Post Job Free

Resume

Sign in

Senior It Security

Location:
Tuscaloosa, AL
Posted:
April 16, 2024

Contact this candidate

Resume:

DARRYL L. GAY

Email: ad41pd@r.postjobfree.com

LinkedIn: www.linkedin.com/in/darryl-gay-8b0a629

PO Box 20801 Tuscaloosa AL 35402 Phone: 205-***-****

OBJECTIVE

Senior IT Security Professional utilizing my broad technical knowledge combined with outstanding leadership abilities and creative problem-solving skills. An effective communicator that can explain complex concepts and ideas to technical and non-technical individuals in a concise and clear manner.

EDUCATION

The University Of Alabama, Tuscaloosa, Alabama

Bachelor of Science: Mathematical Statistics

Minor: Computer Science

CURRENT NETWORK ADMINISTRATION / SYSTEMS EXPERIENCE

Applications: MS Office Suite 365 & 2010; Service Now; CA SDM; Man-IT, Crystal Reports; ReportSmith

Backup Software: Backup Exec; Veritas; Seagate

Groupware: Microsoft Exchange Server 2003; 2000; 5.5 & 4.0

Internet/Intranet: MS FrontPage 2003; Google Chrome; MS Edge & Internet Explorer; Firefox; Safari; Netscape

Languages: MS T-SQL; Visual Basic 2005; Delphi; PASCAL; DCL

Network Protocols: TCP/IP; DNS; DHCP; SMTP; IPSec; NAT; PAT; IPX/SPX; DECNet; NetBEUI; RIP; SNMP

Networking Tools: NMAP; Wireshark, NetWitness Investigator; Putty; Cisco Network Assistant; Network Monitor

Operating Systems: Windows Server 2019, 2016, 2012R2; 2008R2; 2003 & 2000; NT 3.51; NT 3.50; Windows 10, 7, XP, Vista; Windows 98; Windows 95; Windows 3.11; Windows 3.1; Novell 4x; VAX/VMS

Relational Databases: MS SQL Server 2008; MS SQL Server 2005; MS Access 2010; MS FoxPro; Paradox

Remote Connectivity: VMware; Windows Terminal Server; MS Teams; Citrix; Zoom, pcAnywhere; NetMeeting

Tools: Nessus; OWASP ZAP; Vega; Shodan; Norton & McAfee Anti-Virus; ArcServe; HP Jet Administration

WORK EXPERIENCE

9th Way Insignia – Veterans Administration Account, Telework/Telecommute 11/22 – Present

A service-disabled, veteran-owned company bringing transformative technology to our government customers so they can achieve their missions. Our specialties include cybersecurity, cloud modernization, software development, data analytics, enterprise architecture, enterprise IT, analytics, and artificial intelligence.

Senior Information Security Analyst (Ops)

Achievements

Demonstrates working knowledge of the Federal Risk Management Framework (RMF) and NIST Security Engineering Standards.

Experience using eMASS to test, validate, review controls, report on compliancy, and/or for FISMA reporting.

Validates data in accordance with Governance Risk Compliance (GRC), Enterprise Mission Assurance Support Service (eMASS), VA System Inventory (VASI), VA IT Process Request (VIPR), Monitoring Service Registry (MSR), Service Now (SNOW), Security Configuration Compliance Data (SCCD), LEAF, and any authoritative systems required in support of the A&A process and ATO meetings.

Proficiency in systems security techniques employed by Federal Agencies such as portfolio analysis, analysis of alternatives, and architecture modeling to support governance activities.

Prepares presentations and training material to assist Sr Leadership, VA organizations, and vital stakeholders in gaining a thorough understanding of the processes relating to IA services and support, Authorizing Official System Briefing (AOSB) and ATO submission, IA automations, and IA reporting.

Darryl L. Gay Page 2

Experience with documenting the results of assessments, incorporating mitigation strategies, and reviewing/managing/evaluating Plan of Action and Milestone (POA&M) in the assessment of information system vulnerabilities that impacts the Enterprise network.

Conducts training as required by providing Briefings, Training Materials, demonstrations, hands on lessons, and Post Training Survey Findings with input from VA stakeholders and handling session logistics.

Proficiency in various security-engineering disciplines associated with Application, Data, Security and Data Center, and Cloud Computing Infrastructure.

Provides recommendations regarding additional, automation, and reporting deficiencies to address areas of non-compliance with IA, OIS, and VA6500 policy and recommend additional training, improvement, reporting or remediation opportunities.

Conducts training in a virtual setting regarding IA services, policy and practices, and operational reporting requirements.

Ensures that the A&A process status for each ATO is tracked, maintained, and reported across the Pre-Authorization, Assessment, and Sustainment Lifecycles, utilizing all VA systems of record, and maintaining authoritative data in automated dashboards and reports provided from near real-time automated ATO Status Reporting, defined by supporting primary responsibilities.

Supports IA and the Authorizing Official (AO) in ATO renewal/evaluation and A&A activities by developing the AOSB, validating stakeholder dispositions and submitted artifacts, and the associated metrics for each of the systems, utilizing all VA systems of record and authoritative data sources.

Provides improvement processing to manage ATOs for the AO, which includes verifying each ISO of the ATO and supporting the ISO by ensuring all documents are completed in a timely manner and in accordance with the ATO SOP.

Conducts data collection and requirement analysis with the participants or stakeholders to ensure operational expectations are being met.

Engages and supports IA by maintaining and operationally engaging and utilizing any authorized VA, OIS, OIT, system, capability, processes, or engagements responsible or related to discovery, scanning, or any means where unidentified systems may possibly be discovered.

Operationally enables the Triage process, and proactively leverages VA processes, tools, reports, and increase understanding across all organizations to identify, register, and achieve initial operational compliance.

Works to identify process and automation capabilities with the team and include metrics and findings in regular reporting.

Experience protecting network devices by determining and documenting access privileges, control structures, and/or resources.

Engages and supports IA by supporting System Security Categorization processes within the RMF cycle.

Familiar with Nessus, particularly CVE and Plugin ID backward engineering to determine vulnerability details, identify mitigations, and assess what security current mitigations are in place and appropriate.

Experience preparing authorization decision verbiage including recommendations for ATO conditions, limitations, circuits, whitelist, classification, and reporting requirements.

Maintains a VA Security Clearance at the Moderate BI/Level allowing access to classified information.

Experience analyzing Nessus/ACAS scans, HP Fortify, SCAP scans and manually evaluating STIG checklists to produce reports in support of AO ATO decision.

MKS2 Technologies – Veterans Administration Account, Telework/Telecommute 12/19 – 10/22

An Information Technology and Cyber Security consultancy that leverages years of military, acquisition, procurement, and business experience to provide decision analytic services to businesses and decision makers within the federal government and commercial market.

Cyber Security Engineer/ Regional Assistant Team Lead

Achievements

Troubleshooting:

Verified that there are no unauthorized or unlicensed applications installed on servers and if there were implemented the process to have the application remove or have a POA&M established by the system owner.

Ensured that VA servers were compliant with current VA standards and baselines.

Darryl L. Gay Page 3

Used industry standard security frameworks like NIST, HIPAA, HITRUST, ISO 27001, PCI DSS, and COBIT to ensure that VA servers were hardened against hacks and attacks.

Researched and developed solutions to newly identified and unresolved issues occurring with Windows 2019, 2016, and 2012R2 at the enterprise level that affect confidentiality, integrity, and availability of servers.

Updated, sustained, and administered a high level of security for in-house and cloud server security infrastructures of VA servers.

Identified threats, evaluated system changes for security implications, and recommended enhancements that ensured confidentiality, integrity, availability, and non-repudiation were maintained for VA servers.

Continuously identified and remediated security deficiencies on VA’s enterprise network infrastructure, database platforms, and web application servers for the following states and territories: Alabama, Georgia, Ohio, Tennessee, Kentucky, Indiana, Illinois, Michigan, Pennsylvania, West Virginia, Virginia, Missouri, Kansas, Texas, Florida, Colorado, South Carolina, North Carolina, New York, Wisconsin, Arizona, Connecticut, California, Puerto Rico, and the Philippines.

Reassigned orphaned servers to the correct region to ensure that security patches were applied timely by system and site owners.

Proactively worked with the different regions and sites to determine the application owner of vulnerable applications to ensure that required patches were installed to maintain VA baseline compliance.

Provided application security solutions to local sites and ensured that they were configured and implemented correctly.

Maintained fluency in security trends, evolving threats, risks, and vulnerabilities, associated tools, and strategies to mitigate risk to an acceptable level per VA policy mandates and baselines.

Member of the VA’s Governance Team that was responsible for ensuring compliance with security policies for Windows 2019, 2016, and 2012R2 servers in an enterprise environment.

Installation and maintenance:

Supported, communicated, reinforced, and defended the cybersecurity mission, values, and culture of the VA organization to VA employees and vendors.

Ensured that the VA’s data and infrastructure were protected by enabling security controls that provided appropriate confidentiality, integrity, and availability to authorized personnel.

Created OOB (Out of band) accounts for network cards to ensure their security against persistent threat agents.

Managed and implemented internal VA process that ensured servers were moved into the correct containers to be assigned to the proper Team for vulnerability remediation assignment and management.

Participated as a technical advisor on all technical projects to ensure security standards were adhered to.

Implementation:

Advocated and enforced cybersecurity best practices and shared insights throughout the VA organization.

Contributed to the development of the information security program to enable consistent, repeatable, and effective information security practices that minimize risk and ensure the confidentiality, integrity, and availability of information that is critical to the delivery of patient care within the VA.

Provided technical security expertise on application and server issues within the Enterprise Security Team and to VA employees and vendors.

Implemented, managed, monitored, and upgraded required security measures for the protection of the critical systems and data as required by the VA’s security policy.

Active participant in design reviews, integration, testing, and documentation of procedures that protected the conditionality, integrity, and availability of the VA’s critical systems and data.

Contributed to information security policies, standards, and practices and overseeing their approval by appropriate business and technology leadership.

Ensured all internal security policies were in alignment with the VA’s overall security strategic vision.

Contributed to the establishment, implementation, and ongoing maintenance of information security and risk management policies, standards, and processes that were consistent with the VA’s commitment to protect the health information and privacy of their patients as they comply with all legal and regulatory requirements.

Additional Responsibilities:

Ensured all employees followed the appropriate ethical behavior at work.

Evaluated and reviewed policy security enforcement practices to ensure they met ongoing VA policy mandates.

Verified that system designs followed current VA policies and procedures.

Darryl L. Gay Page 4

Researched emerging technologies, hardware, and software, and suggested using them to top management if applicable.

Trained employees on different IT topics, especially understanding how malicious actors executed various cyberattacks, such as phishing and social engineering attacks.

Designed, developed, implemented, and coordinated systems, policies, and procedures.

Ensured security of data, network access and backup systems.

Researched server hardware and applications and made recommendations on vendors, manufacturers, and product versions to ensure compliance with established VA policy.

Identified areas of process improvement and communicated to management as required.

Headed project in the VA enterprise to identify and reconfigure OOB (Out Of Band) devices which are attached to servers for the purpose of allowing access to those servers when they have been physically powered off.

Served as internal consultant and advisor to VA leadership to inform all of information security and issues impacting the associated area of responsibility, to foster a culture of cybersecurity both within the IT organization, and to drive behavioral changes for the organization.

Member of the Windows 2012 & Windows 2012R2 Decommission Team that was responsible for removing all Microsoft unsupported servers from the VA infrastructure in a concise and timely manner.

Assisted Regional Team Lead in making decisions that would better benefit our Team and ensured that the VA’s policies and mandates were implemented to verify that all systems were properly protected.

Analyzed server security breaches to determine their root cause, recommended and installed appropriate tools and countermeasures to ensure confidentiality, integrity, and availability were re-established to current VA baselines.

Obtained and maintained a VA Security Clearance at the Moderate BI/Level which allowed access to classified and protected information.

Contributed to the implementation, and ongoing maintenance of information security and risk management policies, standards and processes that were consistent with the VA security policy to protect the classified and sensitive health information and privacy of patients (HIPAA and HI-TECH) and maintained compliance of all legal and regulatory requirements.

Initiated, facilitated, and promoted activities to foster information security awareness and education within the associated area of responsibility.

Tetra Tech AMT – Veterans Administration Account, Telework/Telecommute 11/15 – 11/19

A leading provider of consulting, engineering, program management, construction management, and technical services.

Senior System/Security Administrator/Network Administrator

Achievements

Troubleshooting:

Researched and developed solutions to newly identified and unresolved issues occurring with Windows 2019, 2016, 2012R2 and 2008R2 servers at the enterprise level.

Remediated software version vulnerabilities and kept on top of changes to the enterprise environment.

Identified and remediated security deficiencies on VA’s enterprise network infrastructure, database platforms, and web application servers for the following states and territories: Alabama, Georgia, Ohio, Tennessee, Kentucky, Indiana, Illinois, Michigan, Pennsylvania, West Virginia, Virginia, Missouri, Kansas, Texas, Florida, Colorado, South Carolina, North Carolina, New York, Wisconsin, Arizona, Connecticut, California, Puerto Rico, and the Philippines.

Member of the VA’s Governance Team that was responsible for ensuring compliance with security policies for Windows 2019, 2016, 2012R2 and 2008R2 servers in an enterprise environment.

Ensured that all security related procedures and documentation were current for VA servers in the enterprise.

Member of the Windows 2008, Windows 2008R2, Windows 2003, and Windows 2000 Decommission Team that was responsible for removing all Microsoft unsupported servers from the VA infrastructure in a concise and timely manner.

Managed and implemented internal VA processes that ensured servers were moved into the correct containers to be assigned to the proper Team for vulnerability remediation assignment and management.

Darryl L. Gay Page 5

Installation and maintenance:

Installed patches on Windows 2019, 2016, 2012R2 and 2008R2 servers, Windows 10 and 7 workstations, and printers to address security deficiencies.

Co-ordinated, configured and installed network port configurations on Cisco switches and routers.

Participated as a technical advisor on all technical projects to ensure security standards were adhered to.

Configured and reset VLAN port configurations on networked switches for phone and computer or computer only per VA policy mandate.

Implementation:

Implemented VA’s configuration management controls to ensure VA systems have appropriate security baselines and up-to-date vulnerability patches for Windows 2019, 2016, 2012R2 and 2008R2 servers.

Researched and implemented network security measures to protect data, software, and hardware.

Configured and implemented port security on Cisco switches and routers.

Analyzed server security breaches to determine their root cause, recommended and installed appropriate tools and countermeasures.

Developed the following Reports:

oWeekly/Monthly Activity Reports

oPatch Implementation Report

oTicket Trend Report

oTicket Resolution Report

oLine Issue Report

oGap Analysis Report

Additional Responsibilities:

Reassigned orphaned servers to the correct Region to ensure that security patches were properly applied.

Installed and uninstalled equipment when required and fulfilled virtual team member requirements as needed.

Adhered to standardized system development and change management controls for mission-critical systems.

Provided technical expertise as required by each VA location.

Obtained and maintained a VA Security Clearance at the Moderate BI/Level which allowed access to classified and protected information.

Adhered to HIPAA and HI-TECH rules concerning the handling of sensitive and classified data.

Assisted Tier 1 and 2 personnel with the following duties:

oResponding and resolving tickets in a timely manner.

oImplementing patches and implementing corrective actions needed to mitigate security risks and vulnerabilities.

oIdentifying any IT related deficiencies based on scan or other IT assessment test or techniques, as part of a gap analysis.

oImplementing IT policies, procedures, and system controls.

oProviding hardware and software support/troubleshooting.

oTesting and imaging desktops and laptops.

oMaintaining, analyzing, and troubleshooting software and computer peripherals.

oSetting up and configuring all hardware.

oEnsuring all tickets requiring follow-up work and/or calls were properly resolved.

oProviding technical support to end users via telephone.

oTesting, imaging, and cleaning PCs, laptops, and other related hardware.

Journey In Motion Inc, Tuscaloosa, AL 08/21 – Present

A 501/c-3 non-profit life enrichment corporation that equips families to Create, Share, and Grow through coaching and mentoring, which allows them to make a difference in their communities, their state, and the world.

President/CEO

Achievements

Leadership:

Oversees and implements appropriate resources to ensure that the operation of the organization is appropriate.

Strong public speaking ability.

Planning and operation of annual budget.

Darryl L. Gay Page 6

Establishing employment and administrative policies and procedures for all functions and for the day-to-day operation of the nonprofit.

Serving as Journey In Motion’s primary spokesperson to the organization’s constituents, the media and the general public.

Establish and maintain relationships with various organizations throughout the state and utilize those relationships to strategically enhance Journey In Motion’s Mission.

Review and approve contracts for services.

Report to and work closely with the Board of Directors to seek their involvement in policy decisions, fundraising and to increase the overall visibility of the Foundation throughout the State.

Responsible for overseeing the administration, programs, and strategic plan of the organization.

Ability to convey a vision of Journey In Motion’s strategic future to staff, board, volunteers and donors.

Oversees the organization and facilitation of Board and Committee meetings.

Responsible for strategic planning to ensure that Journey In Motion can successfully fulfill its Mission into the future.

Responsibilities:

Responsible for fiscal management that generally anticipates operating within the approved budget, ensures maximum resource utilization, and maintenance of the organization in a positive financial position.

Accountable for the enhancement of Journey In Motion’s image by being active and visible in the community and by working closely with other professional, civic and private organizations.

Possess the skills to collaborate with and motivate board members and other volunteers.

Oversees marketing and other communications efforts.

Ability to interface and engage diverse volunteer and donor groups.

Possesses knowledge of fundraising strategies and donor relations unique to nonprofit sector.

Demonstrate the ability to oversee and collaborate with staff.

Strong organizational abilities including planning, delegating, program development and task facilitation.

Possesses strong written and oral communication skills.

Additional Obligations:

Responsible for fundraising and developing other resources necessary to support Journey In Motion’s mission.

Solid, hands-on, budget management skills, including budget preparation, analysis, decision-making and reporting.

Responsible for the hiring and retention of competent, qualified staff.

Supervises, collaborates with organization staff.

Proven strategic planning and implementation abilities.

Journey In Motion Inc, Tuscaloosa, AL 04/13 – 08/21

A 501/c-3 non-profit life enrichment corporation that equips families to Create, Share, and Grow through coaching and mentoring, which allows them to make a difference in their communities, their state, and the world.

Vice President/Chief Information Security Officer

Achievements

Leadership:

Responsibilities included the development, writing, submission and archival of all proposals with a long-term relationship-management approach.

Oversaw research funding sources and trends, with foresight to help position Journey In Motion ahead of major funding changes or trends.

Developed and implemented a stewardship program aimed at cultivating deeper ties with donors.

Directed and approved the design of security systems.

Reviewed and approved security policies, controls, and cyber incident response planning.

Oversaw and approved identity and access management policies.

Briefed the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget.

Darryl L. Gay Page 7

Managed all teams, employees, contractors, and vendors involved in IT security, which may include hiring.

Established appropriate governance and oversight for the security program in conformance with applicable information security laws and regulations.

Initiated, facilitated, and promoted activities to foster information security awareness and education within the associated area of responsibility.

Oversaw, developed and/or delivered initial and ongoing security training.

Provided oversight for the information security compliance program by identifying areas of non-compliance and directed corrective action as needed.

Responsibilities:

Supported and partnered with the Executive Director and board members on all major fundraising initiatives.

Collaborated with the Chief Operating Officer (COO) to develop and implement Journey In Motion’s financial strategy.

Actively worked with the Executive Director and senior staff to develop and implement a comprehensive development strategy to include corporate, foundation, and government grants.

Developed and implemented the information security program to enable consistent, repeatable and effective information security practices to minimize risk and ensure the confidentiality, integrity, and availability of information that is critical to Journey In Motion’s infrastructure.

Ensured that disaster recovery, business continuity, risk management and access controls were documented and periodically tested.

Reviewed investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities in the future.

Ensured compliance with the changing laws and applicable regulations and translated that knowledge to identification of risks and actionable plans to protect the business.

Made sure that cyber security policies and procedures were communicated to all personnel and that compliance was enforced.

Provided training and mentoring to security team members.

Constantly updated the cyber security strategy to leverage new technology and threat information.

Additional Obligations:

Monitored all donor information; provided and presented statistical analysis to board and senior leaders.

Identified, developed, and mentored the development team.

Monitored and regularly reported on the progress of the development program.

Scheduled periodic security audits which included using outside vendors to ensure that SOC 2 auditing policies and principles were adhered to.

Contributed to ensuring that Journey In Motion complied with all appropriate administrative, technical and physical safeguards.

Communicated best practices and risks to all parts of the business outside of the IT infrastructure.

Maintained current knowledge of applicable security laws, licensing and certification requirements and accreditation standards.

Managed contractual and operational relationships with strategic vendors associated with the delivery of information security operations.

Understood and interpreted regulatory requirements, assessed risks, and identified appropriate safeguards to mitigate the risks, overseeing their implementation and ongoing maintenance.

Inteva Products LLC, Cottondale, AL 01/09 – 11/15

An engineering, manufacturing and supply powerhouse serving customers around the world with innovative solutions.

EDS a HP Company– Delphi Account (currently known as Inteva Products), Cottondale, AL 03/05 – 01/09

$113 billion global information-technology services provider

Systems Administrator/Network Administrator/Team Lead

Achievements

Troubleshooting:

Comfortable working alone in a dynamic and fast paced environment while resolving all IT related issues.

Troubleshot ESX issues related to storage, network, and performance issues.

Darryl L. Gay Page 8

Replaced hard drives in Raid 5 Array and configured new hardware to operate in VMware environment.

Proactively coordinated and monitored servers to isolate, diagnose and resolve common system problems.

Diagnosed server hardware issues and worked with service providers to facilitate repairs in a timely manner.

Reactively responded to incidents concerning production servers to accurately diagnose and resolve problems.

Daily demonstrated the ability to operate effectively and professionally under pressure.

Possessed strong knowledge of system testing best practices and methodologies.

Identified, troubleshot, and resolved hardware, software, and network-related problems.

Installation and maintenance:

Upgraded multiple ESX boxes from VMware 3.5 to VMware 4.1 and virtual hardware of VM servers.

Configured VMware tools on local VM servers.

Monitored ESX servers (CPU, Memory, Disk and Network Utilization).

Applied performance tuning of VMware servers.

Moved VMware servers from one ESX box to another for purpose of load balancing.

Upgraded operating systems of all VM servers from MS Sever 2003 to MS Server 2008.

Monitored performance of VMware servers to determine if additional resources needed to be virtually added.

Determined, recommended, and employed changes to improve systems and network configurations.

Planned, coordinated, and implemented network security measures to protect data, software, and hardware.

Maintained performance of Windows 2008 and 2003 servers through proactive monitoring and maintenance.

Installed patches and service packs to keep servers and databases current per company policy.

Coordinated and performed system startups and restarts around production needs.

Created Active Directory accounts and assigned group permissions as required.

Created customized SQL Server 2005 scripts to modify application database tables and records.

Upgraded, installed, and troubleshot networks, networking hardware devices and software.

Administered and supported the customer’s networked printers, including the configuration and administration of wireless networked printers.

Installed, configured, and troubleshot 2D and 3D barcode scanners.

Implementation:

Creation of virtual switches, ports and port groups and setting up Layer 2 security policies for virtual networks.

Planned, implemented, and provided advice on VMware configurations and migrations.

Installed, configured, and tested new version of Man-IT (MES system) on VMware servers and successfully switched over to new configuration without causing downtime to the customer (Mercedes Benz USA).

Architected and implemented the use of non-routable IP addresses (10 ) on LAN enhancing security.

Researched, tested, and implemented the upgrade of IBM WebSphere MQ (MQ Series) per customer mandate.

Worked closely with vendor to implement new plant floor production application (Man-IT).

Architected



Contact this candidate