Cyber Security Change Management

Change Management/Cyber Security Analyst

Results-focused and highly-accomplished professional with a solid background providing valued configuration/change management, customer and logistics support. Recognized success in CM planning, configuration identification, configuration control/change management, configuration audits and organizational flow which is an intricate and critical element of Assessment & Authorization (A&A) within the Risk Management Framework (RMF). Experience includes team contributions in the successful certification, accreditation(C&A), and management of numerous systems governed by different authorities and directives, which include DoD Information Assurance Certification and Accreditation Process (DIACAP) and RMF. Highly proficient in proving organizational-level subject matter expertise for DoD IA Workforce structure, user account Management, Data Transfer programs while specializing in agency compliance and policy development. Solid track record of developing and implementing polices/procedures that directly impact overall efficiency and performance. Capable to effectively cultivate solid relationships with personnel, customers and upper management. Adepts quickly at acquiring news skills and knowledge toward supporting organizational goals and objectives. Seeks opportunity in expanding talents as well career into Cyber Security with establishing on the job training with Computer Network Detection (CND) and Network security.

Professional Experience

22nd Century Technologies, Inc., McLean, VA September 2024 to Present

Information System Security Officer (ISSO) DoD United States of the Airforce Studies & Analysis (SAF/SA)

Collaborate with system administrators and engineers to maintain the security posture of SAF/SA. In addition, the following responsibilities are included:

Assess & Authorize – Validates all connections from the wall plate out.

Approval to Connect – Collaborate with engineers with documentation to continues classified connection to the Pentagon backbone.

ACAS Reports – Track vulnerabilities, IAVMs, CVEs, TCNOs,etc. and report to executive management weekly to assure the posture of the enclave is secure.

LinTech GLOBAL, Inc., Alexandria, VA February 2022 to September 2024

Information Assurance / Security Specialist DoD Office of Inspector General Cyber Security

Worked with individuals from a variety of technical and functional disciplines to provide guidance on solutions that meet overall business needs while also embedding necessary security controls from end-to-end.

Scan, monitor and report vulnerabilities on the network to system administrators using Assured Compliance Assessment Solution (ACAS) per USCYBERCOM TASKORD 20-0020.

Ensure compliance with Security Technical Implementation Guides (STIGS) settings by running tools like Security Content Automation Protocol (SCAP) and ACAS.

Maintain and update DoD 8410 Workforce Program and DoD 8570 Compliancy including privileged accounts, waivers and certifications.

Create technical documentation for working SOPs to help develop solutions and requirements.

Document, maintain and update weekly IAVMS and Taskord/Opords

Ensure that plans of actions and milestones (POA&Ms) or remediation plans are in place for vulnerabilities indentified during risk assessments, audits, inspections, etc.

Maintain and update tickets for Spillages, onboarding procedures and various accounts (NIPR,SIPR,Virtual,etc.)

Administrator and monitor the agency implementation of the Risk Management Framework (RMF steps and activities throughout the life-cycle.

Bespoke Corps LLC, Sterling, VA June 2018 to October 2021

Cybersecurity Vulnerability Management Team Lead Security of Defense Communication (SDC) Security Branch (SB)

Secured IT systems security posture through a vulnerability-defined process via Assured Compliance Assessment Solution (ACAS) instantiation to accurately report vulnerability metrics for organization’s networks, triaging the most critical vulnerabilities for patching and additional remediation. Work with Information System Owners (ISOs) and their security teams to enter evidence of remediation of vulnerabilities.

Delivered weekly vulnerability ACAS scan reports to the Critical Infrastructure (CI) team

Delivered focused bi-weekly ACAS reports to the SDC senior leadership

Reviewed the information assurance (IA) risk score of all 7300+ information technology (IT) assets weekly

Researched and collaborate on the status of the quantity and plans for SDC programs’.

Supported high priority VIP travel requirements, coordination with outside agencies for OCONUS travel support.

Arena Technologies, Chantilly, VA September 2017 to June 2018

Cyber Security Analyst Intelligence Community (IC)

Secure IT systems through a vulnerability-defined, checklist mentality. Assess risks one system at a time and take into account multiple variables of risk and provide an executive level view of the results. Monitor XACTA POA&M liens through the RMF process. Work with Information System Owners (ISOs) and their security teams to enter evidence of lien closure.

Delivered weekly IC reports to the Chief Information Officer (CIO)

Delivered focused IC reports to the COMM Director’s Management Panel (DMP)

Reviewed the information assurance (IA) risk score of all 1500+ information technology (IT) assets weekly

Updated a weekly average of 100 IC-sponsored IT assets’ IA risk scores, and priority liens, (with level of effort and projected dates) that could reduce the high-risk IT assets’ scores below the CIO’s risk threshold.

Researched, collaborated and provided presentations the COMM Risk Opportunities Management Board (CROMB) and the IC Risk Opportunities Management Board (NROMB) and status of the quantity and plans for IC programs’ recapitalization of International Business Machines (IBM) hardware that receives upgrades from subsidiary.

Automated XACTA functionality, which enable IA stakeholders to publish finalized documentation (e.g., Authorizations and Decommission letters) within the latest version of XACTA.

Researched the ownership of 70+ IT assets that are misidentified in XACTA

Facilitated and encourage that decommission of 15+ assets that had been overlooked by system owners.

Info RELIANCE, Quantico, VA October 2014 to September 2017

Cyber Security Analyst Air Force Office of Special Investigation

Provided all-inclusive cyber security support (i.e. protecting Information Technology (IT) assets against unauthorized and/or accidental modification of IT principles, implementing procedures to ensure protection of information on the network and policies), Also, developed and implemented the Classified Messaging Incident (CMI) process, maintained Time Compliance Network Order (TCNO) via AFNetOps Compliance Tracker (ACT) that allowed me to administer the Communication Computer Security (COMPUSEC), Communication Security (COMSEC) and database management.

Performed ACAS scans on workstations and servers.

Assisted Command ISSM with ISSO duties by volunteering to occupy critical IA billet and augmentation of duties to provide direct support, guidance and counsel with regard to compliance standards.

Served as SME/primary POC in matters of COMPUSEC; COMSEC and EMSEC inspections for HQ AFOSI

Assisted Cybersecurity/IA team in C&A (DIACAP) of NIPR/SIPR enclaves providing updates; reviews and development of IA/Cybersecurity SOP’s; policy and System Security Plans (SSP), as necessary in support of risk assessments.

Documented and validated RMF/DIACAP cyber security requirements to include Plans of Milestones and Actions (POA&M) generated from DoD eMASS repository

Ensured individual training/certification requirements are met in support of DoD 8570.01-M

Primary POC for all incident response; COMSEC; COMPUSEC; EMSEC issues in support of Air Force Information Assurance & Assessment Program (IAAP)

Assisted with FISMA reporting requirements to HQ Air Force(HAF) stakeholders

Utilized Department of Defense Assured Compliance Assessment Solution (DoD ACAS) Network Security Scanner to perform monthly and adhoc scans for vulnerabilities upon the network to administer the Network Security Program.

Reported compliance in AFNETOPS Compliance Tracker (ACTS) to safeguard and control all COMSEC equipment.

Updated the McAfee signature to scan the external drives, laptops, computers and CDs.

General Dynamics Information Technology (GDIT), Quantico, VA October 2011 to October 2014

Senior Configuration Specialist Intelligence Community (IC) Air Force Office of Special Investigation

Provides comprehensive configuration and change support, including developing and implementing the change process of Request for Change (RFC), document management, database management and CCB/CAB secretariat.

Maintained RFC formatting for documents to be delivered to the Customer

Appllied knowledge of configuration management to establish and implement change process policies and procedures.

Developed, documented and maintained CM plans, policies and procedures tailored to the complexity and scope of the project.

Established change control and prepares for Change Advisory Board (CAB), documentation and audits

Utilized Retina Network Security Scanner to perform monthly and adhoc scans vulnerabilities scans

Reported compliance in AFNETOPS Compliance Tracker (ACTS)

Updated retina signatures to stay current

Updated the McAfee signature to scan the external drives

SAVA SOLUTIONS, Vienna, VA April 2011 to October 2011

Senior Configuration Manager Federal Bureau of Investigation Terrorist Screening Center

Provided configuration management support to the FBI Unit Chief by establishing a configuration baseline, enhancing the change request process flow, documenting processes and maintaining a Microsoft Access CMDB.

Generated weekly, monthly and quarterly reports on dissemination of change request.

Established software license report with expirations report dates of 30 day, 60 day and 90 days

Worked with procurement team to get software renewed / disposed.

SOFTWARE APPLICATION INTERNATIONAL CORPORATION (SAIC), Kingstowne, VA June 2008 to April 2011

Hardware Configuration Manager

Performed customer transaction request for Dell laptops; packed, delivered and received

Provided data management and tracked IT assets for over 11,000 end-users.

Maintain accountability of over 25,000 assets.

Controlled personnel access to facilities along with access levels within Data watch database

Provided monthly metrics to management of what asset(s) was checked-out throughout their team with accuracy of 90% accountability.

Maintained the IT software Library to include documentation and master copies of software.

SYSTEMS INTEGRATION, INC., Pentagon November 2006 to June 2008

Software Configuration Management Air Force Headquarters

Facilitated CM software license processes, rules and procedures for 844th Communication Squadron to operate parallel with Microsoft InfoPath and the license management to BelManage.

Presented processes and procedures to auditors during yearly audits which helped to manage Configuration Management Database (CMDB) using Microsoft SharePoint.

Worked on a team that created and communicated changes in the software receiving processes to over 15,000 customers.

Presented processes to 844th Communication Squadron Vendors, CM management and customer.

Saved the customer over 2 million dollars through a software true-up, which was originally 4 million over the budget.

Used sets of systematic controls and processes to keep information accurate:

oUsed BelArc: BelManage to monitor the network for license usage.

oUsed Microsoft SharePoint to manage software license key request.

oDeveloped a process for customers to submit license key request through Microsoft InfoPath.

ABACUS TECHNOLOGY CORPORATION, Alexandria, VA November 2005 to November 2006

Configuration Analyst Defense of Security Services (DSS)

Facilitated deliverable processes, rules and procedures for DSS using Rational Clear Quest and Clear Case.

Provided version control documents/ deliverables.

Worked closely with vendor personnel to create and communicate changes in the deliverable review process.

Developed processes presentations, metrics review and deliverable reports.

Administered and communicated staff comments and concerns regarding the deliverable review process.

Audited subcontractor’s inspections or technical documents preparation procedures to verify compliance with the agreed contract requirements.

LOCKHEED MARTIN, Washington, DC November 2000 to November 2005

NISC Configuration Manager Technician Federal Aviation Administration (FAA)

Served as liaison for the regional and headquarter FAA personnel who utilized the National Airspace System Change Proposal (NCP) review process.

Facilitated the NCP review processes, rules and procedures established for FAA management.

Worked closely with FAA personnel to create and communicate changes in the NCP review process.

EDUCATION, TECHNICAL TRAINING and CERTIFICATIONS

Bachelors of Science in Social Work/Human Services, LONGWOOD UNIVERSITY, Farmville, VA 2000 Certified Ethical Hacker v7, EC COUNCIL, 2012 Security + ce, COMPTIA, 2012 Certified ITIL v3 Foundation, PEOPLECERT GROUP, 2011 Certified Information System Security Professional (CISSP) training, 2016 Certification of Completion Information Assurance, SYSTEM ADMINISTRATORS, 2009 Information Assurance Compilation Series, DIACAP OVERVIEW, 2009 Certified International Hardware/Software Configuration Manager, 2001 Certified Software Asset Manager, IAITAM, 2007 Configuration Management Training Conference Verification and Audits, Planning and Management and Configuration Identification, 2001

Contact this candidate