Security Management
Resume:
U.S. Citizen
Mahmood
("Mo") Morid
LT Nichols Road
Fairfax, VA 22033
Cell
number: 703-***-****
Email:
*******@*****.***
Security Clearance Status
DOD Top Security Clearance (TS)
Department of Homeland Security: Entry on Duty (EOD) Granted 2009
Education
MBA (Masters of Business Administration), Strayer University, Manassas,
VA
BS, Electrical Engineering, Florida International University, Miami, FL
Certifications and Training
Federal IT Security Professional Manager (FITSI) Certification ID: 00617
Project Management Professional Training (PMP) 2009
IT Service Management Foundation Certificate (ITIL)
Summary of Qualifications
. 20+ years of IT experience including network security management in
systems design and development, implementation and support.
Strategically and cost effectively utilize technology in alignment
with corporate goals.
. Experienced Information Assurance expert with expert knowledge of
malware forensics and security requirements. Adept at quantifying
results by creating methodology or adhering to protocols. Experienced
at assessing raw data to identify appropriate means of analysis."
. Experienced at assessing raw data to identify appropriate means of
analysis. Applied the Risk Management and Risk analysis adopted the
NIST 800-30 Special Publication (SP).
. In planning, scoping, execution, and coordination of cyber security
projects. These include projects supporting cyber security for IT
infrastructure and IT- based organizations, resource protection,
security planning, identity management, security information
management systems, Assessment and Authorization (A and A, or C&A),
policy and guidance, system test and evaluations (ST&Es).
. Practiced in clarifying business requirements, performing gap analysis
between goals and existing procedures/skill sets, and designing
process and system improvements to increase productivity and reduce
costs. Recognized project management skills, consistently delivered
complex, large-scale projects on time and within budget. Consistently
improved delivery times and service levels while reducing costs.
. Keen attention to detail and expert in providing interpretive
knowledge of Federal agency IA requirements, policy, and procedures
for information/infrastructure protection.
. Seasoned leadership and competence in planning, organizing, and
executing projects with competing priorities in a fast-paced
environment through close coordination with government clients.
. People-oriented; highly skilled in written and verbal communications
with a diverse group of individuals to resolve complex issues with
clarity and enthusiasm; able to handle difficult and sensitive issues
with diplomacy and objectivity.
. Results-driven team player; eager to take on new challenges with
personal initiative and a keen sense of urgency, diligence, and
enthusiasm.
. Excelled at strategic planning, building high-performance teams,
project management, and implementing best practice methodologies and
continuous improvement programs.
Technical and Communications Skills
. People-oriented; highly skilled in written and verbal communications
with a diverse group of individuals to resolve complex issues with
clarity and enthusiasm; able to handle difficult and sensitive issues
with diplomacy and objectivity
. Operating Systems: Windows NT, 2K, 2K3, XP & Visio
. NIST/IA Policies: FISMA, NIST, FIPS, OMB A-130, TSA1400.3, DHS 4300A
&B
. Information Assurance Tools: ISS (Internet Security System), Retina,
Microsoft Baseline Security Analyzer (MBSA), CSA agent, Nessus
Scanner, Qualys and Bigfix,
Professional Experience
Senior IT Security Administrator
REI Systems, April 2012- Present
Sterling, VA
. As a Senior IT Security support and work closely with the senior
security manager for performing the security requirements and
preparation the documents.
. Deploy network-based IDS for the internal systems for unusual attack
mechanisms and detect any malicious or suspicious traffic.
. Conduct scanning the systems and configure Nessus scan tool of
vulnerability management for the security compliances of the OS and
Netsparker, WebInspect for the software applications.
. Identify security risks, threats and vulnerabilities of networks,
systems, applications and new technology initiatives.
. Responsible for applying FISMA framework and NIST requirements to the
architecture, design, development, evaluation and integration of
systems and networks to maintain system security.
. Assist in the Security Infrastructure Design and analysis. Provide
daily security operational support, including security monitoring,
proactive problem identification, analysis & resolution for an
environment consisting of Linux, Windows Servers and Cisco network
infrastructure.
. Prepare the SSP documents to meet the FedRAMP and NIST requirement of
the specific technical controls for the cloud computing as Saas
(software as a service) and work closely with the AWS (Amazon Web
Services) Cloud Computing technical staff.
. Configure the Orion Network Monitoring tool and work closely with the
vendor's technical staff for system to be able to analyze the metrics
for the better and efficient performance.
. Work closely with the System Administration and Software Development
Teams to keep the systems and applications in security compliance.
Provide security administration of Firewalls, Intrusion Detection
Systems, and Security Monitoring Systems.
. Conduct vulnerability assessments and support the mitigation of any
defined risks and create and maintain documentation in support of
Certification & Accreditation activities for various federal agencies
such as NASA, DOE, DHS, HRSA and USDA.
. Responsible for designing, deploying, and supporting a complete end-to-
end peer review and proposal security posture application designed to
process grants annually. Provide support to ensure that security
controls are part of the System Development Lifecycle.
Advance Technology Services Corporation (ATSC)
McLean, VA
June 2011-April 2012
Principal IT Security Engineer
. Brief Senior Executive Management regarding system documentation,
identified vulnerabilities, and POA&M remediation.
. Brief Senior Executive Management on Information system wavier and
exception packages.
. Support the DHS (Science and Technology) in identifying and meeting
information assurance requirements and provide analytical support for
the development and implementation of information security policies
and procedures.
. Review documents, recommend the mitigations or countermeasures, and
resolve integration issues related to the implementation of new
systems within the existing infrastructure.
. Work closely with development team to ensure application security
standards are being followed and compliant with the DHS policies and
security handbook.
. Conducted several on-site visits to Data Centers and performed
interviews with ISSO's, System Owners, Network Administrator, System
Administrator, etc. to properly assess security controls in-place in
accordance with NIST guidance.
. Configure the Orion Network Monitoring tool and work closely with the
vendor's technical staff for system to be able to analyze the metrics
for the better and efficient performance.
. Participate in technical requirements and work with DHS/S&T BorderNet
Team in integrating IA controls into the final solutions.
. Identify security risks, threats and vulnerabilities of networks,
systems, applications and new technology initiatives.
. Experience working with federal regulations related to information
security (FISMA, Computer security Act, etc.) Manage and perform
auditing functions that follow national, federal and organizational
policy to ensure all DHS (science and Technology) information systems
(to include general support systems and major applications), both
classified and unclassified are in compliance.
. Provide expertise on the coordination, development, improvement and
implementation of the IT security risk management program and on risk
mitigation strategies.
ActioNet INC
May 2010-June 2011
Alexandria, VA
Senior IT Security Engineer
. Worked closely with the internal and external auditors to determine
the degree of compliance with the policies, directives and standards
adopted by an organization.
. Provided the relevant information about information security policies,
directives, standards and procedures to trading partners of the agency
and interact for operational or commercial reasons.
. Reviewed documents for the OS baseline configuration and policies.
Audited the Plan of Action and Milestones (POAM) for security
weaknesses. Interpret data and create reports and dashboards for
senior management.
. Assisted the government with developing a network of public and
private sector organizations capable of providing cost effective,
quality, system and network security assessment and certification
based on unified federal guidelines and procedures.
. Implemented the discovery and security auditing by using the Nmap tool
for raw IP packets and what type of packet filters/firewalls are in
use.
. Supported the Security Exchange Commission (SEC) Operational Data
Center in identifying and meeting information assurance requirements
and provided analytical support for the development, implementation
of information security policies and procedures for patch and
vulnerability
. Audited and implemented procedures for the vulnerability management
process at the OIT Department of the Security Exchange commission
(SEC).
. Created regular reports for the vulnerabilities and path management in
the network systems using Qualys and Bigfix tools.
General Dynamics Information technology (GDIT)
Sep 2008 - May 2010
Arlington, VA
Senior Information Assurance Analyst
. Reviewed and recommended mitigations or countermeasures and resolved
integration issues related to the implementation of new systems.
. Performed Certification & Accreditation (C&A) and conduct C&A
activities in accordance with DHS 4300 Handbooks for the OIT managed
systems.
. As a team lead supported the process framework project for the
implementation and management of controls to ensure that the specific
security objectives of an organization are met.
. Supported the United States Citizenship and Immigration Services
(USCIS) in identifying and meeting Information Assurance requirements
and provided analytical support for the development and implementation
of information security policies and procedures.
. Provide technical support to the DHS (US CIS) Operations & Maintenance
division and users throughout the agency engaged in the development
and implementation of the systems and subsystems required to meet the
transactional processing needs of the US CIS .
. As IT Security team lead interpreted civil and federal government
guidance, including FISMA and NIST security requirements for US CIS.
. Ensured application security standards are being followed by the
development teams and implemented correctly. Also provided
vulnerability mitigation strategies.
. Evaluated new security technology & trends, and recommended ways to
strengthen client information security environment.
. Worked closely with the Project Management Office (PMO) to provide
risks, costs, and schedules for projects and Operations and
Maintenance (O&M). Directly supported the Director of Information
Assurance division in vulnerability release management, incident
response, operational inefficiencies, intelligence analysis and
research, and other areas.
. Provided operational and strategic support to the Department of
Homeland Security (DHS) Control Systems Security Program (CSSP).
SRA International
Sep 2007 - Sep 2008
Fairfax, VA
Senior Information Assurance Analyst
. Integrate with a team of skilled information technology security
professionals demonstrating competence in the application of the
system certification guidelines and procedures.
. Conducted several on-site visits to Data Centers and performed
interviews with ISSO's, System Owners, Network Administrator, System
Administrator, etc. to properly assess security controls in-place in
accordance with NIST guidance,
. Performed Federal Information Security Management Act (FISMA) audit
reviews;
. Developed and reviewed system security plans, plan of actions and
milestones (POA&M), security control implementation, configuration
management plans, contingency planning, incident response plans, and
the security policy, vulnerability scans at the Veteran Affairs (VA)
Department.
. Supported security architects in developing existing and future
systems architecture artifacts.
. Performed design and system analysis, requirements definitions,
interface and data architectures, lifecycle cost estimation, and
governance.
. At the Veteran Benefit Affairs (department) of the OIT office,
prepared, developed, the documents that provide information in respect
to reducing the risk for the critical infrastructure systems and IT
resources from cyber and other threats.
U.S. Department of Agriculture
Feb 2005 - Sep 2007
Washington, DC
Information Security Specialist
. Assessed the benefits, risks, and risk-adjusted life-cycle costs of
alternative solutions and established realistic cost, schedule, and
performance goals for the selected alternative before either
proceeding to full acquisition of the capital project (investment) or
useful segment or terminating the investment.
. Responsible for the strategic development and implementation of cost-
effective training and support solutions that are designed to provide
improved productivity, streamlined operations, and faster access to
critical information.
. Lead the team and worked closely with the contractor development and
staging group in the application and the new emerging information
security concepts, principles, trends, technologies, and practices in
the development and application of infrastructure control system
security policies and practices.
. As a technical expert advised, provided recommendations, mitigated the
risks and assessment activities to improve cyber security in critical
infrastructures at the USDA OIG office.
. Implemented Cisco Security Agent software tool (CSA) as proactive
intrusion detection for OIG office and ensured all systems and servers
had appropriate system patches installed.
. Performed audits of critical information systems such as mail servers,
web servers and host applications and established mechanisms for risk
review and mitigation.
. Coordinated with the client with technical understanding of systems
and applications to ensure the C&A packages were completed on time.
. Worked closely with the USDA OCIO Security team and the OIG director
to deploy network vulnerability and scanning for identifying patching
and vulnerability assessment across the servers, desktops, Operating
System, firewall, switches and routers by using ISS (Internet Security
System) tool.
. Deployed and configured Access Control agents for UNIX and Windows
platform.
US Small Business Administration
Jun 1999 - Feb 2005
Washington, DC
IT Security Specialist
. I was the liaison between the OCIO and the CFO offices for complying
with Federal Credit Reform Act and FSIO's Core Financial System as
well as FISMA and FISCAM requirements for loan accounting.
. Recommended strategies and tools to enhance OCFO LAN security;
evaluated proposed changes to information data processing systems
arising from changes in requirements, vendor software, and/or hardware
upgrades; reviewed agency policy compatibility, conversion of
implementation costs, and impact on existing equipment configuration.
. Ensured test and evaluation activities were conducted, documented the
results and updated the system documentation and Plan of Action and
Milestone (POA&M) to reflect these activities.
. Provided a plan to the government for approval to support IA related
programmatic, analysis, test and evaluation activities necessary to
support full Information Assurance (IA) accreditation.
. Implemented and managed the overall enterprise processes for technical
and physical risk management-associated architecture.
. Developed and wrote policies, standards and guidelines related to
personnel, facilities, and data security.
. Evaluated suspected security breaches and recommended corrective
action.
Contact this candidate