Security Engineer
Resume:
Jeffrey Higgs
Email: *********@********.***
Address: *** ***** ***** ****
City: Shenandoah
State: VA
Zip: 22849
Country: USA
Phone: 540-***-****
Skill Level: Experienced
Salary Range: $80,000
Primary Skills/Experience:
See Resume
Educational Background:
See Resume
Job History / Details:
JEFFREY L. HIGGS
499 River Hills Road, Shenandoah, VA 22849
540-***-**** home; 540-***-**** cell
No relocation assistance required
Security Clearances:
Current: BI 12/2006 (update in progress)
Previous: TS/SCI, SBPR (12/14/2006), Full Scope Polygraph (~12/2005), DoC\USPTO Public Trust
Work Summary:
Proficient cyber security professional with 25+ years of experience in managing multiple Operating Systems (Windows, Unix), Information Security / Personally Identifiable Information (PII) / Security Auditing (Computer and Physical). Recent employment includes in-depth ISSO and Security Management supporting a Dept. of Commerce (DoC) / US Patent Trade Office (USPTO) project. Responsibilities focus on system readiness, risk identification and analysis, responding to Security Alerts, Security Notices, and Security incidents, as well as conducting incident investigations and other research in addition to Client and Staff Mentoring.
Professional Experience:
Senior Security Officer (ISSO) - Serco-NA. Harrisonburg, VA. 11/08 aaa 08/12
aa Lead responsible to ensure the information system at Harrisonburg facility maintained FISMA compliance, including hands-on NIST SP 800-37 Rev1, NIST 800-53 Rev3 and 800-53A Rev1 activities.
aa Identify and develop information and system assurance solutions to support initial / continuing Certification and Accreditation (C&A) for a variety of devices and OS environments.
aa Responsibilities include authoring the System Security Plan, Configuration Management Plan, Continuity Plan and Emergency Action Plan, and provide support to financial related plans and processes as required by government policy on a large government project located in the Shenandoah Valley.
aa Heavy Client interaction and support relating to program security standards, readiness, consultation and compliance for multiple implementation efforts.
aa Ensured proper categorization of Information and System. Once established, depending on customeraaas requirements, pulled necessary Assessments and audited information (review of data, interview of personnel, demonstration) in accordance with NIST 800-53.
aa Provided written reviews of findings of Audit, noting areas of improvement needed and opening POA&Ms, and producing detailed Security Assessment Reports.
aa Responsible for creating and tracking incident reports via the Altiris Helpdesk system. Also used Altiris to pull both standard and special reports used during yearly Audits.
aa Periodically tested plan elements (such Quarterly System Access List, Quarterly Petty Cash Audit, and Biannual Alarm testing amongst others) as to ensure compliance, and analyze non-conformances for corrective action.
aa Ensured clear Separation of Duties existed between IT Manager and ISSO both administratively but also as it related to privileges within the network architecture. Neither individual held aaAall of the keysaa or privileges to the system.
aa Started work to determine impact of existing NIST SP800-53 with new guidance provided by Committee on National Security Systems Instruction (CNSSI) No. 1253.
aa Mentoring Client and Program Personnel in aspects relating to InfoSec and ISS.
Principle Engineer Information Assurance (ISSO) - General Dynamics, Fairfax, VA 04/03 aaa 11/08
aa Owned all aspects of Information Security, including verification and risk assessments, and lifecycle C&A development and related support / documentation for multiple OS environments.
aa Conduct thorough document classification reviews for deliverables and other Client documentation.
aa Direct audit team member for eight programs, and mentored 3 other ISSOs managing four programs
aa Monitoring of programs involved such items as review of System Security Plan, Configuration Management Plan, Boundary Document (was it up to date), Patch Mgmt process, Security Awareness Program and other similar items called out in either DCID 6/3, ICD 503 or NIST 800-53 (53A), as well as 800-37 categorization and compliance.
aa Reviewed Security Logs, Visitor Logs, Maintenance Logs, Access Logs and similar logs
aa Reviewed existing System Security Plan, performed Risk Analysis against program and established if the system is a Low, Medium or High Risk for multiple OS (Windows and Unix).
aa Once Risk was determined, took predetermined 1/3 of controls and created Security Requirement Traceability Matrix (SRTM) with Assessment Steps which contained measureable evaluations (guidance provided from SP800-53A). Evidence obtained was by Interview, Examine or Test.
aa Positive and aaEAreas of Improvementaaa were noted based upon SRTM Findings. Areas of Improvement were presented with the request for measureable and meaningful POA&Ms from the area under review.
aa Reviewed Vulnerability Scans so as to ensure that appropriate scans were performed on appropriate devices, and to ensure that only those devices within the Boundary Document.
aa Provide primary interface between more than 70 contractors and the government Client in all matters as they relate to compliance and Security relating to the NISPOM, appropriate DCID, and HIPAA.
aa Develop solutions to address requirements change(s) and nonconformance for information assurance and information system security activities.
aa Provide Security training and continuous mentoring to ensure Emergency Preparedness, accountability and response, and personnel-related Security matters are operating to plan.
aa Assisted customer in understanding their needs in establishing Contingency Plans, understanding critical systems, backup facilities,
aa Responsible for In-briefing and Out-processing of all personnel as well as provide Security Compartment Briefing on behalf of the customer.
aa As part of the Senior Management Staff, responsibilities surged to support critical and time sensitive, mission critical assignments, including those specific to system readiness and transition.
aa Conduct periodic audits relating to proper time charging and accounting.
Technical Support Engineer - SAIC, Vienna, VA 09/02 aaa 04/03
aa Serve as an integral component of a technical team supporting LAN / Server development, implementation, and maintenance for a Government customer utilizing a customized Optical Character Reader (OCR) system.
aa Mentoring staff and heavy Client interaction and service provided on a regular basis to ensure risk identification and mitigation, system readiness and continuity of network operations for multiple OS (Windows, Unix).
aa Responsible for identifying system requirements / enhancements for the next generation of OCR software, recommending assurance solutions, and the installation of new HW / SW components
aa Maintain the on-site OCR software repository, ensuring effective security measures and configuration.
aa Ensuring that SSP, Configuration Management Plan, Boundary doc, authorized SW list and the like were Audit Ready.
aa Reviewed Contingency Plan and ability of neighboring dept to assist in the event the plan had to be exercised.
Business Continuity/Emergency Management Consultant (SME) - SAIC, Arlington, VA 02/02 - 09/02
aa Operate as a critical member of a technical team on the implementation of the Emergency Management Program for the CDC in Atlanta, GA.
aa Led team in the development of the overall training program and mentored program staff to ensure a robust knowledge base is achieved and maintained.
aa Define systems requirements to ensured implementation, applying best practices to refine response processes and procedures and to proactively mitigate risk to ensure system readiness.
aa Support restructuring of the CDC enterprise-wide Emergency Response and Accountability process for all locations, and provide recommendations relating to continuous improvement.
aa Prepare detailed presentations, and support education, exercises and evaluations of CDC personnel.
aa Ensure compliance to HIPAA, OSHA, NFPA, NiOSH, JACHO, ANSI and other similar codes.
Programmer aaa SAIC, New Carrollton, MD 09/01 - 02/02
aa Support installation of SDI (Secure Dial-In) products
aa In the role of QA Manager for SDI, actively provide Tier 3 Help Desk support for multiple OS.
aa Responsibilities include debugging communications issues and provide on-call after hours support.
aa Provide risk mitigation strategies to address identified vulnerabilities in developed SW.
aa Ensured that all SW and HW lists were Audit ready. Ensured that System Security Plan was always up to date. Followed established patch management plan set down by the customer.
aa Provide training and mentoring for new members of the Help Desk to ensure continuing C&A.
Technology Specialist - Southern Financial Bank, Warrenton, VA 04/00 - 02/01
aa Conduct thorough risk assessments, and test solutions of multiple operating systems to ensure completeness of developed solution.
aa Perform LAN maintenance, including assessing, modifying, and adding additional LANs to communicate with the external customer base.
aa Led efforts to tailor systems and computer repair / upgrades for Clients and emerging technologies
aa Interface with nineteen branch offices and managers to ensure continuous operations of computers and financial applications, as well as interfacing with 3rd party telecommunication providers.
aa Manage contractors' work relating to upgrades and enhancements to telecommunication and computer systems, and ensured budget compliance.
aa Mentor Client personnel to use updated network technologies.
Computer Software Engineer - Lord & Company, Inc., Manassas, VA 11/99 - 04/00
aa Upgrades to Accounting LAN Servers, HUB, and workstations to address Y2K issues on multiple OS.
aa Led company technical requirements and perform risk analysis and ensure complete installation and configuration of an Administrative LAN.
aa Develop hardware and software solutions for internal employees and external customers, and provided a technical interface for Lord & Company, external customers, and contractors relating to hardware and software issues.
Senior Associate Computer Systems Analyst aaa Lockheed Martin, Manassas, VA 02/87 - 11/99
aa Develop and administer annual budgets relating to hardware and software systems.
aa Hands-on management related department employees and contractors.
aa Analyze and solve internal / external customer needs to determine equipment and software requirements using automated systems spanning Windows and Unix Networks.
aa Evaluate potential risks involving developed customized solutions for customer and user requirements, and assess commercial HW to meet system requirements.
aa Proposed sound techniques applicable to new programs and utilities, with consideration to such factors as personnel, time, and hardware.
aa Assist Environmental, Safety and Chemical Engineering to ensure site chemical processes conformed to Federal, State, Local, and Corporate requirements via SACS.
aa Develop custom reports for submission to Federal, State, Local, and Corporate agencies and assisted Facilities Engineering to ensure Federal and State OSHA Regulations, BOCA, and other regulations were met using SACS.
aa Facilitate migration of the 4381-mainframe database to a PC-based solution.
aa Develop a LAN for site Alarm System for key customers (i.e., Security, Emergency Response, management, etc.). I performed training as needed for new and/or current personnel.
aa Supported the installation and integration of Meteorology Tower for site.
Sr. Emergency Response Specialist - IBM, Manassas, VA 01/83 aaa 03/87:
aa Participated in the planning, training, and formation of Fire / HAZMAT Team.
aa Contributed significantly in Developing SOPs, Equipment Specifications, Roles / responsibilities.
aa Formed an onsite Fire Brigade.
aa I was the departments Training Coordination.
aa Worked with City / County / State officials to ensure that appropriate codes were enforced for our facility.
aa Ensured that all local Fire, Rescue and Law Enforcement officials were kept aware of changes in our facilities lay out and hazards.
Quality Control Specialist - IBM, Manassas, VA. 02/81 aaa 01/83
aa I was responsible for sampling and testing silicon wafers and computer modules produced.
aa Test results were then produced and returned to the Production Line and management identifying areas that had failed.
Computer Proficiency:
Operating Systems: Windows NT 4.0, Windows 2000, Windows XP, Windows 7
Hardware: PCs, 4381 Mainframes
Software: TeamPlay, Lotus Notes, ArcServe, Deltek, MS Office 2000, MS Excel, MS Access, MS Project, MVS/ESA, TSO, ISPF, SMPE, SNA, non-SNA, PL/1, Pascal, C, C++, FORTRAN, JCL, REXX, Assemble, VB, SQL, Sybase, Crystal Reports, DOS, TCP/IP, Token Rings, SDI.
Standards: NIST/FISMA/FedRAMP Series, FIPS, DIACAP, DCID 6/3, HIPAA, PII, PPI, ICD-503, ANSI
Education:
Columbia Southern University, Orange Beach, AL / Fire Science 4.0 GPA (AAS Graduation 12/2012)
VPI & SU - Blacksburg, VA, (19790 aaa 1980) aaa Computer Science
Client Support:
Provide support to NRO, CIA, CDC, IRS, NGA and DoC/USPTO
Honors / Activities:
aa 'Act of Heroism Award' awarded by the Manassas City Council in April 1994
aa 'Life Saving Award' awarded by the Prince William Chamber of Commerce in June 1994
aa Numerous awards from Greater Manassas Volunteer Rescue Squad for leadership and participation in Squad events/committees
aa Trot SAR, 9/10 - present
aa Stonewall Jackson Volunteer Fire and Rescue, 04/00 aaa 6/2008
aa Elkton Volunteer Fire Company, 1/07 - present
aa Virginia Association of Volunteer Rescue Squads, 06/84 - present
aa Greater Manassas Volunteer Rescue Squad, 06/84 - 06/99 (Life Member)
aa NOVA 10 - Regional Disaster Task Force, 6/97 - 4/00
aa Manassas Volunteer Fire Company, 07/79 - 06/84
Other Activities:
Candidate is a certified Fire Service Instructor, teaching and mentoring students on such topics as Fire Fighter I & II, Driver / Pump Operator, Aerial Operator and Incident Command. Candidate is a 1st Aid, CPR, AED Instructor and was certified as an EMT-CT. During his time as an EMT-CT (Medic), Jeff served as the principle Medic assigned to the SWAT Team. He also worked with Prince William Hospital Emergency Room as an Emergency Technician and coordinated with the ER during Disaster Drills/Events.
Currently, Candidate is also the current Assist Commander of Trot SAR, a Mounted Search and Rescue team that provide support to local Rescue efforts from Southern PA down to Roanoke / Richmond and from Eastern WV to the Eastern Shore, assisting where needed with record keeping, training and budget compliance.
Certifications:
aa VDFP Fire Officer II
aa VDFP Fire Instructor II
aa CPR, AED and 1st Aid Instructor,
aa VDEMS Field Team Leader (FTL)
aa VDEMS Field Team Member (FTM)
aa VDEMS Management Team Member (MTM)
aa VDEMS Instructor
aa NIMS 100
aa NIMS 200
aa NIMS 300
aa NIMS 400
aa NIMS 700
aa NIMS 800
aa VDFP Fire Fighter I & II Train-the-Trainer
aa VDFP Fire Officer I Train-the-Trainer
aa VDFP EVOC 3 Train-the-Trainer
aa VDFP Driver / Pump Operator Train-the-Trainer
aa VDFP Aerial Operator Train-the-Trainer
aa VDFP MayDay Firefighter Down Train-the-Trainer
aa RIT Train-the-Trainer (PWC)
aa VAVRS EVOC Class 3
aa VAVRS Rescue Tech I Instructor (Basic / Light)
aa VAVRS Rescue Tech II Instructor (Vertical - Basic)
aa VAVRS Rescue Tech II Instructor Trainer (Vertical - Basic)
aa VAVRS Rescue Tech III Instructor (Advance Vertical)
aa VAVRS Vehicle Extrication
aa HTR Confined Space
aa HTR Rope Rescue I
aa HTR Rope Rescue III
aa HTR Trench I
aa HTR Building Collapse
aa HTR Vehicle Extrication
aa VDFP HAZMAT Awareness
aa VDFP HAZMAT Operations
aa PADI Rescue Diver / Black Water Rescue
aa PADI Master Diver
aa Fire Fighter I
aa Fire Fighter II
aa Pump Operator
aa Aerial Operator
aa St. Augustine Advanced HAZMAT Training School
aa Darrell Bevis Association HAZMAT Response Personnel
aa Aircraft Crash/Rescue
aa Community Emergency Response Team (CERT) Train-the-Trainer
aa Virginia Safety Association 'Working in Confined Space Seminar'
aa General Physics Corp. Fire Brigade Instruction Workshop
aa Texas A&M University Fireman's Training School Industrial Fire Protocol
aa Fire Brigade Leadership Training & Industrial Fire Fighter School
aa Fundamentals of Fire Protocol Equipment
aa J.T. Baker Chemical Safety
aa SCOTT's Air-Pak IIa Field Maintenance
aa MSA's Care & Use of MSA Model 260 SCBA,
VOLUNTEER SERVICE
aa Trot SAR (9/10 aaa present) aaa Asst Commander & Training Officer
Location: Organization based out of Crownsville, MD but I respond from home
Supervisor: Taaami Finkle, Trot SAR Commander & NASAR aaa Task Force Leader MSAR
Salary: None
Hours: Various
Duties: Provide coverage when Commander is not available. Track, advise and report on all training records for members of Trot SAR; provide mentoring for new members that need help and assistance with various aspects of their progression thru training; communicate with the various Regional Directors and determine training or resource needs that they may need and attempt to provide them; interface with the wide variety of other SAR, law enforcement and Fire/Rescue organizations before/during/after incidents so as to better prepared for the next incident.
aa Elkton Vol FC (1/07 aaa present) aaa Assoc. Member
Location: Elkton, VA
Supervisor: Jonathan Kibler, Chief
Salary: None
Hours: Various
Duties: Assist as needed at the Fire Station, Fund Raisers and other events as needed.
aa Stonewall Jackson Vol Fire & Rescue Dept (4/00 aaa 06/08) aaa Fire Capt.
Location: Manassas, VA
Supervisor: Tom Wood, Asst Chief
Salary: None
Hours: Various, but significant as I also pulled duty as Battalion Chief at least once a week.
Duties: Ensured staffing at SJVFD of Amb., Eng. and Trk. Performed training at least once a month on duty night for everyone and ensured that Rookies received the necessary training and attention on a weekly basis. Also responsible for recording and reporting the staffing hours of our Truck at the Monthly Line Officeraaas Mtg. As a Capt, it was expected that I sign up for Battalion duty. This duty rotated around about every 8 days and about every 5th weekend. The Battalion Chief is responsible to know what equipment was available in their assign area (in my case it was the West end of Prince William County aaa City, Farm land and mountains), try and get units staffed and then respond on all significant calls.
aa Greater Manassas VRS (6/84 aaa 6/99) aaa 1st Lt., Medic, Bingo Chairman & Finance Comm.
Location: Manassas, VA
Supervisors: Various
Salary: None
Hours: 24+
Duties: Beyond running Medical calls and assisting with Structure Fires, I was the Bingo Chairman and sat on the Finance Comm. As such, I dealt with on a weekly basis Bingo receipts of $6,000+ deposited to our bank each Friday night. While serving on the Finance Comm., our annual Budget was $800 to $1.1 million. This required extreme care so as not to over run our projected budget, but yet plan for the unexpected. I served on the Comm. 1/92 to 6/99. We met our budget every year except for the 1st year that I sat on the Comm.
aa Manassas Vol Fire Comp (7/79 aaa 6/89) aaa Fire Fighter
Location: Manassas, VA
Supervisors: Wade House, Chief
Salary: None
Hours: 24+
Duties: Took all classes necessary and required both by VA Dept of Fire Programs (VDFP) and by Manassas Vol Fire Comp (MVFC). This was a new area to learn about and a dream come true.
Contact this candidate