Project Manager Security
Resume:
Michael G. Quilty
Information Security Network Architect, Engineer, Consultant, and Project Manager
******@*******.***
Home: 708-***-****
Cell: 708-***-****
Skills Summary:
Mr. Quilty has primarily been a Subject Matter Expert and Program Manager in information technology
including network design and implementation, information security and project management. Experience
includes LAN/WAN security, network architecture, and implementation, maintenance/ troubleshooting,
with an emphasis in information security program management – ensuring timely staff, financial and
deliverable quality. With over twenty-five years exclusively in the information technology field, he is a
well-rounded IT/IS professional who has performed a wide variety of leadership duties including network
design, implementation, and troubleshooting of large enterprise networks to project management,
manager of information technology professionals, and information security compliance auditing and
consulting. I am an information technology security professional who believes in keeping current with
the industry’s latest technologies and certifications, as well as program management techniques and best
practices and ensuring the maximum return on investment for each of my customer’s resources. Other
professional skills include a strong background in technical writing including creating sales proposals;
invoicing and resource allocation, tracking and reporting; requirements definition; system security plans;
network documentation; vendor and OEM management; and, training. Michael has applied this
knowledge and skills effectively to ensure programs are managed well technically,
administratively/financially and are appropriately staffed. Currently have over 12 years of
program/project management experience and have managed and co-managed many small, medium and
large size IT projects.
Experience Summary:
Over 20 years of Information Technology experience including network design, implementation and
operations
Over 12 years of management and project management experience
Over 11 years of Information Security Subject Matter Expertise including Information Assurance,
Certification and Accreditation, and penetration/vulnerability testing and assessment
Work History:
Defense Information Systems Agency (DISA) – (June, 2013 –Present) DISA, an agency of the U.S.
Department of Defense, provides, operates, and assures command and control and information-sharing
capabilities for the DoD. Senior Information Assurance Design Architect – Currently working on the
security design and architecture of a new (shared) information system between Military Health Services
(MHS) and Veterans Affairs (VA). Leading a team of information security engineers (on behalf of the
DISA PMO) to review the design architecture to ensure compliance of both 8500.2 and 800-53 Risk
Management Framework controls. Responsibilities include leading the effort to attain an Authority to
Operate (ATO) of the new information system and creating the supporting security artifacts and
documentation for DoD certification and accreditation.
National Institute of Standards and Technology (NIST) – (May, 2012 – June, 2013) NIST is an agency
of the U.S. Department of Commerce which is one of the nation's oldest physical science laboratories.
Information Assurance Lead – Prepare FISMA (800-53) Assessment and Authorization packages for
information systems residing at the NIST Gaithersburg, MD and Boulder, CO campuses. Responsibilities
include interviewing system owners and security officers, reviewing information system artifacts (System
Security Plans, Network Diagrams), preparing and presenting artifact deliverables (Security Assessment
Plans, Security Assessment Reports), and scanning with Nessus Security Center, WebInspect, and NMAP.
Identify and present risk assessment findings to senior management, System Security Officers, and other
stakeholders to determine strengths and weaknesses within the information system as well as ways in
which to improve security risk and management.
Vandenberg Air Force Base – (June, 2011 – February, 2012) Vandenberg Air Force Base (Lompoc, CA.)
is a U.S. Department of Defense space and missile testing base, with a mission of placing satellites into
polar orbit from the West Coast.
DIACAP Information Assurance Engineer/Project Lead
Job duties include preparing DIACAP ATO packages for information systems on base, vulnerability
scanning, testing and analysis, and helping the incumbent contract holder (Exelis Inc., formerly ITT) to
reengineer their processes, methodologies, and training to streamline the DIACAP process to win contract
renewal in October, 2012.
APPTIS, Inc. (September, 2010 – April, 2011) Ranked as one of the Top 20 Federal Integrators, APPTIS
is a leading provider of IT solutions and services for government and industry.
Senior DIACAP Information Security Consultant/Project Manager for Cahaba Safeguard
Administrators (CSA)
Job duties include performing project management as well as providing security subject matter expertise
on building a new DoD Certification and Accreditation boundary for detecting pharmaceutical fraud and
abuse claims for the US Department of Defense. Provided architecture guidance and assisted with
implementing systems and controls in preparation of a Baseline site visit by Tricare Management Activity
(TMA) Information Awareness auditors. Other duties include working as the liaison between the TMA
auditors and the client’s staff to prepare the CSA Information System for obtaining an Authority to
Operate (ATO) which is in progress. Also responsible for preparing and presenting all DoD DIACAP
artifacts and for managing implementation and verification of all controls which are needed to
successfully pass a mitigation audit needed for obtaining an ATO.
Paragon Micro (August – September, 2010)
Paragon Micro is a leading provider of top name-brand IT computing products, software and advanced
IT services helping companies around the world enable, manage and secure their IT environment.
Senior Information Security Consultant/ DIACAP Project Manager
Worked as Project Manager on an eight week project to prepare our client (Synovate – Chicago, IL) and
their information system for a DIACAP certification and Accreditation audit by the U.S. Department of
Defense. Managed a team of information professionals to prepare their information system in addition to
preparing the artifacts needed to be granted an Authority to Operate (ATO).
SoftConcept, Inc. (May 2010 to August 2010)
SoftConcept specializes in providing Information Technology, Information Assurance, Intelligence
Analysis, and eLearning services to the United States Federal Government
Information Security Consultant - Program Manager
Developed, prepared and presented my team for an oral presentation on a bid for the U.S. Naval Shipyard
Information Awareness contract. My team came in second place in the bidding process. I continue to
work with SoftConcept on a limited basis on ideas for other contract proposals and information security
endeavors.
Unisys Corporation – Chicago, IL (August 2001 to May 2010)
Unisys Corporation is a systems integrator which provides consulting services with a high profile in
federal government information security services
Experience at Unisys includes the following projects:
(April 2009 to April 2010)
Senior Information Security Architect and Project Leader –Health Information Management
(April, 2009 to present)
• Performed FISMA assessment of 4 data centers used to facilitate Medicare and Medicaid requests
• Create a detailed mitigation strategy for mitigating any risk that were present in the environment
• Worked with the client to implement a Change Control Board to review changes to the
information system
• Scanned the client’s information system using Retina, Nessus and PGD and reported back on
findings
• Gathered and organized information system documentation to give the client a clearer
understanding of their network environment and devices
• Currently working with the client to institute a revised FISMA compliance and security plan for
compliance checks and vulnerabilities
• Delivered products on time and within budget.
Senior Information Security Architect and Program Manager -USDA Enterprise Data Center
Migration (Dec, 2008 to March 2009)
• Lead daily technical meetings and provided project management guidance to junior engineers and
subcontractor
• Assisted with research for converting physical file-servers (at four USDA data center sites) to
virtual file-servers using VMware server. Phase 2 includes moving to an enterprise data center
with a backup data center for disaster recovery.
• Performed a current site analysis of each of the four data centers to be moved
• Created documentation of existing sites to be virtualized
• Attended formal VMware training and for assisting in the physical to virtual architecture
• Managed project according to contract, provided billing information and performed quality
assurance oversight for all staff efforts and deliverables.
Senior Information Assurance/ Security Architect and Technical Lead/Advisor – State of
Massachusetts, Department of Workforce Development Project (September 2007 to November
2008)
• Interfaced directly with customer to ensure project efforts were on target and being accomplished
according to customer expectations and budget.
• Provide guidance in hardening network devices including CISCO WAN devices, IDS, IPS and
firewalls, LINUX, UNIX, and Windows file-servers, and applications (Oracle, SQL) to meet
FISMA compliance
• Guiding Information Systems Security Officer (ISSO) with developing policies and procedures
for attaining FISMA Certification according to NIST SP800-53 guidelines
• Provide guidance to customer’s Information Technology subject matter experts to enable them to
pass a FISMA certification audit
• Perform security audit scanning and penetration scanning using Nessus v3.2, DISA Production
Gold Disk, Retina and App-Detective information security assessment tools
Senior Information Security Engineer, Consultant and Team Leader – Tricare Department of
Defense Account – Jan, 2003 to Aug, 2007
Provide network security consulting in addition to certification and accreditation (C&A) guidance for
civilian data networks undergoing the Department of Defense Information Technology Systems
Certification and Accreditation Process (DITSCAP) and Department of Defense Information Assurance
Certification and Accreditation Program (DIACAP).
• Engineering team lead on all projects managing a team of between 3 and 8 engineers. Ensured
staff was appropriately qualified and performed according to contract requirements. Submitted
deliverables on schedule and took corrective actions (staffing, quality, financial) as needed.
• Created and was responsible maintaining/updating many core DoD documents including SSAA,
Security Test Plan and Accreditation Report
• Perform penetration testing using the Internet Security Systems suite of tools including System
Scanner, Internet Scanner, and Database Scanner in addition to DISA’s PGD scanning tool as well
as eEye Digital Security’s Retina Network scanner and Application Detective by Application
Security, Inc.
• Provide guidance and training to engineers learning the DITSCAP process
• Perform system scanning using DISA PGD Gold
LAN Project Manager – City of Chicago – Aug, 2001 to Jan, 2003
Managed 15 senior level network engineers that were responsible for the design, implementation and
maintenance of all Microsoft & Netware file servers for the City of Chicago local government. I was
responsible for project management (including staffing, quality assurance and financial management) and
architecture of all Microsoft and Netware fileserver deployment projects along with other critical network
infrastructure projects. I was also responsible for providing information technology consulting services to
all 42 city departments including the Mayor’s (Richard M. Daley) office. Developed architectural design
for migrating 120 Netware 4.2, 5.1 file servers to Microsoft Windows 2000 using Active Directory
Project managed large projects including file server rollouts and high profile City of Chicago projects.
Designed and rolled out high profile Win2k and Netware cluster solutions for the City of Chicago
Manage vendor relationships, network documentation, SLA’s and software licensing agreements for the
City of Chicago.
Radio Wave - Chicago, IL – Aug, 2000 to June, 2001
RadioWave.com is a company, which offers music and entertainment through streaming audio over the
Internet.
Manager-Wide Area Networks
Primary duty was to manage and support all wide area links and LAN/WAN security in and out of our
network. Other duties included: WAN/LAN support, Wide Area design, vendor and OEM management.
Through proper project management, saved the company money (in excess of 100K) by developing and
conducting an operations training program and standard operating procedures manual (for the operations
department) so we could manage operations 24/7 internally thereby eliminating the need of our
outsourced operations monitoring vendor. Projects include converting the Windows 2000 multi-domain
environment to Microsoft’s Active Directory. Worked with Sniffer software to monitor traffic flow and
analyze network performance. Monitored bandwidth utilization and streaming traffic performance using
MRTG and other internal monitoring tools. Was responsible for training engineers to keep them current
with the latest technologies with networking and audio-video streaming technologies
Education:
Keller Graduate School of Management – Certificate in Wireless Communications (August 2010 –
June 2011)
Keller Graduate School of Management - Master’s Degree in Management Information Systems
(MIS) - 2009
DeVry University - Bachelor’s Degree in Information Technical Management (BSTM) - 2006
DeVry University - Associate of Applied Science in Electronics Degree (AASE) - 1993
DeVry Institute of Technology - Electronic Technician Certificate - 1982
Top Secret Clearance - Active
Professional Certifications:
Certified in Risk and Information Systems Control (CRISC) - 2011
Certified Information Systems Security Professional ( CISSP) – 2004
Certified Information Security Manager (CISM) - 2007
Certified Information Security Auditor (CISA) - 2008
Security Plus (Security +) Certification - 2005
Certified Ethical Hacker (CEH) Certification - 2005
Cisco Certified Network Associate (CCNA) V1.0 & 3.0 - 2000/2003
Master Certified Netware Engineer in Connectivity (MCNE) - 1997
Certified Netware Engineer (CNE) Certified in Netware 2/3/4/5/6 - 1995/2003
Microsoft Certified Systems Engineer (MCSE) NT4.0/2000 - 2000, 2002
Professional Training:
PMP training (in progress) anticipated certification in Q4-2013
DIACAP Refresher (Classroom) – February, 2012
Xacta IA Manager Training (Classroom) - August, 2011
Wireless Technologies (Master’s Degree Certificate from Keller) - 2011
PMP Training (Classroom) - March, 2010
VMware Training (Classroom) - February, 2009
Certified Information Security Manager Boot Camp - 2007
DITSCAP to DIACAP Training - 2006
Certified Ethical Hacker Boot Camp - 2005
Certified Information Systems Security Professional Boot Camp - 2004
Contact this candidate