Information Systems Security Analyst
Resume:
Resume of Michael B. (Bruce) Dowdy
Akron, AL 35441
Cell: 205-***-****
Email: ad07qj@r.postjobfree.com
OBJECTIVE:
An opportunity in a team environment with a stable, yet growing business where my extensive hands-on technical experience and ability to lead and mentor others will be of value. To be employed in work place to utilize my twenty-five (25) years of experience in the system administration, field engineering and data communications fields.
.
EDUCATION:
1979 – 1983: AS Computer Science (Gadsden State Community College, Gadsden, AL)
1979 – 1984: AS Digital Electronics (Community College of the Air Force)
1999 – 2001: BS Computer Information Systems (University of Maryland College/Almeda College)
2001 - 2003: MS Information Technology (Almeda College)
2010 – 2013: BS Network Engineering (Western Governors University)
CERTIFICATIONS:
CompTIA Certified A+
CompTIA Certified Network+
CompTIA Certified Server+
CompTIA Certified Security+
CompTIA Certified Project+
CompTIA Certified Storage+
Cisco Certified Network Associate (CCNA)
EMC Certified Information Storage Associate (EMC-ISA)
IBM Cyber Security Analyst (CSA)
Information Technology Infrastructure Library Certified Professional (ITIL)
Microsoft Certified Technology Specialist (MCTS Workstation and Server)
Microsoft SQL Database Administrator (MSDBA)
Novell Certified NetWare Engineer (CNE)
Oracle Database Administrator (DBA)
Red Hat Certified Engineer (RHCE)
SUN/Oracle Certified Systems Engineer (SSE - Workgroup and Enterprise)
VMware Certified Associate Datacenter Virtualization (VCA-DCV)
VMware Certified Professional VCP
VMware vExpert
Linked-in profile: https://www.linkedin.com/in/bruce-dowdy-3271211b8/
References provided upon request
PROFESSIONAL EXPERIENCE:
Senior Information Security Analyst
November 2022 to Present
9th Way Insignia Technologies
Remote (Work from Home), Ashburn, VA
Currently serving as a contract Senior Security Analyst Supporting the Veterans Administration Consolidated Mail Out Pharmacy. Worked with six pharmaceutical production (Prescription fulfillment and mail out) sites/facilities to ensure Authority to Operate security measures were in place, active, in practice, and documented in the VA Enterprise Mission Assurance Support Service (eMASS). Worked with facility level Information System Owners and System Stewards to analyze, document and support security practices and measures of the facilities in order to maintain the “Authority To Operate” as awarded on an annual basis post security profile review.
Supported VA customers in managing complex system records in the Enterprise Mission Assurance Support Service (eMASS) cloud based system, preparing each eMASS organizational instance for system Authority to Operate (ATO) processes and created (or gathered and added to the existing repository) Artifacts, control implementation details, and Plans of Action and Milestones (POA&Ms).
Worked on a daily basis with the eMASS systems Risk Management Framework (RMF), and security compliance processes including Federal Information Security Management Act (FISMA) artifacts and documented processes. Familiarized myself with the Federal Information System Controls Audit Manual (FISCAM) criteria and applied that knowledge in support of organizational Security measures and profiles. Supported each site through Information Security Continuous Monitoring (ISCM), RMF automation, and Comply to Connect Memorandums of Understanding and Interconnect Systems Agreements MOU/ISA documentation.
Used guidelines published by National Institute of Standards and Technology (NIST) 800-53, 800-37 and other related guidelins in managing security controls. Was trained on the Governance, Risk Management, and Compliance (GRC) security documentation tools and methods on an annual basis and through monthy workshops and training seminars.
Regularly facilitated meetings. Reviewed and analysed authorization documents and associated Artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinated directly with system team stakeholders to complete security control and implementation of control standards are required by the VA 6500 compliant Standard Operating Procedures.
As a part of a monthly and quarterly tasking, generated security scan reports and prepared Plans of Action and Milestones (POA&Ms) based on any security issues that were detected in those scans. Also reviewed and prepared Plans of Action and Milestones based on trends found in scans for Security Configuration and Compliance Data (that failed to meet the Security Technical Implementation Guides [STIGs] set forth by VA requirements.
Maintained the currency and compliance of each Security Control and its associated Assessment Procedure (APs) and Control Correlation Identifiers (CCIs) as required by National Standards and Technology (NIST) guideline SP800-53. Also followed security guidelines as set forth in Veterans Administration Directive Handbook 6500.
Currently working with each facility to prepare for the Authority To Operate ATO review for six facilities under review.
Information Systems Security Analyst (InfoSec/ISSO)
August 2019 through Sept 2022 (recently retired)
Veterans’ Health Administration (VHA), Department of Veterans Affairs
Tuscaloosa VA Medical Center, Tuscaloosa, AL
Previously served as Technical Computing SME and the Information Systems Security Officer (ISSO) in support of a Veterans Administration Medical Center facility and report to the Southeastern District Information Systems Security Manager (ISSM) for VA Development, Security and Operation division (DevSecOps).
Top Technologies Used:
SharePoint
Microsoft Office 365 (Outlook, Teams, Word, Excel, Access, One Note)
Microsoft Windows
Linux RedHat
ICAMP (VA Specific – based on SharePoint and Microsoft SQL)
CMAT (VA Specific- based on Virtual Basic and Microsoft Access)
ART (VA Specific – Uses Microsoft Teams and One Note)
Service Now (COTS ticketing, issue tracking and problem resolution)
EMASS - Enterprise Mission Assurance Support Service (RMF, GRC and ATO system)
VA Facility Information Systems Security Officer:
Ensure that IT security weaknesses are identified and external or internal findings are documented
Ensure that issues are mitigated or resolved as needed to ensure the integrity of IT systems and the employees who work with those systems
Examine audit logs to ascertain anomalies of the station's information security program relative to the protection of confidentiality, availability, and integrity of Information Systems and employees who work with those systems
Perform Security Controls review and document the station's information security program by performing internal control and security investigations, then review the results and provide reports as required
Make recommendations to management for corrective action regarding security incidents to ensure the integrity of IT systems and employee.
Facilitate and coordinate the gathering, analysis and preservation of evidence used in addressing security violations
Maintain a comprehensive knowledge of IT security principles, methods and IT security products and services sufficient to evaluate and recommend the acquisition, implementation and dissemination of IT security tools, policies, procedures and practices to protect the VA and local Information Systems, networks and data
Have acquired and possess needed and necessary analytical skills sufficient to update contingency and/or disaster recovery plans in response to new security requirements or changes in IT architecture
Perform monitoring of current systems security measures, change management, daily operations and audits of data network and the related security appliances, wireless data network and network cable infrastructure
Monitor workstation security operations and the remediation and evaluation of workstation security profiles
Audit datacenter operations and changes to datacenter, upgrades and decommissioning of services and equipment. Audit and monitor data security system testing, evaluation, troubleshooting and remediation. Ensure Governance, Risk Manage and Compliance is up=to date with the latest requirements for the following:
PCI (Payment Card Industry data security standards and compliance)
SOX (Sarbanes Oxley financial data computing compliance)
SOC (Service Organization Control - including SOC 1, SOC 2, SOC 3)
Rapid Incident Response to any flag, alarm, intrusion or finding:
Data Loss
Firewalls configuration changes
Firewall tampering detection)
Network or Datacenter Intrusion
In working with the CRISP team (Continuous Readiness in Information Security Protection) and also as an ISSO for the Tuscaloosa VA Medical Center, I gained experience with policy development utilizing NIST special publications, specifically RMF and NIST security controls (SP 800-37, 800-53).
I consider myself to have an expert level of Microsoft Office skills, specifically in Microsoft Word, Excel and PowerPoint
As a VA ISSO, one of my daily tasks was to apply information security and assurance principles
Experience in security policy-driven approaches for various modalities (i.e., devices, technologies, platforms) of data storage and transmission.
As ISSO. reviewed and replied to Requests for Information from research partners utilizing current VA Handbooks, Directives, and NIST guidance within a standardized timeframe
Prepared monthly, quarterly, semi-annual and annual risk analysis and vulnerability assessments.
Constantly communicated with key stakeholders, process owners, and customers to manage expectations, eliminate gaps, and ensure success.
Periodically, and as a part of the duties of VA site ISSO, developed and conducted security related training to staff members.
Performed information security reviews in accordance with FISMA reporting
As ISSO, worked directly with VA staff members and clients to provide solutions
In working with the CRISP Team and also as an ISSO for the Tuscaloosa VA Medical Center, I contributed to the revision and development of VHA Research and Development Policies based on Handbook 1200, VA 6500 Handbooks and Directives, data security and governance, and my past experience with HIPAA
Worked directly with Medical Research and advised and consulted on security considerations specific to research environments
As the Chief of Information Systems Engineering for the Armed Forces Institute of Pathology and as the ISSO for the Tuscaloosa VA, I worked with research scientific computing devices, including many laboratory specific systems and computer-controlled devices.
I worked with local and VA wide stakeholders and conducted security reviews and conducted annual Security Incident Response training on special purpose systems – operational technology
My performance reviews show that I always provide excellent customer service and demonstrate organization skills
Strive to provide excellent verbal and written communication
Demonstrated the ability to work flexibly in a very fast-paced environment
Currently have over eight years of experience supporting the VA
Hold a Public Trust level T4 clearance and Recently (within the past 12 months) held an SSBI based Top Secret SCI clearance
Ensure that all work or systems change requests is processed through and coordinated with the VA Security, Operations and Development Offices and teams.
ATO (Authority To Operate) Systems Steward (eMASS Coodinator):
Experience with managing complex system records in the Enterprise Mission
Assurance Support Service (eMASS) tool
Experience with supporting system Authority to Operate (ATO) processes and creating artifacts, control implementation details, and POAMs (Plan of Actions and Milestones)
Experience with National Institute of Standards and Technology (NIST) security
controls, the Governance, Risk Management, and Compliance (GRC) security
documentation tool, Risk Management Framework (RMF), and security compliance
processes
Certification in the ITIL Guidelines and Governance Procedures
Ability to facilitate meetings, analyze authorization documents and associated artifacts
against authorization requirements to identify gaps, establish a schedule to address
outstanding authorization requirements, and coordinate directly with system team
stakeholders
Currently have and maintain a Public Trust T-4 Security Clearance
Excellent written and verbal communication skills
Information Technology Specialist (IT)
August 2014 through August 2019
Veterans Health Administration (VHA), Department of Veterans Affairs
Tuscaloosa VA Medical Center, Tuscaloosa, AL
Served as Computer Specialist and information systems security analyst for the Department of Veterans Affairs. Assigned to a program designated as Continuous Readiness in Information Systems Protection [CRISP]) and also served as a network and computing infrastructure support specialist (Tier III)
Top Technologies used:
Microsoft Office 365 (Outlook, Lync or Teams, Word, Excel, Access)
Operating Systems - (Microsoft Windows and Red Hat Linux)
Servers - (Dell, HP and Cisco UCS)
Storage Systems - (EMC VNX, Cisco UCS and HP 3PAR)
Switches - (Cisco and Brocade)
Load Balancing - F5 Big IP (3600), F5 VIPRON, F5 LTM
Workstation Management - DBAT (VA Specific Workstation Discovery and Reporting Tool based on Microsoft SCCM Server)
Cloud Computing and Virtualization - VMware (ESXi, NSX, VDI [Horizon/View], Azure, AWS
Workflow - Service Now (COTS ticketing tool for issue tracking and problem resolution)
Security Management – Risk Management Framework, Governance, Risk & Compliance, NIST 800, ISO 9000, Sarbanes-Oxley, PCI Card Processing, Secure Communications (Information Assurance) Methodologies, Enterprise Mission Assurance Support Service
Cyber Security Analyst:
Served as information systems security analyst (Veterans Affairs Program: Continuous Readiness in Information Systems Protection [CRISP]) and network infrastructure support specialist
Assist with workstation and printers (repair, addition, modification and replacements)
Prepared systems documentation - documented configuration management of service delivery infrastructure (electrical, data wired, storage systems, and server systems) and network devices
Supported the local Office of Information and Technology at the local facility as a Red Hat System Administrator to support the Veterans Administration Hospital Electronic Records System (VistA) and Server Platforms
Provide support on operating system and application delivery systems security; included physical network and virtual infrastructure design, implementation and maintenance
Research, design, document, and apply security measures. Implement systems and network security measures for workstations, application servers and desktop systems
Performed network monitoring, change management, maintenance and documentation for data network and the related security appliances, wireless data network and network cable infrastructure.
Performed workstation security, tested, remediated and evaluated workstation security profile (to include monitoring security threats using Proofpoint Office 365 protection system for threat analysis)
Cloud Computing Specialist:
Worked with VMware ESXi for Server and workstation virtualization
Employed NSX for security in the design & configuration of workload infrastructures.
Implemented NSX within the shared VA Hybrid Cloud environment for specific departmentalization of computing structures
Supported cloud-specific applications, and multi-cloud environments.
Patched and managed VA workstation VDI environment on Nutanix and Dell servers
Employed BASH Shell and PowerShell Scripting within the Ansible framework to automate patching and other management and monitoring tasks for automating system administration.
Used VA tool ServiceNow for ticketing and problem resolution.
Provide datacenter operation and enhancement recommendations to local administrator and network engineer and assist with datacenter changes, upgrades and decommissioning of services and equipment. Perform data security system testing, evaluation, troubleshooting and remediation
Work with hardware products such as: Cisco (UCS, 3750, 3850, 4507 and 6509 Switches, Nexus Switches (5K/2K/1K), Brocade Fiber Switches, NetApp Filer and EMC VNX Storage.
Work with VMware products such as VMware vSphere ESXi, vCenter Management server, Horizon/View workstation (VDI) virtualization and mobility computing, NSX [software defined networks and security], vReplication Server, vShield virtualized network security components, and Site Recovery Manager datacenter virtualization redundancy and recovery products
Worked with networking wired/fiber infrastructure (adds, changes, modifications) and documentation of local network
Assist with workstation and printers (repair, addition, modification and replacements)
Performed systems administration of systems and created management and maintenance scripts using BASH Shell Scripts, Pearl and PowerShell.
Prepared systems documentation - documented configuration management of service delivery infrastructure (electrical, data wired, storage systems, and server systems) and network devices
Application Delivery Systems SME/VMware Engineer (Contract)
Cloud Technologies - Hosting and Operations Division - April 2014 through August 2014
US Courts, Administrative Offices, San Antonio, Texas
Served as Subject Matter Expert on application delivery systems and virtualization technologies, methods and cloud architectures. Provided expert advice, design and direction on application load balancing and application delivery systems Duties included virtual infrastructure design, implementation and maintenance. Designed, documented, submitted for approval and implemented advanced technologies (such as application load balancing, application connection persistence, application availability measures, and clustered technologies (for both application server and virtual desktop compute clusters).
Top Technologies used:
Operating Systems - Red Hat Linux, Microsoft Windows, Server, Apple MacOS
Office Automation - Microsoft Office 2010 & 365 (Outlook, Lync, Word, Excel, Access)
Ticketing and Workflow - BMC Remedy
Server Platforms - Dell and HP
Load Balancing - F5 Big IP (3600), F5 VIPRON, F5 LTM
Storage Area Networks - HP EVA, C7000, 3PAR, EMC VNX, (Hitachi HSP, VSP)
Networking (Routing, Switching, Filtering, Access) - Cisco UCS, Catalyst, Nexus, Dell Iron Port
Virtualization – Azure, KVM (Red Hat), VMware
Duties included:
Overall systems evaluation and design analysis, documenting current design, recommending improvements. Conducted configuration examinations, systems change monitoring and overall systems change management. In order to make valid and informed analysis, performed:
Testing
Evaluation
Troubleshooting
Remediation and Improvements
Also recorded all changes and updated systems documentation.
Provided systems manager system evaluations, recommended improvements and documentation updates weekly.
Ensure that all work or systems change requests is processed through and coordinated with the Cloud Team’s Security, Operations and Development group.
Specific service delivery and change scope including (but was not limited to) the following::
P2V conversions
V2V conversions
Automation of virtualization operations and
Network monitoring,
Security design
Services implementation
System audits
Infrastructure reviews
Evaluation and reporting of service delivery cloud infrastructure: (to include)
Compute
Storage
Networking
Security
Backups and site recovery readiness
Local and Global datacenter load balancing function analysis
Applications delivery operations
Worked with various operating systems including Microsoft Windows, HP-UX and Red Hat Linux
Provided datacenter inter-operation, load-sharing and performance recommendations.
Served on the Change Management Recommendations Team. Prepared Service Level Agreements (SLAs) and Instructional Operating Procedures (IOPs) for many facets of the Cloud Technologies Hosting and Operations division.
Virtualized Systems Architect/Virtualization Engineer (Contract 2 Months)
Feb 2014 through Apr 2014
State of Florida, Northwood Shared Resource Center,
Tallahassee, Florida
Served as Technical Consultant and SME on application virtualization technologies, Backup technologies and Datacenter automation methods and architectures. Assisted with workload management on virtualization platforms (Microsoft Hyper-V and VMware ESXi).
Top Technologies used:
Operating Systems - Red Hat Linux, Microsoft Windows, Server, Apple MacOS
Office Automation - Microsoft Office 365 (Outlook, Lync, Word, Excel, Access)
Ticketing and Workflow - BMC Remedy
Server Platforms - Dell and HP
Storage Area Networks - HP EVA, EMC Symmetrix, Hitachi HSP, VSP
Networking - Cisco UCS, Catalyst, Nexus, Dell Iron Port
Load Balancing - F5 Big IP (3600), F5 VIPRON, F5 LTM
Virtualization – Azure, KVM (Red Hat), VMware
Duties and assigned responsibilities:
Provided expert advice and direction on virtual infrastructure design, implementation and maintenance.
Participate in performance of virtualization, P2V conversions, automation of virtualization operations, security design, Cloud Computing components and services implementation, system audits
Performed infrastructure reviews
Evaluated data floor equipment (compute, storage, networking and security)
Provided datacenter components recommendations
Tested, evaluated, troubleshot and repaired equipment as needed
Assisted in design, implementation and management of structured data storage systems:
Setup, maintained and managed products such as HP Data Protector
Managed Fiber Channel Switches
Implemented data protection (data backup, data migration, disk journaling, various disk RAID levels) and disaster recovery programs using such tools as Veritas disk suite, UFS, JFS, Tivoli Storage Manager, HP Data Protector, SUN SAM-FS
Worked with hardware products from IBM, DEC, HP, Storage Tek, ADIC and SUN/Oracle
Extensive experience designing data protection systems and facilities for 24x7 mission-critical operations.
.
Network Systems Engineer/Technical Project Manager (Contract – 6 Months)
July 2013 Through Dec 2013
Mercedes-Benz, Vance, Alabama
Employed as a consultant to engineer, design, and implement a Cisco-based infrastructure for the Mercedes Benz Logistics Center that serves as the supply and storage facility for Mercedes Benz United States, International (MBUSI). This infrastructure integrates into the international enterprise data network of Mercedes-Benz automobile manufacturing, world-wide.
Top Technologies used:
Operating Systems - Red Hat Linux, Microsoft Windows, Apple MacOS
Office Automation - Microsoft Office 2010 (Outlook, Lync, Word, Excel, Access)
Ticketing and Workflow - BMC Remedy
Server Platforms – IBM, Dell and HP
Load Balancing – Cisco, F5 (Big IP, F5 LTM)
Storage Area Networks IBM FAStT, IBM Shark, EMC Symmetrix
Networking - Cisco UCS, Catalyst, Nexus, Nokia Secure Communications Platforms
Duties and assigned responsibilities:
Selected, recommended for purchase, received, configured, implemented, documented and supported Cisco components, based on the Catalyst and Aironet product lines to support a single mode fiber based, virtual switching system (VSS) switch architecture, wireless mesh and quality of service (QoS) voice over IP (VOIP) integrated data and voice infrastructure.
Equipment selected for this project includes: Catalyst 6500, 4500, 3750X, 3560 and 2960, Aironet Wireless Mesh AP controllers (5500 series) and multiple access point models (1260, 2600 and 3600e series), Mediatrix analog gateway (Telephony/Fax) and Siemens VOIP Telephony system.
Performed documentation of this project using products such as: Microsoft Project, Microsoft Visio, Command (cabling infrastructure documentation facility), QIP (IP network infrastructure documentation facility), Spectrum (maintenance and monitoring facility), and Remedy Business System Management (ticketing and change management facility).
Extensive experience designing data communications systems and facilities for 24x7 mission-critical operations.
Systems Design Engineer (Virtualization)/Private Cloud Architect (Contract)
June 2012 – June 2013
Department of Defense/Department of Homeland Security
Redstone Arsenal, Alabama/Schriever AFB, Colorado/Stennis Space Center, MS
Information Systems Engineer – Cloud Computing
.
Information Systems Services Coordinator (Spine Care Center – Full Time)
January 2011 - May 2012
DCH Health Systems – Tuscaloosa, Alabama
Information Systems Engineer – Medical Systems Analyst
.
Senior Network & Computing Systems Virtualization Engineer Millennium Consulting (Contract)
May 2009 – November 2010
Mississippi Department of Education - Meridian, Mississippi
Information Systems Engineer - Consultant
Senior Systems Engineer (Level 4 - Full Time Employment)
June 2007 – June 2009
Venture Technologies – Birmingham, Alabama.
Information Systems Engineer – VAR Consultant
Enterprise Computing Systems Consultant (Contract – 12 Months)
June 2006 – June 2007
Crabtree Computer Services – Birmingham, Alabama
Information Systems Engineer - Consultant
.
Computing Systems/Network Engineer/CTO (Contract – 24 Months)
June 2004 – June 2006
Intec – Birmingham Alabama
Information Systems Engineer - Consultant
..
Systems/Network Engineer (Contracted directly with Mississippi Dept of Education – 12 Months)
June 2003 – August 2004
Mississippi Department of Education – Jackson, Mississippi
Information Systems Engineer - Consultant
.
Senior Enterprise Systems Engineer (Contract 12 Months)
March 2002 – June 2003
Pomeroy Computer Resources Birmingham, Alabama
Information Systems Engineer - Consultant
.
Senior Technology Consultant (Contract – 6 weeks)
Feb 2002 – March 2002
Digital Connections, Inc. Nashville, TN
Information Systems Engineer - Consultant
.
Networking and Computing Systems Engineer (Contract 24 Months)
Jan 2000 – Feb 2002
SCB Computer Technologies Jackson, MS
Information Systems Engineer - Consultant
.
Systems Programmer/Midrange Systems Manager (Full time Employee)
Sept 1997 – Dec 1999
West Virginia University Hospital, Morgantown, WV
Information Systems Engineer – High Performance Systems Computing Manager
.
Network Systems Engineer
Jan 1995 – Sept 1997
US Connect/Networks, Inc. Chattanooga, TN
Information Systems Engineer - Consultant
.
Manager of Information Management (Contract 12 Months)
Jan 1994 – Jan 1995
Dixie Tool and Die Company, Gadsden, AL
Information Systems Engineer - Consultant
Chief, Information Systems Engineering Division (Full-Time Employee – Dept of Army)
Oct 1991 – Jan 1994
Armed Forces Institute, Washington, D.C
Chief Information Systems Engineer – Management of the computing infrastructure for the Armed Forces Institute.
Computer Specialist/Computer Programmer Analyst (Full-Time Employee)
March 1986 – Oct 1991
Anniston Army Depot and Mainz, Germany
US Government – Department of the Army Civilian
.
Electronics Integrated Systems Mechanic (Missile Systems Electronics Division)
(Full-Time Employee – Dept of Army)
April 1981 – March 1986
Anniston Army Depot and Mainz, Germany
US Government – Department of the Army Civilian
.
References Provided Upon Request
Contact this candidate