Highly qualified and well-developed IT Security professional and Army veteran with 10 years of service, clearable up to Top Secret and over 22 years of Federal Government IT experience. Solutions-oriented with notable success directing a broad range of IT Security initiatives while participating in the planning an implementation of system security solutions in direct support of client objectives per FISMA, DIACAP, FedRAMP, and RMF requirements. I am very adept at providing support to both on and off-site users environments. I am currently seeking a permanent full-time IT Security position bringing 12 years in IT Security developing standards, procedures, analyzing and implementing necessary security requirements and strategies for Federal networks.

Security Clearances

Public Trust, Current

Top Secret w/SCI granted 11/2009 (Inactive)

Secret w/SSBI granted 4/1995 (Inactive)

Key Strength

Security Policies & Procedures Development

FedRAMP Compliance

NIST 800-53 rev. 4

NIST 800-37 (RMF)

O365 Cloud Services

AWS Cloud Services

Microsoft Azure Cloud Services

FISMA Compliance

Process and Procedures Development

Systems Engineering

Systems Scanning

Network Administration

Troubleshooting/Diagnostics

Technical Support

Team Collaboration

Client Relations

Security Control Implementation

Technical Skills

HBSS (Host Based Security System), IBM Tivoli “BigFix”, Gold Disk, Archer, CSAM, ACAS, E-Mass, Various CISCO Switches and Routers, Microsoft Active Directory, Mapping Tools, Smart Matrix, Control Point, Clearsight Network Analyzer, Tenable NESSUS, Arcsight, Smartbits. IDS/IPS Tuning and Configuration, Firewall Configuration, VISIO, Gold Disk

Core Competencies

Policy & Procedure Development

Developing policies and procedures for all 18 control families for low, moderate, and high systems based off NIST 800-53 rev. 4 and 800-37 guidelines.

Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing.

Creates and maintains security checklists, templates and other tools to aid in the A&A process.

Provide IT security technical expertise for all document development

Design, develop, engineer, and implement solutions for RMF and FedRAMP requirements

Vulnerability Management

Performed Information Assurance Vulnerability Alert (IAVA)applicability analysis

Performed security administration including periodic Security Readiness Review (SRR)

Compiled and report on Information Assurance Vulnerability Alert (IAVA) testing, implementation, and compliance reporting

Developed templates for the policy and processes to assure consistent look and feel. The template will align to all applicable NIST and OMB reference documents, including NIST SP800-53rev4.

Conducted and documented scoping and tailoring interviews with appropriate subject matter experts to complete agency specific control values and metrics for FISMA compliance.

Information Assurance approvals and Authority to Operate from the Designated Accrediting Authority (DAA)

Register in the Vulnerability Compliance Tracking System (VCTS)

Responded to and comply with IA Vulnerability Alerts (IAVAs)

Developed a work breakdown structure and project plan identifying all activities for all IA projects

Assisted in the successful completion of Security Readiness Reviews (SRRs)

Ensured networks and systems being developed implement DoD baseline IA Controls Ensured networks and systems being developed are based on evaluated COTS and GOTS products per policy

Enforced agreed-upon controls and mitigation strategies

Maintain existing security related documentation and undocumented policies, processes, and procedures and provided gap analysis to create the General Support Systems Security Plan of Action and Milestones.

Conduct security scans using scanning software tools.

Security Assessment

Establish ROE with clients

Create Assessment checklist

Create assessment reports

Conducted and documented scoped and tailored interviews with appropriate SMEs to complete agency specific control values, requirements, and metrics.

Management

Responsible for maintaining UCAPL (Unified Command Approved Products List) for DoD

Project Manager for implementing and test new technologies for the DoD

Provided PM support to project teams and analyzed project and technology performance data to recommend portfolio changes

Professional Profile

Fusion PPT Inc – August 2018 – November 2018 Senior Cyber Security Engineer

Assisted with the transition from C&A or SA&A to A&A;

Assisted with compliance reviews and documentation for new or noncompliant systems including FIPS-199 system categorizations, E-Authentication risk assessments, Privacy Threshold Assessment, Privacy Impact Analysis, and Security Controls Assessments;

Worked with the Federal ISSOs to complete A&A artifacts including System Security Plans, Configuration Management Plans, Business Impact Analysis, Business Continuity Plans, and support the ATO process;

Assisted stakeholders in identifying and evaluating administrative, technical, and operational security risks, threats, weaknesses and vulnerabilities associated with information systems;

Provided support to System, Information, and Data Owners and assist with Security Control integration and incorporation into the SDLC;

Assisted with development of security controls assessment and business continuity testing strategies;

Provided cybersecurity technical advisory services regarding Federal and commercial leading practices, relevant strategic initiatives, and emerging technologies/trends; and

Stay updated on Federal policies, regulations, FISMA compliance and standards, and Cyber Security requirements.

Zermount Inc – July 2017 – May 2018 Senior Information Systems Security Officer

U.S. Library of Congress

Developed a detailed project schedule, including SA&A/SCA task and milestones, task dependencies, and personnel resources

Conducted SA&A activities sand tasks and obtain Authorization to Operate (ATO) in line with NIST and client guidance and directives.

Determined the baseline IT Security requirements for IT Systems, identifying system boundaries, determining information categories, assisting with FIPS-199.

Ensured that IT Systems are operated, used, maintained, and disposed of in accordance with internal security policies and practices.

Enforced security policies and safeguards on all personnel having access to the IT System for which the ISSO has responsibility.

Ensured users and system support personnel have the required authorization and need-to-know; have been indoctrinated; and are familiar with internal security practices before access to the IT System.

Reviewed and generate SA& system documentation as needed.

Selected baseline controls for the IT System using RSA Archer and tailor security controls as appropriate.

Implemented security controls based on IT System FIPS categorization.

Documented security control implementation in the system’s Security Plan using the Library’s Information Assurance (IA) tool (RSA Archer).

Conducted SCA for IT systems, when required.

Documented system’s risk assessment per client directives and requirements.

Developed and document all required artifacts for the SA&A package.

Conducted Contingency Plan Test (CPT) for systems.

Reviewed and monitoring system security and audit logs.

Developed and maintain Plan of Actions and Milestones (POA&Ms) for IT systems.

Updated SA & documentation and artifacts on a regular basis (e.g. annually, after approved change)

MIL Corporation – March 2016 – March 2017 Senior Information Systems Security Officer

U.S. Dept. Of Commerce/International Trade Administration

Managed and write System Security Plans (SSPs) for the creation of ATO packages.

Performed risk analyses to determine and recommends essential safeguards and security best practices.

Proactively mitigated system vulnerabilities and recommended compensating controls.

Wrote policies and procedures per NIST and FedRAMP requirements and guidelines.

Maintained and control system documents and artifacts for ATO using a document repository in SharePoint and CSAM

Provided Cybersecurity and Information Assurance expertise to the. Government client to make precise policies and rules for securing the ITA network.

Reviewed and continuously monitors implemented security controls.

Prepared security authorization packages in accordance with the client contractual requirements.

Developed core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.

Maintained client-specific Plan of Action and Milestones and supports remediation activities.

Interviewed stakeholders for input on policies and procedures.

Consult with internal clients on security topics and policy interpretation.

Create and track POAMs for vulnerabilities for mitigation and remediation of security flaws and findings.

The Computer Merchant, LTD - Feb. 2015 – Oct. 2015 Information Assurance Project Manager

U.S. Consumer Product Safety Commission

Created and wrote security policies and procedures for CPSC according to NIST 800-53 (rev.4) and NIST SP-800-37 and help Implement Security Control based on policies and procedures created to become FISMA compliant based on findings in the IG Audit Report Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures

Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures

Provided technical expertise for all things IT Security Recommend security best practices and system configuration standards.

Consulted with internal clients on security topics and policy interpretation.

Lead security authorization processes and procedures.

Digital Management, Inc. – Dec. 2013 – Dec. 2014 Information Systems Security Officer

DISA Headquarters

Performed Information Assurance Vulnerability Alert (IAVA)applicability analysis

Performed security administration including periodic Security Readiness Review (SRR) Recommend security best practices and system configuration standards.

Consult with internal clients on security topics and policy interpretation.

Lead security authorization processes and procedures.

Create and track POAMs for vulnerabilities for mitigation and remediation of security flaws and findings.

Developed core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc. Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures

Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures

Accenture – Jul. 2013 – Oct. 2013 Information Assurance Engineer

Dept. of Labor

Managed “BigFix” Continuous Monitoring tool implementation in the DOL

Responsible for updating all computer security documentation to reflect the new NIST 800-53 rev. 4

Recommended Security Controls for Federal Information Systems and Organizations.

Implemented security controls for FedRAMP computing rollout for the DOL Developed core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.

Maintained client-specific Plan of Action and Milestones and supports remediation activities.

Interviewed stakeholders for input on policies and procedures.

Consult with internal clients on security topics and policy interpretation.

K Force – Apr. 2013 – Jul 2013 Information Systems Security Officer

NOAA

Hardened Computer Network System Mainframe against attacks or malicious code from insider and outsider threats and vulnerabilities Developed core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.

Maintained client-specific Plan of Action and Milestones and supports remediation activities.

Interviewed stakeholders for input on policies and procedures.

Consult with internal clients on security topics and policy interpretation.

Developed templates for the policy and processes to assure consistent look and feel of all applicable NIST and OMB reference documents, including NIST SP800-53rev4.

Researched, developed, implemented security procedures and policies in accordance with NIST Guidelines

Tested and reviewed information systems to protect information and prevent unauthorized access in accordance with NIST 800-53

Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures

Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures

ActioNet – Jul. 2012 - Oct. 2012 Senior SOC Analyst

Dept. of Energy

Performed network monitoring, analysis and reporting in accordance with the provisions of DoE Regulations

Examined potential security violations, incidents, and malicious activity and attacks to determine if policy has been breached, assessed the impact, and preserves artifacts.

Entered and tracked events and incidents. Supports incident escalation and assesses probable damages, identifies damage control and remediation, and assists in developing courses of action.

Hewlett-Packard – Oct. 2010 – Jun. 2012 Information Assurance Project Manager

Dept. of The Army/ CIO/G6 (Pentagon)

Assisted in multiple areas to include: design and testing of new security design and testing of new security technologies and cross-domain solutions; engineering and design of fixes or patches to systems in order to remain compliant with policies, laws and regulations, and; system administration, security engineering and configuration management and evaluated emerging technologies for indentation into and impact on the Cyber project portfolio.

Technical specialist performing challenging work in support of IT Systems, as well as supervisory and/or leadership responsibilities.

Prometheus Global – Jan. 2010 – August 2010 Cyber Security Specialist

Nuclear Regulatory Commission

Reviewed Cyber Security Plans (CSPs) from nuclear reactor licensees to ensure their plans provide reasonable assurance that digital systems, digital assets, and networks associated with Safety, Security, and Emergency Preparedness (SSEP) functions are protected from cyber-attacks.

Collaborated with the NRC staff to evaluate licensee CSPs and ensure the licensee is compliant with the guidelines of the NRC Regulatory Guide 5.71, NIST 800-53 security controls, and the 10 CFR 73.54 and 10 CFR 73.55 Rules.

Created, documented, and submitted Requests for Additional Information (RAIs) to the licensee to ensure the facility is complying with the commission’s regulations regarding the protection of cyber-attacks as defined by 10 CFR 73.1. Determine whether the responses to the RAIs are in line with these regulations and ensure that the licensees update their CSPs.

Created Safety Evaluation Reports to be issued to the licensee of each nuclear facility being reviewed.

Attended training on instrumentation and control systems, networks, and wireless networks to address emerging cyber security issues and vulnerabilities to protect systems, networks, and digital devices for nuclear facilities.

Department of State – Sept. 2006 – Nov. 2009 IT Specialist (Information Assurance)

Provided planning, installation, configuration, diagnosing, testing, implementation, and recovery of failed systems, the monitoring of the network for cyber incidents and applied IAVA and Gold Disk standards to Dept. of State network

Identified and mitigated security vulnerabilities and risk and maintain server integrity and availability.

Education & Certifications

UMUC, Adelphi, MD,

B.S in Cyber Security, Projected Completion Winter 2018

West Virginia University, Morgantown, WV,

Political Science, 88-92

CompTIA Security+, ITIL Foundation ver. 3 Certification, A+ Certified with Network

Introduction to SCADA Control Systems Cybersecurity Training Course, Information Assurance Security Officer Certification, System Administrator / Network Manager Security Certification (Technical Level 2), Computer Network Defense Certification (Technical Level 3), Information Assurance Manager (IAM) Certification, Microsoft Certified Professional, CISSP and CCSP exams bootcamps.

Contact this candidate