Security Manager
Resume:
DARLENE R. YOUNG
***** #*** ****** *** *****, MacDill AFB, Tampa FL 33621 *******.*.*****@*****.*** 843-***-****
SPECIAL QUALIFICATIONS
Results driven Cyber Security Professional with over 30 years’ experience in planning, developing and implementing
solutions to address both operational and business requirements. Natural leader with over 20+ years of leadership and
management experience. Proven experience in providing Information Assurance (IA) focused business processes and
policies for the Federal government, Department of Defense, and Intelligence Community based on business
requirements and industry best practices.
SECURITY CLEARANCE: Current Top Secret (SCI Eligible)
CERTIFICATIONS
• •
Certified Information Systems Security Certificate Senior Systems Manager (CNSHSI
Professional (CISSP) #40374 4012)
• •
Certified Information Security Manager (CISM) Fully Qualified Navy Validator (FQNV #I0303)
•
#0301390 Certificate Enterprise Data at Rest (DISA)
• •
Certified in Risk and Information Systems Preparing for CISA Exam 2015
Control (CRISC) #1000897
• Certified CEH; preparing for v8
• Certificate Information Systems Security
Professional (NSTISSI 4011)
AREA OF EXPERTISE
• Security Risk Management Compliance
Demonstrated experience in Cyber Security policies and activities for networks, systems and applications including
Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring.
• Certification and Accrediation (C&A) Assessment and Authorization
Subject Matter Expert in details and intricacies of DIACAP, Risk Management Framework (RMF), ICD503, NIST,
HIPPA, laws, regulations and standards. Hands-on experience to verify, validate, and authorize activities, and creating
Risk Mitigations and Remediations, manage POA&Ms for approval to operate for system life cycle. Develop all
supporting documentation.
• Program Project Management
Strategic Project/Task manager with 20+ years of experience. Results driven professional, able to multitask and
optimize resources. Thrives in a fast paced environment.
• Leadership Communications
Proven superior interpersonal communications skills. Identifies problems; determines accuracy and relevance of
information; uses sound judgment to generate and evaluate alternatives for closure. Work closely with clients ensuring
their needs are understood and provide quality services for complete customer satisfaction.
PROFESSIONAL EXPERIENCE
1
DARLENE R. YOUNG
All Positions Listed are Full Time – 40+ hour work week (Monday – Friday)
Falconwood Incorporated Charleston SC June 2013 – Present
Risk Management Compliance
Providing support to the SPAWAR System Center, Naval Enterprise Networks (NEN) Program Management Office
(PMW 205). Direct report to the Chief Information Security Officer (CISO) as a trusted advisor and Subject Matter
Expert (SME). Established the first ever NEN PMW 205 Cyber Security governance framework for risk management
and reporting for the Navy Marine Corps Intranet (NMCI) enterprise network. This was a critical driver for ensuring
consistent standards, and practices to measurably increase efficiency and effectiveness for the largest intranet in the
U.S. government, ensuring the confidentiality, integrity, and availability of systems, networks, and data.
• Led efforts to ensure compliance with Federal Information Security Management Act (FISMA), Fragmentary
Orders (FRAGO), Operations Orders (OP ORDs), and Information Assurance Vulnerability Alerts/Bulletins
(IAVAs/IAVBs)
• Research, assessed and provided comprehensive analysis on current and emerging Cyber threat warnings,
bulletins, alerts, vulnerability trends in support of requirements and compliance.
• Created dashboards, briefings and status reports from the Online Compliance Reporting System (OCRS),
Vulnerability Remediation Asset Manager (VRAM), and other resources in support of the Risk Management
• Developed Communications Plan, Standard Operating Procedures for collaborating with PMO, NetOps, and PORs
owners for emerging Cybersecurity policies, best business practices and governing requirements
Fully Qualified Navy Validator Certification and Accrediation Analyst
Supporting NMCI Certification and Accrediation, Assessment and Authorization services for Enterprise, Solutions and
Sites.
• Assess Security Controls, and make recommendations for reduction of risk
• Validate, and make recommendations for improvements for security documentation supporting C&A
• Analysis of NMCI compliance for Department the Navy Application and Database Management System
• Managed and updated the Enterprise Network Ports, Protocol, and Services Management (PPSM) for packages
during validation in accordance with DoD regulations, policies, and guidelines.
• Provide DIACAP to RMF standardized processes and transition requirements
• Training and mentoring new employees; assuring that product deliverables are accurate, and meeting quality
requirements to obtain Authorization to Operate
• Continuous collaborations with HP Engineering, Action Officers, Approving Authorities, Stakeholders, PMs and
PEO
Scientific Research Corporation Charleston SC November 2009 – June 2013
Senior Information Security Analyst
2
DARLENE R. YOUNG
Provided Cyber Security support to the Navy Space and Warfare Systems Center Charleston, DIA and US Central
Command establishing and maintaining a collaborative strategy across several projects to enhance and meet
stakeholder’s objectives, reduce cost, schedules and performance goals. Subject Matter Expert leading a team
providing Cyber Security, information privacy, physical security, incident response, and business continuity planning
& disaster recovery.
SME supporting the Defense Intelligence Agency, Inter-Agency Task Force Counterintelligence and Human
Intelligence Center (DCHC), Requirements Reporting and Operations Management Environment (CHROME)
program.
• Conducted research, and building of Ontology concepts
• Conducted business analysis for the development of Analysis-of-Alternative (AoA) by selecting and
recommending the most efficient alternative Ontology solution
• Identified, defined and documented the methodologies to build the Ontology by entities, attributes and
processes
• Conducting evaluation of technologies for content intelligence information retrieval. Building of the Ontologies
and conducting information extraction of natural language for the testing of the proof of concept under
development
o AoA products reviewed included the General Architecture for Test Engineering, Protégé Ontology editor,
and Protégé Web Ontology Language
o Developed an overview brief and user guide on the AoA product
IA Lead Subject Matter Export (SME)
Provided support to United States Central Command Joint Combined Technology Demonstration (JCTD) project, One
Box-One Wire (OB-1). Project demonstrated, assessed solutions and innovative concepts to address transformation of
the existing Department of Defense air-gapped networks (NIPR, SIPR, etc.) to an environment that allows the user to
access all networks from a single PC terminal while still preserving the separation and security of data flows.
• Provided reports on products performance and capabilities to meet DOD security guidelines for supporting cyber
security requirements to address the joint, coalition and interagency operational gaps in meeting the needs of the
Warfighter
• Lead for the Security Assessment Team performing assessment of the OB-1 solution against the DIACAP, and
NIST 800-53 800-53A Management, Operational and Technical controls
• Developed all supporting Artifacts including the System Security Plan that reflected the installation and security
provisions, Concept of Operations, and the Contingency Plan
SAIC Charleston SC October 2008 – November 2009
Information Security Analyst
Provided system support to the SPAWAR System Center Program Management Office (PMW 160) Tactical Networks
Software Support Activity, Integrated Shipboard Network Systems (ISNS) as the Technical Point of Contact (TPOC).
Lead of Software Support Activities working directly with engineers, installers and program agents to ensure
aggressive installation schedules for mission support to US Navy surface ships and submarines.
3
DARLENE R. YOUNG
• Acted as the designated Point of Contact between the Information System Security Manager (ISSM), System
Owners, Program Manager, and Infrastructure Lead concerning day-to-day system activities, vulnerabilities, and
overall security posture
• Reviewed and analyzed reports for the discovery and identification of Critical, High, and Medium system
weaknesses and coordinated remediating efforts in support of the ISNS
• Supported the generation, editing and maintaining critical system documentation and artifacts Managed and
processed Navy Change Request
• Responsible for toolkit production, established and documented baseline and performed quality assurance prior to
release to ISNS
CACI Chantilly VA July 2005 – July 2008
Senior Information Security Analyst
Lead provided ITIL based support and expertise in the area of Information Assurance (IA) to the Veterans
Administration, Washington DC. Responsibilities included requirements for Risk Management, Certification and
Accreditation, Business Impact Assessments, Contingency Planning, Disaster Recovery Plans. Developed risk
mitigation and remediation strategies, which included documenting, implementing, maintenance of risk.
• Re-directed the activities of the project team members to accomplish project objectives and turned a troubled
project around with complete success
• Day-to-day collaboration with the customer and team members ensured this project was a completed successfully.
We won the re-compete for the project
• Conducted risk assessment and risk mitigation strategy, which included implementation, maintenance, and
documentation of risk, as well as remediation recommendations
• Managed project resources, developed Information Assurance deliverables. Managed and mentored local and
virtual staff on internal and external project tasks. Developed, and presented client project plans and managed
technical implementation
Developed capture and milestone plans working directly with Vice President for the business unit and other executives.
Developed the Information Assurance Strategy for the Business Unit. Captured new business opportunities, and
participated in proposal development and reviews. Documented past performance, bid opportunity tracking, bid/no-
bid analysis, teaming strategies and technical solutions development. Evaluated cost benefit, economic, and risk
analysis in decision making processes.
• Supported Information Assurance and Certification and Accrediation for strategic business objectives in support of
division milestones and strategic alliance reviews. Key contributor to capturing new business opportunties while
leveraging technical successes of proven company innovations
• Performed analysis of services for improvements that resulted cost savings, better use of resources, and meeting
security requirements without increasing overall budget
• Fostered client relationships and expanded new opportunities
SAIC (EMA) Charleston SC November 2004 – July 2005
Information Security Analyst
4
DARLENE R. YOUNG
Provided direct hands-on support to the Naval Medical Information Management Center (NMIMC) enterprise network
Certification and Accrediation.
• Recommended policies, procedures, and actions as appropriate to achieve Approval to Operate for the NMIMC
enterprise network
• Provided Information Systems Security Assessments, and advised the client on legislations and regulations to
include Certification and Accrediation requirements, HIPAA and FISMA compliance
• Determine the process used to accomplish goals, properly document processes, directed team members, ensured
efficient work flow, identify opportunities for synergy and integration, and simplify complex processes for
complete project success
SAIC Columbia MD June 2004 – November 2004
Senior Information Security Analyst
Performed the duties of an Information System Security Officer (ISSO) in support of the Trailblazer Project. Provided
assistance to establish an approved process for handling security incidents or vulnerabilities. Monitor system recovery
processes and ensure proper restoration of information system security features, development supporting System
Security Plans and Contingency Plans.
• Continuously interfaced with government Project Management, to discuss requirements and provide status reports
to both Client and Corporate Management. Liaison with developers and engineer team to ensure requirements
were met in accordance with Client specifications
• Ensured that systems were certified and accredited using applicable Government standards. Prepared
documentation and coordinate with accreditors
• Prepared and reviewed documentation to include System Security Plans (SSPs), Risk Assessment Reports, and
System Requirements Traceability Matrices (SRTMs). Supported security authorization activities in compliance
with NSA/CSS Information System Certification and Accreditation Process (NISCAP)
• Key author of the backup, disaster recovery (DR), and continuity of operations planning (COOP) plans
Lockheed Martin Corporation Elkridge MD May 2001 – May 2004
Information Security Analyst
Supported the National Security Agency (NSA) R&D INFOSEC Attack, Sensing, Warning and Response, Protection
of Vital Data program. Analyzed, installed and evaluated Intrusion Detection Technology for detecting host and
network based intrusions. Documented the characterization and attribution of threats, and reported on the findings for
situational awareness, and the development of mitigation strategies.
• Lead a multi-disciplined team of engineers, technicians, and developers in execution of computer network attack
vectors, exploitations and emerging IDS threat detection technologies
• Provided support in the development of the NSA Intrusion Detection Comprehensive Capabilities (IDCCL) testing
criteria. Developed test plans, and conducted testing, and reported results. Participated in Red/Blue Team
exercises
5
DARLENE R. YOUNG
Computer Science Corporation Hanover MD May 1999 – April 2001
Principal Security Engineer
Provided Information Assurance support for the National Security Agency, Multi System Security Initiative Team.
Integrated and conducted comprehensive testing on security exploitation techniques and vulnerabilities that could have
been leveraged to launch an attack against critical data and information systems.
• Developed solutions that provided reliable interoperability, well-protected security perimeters, and optimal
configuration of security devices on the network infrastructure. Installed, configured and tested various security
products for readiness requirements to increase system/network security
• Developed standardization and interoperability documentation, and test plans in support of Defense Messaging
System (DMS) Transitional User Agents. Conducted testing and evaluation
• Certified Certificate Authority Workstation (CAW) Administrator. Provided guidance and direction in the
methodologies for the DMS infrastructure
Information Assurance Analyst
Lead IA analyst supporting the United States Agency for International Development (USAID) PRIME contract.
Developed and implemented the Information System Security Program. Ensured the integrity and protection of
networks, systems, and applications by technical enforcement of organizational security policies. Developed
certification and accreditation documentation including Incident Response and Contingency Plan.
• Performed system audits and vulnerability assessments ensuring full compliance
• Authored the General Support System Security Plan for the Enterprise Network migration plans to Windows 2000
• Key author of the State of Maryland Security Policy, including the Data Center Remote Access Policy. Worked
closely with state agencies and institutions to ensure policy took into account unique business needs, best practices
and were tailored for client’s environments
RGII Technologies Corporation Annapolis MD March 1998 – April 1999
Information Assurance Analyst
Provided support to the Navy Space and Warfare Systems Center Charleston, Supporting the Naval Medical
Information Management Center (NMIMC) Enterprise network Certification and Accrediation.
• Performed network/system assessments as related to system accreditation procedures and protected information
resources using advanced Vulnerability Assessment techniques and technologies
• Developed Certification and Accrediation artifacts in support of operations capabilities
• Developed a turnkey Security Awareness Training program and all associated curriculums
• Conduct training, awareness exercises and seminars for users and administrators as directed by the COR,
including annual information assurance training, awareness briefings, and new employee orientation
6
DARLENE R. YOUNG
• Researched requirements for the Protection of Health Information (PHI). Prepared supplemental technical papers
ensuring security requirements were met
TELOS Corporation Arlington VA (Pentagon) September 1997 – March 1998
Information Assurance Analyst
Direct support to the Director of Security, Single Agency Management, Information Technology Services, Pentagon.
• Developed the IA policies and procedures for insertion into the Pentagon Security Manual
• Authored several papers for the SAM on network security, intrusion detection, and virus protection
• Conducted system analyses on SAM networks/systems, and provided reports of findings and mitigation
recommendations for risk mitigation and reduction of overall risks
• Responsibilities including Certification and Accrediation for all of SAM systems and network
• Conduct Information Assurance training, awareness exercises and seminars for users and administrators, including
annual information assurance training, awareness briefings, and new employee orientation
United States Navy
Cryptologic Technician Administration Senior Chief (CTACS) June 1980 – October 1997
Defense Courier Service Ft. George G. Meade, MD November 1995 – October 1997
Information Assurance Manager/Assistant Special Security Officer
Principle advisor to the Commander Defense Courier Station Ft Meade, exercised through USTRANSCOM supporting
global courier networks and facilities for the expeditious, cost-effective, and secure distribution of highly classified
and sensitive material. Responsibility included Certification and Accrediation management for all Defense Courier
Stations
• Served as the advisor and representative for matters pertaining to Security Management, Special Security
Officer duties and SCIF matters, including physical security requirements for courier stations worldwide
• Ensured personnel security investigations, clearances and accesses were properly recorded and maintained
• Developed security procedures, including visitor control to all courier stations. Conducted site visits, Information
Assurance training, awareness exercises and seminars for users and administrators, including annual information
assurance training, awareness briefings, and new employee orientation
7
DARLENE R. YOUNG
Naval Computer and Telecommunications Area Master Station Eastern Pacific Wahiawa Hawaii
November 1992 – October 1995
Assistant Special Security Officer/Administrative Manager
Assistance SSO reporting directly to the Commanding Officer. Managed the Information Security (INFOSEC)
program command wide. Directed SSO staff, controlled all classified materials, Sensitive Compartmented Information
(SCI) and Special Access Programs. Top Secret Control Officer. Conduct Information Assurance training for
commend personnel, including annual information assurance training, awareness briefings, and new employee
orientation. Managed oversight and control off all Personnel Security Investigations.
• Managed all Visitor Access Control to command SCI Facilities
• Managed and tracked all security violations and incident handling
Naval Security Group Activity Northwest Chesapeake VA November 1989 – September 1992
Administrative Manager/Command Career Counselor
Provided direct support to the Commanding/Executive Officers as the Administrative Manager, ensuring operationally
readiness. Performed additional duties as the Command Career Counselor - lauded by the Commanding Officer for
services provided to the entire command staff. Received numerous awards for the Command Career Programs
Naval Security Station Washington DC May 1986 – August 1989
Administrative/Security Assistant
Performed administrative functions including personnel and security duties for the Naval Security Station. Supervised
and oversight of supporting staff. Maintained control of all incoming and outgoing materials and mail for the
command and the HQs Naval Security Group
Defence Courier Station Pacific GUAM March 1984 – April 1986
Defense Courier
Provided Courier Services to Department of Defense, and Diplomatic Courier Services for the expeditious, cost-
effective, and secure transmission of qualified classified documents and material worldwide. Developed standard
operation procedures for DCS staff ensuring control of all materials worldwide. Provided emergent responses for
delivery and transfer of qualified shipments during contingencies and emergency activities.
• Performed duties as the Security Assistant to the Officer In Charge
Naval Security Group Activity Adak AK March 1982 – March 1984
8
DARLENE R. YOUNG
Administrative Assistant/Technician
Performed administrative functions including personnel and physical security duties for the Naval Security Group and
Intelligence Community.
9
Contact this candidate