GladysCurtiss
USACitizen
DOJUSMS/NTT-MAMAGRLLC/Guidehouse
SeniorInformationSystemSecurityOfficer
January2020–July2023
● Providessupportforaprogram,organization,system,orenclave’sinformationassurance program.
● Maintainsoperationalsecuritypostureforaninformationsystemorprogramtoensure informationsystemssecuritypolicies,standards,methodologies,andproceduresareestablished andfollowed.
● Assistswiththemanagementofsecurityaspectsoftheinformationsystemandperforms day-to-daysecurityoperationsofthesystem.
● FollowingNIST800-53andFedRAMPrequirements
● Evaluatesecuritysolutionstoensuretheymeetsecurityrequirementsforprocessingclassified information.Performsvulnerability/riskassessmentanalysistosupportcertificationand accreditation.
● PreparesandreviewsdocumentationtoincludeSystemSecurityPlans(SSPs),RiskAssessment Reports,CertificationandAccreditation(C&A)packages,andSystemRequirementsTraceability Matrices(SRTMs).SupportssecurityauthorizationactivitiesincompliancewithNational InstituteofStandardsandTechnologyRiskManagementFramework(NISTRMF).
● ProvidesupportfortheATOprocessdocumentation,MitigationsPlanofAction&Milestones, PrivacyImpactAssessment,DisasterRecoveryPlan,IncidentResponsePlan,BusinessImpact Analysis
● UseeMASS/CSAMtostoreandtracksecurityrelatedartifactsanddocumentationrelatingtothe productAuthoritytoOperate(ATO).
● ProvideCloudAWSsupportmonitorAWSconsoleandserversactiveonandoffpermises
● Monitorandconductanalysisaroundsecurityalertsfromavarietyofnetwork,endpointand cloud-basedsensorsandsources(e.g.signaturebasedIDS/IPS,EDR,networkinfrastructure, identityandaccesscontrollogs,etc.).
● Investigationsandmitigationofsecuritythreats.
● Ensureaccuratedocumentationofanalysisfindings.
● Assistinresolvingsecurityincidentsandcontributetoincidentreports.
● Regularlycommunicatewiththeteamthroughmeetings,workflowtracking,andincident managementsystems.
● Collaboratewithsub-componentorganizationsandexternalentities.
● PrepareIncidentReports,After-ActionReports,andSOCAnalysisreports.
● Supporttheoperationandtuningofmonitoringandanalysiscapabilities(e.g.detection signatures,correlationrules,automationplaybooks,etc.)
● Supporttheassessment,testing,anddeploymentofnewmonitoringandanalysiscapabilities(e.g. sensors,cross-capabilityandexternalintegrations,etc.).
●
● Establishprojectgoalsandsuccessfactors,developprojectplans,budgetsandscheduleswith inputandbuy-infromkeystakeholdersandteammembers.
● Collaboratewithstakeholdersindevelopingrepeatableinformationassuranceandcybersecurity processesandaidSecurityControlAssessorsinsupportoftheAssessmentandAuthorization process.
● Providerecommend,install,configure,operate,andmaintainclient-approvedITsecuritytools andapplicationstosupportoverallinformationassuranceactivities
● Assistwithpreparationandmaintenanceofdocumentation
● Assistintheevaluationofsecuritysolutionstoensuretheymeetsecurityrequirementsfor processingclassifiedinformation
● AssistwiththeCMforinformationsystemsecuritysoftware,hardware,andfirmware
● DevelopandmaintaindocumentationforC&Ainaccordancewithguideline
● Developsystemsecuritypolicyandensurescompliance
● Evaluatesecuritysolutionstoensuretheymeetsecurityrequirementsforprocessingclassified information
● Maintainoperationalsecuritypostureforaninformationsystemorprogram
● DevelopandupdatethesystemsecurityplanandotherIAdocumentation
● AdministertheuseridentificationandauthenticationmechanismoftheInformationSystem(IS) FederalAviationAdministrationFAA/KnowledgeAnalyticsIncKAI ITAuditor
April2019-October2019
● DevelopFISMAReportingworkflowandprocessplanfor"FISMACIOandPrivacyReporting Metrics”toenhancetheefficiencyofdatacalls,datacorrelationandroll-up,andreportingof agencyFISMAresponses.
● Correlate"FISMACIOandPrivacyReportingMetrics”toOpenActionItemsfromcurrentand prioryearFISMAaudits.Evaluateautomatedcapabilitiestotrack"FISMACIOandPrivacy Metrics”reportingdatacallsandresponsesasrequested,providesupportforFOIArequestand documentationfollowup.
● Assistswiththedevelopmentofanauditworkflowandprocessplanforauditstoenhancethe efficiencyofauditcoordination,datacalls,responsesandremediationeffortsrelatedtoaudit findings.
● Attendauditmeetings,conductdatacallsinsupportofallauditsasdirected.Reviewaudit findingsfortechnicalaccuracyandrecommendcorrectivesolutionsCorrelateauditfindingsto OpenActionItemsfromcurrentandprioraudits,Maintainandtrackstatusallexistingopenaudit findingstoclosure.
● Evaluateautomatedcapabilitiestotrackallauditdatacalls,responsesandremediationefforts. Assistswiththedevelopmentofandimplementanautomatedcapabilitytotrackallauditdata calls,responsesandremediationefforts,inclusiveofpopulationandmaintenanceofautomated capability.
● Assistwiththedevelopmentofaninternalcomplianceworkflowandprocessplantoenhancethe efficiencyandaccuracyofcomplianceaudits.Assistwiththedevelopmentofcompliance requirementsframeworkstoincludethemostcurrentlegislative,departmental,andagency requirementsasrequested.Assistwiththedevelopmentandimplementationofcompliance communicationsandprogrammanagementplansasrequested.
● SupportandparticipateinIS&Pcompliancereviews,inclusiveofgatheringandenteringdata, verifyingtheaccuracyofdatasubmitted,analyzingandreportingresults,draftingnoticesof findings,recommendingremediationoptions,andmonitoringandreportingtheprogressof remediationactivities,create,modifyandclosePOA&M,
● Administerbaselinecomplianceassessmentforpersonallyidentifiableinformation(PII)Systems andconducttargetedcompliancereviewsasneeded.Supportincludesgatheringandentering data,verifyingtheaccuracyofdatasubmitted,analyzingandreportingresults,draftingnoticesof findings,recommendingremediationoptions,andmonitoringandreportingtheprogressof remediationactivitiesandsupportingsystemAuthoritytoOperate(ATO).
● PerformPrivacyContractReviews,whichrequirescoordinationwithContractingOfficers. ReportfindingsanddevelopremediationplansasdirectedandRiskManagementFramework
(RMF).
CentersforMedicare&MedicaidServices(CMS)/Ernst&Young,/I-Visionet ITSecuritySeniorStaffAuditor–(SeasonalAuditor)
May2016–December2018
● Evaluatedthedesignandeffectivenessoftechnologycontrolsthroughoutthebusinesscycle.
● IdentifiedandcommunicatedITauditfindingstoseniormanagementandtheclient.
● Supportedspecificrequirementsforhardwareandsoftwareevaluation,systemsmanagement,or systemdevelopmentmaintenanceandsupportingsystemAuthoritytoOperate(ATO).
● ProvidedITsupportusingbestpracticesinconjunctionwithexistingpolicyandprocedures withinaGovernmentinfrastructureenvironment.
● Performedsystemsanalystdutiesrelatingtotheevaluationofcomputerhardwareandsoftware.
● Providedsupportinestablishingandmaintainingadequateinformationresourcemanagement solutionsandRiskManagementFramework(RMF).
● Conductdatacallsinsupportofallaudits,asrequired.
● Managedthedevelopmentofdetailedprojectplansandbudgetsandbeaccountableforexecuting
● Providedsupportfortheinformationresourcemanagementactivities. Asassigned,helpsupportotherdepartmentsanddivisions,servingasaknowledgeableresource ofprocesscontrolandreview.
● Helpedidentifyperformanceimprovementopportunitiesforassignedclients.
● DeliveredITsupportusingbestpracticesinconjunctionwithexistingpolicyandprocedures withinaGovernmentinfrastructureenvironment,providesupportforFOIAfollowupand documentation.
● Performedsystemsanalystdutiesrelatingtotheevaluationofcomputerhardwareandsoftware supportingGRC.
● Providedsupportinestablishingandmaintainingadequateinformationresourcemanagement solutions
● SupportedthroughtheChangeAdvisoryBoardandConfigurationmanagementcontrolsto introduceandimplementimprovementstocurrentprocessesandservicedeliverystrategy.
● ProvidedsupportfortheinformationresourcemanagementactivitiesfortheGovernmentacrossa diversesetoftechnologicalandbusinesselementsbyapplyingsoundinformationresource managementtoolsandtechniques.
TekSystems/ICMA-RC,Washington,DC
September2017–February2018
ITSeniorSecurityEngineer-Contract
● ManagedthePOA&MprocessandcoordinateswithISSM,auditors,andassessorsforinputsto supportprocesses.
● Reviewedandapproved/rejectedPOA&Mcreationtemplatesandmitigationstrategies.
● ProvidedfeedbacktoISSMs,auditors,andassessorsonrejectedPOA&McreationTemplates, MitigationStrategiesARs,andevidencepackages.
● CreatedPOA&MinCSAMfollowingreviewandapprovalbythetechnologyoffice.
● Reviewedsysteminformation(includingsystemsecurityandprivacyinformation)andsystem securitydocumentationinCSAMtoensureitisup-to-date.
● SupportedspecificrequirementsforhardwareandsoftwareevaluationsupportingGRC,systems management,orsystemdevelopmentmaintenance,andsystemAuthoritytoOperate(ATO) processes,andcreatingartifacts.
● ProvidedITsupportusingbestpracticesinconjunctionwithexistingpolicyandprocedures withinaGovernmentinfrastructureenvironment.
● Performedsystemsanalystdutiesrelatingtotheevaluationofcomputerhardwareandsoftware.
● Providedsupportinestablishingandmaintainingadequateinformationresourcemanagement solutions.
● Managedthedevelopmentofdetailedprojectplansandbudgetsandbeaccountableforexecuting
● Providedsupportfortheinformationresourcemanagementactivities. Asassigned,helpsupportotherdepartmentsanddivisions,servingasaknowledgeableresource ofprocesscontrolandreview.
● Maintainedcurrentsoftwarelicensesandensuredsecurityrelateddocumentationiscurrentand accessibletoproperlyauthorizedindividuals.
● Conducteddatacallsinsupportofallaudits,asneeded.
● ProvidedsupportthroughtheChangeAdvisoryBoardtointroduceandimplementimprovements tocurrentprocessesandservicedeliverystrategy.
● SupportedtheinformationresourcemanagementactivitiesfortheGovernmentacrossadiverse setoftechnologicalandbusinesselementsbyapplyingsoundinformationresourcemanagement toolsandtechniques.
● ValidatedremediationevidenceforopenPOA&MsandsupportingdocumentationforARs.
● ClosedPOA&MsandARsuponreceiptandvalidationofenoughevidence.
● ProcessedAuditAccountabilityandresolutiontrackingsystem(AARTS)POA&MsinCSAM workingwiththeofficeofthecomplianceofficer(OCO)toobtainremediationevidence.
● SupportedRiskAssessmentsandreviewsystemauditingscan;usingIAtools:Nessus,emass, Xacta,andSplunk.
● ProcessedGuarantyAgency(GA)reviewPOA&MS.
APEX/GlobalNetwork/NoFederal
September2016December2016
InformationAssuranceAnalyst
● Performingvulnerability/riskassessments
● MusthaveindepthknowledgeofNIST,FISMA,andOWASPcontrols/framework
● Experienceperformingorleadingsecurityaudits,aswellasanalyzinguncoveredrisks,and presentingsolutions/mitigationtechniquestouppermanagement.
● Experiencewithoperatingsystems(Windows,Linux&Cisconetworks)
● Workingknowledgeofsystemfunctions,cybersecuritypolicies,andcybersecurityprotection requirements
● Strongcommunicationskillsandexperiencepresentingtokeystakeholders/management
● Workedwithvulnerabilitymanagementtools:Qualys&Nessus
● SupportingSystemAuthoritytoOperate(ATO)Processes,andcreatingartifacts,controls implementationdetailinPOAMs
IntelliDyneLLC,FallsChurch,VA/DepartmentofJustice(DOJ) February2014–August2016
SystemSecuritySpecialist-Contract
● WorkedwithOASATRChief/SystemOwnerprovidesecuritysupportdirectlyandworkingwith GovernmentISSMsupportingsecurityoperationsassociatedwithPre-Authorization
(Certification)/CoreControlAssessment,RiskManagement,ConfigurationManagement,Change Control,andAccessControl.
● Providedguidelinestoimplementsecurityconfigurationbaselinesandreviewnewrequirements STIGEnsuresecurityconfigurationbaselinescomplywithcustomerstandards.
● SupportedRiskAssessmentsandreviewsystemauditingscans;usingIAtools:Nessus,emass, Xacta,andSnort.
● ResolvePlanofActionandMilestones(POA&M)toincluderisklevel.
● Establishedinformationassuranceandsecurityrequirementsbasedupontheanalysisofuser, policy,regulatory,andresourcedemands.
● Performedanalysis,design,anddevelopmentofsecurityfeaturesforsystemarchitectures.
● Supportedspecificrequirementsforhardwareandsoftwareevaluation,systemsmanagement,or systemdevelopmentandmaintenance.
● ProvidedITsupportusingbestpracticesinconjunctionwithexistingpolicyandprocedures withinaGovernmentinfrastructureenvironment.
● Performedsystemsanalystdutiesrelatingtotheevaluationofcomputerhardwareandsoftware.
● Providedsupportinestablishingandmaintainingadequateinformationresourcemanagement solutions.
● Monitorandconductanalysisaroundsecurityalertsfromavarietyofnetwork,endpointand cloud-basedsensorsandsources(e.g.signaturebasedIDS/IPS,EDR,networkinfrastructure, identityandaccesscontrollogs,etc.).
● Collaborateoninvestigationsandmitigationofsecuritythreats.
● Ensureaccuratedocumentationofanalysisfindings.
● Assistinresolvingsecurityincidentsandcontributetoincidentreports.
● Regularlycommunicatewiththeteamthroughmeetings,workflowtracking,andincident managementsystems.
● Collaboratewithsub-componentorganizationsandexternalentities.
● PrepareIncidentReports,After-ActionReports,andSOCAnalysisreports.
● Supporttheoperationandtuningofmonitoringandanalysiscapabilities(e.g.detection signatures,correlationrules,automationplaybooks,etc.)
● Supporttheassessment,testing,anddeploymentofnewmonitoringandanalysiscapabilities(e.g. sensors,cross-capabilityandexternalintegrations,etc.).
●
● Managedthedevelopmentofdetailedprojectplansandbudgetsandwasaccountablefor executing.
● Providedsupportfortheinformationresourcemanagementactivities.
● Assistedotherdepartmentsanddivisions,servingasaknowledgeableresourceofprocesscontrol andreview.
● Maintainedcurrentsoftwarelicensesandensuresecurityrelateddocumentationiscurrentand accessibletoproperlyauthorizedindividuals.
● ProvidedsupportthroughtheChangeAdvisoryBoard/ChangeManagementtointroduceand implementimprovementstocurrentprocessesandservicedeliverystrategy.
● AssistedtheinformationresourcemanagementactivitiesfortheGovernmentacrossadiverseset oftechnologicalandbusinesselementsbyapplyingsoundinformationresourcemanagement toolsandtechniques.
● ProficientwiththeNIST/FISMAprocesses,frominceptiontocreatingPOA&M's;Successful withauditingandreportingonnetworkandsystemsecurity,reviewsystemscananddetecting systemvulnerabilities,performingcomplexriskanalysesandriskassessment,andmitigating riskstosystemssecurity
● ProvidedknowledgeableinsightwiththeNationalInstituteStandardsandTechnology(NIST) 800series,andFederalInformationSecurityManagementAct(FISMA)
● Created/Modifiedpoliciesforcontrolsusedtoensuresecurityserviceconfigurations,andaccess controlrulesforusersaccessingresources,forallsecuritydevicesProvideSharePointsiteand contentadministrationformaintenanceofusersandsitecontentincludingadding/deletingusers, adding/maintainpermissions,creating/maintainingsites,workspaces,listsandlibraries.
● CustomizedandmaintainedSharePointportalstoautomatebusinessprocessestoprovidebetter servicetothecustomerand/orefficienciesinprogrammanagement.
● DevelopedSharePointandNintexworkflowsaswellasgeneraltroubleshootingofSharePoint andworkflowproblems.
● Gatheredrequirements,documentedprocesses,andbusinessprocessreengineering.
● Providedfront-endwebdevelopmenttechnologiesinordertoprovideknowledgemanagement supporttoneworevolvedversionsofknowledgemanagementportal Cambridge,Washington,DC/CensusBureau
February2013-February2014
InformationAssuranceSecuritySpecialist
● Providedsupportandimplementedsecuritysolutionsforoperationandmaintenancetothe InformationTechnology(IT)systemsandTelecommunications(TCO)infrastructure.
● Developedsecurityconfigurationbaselinesfortechnologycomponentsinaccordancewith FederalNISTandCenterforInformationSecurity(CIS)benchmarks.
● Workedcloselywithadministrators/systemownerstoimplementallsecurityconfiguration baselinesEnsuresecurityconfigurationbaselinescomplywithcustomerstandards.
● Conductedriskassessments,systemauditinganddatacalls.
● ResolvedPlanofActionandMilestones(POA&M)toincluderisklevel.
● Establishedinformationassuranceandsecurityrequirementsbasedupontheanalysisofuser, policy,regulatory,andresourcedemands.
● Supportedhighlevelcustomersinthedevelopmentandimplementationofdoctrineandpolicies.
● Responsibleforspecificrequirementsforhardwareandsoftwareevaluation,systems management,orsystemdevelopmentandmaintenance.
● ProvidedITsupportusingbestpracticesinconjunctionwithexistingpolicyandprocedures withinaGovernmentinfrastructureenvironment.
● Performedsystemsanalystdutiesrelatingtotheevaluationofcomputerhardwareandsoftware.
● Establishedandmaintainedadequateinformationresourcemanagementsolutions.
● Managedthedevelopmentofdetailedprojectplansandbudgetsandbeaccountableforexecuting
● Providedsupportfortheinformationresourcemanagementactivities.
● Asassigned,helpsupportotherdepartmentsanddivisions,servingasaknowledgeableresource ofprocesscontrolandreview.
● Maintainedcurrentsoftwarelicensesandensuresecurityrelateddocumentationiscurrentand accessibletoproperlyauthorizedindividuals.
● HelpedtheChangeAdvisoryBoardtointroduceandimplementimprovementstocurrent processesandservicedeliverystrategy.
● ProvidesupportfortheinformationresourcemanagementactivitiesfortheGovernmentacrossa diversesetoftechnologicalandbusinesselementsbyapplyingsoundinformationresource managementtoolsandtechniques.
● UpdatedcontentonKnowledgeManagementportalsofallapplicableprogramandproduct managementartifacts.
● ProficientwiththeNIST/FISMAprocesses,frominceptiontocreatingPOA&M's.
● Auditedandreportedfornetworkandsystemsecurity,scanninganddetectingsystem vulnerabilities,performingcomplexriskanalysesandriskassessment,andmitigatingrisksto systemssecurity,usingIAtoolseMASS,XactaIAManagerProducts,andNessus.
● ProvidedSharePointsiteandcontentadministrationformaintenanceofusersandsitecontent includingadding/deletingusers,adding/maintainpermissions,creating/maintainingsites, workspaces,listsandlibraries.
● CustomizedandmaintainedSharePointportalstoautomatebusinessprocessestoprovidebetter servicetothecustomerand/orefficienciesinprogrammanagement.
● DevelopedandtroubleshotSharePointandNintexworkflows GeneralDynamics,Washington,DC/LibraryCongress
May2012–December2013
InformationAssuranceSecuritySpecialist-Contract
● EstablishedandmaintainedaSecurityConfigurationBaselineprogramperNationalInstitute StandardsandTechnology(NIST)800-53,FederalInformationSecurityManagementActof 2002(FISMA),andFederalInformationProcessingStandards(FIPS)series140(U.S. Governmentcomputersecuritystandards)guidance.
● Developedsecurityconfigurationbaselines(hardeningguidelines)foreachtechnologyin accordancewithFederalNIST(USGCB)andCenterforInformationSecurity(CIS)benchmarks.
● Workedcloselywithadministrators/systemownerstoimplementallsecurityconfiguration baselines.
● Conductedauditstoensurethatsecurityconfigurationbaselinesareincompliancewithcustomer standards(hardeningguidelines).
● Establishedandimplementedthecorrecthardeningguidelinesforserversintheproduction hostingenvironment
● Assistedwiththedevelopmentandexecutionoftheassetinventoryfortheorganization'sIT resourcestodeterminewhichhardwareequipment,operatingsystems,andsoftwareapplications areusedwithintheorganization.
● PerformITsystemauditsandconducteddatacallsinsupportofallaudits,requestingadditional evidentasrequired.
● Createdpoliciesforcontrolsusedtoensuresecurityserviceconfigurations,andaccesscontrol rulesforusersaccessingresources,forallsecuritydevicesandapplicationsincludingantivirus, firewall,andintrusiondetectionandprevention.
● Appliedbaselineprotectionanalyzesthesecurityrequirementandrecommendssecuritymeasures deemedadequate.
● Monitoredsecuritysourcesforvulnerabilityannouncements,patchandnon-patchremediation, andemergingthreatsthatcorrespondtothesoftwarewithinthePVG'ssysteminventory.
● Createdavulnerabilityremediationdatabaseandprioritizedtheremediationofvulnerabilitiesfor theorganization.
GrantThornton,Washington,DC
October2011-May2012
SeniorAssociate-Contract
● AssessedITsystemsanddeterminedstatusofinformationsecuritycontrolsforcompliancein accordancewithNIST800-53apublications.
● Metwithvariousclientsandconductinterviewsregardingsysteminformation;analyzesystem documentationtodeterminethestatusofcontrols;developandpresentresultsoftheassessments.
● Interpretedandapplied(NIST)NationalInstituteofStandardandTechnologypublications governingtheFederalInformationSecurityManagementAct.Analyzedvulnerabilityand compliancescanresultsonvarioussystems;networks;andgeneratedfindingsofnon-compliance andsecuritydeficiencies.
● WorkedwithVAmanagementstaffteamleads;providingsupportandidentifyingaccurate vulnerabilitysolutions.
● Performedriskassessments,systemauditing,developingsecurityplans,conductingsecuritytests andevaluations(ST&E)fortechnicalverificationandvalidationofsecuritycontrols.
● EvaluatedcomplexITnetworksandsystems.
● Conductedvulnerabilityassessmentsandpenetrationtests;providedfullscopesecurity integration;utilizationofNIST,FISMA,PrivacyAct,HIPPA,OMB,andFIPSfederalITsecurity standards;policies;andproceduresasdeemedappropriate.
● Maximizedcompliancetofederallawsanddirectives;includingpreviousexperienceadvisingthe governmentonhowtoconvertlawsanddirectivesintoagency-levelpolicyandothergovernance documentation.
● Conducteddatacallsinsupportofallaudits.
● ResponsibleforITSecurityrequirementstechnicalsecuritycountermeasures,riskmanagement processes,contingencyplanning,anddatacommunicationsnetworking.
● ConductedsecurityriskassessmentandremediationandconfigurationTools:ArcSight,Retina, Nessus,Snort,RiskVision,Xacta,andNmap.
● UsedMicrosoftOfficeSuite;MSProjectandVisio,tocreate,publish,anddeliverbriefing materials.
● Developedandpresented,bothverballyandinwriting,technicalinformationandpresentationsto non-technicalaudiences
LochHarborGroup,Alexandria,VA/VeteransAffairs
February2010–October2011
SeniorInformationAssuranceEngineer/DataBreachAnalyst-Contract
● DevelopedRiskAssessmentBestPracticesChecklistforIncidentManagerforsecurityand vulnerabilitybreaches
● ProvideITsupportusingbestpracticesinconjunctionwithexistingpolicyandprocedures withinaGovernmentinfrastructureenvironment.
● Performsystemsanalystdutiesrelatingtotheevaluationofcomputerhardwareandsoftware.
● Providesupportinestablishingandmaintainingadequateinformationresourcemanagement solutions.
● Managethedevelopmentofdetailedprojectplansandbudgetsandbeaccountablefor executing
● Analyzedvulnerabilityandcompliancescanresultsonvarioussystemsandnetworksthat generatedfindingsofnon-complianceandsecuritydeficiencies
● Providesupportandidentifyingaccuratesolutionsforweaknesses/vulnerabilities
● Performingriskassessments,developingsecurityplans,conductingsecuritytestsand evaluations(ST&E)fortechnicalverificationandvalidationofsystemsecuritycontrols evaluatingthesecuritycontrolsofcomplexITnetworksandsystems,conductingvulnerability assessmentsandpenetrationtestsofITsystemsandnetworksaplus.developmentlifecycle andsecurityintegration,FederalITsecurityregulations,standards,policies,andprocedures
(e.g.,NIST,FISMA,PrivacyAct,HIPPA,OMB,andFIPS)technicalbackgroundwitha varietyofcomputerhardware,software,andcommunicationsystemsincludingsystem integration,networkarchitectures,andphysicallogicalcommunicationsystems/devices.
● Usesecurityriskassessmentandremediationandconfigurationtoolsincluding:ArcSight, Retina,Nessus,Snort,RiskVision,andNmap.
● Businessprocessandimprovementplansandpolicyandproceduralsupportriskincident managementandvulnerabilitydetection.
● ProvideSharePointsiteandcontentadministrationformaintenanceofusersandsitecontent includingadding/deletingusers,adding/maintainpermissions,creating/maintainingsites, workspaces,listsandlibraries.
● CustomizeandmaintainSharePointportalstoautomatebusinessprocessestoprovidebetter servicetotheDoDcustomerand/orefficienciesinprogrammanagement.
● DevelopmentofSharePointandNintexworkflowsaswellasgeneraltroubleshootingof SharePointandworkflowproblems.
Requirementsgathering,documentprocessing,andbusinessprocessreengineering GlobalCommerce&Information,Inc./LockheedMartin,Baltimore,MD/SocialSecurity Administration
SeniorSecurityAnalyst–Contract
February2009-February2010
● WorkedcloselywithSSACATFDirectorandProjectmanagergatheringinformationtodevelop andstreamlinequalitydocumentoutline.
● Analyzed,defined,anddocumentedrequirementsfordata,workflow,hardwareandoperating systemenvironments,interfaceswithothersystems,internalandexternalchecksandcontrolsand outputsfortheirpolicy,guidelines,standards,andprocedures.
● Assignedresponsibilityrelevanttotheirdecisiontaskathand.
● Providedsupportinestablishingandmaintainingadequateinformationresourcemanagement solutions.
● Managedthedevelopmentofdetailedprojectplansandbudgetsandbeaccountableforexecuting
● Providedsupportfortheinformationresourcemanagementactivities
● Maintainedcurrentsoftwarelicensesandensuresecurityrelateddocumentationiscurrentand accessibletoproperlyauthorizedindividuals.
● ProvidesupportfortheinformationresourcemanagementactivitiesfortheGovernmentacrossa diversesetoftechnologicalandbusinesselementsbyapplyingsoundinformationresource managementtoolsandtechniques.
● DocumentedCATFPolicyandfollowedNIST,FISMA,OMBandSSArequirementsfor disseminationintheirfunctionalarea.
● CapturedCATFday-to-dayactivitiesoftheireffortsandimportanttoAgency.
● Wroteandmaintainedtechnicalapplicationspecifications.
● Developedandmaintainedplansoutliningstepsandtimetablesforimplementingapplications.
● Researched/referencedSSAintranetforrelateddocumentedpolicies,procedures,standards, guidelines,forms,etc.
● Describedtheoverallobjectives,functions,ortasksthattheprocedureisdesignedtoaccomplish andthecircumstancesunderwhichtheprocedureshouldbeused.
● ProvidedSharePointsiteandcontentadministrationformaintenanceofusersandsitecontent includingadding/deletingusers,adding/maintainpermissions,creating/maintainingsites, workspaces,listsandlibraries.
● CustomizedandmaintainedSharePointportalstoautomatebusinessprocessestoprovidebetter servicetotheDoDcustomerand/orefficienciesinprogrammanagement. RLMCommunications,Frederick,MD/DepartmentofDefense June2008–February2009
IAInstructor
● DevelopedandupdatedmaterialsbyservingasacontentexpertforTrainingandDevelopment.
● TrainedMaterialsincluded:InstructorandParticipantGuides,OnlineHelpProcedures,Business ProcessFlows,ApplicationSimulationTutorials,CourseAssessments,ConceptSlidesandOther Instructionalmaterials,asnecessary.
● WorkedcollaborativelywithclientSMEstodefine,develop,reviewandfinalizecontent. Incorporatedallreviewfeedbackandobtainedsign-offonalldeliverables/workproductsfrom processownersandSMEs.
● Ensuredalltrainingmaterialsconformtothedevelopmentstandardsandprocedures.
● Ensuredmaterialsmaintainqualityandtraceabilitytorequirementsthroughoutthedevelopment process
● Workedwithothertrainingdeveloperstoensurethatconsistencywasmaintainedinboththe approachandprocess,includinginformationgatheringanddocumentation.
● Updatedtrainingmaterialsandperformedanimpactanalysisinordertomakeappropriate updatestocoursematerials.
● GainedexpertisewithSystems,ApplicationsandProductsintheDataProcessing(SAP)system.
● PresentedclassroomtrainingforautomatedIAToolsincluding:eMASS,XactaIAManager Productsandothertoolsasneededininstructor-led,exercise-basedtraining. VigilantServicesCorporation,Wash,DC/FederalBureauofInvestigation June2005–June2008
SeniorSecurityAnalystISSR
● ImplementsecuritypoliciesandprocedurestoensurecompliancewithFBI/OMBandNIST.
● EnsuredtheSystemSecurityPlan'sformaldocumentprovidedanoverviewofthesecurity requirementsfortheinformationsystemanddescribedthesecuritycontrolscurrentlyinplaceto meetrequirements(NIST800-37,NIST800-53A,NIST800-60,NIST800-30andFIPS199and 200.).
● ReviewedC&ApackagesandworkedwiththeassignedsystemOfficerandsystemOwnerto ensurethesystemrequirementshavebeendocumented,testedandimplemented.
● ProvidedSecurityAssessmentReport(SAR)andprovide(POA&M)PlanofActionand Milestoneswithlistofrisk.
● Attendedweeklyprojectsecuritymeetings.
● Ensuredspecialattentiontosecurityduetotheriskandmagnitudeofharmresultingfromloss, misuse,orunauthorizedaccesstoormodificationoftheinformationintheapplication.
● ProvidedprogrammanagementassistancetomultipleInformationSystemSecurityManagers
(ISSM)andFBIITProgramManagers(PM).
● FulfilledtheroleoftheInformationSystemSecurityRepresentative(ISSR)dailyfunctions consistedof,butwerenotlimitedto,facilitatinginteractionbetweenPMs,system/dataowners, andtheISSMs.
● ProvidedguidancetosystemownersandPMsasitrelatedtotheC&Aprocessusingboththe NISTSP800seriesaswellastheD/CIDregulations.
● MentoredProjectManagersregardingITSystemDevelopmentLifeCycle(SDLC)aswellas providingguidancetosystemownersonmeetingcomplianceforFederalInformationSystem ManagementAct(FISMA)standards.
● TraveledtovariousFBIfieldofficesandconductedassessmentsofthesitesoverallITsecurity postureasitrelatedtoInformationAssurance(IA).
● Areasassessedincluded:OperationalSecurity(OPSEC),CommunicationSecurity(COMSEC), InformationSecurity(INFOSEC)andPhysicalSecurity.
● Identifiedandregisteredsystemsthathavenotbeenproperlycertifiedandaccredited.
● AddressedandsolvedproblemseverinstallationandconfigurationwithOracle,Unix,SAP DQM.
Harris/OrkandCorporation,Washington,DC/DepartmentofState February2000–June2005
NetworkSupportIII/SecurityEngineer
● CreatedsecuritystandardsandguidelinesfollowedbytheConsularAffairsandthePassport Agency.
● ProvidedsupportwiththeCertificationAuthority(CA).Thisiscomprisedofhardware,software andPKIaccesscontrolanddigitalsignatures.
● Createdcertifieddocumentstovalidatesecurityauthenticity.
● Protectedcontentfrombeingaccidentallyormaliciouslyalteredandpreventedunauthorized accesstoconfidentialandsensitiveinformation.
● Supportednon-repudiationofelectronictransactions;maintainedsecuritydocumentlifecycle; anddevelopedsystemdocuments,guidance,issueresolution,policyadherence,andsystems analysiswithrespecttosecurityandtraining.
● Conductedstrategicresearchandmonitoringofevolvingsecurityapplicationsinordertoprovide currentmethodsformaintainingtheintegrityofnetwork
● PerformedandensuredappropriateoperationalIAandIDSposturewasmaintainedforall systems,programs,orenclavesforConsularAffairsandPassport25siteswithover35,000users and125+servers.
●