Security Project Manager
Resume:
Terrance Hazelwood
Springfield, VA 22153
*****************@*****.***
Summary
Certified Information Technology security professional with over 12 years
experience able to adapt and succeed within hybrid work force environments.
Draws from prior employment positions (active duty military, private
contractor, public General Schedule (GS) and current IT consulting business
owner) to aid in implementing and managing strategic, technical and
operational security plans ensuring alignment with business goals and
objectives. Maintains exceptional communication skills and posses the
ability to quickly grasp and adapt to new concepts, technologies,
environments and concurrent project tasks.
Top Secret Security Clearance
Work Experience
Hazelwood IT Consulting Group, Inc
5/2014-
Present
Senior Risk and Compliance Engineer, Fannie Mae
. Design and administer procedures in the organization that sustain the
security of the organization's data and access to its technology and
communications systems
. Assess risk of exposure of proprietary data through weaknesses in
platforms, access procedures, and forms of access to the
organization's systems and the data contained in them
. Track security violations and identify trends or exposures that could
be addressed by additional training, technical measures, or use of
application tools to enhance security May lead or execute simulated
attacks or security violations to assess the organization's data
security measures
. Conduct platform or operating system vulnerability scans which assess
exposure of system to attacks or hacking Respond to questions
regarding viral activity, concerns about spam/phishing
. Serve as organization's POC for the third party certification of
security procedures and use of cyber security protections
. Ensure that system's security controls, policies and procedures are
examined, measured, and validated against industry standards
. Lead projects as related to technology refresh/evaluation such as the
Governance Risk and Compliance (GRC) tool
. Perform security evaluations as part of the Technology Selection
Process on products reviewed to be included in the Fannie Mae
environment
. Serves as technical lead or project lead in projects involving testing
defenses against hacking, denial of service, spam, break-ins, or
related attacks
. Provide technical guidance to less senior staff or applications
developers/systems administrators
. Develop and maintain effective working relationships with clients and
other team members
. Provide security-related support to organization-wide information
technology initiatives as needed
. Monitor and stay current with security assessment techniques and
tools, as well as emerging threats to web application security
. Provides expert guidance on mitigation strategies and effective/secure
system configurations
Hazelwood IT Consulting Group, Inc
5/2011-
5/2014
Senior Information Security Engineer (Team Lead), Drug Enforcement
Administration (DEA) Headquarters
. Provides cyber risk and strategic analysis supporting the information
assurance activities within the Drug Enforcement Administration
Headquarters including geographically dispersed field locations
. Maintains a working knowledge of certification and authorization
(specifically NIST-based policy, including NIST SP 800-53rev3),
configuration management, risk management and controls auditing
. Provides guidance directly to the client Senior Management regarding
enterprise wide C&A and security recommendations
. Lead team of security professions to ensure that client goals and
objectives were accomplished within budgeting and timeframe
parameters
. Conducted weekly/adhoc team project status meetings with client and
team to ensure key items were addressed and adequate allocation of
resources were distributed as driven by the project
. Ensures implementation of secure configuration baselines for Database
Management Systems, Office Suites, Operating Systems, Virtualization
Software, Web Browsers, and Enterprise Applications
. Conducts system reviews of local and geographically dispersed units,
tracking results within the Security Assessment Management (CSAM) tool
. Ensures organizational units utilize applicable policies, directives,
instructions, and guidance of Office of Management and Budget (OMB),
Department of Justice (DOJ), National Institute of Standards and
Technology (NIST), the Committee on National Security Systems (CNSS),
and the Director of National Intelligence (DNI)
. Develops, maintains and monitors sub-task work planning and
requirements while responding and performing issue resolution
. Responsible for certification and accreditation package
assembly/reviews, including System Security Plans, IT Contingency
Plans, Plans of Action & Milestones (POA&Ms), and Risk Assessments
. Serves as the Project Manager supporting several new Next Generation
Network (NGN) initiatives. Ensures security concerns are addressed
throughout the architecture design and implementation phases of
Wireless, Management Network and Mobility Services
. Leveraged BlackBerry 10 and Device Service DISA STIG's covering
smartphones and tablets resulting in the formation of the DEA Default
IT Policy covering General, Hardware, Logging, Password, Security, and
Software to be used throughout the DEA
. Daily coordination with senior client leadership, Project Manager and
Engineering staff during all testing/evaluating phases. Recommends
existing and emerging mobile technologies, including mobile device
management and mobile application hosting solutions to meet the
business needs.
. Reviews existing and proposed enterprise mobile device
implementations, identifying threats and vulnerabilities, and
recommending risk mitigation measures to enhance the security posture.
. Develops detailed technical mobile security device and application
requirements, standards, and configuration documents, working closing
with the Architecture groups.
. Identify the strengths and weaknesses of information security related
to mobile devices, applications, and operating systems, and recommend
strategies.
. As lead assessor, performed in-depth architectural and security review
for the integration of 3 new initiatives for the Department of
Justice: Cross-Domain Solution, Next Generation Network (including
mobility services), and Classified PKI.
. Provides expert-level subject matter expertise on network architecture
(LAN/WAN), security software suites, operating systems and other
information technology domains
. Representative of the Department of Justice, DEA attending high-level
Continuous Monitoring Working Group briefings
. Acts as a liaison between team and government client, conducts
interviews of potential new hires, and any related ad hoc tasks.
. Develops and delivers Standard Operating Procedures (SOP) guidance to
DEA-wide components.
Blackstone Technology Group
11/2010-5/2011
IT Security Consultant/Enterprise Information Assurance Officer/IAAP
Program Manager, 844th Communication Squadron, Air Force District of
Washington (AFDW)
. Advised geographically disbursed Information Assurance Officers (IAO)
to ensure organization policies, directives, instructions, and
guidance of Office of Management and Budget (OMB), Department of
Justice (DOJ), National Institute of Standards and Technology (NIST),
the Committee on National Security Systems (CNSS), and the Director of
National Intelligence (DNI) were followed
. Ensured IAO implemented and maintained programs aligned with
established overarching wing-level information assurance and cyber
security guidance including onsite inspections
. Responsible for training of over 200 primary and alternate IAO's
located at Andrews AFB, Bolling Joint Base, and the Pentagon
. Oversaw cyber vulnerability detection and assessments to include cyber
incident response and investigation analysis
. Reviewed program components, including but not limited to: COMSEC,
network and computer security, emission security, IA awareness,
information protection operations, network user licensing and the
certification of network user licensing, password management and other
areas of interest covered on AF 4160 checklists
. Ensured organizations implemented security measures for classified
information systems and assess security design, and testing of state-
of-the-art secure operating systems, networks, and applications
. Performed risk assessments providing recommendations for application
design, including architectures, firewalls, electronic data traffic,
network access, security policy and standard operating procedures
covering mitigation strategies
. Conducted vulnerability scans, testing and operation of various
software and applications for risk assessments using tools such as
eEye Retina, DISA STIG's and Gold Disk
. Gathered metrics, developed and prepared critical reports for the
security maintenance TCNO (Time Compliance Network Order) team,
configuration management, security incidence response team (CND),
Network Defense (NetD), disaster recovery team, Vulnerability
Management (IAVM) team, Enterprise Patch Management (SMS, WSUS, ITMU
and SA) Team, Security Risk Assessment (RA) team, certification &
accreditation (C&A) team and security awareness training team
. Participated in the certification and accreditation (C&A) of the US
Air Force Information Technology network within the requirements of
the Department of Defense Information Assurance Security Certification
and Accreditation Process (DIACAP)
. Lead threat and vulnerability assessments associated with mobile
device implementations and recommend mitigation strategies staying
abreast of mobile security threats and emerging mobile technologies.
. Reviews system change requests, performing malware/vulnerability
analysis resulting in providing recommendations to the Section Chief
for implementation
Defense Information Systems Agency (DISA)
3/2008-11/2010
IT Specialist (INFOSEC), DISA Field Security Office (FSO)
. Provided Subject Matter Expert guidance to staff on matters relating
to information management issues that involve a wide range of IT
management that typically extend and applied to an entire organization
or major component of an organization
. Ensured the confidentiality, integrity, and availability of systems,
networks, and data through the planning, analysis, development,
implementation, maintenance, and enhancement of information systems
security programs, policies, procedures, and tools
. Performed Gold Disk testing and development in anticipation of new
updates and releases
. Managed staff of security professionals responsible for reporting
metrics for Remedy Ticket System; Provided weekly/adhoc briefings to
the Division Chief
. Prevented and defended networks against unauthorized access to
systems, networks, and data; conducted risk and vulnerability
assessments of planned and installed information systems to identify
vulnerabilities, risks, and protection needs
. Served as a Joint Task Force Transformation Initiative Interagency
Working Group team member responsible for revising NIST 800-53A
documentation. Utilized 800-53 and the 8500 controls for integration
into STIG security documentation
. Developed, prescribed, and/or implemented Information Systems Security
policy, standards, and procedures for DoD-wide information processing
systems
. Conducted security evaluations and analysis of information systems to
identify requirements, logical structures and information flows
CACI International
HBSS Deployment Manager, DISA Field Security Office (FSO)
7/2007-3/2009
. Managed configuration, field deployment, maintenance, and Operations
Procedure documentation for McAfee's Host Base System Security, e-
Policy Orchestrator, McAfee's Hercules Enterprise Vulnerability
Management Suite, eEye Digital Security's Retina Network Security
Scanner and Remote Enterprise Manager
. Provided consultation regarding IA projects involving all phases of
information assurance and network operation to include: assess,
address, correlate, analyze, and provide IA course of action decision
support
. Assessed impact, determined probable damage and suggested methods of
damage control utilizing computer forensics, and follow-on analysis to
build historical and predictive capabilities
. Developed strategies for information systems providing protection
against unauthorized access to or modification of information
. Evaluated planned network management systems to assess security
effectiveness, monitor security performance and adequacy, and
identify/resolve security problems
. Provided technical advice to the Command staff and regularly
represented the command in high level meetings with representatives of
the DoD, private industry and other Federal agencies to resolve
INFOSEC management policy and operational issues
. Identified future projects/programs resource requirements to include
funding, staff participation, engineering, and facility/installation
security support requirements
. Developed security project milestones and resource management;
delegated responsibility to team members, and assumed responsibility
for completion of assigned projects within the scope of command
objectives, priorities and resource constraints
. Attended weekly meetings with Project Management Team discussing
applicable information pertaining to the sustainment of DISA projects
. Lead teleconferencing efforts with geographically dispersed sites that
required on site installation and training of the available products
offered by DISA; coordinated the deployment of personnel and hardware
. Researched trending vulnerabilities applicable to the DOD resulting in
coordination efforts with security software vendors to update DOD
audits
. Reviewed Remedy generated trouble tickets associated with COTS
software/hardware
. Coordinated with outside vendor technicians to resolve issues that
required elevation to developers
United States Air Force, Langley Virginia 08/1999 to 07/2007
Vulnerability Assessment Specialist
. Utilized Server management System (SMS) to monitor/push security
patches
. Implemented, managed and troubleshot the base Public Key
Infrastructure (PKI) software supporting the Common Access Card (CAC)
functions
. Administered the Network Security of $51M classified/unclassified
networks supporting over 12K users performing malicious logic
investigation, reporting and damage assessments
. Served as a Contracting Officer Representative (COR) ensuring proper
development of requirements and assisting Contracting Officers in
managing contracts
. Employed Internet Security Systems Site Protector (ISS) discovering
and eliminating network vulnerabilities. Determined and reported the
information protection posture of the base network while maintaining
and updating local security patch program
. Ensured adherence to Air Force Network Operations and Security Center
(AFNOSC) advisories and Time Compliance Technical Orders (TCNOS)
. Maintained applicable anti-virus software updates/upgrades on a weekly
basis
. Implemented and maintained base network security policies and base
information assurance programs
Education
M.A., Information Systems and Technology Management
Capella University
12/2015
B.A., Management Information Systems
Bellevue University
06/2010 *Deans Scholar
Relevant Coursework:
- Management Essentials - Capstone Proj Info Sys Mgmt
- Business Communication Skills - Project Management I
- Info Systems Planning & Mgmt - Project Management II
- Information Systems Security - Managerial Finance and Acct
I
- Operations Mgmt and Quant Meth - Managerial Finance and Acct
II
- Internet Marketing - Cyber Ethics
Associate in Applied Science
Community College of the Air Force
05/2005
B.A., Studio Arts/Computer Graphics
University of Pittsburgh
12/1998
Tools
. Cyber Security Assessment and Management Tool (CSAM)
. Qualys, Backtrack, Nessus, nCircle, Agiliance Suite
. DISA Enterprise Mission Assurance Support Service (eMASS)
. Tenable Network Security - Nessus Vulnerability Scanner
. AppDetectivePRO/DbProtect - Database Security Scanner
. Retina Network Security Scanner Tool
. Hercules Remediation Tool
. DISA SRR and Gold Disk
. McAfee Host Based Intrusion Prevention System (HBSS)
. McAfee Secure Configuration Compliance Validation Initiative (SCCVI)
. McAfee Secure Configuration Remediation Initiative (SCRI)
Training
. DISA DIACAP Validator
. SANS Security Leadership Essentials for Proctored Certification: GIAC
Security Leadership Certification (GSLC)
. McAfee Host Based Intrusion Prevention System (HBSS)
. McAfee Secure Configuration Compliance Validation Initiative (SCCVI)
. McAfee Secure Configuration Remediation Initiative (SCRI)
. Hercules Remediation Tool
. USAF TBMCS Unit Level Administration
. Contracting Officer Representative Training
. Non-Commissioned Officer Leadership School
. DISA SRR and Gold Disk
. USAF Supervisory Development Courses
. Retina Network Security Scanner Tool
. USAF Communications - Computer Systems Operations
Licenses and Certifications
. Department of Defense Directive 8570 IAM and IAT Level III compliant
. GIAC Security Leadership Certification (GSLC)
. Certified Information Systems Auditor (CISA)
. CompTIA Security + Certified Professional
Honors, Awards, and Special Accomplishments
. Global War on Terrorism Service Medal
. Global War on Terrorism Expeditionary Medal
. National Defense Service Medal
. AF Achievement Medal with Oak Leaf Cluster Device
. AF Outstanding Unit Award with Valor and Oak Leaf Cluster Device
. AF Good Conduct Medal
. USAF NCO Professional Military Education Graduate Ribbon
. AF Longevity Service Medal
. Joint Service Achievement Medal
. USAF Basic Military Training Honor Graduate Ribbon
. Senior Airman "Below the Zone" Early Promotion Recipient
Contact this candidate