Security Project Manager
Resume:
Chanel Suggs
**** ******* **( Reunion FL, *****
Cell 919-***-**** ( ace6fc@r.postjobfree.com
HIGHLIGHTS OF QUALIFICATIONS
Possessing 15+ years of experience, I am a results-driven senior
information security manager who has enhanced security standards for IT
companies and customer relationship management. Over 10 years of IT
management experience. Able to manage multiple disparate tasks while
leading a group toward a positive outcome. Detail oriented individual with
an analytical mind that quickly assesses and achieves a solution to the
most difficult problems. Thrives in a team setting with experience
prioritizing and executing in a rapid, dynamic environment. Information
technology professional with proven extensive leadership and responsible
experience in:
. Vulnerability Management . Information Security Policy & Planning
. Training & Education
. Leadership & Mentorship . Data Protection .
Detail Oriented
. Corporate Infrastructure . Network Management & Development
. ISO 27000
. Manage Distributed Networks . Information Security Threats and
comprise . NIST 800
. Security Operations . Web Application . Test &
Evaluation
. Customer Relationship Management . Project Management
. Compliance & Audits
Professional Experience
(Active DoD SECRET clearance)
Defense Information Security Agency - Senior Information Security
Specialist 2014 - Current
. Perform vulnerability assessment and risk analysis for network
architecture
. Responsible for the protection and defense of the organization from
attacks resulting in extraction of data or infiltration of corporate
information assets.
. Customer facing engagements with business customers and third party
service providers to discuss services requested and risks associated with
these services.
. Coordinate with business customers and third party vendors in order to
help with determining the need for the request for access and
precautions.
. Protocol and services analysis with emphasis on boundaries
. Coordinate with management and CCB to ensure acceptable risk levels
. Ensure compliance aspects of firewalls, encryption, VPN and network
protocols
. Ensure standards are being upheld based on FIPS, DoD 8500.2 and DoD
8551.1
DCS - Senior Cyber Security / Information Security Specialist
2013 - 2014
. Create Plan of Actions and Mediation to ensure all vulnerabilities are
patched and a plan for actions regarding vulnerabilities that require
additional methods.
. Ensure based on the Defense Information System Agency (DISA)
configuration guidance to harden servers, operating systems and
appropriate applications within the secure and non-secure facilities.
. Responsible for the protection and defense of the organization from
attacks resulting in extraction of data or infiltration of corporate
information assets.
. Manage team security analysts as to monitor security threats and
escalations.
. Ensure security of IT infrastructures, application and information.
. Document assessment results and write assessments report for key
stakeholders.
. Certification and Accreditation of the TMIP-USMC and DMLSS products.
. Lead team and external providers from our remote locations
. Responsible for creating and documenting security controls in software
and hardware development.
. Ensure vulnerability assessments and risk mitigation is performed for
critical infrastructure components.
. Perform document reviews to ensure changes within the environment were
effective and appropriate
. In order to comply with Federal Information Security Management Act
performed audit reviews, IT Security policies, standards and actions,
developed and reviewed system security plans, plan of actions and
milestones, vulnerability scans and information security policy.
. TMIP-MC subject matter expert on the DIACAP process, DITPR-DON, DADMS &
MCSC DAA IA processes to achieve and maintain USMC ATOs for the TMIP-MC
FoS.
Cisco Systems - Information Security Assurance Manager
2010 - 2013
. Manage day to day relationships with clients and handle all oral and
written communications that deal with day to day issues
. Responsible for the planning, administration and assessment of policies,
standards and procedures
. Responsible for the protection and defense of the organization from
attacks resulting in extraction of data or infiltration of corporate
information assets.
. Manage team of security analysts to monitor security threats and
escalations including log reviews
. Network event analysis, threat analysis and intelligence analysis.
. Subject matter expert for case analysis of security for network
intrusions.
. Provide training and implementation of training tools and documentation.
. Responsible for creating and documenting security controls in software
and hardware development.
. Lead vulnerability assessments and risk mitigation for applications and
critical infrastructure components.
. Document assessment results and write assessments report for key
stakeholders.
. Responsible for developing and implementing best practices in
vulnerability and patch management.
. Responsible for conducting systems security evaluations, audits, and
reviews to assess security events to determine impact and implement
corrective actions
. Create Plan of Actions and Mediation to ensure all vulnerabilities are
patched and a plan for actions regarding vulnerabilities that require
additional methods.
. Responsible for the guarantee of rigorous application of information
security/information security policies, principles, and practices in the
delivery of all IT services offered.
. Architect solutions for infrastructure in order to meet business
requirements and enhance performance
. Policy creation and enforcement for NIST 800 and ISO 27000
. National Institute of Standards and Technology (NIST) policies for
network security, system development, remote access, business continuity,
mobile devices, configuration management, system and log monitoring and
application security architecture.
. Coordinate with business customers and third party vendors in order to
help with determining the scope of the assessment.
. Propose hardware and software solutions to accomplish business
objectives.
. Responsible for management of development and technical risks through the
lifecycle of projects.
. Create security policies and procedures for corporate and federal
information systems, for applications and networks in order to meet
federal security guidelines and requirements. Some of the areas that were
addressed are securing remote access with SSH, SSL and IPSec; based on
NIST and DISA configuration guidance to harden servers, operating systems
and appropriate applications within the secure and non-secure facilities.
. In order to comply with Federal Information Security Management Act
performed audit reviews, IT Security policies, standards and actions,
developed and reviewed system security plans, plan of actions and
milestones, vulnerability scans and information security policy.
. Manage and encourage relationships with key stakeholders, vendors and
other groups within the organization
. Review personnel security clearances and periodic re-investigations using
e-QIP and JPAS.
. Maintain and coordinate with officials for visitor control requests
. Handle physical security such as monitoring and badge access for the
organization.
Cisco Systems - Senior Information Technology Engineer / Project Manager
2006 - 2010
. Manage and encourage relationships with key stakeholders, vendors and
other groups within the organization
. Formed, planned, scheduled, led, and executed technical projects.
. Ensured security of web applications.
. Conduct audits for compliance based on DoD standards and provide analysis
to management plus clients to ensure future performance, the stability
and system lifecycle; includes their security infrastructure, appliances
and platform.
. Responsible for management of development and technical risks through the
lifecycle of projects.
. Provide technical support to customers by investigating and resolving
system related support; support provided by telephone and electronically.
. Propose hardware and software solutions to accomplish business
objectives.
. Customer facing engagements with business customers and third party
service providers to discuss assessment results.
. Coordinate with business customers and third party vendors in order to
help with determining the scope of the assessment.
. Ensured all vulnerabilities are patched and a plan for actions regarding
vulnerabilities that require additional methods.
. Analyze and advise on the risk and remediation of security issues based
on reports from vulnerability assessment scanners, patch management tools
STIG analysis, and emerging threat information.
. Developed technical analysis requirements for feasibility, impact
statements, and technical risk.
. Develop, document, and execute test plans to test functionality for
application releases.
. Create security policies and procedures for corporate and federal
information systems, for applications and networks in order to meet
federal security guidelines and requirements. Some of the areas that were
addressed are securing remote access with SSH, SSL and IPSec; based on
NIST and DISA configuration guidance to harden servers, operating systems
and appropriate applications within the secure and non-secure facilities.
. Responsible for testing new software to ensure integration into company
systems meets functional requirements, system compliance, and technical
specifications.
. Network event analysis, threat analysis and intelligence analysis.
. Identification of issues, defect tracking within corporate defect
tracking system through resolution of issue.
. Responsible for conducting systems security evaluations, audits, and
reviews to assess security events to determine impact and implement
corrective actions
. Responsible for the guarantee of rigorous application of information
security/information security policies, principles, and practices in the
delivery of all IT services offered.
. Communicate test progress, test results, and other relevant information
to key stakeholders.
. Design overall systems - data flows, model, ERD, UI / wireframe,
exceptions handling, pseudo code, and API specifications.
. IP network design and security necessities such as firewalls,IDS/IPS
routers, switches, VLANs and ACLs.
. Responsible for conducting security scans and vulnerability analysis
against applications and platforms.
. Lead team and external providers from our remote locations
Technical expertise
Regular Tasks: Application and network vulnerability assessment, web
development, web support E-DMZ Security Suite, computer network
infiltration, cyber threats, analysis and reporting, PGP/GPG installation
and support, networking for various applications, Windows support, IT
documentation, proposals and software testing Worked with Iptables,
Tcpdump, Wireshark, Nessus, Snort, E-DMZ Security Suite, and Metasploit
Framework.
Software/Languages: SQL, CSS, CGI, Perl, Java, Shell, Telnet, CVS, Norton
Ghost 9, Dreamweaver, Remedy, VPN, TCP/IP, LAN/WAN, ATM topologies,
Forensic Toolkit, Password Recovery Toolkit, FTK Imager, Registry Viewer,
GPG and PGP
Networking: J2EE, Apache, and IIS servers; load balancing; routers; SSL,
DNS, and firewalls; LAN topologies; OS integration; DNS, IP routing, TCP/IP
port configuration, and other concepts/technologies
Programming: VB.Net, C++, C, C#, Java, Assembly, Shell Script, Prolog,
Fortran77, Lisp, Java Threads, JavaScript, MySQL, OpenGL, PHP, cascading
sheets and HTML
Operating Systems: Windows, Linux, and Unix
DSS Certifications: Cyber Protect, Cybersecurity Awareness, Cyber Awareness
Challenge, Personally Identifiable Information, JPAS, SIMs, Facility
Security Officer, DCID, and NISPOM
Education
Master of Science, Networking & DSc, Cyber Security (In Progress)
Communications Capitol College
Concentration Information Security
Keller Graduate University
Master of Business Administration
Master of Science, Information Assurance Concentration Security Management
Honors Keller Graduate University
Capitol College
Bachelor of Science, Computer Science
Concentration Psychology
University of North Carolina-Wilmington
Certifications
AccessData Certified Examiner Systems Certifier
Risk Analysis
Information Systems Security Professional Security +
Senior Systems Manager
System Administrator
Information Systems Security Officer
Contact this candidate