Engineer Security
Resume:
Sr. Information Security & Network Infrastructure Engineer
********@*****.***
Mr. Tatum has extensive experience DoD Information Technology Security
Certification and Accreditation Process (DITSCAP) and the DoD Information
Assurance Certification and Accreditation Process (DIACAP) in accordance
with DISA, DoDI 5200.40, DoDI 8500.2 and applicable directives. His
experience in DoD Defense Information Systems Agency DISA, DoD
Instructions, and National Institute of Standards and Technology (NIST) and
Federal Information Security Management Act of 2002 (FISMA) security
standards coupled with his in-depth knowledge in Cisco network
infrastructure engineering makes him and excellent candidate for
implementing information security in any complex networking environment.
This Cisco technical experience enables him to provide guidance in defense-
in-dept concepts as well as learning new information systems for the
purpose of operating, securing and applying new security assessment
techniques. Mr. Tatum has lead and implemented vulnerability assessments on
various complex enterprise networks as well as provides security guidance
resulting in the enhancement of system and network security posture.
Key Strengths
Provide Network Security Active (Top Secret) Implementing Department of
Guidance and Clearance Defense Information
Defense-in-Depth Assurance Certification
Strategies and Accreditation Process
(DIACAP)
Implementing Certification Network Infrastructure Vulnerability Assessment
and Accreditation Cisco Engineer
Education
Information Security Training
Comp TIA Security + Certification Course / Red Seal Network Advisor
training / Red Seal Vulnerability Advisor training / Retina Vulnerability
Scanner training / DISA Gold Disk training / CISSP Boot Camp Course /
Internet Security Scanner (ISS) (Vulnerability Scanner) course / System
Scanner (server vulnerability scanner) course / Database Scanner
(database vulnerability scanner) course / AppDetective (database
vulnerability scanner) course / DISA SRR Scripts course / Understanding
DISA STIG's course / DITSCAP Boot Camp /
Information Technology Training
Building Cisco Multi-Layer Switched Networks / Cisco Internetwork
Troubleshooting / OSPF Configuration / BGP Advanced Configuration /
Telecommunications Wide Area Networking / Troubleshooting
Telecommunications / Wide Area Networking / Computer Electronic
Technician Course / Advanced Cisco Router Configuration / Introduction to
Bridges Routers and Switches / Introduction to Cisco Configuration /
Installation and Maintenance Cisco Routers / Check Point NG Firewall
Course / SourceFire 3D System
Certifications
CompTIA Security + Certified
Professional Experience
EXPERIENCE: Information Security
Cyber Security Research and Solutions Corporation ? La Plata, MD
Sr. Security Engineer (Fort Meade) Jan 2012 - Present
Key Contributions:
. Perform security evaluation on the RedSeal product.
. Performed product test and evaluation on the RedSeal product.
. Develop test procedures for RedSeal to confirm product functionality .
. Provide the RedSeal Networks staff members an understanding of the
necessity to integrate DISA STIG requirements into their product.
. Provide guidance to DISA DECC network engineer personnel on how to
properly implement the red seal product within DISA's live network
environment.
. Provided information technology and information security technical
insight and guidance to the DISA client.
Professional Solutions, Arlington, VA
Vulnerability Analyst/ Remediator Professional Solutions July 2011 - Jan 2012
Key Contributions:
. Validate existing security mechanisms, implicitly verify adherence to
organizational policies such as password protection policies, discover
critical vulnerabilities, and determine the effectiveness of the
Computer Network Defense (CND) services being provided.
. Implementing Security Assessments on a regular basis for every DoD
Component and CNDSP.
. Regularly review security IA policies and practices.
. Analyze performance-based assessments to current policies and
practices with recommendations and fixes to increase the IA posture of
the DoD GiG.
. Evaluate and resolve findings within DoD Components IT/IA
configuration control processes.
. Ensure that system/network configurations are meeting the policies and
procedures.
. Harden Components Networks and ensure that CNDSP's services are
effective.
. Document systemic issues within the DoD GiG.
. Locate network design issues with routers, firewalls, system auditing,
intrusion detection alignment, and other aspects of CND services to
include Protect, Detect, Respond, and Sustainment.
. Research, analyze and assess vulnerabilities to determine the
potential impact to the DoD Networks and Information Systems.
. Determine and direct appropriate actions to remediate, mitigate, POA&M
vulnerabilities affecting DODIN systems.
. Communicate with vendors to determine their level of insight and
guidance to address identified vulnerabilities within their products
to ensure IT systems are adequately protected.
. Apply fixes to the targeted system to remove vulnerabilities. Any
vulnerability that cannot be fixed at this time will be mitigated or
POA&M'd. Remediators will continue efforts to:
< Research, analyze and assess vulnerabilities to determine the
potential impact.
< Develop and apply mitigation strategies when justified. Develop
POA&Ms.
Superior Technical Resources Inc., Andrews Air Force Base and Quantico
Marine Base
Information Assurance Specialist (7 Month Project)
Dec
2010 - June 2011
Key Contributions:
Client: United States Air Force Office of Special Investigations (AFOSI)
. My duties included analyze Information Assurance-related issues and
provide engineering, technical, and management solutions. I enabled
the integration of information assurance solutions and technologies
which helped streamline efforts to secure servers, PCs, and network
systems. I customized a Certification and Accreditation process in an
effort to compliment the Air Force Office of Special Investigation's
Defense Base Closure and Realignment Commission (BRAC) objectives.
. Using the DODI 8500.2 and various DISA STIGs, I analyzed and provided
guidance on security requirements for operational systems as well as
systems under development. As issues surface I, developed, engineer,
and implement solutions that meet established security requirements.
. I performed vulnerability and risk analyses of all AFOSI information
systems and applications, during all phases of the system development
life cycle. Implement the DITSCAP, FISMA, DISA STIGS, NIST and DIACAP
process and IA controls. I also conduct weekly vulnerability scans of
NIPRNET, SIPRNET and JWICs networks and identify vulnerabilities and
the mitigation process at Andrews AF Base and Quantico Marine Base.
. Developed security assessment process to streamline efforts of
building new servers, having them thoroughly security assessed then
approving these systems to be moved to the Quantico Marine Base. This
process also incorporated performing a security assessment of all
AFOSI information systems during the Defense Base Closure and
Realignment Commission (BRAC).
. Developed a Vulnerability Matrix to track and report all findings
detected by vulnerability assessment tools. Developed a process for
updating the Vulnerability Matrix in support of the BRAC. Train
permanent contractors within the IA Team to use eEye Digital Retina,
DISA Production Gold Disks and Certification and Accreditation
process.
SRA International, Inc., Arlington, VA
Sr. Information Security Engineer
June 2008 - Dec 2010
Key Contributions:
Using my background in DoD Defense Information Systems Agency DISA, DoD
Instructions, and National Institute of Standards and Technology (NIST)
and Federal Information Security Management Act of 2002 (FISMA) security
standards coupled with my network infrastructure engineering experience I
provide information security and information technology support for
multiple SRA International, Inc. client organizations and government
agencies.
SRA Client: National Institutes of Health (NIH)
. Assist implementing Compliance Monitoring for the National Institutes
of Health's DSS and FLEAR system by conducting system security status
assessment. I also supported the development of IA policy and
procedures. Provided security documentation support by acquiring IA
Security Control compliance statements for the DSS and FLEAR system
then documenting the IA system compliance within the NIH's NCAT
system.
SRA Client: Joint Chiefs of Staff (Pentagon)
. As the Sr. Information Security Engineer on the Joint Chiefs of Staff
project I designed and provided guidance on implementing Certification
and Accreditation process customized to the unique needs of the Joint
Chiefs of Staff's NIPRNet and SIPRNet networking environment to
properly secure their information systems in accordance with DoD
Defense Information Systems Agency (DISA), DoD Instructions, and
National Institute of Standards and Technology (NIST) security
standards. The Objective of my support was to prepare the client for
their January 11th, 2010 DISA security audit. Upon the conclusion of
DISA's one week security assessment of the Joint Chiefs of Staff
networking environments DISA reported a 98% passing score.
. I provided recommendations and guidance to integrate and provide
operational structure to the client's automated security scans being
performed by two separate security teams in an effort to maximize the
quality of service to the client. I consistently provided extensive
enterprise security expertise in the operational environment
supporting and helping to develop and streamline an IT vulnerability
management program for the client organization.
. Provided weekly recommendations and guidance in chaotic situations to
address security issues and obstacles that would threaten the success
of preparing the client's for the DISA security audit.
Additional support included:
< Provide guidance for implementing vulnerability management
detected on Information Technology systems.
< Assessing the client's current network infrastructure to
identify key risks areas and ensure adequate level of
security controls is in place to address those risks.
< Performing vulnerability scanning on information systems to
validate protection has been put in place on all information
systems.
< Provide solutions to reduce security risks to information
systems.
< Provided guidance in the development of vulnerability
remediation plans.
< Provided recommendations and guidance for reporting
information system security posture.
< Perform vulnerability scans in accordance with customer
directives; review the accuracy of reporting data and
incorporate vulnerability scan data into reports.
< Conduct analysis of vulnerability scan data.
SRA Client: U.S. Securities and Exchange Commission
. Developed a Continuous Monitoring program in accordance with the NIST
SP800-37 publication for the U.S. Securities and Exchange Commission
government agency. Upon completion of the SEC Continuous Monitoring
program I provided guidance for its implementation.
SRA Client: Department of Defense Civilian Personnel Management Service
. Provided security guidance to enhance the security posture of the
Department of Defense Civilian Personnel Management Service's
Enterprise Staffing Solution (ESS). Played the lead roll in ensuring
the ESS system is properly evaluated against the Department of Defense
Information Assurance Certification and Accreditation Process (DIACAP)
in pursuit of an authority to operate (ATO). Provided information
security guidance in securing the SRA-CPMS Enclave within the SRA
network infrastructure.
. Provided DoD security guidance to CPMS to enable secure communication
to a commercial organization via the Non-Secure Internet Protocol
Router Network (NIPRNET).
. Perform a security assessment of the SRA network infrastructure using
various vulnerability scanners. Evaluated discovered security findings
and provided guidance for bringing information technology systems to
NIST security compliance.
. Performed research analysis on information technology systems via the
internet needed for upgrading and securing SRA network infrastructure.
. Provided real world security experience in the development of SRA's
SAFE 201 course.
Security Associates Corporation,
Information Security Consultant Dec 2007 - June 2008
Key Contributions:
. Implemented DoD Information Technology Security Certification and
Accreditation Process (DITSCAP) in accordance with DISA, DoDI 5200.40,
DoDI 8500.2 and applicable directives. Performed on-site Information
Assurance vulnerability scans and remote assessments on various naval
computer systems and network devices. Performed assessments using DoD
approved vulnerability assessment tools. Provide technical guidance to
enhance the security posture of the Navy's Third Fleet systems.
Provided wireless security guidance to Cryptek Inc. (client of
Security A.C.) based upon DISA security standards.
Apptis Inc., Arlington, VA
Sr. Infrastructure Information Systems Security Officer Feb. 2007 - Dec. 2007
(ISSO) (Secret Clearance)
Key Contributions:
. As an ISSO I'm responsible for providing network security guidance for
all systems within the Transportation Security Administration (TSA)
network including the network infrastructure itself. This is
accomplished by enforcing security requirements in accordance to
Department of Homeland Security (DHS), National Institute of Standards
and Technology (NIST) and Federal Information Security Management Act
of 2002 (FISMA) security standards. Perform security walk through of
TSA controlled areas of over 400 airports to ensure all physical
security standards are exercised.
. Evaluate new technology to ensure the integrated security controls
meet the necessary security requirements observed by the NIAP Common
Criteria Evaluation and Validation Scheme for IT Security (CCEVS).
Use the Internet to research new technology to acquire in-depth
understanding of the technology for possible integration to the TSA
network infrastructure. Provide technical guidance to ensure new
technology is properly integrated to the designed of the TSA network
infrastructure and fulfills the intended design objective of the
product.
. Provide Defense-in-Depth strategies to enhance the security posture of
the TSA networking environment. Evaluate Information Assurance
vulnerability assessment scan results from multiple airports Local
Area Networks (LAN) within the TSA network intranet. Review and
provide technical and security guidance for system
vulnerabilities/findings detected on TSA systems and network devices.
Assist in the development of the Certification and Accreditation
packages for various TSA systems. Brief the Designated Approving
Authority of the security posture of the overall TSA network.
Network Security Systems Plus, LLC,
Sr. Network Infrastructure Security Engineer (Secret Jan 2003 - Feb 2007
Clearance)
Key Contributions:
. Responsible for performing DoD Information Technology Security
Certification and Accreditation Process (DITSCAP) in accordance with
DoDI 5200.40, DoDI 8500.2 and applicable directives. Performed on-site
and remote Information
Assurance vulnerability assessment scans on multiple Network
Infrastructures and Systems using various vulnerability assessment
tools. Provide technical guidance to enhance and maintain the security
posture of all DoD TRICARE Management Activity (TMA) Contractor's
Automated Information Systems and Network Infrastructure security
posture in accordance to DoD Defense Information Systems Agency DISA
security standards.
. Provided reports from assessment tools indicating the vulnerabilities
determined from the scans along with recommended resolutions.
Responsible for the certification of multiple system platforms and
networks infrastructures in compliance with DoDI 5200.40, DoDI 8500.2,
and other applicable directives.
. TMA Lead Engineer - As a member of a TRICARE Management Activity (TMA)
Team I was responsible for leading the DITSCAP engineering effort in
the Information Assurance security assessment of all Department of
Defense (DoD) TMA contractors pursuing an Authority To Operate (ATO)
from the DoD TMA Designated Approving Authority (DAA). Establish a
Certification and Accreditation Boundary by identifying and
documenting system platforms and network infrastructure devices that
process, store, transmit, connect, or manipulate Department of Defense
(DoD) Sensitive Information (SI). Determine what vulnerability
assessment tools to be used to assess the TMA contractor undergoing
the DITSCAP.
. TMA South Regional Sr. Lead Engineer - Managed all TMA South Regional
Engineers on the TMA project ensuring proper execution of DITSCAP.
Interface with TMA contractor and TMA engineer personnel to address
Information Assurance security issues.
. TMA Regional Support Group (RSG) Sr. Engineer - Provide DITSCAP
engineering support to TMA North, South, and West Regions. Providing
engineering support for vulnerability assessment tools, Certification
and Accreditation Boundary issues. Providing DITSCAP guidance and
recommendations to TMA Management, TMA engineers and TMA contractors
in accordance DoD security standards. Ensure DoD TMA contractors are
granted an Authority to Operate (ATO) Certification and Accreditation
by adhering to the guidelines of the DoD Defense Information Systems
Agency (DISA) Security Technical Implementation Guides (STIG).
. Lead the DITSCAP Engineering effort resulting in the following TMA
contractors awarded an Authority to Operate Certification and
Accreditation by the DoD TMA Designated Approving Authority (DAA):
. TRICARE Management Activity Contractors granted the Authority to
Operate (ATO)
V Brighton Marine Health Centre
V Health Net Federal Services
V Pacific Medical Centers
V Wisconsin Physicians Service
. Execute Certification and Accreditation (C&A) Plans against a
negotiated timeline. Assist the TMA Certification Authority (CA) and
Designated Approving Authority (DAA) in defining all applicable
Information Assurance and security requirements in compliance with all
applicable DoD polices, directives, and guidance.
. Review security design documents (SDDs) identifying the information
technology in place to customize the Information Assurance assessment
scan. Conduct Periodic Review of accredited applications, systems, or
networks to ensure configuration stability and continued compliance
with DoD Defense Information Systems Agency (DISA) Security Technical
Implementation Guides (STIG) security requirements.
. Conduct Physical Security Assessments in compliance with DoD policy,
directives, and guidance. Conduct Ports and Protocol audits in
compliance with DoD policy, directives, and guidance. Conduct Test of
Readiness Reviews validating schedule and readiness for manual and
automated scanning of computing environment components.
. Implemented and Designed an Information Assurance Test and Training
Lab consisting of two 3750 layer three Cisco switches, five 2950 Cisco
switches, one 2800 Cisco router, and one PIX 515E Cisco firewall.
Installed and configured lab infrastructure to support two T1
connections and one DSL. Prepare comprehensive Risk Assessment Reports
to support interim accreditation and Accreditation Reports to support
full accreditations.
EXPERIENCE: Information Technology
The Centech Group,
Network Infrastructure Engineer (Secret Clearance) Jun 1999 - Jan 2003
Key Contributions:
The Centech Group Client: USAID
. Working for The Centech Group on the USAID project (Government
contract). Providing Telecom and Network Management support within
the USAID WAN.
Maintain a complex Cisco switched LAN, consisting of two 6509 layer
three switches and sixty one 6000 switches, twelve 2950 switches, and
twenty seven 3750 layer thee switches.
. Provide network solutions for Bureaus within the USAID LAN (within the
Ronald Reagan Building) to accommodate special networking needs.
. Upgrade Cisco Router and Switch Software Release and IOS for optimal
network performance.
. Utilized Cisco Works 2000 and Netsys to manage Cisco devices
Provide Wide Area Network design recommendation to improve Intranet
network performance and enable future network growth.
. Maintain and troubleshoot Cisco Routers and Switches. Configured USAID
Switches and Routers to support IP, OSPF, BGP, IP, IGRP, EIGRP, ISL,
HSRP, Spanning-Tree, PPP, DDR, ISDN, and Frame-Relay.
Boeing Information Services
Network Infrastructure Engineer Jun 1997 to Jun 1999
Key Contributions:
Boeing Client: RCAS project
Working for Boeing Information Services on the RCAS project (Government
contract). Providing Network engineering support for the U.S. ARMY
NATIONAL GUARD and U.S. ARMY RESERVE Wide Area Network.
. Duties included upgrading maintaining, Cisco routers.
. Redesigning the WAN to support network growth for future technologies.
. Redesigning the WAN to increase data through put and Internet access.
. Configured Cisco routers to support Dial on Demand, PPP, Frame Relay,
ATM, IP, RIP, IGRP, EIGRP, BGP,and OSPF.
. Install /Troubleshoot Wire Hubs/Network Cable 10Base-2, 10Base-T.
. Test and customize new technology to be introduced to the Customer's WAN.
. Establish new business opportunities for the company.
. Diagnose and test network designs using Cisco's Netsys and Cisco Works.
GTE,
Field Network Infrastructure Engineer May 1996 - Jun 1997
Key Contributions:
RCAS project
. Contracted to Boeing Information Services on the RCAS project (Government
contract). Boeing provided network support for the U.S. ARMY NATIONAL
GUARD and U.S. ARMY RESERVE Wide Area Network. I was part of Network
Control Center maintaining over 6000 Cisco routers.
. Managed over 6,000 Cisco Routers on a 55,000 user Wide Area Network
. Managed Cisco 1000, 2500, 4000, and 7000 series router with IOS software
version 10.x, 11.x
. Utilized HP Open View to monitor all Cisco Routers and Windows NT
servers.
. Maintained, Troubleshoot, Install, Customize and Configure all Cisco
Routers remotely or by direct connections.
. Configured Cisco routers to support PPP, Frame Relay, ATM, IP, RIP, IGRP,
EIGRP, BGP,and OSPF.
. Maintained Wide Area Network graphical presentation on HP Open View's IP
map.
. Network Control Center Lead.
InterAmerica,
NetWare Engineer Jan 1996 - May 1996
Key Contributions:
. Maintain NetWare Server(s) in Various Congressman and Committee Offices
at the CAPITOL BUILDING, U.S. HOUSE OF REPRESENETIVES and its Annexes.
. Install, Configure, Troubleshoot Cisco routers.
. Maintain/Troubleshoot Network Servers Using Novell NetWare Operation
Systems.
. Install, Configure and Troubleshoot NetWare Servers and Workstation
Clients.
. Install, Configure and Troubleshoot MS Windows For Work Groups.
. Maintained Internet access. Implement Memory Management.
. Install /Troubleshoot Wire Hubs/NetWork Cards/NetWork Cable 10Base-2,
10Base-T.
HardWare and Software Installation, Configuration and Upgrade.
U.S. Navy, Long Beach, CA
Operations Specialist (Secret Clearance) July 1990 - July 1994
Key Contributions:
. Operate Ship's Wide Area NetWork (WAN) Using Naval Tactical Data System
(NTDS)
. Supervised Data Communications
. Troubleshoot/Maintenance Electronics Systems
. Supervised 10 Member Workgroup
. Managed Intelligence Information Over the Network
References Available Upon Request
Contact this candidate