MICHAEL A. CORRIGAN, CISSP, Linux +

CAREER SUMMARY:

Started career as a computer programmer and over time progressed into the system administration field. Along my career journey, was granted the opportunity to move into computer security field. Began by learning about security policy and security awareness training. Over time gained experience in various Certification and Accreditation methodologies, security engineering, architecture and design. Have gained experience in executing vulnerability scanners, hardening operating systems, and developing required security documentation for various systems. Have developed the various documentation items needed for each of the various accreditation methods I have used. This includes items such as system security plans, system security authorization agreements, security requirement traceability matrixes, test procedures, plans of actions and milestones. Continue to enjoy the security profession as it is constantly evolving and it requires me to continue learning and evolving as a professional.

PROFESSIONAL EXPERIENCE:

06/25/2023 – Present ALKU

Information Security Engineer for a government agency. Provide scan results to analyze continuous monitoring activites and develop security test procedures as well as update body of evidence documentation. Experience with Risk Management Framework (RMF) processes and procedures.

04/03/2023 – 06/22/2023 ManTech International

Fulfilled the role of Cyber Security Manager for a Department of Defense customer. This entails managing a team of a dozen or so personnel. Participating in master schedule processing and working the Jira boards for the cyber team. Experience with Risk Management Framework (RMF) processes and procedures.

09/2022 – 03/31/2023 Solutions71 – A subsidiary of Eyak Corporation

Information System Security Manager (ISSM) for the Expeditionary Energy and Sustainment Systems (E2S2) Program Office; responsibilities included:

Provide risk management framework knowledge and expertise to my customer

Fulfilled the role of ISSM for the customer

08/2022 – 09/2022 Kwaan Bear Information Technology Service

August 2022 to September 2022 – Cyber Security Engineer – Responsibilities:

Provided cyber/information security guidance to my customer.

Fullfilled the role of an Information System Security Manager (ISSM) on developing an Authorization Package for a internal customer network. This entailed developing needed documentation as well as using the Enterprise Mission Assurance Securty Service (eMASS) to capture required test procedures and develop Plans of Actions and Milestones (POAMs) for the sytem.

Provided security engineering support to include Security Technical Implementation Guides (STIGs) implementation and review, reviewing results of vulnerability scans, and providing guidance for implementing systems in a secure manner.

09/2020 – August 2022 North Tide Group – A subsidiary of Eyak Corporation

September 2020 to August 2022 – Cyber Security Subject Matter Expert – Responsibilities:

Provided cyber/information security guidance to my customer.

Fullfilled the role of an ISSM on developing an Authorization Package for a internal customer network. This entailed developing needed documentation as well as using the eMASS to capture required test procedures and develop POAMs for the sytem.

Providied security engineering support to include Security Technical Implementation Guides (STIGs) implementation and review, reviewing results of vulnerability scans, and providing guidance for implementing systems in a secure manner.

12/2018 – 09/2020 CACI

January 2020 to September 2020 – Information System Security Engineer – Responsibilities:

Developed a Security Control Traceability Matrix (SCTM) for a medium level system which cross referenced the NIST 800-53r4 controls with NIST 800-171 controls.

Developing a Role Based Access Control (RBAC) model for a lab environment.

Performed audit of server build and STIG effort within the group.

Developed Role Based Access Control roles for an Azure environment.

Developed security documentation for an Azure environment.

Working with the CyberSecurity Maturity Model Certification and NIST 800-171 security package for an Azure environment.

From December of 2018 to December of 2019 I was a Software/System Engineer at CACI. Responsibilities:

Provided day to day processing support on the Continuous Diagnostics and Mitigation (CDM) program dashboard. This includes executing daily checks and implementing corrections to the environment as needed.

Developed needed system documentation including install instructions and test cases for options installed.

Managed the process of implementing changes to the system.

Acted as team lead when the manager is out of the office on leave.

12/2016 – 12/2018 ManTech International

I was a Senior Principal Information Security Engineer at ManTech. Responsibilities:

Developed processes and procedures for security tools being deployed in a test lab

Assisted with the development of system security documentation for various applications and security tools

Created workflows from the incident response process to be followed by security operations center personnel

Performed security impact analysis reviews on changes to the system

Updated processes and procedures for the security operations center management tool

04/2015 – 12/2016 CACI

I was an Information Security Specialist, Sr. Principal at CACI. Responsibilities:

Developed test procedures to meet Intelligence Community Directive (ICD) 503 control standards.

Developed test procedures to meet the ICD 500-27 Audit requirements.

Worked programs through the Risk Management Framework (RMF) structure for an intelligence agency.

Reviewed, and recommended Cross Domain Solutions and various rule sets implemented by those Cross Domain Solutions.

Functioned as a Security Control Assessor.

Functioned as a Designated Approving Official, Representative.

09/2014 – 04/2015 GBTI Solutions

I was a Security Advisor supporting The Library of Congress. Responsibilities:

Developed system hardening guides for various operating systems and components used by the Library of Congress systems.

Advised projects within the Library on how to perform Certification and Accreditation efforts based on the National Institute of Standards and Technologies (NIST) 800 series documents. These include experience with the NIST Risk Assessment process, the Risk Management Framework, Managing Information Security Risk, the NIST Control set, and the Continuous Monitoring process

01/2014 – 09/2014 CACI Technologies Inc., Cyber Solutions Group

Information Security Engineer that supported U.S. Army Intelligence and Security Command (INSCOM). Responsibilities:

Developed security test procedures based off of the Intelligence Community Directive (ICD) 503 process for an intelligence system.

Have experience with the NIST Risk Assessment process, the Risk Management Framework, Managing Information Security Risk, the NIST Control set, and the Continuous Monitoring process

Received training and learning the system level aspects of the HP Fortify product.

Managed the test procedure project for the intelligence system.

01/2014 – 01/2014 Parsons

I was an Information Systems Security Engineer in support of an approval process for ICD 503 systems.

04/2012 – 01/2014 CACI Technologies Inc., Cyber Solutions Group

I was an Information Security Engineer supporting U.S. INSCOM. Responsibilities:

Developed hardening procedures for Linux based operating systems

Created Certification and Accreditation (C&A) documentation for the Director of Central Intelligence Directive (DCID) 6/3 methodology:

Performed Vulnerability Assessments to include:

oExecuted scans with Retina, SecScn, SCAP, Nessus, and other tools

oAnalyzed and interpreted the scan results

oCreated Plans of Actions and Milestones (POA&M) based on the scan results and security assessment reports off of the findings from these scans

oGained knowledge of ICD 503 which is based off of the National Institute of Standards (NIST) 800-53 an 800-53a process; providing me with knowledge of the NIST processes and procedures

05/2011 – 04/2012 Pentagon Federal Credit Union

I was an Information Security Architect at the Pentagon Federal (PenFed) Credit Union. Responsibilities:

Architected the deployment and installation of their Security Information Event Management (SIEM) application

Built the Security Operations Center (SOC) for PenFed; this included hiring the staff, developing processes and procedures used by SOC personnel, and designing the physical space for the SOC

Provided security insight and assistance with the application, systems, and network staffs on projects internal to PenFed.

04/2003 – 05/2011 CACI Technologies Inc., Cyber Solutions Group

Held multiple Information Security/Assurance roles while employed at CACI Technologies. Responsibilities:

Developed security processes and procedures for external network connections for customers

Enforced customers’ security policy and managed security patch and vulnerability processes

Managed operational aspects of a SOC, and developing operational procedures for the SOC

Created C&A documentation such as System Security Authorization Agreements (SSAA’s), test processes and procedures, operational documentation using the DCID 6/3 process, and the Department of Defense Information Assurance Certification and Accreditation (DIACAP) process

Executed a technical manager role which included assisting the project manager in the IA team project management tasks, leading an IA team of six individuals, and working directly with the IAM of the government agency on a daily basis

Developed configuration management documentation and other process and procedure documents to develop repeatable processes.

Executed and reported on monthly Retina scans for a component of the Department of Defense

01/2000 – 04/2003 CSC Federal Sector formerly DynCorp Systems and Solutions

I was an Information Security Engineer at CSC/DynCorp. Responsibilities:

Worked on the Critical Infrastructure Protection (CIP) program for the Department of Treasury

Performed security/risk assessments for various customers

Security engineering efforts on the Trilogy network project for the FBI. Specifically:

oInstallation, configuration, and implementation of security products such as Tripwire, Cisco ACS, RSA ACE, and Cisco PIX firewall

oDocumented procedures to install, configure, implement, and test these systems, and supported development of the SSAA for the system

oDeveloped and executed security test procedures for the Solaris operating system

05/1999 – 01/2000 SRI Consulting

I was an Information Security Consultant at SRI Consulting. Responsibilities:

Developed and edited content for a virtual on-line security university

Performed risk assessments on network infrastructure to better deploy customer networks

Developed and presented a security awareness course for fellow SRI Consulting personnel

10/1995 – 05/1999 National Association of Securities Dealers

Held multiple roles while employed at NASD. Initially began as a System Administrator and transitioned to an Information Security Specialist. Responsibilities:

Documented security processes, procedures, and guidance material. These included:

oOperating system implementations of the overall NASD security policy

oIncident Handling and Response procedures

oPassword strength implementation and guidance

Worked with the training department in developing/implementing/executing NASD’s Security Awareness program

Administered and supporting systems and databases at the NASD testing facilities country wide

05/1993 – 10/1995 CACI Commercial, INC

I was a Systems Administrator for a litigation support effort supported by CACI. Responsibilities:

Daily system administration and troubleshooting responsibilities on SUN OS and Solaris systems

Acted as operations manager when requested

Created/presented system training materials and system documentation for the project

11/1991 – 05/1993 POTOMAC SYSTEMS ENGINEERING, INC

I was a Systems Administrator for a Department of Defense customer. Responsibilities:

Daily system administration and troubleshooting responsibilities on AT&T 3B2 systems

Created/presented system training materials and system documentation for the project

11/1987 – 11/1991 PINKERTON COMPUTER CONSULTANTS, INC

I was a Computer Programmer while employed at Pinkerton Computer Consultants. Responsibilities:

Developed application code for budget systems at State Department for both Wang VS and Personnel Computer based applications

Provided support to users in the field and at State headquarters for the systems that were developed

Created documentation for the system as needed

09/1984 – 11/1987 U. S. DEPARTMENT OF EDUCATION, Washington, D C

I was an Information Systems Professional at U.S. Department of Education. Responsibilities:

Developed and implementing detailed test plan, assisting in systems documentation, and providing user support for a new education loan payment system being developed at the time

Created documentation for the system as needed

PERSONAL INTERESTS:

Away from work I like to read, build NASCAR models, take cruises, and watch football.

EDUCATION:

B.S., Computer Science, Lock Haven University, Lock Haven Pennsylvania, 1983, Dean's List

SUN SCHOOL SA 135 - Solaris 2.X System Administration Essentials

SA 285 - Solaris 2.X System Administration

DIACAP Process Knowledge class

CLEARANCE:

Department of Defense Top Secret, SCI clearance at present ; have held Counter Intelligence (CI) Poly in the past.

CERTIFICATIONS:

ISC2 Certified Information Systems Security Professional (CISSP)

InfoSec Assessment Methodology (IAM) sponsored by The National Security Agency (NSA)

CompTia Linux +

MEMBERSHIPS:

Internal International Information Systems Security Certification Consortium (ISC2)

Systems Administration, Networking and Security (SANS) Institute

REFERENCES / CONTACT Number:

Available upon request / Contact number is 703-***-**** after 4:30 pm. During the day please call 571-***-****.

Contact this candidate