MICHAEL A. CORRIGAN, CISSP, Linux +
CAREER SUMMARY:
Started career as a computer programmer and over time progressed into the system administration field. Along my career journey, was granted the opportunity to move into computer security field. Began by learning about security policy and security awareness training. Over time gained experience in various Certification and Accreditation methodologies, security engineering, architecture and design. Have gained experience in executing vulnerability scanners, hardening operating systems, and developing required security documentation for various systems. Have developed the various documentation items needed for each of the various accreditation methods I have used. This includes items such as system security plans, system security authorization agreements, security requirement traceability matrixes, test procedures, plans of actions and milestones. Continue to enjoy the security profession as it is constantly evolving and it requires me to continue learning and evolving as a professional.
PROFESSIONAL EXPERIENCE:
06/25/2023 – Present ALKU
Information Security Engineer for a government agency. Provide scan results to analyze continuous monitoring activites and develop security test procedures as well as update body of evidence documentation. Experience with Risk Management Framework (RMF) processes and procedures.
04/03/2023 – 06/22/2023 ManTech International
Fulfilled the role of Cyber Security Manager for a Department of Defense customer. This entails managing a team of a dozen or so personnel. Participating in master schedule processing and working the Jira boards for the cyber team. Experience with Risk Management Framework (RMF) processes and procedures.
09/2022 – 03/31/2023 Solutions71 – A subsidiary of Eyak Corporation
Information System Security Manager (ISSM) for the Expeditionary Energy and Sustainment Systems (E2S2) Program Office; responsibilities included:
Provide risk management framework knowledge and expertise to my customer
Fulfilled the role of ISSM for the customer
08/2022 – 09/2022 Kwaan Bear Information Technology Service
August 2022 to September 2022 – Cyber Security Engineer – Responsibilities:
Provided cyber/information security guidance to my customer.
Fullfilled the role of an Information System Security Manager (ISSM) on developing an Authorization Package for a internal customer network. This entailed developing needed documentation as well as using the Enterprise Mission Assurance Securty Service (eMASS) to capture required test procedures and develop Plans of Actions and Milestones (POAMs) for the sytem.
Provided security engineering support to include Security Technical Implementation Guides (STIGs) implementation and review, reviewing results of vulnerability scans, and providing guidance for implementing systems in a secure manner.
09/2020 – August 2022 North Tide Group – A subsidiary of Eyak Corporation
September 2020 to August 2022 – Cyber Security Subject Matter Expert – Responsibilities:
Provided cyber/information security guidance to my customer.
Fullfilled the role of an ISSM on developing an Authorization Package for a internal customer network. This entailed developing needed documentation as well as using the eMASS to capture required test procedures and develop POAMs for the sytem.
Providied security engineering support to include Security Technical Implementation Guides (STIGs) implementation and review, reviewing results of vulnerability scans, and providing guidance for implementing systems in a secure manner.
12/2018 – 09/2020 CACI
January 2020 to September 2020 – Information System Security Engineer – Responsibilities:
Developed a Security Control Traceability Matrix (SCTM) for a medium level system which cross referenced the NIST 800-53r4 controls with NIST 800-171 controls.
Developing a Role Based Access Control (RBAC) model for a lab environment.
Performed audit of server build and STIG effort within the group.
Developed Role Based Access Control roles for an Azure environment.
Developed security documentation for an Azure environment.
Working with the CyberSecurity Maturity Model Certification and NIST 800-171 security package for an Azure environment.
From December of 2018 to December of 2019 I was a Software/System Engineer at CACI. Responsibilities:
Provided day to day processing support on the Continuous Diagnostics and Mitigation (CDM) program dashboard. This includes executing daily checks and implementing corrections to the environment as needed.
Developed needed system documentation including install instructions and test cases for options installed.
Managed the process of implementing changes to the system.
Acted as team lead when the manager is out of the office on leave.
12/2016 – 12/2018 ManTech International
I was a Senior Principal Information Security Engineer at ManTech. Responsibilities:
Developed processes and procedures for security tools being deployed in a test lab
Assisted with the development of system security documentation for various applications and security tools
Created workflows from the incident response process to be followed by security operations center personnel
Performed security impact analysis reviews on changes to the system
Updated processes and procedures for the security operations center management tool
04/2015 – 12/2016 CACI
I was an Information Security Specialist, Sr. Principal at CACI. Responsibilities:
Developed test procedures to meet Intelligence Community Directive (ICD) 503 control standards.
Developed test procedures to meet the ICD 500-27 Audit requirements.
Worked programs through the Risk Management Framework (RMF) structure for an intelligence agency.
Reviewed, and recommended Cross Domain Solutions and various rule sets implemented by those Cross Domain Solutions.
Functioned as a Security Control Assessor.
Functioned as a Designated Approving Official, Representative.
09/2014 – 04/2015 GBTI Solutions
I was a Security Advisor supporting The Library of Congress. Responsibilities:
Developed system hardening guides for various operating systems and components used by the Library of Congress systems.
Advised projects within the Library on how to perform Certification and Accreditation efforts based on the National Institute of Standards and Technologies (NIST) 800 series documents. These include experience with the NIST Risk Assessment process, the Risk Management Framework, Managing Information Security Risk, the NIST Control set, and the Continuous Monitoring process
01/2014 – 09/2014 CACI Technologies Inc., Cyber Solutions Group
Information Security Engineer that supported U.S. Army Intelligence and Security Command (INSCOM). Responsibilities:
Developed security test procedures based off of the Intelligence Community Directive (ICD) 503 process for an intelligence system.
Have experience with the NIST Risk Assessment process, the Risk Management Framework, Managing Information Security Risk, the NIST Control set, and the Continuous Monitoring process
Received training and learning the system level aspects of the HP Fortify product.
Managed the test procedure project for the intelligence system.
01/2014 – 01/2014 Parsons
I was an Information Systems Security Engineer in support of an approval process for ICD 503 systems.
04/2012 – 01/2014 CACI Technologies Inc., Cyber Solutions Group
I was an Information Security Engineer supporting U.S. INSCOM. Responsibilities:
Developed hardening procedures for Linux based operating systems
Created Certification and Accreditation (C&A) documentation for the Director of Central Intelligence Directive (DCID) 6/3 methodology:
Performed Vulnerability Assessments to include:
oExecuted scans with Retina, SecScn, SCAP, Nessus, and other tools
oAnalyzed and interpreted the scan results
oCreated Plans of Actions and Milestones (POA&M) based on the scan results and security assessment reports off of the findings from these scans
oGained knowledge of ICD 503 which is based off of the National Institute of Standards (NIST) 800-53 an 800-53a process; providing me with knowledge of the NIST processes and procedures
05/2011 – 04/2012 Pentagon Federal Credit Union
I was an Information Security Architect at the Pentagon Federal (PenFed) Credit Union. Responsibilities:
Architected the deployment and installation of their Security Information Event Management (SIEM) application
Built the Security Operations Center (SOC) for PenFed; this included hiring the staff, developing processes and procedures used by SOC personnel, and designing the physical space for the SOC
Provided security insight and assistance with the application, systems, and network staffs on projects internal to PenFed.
04/2003 – 05/2011 CACI Technologies Inc., Cyber Solutions Group
Held multiple Information Security/Assurance roles while employed at CACI Technologies. Responsibilities:
Developed security processes and procedures for external network connections for customers
Enforced customers’ security policy and managed security patch and vulnerability processes
Managed operational aspects of a SOC, and developing operational procedures for the SOC
Created C&A documentation such as System Security Authorization Agreements (SSAA’s), test processes and procedures, operational documentation using the DCID 6/3 process, and the Department of Defense Information Assurance Certification and Accreditation (DIACAP) process
Executed a technical manager role which included assisting the project manager in the IA team project management tasks, leading an IA team of six individuals, and working directly with the IAM of the government agency on a daily basis
Developed configuration management documentation and other process and procedure documents to develop repeatable processes.
Executed and reported on monthly Retina scans for a component of the Department of Defense
01/2000 – 04/2003 CSC Federal Sector formerly DynCorp Systems and Solutions
I was an Information Security Engineer at CSC/DynCorp. Responsibilities:
Worked on the Critical Infrastructure Protection (CIP) program for the Department of Treasury
Performed security/risk assessments for various customers
Security engineering efforts on the Trilogy network project for the FBI. Specifically:
oInstallation, configuration, and implementation of security products such as Tripwire, Cisco ACS, RSA ACE, and Cisco PIX firewall
oDocumented procedures to install, configure, implement, and test these systems, and supported development of the SSAA for the system
oDeveloped and executed security test procedures for the Solaris operating system
05/1999 – 01/2000 SRI Consulting
I was an Information Security Consultant at SRI Consulting. Responsibilities:
Developed and edited content for a virtual on-line security university
Performed risk assessments on network infrastructure to better deploy customer networks
Developed and presented a security awareness course for fellow SRI Consulting personnel
10/1995 – 05/1999 National Association of Securities Dealers
Held multiple roles while employed at NASD. Initially began as a System Administrator and transitioned to an Information Security Specialist. Responsibilities:
Documented security processes, procedures, and guidance material. These included:
oOperating system implementations of the overall NASD security policy
oIncident Handling and Response procedures
oPassword strength implementation and guidance
Worked with the training department in developing/implementing/executing NASD’s Security Awareness program
Administered and supporting systems and databases at the NASD testing facilities country wide
05/1993 – 10/1995 CACI Commercial, INC
I was a Systems Administrator for a litigation support effort supported by CACI. Responsibilities:
Daily system administration and troubleshooting responsibilities on SUN OS and Solaris systems
Acted as operations manager when requested
Created/presented system training materials and system documentation for the project
11/1991 – 05/1993 POTOMAC SYSTEMS ENGINEERING, INC
I was a Systems Administrator for a Department of Defense customer. Responsibilities:
Daily system administration and troubleshooting responsibilities on AT&T 3B2 systems
Created/presented system training materials and system documentation for the project
11/1987 – 11/1991 PINKERTON COMPUTER CONSULTANTS, INC
I was a Computer Programmer while employed at Pinkerton Computer Consultants. Responsibilities:
Developed application code for budget systems at State Department for both Wang VS and Personnel Computer based applications
Provided support to users in the field and at State headquarters for the systems that were developed
Created documentation for the system as needed
09/1984 – 11/1987 U. S. DEPARTMENT OF EDUCATION, Washington, D C
I was an Information Systems Professional at U.S. Department of Education. Responsibilities:
Developed and implementing detailed test plan, assisting in systems documentation, and providing user support for a new education loan payment system being developed at the time
Created documentation for the system as needed
PERSONAL INTERESTS:
Away from work I like to read, build NASCAR models, take cruises, and watch football.
EDUCATION:
B.S., Computer Science, Lock Haven University, Lock Haven Pennsylvania, 1983, Dean's List
SUN SCHOOL SA 135 - Solaris 2.X System Administration Essentials
SA 285 - Solaris 2.X System Administration
DIACAP Process Knowledge class
CLEARANCE:
Department of Defense Top Secret, SCI clearance at present ; have held Counter Intelligence (CI) Poly in the past.
CERTIFICATIONS:
ISC2 Certified Information Systems Security Professional (CISSP)
InfoSec Assessment Methodology (IAM) sponsored by The National Security Agency (NSA)
CompTia Linux +
MEMBERSHIPS:
Internal International Information Systems Security Certification Consortium (ISC2)
Systems Administration, Networking and Security (SANS) Institute
REFERENCES / CONTACT Number:
Available upon request / Contact number is 703-***-**** after 4:30 pm. During the day please call 571-***-****.