Security Training
Resume:
Nancy F. Harris
Waldorf, MD **601
Mobile Phone: 571-***-****
E-mail: **********@*****.***
Security Clearance: Active Top Secret Security Clearance/SSBI /SCI
[pic]
OBJECTIVE
I am seeking a challenging opportunity where my abilities will be
effectively utilized; ideally, a company that rewards hard work, enthusiasm
and positive results with a challenging professional future. I have
demonstrated leadership abilities and complete dedication on all of my
assignments. Loyalty and hard work is what I can promise my future
employer, along with stability, balance and an Active Top Secret Security
Clearance/SSBI /SCI. I have the MCP certification, Comp Tia Security+
Certification and am a senior at Champlain College working on a B.S. in
Digital Forensics and Information Systems. Thank you for your time and
consideration.
[pic]
WORK EXPERIENCE
Lead, Army Penetration Testing Program
Northrop Grumman
08/2009-Present
Fort Belvoir, VA
Lead and serves as a Subject Matter Expert for Army Penetration Testing
Program. Conduct systems and network information assurance analysis through
the application of expert penetration techniques. Identify systems
vulnerabilities and provide recommended countermeasures to reduce risk to
manageable levels. Develop and refine penetration testing services. Manage
client assignments, technical and functional content, and staff resources.
Investigates and reports orally and thru documentation any actual or
potential information security violation or inappropriate computers use.
Identifies process functions, risk security weaknesses and controls;
presents security challenges and resolutions to management, and implements
plans, researches and deploys new technologies, manages transition to
operational service provides technical lead on security projects which
involve a wide range of issues including secure architectures, secure
electronic data traffic, network security, platform and data security and
privacy. Provides organizational support creating policy and procedures,
coordination. Organize, track and coordinate Army Penetration Testing
Course training with RCERT South Pen Testing for several organizations.
Implemented and suggested changes concerning policy and procedures
concerning Programs and Certifications standard operating procedures (SOP).
Cyber Intelligence Analyst
12/2007 - 08/2009
DDK Technology Group
San Diego, CA
Utilizing open source/law enforcement reporting/intelligence reporting
analysis is responsible for providing cyber analytical support to Naval
Criminal Investigative Service (NCIS) Pacific Cyber Division by means of
network analysis to include log file analysis (firewall, IDS, IIS, etc) and
PCAP analysis.. Evaluates, interprets, and integrates all-source
intelligence information into assessments. Initiates, coordinates, and
produces Navy cyber threat intelligence products. Uses the intelligence
process to produce and deliver briefings and written products to a wide
variety of audiences. Represents the NCIS Pacific Cyber Division and
interfaces with customers to ensure their needs are understood and
requirements are met. Develops and maintains constant, effective liaison
with counterparts within the broader intelligence community, appropriate
Navy requirements offices, Naval Command(s) and computer defense
contractors. Also, represents the NCIS Pacific Cyber Division at
interagency working groups, conferences, and intelligence related forums to
facilitate communications between the NCIS and other agencies and
customers. Conduct network log analysis in support of cyber and non-cyber
investigations and operations; research tools and techniques identified in
forensic analysis and produce IIR's and SAR's (Special Analytical Reports).
Have the ability to write multi-page products on topics related to
analysis, and able to explain network events to a broad audience including
peers and very senior leadership.
Information Security Analyst Advanced
5/2006 - 12/2007
Electronic Data Systems
San Diego, CA
Lead Information Security Analyst for North Island, ISSO for PKI Tumbleweed
Servers, and serve as the Western Region Subject Matter Expert for DoD
Public Key Infrastructure. Under limited supervision, manages the day-to-
day information protection function of appropriate security controls that
are in existence and in force throughout the entire enterprise security
architecture. NMCI Information Assurance Officer for 15000 machines
including North Island, Imperial Beach, Coronado Island and San Clemente.
Works daily with Command Information Managers, Offices in the US Navy and
interacts with other departments and vendors to gather data, resolve and
document complex technical issues for implementation of security products;
Investigates and reports orally and thru documentation any actual or
potential information security violation or inappropriate computers use;
leads security management services, cyber-crime investigation, incident
emergency response and investigations. Performs highly complex analysis and
technical tasks involving assignment and coordination of measures to
provide information assurance, event detection and rapid response across
various environments of the enterprise; designs, implements and supports
integration of information security solutions including security
architectures, integrating security products, and developing and
coordinating security implementation plans; Identifies process functions,
risk security weaknesses and controls; presents security challenges and
resolutions to management, and implements plans, researches and deploys new
technologies, manages transition to operational service provides technical
lead on security projects which involve a wide range of issues including
secure architectures, secure electronic data traffic, network security,
platform and data security and privacy; Provides organizational support for
developing and implementing security of electronic information during
transit and on multi-platform operating systems; Works with senior
management to determine acceptable levels of risk for enterprise computing
platforms and to discuss security implications of new information
technology uses being considered; Guides users and technical team members
in formulating security requirements, integrating security requirements
into existing system architecture. COMSEC custodian for EDS accounts who is
responsible for custodial duties.
Information Technology Specialist GS-2210
Training and Auditing
9/2005 - 5/2006
Naval Communications Material Systems (formally DCMS)
Andrews Airforce Base, MD
Conducted PKI audits, audit follow-up and served as an advisor to the audit
lead on all matters pertaining to internal audit and audit follow-up for
Navy information systems worldwide as per information assurance guidelines
set forth by the Navy and DISA. As an auditor conducted computer systems
audits that relate to areas highly susceptible to fraud, waste, or abuse;
mission accomplishment; and the identification and correction of Navy-wide
policies and procedures. Evaluated management's resolution of internal and
external auditing findings; consulted with management representatives to
furnish operational and logistical resolutions to make recommendations for
solving problems to clarify objectives. Conduct Public key Infrastructure
(PKI)/ Local Registration Authority (LRA) auditing and training mandated by
the Office of the Chief of Naval Operations (CNO), designed primarily to
protect Class 3 LRA and Class 4 Certificate Authority (CA) workstations
from unauthorized disclosure, theft, assault, or sabotage. Provide policy,
procedures, Information Assurance (IA) concepts, technical guidance and
assist with the Navy's PKI infrastructure in fulfilling unique command
requirements. Research and evaluate new/revised PKI/LRA training/auditing
procedures. Make recommendations for in inclusion in Navy IA publications
and incorporate approved changes. Established self as consultant, advisor,
technical authority on various IA, PKI training/auditing policy and
procedures, giving timely, accurate advice, assistance and guidance to DoD
and other U.S. Intelligence agencies. Respond, act, reply on customer
calls, e-mails and/or recommendation from ashore or afloat (CONUS & OCONUS)
units to include information in Navy IA publications and requests for
guidance, clarification or interpretation of current or changing Department
of Defense (DoD), National Security Agency (NSA), or Navy PKI policy and
procedures. Established and maintains liaison with policy and personnel
within Department of the Navy (DoN) and other U.S. intelligence agencies
and activities to stay abreast of the latest IA and PKI
policies/procedures/efforts. I can communicate effectively, both orally and
in writing, internally and externally to the command. Develops and
maintains good working relations with internal and external personal
contacts. Coordinates and travels world-wide to instruct and audit DoD
Civilians, Contractor and military personal in the current policy,
procedures and duties of Public Key Infrastructure. Advises manager's about
training and auditing requirements, changes in DoD procedures and policy.
Helps train new LRA instructors via orientation brief, course briefings and
at other times during their training. Evaluates inconsistency information
and helps provide guidance to senior managers on the establishment of
policy and procures that may be in conflict as new drafts are created.
Sr. Industrial Security Specialist
4/2005 - 9/2005
Raytheon
El Segundo, CA
Currently hold an Active Top Secret Clearance with SSBI and National Credit
Check. The Alternate Contractor Program Security Officer (ACPSO) for
multiple programs. All responsibilities will include assisting with daily
security operation to ensure compliance with customer/government security
requirements. Perform all administrative disciplines associated with the
ACPSO position consisting of program material controls, personnel
processing, facility audits, visitor control, oral presentations/briefings
and daily interface with all levels of management & customers. I am
organized self-starter with excellent administrative/computer skills as
well as strong interpersonal and communication abilities with the ability
to work well under pressure. Have a working knowledge of the
NISPOM/NISPOMSUP knowledge of the National Industrial Security Program
Operating Manual (NISPOM) (with emphasis on Chapter 8 requirements), the
NISPOM Supplement, JAFAN6/3, and Joint DODIIS Standards.
Information Technology Specialist GS-2210-12
Systems Administration & Security
6/2004 - 4/2005
Department of Veteran Affairs
Long Beach, CA
Installed, implemented and became lead for the Black Ice project, which
entailed working with the Black Ice programmers relying information on how
the security policies affected the WAN for the five hospitals in VISN 22.
Monitoring, installing, created new polices and pushed them out via Black
Ice Software. Monitored all hospitals with the IDS software, pinpointed the
machines causing problems and contacted the Virus team if there was any
suspicious behavior on the network. Coordinated the push of any new policy
thru each hospitals systems administrator, conducted tests of new polices
with a group of machines to ensure polices would work properly without
crippling the network, and was a representative on the VA National Network
Calls. Configured the Dell San Server to utilize Backup Exc 9.0 for nightly
backups of Long Beach Medical Center's 15 servers and was responsible for
the Dell Library tape backup for the15 servers, implementation, and
installation of backup software on the new Dell San Server. Researched,
tested and recommended network hardware and software systems and solution
to meet the goals and requirement of assigned projects. This includes
assignments soliciting recommendation for solution at the regional and
nation levels, such as enterprise asset management, WAN connectivity and
physical cable/logical network infrastructures. Created and managed users
and group accounts including network policy, account creation connection
and other network services as required in local or regional NT, Windows
2000 & 2003 Servers. Installs, configures and maintains network hardware
and software resources servers such as NT systems (Domain, Exchange, SMS,
RAS, etc), domain name servers, routers, firewall document image retrieval
and storage systems, IP numbers, et cetera. Trained other IRMS Staff and
end users as required; communicates effectively with individuals at a wide
variety of technical abilities, tailoring the presentation to the needs of
the audience. Provides training to regional peer as necessary in
configuring and troubleshooting non-local network resource problems.
Participated in security committees and tasked groups such as a technical
representative as required. I am one of ten members on the VA Long Beach
Information Technology Security Personnel Group. Helps implement policy and
procedures according to HIPPA standards throughout VA Medical Center Long
Beach Takes charge of various project assigned including planning,
coordination with hospital members or venders, implementation, installation
and follow thru of projects.
Information Technology Special (GS-2210)
PKI/LRA Instructor
10/2002 - 7/2004
Director Communications Material Systems (DCMS)
Washington DC
Implemented and administrations Mobile Training Team traveling domain using
Windows 2000 Active Directory Server and Windows 2000 Professional. Set up
the Certificate Server Software to allow students to download and install
PKI Certificates as part of the hands on training the Mobile Training Team
provides. Created the concept of and utilized a traveling domain if a
command site did not have the equipment required for the LAR Training. I
was responsible for all hardware and software utilized by the traveling
domain. Through hard work and dedication has become an expert in DoD PKI
LRA operations, and is a highly qualified and respected instructor.
Participated in the evaluation and monitoring of PKI LRA Training Program
at DCMS. Assist in the examination of training documents and establishes
procedures for processing requests for military and civilian personnel.
Coordinates and travels world-wide with the LRA training computers to
instruct DoD Civilians, Contractor and military personal in the current
policy, procedures and duties of Public Key Infrastructure. Advises
manager's about training requirements, changes in DoD procedures and
policy. Ensures DISA, SPAWAR and DCMS publication enhancements are designed
to increase Public Key Infrastructure awareness and implementation.
Assisted in giving new LRA Instructors briefings during orientation and at
other times when necessary. Participated in the planning and conducting of
training sessions for representatives of all assigned and supported
organizations worldwide. Assists and participates in the management of
providing technical guidance and advice on the Local Registration Authority
Guide, Local Registration Authority Certificate Practice Statement,
Registration Authority Certificate Practice Statement, plus all training
materials. Evaluates inconsistency information and helps provide guidance
to senior managers on the establishment of policy and procures that may be
in conflict as new drafts are created. Has strengthened her PKI knowledge
by studying the DoD x509 Policy, the LRA Training Guide, LRA CPS End User
Training Guide, attending PKI 586 Course at Learning Tree, attending EKMS
East and the PKI Conference in Mayport, Florida put hosted by SPAWAR.
Traveling to several locations overseas and nationwide to conduct training
sessions and has trained approximately 200 LRA's to perform LRA duties, as
well as policy and procedures related to LRA's. Bi-Weekly coordinates with
SPAWAR and interested parties to setup training sessions monthly for LRA
training at different sites overseas and nationwide. Helps maintain an
informal help desk for LRA's to call in with any problems during setup of
workstation, any application problems and questions in general about policy
and procures for LRA's
Systems Administrator
11/2000 - 5/2002
ParExel Medical Marketing
Centreville, VA
Resolved network issues in a Novell 4.11, Windows NT4.0, Windows 2000 and
Windows 95 network utilizing various clients including TCP/IP, Clients for
Novell NetWare and Clients for Microsoft. In a dynamic environment
troubleshot DNS, WINS and DHCP servers. Was one of six people who assisted
with the moving and setup of 350 machines from old location to the new
building. Troubleshot hardware, software, network connectivity issues that
come up on a daily basis between 2 floor including router and switch
issues. Configured the Windows NT 4.0 Sever for our Baltimore Office and
troubleshoot various programs used by the call center including Microsoft
Professional 2000, Microsoft 97, RIS2000 (Oracle based program) and
ghosting various machines with specified hardware to work on the network.
Tested Windows Workstation 2000 in our call center environment when the
machines were first brought into the building. Daily systems administration
of Windows 2000, Novell and NT Machines, which included adding, removing
and updating users and passwords on our Domain/Novell Tree. Via remote PC
Anywhere conducted daily backups for the local office and Baltimore office
with ArcServe 6.6 software. Archived several disks of project information
2yrs and older to CD and backup information onto tape backup to create more
space on the Server. Daily update of Sopho's Anti-Virus. In charge of
setting up Mac OS 9.0 on MacG4, this included adding printers and
troubleshooting on the network. Project Lead for Centreville site upgrade
to Windows 2000 for 200 users and following company guidelines set in place
for FDA compliance. Created and attached Zenworks Policies for Novel 5.0
Administration according to company guidelines and FDA guidelines.
Systems Administrator
9/2000 - 11/2000
RHI Consulting
Washington DC
Configured machines to work on the network, while working to resolve
Windows NT 4.0 & Windows 98 network issues using DHCP, WINS,
troubleshooting TCP/IP. I was contracted to work on Quantico Military Base.
Systems Administrator
7 1999 - 8 2000
Dedicated Transportation Services, INC
Santa Ana, CA
Was one of two employees who supported two WAN/LAN Networks in a Windows NT
4.0 and Win 98 environment. One network has approximately 50-100 nodes and
the other has 200-250 nodes. In the office and for the remote locations
troubleshot various network connectivity issues using TCP/IP, NetBEUI, DHCP
and WINS on the T-1 Frame Relay WAN/LAN and thru RAS. Configure new
computers with various programs including AR Collections, DTSI Operations,
Windows NT 4.0, Office 2000, Win Platinum, and ISQL. Setup and configure
the CSUDSU, 3Com NetBuilder II and equipment needed for the stations to get
on the WAN lines. In detail explain over the phone how to set up the WAN
equipment and configure the workstations with TCP/IP using specified
address or DHCP depending on station size/setup. Set up DHCP Scopes as new
stations came up around the country and needed to be on one of the four
domains supported. Deal with various administrative issues including adding
new users to the SQL 6.5 database, adding and administering Microsoft
Exchange 5.5 Mailboxes for all users remotely and at corporate. At remote
and corporate sites in charge of upgrading all computers with new programs
and hardware as necessary, both remotely and onsite. Ordered hardware and
software as need, ordered via Sprint new WAN line installations for remote
stations as the company opened new offices. Utilizing Backupexe 7.0 was
responsible for the nightly backup of corporate server information. Other
backups included nightly SQL dumps to tape and once a month Microsoft
Exchange 5.5 backup thru Windows NT.
Help Desk
8 1998 - 7 1999
Support Associates, INC
Lake Forest, CA
In a help desk environment troubleshot various end user problems via phone
for Win 95/98, Windows NT 4.0 / 3.0, and Macintosh Computers. Over the
phone communicated verbal instructions to end users in order to diagnose
hardware and software troubles, as well as answering presales questions.
Troubleshooting various companies' hardware including but not limited to
personal computers, individual printers, modems, memory, and compact flash
and digital cameras.
Hospital Corpsman
2 1993 - 3 1996
United States Navy
San Diego, CA
Triaging patients, administering primary care under the direction a
physician, including musculoskeletal problems, respiratory infections,
anaphylactic reactions, heat injuries, scheduling, writing the Standard
Operating Procedures for minor surgery, cleaning, stocking, general
maintenance, as well as performing as an Emergency Medical Technician when
standing duty. Other duties included use of peak flow meter, oxygen
saturation monitor, electrocardiogram monitor, oxygen tanks, intravenous
equipment, eye treatment, customer service skills, communication and
lecturing groups of up to 300 people.
[pic]
EDUCATION
1/2007 - Present: Champlain College - BS in Digital Forensics
Burlington, VT
Senior Year working on Bachelors Degree in Digital Forensics.
Expected Complete: May 9, 2010
Currently have 108 Credits of 120 to complete.
7/2008 - 7/2008: Encase Training
San Diego, CA
Completed Encase Training thru the Regional Computer Forensics Laboratory
(RCFL) in San Diego CA. I did not take the Certification Test as I did not
need as an analyst.
1/2007 - 12/2007: Certification of Digital Forensics & Information Systems
Burlington, VT
Certification of Digital Forensics & Information Systems
Continuing work on B.S. Computers & Digital Forensics
10/2007: CompTia Security + Certification
San Diego, CA
Infosec Institute: CISSP Boot Camp Course
Manassas, VA
7/1999 New Horizon Learning Center:
Windows 2000 Server and Workstation Course
10/99 - 07/1998 Computer Education Institute:
MCP Certification
Lake Forest, CA
Computer Networking Classes to obtain the MCSE. Courses included NT
Workstation 4.0, NT Server 4.0, Enterprise 4.0, Networking Essentials,
TCP/IP, IIS. Upon graduation was MCP qualified.
1991 Erich Birc h High School
Fontana, CA
Graduated with a High School Diploma
Contact this candidate