Reginald M. Opara
Dorsey Lane Upper Marlboro
Information System Security Officer Clearance Level: Top Secret
Education: MS Cybersecurity (UMUC 2012) Certification: Security + CE
Risk Management Implementation (5 yrs)
Enterprise Mission Assurance (5 yrs)
Information Assurance (7 yrs)
Client Interfacing (15 yrs)
Cybersecurity Engineering (3 yrs)
Government Contract Support (15 yrs)
Systems Administration (10yrs)
SUMMARY OF SKILLS, TOOLS, AND TECHNOLOGIES:
Cybersecurity: NESSUS Scanner (2 yrs), RSA Security Console (5 yrs), Autoberry Scan (5 yrs), eMASS (5yrs), Risk Vision (1 yr) Remote Wipe (7 yrs), RMF (5 yrs), SharePoint (5 yrs),
Software/COTS: Remedy (10 yrs), Service Now (2 yrs),
ManTech International Corporation Inc. 11/2018 – Present
Herndon, VA (FBI Contract)
Information System Security Officer (ISSO)
Assist system owners to obtain authority to operate (ATO) for their systems and ensure that current ATOs are maintained and monitored
Perform weekly audit review of all systems assigned to me, checking for threats and anomalies.
Develop and maintain weekly audit tracking logs that document any anomalies observed in the audit review
Ensure that systems assigned to me meet both NIST 800-53A and FISMA policy guidelines and reporting requirements for federal information systems.
Maintain and update FISMA documents like Configuration Management Plan (CMP), Information Security Contingency Plan (ISCP), Incident Response Plan (IRP), Privileged User Training, System Security Plan (SSP) Plan of Action and Milestones (POA&Ms) that document and tract reported system vulnerabilities and mitigation plans in the Risk Vision database
Document and implement security controls for the associated control families that need to be satisfied before ATO is granted or renewed
Working with system owners, Information System Security Managers, representatives and engineers in a team environment
Attending daily/weekly meetings and briefing system owners, managers, and other stake holders on the status of the systems assigned to me
Twenty Second Century Technologies Inc. 4/2018 – 10/2018
Mclean, VA (Navy Contract)
(Echelon II Information Security Systems Officer)
Reviewed, Department of the Navy RMF packages before submission to the Authorizing Officer for Authority to Operate consideration.
Ensured that RMF Step 1 Categorization of systems were properly documented in the Categorization Form.
Guided program office personnel (PMs, ISOs, ISSEs ISSOs, Validators and others) on requirements to submit a package for accreditation, authority to operate (ATO) issuance from the authorizing office (AO).
Frequently checked the Enterprise Mission Assurance Support Service (eMASS) to update artifacts and monitored assigned systems for expiring or expired ATOs. Documented and communicated ATO status to system owners and stake holders.
Reviewed package artifacts, like Configuration Management Plan (CMP), Information Security Contingency Plan (ISCP) accreditation boundary diagrams, hardware/software lists, system level control monitoring (SLCM), assess and authorize documents, risk assessment reports (RAR), implementation plans, continuity of operation plan and other relevant documents needed for accreditation or ATO.
Reviewed Memorandum for Record submissions for system, hardware or software upgrade.
Attending weekly meetings with senior departmental heads including the Chief Information Officer and the Deputy Chief Information officer.
Preparing and presenting weekly Focus Charts (PowerPoint) that highlight last week’s accomplishments, current tasks and future planned goals.
Holding collaboration meetings with program managers, ISSMs, ISOs, and other key players when the package is ready for the next stage of the RMF process.
Part of incident response team that investigated one of the labs that was flagged for several cybersecurity violations.
Booz Allen Hamilton, Inc., Associate/Lead Cybersecurity Engineer 7/2016 – 4/2018
(ISSO, Defense Information Systems Agency Contract)
Provided Cyber security support for three national security programs that support the war fighters.
Analyzed and documented cybersecurity issues for the systems ensuring that they are compliant as stipulated in NIST 800-53A.
Validated the systems security controls ensuring that the vulnerabilities were mitigated on timely manner.
Accessed the team’s Enterprise mission Assurance Support Service (eMASS) database focusing on noncompliant control families and ensured that they are addressed.
Develop Plan of Action Milestones (POAMs) for
vulnerabilities that could not be quickly mitigated. Provided course of action justification, dates and plans to mitigate the vulnerabilities.
Liaising with subject matter experts and other cybersecurity engineers to resolved identified problems.
Ensured that programs supported (Army, Navy and Airforce) have up to dated authority to operate (ATOs) with DISA and inform the points of contact when the ATOs are nearing expiration. Tracked and uploaded current ATOs to the team’s SharePoint portal.
Reviewed, evaluated and updated old artifacts and documents and uploaded them in eMASS.
Developed supporting documents like System Security Plan (SSP), Hardware-Software asset lists and other relevant documents required for reaccreditation purposes.
Prepared and submitted RMF packages for accreditation or reaccreditation through eMASS, ensure that such packages meet the conditions stipulated by the Authorizing Officer (AO) and follow up with the AO’s office to ensure that the system’s ATOs do not expire before they are reaccredited.
Our team acknowledged by the government program leadership for receiving AO’s reaccreditation before ATO expiration
Systems Technologies Inc.
Lorton, VA (Army Contract)
IA/Cyber security Analyst
(Army Contract) Aug. 2015 – Dec 2015
Performed assessment of security controls based on NIST guidelines NIST SP 800-53, “Recommended Security Controls for Federal Information Systems” and NIST SP 800-30, “Risk Management Guide for Information Technology Systems”.
Conducted network vulnerability assessments using SIEM tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
Performed system vulnerabilities scans using NESUS tool.
Developed and documented vulnerability reports for senior management
Ensured log files and audits are maintained and reviewed for all systems and that authentication (for example, password) policies are audited for compliance.
Prepared, distributed, and maintained plans, instructions, and SOPs concerning system security.
Maintained current software licenses and ensure security related documentation is current and accessible to properly authorized individuals.
Reported security violations and incidents to the servicing RCERT in accordance with defined Incident and Intrusion Reporting requirements.
Prepared the system to be operated, upgraded, and sustained securely after fielding.
(Executive Office of the President Contract)
Dec 2012 - Jul 2015
Ensured that all agency staff travelling abroad complete the Cybersecurity Foreign Trip Form prior to their trip.
In keeping with the agency’ information assurance policy, performed scans of all mobile devices to be used abroad using the Autoberry Scan running from a local host.
I performed cyber security duties like using the Remote Wipe tool to wipe organizational data and disable stolen or lost mobile devices (laptops, blackberries and smartphones).
Performed Active Directory duties – create, re-enable and delete user accounts.
Added users and computers to Organizational Groups, add and remove objects from groups.
Ran and updated group policies on workstations.
Administered the agency’s RSA Security Console to ensure a two-factor authentication.
Unlocked SECURID RSA Token accounts for end users according to the agency’s information security policies and procedures.
Applied IT security principles, methods, and tools, evaluating and defining IT security requirements and maintaining IT systems security documentation.
Member of the special implementation team that successfully rolled out the secured mobile workstation (SMW) for the presidency in 2013. The received a letter of appreciation from the president’s chief of staff
Senior Analyst Support Feb 2009 - 2/2012
(US Nuclear Regulatory Commission Contract, Rockville, MD)
Developed security report on infrastructure systems vulnerable to threats and attacks by viruses and other threat factors.
Provided Information Security Awareness training to end users that focus on computer and network security.
Revoked and renewed users’ PKI (Public Key Infrastructure) certificates so they can connect remotely via the Internet to the NRC network.
Assisted work from anywhere (mobile computing) users who connect remotely from their homes or overseas to the network taking into consideration the security implications.
Performed user awareness and computer usage training with emphasis on computer security.
Updated workstations with security patches and ensuring they have updated virus definition files.
Implemented and supported the Microsoft Office 2007 agency wide rollout.
Supported and implemented the Novell Servers decommissioning and migration to Windows servers.
Briefed senior agency management on IT security issues that affect the enterprise platform.
Supervised and mentored newly hired IT support technicians at the help desk.
Configured, the “Work From Anywhere” (mobile computing) laptops used by the agency for remote connectivity to the enterprise network Installed Microsoft products on network computers and provided technical assistance for the user community.
Assisted in troubleshooting remote login connectivity for senior presidential staff and other customers logging in from home and other remote locations via connect.eop.gov.
Provided day-to-day leadership and focused management necessary to ensure timely access for blackberry users on the Blackberry Administration Service (BAS).
Recognized by the NRC senior management for excellent customer service for going beyond the call of duty to support the agency during 2010 snow storm. I volunteered to remain in the office during the storm to support the user community
(USPTO Contract, Alexandria, VA)
Dec 2006 – Feb 2009
Provided computer technical support to customers across the agency by listening attentively and effectively diagnosing and resolving customers IT related problems.
Assisted with clients’ network access, resetting user password after asking security questions installed agency approved and tested software to customers’ desktops.
Performed daily IT support functions conscientiously with attention to details and using sound judgment to make recommendations and ensuring high customer satisfaction.
Communicated and interacted with other IT departments, internal units, other external agencies, and the general public in answering IT related questions, providing useful information about products and services, and providing solutions to meet and exceed their expectations.
Disabled and wiped Blackberry devices reported lost or stolen.
Successful rollout of MS Office to the agency’s hotel room computers. This was a project that involved long hours of work.