Resume

Sign in

Sr. Analyst: Information, Security and Systems

Location:
Silver Spring, Maryland, 20904, United States
Salary:
$120k
Posted:
September 20, 2011
Email:
xnln77@r.postjobfree.com
Contact Info:
*************@*****.***


Experience Summary
Laurie George-Stowe has a diverse background as an information technology professional. She possesses over 25 years experience encompassing information assurance and systems security, software development and system engineering, product development & evaluation, life cycle support, configuration management, system design, and other systems engineering functions. Within every IT role performed, Ms. George-Stowe has relied heavily on her extensive and demonstrated subject matter knowledge to produce technical work products such as but not limited to SAS70 and A-123 IT Audit Compliance Artifacts; FISMA Reporting Data Call responses; Certification and Accreditation (C&A) materials; System Specifications, feasibility studies, functional descriptions; Security Management Policies, standards, guidelines and procedures; user manuals and other technical reports. She has excellent written and oral communication skills; works well within team environments and participates well in collaborative initiatives. She has experience facilitating meetings, client interviews, planning/coordinating conferences and developing project plans presentations and proposals for statistical, financial, telecommunications and classified network environments.
Technical environments she has experience with includes but is not limited to, designing and deploying enterprise .NET web-based applications and ERP applications; maintenance, management, and support of large COTS and .NET web applications; Enterprise Application Integration/RDBMS integration (SQL and Oracle); knowledge of and experience in network principles and database design and implementation; defining, recommending and improving business processes; documenting functional and technical requirements for large enterprise applications; and formal testing methodologies. Sybase & Oracle databases for major enterprise-wide solutions, MS SQL Server database for Intranet and Content delivery tools; JAVA and Cold Fusion for application development; and Microsoft Word, Visual Basic for Applications (VBA) & Microsoft Access for document generation systems.
________________________________________
Education and Job Related Training
• University of Maryland University College, B.S Information Assurance [Pursuit];
• CompTIA Security+ Certification [Scheduled]; Certified Authorization Professional (CAP) Certification [Planned];
• Certificate holder of the following: ISC2 CAP CM CBK Study Review; U.S. Army Information Assurance Security Officer Certification; Internet Security Systems – System Scanner;
• Certificates of completion: System Administrator Incident Preparation & Response for Windows; Unix Security for System Administrators; DITSCAP; Operational Information Systems Security; Information Operations Fundamentals; Information Assurance for Auditors and Evaluators, DoD INFOSEC Awareness; Terrorism Awareness; Cyber Protect Interactive Training Exercise; DAA Basics; DoD Certifier Fundamentals; Networking Essentials course certificate of completion. Internet Security Systems - Systems Scanner Internet Security Systems - Internet Scanner Harris STAT Scanner Rational Requisite Pro; Rational Unified Process CASE Tools; DOORs HP Overview; NetExpert MS office Suite 2000; MS Project 2000
Professional Experience
General Dynamics Information Technology (GDIT) Fairfax, VA; 8/2/2004 to 4/30/2011 – Principal Analyst, Information Security
Customers Supported: Department of Health and Human Services (DHHS): Program Support Center (PSC), Division of Payment Management (DPM) and Systems Accounting Branch (SAB); U.S. Small Business Administration (SBA): Office of the Chief Information Officer (OCIO), Web Application Development and Maintenance; U.S. Internal Revenue Service (IRS): Business Systems Modernization (BSM) Transition Management Office (TMO); U.S. Agency for International Development (USAID): Office of the Chief Information Officer (OCIO); Department of the Interior (DOI): Bureau of Indian Affairs (BIA), Office of the Chief Information Officer (OCIO).
• Lead Systems Security, Internal Controls and Compliance Task Areas; ensured that the security posture of the division’s mission-critical, highly visible financial management information system was maintained at ‘high’ confidentially, integrity and availability impact levels. Facilitated as directed the successful implementation of all tasks/projects related to the following:
• Provided Quality Assurance, Independent Verification and Validation, and Technical Writing support services including but not limited to, performing quality assurance activities; vigorous testing to validate development of business requirements; development of requirement traceability matrixes along with test plans to support the validation that the identified requirement is satisfied.
• Provided Business Process Re-engineering and Improvement and Technical Writing support services including but not limited to identifying requirements to institutionalize new Transition Management (TM) Process targeted for systems development and enhancements.
• Provided Information Security Engineering Support Services involving all aspects Certification and Accreditation/Information Assurance activities and preparing the necessary documentation required in accordance with either Federal or Department of Defense Certification and Accreditation process guidelines. Gathered and reviewed all application and security related documentation; performed initial security assessments and interviews; conducted the Security Test & Evaluation (ST&E), which included performing vulnerability scanning, password auditing, log reviews, access control lists, virus detection, of automated information systems. All assessments and test results were analyzed and summarized in a ST&E Report; Updated/revised/created required documentation to include Risk Assessment Reports, System Security Plans (SSP) or System Security Authorization Agreements (SSAA), Concept of Operations (CONOPS), Security Features Users Guides (SFUG), Trusted Facilities Manuals (TFM), Standard Operating Procedures (SOPs), Privacy Impact Assessments (PIA), Configuration Management Plans (CMP) and IT Contingency Plans (ITCP).

Integrated Systems Support Associates, Inc. (ISSA) McLean, VA; 6/1/2003 to 7/31/2004 – Sr. Information Systems Engineer
Customers Supported: U.S. Department of Treasury: Office of the Comptroller of the Currency (OCC), Office of the Chief Information Officer (OCIO) and Data Warehouse divisions; U.S. Department of Justice (DOJ) Justice Management Division (JMD)
• Provided Information Security Engineering Support, project management and proposal coordination services to the CEO of ISSA. Managed and coordinated the submission of information technology and professional services proposals for Federal Government and commercial clients. Performed extensive technical writing and graphics development; planning, scheduling, and managing of the proposal process to ensure compliance and timely submission; led large and small team efforts; and ensured coordination, production and submission of proposals and capability statements. Performed proofreading, editing; quality control, quality assurance, and version control of documentation as required.
• Customized and converted all existing DOJ INFOSEC policies and standards into vulnerability assessment scanning software Tools for Windows 2000 and NT platforms for distribution across 30 plus DOJ agencies throughout the U.S.
• Per the request of the Deputy CIO of the OCC Data Warehouse IT division; produced a comprehensive knowledge transfer roadmap as a result of being recognized for IT security service support efforts performed for the OCC Chief Information Security Officer (CISO). The roadmap consisted of critical OCC FISMA reporting and data collection which would be used by the Data Warehouse division to design a new methodologies for system inventory, identification, assessment, analysis; data classification and sensitivity; mission criticalities; system classifications; access control management analysis; and, certification and accreditation processes. The Knowledge Transfer roadmap significantly aided the OCC Data Warehouse team migration of the legacy OCC Application System Inventory (ASI) to an Agency Data Repository.
• Lead the OCC’s Federal Information Security Management Act (FISMA), IT security services contract support effort; under the direction of the Chief Information Security Officer (CISO). Established several methodologies for the agency security division that included: FISMA reporting and data collection; system inventor, identification, assessment and analysis; data classification and sensitivity; mission criticalities; security categorization; system classifications; access control management analysis; and certification and accreditation efforts. Coordinated with senior agency and business unit representatives to establish and define programs, resources, schedules, and risks for OCC centralized security and privacy program.
Evolvent Technologies, Inc. Fairfax, VA; 4/1/2002 to 5/31/2003 – Information Systems Analyst
Customers Supported: U.S. Army: Medical Information Systems Support Agency (USAMISSA) Fort Detrick, MD.
• Obtained an Information Assurance Security Officer (IASO) certification as required by the client for the purpose of performing security requirements analysis, testing, and Certification and Accreditation (C&A) responsibilities; assessment of information technology security risks and vulnerabilities. Provided all aspects of Information Assurance (IA) support for 42 major and non-major applications.
• Recommended appropriate solutions and assisted in the development of disaster preparedness and recovery processes in accordance with of DOD Information Technology Security Certification and Accreditation policies, processes, and documentation packages (DITSCAP).
• Instituted processes for efficiently receiving new DITSCAP requests, developed a detailed process flow that outlined all major activities and associated tasks and supported the development of standardized document template formats for all parts of the DITSCAP System Security Plans and SSAA’s that resulted in an improved quality of the finished product delivered to the customer; trained DITSCAP team members in all areas of the C&A process and the automating documentation development using Microsoft Office tools.
SeCuNetInc Reston, VA; 1/1/2002 to 4/30/2002 – Business Development Architect
Customers Supported: SeCuNetInc; Evolvent Technologies, Inc.
• Developed SeCuNetInc's business plan, marketing plan, advertising materials and contract proposals. Architected the start-up of SeCuNetInc as an emerging security service provider that specializes in 24-by-7 Managed Security Solutions and Services. Marketed services through proposals, seminars, training, and extensive interpersonal networking. Managed critical projects such as business reengineering, regulatory compliance, growth strategies, and strategic IT and business plan alignment. Assisted in selecting appropriate equipment and services, negotiated vendor contracts and managed technical resources through to project completions.
Lockheed Martin (ATC Division) Rockville, MD; 3/1/2001 to 2/28/2002 – Systems Analyst
Customers Supported: U.S. Federal Aviation Administration (FAA)
• Provided system and software engineering expertise to support various FAA systems engineering programs such as ATOP and ERAM. Performed systems risk analysis and assessments; developed guidelines to implementing security management, risk management, personnel security and physical security analysis. Performed systems risk analysis and assessments, identification and management of information system protections for approval by the information owner, and integrating the appropriate security measures, actions and management as a coordinated effort in the development, production, and implementation of FAA programs.
• Introduced and implementing guidelines to determine and develop approaches to technical solutions; recommending security management, risk management, personnel security, physical security analysis and solutions. Developed technical documents such as technical procedure manuals, user manuals, programming manuals, service manuals, operational specifications, and related technical publications to communicate clearly and effectively technical specifications and instructions to a wide range of audiences. Interviewed product developers, observed performance of production methods, utilized technical specifications, blueprints, engineering illustrations, and trade journals.
Other Related Professional History (Accomplishments will be provided upon request):
• MCI/WorldCom Communications, Inc. Chantilly, VA; 6/1/2000 to 2/10/2001 – Program Manager/Consultant
• WinStar Communications, Inc. McLean, VA; 1/1/2000 to 5/30/2000 – Systems Engineer/Consultant
• Sprint Communications, Inc. McLean, VA; 6/1/1999 to 12/31/1999 – Project Engineer and Requirements Analyst/Consult
• e-Spire Communications, Inc. Annapolis Junction, MD; 10/1/1998 to 5/31/1999 – Systems Requirements Analyst/Consultant
• Wang Government Services, Inc. McLean, VA; 10/10/1997 to 9/30/1998 – Systems Requirements Analyst/Consultant
• Inet, Inc. Bethesda, MD; 9/1/1996 to 9/30/1997 – Technical Writer
• Tracor Applied Sciences, Inc. Chesapeake, VA; 8/1/1993 to 9/1/1996 – Data Analyst
• Eastern Computers, Inc. (ECI) Virginia Beach, VA; 9/1/1990 to 8/1/1993 – Technical Librarian and Data Analyst
• Computer Dynamics, Inc. (CDI) Portsmouth, VA; 5/1/1987 to 8/31/1990 – Technical Librarian and Data Analyst
• Norden Systems, Inc. Melville, NY; 3/1/1982 to 7/31/1986 – Software Engineering Support

Security Clearance History
• Public Trust; 1982 to Present
• Top Secret/SSBI; 9/1998 to 9/2003 and 2/2009 to 2/2011
• Secret/SSBI; 3/2001, 1987 to 1997
• Confidential; 1982 to 1987
________________________________________
Professional Affiliations
Information Systems Security Association (ISSA); Northern Virginia chapter