Sign in

Sr. Information Security Analyst: HIPAA, PCI, FISMA, Cybersecurity

Hollywood, Florida, 33020, United States
September 15, 2018

Contact this candidate




Objective: To obtain a challenging but progressive assignment in South Florida (Palm Beach County down to Miami-Dade County), or via telecommuting which will enable Mr. Stukes to utilize his vast experience and expertise to foster ongoing mission support to the client and promote company growth with new business because of a job well done.

Professional Summary:

Mr. Stukes has over ten year’s progressive experience in the Information Technology field. Mr. Stukes also has excellent diagnostic and communication skills; orally as well as written, he’s knowledgeable of LANs, Operating Systems, utilities and applications, and various regulations, guidance, as well as industry best practices needed to meet compliance and security. Mr. Stukes is self-motivated and experienced in instituting and conducting procedures and projects for maximum efficiency. He has the ability to work in a group or independently. He can multi-task and he adapts well to changing environments.

Professional History:

Sr. Security Analyst, 24By7Security, Coral Springs, FL, (10/13 – Present)

As a Sr. Security Consultant, Mr. Stukes overall duties include performing HIPAA Security Risk Assessments for covered entities to ensure compliance with the federal mandate. Mr. Stukes was the lead HIPAA Security Rule Assessor for a multi-year contract for a large Miami based hospital with over 600 beds. He was responsible for scoping, confirming, executing and presenting the HIPAA Security Rule assessment and the reports. He was also the lead HIPAA Security Rule Assessor for a multi-year contract for a teaching University in Fort Lauderdale. The scope included 8 Medical Colleges and 16 satellite clinics. Mr. Stukes served as lead HIPAA Security Rule Assessor for a nationwide emergency room staffing provider, and has provided Security Risk Assessment and compliance services to various local small to mid-size medical practices. Mr. Stukes also conducted HITRUST compliance assessments using the Common Security Framework (CSF) to evaluate a companies ability to create, access, store or exchange sensitive and/or regulated data. In addition, Mr. Stukes has conducted IT assessments best on the Control Objectives for Information and related Technology (COBIT 5) framework. As part of his duties and responsibilities he develops policy and procedures, performs document reviews, produces findings reports, performs gap analysis, provides recommendations, develops remediation roadmap and administers HIPAA Security and Privacy training to the medical staff.

Mr. Stukes assisted a large travel industry client in performing Payment Card Industry Data Security Standard (PCI DSS) compliance. The PCI services were; assist the client to define the scope of their cardholder environment; assess the organization's compliance by evaluating the cardholder environments against the standards. This included completing the self-assessment questionnaires (SAQ), reviewed reports on compliance, performing PCI related work papers to support the testing and validation documentation, conducted field interviews, prepared applicable deliverables (standards and policies). This project also included advising the client on industry best practices. He performed similar PCI tasks for a local software company that included completing a Report on Compliance (ROC).

Additional duties and responsibilities included: participating in Cybersecurity efforts (identify, protect, detect, respond and recover), identifying appropriate controls to comply with security policies and regulations, producing threat and compliance reports for a wide variety of audiences (technical and non-technical), support of the Incident Response Process, Risk Assessments, helped implement and maintain all components of information security requirements for Disaster Recovery and Business Continuity, reviewed vulnerability assessments using various security tools to assess applications and infrastructure, identify key security and privacy issues, risks, exposures and vulnerabilities that could affect the security of the information systems. This role required an understanding of network discovery, vulnerability scanning and a working knowledge of major security solutions, such as Metasploit, BackTrack (Kali-Linux) and web application exploitations such as the OWASP Top Ten list and the SANS 20 list.

Systems Engineer, Teleperformance, Boca Raton, FL, (1/12 – 12/12)

As a Tier Two Systems Engineer, Mr. Stukes supported the Microsoft Office 365 Cloud computing environment by interacting with customers and representatives from other lines of business to handle a variety of functions.

IA Support Program, TekPartners, Miami, FL, IA Analyst, 10/10 – 05/11 (contract ended)

Mr. Stukes provided information security and certification and accreditation (C&A) as well as other support for US Southern Command (USSOUTHCOM), SCJ6 IA activities; classified and unclassified. Mr. Stukes ensured that acquisition of all IA/IA enabled products were in compliance with federally approved standards and had been vetted through DoD approved evaluation and validation programs such as the Federal Information Processing Standards (FIPS) or the Common Criteria of the National Information Assurance Partnership (NIAP).

IT Security Engineer, Federal Working Group (FWG), 7/10 to 10/10 (relocated)

Mr. Stukes provided system security management support for ongoing and recurring IT security audits of system, corrective action planning, remediation, Federal Information Security Management Act (FISMA) compliance and support for IBM Corp., to U.S. Census Bureau teams for their IT security, C&A documentation, planning, and POAMS. He also ran scans using IBM Rational AppsScan ver 7.8, and WebInspect to ensure compliance.

Security Analyst, Yoh Inc., 02/10 to 6/10 (contract ended)

As a full-time employee of Yoh Inc. and as a subcontractor for Harris Corp., Mr. Stukes provided technical support for system and software security efforts for the US Dept. of Navy CNIC, MWR/FFR program. This task required his expertise in the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP), using the Cap-IT tool, DISA Gold Disk (Platinum), Belarc, Win-Audit against workstations, servers and terminals, and NMap and eRetina (network & wireless).

Security Analyst, Executech Strategic Consulting LLC., 09/09 to 02/10 (contract ended)

Mr. Stukes was assigned to Ft. Belvoir, the Defense Logistics Agency. He was involved with the Information Assurance (IA) Department specializing in Policy, and Independent Verification and Validation (IV&V) and Certification & Accreditation.

Sr. Security Consultant, Hire-Strategies 07/09 to 08/09 (contract ended)

For the Financial Student Aid (FSA)/Department of Education (DOE), Mr. Stukes performed certification and accreditation (C&A) of the private contracted facilities housing and handling DOE data, based on the NIST SP 800 series (37, 53, etc).

Sr. Security Consultant, Wisdom Services, (08/08 to 02/09 (independent contractor)

For the US Citizenship and Immigration Services USCIS, Department of Homeland Security (DHS) – Mr. Stukes was the liaison for the ISSM. Provided project management oversight in the Certification and Accreditation (C&A) process. Performed Federal Information Security Management Act (FISMA) compliance, guidance, review, and acceptance of artifacts from companies and ISSOs on major applications and general support systems including E-Authentication report, Privacy Threshold Assessment (PTA), Privacy Impact Assessments (PIA), Statement of Record and Notification (SORN), Federal Information Processing Standards (FIPS) -199, system security plans (SSP), risk assessments (RA), system test and evaluations (ST&E), security assessment reports (SAR), and accreditation letters. Reviewed interconnection security agreements and MOU/As, acted as ISSM in SDLC and CCB meetings.

Security Analyst, Avalon Technology, Inc. 11/07 to 08/08 (second contract)

For the Veterans Affairs (VA), Mr. Stukes performed certification and accreditation (C&A) and Security Control Assessment (SCA) of the Veterans Affairs networks nationwide based on the NIST SP 800-53 series. His support duties were to act as an independent agent to verify that the security controls that the VA expected to be in place were in place and provide a report with the observations of the proof of pass or failure, recommendations for remediation and the final steps required to obtain an Authority to Operate (ATO). This task required extensive travel up to 75% per month, to VA sites throughout the continental United States, typically being on-site for 4-5 days.

The Security Control Assessment (SCA) Process basically consisted of me performing hardware tests (MS Windows workstations and PBX boxes), personnel interviews and physical security assessments (PSA) of the facility, and collecting and storing results in a proprietary database. Mr. Stukes reviewed Systems Security Plans (SSP), Contingency Plans, Incident Response Plans, Continuity of Operations Plans (COOP) and various plans, procedures and policies. He tested all Management, Operational, and Technical Controls per FIPS 200 and used guidance from NIST SP 800-53. Mr. Stukes prepared a report of the results of the test execution; VA personnel conducted all ‘hands-on’ tests while he instructed and observed the process and results. Also, as Team Lead, Mr. Stukes coordinated travel, rules of engagement, assignment of tasks and skill sets. He gave an in-brief, identified the results of the tests by platform and control, provided a summary for each control family, provided an overall summary of the process and current status, gave an out-brief, addressed any and all failures if any were identified and remediation actions to be provided.


Previously pursued a dual enrollment, seeking a B.S. at the University of Maryland, University College, and an A.A.S in Computer Information Systems at Prince George's Community College

Diploma in Electronic Engineering Technology TESST School Hyattsville, MD


Currently Pursuing

INFOSEC Warrior program (includes the Certified Information Systems Auditor - CISA, Certified Ethical Hacker - CEH and Certified Information Systems Security Professional - CISSP)

Healthcare Information Security Privacy and Practitioner – HCISPP

Currently Self Study for HITRUST CSF

Pursued certificate in the Healthcare Information Technology Program, Broward College

Received: CompTIA Security+ (2007) IAT Level II and IAM Level I (DoD 8570 compliant)

Completed courses in: CISSP Boot-camp, Structured Writing, Installing & Supporting MS Office, NT Server 4.0, IIS, Proxy Server, Citrix MetaFrame, HTML, JavaScript, CSS, DHTML

Computer Maintenance Repair Technician at University of DC

Certified Digital Technician at Control Data, FAIRBREAK Washington, DC

Inactive Security Clearances:

Secret (Expired 2015)

Top Secret (Renewed Sept. 2009) Expired 2014

DHS/USCIS Public Trust, (Last Issued September 2008)

6C Public Trust, Department of Education/Federal Student Aid (Last Issued July 2009)

Contact this candidate