager (ISSM), of Civil Engineering. I use NIST SP 800-171 when going into any business that I know I can help them gain control of their Security, basically it helps me obtain 80% of what is necessary with 20% of my actual hard hitting efforts Because I love to work and I love to find the best ways to perform any job. I actually accepted a job no one knew how to do and or I took on what no other IT person what to do. The other department actually laughed at me and my new job but I went on to gain two awards while in my current position one was the wildcatter’s award 2017 for gaining ATO for our Controls and the second award was due to my Financial PM work inside of the ITIPS database 2019. I transferred from the 38th when a friend requested me to help him with his vision for Energy Resiliency and to bring CE’s Control Systems to ATO. I enter information into both eMASS & ITIPS and working through the each Section of NIST Security Code I entered over 800 separate Security controls I also give users access and permission as I place them into our primary network. I was the first civilian to gain Authority to Operate (ATO). I support our AFCEC ISSO in accordance to their contract tasking. Once I completed the reports I would review them for accuracy then I send ATO packages to the 72ABW/CE Director for the signature. I function as Civil Engineering ISO, where I established policies, processes and procedures in support of system-level implementation of our organization’s security controls, and maintenance program. This includes developing and documenting a software engineering strategy for the information systems; I set up populated the current CCB and participated in holding multiple seats in the CCB in the organization’s configuration management plan. I also establish and maintain an inventory list of approved components associated with each information system. I had to conduct security impact analyses on changes to all ICS Operational Technology and Information Technology systems. I ensure assessment of each ICS and all of their security controls according to the Risk Framework Management and Software Engineering strategy. I prepare and submitting security status reports in accordance with organizational policy and procedures and I conduct remediation activities as necessary to maintain system authorization for Authority to Operate. I write POA&Ms to keep my ICS Systems on track and compliant for the future the POA&Ms allow some systems to remain connected until by Acquisition I obtain hardware/software to make the considered compliant for connection fully. I plan and budget Multi-year for future and for immediate needs, I research and write our performance work statements that built our Operational/Informational Maintenance Upgrade contracts and statements of work that allow us to have access to the new cutting edge Technology for keeping our systems compliant through these hardware software upgrades. I integrate new cutting-edge technologies and upgrades for long and short term needs, and I align the budget to cover all system upgrades and fixes and for immediate and future as my budget is structured to allow funding to come in precisely when it is needed. I apply program analytics in organizing and managing the cybersecurity requirements to each of our 22 separate control systems. I was the person to bring in DIACAP legacy of Certification and Accreditation (C&A) process with the Rollover six-step lifecycle process of RMF cybersecurity and through documentation I can prove my network is worthy reliable and operational to gain Authority to Operate (ATO) eMASS annually. I use both Intrusion Detection and Intrusion Protection I have experience with Net shark, Metasploit, Solar winds,& Tanium software packages for end to end multiple point management, to protect end point and any vulnerabilities’. I use intrusion detection and intrusion protection as some of our general network protection tools. I researched the Cloud technology and after I reviewed all the stats I started moving some of my network to the cloud and making our systems virtual, my department has taken on additional cloud security controls in support of our new cloud & virtual environments. I still maintain our hashing encryption hardware and software. I have direct experience with DoD (RMF) or NIST SP800 -60 to Categorize Control systems, NIST 800-53 to select security controls, NIST SP800-160 to Implement Security Controls, NIST SP800-53A to Assess Security Controls, & NIST SP800-37 To Authorize Information Systems, NIST SP800-137 to Monitor Security Controls through RMF process’. After 12 years of networking experience I feel I could easily teach and or work with a team to go forward and assist other companies that need help in security to prevent ransomware and other type malicious virus’.

I support and sometimes lend advice for CE as we support OC/ALC for the Air Craft production base wide. I was the one that developed Tinker CE’s inside process from DIACAP to RMF rollover and the only one to gain ATO for CE to date. I use Air Force guidance Manuals as guidelines of what to do. Yet, I developed all process’ to keep track of it and keep it under Configuration via each Control System, It takes good organizational skills and ability to plan your work and work your plan. In the past five years I had all of the DoDI 8570.01m duties to perform so I would gain verification from another cybersecurity guru. Once eMASS was brought up The role as the “A& A Practitioner Admin Team” is set up to add test results against assessment procedures and uploads associated artifacts to be reviewed and either sent back or validated by a “SCAR”. And they send that approved package according to our guidance to the “SCA” Security Controls Assessor after he/she approves the ATO Package it is sent to the AFCEC AO. At the top of CE’s chain of command lies AFCEC and the AO that accepts all risk for all bases Nationwide Industrial Control Systems and only the AO can accept our risk. After the Final AO signature we are legal to continue service to our ICS systems. But we continue to monitor all systems using automation and AI as much as we can trust to move things forward.

I have had the opportunity to assist the 72ABW/CE organization in driving down risk by assisting in the implementation and ongoing service of important organizational controls, essential documentation (including policies, standards, procedures, and assessment reports), and being responsive to issues that may compromise either control systems or data on the AF network. I take the High risk of each Industrial Control System that was posturing a high risk of 20 when I hired in I managed to drop those down to a risk of 2. I have full responsibility of reporting, updating and maintaining all POA&M items as well as keeping up with all cybersecurity training, certification, and tracking requirements as cited in DoD 8570.01-M, as well as ACAS and SCAP training. I have shown ability to lead a team of four outside Cybersecurity engineers and have demonstrated excellent problem-solving, organizational skills while being flexible and completely self-motivated and I can work in a team or work independently. I have taken an organization that was operating but not on a network and got them approved and with Authority To Operate. I have had to develop all the plans write all reports about 7 reports per control system and I currently manage, investigate, contain and report all Classified Message Incidents (CMIs) and adhere to all DoD, Air Force and NIST 800 guidance policies and regulations pertaining to cybersecurity related matters. I am responsible for gaining ATO for over 16 separate Control Systems and I am considered the RMF expert. I have saved the 72nd ABW/CE approximately $2.6 million this year with my ability to upgrade and gain the newest technology and security and avoid unnecessary technology steps that are costly. CE performs our own Purchasing, and assists a Contracting group by having all of our paperwork professionally written we gain the quotes, develop marketing reports, and research for the cutting edge technology then plan and budget our upgrades EOLs or MOLs.

I developed Statements of Work while preparing CE’s procurement requests, I reviewed contract proposals for adequacy while providing Subject matter expert advice as I was taught by the 38th Cybersecurity division and gave my endless assistance in all Information Technology network design and programming methods to managers, contractors while supporting all of our IT users. I play a vital role in all incident response procedures, including steps to minimize the impact and then conducting a technical report summary of the who, what, when and the where of Cyber Computer breaches and how they happened and discovered and documented everything out to the complete boundary areas of all damage. I have experience in utilizing Microsoft Deployment toolkit (MDT) and System Center Configuration Manager (SCCM) to manage our enterprise Windows image deployments testing. I follow the AFMAN 17-1301 for COMPUSEC policy and procedures that deal with the sanitization of Classified and Unclassified devices if or when spillage occurred. I recommend information assurance/security solutions to AFMC and all of our System Vendors campus to help support our some of our customer requirements. I Conduct SCAP / STIG Viewer scans for STIG compliance checks on all applicable assets. I develop process and procedures for all day to day operations at Tinker as Official ISSM & PM. I maintain DD-2875 form status for all users identified on the Unit Manning Document (UMD) and DMDC records to ensure required users are compliant. This is the highest form of user or customer service that I perform each and every day. I have worked with CE users for around ten years as a contractor but I love each interaction with the users this I can assure you as I received no complaints and no negative feedback for any of my work processing users with additional access and privilege. I manage a team that provided mission-essential workstation computer support in challenging environments. I have held and updated my Security+ Certification and have completed approximately 20 years of directly related experience in IT/IA and Network Engineering first with my present husband and then with my employment by the United States Air Force bases across our Nation. I have demonstrated ability to work with anyone that wants to work and I assure you I am effective at communication on any level written or orally. I have over 40 years in giving presentations and I have no fear of speaking in front of large crowds. When I show up to work inside of your organization I bring a non-stop desire, to get the work accomplished and as a working manager I feel I am expected to turn out the best product within the shortest amount of time to set the tempo. Although working within employee to employer relations I realize there are those that need the softest persuasion and those that can be delivered information direct. But I can work in any capacity as a general worker or as part of the team or leading the team. On top of my demonstrated strong oral and written communication and I have positive client interfacing skills. I have direct experience developing and implementing information assurance/security standards Cybersecurity processes. I hold power user Proficiency in Microsoft Office products to include Excel, PowerPoint and Visio. I use my knowledge of USAF INFOSEC/COMPUSEC and utilize best practices knowledge & ability to identify those security threats/vulnerabilities and I can mitigate system or network insecurity’s and delivers back to users, full system protection as well as full Network optimization.

I also perform electronic engineering tasks, under the direct guidance of a 0855 Electronic Engineer, by applying tried and true standard electronic engineering practices and using USAF rules, procedures, and precedents. Inside of this role I also use my Project Management experience to conduct research in many areas, e.g., how to use computer resources effectively, how to collect project data in a timely manner, and how to analyze the acquired data so that the research results can be used to support my work. My Project Manager duties require me to independently utilize sound judgment in order to solve project related problems and issues. Or figure capacity planning for products Work In Process (WIP) I respond to assigned Project tasks with appropriate urgency, timing and professional responsibility. One of my contributions to the 72 Civil Engineering Unit was to suggest that their ICS systems was to purchase Nutanix hardware server as the required number of Servers in order to manage our risk and show a decrease in Energy Footprint inside the NCC Server warehouse. The unique part of my suggestion was for the Servers to change over to a Virtual System in order to make our ICS systems this system comes stigged right out of the box. Which means no down time in setting up this server up hardware and software system and it is ready to run immediately. I helped to change up our front end so that we can save money in decreasing our physical equipment footprint as well as Energy consumption footprints.

I was also the first official ISSM to provide tools for our maintenance contractors to enable them to help maintain the control systems that are located all over the whole base. I use our purchasing tool SWEP to gain Quotes, to support Tech Refreshes and Upgrades. Before this the vendors would just walk in and start using their laptops right on our machines but once our systems were networked I went out and purchased laptops made them compliant and we watched as the vendors would scan their software prior to installation. Once we approved this process the vendors that show up now use our compliant systems on our network equipment. I alone was responsible for the Presidential ICS ITIPS Database where I logged budgets and against planned and Actual spent twice a year, without which CE would not have been allowed to purchase one item without this important requirement that I alone met. I prepared Information Technology investment Workbooks in accordance with guidance from SAF/CIO A6 associated best practices. I alone prepared our systems to be registered and entered as applicable into being set up also so we could support each investment.

Tinker 38th Cyberspace Engineering

4064 Hilltop Road Oklahoma City, OK. 73145 United States

08/2010 to 12/2015

Salary: USD Annually

Hours per week: 40 Series: 0855 Pay Plan: GS Grade: 7-12

TITLE: Electronics Engineer

Supervisor- Willie Washington

STEM – Electronics Engineer (GS-855-12)/Project Manager

9/21/2014- Promoted to GS-855-12

12/12/2014- Obtained CompTIA Security + (SYO-401) Certification

12/15/2015 – Promoted to Tinker CE-COINE ISSM Network Manager (72ABW/CE-COINE ISSM)

Duties, Accomplishments and Related Skills:

I worked as a United States Air Force (USAF) Electronic Network Engineer (GS-855 civilian) on Air Force Base networks Nationwide while the older more senior workers were sent globally to assist or provide assistance from the best brightest and most cybersecure team in the nation. I was responsible for providing cyber secure network engineering and cost estimates for voice, data, LAN, WAN, information security services support projects. My primary customers were USAF Wing, Geographically Separated Units (GSU) and USAF Base Tenants. The Commanders wanted the Cyber-Wow I could provide to take their plain room turn it into their Central Command Center in a ten minutes. I supported the 38th Squadron’s World Wide mission of engineering and installation of Air Force wide data/communications network infrastructure, wireless systems, voice systems and Communications Focal Point (CFP) operations. My CFP experience includes designing Command Posts or Communication Squadrons in a manner that allows consolidation of help and service desks, including maintenance and job control, telephone administration, traditional network help desk and the Personal Wireless Communications Systems (PWCS) help desk. I developed the necessary knowledge and experience for USAF integrated air vehicle ground support systems and the ability to troubleshoot, evaluate and oversee system installation, operations and maintenance per appropriate Technical Orders (TO) but sometimes there is knowledge and experience that is so smart that we all make our jobs look easy. I assisted with site survey inspections for ESTCP and UESC contractor work locations. In this task I also participated in telecoms, prepared IATT documentation, completed IAM Appointment letters, prepared the ICS Tower for Data Streaming, located an equipment source for CE VLAN equipment interfaces and obtained documentation for the Opto-Isolator interface. I set up subnets, VLANS and P2P and Client Server Network types.

I was picked to work with the NetLaw Team and I developed the NetLaw organizational Operation Standards and the strategy for mitigating all 3,000 organizational printers. During my tenure in the 38th Organization, with the NetLaw assignment, I received the prestigious NetLaw Team Challenge Award and the Category II 1st Quarter 688 IOW Wing Level Award. I held a lead position in the NetLaw Team and I created IOS scripts that were used to inventory 630+ switches with 38,000 ports. My effort saved more than150 man hours and represented a huge positive financial benefit to the NetLaw Project. While working at NetLaw, I was able to manage network traffic flow and secure our electronic devices by creating NetLaw printer VLAN access control lists for more than 3,000 printers. I played the key role in enabling the elimination of stovepipe networks at Tinker AFB and created a common Internet Protocol (IP) environment that saved $134,000 O&M annually. My professional electronics and networking work experience has been demonstrated by my successes in completing the necessary procurement documentation required for the acquisition of cyber weapon systems and cyber support equipment. I developed cyber system performance requirements, objectives, system integration plans and the estimates for system design time and resources, development and support. I am comfortable providing status and advisory information to senior functional engineers, senior program engineers and managers on general project status, problems, or issues.

As a 38th Cyberspace Squadron Electronic Engineer, it was necessary for me to increase my project usefulness by increasing my project knowledge base in all of the 38th areas, e.g., Cyberspace Networking, new computer hardware, software enhancements and electronic engineering practices and learning how to add artificial Intelligence to an Informational System. I kept refreshing my continuous education requirements by keeping current on emerging hardware and software technologies. I use computers and software for conducting analysis, project tracking, status, and for solving network engineering problems. I created my reports and presented my findings and solutions in a clear, concise, and professional manner. For example, I assisted in the development of technical solutions required to upgrade the Offutt AFB Patriot Officer’s Club communications network. After completing my network analysis and writing my report, I was able to save the customer $45,000 by recommending they reuse much of their legacy equipment. During my four year Project Manager period, I developed a much needed 38th Squadron Engineering Checklist and mentored four new engineering students through all their required training. My plan allowed the trainees to become part of the 38th Squadron Engineering Team three months sooner. I used my in-depth Electronic Engineering knowledge and experience during my TDY assignments to other USAF facilities. The TDY assignments required me to conduct detailed interviews and compete detailed site surveys with the facility management, SMEs and project engineers. After each TDY assignment I developed a detailed report that addressed the projects purpose, detailed cost estimates, new system requirements, warranty, training, installation, operation, maintenance, etc. The projects involved installation, operation and maintenance of complex electronic systems, circuitry.

I performed system/sub-system electronics engineering activities, including checks and cross-checks that are related to the software programs used on specific computer systems and documentation associated with electronic engineering, computer hardware and software for Automatic Test Equipment (ATE), Energy Systems and track the results. I then had management use this tool for lessons learned in order to enhance performance standards nationwide and worldwide. I performed analysis and used systematic, disciplined and quantifiable approaches to implement, develop, and document projects.

Odyssey Consulting Systems, Inc. 2601 Liberty Parkway Suite 115 Midwest City, OK 73135 United States

04/2010 to 08/2010

Salary: USD Annually Hours per week: 40 Series: 0855 Pay Plan: Grade:

Senior Systems Engineer/Project Manager

Supervisor- Larry Williams 405-***-****

Ok to Contact this Supervisor: Yes

Duties, Accomplishments and Related Skills:

I was the designated Operational Safety Suitability and Effectiveness “OSS&E” Systems Engineer Project Manager for the 498NSW/NWBAN Engineering Department for the ALCM/CALCM Cruise Missile Department. I wrote Technical Orders (TOs), 202’s, 252’s, and Operating Instructions (OI) for the ALCM, CALCM, and ACM missile groups. I developed Work Breakdown Structures (WBS) and reviewed all of the Operating Instructions (OI) in order to ensure they matched each update that came through. I performed systems engineering, OSS&E, life cycle system engineering, earned value management (EVM), manufacturing engineering, supply chain management, and industrial system analysis. I provided technical advice, guidance, and assistance in areas requiring engineering expertise over the 498NSW/NWBAN missiles. I defined the work and built the schedule based on the work to be accomplished. I managed the budget, schedule, issues, and the scope of the work to be performed. I managed the Communication and the Risk Management of the work to be performed and I managed the Human Resources surrounding the product and made sure that the product was in safe and qualified hands. I developed a quality Metrics System in order to ensure that the quality of the product handed off to our organization was safe and resilient. It was my responsibility to ensure the procured products were ready for closed loop life cycle technical support. I also performed a supporting Project Management role in a variety of engineering functions while conducting engineering surveillance, e.g., research, design, development, test and production surveillance, monitoring of engineering management systems, and provide technical recommendations on substantive changes in any of the monitored areas. I oversaw and controlled the Operating Instructions (OI) and my co-workers requested me primarily to be their lead for our pneumatic connections inside our work environment, e.g., the Air Force System Engineering Assessment Model (AF SEAM). During my tenure, I standardized all of the processes within the missiles organization and I was able to establish Process Control for all of our Operating Instructions and Appendices. I assisted in our engineering surveillance tasks in order to support critical/complex system design, development, and integration contracts. I served on engineering teams that were responsible for all missile systems and manufacturing engineering matters at facilities that were designing and building new missile products and integrating components, systems, and subsystems. I analyzed design drawings, specifications, and test results. I compared highly technical data with requirements and made recommendations for improvements to the contractor, Program Management Office, and other buying agencies. I performed hands-on product support, prototype testing, product engineering and manufacturing through continual design optimization in order to improve manufacturing efficiency. I helped the Missiles department to plan and conduct their Configuration Control Board. I communicated with suppliers in order to develop cost effective parts designs and I identified design or documentation issues. I also developed efficient assembly processes and practices, applied "lean" concepts, solved problems, tested, and troubleshot prototypes. I streamlined our processes for getting important documentation signed off and approved. Before my re-engineering effort, it could take up to one year to obtain OI or Appendix approval. After my effort, those approvals were obtained in less than two weeks. We used to have paperwork that would take forever get lost or never get signed due to the overtime wanted by some in the department. I developed an automatic way of tracking who’s desk the paperwork was sitting on so that other supervisors could go ask for the person to sign and give the paperwork over to the next person in line, it saved tremendous time and make our production double to triple in getting work accomplished.

Airgo Systems,

Contact this candidate