Security Project Manager
Resume:
Stafford, VA *****
*****.****@*****.***
OBJECTIVE:
I am seeking a challenging Information Assurance/Information Security position with a growth-oriented security-consulting firm where I can immediately apply nearly three decades of knowledge, experience, and interpersonal/leadership skills, offering an opportunity for continue advancement.
TECHNICAL SUMMARY:
I am an Information Security Consultant with high professional standards and a hunger for personal and professional growth. I will bring to your organization the confidence and professional attitude derived from three decades of technical experience. First certified in ADP Security and Risk Assessment in 1984, I have a long history of security experience not readily found in today’s work force. I am widely experienced in Information Security, System Security, Network Security, Personnel Security and Physical Security. I have strengths in the areas of:
• Information Assurance (OMB, FISMA, NIST, DIACAP)
• Security risk and vulnerability assessments, evaluations, and audits
• Ethical Hacking and Penetration Testing
• Corporate/Federal Security Policy Development
• Application Security Testing
I have also written several articles on Information Security that have been published at a variety of security web sites (InformIT, HNS Security, and others).
EXPERTISE:
Security Tools/Applications: Xacta, TrustedAgent FISMA (TAF), SecureInfo RMS, Pedestal Security Expressions, Foundstone Scanner, Cisco HIDS, ISS Security Scanner, ISS Database Scanner, ISS RealSecure/SiteProtector, Retina, BlackICE Defender, PGP, Kane Security Analyst, eEye Retina, DISA STIGs, Vulnerator, SolarWinds Network Management Tools, Ethereal/Wireshark, nessus, ngrep, dsniff, tcpdump/windump, snort/mysql/acid implementation, netcat, nmap, and various other port and vulnerability scanners.
Security Background: I have performed Certification & Accreditation (C&A), Security Testing & Evaluation (ST&E), and have developed full documentation packages in support of FISMA. I am experienced with DIACAP and NIST methodologies, procedures and documentation. I have performed security risk/vulnerability assessments, evaluations and audits, ethical hacking and penetration testing, corporate security policy development, application security assessments and audits, computer forensics, and incident response and analysis.
Security Clearance:
Top Secret: Granted 08 May 2007.
SSBI Investigation Date: 26 January 2007
CERTIFICATIONS:
• Hacker Techniques, Exploits & Incident Handling (SANS) – 2006.
• Certified Information System Security Professional (CISSP) – 2005.
• Cisco Secure IDS certification – 2001.
• INFOSEC Assessment Methodology (NSA Certification) – 1999.
• ADP Security and Risk Assessment certification – 1984.
EXPERIENCE:
InfoReliance Aug 2011 – Present
Fairfax, VA
Project Manager:
I provide Project Management (PM) oversight for on-site support in Information Assurance support role, in support of multiple projects (6 USMC systems - CMM, DMM, MCMEDS, MCTIMS, MODELS, WebMASS; and two Wounded Warrior programs - Army AWCTS, and ODS’s RCP-SS). As PM, I also:
• Establish policies and procedures for delivering DIACAP support to all customers.
• Oversee daily operations, providing IA support as well as project management.
• Coordinate project efforts with USMC IA organizational infrastructure to meet project milestones and timelines.
• Monitored and guided Quality Assurance efforts for documentation delivery and overall process improvement.
Business Development:
I'm currently providing business development and proposal support by:
• Assisting in business development efforts and proposal development.
• Providing Information Security and Information Assurance subject matter expertise where relevant to proposal efforts.
• Providing customer-specific insight where applicable to improve business proposal efforts.
BAE Systems Aug 2010 – Aug 2011
Herndon, VA
Project Manager:
I provided Project Management (PM) oversight for on-site support in Information Assurance support role, leading a team of 45 analysts and engineers. As PM, I also:
• Oversaw daily operations at the client site, providing support for IA support as well as security testing and engineering efforts.
• Provided oversight of four subcontractors, including staffing and budget resources.
• Provided liaison between Information System Security Managers (ISSMs) and the Information System Security Officer's (ISSO's).
• Established policies and procedures for delivering support based on the customer's requirements.
• Monitored and guided Quality Assurance efforts for documentation delivery and overall process improvement.
C&A/SME Support:
I provided fully life-cycle C&A Support to Department of Justice, US Attorneys as their ISSO. In this role, I:
• Developed the scope and defining the system boundaries for a records management system in its development phase.
• Determined FIPS-199 categorization and customized the relevant security controls
• Determined system interconnections and documented inherited and common security controls.
• Guided the overall C&A process through development and testing.
Business Development:
I'm currently providing business development and proposal support by:
• Assisting in business development efforts including customer interface and proposal development.
• Providing Information Security and Information Assurance subject matter expertise where relevant to proposal efforts.
• Providing customer-specific insight where applicable to improve business proposal efforts.
Wexler Technology Services Sep 2008 – Aug 2010
Washington, DC
Information System Security Officer (ISSO):
I provided consulting services for Immigration, Customs & Enforcement (ICE) and held the position of Information System Security Officer for one of the component General Support Systems. In this role, I also:
• Developed Certification and Accreditation (C&A) packages for the Application Infrastructure shared hosting environment.
• Provided security engineering expertise to the design teams, guiding the development of technical security controls.
• Performed vulnerability assessments based on the NIST SP 800-30 methodology, including development and execution of automated testing procedures,
• Assisted ICE IAD in identifying and documenting Common Controls for the agency as a whole.
BAE Systems (formerly DigitalNet) Jun 2004 – Sep 2008
Washington, DC
Information System Security Officer (ISSO):
I provided consulting services at the Department of Justice, and held the position of Information System Security Officer for one of the component General Support Systems. In this role, I also:
• Developed Certification and Accreditation (C&A) packages for the office automation environments of various Department of Justice (DOJ) divisions. Provided security engineering expertise to the design teams, guiding the development of technical security controls.
• Performed vulnerability assessments based on the NIST SP 800-30 methodology, including development and execution of automated testing procedures,
• Developed system security plans and contingency plans based on the NIST 800 series,
• Provided network analysis and architectural guidance to identify methods for security risk reduction.
• Performed business impact analysis and risk assessments identifying critical risk areas, and
• Developed technical specifications and procedures for securing a variety of application platforms.
• Assisted in business development efforts including customer interface and proposal development.
Avalon Technology Nov 2002 – Jun 2004
Arlington, VA
Principal Consultant, Government Security Services:
Provided Business Development support, identifying and establishing strategic partnerships with many commercial and government entities. Developed an educational seminar for Certification and Accreditation (C&A) to be delivered via George Washington University as part of an effort to win new business and build name recognition for Avalon.
At the FDIC, developed full C&A documentation in accordance with NIACAP and NIST guidelines for two Telecom General Support Systems (GSS):
• Developed complete System Security Authorization Agreement (SSAA) for two systems.
• Developed complete Security Plan and Risk Assessment documentation for FDIC Telecom.
• Developed and enhanced security policies and procedures in accordance with appropriate government guidelines.
• Developed ST&E Plan, and executed all tests. Completed ST&E Report, documenting findings from the ST&E process and providing recommendations to remediate identified weaknesses.
• Prepared formal response documents for GAO, IG and ISR findings. Developed appropriate countermeasures and implementation plans in response to these findings.
TMSI/FuGEN Feb 2002 – Nov 2002
Washington, DC
Senior Security Analyst:
At the Dept of Treasury, developed C&A documentation in accordance with NIACAP for Treasury’s HR Connect System:
• Performed Security Testing & Evaluation (ST&E) of HR Connect systems and environment.
• Developed Security Plan and Risk Assessment for pending C&A of additional sites.
• Developed and delivered Interim Authority To Operate
• Prepared documentation for System Security Authorization Agreement (SSAA).
• Developed security policies and procedures in accordance with appropriate government guidelines.
Predictive Systems, Inc June 2000 – Feb 2002
Herndon, Virginia
Principal Security Consultant:
Provided senior level security consulting services to a variety of customers for Predictive Systems. These services included:
• Performed comprehensive Security Assessments for a variety of clients.
• Developed security policies and procedures.
• Assisted Predictive’s SOC with incident response, analysis and cross-correlation of events.
• Provided Customer Relationship management for a key government client.
Provided critical Business Development support, establishing a partnership with a company focusing in Physical Security and Counter-Terrorism to focus on National Critical Infrastructure clients. Responsible for $.5 million in sales in Q4, 2000, and had approximately $1.5 million in the pipeline at the time of his departure.
STG, Inc July 1999 – June 2000
Fairfax, Virginia
Senior Security Analyst:
Provided senior level security consulting services for the Dept of State in the following capacity:
• Assisted with Incident Response and Analysis when a State Dept web server was compromised.
• Participated in State Department’s PKI Technical and Business Working Groups, and the Federal PKI Technical and Business Working Groups.
• Performed Security Testing and Evaluation (ST&E) for various State Dept bureaus in accordance with DITSCAP methodology and procedures.
• Developed IIS Secure Configuration guidelines and policies.
Seneca Support Technologies March 1995 – July 1999
Vienna, Virginia
Director, Intel Support Services:
I worked for Seneca Support Technologies for over 4 years, and served in a series of positions of ever-increasing responsibility, culminating in his position as Director of Intel Support Services.
• Manage a technical staff of 12-15 consultants providing Mac and PC support. Provide technical evaluation of all incoming consultants based on client needs.
Senior Systems Security Engineer:
• Performed in-house security assessment of critical information systems. Developed and implemented roadmap for improved security posture.
• Maintained a hardened database server based on Windows NT. Tracked and managed patch level to address new vulnerabilities as they were discovered.
• Evaluated Security Auditing Tools for Windows NT enterprise network.
Metters Industries, Inc December 1993 - March 1995
Arlington, Virginia
Network Engineer: As a Network Engineer, developed, configured, and maintained an Enterprise Network backup. Developed and implemented new software and hardware configurations to support the SPAWAR Wide Area Network (WAN). Assisted in various network management tasks such as Domain Name Services (DNS) maintenance, and assignment of IP addresses. Provided security assessments of existing architecture and product implementations (Novell 3.11, Remote Access, and Internet Access).
U.S. Army Materiel Command (MWR) June 1992 - December 1993
Alexandria, Virginia
Computer Specialist: Maintained 100-user, single-server Novell Local Area Network (LAN) running DOS and Windows applications. Performed Oracle Database Administrator (DBA) tasks for the Beta-test of a Financial Management Application, and conducted formal and informal seminars and training sessions to exchange automation concepts, ideas and techniques. Developed and maintained training guides and submitted quarterly articles on automation topics.
United States Marine Corps September 1980 - June 1992
Mainframe Security Administrator: Performed mainframe security administration for Marine Corps-wide network. Managed access controls for approximately 1400 geographically dispersed users. At this time (1984) I received my certification in ADP Security and Risk Assessment and performed Security Risk Assessments for various data processing activities.
Computer Programmer: Trained in mainframe COBOL, EDL (Event-Driven Language), Clipper and Ada. Served as lead analyst/programmer on the Marine Corps Marathon Race Scoring System.
REFERENCES:
Available upon request.
Contact this candidate