Dr. Richard Allan Tanoh
*** ******* ***** *********** ** 25404
C: 240-***-****
******@*******.***
Security Clearance: Active Interim Top-Secret Security Clearance
Professional Skills Summary:
Dr. Tanoh offers an extremely diversified and experienced skill set applicable to, and managerially supportive of, multiple facets of Department of Defense (DoD) System and Network Engineering capabilities and requirements. He offers over twenty years direct Upper-Echelon Supportive DoD experience inclusive of multiple Network Installation, Network Management, Network Maintenance, System Administrative, Certification and Accreditation (C&A), Risk Management Framework (RMF) process and related tools, Full Qualified US Navy Validation and Project Management efforts and activities; and further holds current MCSE, Security + and CISSP Certifications, Full Qualified US Navy Validation, Security Leadership Certification (GSLC) and Information Cyber Security PhD Degrees.
Education:
PHD-BA Doctor of Philosophy in Business Administration (specialization Computer and Information Security) Northcentral University Arizona AZ 2017
Defense Acquisition University 20011 Fundamental of System Acquisition Management
MSCT, Master of Science in Communication Technology, Strayer University, Alexandria, Virginia, 2006
BS, Computer Networking, Strayer University, Alexandria, Virginia; 2004
AA, Computer Systems, Networks & Hardware Technology Computer Learning Center, Alexandria, VA 1997
Electronic Technology Diploma Computer Learning Center, Alexandria, VA 1995
Professional Certifications:
GIAC Security Leadership (GSLC), Baltimore, MD 2013
Fundamental of System Acquisition Management, Defense Acquisition University 2011
Microsoft Certified Systems Engineer (MCSE) - Current
Certified Information System Security Professional (CISSP) - Current
Security + Certifications – Current
Risk Management CL017 Section 888, Defense Acquisition University 2014
A+ Certifications
Microsoft Certified Professional MCP
Microsoft Certified Professional & Internet MCP+I
Certified Novel Administrator CNA
STIG- Current
DoD DIACAP VIRTUAL TRAINING- Current
Information Assurance Security Officer Certificate course (IASO) - Current
PKI Certificates- Current
Army G3 Computer Security Training – Current
Tivoli Storage Manager 4.2
Tivoli Storage Manager Advanced 4.2
Microsoft Windows 2000 and 2008 security
Microsoft Windows 2000 and 2003 Operation System Optimization and Troubleshooting
Penetration Testing and Ethical Hacking (CEH)
Certified Information Security Manager (CISM)
Chief Information Security Officer (CISO)
CompTIA CASP
Further and Individualized Education and Certification Details Available on Request
Professional Experience:
Senior Principal Information Security Analyst December 2016 -- Present
Information System Security Officer (ISSO) / Navy Validator PMA 234 F/A-18 AEA Systems/EA-6B Program Office & Intrepid Tiger-II Systems
HII-MIS Technical Lead
Mission Driven Innovative Solutions (HII-MIS)
Conveyed inspection results to senior leadership, external stakeholders, and Senior Executive Service personnel through written reports, formal presentations, and teleconferences or video-teleconferences. This made certain that all levels of the chain of command were fully aware of pertinent information that could be utilized to make informed decisions
Appointed as a Senior Principal Information Security Analyst for NAVAIR
Utilize NIST SP800-37, 800-53, DOD RMF, DIACAP, and other IT audit tools to perform risk assessments
Defining and delivering the IT security architecture, framework, roadmap and patterns
Delivering security solution design and engineering, prioritized to reflect the threat and vulnerability landscape
Ensuring all IT solutions are built and implemented to the agreed security architecture, design and solution specification by conducting or overseeing assurance activities
Ensuring effective architecture governance, policy, process and guidance is in place to inform and mandate repeatable, secure IT design and engineering practices
Provide guidance and advocacy regarding prioritization of investment and implementation associated with security strategy
Conduct threat and vulnerability analysis as part of the security design and solution engineering process
Monitor developments in the information security industry including vendor strategies and communicate on the potential impact on or applicability to the organization
Responsible for providing secure design requirements and assessing technology infrastructure implementations for security weaknesses for the data network
Research, recommend and contribute to socializing technology plans and standards
Assurance Support Service (eMASS). In-depth knowledge of NAVAIR IA program and processes for all levels of DIACAP Certification & Accreditation and also Risk Management Framework (RMF)
Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices
Implementation of counter-measures or mitigating controls
Perform all procedures necessary to ensure the safety and protection of information system assets from intentional or inadvertent access or destruction
Identify potential, successful, and unproductive intrusion attempts and
compromises through reviews and analyses of relevant event detail and summary information
Promote awareness of security issues among management and ensuring sound security principles are reflected in organizations’ visions and goals
Ensure information systems security and application security policies and procedures (Security Technical Implementation Guides [STIG], Information Assurance Vulnerability Management [IAVM], and Federal Information Security Management Act (FISMA)) are followed.
Develop/implement system security plans, control implementation, system requirements, test procedures, etc.
Provide security recommendations/remedial actions to the client to ensure IS compliance is met and plan of actions and milestones are defined accordingly.
Conduct information system (IS) security assessments and validations.
Ensure cybersecurity and cybersecurity-enabled software, hardware, and firmware comply with appropriate security configuration guidelines.
.
Senior Principal Information Security Analyst December 2015 -- December 2016
Information System Security Officer (ISSO) / Navy Validator PMA 234 F/A-18 AEA Systems/EA-6B Program Office
Technical Lead
General Dynamic Information Technology (GDIT)/ U.S Government NAVAIR Air Systems Command NAWCAD 7.2.6.2
Conveyed inspection results to senior leadership, external stakeholders, and Senior Executive Service personnel through written reports, formal presentations, and teleconferences or video-teleconferences. This made certain that all levels of the chain of command were fully aware of pertinent information that could be utilized to make informed decisions
Defining and delivering the IT security architecture, framework, roadmap and patterns
Delivering security solution design and engineering, prioritized to reflect the threat and vulnerability landscape
Ensuring all IT solutions are built and implemented to the agreed security architecture, design and solution specification by conducting or overseeing assurance activities
Ensuring effective architecture governance, policy, process and guidance is in place to inform and mandate repeatable, secure IT design and engineering practices
Provide guidance and advocacy regarding prioritization of investment and implementation associated with security strategy
Conduct threat and vulnerability analysis as part of the security design and solution engineering process
Monitor developments in the information security industry including vendor strategies and communicate on the potential impact on or applicability to the organization
Responsible for providing secure design requirements and assessing technology infrastructure implementations for security weaknesses for the data network
Research, recommend and contribute to socializing technology plans and standards
Assurance Support Service (eMASS). In-depth knowledge of NAVAIR IA program and processes for all levels of DIACAP Certification amp; Accreditation
Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices
Implementation of counter-measures or mitigating controls
Perform all procedures necessary to ensure the safety and protection of information system assets from intentional or inadvertent access or destruction
Identify potential, successful, and unproductive intrusion attempts and
compromises through reviews and analyses of relevant event detail and summary information
Promote awareness of security issues among management and ensuring sound security principles are reflected in organizations’ visions and goals
Cyber Security Technical System Matter Expert (SME) July 2014- December 2015
Cyber Security & Assured Compliance Assessment Solution (ACAS)
Support & Cyber Security Portfolio Risk Management Lead
ECS-Federal/ U.S Government PMW-205, Naval Enterprise Networks
The Cyber Security Technical System Matter Expert (SME's) directly supports both the Product Service Owner (PSO) and the Product Service Engineer (PSE) for the services and products associated with the Cyber Security Portfolio.
Support analysis of requirements and traceability to programmatic requirements, alignment with current NGEN design and architecture, impacts to cost and performance, and supporting the derivation of technical requirements in alignment with the customer requirements
Provide analyses and recommendations related to solution approaches for engineering projects, applicability of solution to the sites and systems for which the solution is proposed, and a description of the solution and its attributes
Responsible for Vulnerability Management System (VMS) and Vulnerability Remediation Asset Manager (VRAM)
Developed the Vulnerability Remediation Asset Manager (VRAM), initiative designed to assist PMW 205 in achieving Information Assurance Vulnerability (IAV) compliance
Work with PSOs and PSEs to coordinate design tasks, support service/system technical oversight, schedule development, and participate in the planning and execution of projected reviews and milestones
Support technical reviews and verification that the service provider design, build, and test artifacts can be traced back to original customer/government requirements and constitute adequate proof that that the requirements are being met satisfactorily
Support independent government assessment of the technical risks (including productions and implementation risks) associated with projects/solutions under review
Responsibilities also include close coordination of activities with stakeholder, NETOPS, NAVYCYBERFOR, Service Providers and internal PMW205 organizations
Information Assurance Security Officer (IASO)
May 2012 – July 2014
FTI/ U.S. Government
Armed Forces Medical Examiner System (AFMES)
Perform the duties of the organization Information Assurance Security Officer to include supporting the Information Assurance (IA) compliance of Operating Systems (OS) and applications of unclassified and classified Army Knowledge Online/Defense Knowledge Online (AKO/DKO) systems. Ensure that the Agency has an active program to safeguard information security assets, including assigning security responsibilities, developing security plans, screening users, developing problem reporting systems, planning for disaster contingencies, and reviewing appropriate authorizations for processing of data. Implement and test vendor patches in support of Information Assurance Vulnerability Alert (IAVA) requirements. Conduct Certification and Accreditation (C&A) planning and testing of all new systems. Conduct vulnerability assessment of all systems using Retina Scan and review and validate the vulnerability scan results at the OS and application level, and remediate vulnerabilities when applicable. Develop and maintain the Plan of Action and Milestones (POA&M) for all systems. Support the design, deployment, and maintenance of new and existing security infrastructure capabilities for the organization. Assist in the development and maintenance of the DIACAP packages. Responsible for Certificate of Networthiness (CoN) and Privacy Impact Assessments (PIA) for all applications. Analyze IA security events, including threat model development and resulting security risk analysis of systems
Sr. Network Engineer
December 2011 – May 2012
FTI/ U.S. Government
Armed Forces Medical Examiner System (AFMES)
Planned and scheduled the installation of new or modified equipment in support of the Armed Forces Medical Examiner Systems. Troubleshot and diagnosed servers, network connectivity, and personal computer software and hardware issues. Ensured system availability, functionality, integrity, and efficiency for all installed software and hardware. Implemented security procedures in accordance with established procedures and best practices. Provided end user training on hardware and software functionality. Managed accounts, to include limiting rights and accesses as appropriate. Ensured systems were operated and maintained in accordance with all applicable Departments of the Army (DA), Medical Command (MEDCOM), Armed Forces DNA Identification Laboratory (AFDIL) and DoD security directives and procedures. Performed and managed all data protection and backup efforts utilizing multiple tools and programs, to include ARC Serve Backup
GRSi: Network/PACS/IA Engineer, July 2010 December 2011
Army Medical Department (AMEDD), Technology Assessment Requirements Analysis (TARA) Program.
Mr. Tanoh manages Army Department of Defense (DoD) security for major Picture Archiving and Communication System (PACS), imaging, and teleradiology program initiatives, as well as Information Assurance (IA) requirements for all medical devices. He provides TARA stakeholders information and analysis of emerging technologies. He performs ongoing market surveillance and comprehensive market analysis of medical systems to enable continuous technology refresh and modernization. He evaluates security aspects of equipment sustainment healthcare operations in a deployed environment. Mr. Tanoh works with medical device vendor partners to develop Information Assurance (IA) documentation, coordinate testing activities, and submit to in-theater Delegated Approval Authority (DAA) for accreditation and certification. He coordinates remote access to medical devices with the appropriate Government network personnel and medical equipment vendors. In conjunction with local maintenance and operator personnel, he analyzes the impact on medical devices being maintained through remote diagnostics. He develops strategies for monitoring and improving remote diagnostic capability.
Rollout Systems, LLC, Patuxent River
Naval Air Systems Command (NAVAIR)
October 2009 – July 2010
Senior Security Specialist
Program: Navy Department of Defense NAVAIR 5.4.1
Serving as a Senior Security Specialist in this position, core responsibilities include administration and supervision of a major network system critical to the operational needs of the DoD and USN activities and infrastructure. Additionally, Mr. Tanoh maintains, develops, and manages all aspects of the DoD DIACAP package for said system including identification, remediation, and configuration of vulnerabilities via Gold Disk and Retina tools and other Information Assurance specific ideals and working tools. Additionally, he leads and administrates group and user authorization and authentication for multiple network resources; Develops, leads, and manages all intra-office Certification and Accreditation (C&A) activities; Certifies, leads, and instructs all IA and DIACAP relative efforts within his office and Project Arena; and provides, develops, and delivers all Computer Security and Responsiveness for members of his office and office group activities.
Northrop Grumman
March 2008 – October 2009
Information System Security Officer (ISSO) /Senior Network Administrator
Navy Programs: EA-18, MMA, ICAP, START, AMES
Performed, directed, and enacted multiple site-wide security and control procedures, to insure and provide maximized system and personnel security alignment, on a daily basis in accordance with his duties as an ISSO to include: Worked intricately with multiple Government agencies and divisions to process and ensure documented SECONOP/SSP alignment and security practices; evaluated and proposed changes or additions to all mission associated Information System (IS) and infrastructure additions and changes and further ensured and maintained configuration management control and notation for all IS associated IS systems and system components to include determination and protection of security level and classification to the same. Additionally, Mr. Tanoh was responsible for several measures of user, personnel, and site security control to include assurance of security control measures and clearance determinations for incoming and existing personnel; implementation and review of periodic IS audits and reviews; prepared, authored, and delivered associative System Security Plans (SSPs) and Security Concepts of Operations (SECONOPS) as warranted and required; and performed and managed all data protection and backup efforts utilizing multiple tools and programs to include VERITAS.
Intergraph Corporation
January 2007 – March 2008
Data Development System Administrator (9/2007 – 3/2008)
In this position, Mr. Tanah performed multiple roles and duties to provide optimal service and Information System maintenance and operational activities to include management and determination of multi-faceted Ethernet, Redundant, and Mega Ethernet surfaces, networks, and connections; Management and institution of redundant and system state backups utilizing Net Vault and EMC SAN techniques and software; and preparation and testing of disks and data for multiple applications efforts to include Boot & Root of disk images, virtual CD-ROM management utilizing pServer technology, and led and administered archival activities for Disaster Recovery utilizing Resource Configuration Collector applications and SCSI Disk File System Resource Configuration. Additionally, he performed and implemented user accounts and access control assignation efforts, performed load balancing and balance control configurations, and performed multiple other administrative roles as mission required.
IT Security Consultant - LITMUS Laboratories (1/2007 – 9/2007)
Program: Joint Technical Data Integration (JTDI)
In this consultancy position, Mr. Tanoh managed a team of four personnel leading configuration and security enactment and validation procedures for core and distributed servers critical to associated laboratory efforts. Duties included base and complex server and system configurations, troubleshooting, and maintenance; DISA compliance assurance and implementation for all associated servers and systems; power management and utilization and error log mediation for all associated machines and servers; and timely test and customer support as requested and required.
ARINC
May 2006 – December 2006
Senior Staff Engineer
Program: ICAP 89A 3.0 on EA6B and VX23
In this position, Mr. Tanoh supported ICAP and EA-6B programmatic efforts while assigned as an Engineering Security Team Lead. In support of these efforts he instituted Test and Evaluation support for the Joint Mission Planning Systems (JMPS) and CONUS wide network security support for JMPS and all associated missions. Additionally he conducted and maintained all software updates for all associated MIDS Universal Planning Component (UPC) systems; composed and distributed integral plans to support reduction of DSMU and IMUX data effecting JMPS and PDATS systems; and performed multiple other duties as required.
System Integration Analysis Lead
March 1996 – April 2006
Lockheed Martin
NAVAIR / Patuxent River, MD
Served in a management position supporting both an integral Windows and LINUX structured network and the team of personnel responsible for the network’s maintenance and operation. Daily responsibilities encompassed architectural planning and initiation; configuration, automation, and deployment activities for associated large-scale, globally distributed systems; direct management of Top Tier USN critical servers and hardware in all facets of operations and security assurance; management, planning, and assignation and / or implementation of all associated hardware and software upgrades and installations; and management and joint implementation of supportive Sybase and Oracle administrative and database development issues. Additional duties involved direct operational management of 100+ OOMA Top Tier and Mid-Tier servers and hardware; establishment and implementation of performance metrics procedures to support said servers for trend analysis and troubleshooting efforts; operational control and management of operational backups for multi-tier servers utilizing VERITAS and Tivoli Backup tools and software; management of all relative system logs, user files, security software, and system documentation. Specific major accomplishments achieved included service as key team lead and planner for the installation of mission-critical intranet connectivity between Pentagon and CHIP resources; planned, constructed, and implemented a Live Link and NT 4.0 base server configuration utilizing Cisco supportive infrastructure for load balancing and Oracle 8.15 for database and cooperative support; and the rapid achievement of managerial level familiarity with multiple IT-crucial skills and policies to include: TCP/IP, calculative IP subnetting for multi-subnet networks and infrastructures, Wins Server and Wins Proxy Agent operations, DHCP, DHCP Relay Agent, Preferred Master Browser role enabling from multiple Registry techniques, and multiple other techniques and services
Lockheed Martin Integration System & Solution/LMSI/Catapult/COMPUSA
Naval Air Systems Command (NAVAIR)/ NAVAIR Data Center
March 1996 – April 2006
System Integration Analyst Team Lead (10/2001 – 4/2006)
In this position, Mr. Tanoh served in a management position supporting both an integral network consisting of Windows and LINUX based IT elements, and further the team of personnel supporting said network.
Responsibilities included architecture planning and initiation, configuration, automation, and deployment activities for associated large-scale, globally distributed systems; direct management of Top Tier USN crucial servers and hardware in all facets of operations and security assurance; management, planning, and assignation and / or implementation of all associated hardware and software upgrades and installations; and management and joint implementation of supportive Sybase and Oracle administrative and database development issues.
Perform system administration and maintenance for ~100-server government data center. Manage the Pax River Naval Air Station OOMA Top Tier and Mid-Tier servers and hardware within the NAVAIR 3.8 environment to insure the fleet with the least down time possible. Updating and installing the latest Microsoft operating systems (Windows 2003 Advanced Server) system wide, including up-to-date software patches. Establish and document performance metrics on the OOMA Top Tier servers in order to conduct trend analysis and identify potential performance issues. Work closely with both the Sybase and Oracle Database Administrators to configure the operating system for database performance issues. Act as contact for hardware and software vendors both in maintaining the hardware, updating in support of technical issues as they arise and future needs.
Responsible for installing, configuring and maintaining windows server and workstations, including Web servers, in support of business processing requirement of NAVAIR 3.8. Perform software installation and upgrades to windows operating systems and layered software packages and maintain them in accordance with established policies, procedures and service level agreements. Monitor and tune the systems to achieve optimum level of performance. Ensure windows server/workstation data integrity by evaluating, implementing and managing appropriate software and hardware solutions. Assist other System Administrators with troubleshooting and performance issues.
Responsible for cold backups and daily backups on the OOMA Mid-Tier and Top Tier Server using VERITAS and Tivoli Backups, in the case of any hardware failure. Manage system backups, logs, user files, and security software plus system documentation. This ensures data/media recoverability by implementing a schedule of system backups and database archive operations. Support media management through internal methods and procedures or through offsite storage and retrieval services. Conduct routine hardware and software audits of windows servers/workstations for compliance with established standards, policies, procedures and configuration guidelines.
Software Engineer & IT Technician (3/1996 – 9/2001)
Here Mr. Tanoh served in a variety of software engineering and IT development positions and services, to best support his customers and to comprehensively hone and develop an optimal range of software and IT development skills. Major accomplishments and tasks, in addition to daily customer and system supportive maintenance, upgrades, troubleshooting, and installations included the following: Served as key team lead and planner for the installation of mission-critical intranet connectivity between the Pentagon and CHIP; planned, constructed, and implemented a Live Link and NT 4.0 base server configuration utilizing Cisco supportive infrastructure for load balancing and Oracle 8.15 for database and cooperative support. Additionally, worked with and achieved managerial level familiarity with multiple IT-crucial skills and policies to include: TCP/IP, calculative IP subnetting for multi-subnet networks and infrastructures, Wins Server and Wins Proxy Agent operations, DHCP, DHCP Relay Agent, Preferred Master Browser role enabling from multiple Registry techniques, and multiple other techniques and services.