Information Security Project Management
Resume:
Carlos E. Estrada
US Citizen
Cell: 301-***-****
Email:ad1v3w@r.postjobfree.com
Summary:
Over 20 years of IT experience, looking a new position as program manager, IT manager, CIO, director, project, Linux, Unix, windows, VMware, database, systems administrator lead.
Multi-certified technology professional with experience managing enterprise implementations of Information and Technology Systems, BI, EMR, ETL, ECM, ERP, EBS, SIEM, IAM, DevOps, ITIL Frameworks.
Experience in administration of various Montgomery County, NASA, NOAA, DOD, Social Security Administration, DOC, and Military IT Systems.
Expert in gathering, analyzing, and defining business and functional requirements; creating global metrics, trend charts and other decision-making tools; leading data-modeling and process-mapping initiatives; and designing/re-engineering processes, workflows and technology solutions for IT systems and networks.
Proven ability to lead seamless implementations and deliver next-generation technical solutions improving performance, revenues, margins, and workplace productivity. Worked across internal and external organizational lines to do the following: Develop program/project goals, Coordinate, exchange, identify programs/projects goals.
Negotiating with counterparts within my organization in areas of project requirements, specifications, schedules, processes, and prioritization. Develop budget request, estimates, prepared reports comparing planned versus actual expenses, commitments, and obligations.
Analyzed tasks and functional requirements, defined projects, allocated resources, and performed project scheduling, measured, and oversee project performance, manage project controls, directed and managed reporting requirements, implemented change management for an active project.
Involved in the ability to bring about strategic change, both within and outside the organization, to meet organizational goals. Inherent to this ECQ is the ability to establish an organizational vision and to implement it in a continuously changing environment.
Involved in the ability to lead people toward meeting the organization's vision, mission, and goals. Facilitates cooperation and teamwork and supports constructive resolution of conflict.
Experience in involved the ability to build coalitions internally and with other Federal agencies, State and local governments, nonprofit and private sector organizations, foreign governments, or international organizations to achieve common goals.
Demonstrated ability to lead the identification, implementation, and evaluation of transformative technology solutions and IT shared services within Federal government IT laws, regulations, and policies.
Demonstrated experience with IT security and with implementing the requirements of the Federal Information Security Management Act (FISMA).
Developing solutions to resolve program issues or changing requirements. Coordinating, supporting, and leading Project Management Office functions (i.e., Portfolio Analysis, Risk Management, Stakeholder Management, Enterprise Governance etc.).; AND providing technical assistance to program officials or Executives on a variety of Project Management Office related technical matters.; AND Leading or managing a team of employees and monitoring their progress towards achieving project goals and objectives.
Expertise Highlights
ITIL Framework experience and training, Agile Framework,
NIST-800-53, SCAP, STIGs, DIACAP, FISMA, RMF, SOAR, CDM.ITSM. AUDIT, ATO.
Azure AD Connect
Azure MFA
Azure SSPR
Azure PIM
Passwordless Authentication
Azure AD B2B access rights / B2C access rights
Azure Active Directory
Azure App SSO
Azure App Provisioning / App Proxy
Azure Authentication
Azure App Registrations
Azure Conditional Access
Azure AD Password Protection
Azure AD Identity Governance
Azure AD Identity Protection
Azure cloud services
Azure Cloud and on-premise Sentinel
Microsoft Defender for Cloud
Microsoft Defender for Office 365
Azure Network Security
Azure Policy
Microsoft Defender External Attack Surface Management
Security configuration of enterprise cloud platforms like ServiceNow, etc.
Security configuration of security platforms/ infrastructure (cloud and non-cloud)
Familiarity with Graph/Rest API and Visual Basic/C
Active Directory Federation Services (ADFS)
Project lead Administrator, Site Manager, CSO, CIO, Chief, SSO
Development Tools
Network, Storage & Systems Administration
Strategic Technology Planning
Data Mining/Business/Systems Analysis
Data Flow & Process Mapping
SQL Queries & Data Modeling
PKE/PKI/HSM Cyber Security
Big Data, YARN, MapReduce, Spark and HDFS, Cloudera Hadoop, SAS, R. SPSS. Stata, Octave.
Database Design & Management Data Warehouse
Major Software/Systems Implementations
Systems Security & Disaster Recovery Planning
Testing/Scripting/Documentation
Technical Writing (Manuals/System Specs)
TCIP/IP, SSH, HTTP/s, SMTP, LDAP, NAT, SFTP
ITIL Framework experience and training, Agile Framework,
NIST-800-53, SCAP, STIGs, DIACAP, FISMA, RMF, SOAR, CDM.ITSM. AUDIT, ATO.
Certifications:
Red Hat Certified Systems Administrator (RHCSA)
Microsoft Certified Professional (MCP)
IBM Certified Deployment Professional
CompTIA® Security Plus+ (CISSP)
Education:
Master of Science in Information Technology (MSIT), University of Maryland University College UMUC, College Park, MD
Professional Experience:
OMMIT Contractor-Social Security Administration Contractor, Baltimore, MD 01/2019 – 05/2023
IT Lead Cybersecurity Engineer. Information Security Risk Analyst
Identify and mitigate security risks to network and systems. Architect, develop and engineer enterprise security tools which may be COTS or open source. Architecture and design of new enterprise tools as well as upgrading existing infrastructure.
Work fluidly in a Linux or other shell command line environment.
Provide security application support, including the development of automated scripts.
Develop documentation as required (such as DFARS, Compliance, installation, Visio network and cabling diagrams, configuration guides, user tutorials, user and system requirements specification documentation, use cases, traceability matrices). Serve as the SME in network design, system integration, and application development initiatives in order to assist project teams in adhering to company and IT security policies, standards, and operating requirements as well as governmental guidelines and industry best practices.
Automate operations using various scripting methods or tools to the extent that it requires minimal human interaction.
Strong understanding of IAM concepts and practices such as Role Based Access (RBAC), least privilege, access automation methods, user access and cloud access concepts. Experience with API security and public cloud APIs & integration. Experience implementing DevOps principles and managing code repositories. Provide follow-up reports (technical findings, feedback, resolution steps taken) for Root Cause analysis, engineering technical assessment and process improvement initiatives. Develop SIEM platform and the overall detection program working alongside stakeholders. Experience with container technologies such as Kubernetes and Infrastructure as Code tools such as Terraform.
Research, prototype and implement new security related technologies.
Working hand-in-hand with 24/7 GSOC to support their needs.
Lead engineer, provide mentoring and training to other team members.
Assist in the management of team functions and responsibilities.
Initiative Strong work ethic - Works well in a team environment - Strong troubleshooting skills
Strong Linux command line experience required - Strong scripting skills in common languages like bash, Perl, python, yaml - Network architecture and security principals - Networking protocols including, but not limited to SSL, TLS, DNS, TCP/IP, ARP, BGP, SMTP, SNMP, SSH, ICMP - Must have strong enterprise tools experience.
Demonstrated experience in threat and vulnerability management and incident response.
Demonstrated experience with Security Orchestration, Automation and Response (SOAR)
In-depth experience in DevSecOps practices. Supported the ISO 27001 certification by promoting self-compliance to policies and standards by IT staff and managers. ISO 27001/27002, information security and privacy regulations.
In-depth experience with public cloud and cloud security.
In-depth experience in managing information security and privacy risks and threat modeling.
Understanding of threat modeling, MITRE Attack, Kill Chain Analysis and other industry standard assessment methods.
Understanding of agile software development processes like SCRUM or SAFe. Experience with NIST-SP800-30, ISO 27001/2, ISO 27005, COBIT. Embedding security into processes such as SDLC, Project Lifecycle, ITIL. Security policy and standards creation. Basic project management and consultancy skills
Experience with Linux OS - Scripting experience - SPL, Splunk experience, creating dashboards, alerting, queries. LINUX/Windows servers, Web servers (IIS, Apache, tomcat), app servers, Databases (Oracle and MS SQL), endpoints (MAC, Windows, Apple IOS, Blackberry etc.), ArcSight, and Web Application Firewalls.
Worked on Division of Systems engineering (DSE) and Division of Network Engineering (DNE) RHEL systems used on all Projects (Splunk, CyberArk, FireEye, Gurucul, Phantom (SOAR & NAC-DHS), DSE Infrastructure, Conjur, CyberArk, Red Hat, Satellite, Ansible Automation, Vcenter, ESXi-Hypervisor, Red Hat Virtualization (Ovirt), XMARTS, Tenable, Pentest, CrowdStrike, Tenable, FireEye, NetFlow Optimizer, BigFix, Tanium, Snort, Forescout, Netbackup, Checkmarks, and others). On CIAT, DCAT, SEPT, and VCAT and any other DSE related section.
X Technologies-DISA Contractor Annapolis Junction, MD 06/2018 - 12/2018
Lead Systems Administrator, Principal PKI Engineer
Responsibilities:
Provide engineering support on the DoD Defense Information Systems Agency (DISA) PKI and CSP contract.
Job Fully knowledgeable of System Administrator support procedures, solely responsible for technical aspects of the contract, lead the preparation and review of documentation work directly as a contractor to support Engineers, DISA Engineers, and user representatives.
Red Hat Certificate System. Red Hat Directory Server. Planning, Installation, and Deployment.
MariaDB cluster. Planning, Installation, and deployment.
Thales Cipher nShield HSM, CSP, Ansible, Puppet, Satellite, IDM, VMWare, VCenter. DoD Computer Network Operations (CNO), Information Assurance (IA).
DOD and US Government (USG) Information System (IS) accreditation and certification policies standards, and governance, DoD Instruction 8500.2, and DISA Security Technical Implementation Guides (STIG). Applied defensive TTPs specific to the UNIX or UNIX-based Operating System with a focus on security auditing; identifying and mitigating operating system vulnerabilities and imbedded persistent threats; and detecting and emulating operating system adversary TTPs. The Defense Information Systems Agency (DISA) is a United States Department of Defense (DOD) combat support agency composed of military, federal civilians, and contractors. DISA provides information technology (IT) and communications support to the President, Vice President, Secretary of Defense, the military services, the combatant commands, and any individual or system contributing to the defense of the United States. PKI-PKE Tools. Administer, optimize, and secure RedHat Enterprise Linux v6.x/7.x
Provide technical expertise on WebSphere, ColdFusion and Apache software configured for the Platform as a Service (PaaS) environment.
Design and develop an architecture of Platform as a Service (PaaS) infrastructure based on Docker and Kubernetes. Manage Image repositories in support of Docker containers.
Deploy a Platform as a Service (PaaS) solutions based on open-source software and industry best practices.
Automate Docker application builds using industry standard tools such as Jenkins Automate the creation of Platform as a Service (PaaS) infrastructure using industry standard tools such as Ansible.
Troubleshoot and resolve problems and issues within the Platform as a Service infrastructure.
Communicate with designated SSA personnel by phone and email concerning the details of the issue, expected resolution, and root cause analysis.
Can research problems and contact and escalate issues with vendor and other third-party hardware and software providers.
NASA Contractor GREENBELT, MD 04/2016 - 05/2018
Sr. Systems Administrator, Principal
Support for all Satellite Lunches, and NASA Infrastructure Projects. NMS, OPEN, CLOSE, WAN, LAN. Support critical Missions for all 13 centers WAN-LAN projects. Support Security Audit. Managed VCenter, ESXi. And 300+ RHEL, CentOS, Debian, and 25 Windows Servers. RSA SecurID, OpenView, Opsware, NNMi, RANCID, RADIUS, FreeIPA, Juniper Space-Secure Director, BMC Remedy CMDB, UNIX Shell Scripting, Java Script, and Perl. HP Opsware, Openview, HP SiteScope, SQL, Oracle Database Systems, PostgreSQL, MariaDB, MySQL, MongoDB, Nexsan Storage, EMC, Splunk-IDM, Data Analysis, and plugins, MPLS Networks. Demonstrated experience in implementing and overseeing IT budget formulation and execution, IT acquisitions, IT service cost/pricing models, and IT project management concepts and techniques.
Responsibilities:
Installed, configured, and Managed Splunk Servers Cluster (Backup-Egress and Prime) ingested logs for more than 3,000 devices, deployed Splunk Plugins for AlgoSec, Juniper, Cisco, RSA SecurID, Nessus, and Oracle. Train the NOC and support teams to use Splunk, dashboard, log files. Provisioned RSA SecurID (Prime and Backup Server-Replica), RadView to monitor all RAC T1 lines, NetScout Digital Matrix System (Prime and Backup), Bacula Systems Backup, Symantec Bluecoat Proxy Servers, Balabit SSH Gateway, Nexsan Disk Array Storage Replacement, for NASCOM. Maintained the integrity and security of enterprise-wide cyber systems and networks using Puppet, eMASS, BigFix, SCAP, Xacta, Qualys, G Suit, GCP, SCCM, Jamf Pro, Netsparker, Chef, and Ansible. Big Data, YARN, MapReduce, Spark and HDFS, Cloudera Hadoop, SAS, R. SPSS. Red Hat, Satellite, Solaris, Centos, Debian, Fedora. Puppet, Ansible, Spacewalk.
Designed and developed an architecture of Platform as a Service (PaaS) infrastructure in a hybrid Cloud environment. Create custom Docker containers.
Project cash flow controls that include but not limited Financial Management, Human Capital Management, and Technology Management. Demonstrated experience in threat and vulnerability management and incident response.
Demonstrated experience with Security Orchestration, Automation and Response (SOAR)
In-depth experience in DevSecOps practices.
In-depth experience with public cloud and cloud security.
In-depth experience in managing information security and privacy risks and threat modeling.
Understanding of threat modeling, MITRE Attack, Kill Chain Analysis and other industry standard assessment methods.
Understanding of agile software development processes like SCRUM or SAFe.
Coordinated resources during enterprise incident response efforts, driving incidents to timely and complete resolution using 4300A Handbook Incident response documents. Performs network traffic analysis utilizing raw packet data, iperf, Wireshark, net flow, IDS of communications networks reviewed attack signatures, tactics, techniques. Deployed Splunk Enterprise combining enterprise logs, BigFix, and all-source intelligence. Conducted malware analysis of attacker tools.
Managed Infoblox-DDI-QIP-DNS/IP Management System configured RANCID Network Monitoring Tool for Cisco, and Juniper Switches, MRTG, OpenView, NNMI, Opsware SNMP monitoring, Puppet Enterprise, Spacewalk, IBM Big Fix (CDM). Managed SSP, DIACAP, SOC Vulnerability reports, ATO’s, NIST-800-53 Life Cycle, RMF, Credential Tenable-Nessus Scans, ITSEC-EDW Monthly Updates, maintenance contracts (S/W), Maintenance Contracts (H/W)
TIAG- UNIX-LINUX SYSTEMS ADMINISTRATION (USUHS) – Walter Reed National Military Center, BETHESDA, MD
UNIX Systems Administrator-Database Administrator 10/2014 - 04/2016
Work at USUSH in the Academic Technology Directorate (ATD) with the team of Admin and Developers, designs & implements necessary manifests, modules, facts, groupings, etc. to manage and audit 50-100+ RHEL 5,6, 7+systems in compliance with DoD/DIACAP/FedRAMP standards. Provided mentorship, instruction, and guidance to other systems administrators and developers to mentor them in the use of Puppet as an enterprise.
Responsibilities:
Involved in projects and Leaded Team of IT SME’s to Administered Red Hat Satellite for 100+ Red Hat Servers, version: 5&6. Completed Configuration Management Production Puppetlabs Server implementation and training. Test, Verify, and Install new Critical Updates Vulnerabilities and Bugs releases by Red Hat 6. Update online repository VMS (DOD DISA) Database. IAVM, and Vulnerability keys Database.
Received and processed every week FOUO IAVM messages. Communications Tasking Orders, Information Assurance Vulnerabilities Alerts (IAVA), and Information Assurance Vulnerabilities Bulletins (IAVB). Applied Patches and latest releases as required to the Production Puppet Server.
Involved in projects and Leaded Team of IT SMEs to Upgrade Puppet Configuration Management Server. Completed Red Hat DOD DIACAP Puppet Modules. Completed UBUNTU LTS Puppet Modules for DIACAP. Acted as lead Systems Administrator for purpose of established Puppet-based management of development, stage, and production Linux systems at USU. Help prepare bids for DOD proposals.
Worked with the team of Admin and Developers, designs & implements necessary manifests, modules, facts, groupings, etc. to manage and audit 50-100 RHEL systems in compliance with DoD/DIACAP/FedRAMP standards. Provided mentorship, instruction, and guidance to other systems administrators and developers to mentor them in the use of Puppet as an enterprise.
Installed and configured Business Intelligence Reporting Pentaho Server on Linux Red Hat 6. Installed commercial CA signed Certificates (GeoTrust Inc.) to the Production Puppet Server, and Business Intelligence Production Reporting Server (PENTAHO BI).
NASA Contractor GREENBELT, MD 08/2011 - 09/2014
Sr. Linux Systems Administrator
Support the Laboratory for Hydrosphere, Biosphere Science, and Hydrological Science Branch on a diverse user community, including Earth scientists, programming staff. Mature, independent, problem-solver with excellent people skills. Strong organizational and multicultural ability. Excellent verbal and written communication.
Responsibilities:
Effectively planned, tested, installed, and setting up, administered, and integrated new and upgraded systems.
Made recommendations on process that are not compliance, involved on design, deployment, documentation, test plan and procedures for optimal server infrastructure in support of new/existing applications by researching hardware/software technologies. Linux Virtualization, VCenter, ESXi.
Effectively maintained all Solaris, Red Hat Clustering, MySQL, MariaDB, PostgreSQL, DB2, and Oracle. MacOS, CentOS, Ubuntu, PostgreSQL, Penguin Cluster-HPC, and Windows based servers and storage performing security patches as need it.
SAN management, EMC Symmetrix, Clarion, LUNs, RAID groups, Navisphere, Powerpath, and components to Linux Systems.
Experienced with Share Point, secure web servers, system backup and recovery (TSM, NetBackup, Druva, Acronis, Amanda), http, MySQL, MariaDB, shell scripting and task automation, SFTP, SSH, SNMP, IPMI. FORTRAN 77, 90/95. Familiar with Cloud computing.
WALTER REED ARMY MEDICAL CENTER– SILVER SPRING, WASHINGTON, DC 01/2008 - 08/2011
Contractor
Essentris Lead. Sr. Linux Systems Administrator
Responsible for Medical and Contingency Systems Modernization, Organizational Redesign and Staff Development Roadmap. Advanced senior clinical systems administrator led role to provide Clinical Informatics Management Department leadership for hospital’s inpatient technology development, database, and infrastructure. Involved into large-scale enterprise migration projects, systems conversions and performance tuning and monitoring of applications/systems. Database reports and development. Help set long-range technical direction and capacity plans.
Responsibilities:
Led hospital’s new Philips physiological monitoring system. Designed and launched “pre-load” training to units, and clinics, provided training and documentation prior to and during the go live.
Created Microsoft Project plans for all small, medium, and large projects.
Analyzed all aspects of the in-patient Production Essentris Server deployment for hospital wide to ensure a smooth deployment with CliniComp International. Tested SMS desktop Essentris client deployment together with the Enterprise Management Team.
Documented workflows and executed comprehensive Essentris training plan to medical staff and nurses during 2008 that increased more than doubled Essentris ability to document (from 45% to 100%).
Managed Production Reporting and Business Intelligence backend Database infrastructure. Linux Red Hat Cluster. Reviewed reports documentation for validity/completeness, QA and assisted in overall project documentation for additional backup server.
Duplicated all clinics and nurses reports to increase and optimize better processes of report availability and get a standardized set of solutions that elevated efficiency and accuracy hospital wide.
Was involved on the deployment of the new Emergency Department (ED) Electronic Record Deployment at WRAMC. Essentris was selected as the standard electronic record application.
Trained Providers and Nurse on CIS Essentris Inpatient Application.
Upgraded and updated the Disaster/Recovery Plan Documentation for the Clinical Information System (CIS).
Was involved on the CIS-Philips Physiological Auto-monitoring System upgrade.
Was involved on the Oracle Database Standardization Process (CIS) Phase I for DOD.
Planed, supported and executed upgrade for Essentris version 1.4.5
Established interconnectivity between WRAMC and all Veteran Affairs sites (TAMPA-Palo Alto California-Richmond-Minneapolis)
Completed VA-WRAMC pdf file transfer medical record process.
Contact this candidate