Security Management
Resume:
B. Aaron Baillio
***** ********* ***, *** *******, Tx 78261
Phone: 443-***-****
E-mail: *****.*******@*****.***
Education
Masters of Science - Oklahoma State University (05/2005)
Database development and data mining for business solutions
Developed web integrated database for faculty tracking use in the OSU Graduate
College
Bachelors of Science - Brigham Young University (07/2003)
Emphasis in web technologies and database design/programming
Experience
Sr. Cyber Security Specialist (02/2013 - present)
Excentium, Inc., (Falls Church, VA)
CBK Domains: Information Security & Risk Management, Business Continuity and
Disaster Recovery, Telecommunications, Security Architecture and Design, Operations
Security
General Duties: Provide expert technical consulting in DoD and Federal Information
Assurance and Security efforts; Develop accurate and in depth accreditation
documentation; Advise customers on security measures that meet or exceed
DoD/Federal standards; Work with customers using various different security
frameworks such as DIACAP, NIST, FedRAMP, HIPAA, SANS, etc.
Completed multiple DIACAP documentation packages for significant medical device
resellers across the various DoD services on time and without error
Facilitated multiple meetings with vendors to review and document their device's
security posture
Redesigned an enterprise network system based on DoD and commercial security
standards
Performed risk assessments and vulnerability analyses using leading edge analysis
tools
Assisted in the development of proposals for new and existing customers
Information Security Engineering Manager (11/2011 - 02/2013)
Booz Allen Hamilton, US Navy NAWCAD (Lexington Park, MD)
CBK Domains: Information Security & Risk Management, Business Continuity and
Disaster Recovery, Telecommunications
General Duties: Provide expert technical consulting in Information Assurance and
Security during all phases of product acquisition and development including
requirements development, engineering, product development and production; Develop
security documentation in preparation for accreditation; Provide independent
document evaluation as part of the certification and accreditation process
Generated Information Assurance Strategy and other accreditation documentation in
preparation for a major government acquisition, ACAT 1D program
Provided technical evaluation of acquisition documentation for Phase 1 System
Readiness Review in ACAT 1D program
Provided security focused system design inputs which resulted in the linkage of
requirements associated with system functions
Developed risk mitigation strategies for information security related risks
Built, configured and hardened server environment for project development and
integration efforts
Employed security engineering techniques to design a secure computing environment
Managed test environment for simulation of target environment; includes new and
emerging technologies
Scanned and hardened servers, workstations and network components with standard DoD
tools
Assisted with the development of proposals
Budgeted man hours and scheduled milestones for project completions
Information Assurance Analyst, Team Lead (03/2011 - 11/2011)
Brandon Technologies, USAF/SG6 (Pentagon, VA)
CBK Domains: Information Security & Risk Management, Business Continuity and
Disaster Recovery, Legal
General Duties: Provide critical analysis of comments to customers from the team;
Tier I support to team for assistance in documentation production and analysis;
Analyze security documentation for newly proposed medical IT systems; perform risk
assessment; annually review existing medical IT systems for security enhancements
or new/unmitigated vulnerabilities
Developed Platform IT(PIT) checklist to streamline processing of PIT systems
Managed the Plan of Action & Milestones (POA&M) quarterly reports across all
treatment facilities
Provided engineering expertise in discovering vulnerabilities in medical IT systems
Developed vulnerability analyses and "get well plans" for customers
Provided expert analysis of accreditation documentation for certification and
accreditation validation for numerous Air Force customers
Performed manual and automated STIG & SCAP compliance scans on multiple platforms
Network Engineering, Section Chief (05/2010 - 03/2011)
United States Air Force (Joint Base Andrews, MD)
CBK Domains: Information Security & Risk Management, Telecommunications, Business
Continuity and Disaster Recovery, Physical and Environmental Security
General Duties: Provide technical planning and management for network
infrastructure and information systems related to the medical community at Joint
Base Andrews. Stay abreast of emerging data center technologies and MHS policies
and procedures.
Maintain core network services for personnel at Malcolm Grow Medical Center (~2000
users)
Ensure enterprise data is backed up for disaster recovery
Modernize data center to implement green initiatives as well a Continuity of
Operations
Manage LAN connectivity for network switches and end user devices
Manage personnel to ensure customers are being supported quickly and efficiently
with their LAN requirements
Developed unit's first comprehensive data disaster recovery plan
Engineered network design for disaster recovery and redundant data repository
Projected DR/COOP costs and PPB&E
IT Network Engineer (02/2007 - 05/2010)
United States Air Force (Ramstein AB, Germany)
CBK Domains: Information Security & Risk Management, Telecommunications,
Cryptography
General Duties: Provided network engineering technical expertise to theater
including all USAFE Wings as well as 3AF and 17AF when requested. Provided expert
technical analysis of new and emerging requirements. Stayed abreast of emerging
market trends and DoD & AF information technology initiatives. Managed various
programs/initiatives as assigned.
Responsible for the program management of the USAFE WAN Accelerators provided by
Certeon
Coordinated market research, product testing and procurement of devices ($922K)
Responsible for the deployment, installation and O&M on AF network
Acted as system administrator of the WAN Accelerators
Accomplished DOD network accreditation and certification (DIACAP) through AF EITDR
(2nd in USAFE to achieve ATO)
Responsible for management of the USAFE NIPRNet migration of the GSU at Ankara,
Turkey
Coordinated and prepared an engineered architectural proposal for migration
Interfaced with multiple organizations and commands to complete project
Completed Project - Total duration: 10 months; Total cost: $800K
Planned and developed project plan and implementation for new Task Management Tool
Coordinated with Invoke Systems (contractor) to install and evaluate Microsoft CRM
Developed training material for HQ USAFE command roll out of new Task Management
Tool
PALACE Acquire Intern (06/2005 - 02/2007)
United States Air Force (Tinker AFB, Oklahoma City, OK, USA)
CBK Domains: Telecommunications, Legal
Facilitated contract renewals of local phone service for USAF recruiter offices/ANG
bases
Navigated records, current services and existing technologies for contract renewal
Managed multiple contract renewals from $5K to $115K
Assisted in developing the Civilian Employment Plan for the 38th EIG FY06-09
Assisted in facilitating an FY06-FY07 VERA/VSIP for the 38th EIG
Performed the Quality Assurance for FY06 Employee Performance Evaluation for entire
38 EIG
Developed core documents for internal use at the 38th EIG for use with NSPS
Participated in Integrated Product Team meetings for planning, acquisition and
installation of communications infrastructure at various Air Force bases
Developed division briefings on Source Selection Acquisition, SOO's vs. SOW's, and
PPBE
Web Master (08/2003 - 05/2005)
Oklahoma State University (Stillwater, OK, USA)
CBK Domains: Telecommunications
Designed and programmed Graduate College website
Developed Oracle database applications to move operations online
Developed graphics for the website and Graduate College using Adobe products
Assisted with the acquisition and installation of new technology
Skills
Information Assurance
Disaster Recovery Architecture and Planning, Vulnerability Assessment,
Certification and Accreditation
Computer
MS Office '03 & '07, C++, Java, VB for Applications, Linux and Unix experience
Extensive LAN experience, i.e. networking protocols, router/switch programming
Experience with servers, blades and chassis; data deduplication hardware, wan
acceleration
Web Based Programming
PHP, JSP, Perl, JavaScript, HTML, web servers (IIS, Apache)
Database Design and Control
MySQL, Oracle, Microsoft SQL, other SQL based programming
Vulnerability Scanning & Analysis
eEye Retina, Nessus, DISA STIG checklists, NIST 800-53, AppDetectivePro
Languages
French - fluent oral and written 3/3
Strengths
Self-starter with proven leadership ability, team member perspective; builds strong
supportive relationships, Task-oriented and precise with high performance
standards, Ability to understand, relate to, and communicate with people of diverse
cultures, Highly resourceful and organized, Highly Creative
Affiliations/Awards/Activities
Certified Ethical Hacker Certified Jan 2013
CISSP Certified Jul 2011
Security+ Certified Nov 2010
Government Security Clearance -TOP SECRET TS/SCI
Awarded Exceptional Civilian Service Medal Aug 2010
Basic & Advanced Communications Officers Training - Combined 392hrs
Information Warfare College - 40hrs
Graduated from the AF PALACE Acquire Intern Program (06/2008)
Eagle Scout Award - Boy Scouts of America
Mission service - 1997 - 1999: Bordeaux, France Mission
Contact this candidate