Andre' Jenifer, BS/IS, CISSP, CISA, MCP
Woodlyn, PA
Cell Phone: 610-***-****
Home Phone 484-***-****
E-mail: abnch5@r.postjobfree.com
WORK EXPERIENCE
Senior System Security Analyst 3/2009 - Current
Confidential, Washington, DC
Managing a team of three providing IT governance support to Agency in
support of server, networking and application development. Conducting
internal control configuration tests of servers, applications, routers,
switches, firewalls and intrusion detection systems. Assessing Management,
Operational and Technical controls for compliance assessment to assure a
sound design of the security architecture. Developing Internal Control self
assessments, reviewing NIST standard Certification and Accreditation
documents and enhancing continuous monitoring plans. Reviewed security test
and evaluation reports for accuracy and completeness against its standards.
Conducting Risk Assessments and providing testing to re-characterize
weakness and control deficiencies. In addition, conducted train the trainer
duties to enable client to perform security and awareness duties. Mitigated
risk through control testing developing standard tests scripts, designed
compensating controls to reduce weakness and deficiencies to an acceptable
level. Created policy and procedural documents in support of corrective
action and closure requirements.
Project Manager, Information Technology and Controls 1/2006 - 6/2007
Thompson, Cobb, Bazilio & Assoc. PC
Washington, DC
Developed and conducted Information Security Audits to review Management,
Operational and Technical controls for the US Mint. Oversaw Information
Security team, providing expert guidance to plan and develop general
support systems and major application disaster recovery plans, continuity
of operations plans, security policies, role base procedures in accordance
with Industry Standards. Developed and implemented technical notes for
Peoplesoft, Oracle, Routers, Switches, Firewalls, Intrusion Detection
Systems, Operating systems and E-mail applications. Develop account
management policies, business processes, audit logging, and large scale
back-up operating procedures at the Enterprise level. Supported 6 main
sites and outsourced shipping sites, with 6,000 direct users and over 1M
external e-commerce customers annually.
Subject Matter Expert IT Audits and Information Security 11/2004 -
1/2006
Williams, Adley & Company, LLP
Washington, DC
Conducted SAS 70 Audit for District of Columbia Department of health
managed service provider ACS.
Audited the electronic data interchange system comprised of servers,
networking equipment and applications. Developed audit techniques and
prepared work papers for electronic claim processing system. Conducted an
IT Audit and review of JP Morgan and Chase Manhattan Bank, Mortgage Pool
Processing Securities, Central Paying Transfer Agent and New Issuers
(Regional Banks) . Performed a review on behalf of GNMA quasi-government
GSE (FHA, VA and Rural Mortgage Security Pools) of Chase Manhattan security
sweep accounts; using random number generator and statistical sampling
formulas. Conducted WAN Internal Control and Compliance Testing for
mainframe and custom application suites; Integrated Pool Management System
(IPMS), NPPS, PRS, GMBS. Also audited the Client-server infrastructure and
LAN applications and Ginnie-net, Pool Transfer System, New Issuer System,
Master Agreement Databaseand authorized signers. Also, performed an
infrastructure audit of Manhattan, Newark and Wilmington data centers using
GLBA, COBIT and Sox security control guidance. Testing included:
ACF2/CICS/MVS and CA Top Secret audit system.Conducted IT Audit,
Penetration test and Vulnerability Assessment of Lockheed Martin and JP
Morgan & Chase; Mortgage Backed Securities Information System. All audits
and reviews are based on Federal IT and Information Security mandates,
guideline, standards and generally accepted government auditing standards
(Graham Liley Bleach Act, SOX, COBIT). The review encompassed planning and
developing audit programs, work programs, work papers and conducting tests
of operating effectiveness. In addition all projects were managed utilizing
project management body of knowledge objectives, project schedules,
timeline monitoring, resource adjustments, as well as conducting
performance appraisals to a diverse team of IT professionals.
Subject Matter Expert/Information Assurance Engineer 5/2003 11/2004
Systems Plus Inc. Rockville, MD
Developed Information Security Audit Program to review Management,
Operational and Technical controls for the US Mint. Based program on
Clinger-Cohen Act, OMB A-130 and NIST guidelines, as well as best practice
risk models and methodologies. Oversee Information Security team, providing
expert guidance to plan and develop system security plans for server and
applications, disaster recovery plans, continuity of operations plans,
security policies, role base procedures and OMB reporting. Develop and
implement technical notes for Peoplesoft, Oracle, Routers, Switches,
Firewalls, Intrusion Detection Systems, Windows and E-mail applications.
Develop account management policies, business processes, audit logging, and
large scale back-up operating procedures. Support 6 main sites and
outsourced shipping sites, with 6,000 direct users and over 1M external e-
commerce customers annually. Provide security for internal controls for
movement of coins between vaults and for external sites for asset
allocation. Manage $12M annual infrastructure budget. Work directly with
Chief Information Officer (CIO) for US Mint, Chief Security Officer
Advisor, External Inspector General (IG) including Department of Treasury
IG, and the total user community.
Senior Network Security Engineer 5/2002 - 5/2003
Computer Sciences Corporation
OnsiteatPentagonFOB2(MissileDefenseAgency)
Washington, DC
Performed duties as incident monitoring team lead. Monitored intrusion
detection system, firewall logs and system log servers. Assessed network
vulnerabilities and recommended configurations changes to Senior Management
that embraced DOD defense in depth model. Ensured compliance with system
certification and accreditation by performing Security Tests and
Evaluations (ST&Es) for the Configuration Control Board (CCB). Maintained
integrity of electronic data through Public Key Infrastructure, Symmetric
and Asymmetric key exchange using Department of Defense (DOD) Level III
certificates. Developed policies and procedures that adhered to Federal
mandates, NIST standards and guidelines, agency policies, and industry best
practices. Interpreted new Information Security laws to Senior Management,
and updated functional policies, ensuring compliance. Mentored and trained
system engineers, security engineers, administrators, desktop support
technicians, and customer relationship management specialists, ensuring top
performance managing the enterprise. Oversaw and recommended to management
configuration changes to the Enterprise Security Architecture. Developed
and implemented Windows 2000 security policies in accordance with National
Security Agency (NSA) and Defense Information Security Agency (DISA)
configuration guidelines and industry best practices. Provided role-based
training and guidance to Information Technology Specialists and Information
Assurance department on mitigation of risks and availability of DOD
networks. Evaluated emerging technologies for compliance with Missile
Defense Agency security guidance and common criteria.
Network Security (IA) Engineer/Desktop Support 11/2001 - 5/2002
Computer Science Corporation onsite Naval Air Station North Island
San Diego, CA
Managed a DOD Common Access Card (smartcard) implementation for the San
Diego Metropolitan Area and Naval Support Services for over 150K users in a
12-month time-frame, successfully incorporating DOD Level III certificates
and biometrics into an identification Card. Provided firewall, system
administration, and Virtual Local Area Network (VLAN) development support.
Evaluated and approved firewall policy waivers for the Naval Region
Southwest protected enclave. Conducted audits of inappropriate utilization
of DOD resources, including e-mail, web and rogue servers. Evaluated design
and effectiveness of the network infrastructure in relation to policy
requirements. Managed enterprise Wide Area Network (WAN) and Local Area
Network (LAN) patch management system. Served as member of the
Configuration Control Board, testing and approving configuration changes of
trusted networks. Managed cleansing of numerous classified spillages,
effectively using 0 & 1, bit synchronization to hard-drives, and BC Wipe on
critical mail servers. Conducted numerous security reviews and
certification of classified spaces in accordance with memorandum of
agreements and understandings (MOA and MOU). Reported directly to the
Director Information Assurance and senior military management in Hawaii and
Norfolk, Virginia.
Network Engineer/Desktop Support 11/2000 - 11/2001
Computer Sciences Corporation
San Diego, CA
Managed 5-person Information Technology (IT) division, providing
leadership, and guidance for top operation, ensuring effective incident
response monitoring and secure network operations. Administered WAN & LAN
devices and 3 T-1 circuits providing connectivity to remote sites. Assisted
with LAN Asynchronous Transfer Mode (ATM) to the desktop migration,
including LAN Emulation Server (LES), LAN Emulation Client (LEC), and
Network Service Access Protocol (NSAP) addresses and Internet Protocol (IP)
over ATM, enabling high-speed connectivity to global nodes. Maintained
Department of Defense (DOD) Trusted Primary Data Centers (PDCs), Backup
Data Centers (BDCs), member servers, and mail servers, following protocol.
Utilized Remedy database for helpdesk trouble tickets and daily assignment
of network engineering trouble-calls. Manageded Microsoft System Management
Server (SMS) daily for remote troubleshooting, configuration, and
installation of application and security packages. Oversaw classified
(SIPR) and unclassified (NIPR) systems. Implemented intrusion detection
system onto network, including various security auditing tools (hacking
tools) including ISS, NMAP, NESSUS, LANguard, SNMPwalk, and Firewalk.
Performed scans and probes to gain a test for strengths and weaknesses.
Administered firewall management and routers, ensuring they were not
compromised. Performed certification and accreditation (C&A) in accordance
with DITSCAP (DoD IT Security and Accreditation Process).
Job-related training courses:
Cisco Certified Network Associate, CBT, 2008
Certified Ethical Hacking & Countermeasures, Learning Tree, 5 days, 2007
Oracle 11i Security Auditing and Integrity, George Mason University, 2
Days, 2006
Disaster Recovery Planning, George Mason University, 2 Days, 2006
Advanced IT Security Auditing, National Institute of Standards and
Technologies, 5 days, 2004
RSA, IBM Mainframe RACF Security Administrator, Research Triangle Park, NC
5 days, 2003
CSIDS, Cisco Secure Intrusion Detection Systems IT Mentor, San Diego, Ca, 5
days, 2002
Sidewinder Advanced Firewall Administration, Secure Computing 5 days, 2002
Shadow, Dragon and Snort IDS Dahlgren, Va 5 days, 2002
Microsoft Windows 2000 Server, Active Directory etc., CESD, Vista, Ca 4
mths, 2001
Microsoft Exchange 2000, SAIC, University California San Diego 5 days, 2001
Job-related certificates and licenses:
MBA Technology Mgt, American Intercontinental University Online, 4/2004
Bachelor Science Information Systems, University of Phoenix, 7/2001
CISA, Certified Information System Auditor Certification # 261997, 6/2005
CISSP, Certified Information System Security Professional, Certification #
40243, 5/2003
MCP, Microsoft Certified Professional (2000 and NT 4.0), MCP ID# 2027203,
6/2000
Member, Information System Audit Control Association (ISACA)