SUMMARY

Senior cybersecurity expert with extensive experience managing day-to-day security operations, risk assessment, vulnerability evaluations, people/vendor management, budgeting, and administration. Deep understanding of the application of security principles in multiple environments, across organizational lines. Direct experience with DOD networks/security tools and other government software. Specializes in penetration testing and compliance. Hands-on contributor using industry-standard tools and technologies. Ability to effectively communicate priorities to management, justify budget/expenditures, and quantify productivity. Expert-level analysis, design, and development of security features for system architectures. US Navy, Ret.

PROFESSIONAL TRAINING/CERTIFICATIONS

CISSP, ITILv3, WIN 7, A+ Certifications, Computer Security, Computer Systems and Organization, Digital Principles, Electronic Systems Troubleshooting and Maintenance, Electronics Laboratory, Troubleshooting and Maintenance, Administrating Microsoft Windows 2000, Advanced Administration for Microsoft Windows 2000, Designing Microsoft Windows 2000 Directory Services Infrastructures, Network Installation, IT21 Regulations, Telecommunications Configurations and Management, Information Management/Information Technology (IM/IT), Naval Network Warfare Command Operations, Logistics Information Management, Biotechnology Applications, Internet Anti-Terrorism and Cyber Security Tactics, Firewall Design, SQL Server Management Strategy, Exchange Server, VAX 2100 Series Computer, Tape Disk Controllers, Internet Security and Acceleration 2000, SMS, SNA, DEC Servers, Synoptic CPU, Hierarchal Standard Disk (HSD) Controllers, CISCO Routers, DEC-VAX hardware, NT, Power Point, Word, Excel, VMS and DSM software. Experience using and analyzing results of security, system auditing and NSA and hacking tools i.e. ACAS, eMass, HBSS, Splunk, CISCO AMP, Nexpose, Log Event reviewer, Firepower, Spiceworks, Barracuda, Event Sentry, Opsview, etc.

EDUCATION

•B.S., Information Assurance/Cybersecurity, University of Maryland

•M.S., Information Assurance/Cybersecurity, University of Maryland

•Ph.D. Biochemical Engineering, University of Missouri

Additional coursework areas: Management of Information Systems, Information Security Management, Project Management, Incident Response and Computer Forensics, Security Assessments, Network Intrusion Detection, Network Security, Algorithm Concepts and Design, and Website Security, SharePoint Administration.

WORK EXPERIENCE

IT Security and Compliance Analyst

MBS, Columbia, MO

2/2016-present

Responsible for the security and availability of information assets. Serves as subject matter expert regarding security and policies. Maintains subject-matter expertise regarding current and emerging threat landscape. Manages incident-response plan. Assists IT team members with support issues. Writes and issues audit reports in accordance with PCI DSS, NIST, FedRamp, and other IT security-related standards, company formats, and timelines. Follows up, as appropriate, to obtain and review audit responses. Documents QA auditing activities. Communicates security and audit findings to the relevant project team members and executives. Maintains focus on PCI audit, SOX. Performs vulnerability management, forensic analysis, and security assessment of individual endpoints. Implements effective information-security and risk-management solutions. Leads threat monitoring, incident investigation, and response. Secures and monitors network infrastructure, filtering appliances and firewalls.

Information Assurance Auditor

CyTech LLC, Jefferson City, MO

1/2016-2/2016 (one-year contract)

Conducted audits of on-going projects and stand-alone Quality Assurance (QA) consulting activities as Senior Auditor of system being integrated into State of Missouri’s Medical system. Audit areas included investigator sites, Trial Master and project-management files, data management activities and files, safety reporting, final study reports. Oversaw and inspected vendor responsibilities. Led "for-cause" audits to address suspected critical audit findings, fraud, or misconduct related to investigator sites, vendors, etc.

NOTE: Government contracts are bid upon each year. Although it may look as though I changed positions this is not the case. As contract bids are won by the different companies I stayed in the same position, but with the company who gained control of the contract.

Senior Information Assurance Engineer /Fleet Systems Engineering Team

Vectrus, United States

7/2014 – 8/2015

Served as a senior technical advisor to the Fleet Commander N6 and staff at NAVCENT Bahrain. Provided engineering support services for SPAWAR C4I systems to forward deployed strike groups and Naval Forces. Provided end-to-end technical support for Information Technology (IT) systems. Oversaw a team of Information Assurance Analysts, CERT, and Information Security Officers to ensure the security posture of MOC II Systems.

Lead Senior Information Assurance Analyst/Auditor

SMS (Systems Made Simple), United States

11/2013 – 7/2014

Developed security policies, procedures, and security certification & accreditation (C&A) packages for Austin Information Technology Center (AITC) for the VA, Homeland Security and DOD. Oversaw a team of Information Assurance Analysts, CERT, and Information Security Officers to ensure the security posture of more than 30 networks and over 200 PMOs. Developed and maintained C&A programs, security and contingency plans, risk assessments, privacy impact assessments, incident-response plans, configuration-management plans, configurations checklists, and interconnection security agreements. Performed continuous monitoring, self-assessment testing, and audit and compliance support. Conducted audits on artifacts to ensure they meet all applicable FISMA, NIST, VA, and CDCO criteria, including obtaining management approval.

Sr. Information Assurance Analyst/Auditor

TEK Systems United States

5/2013 – 11/2013

Developed security policies, procedures, and security certification & accreditation (C&A) packages for a variety of worldwide U.S. military activities. Developed and updated C&A security artifacts, such as security plans, contingency plans, risk assessments, privacy impact assessments, incident response plans, configuration management plans, configurations checklists, and interconnection security agreements. Performed continuous monitoring, self-assessment testing, and audit and compliance support. Conducted audits on artifacts to ensure they met applicable FISMA, NIST, VA, and CDCO criteria, including obtaining management approval. Monitored specific change orders to update documentation. Performed risk assessment on an application according to NIST SP 800-30. Assessed security controls for annual FISMA self-assessment testing through interview, documentation review, analyzing scan results, and reviewing other audits/reviews for applicable findings. Performed network and system penetration testing. Stayed current on known hacker methodology, system exploits and vulnerabilities to support Red Team Assessment activities.

Senior Cyber Security Architect

CSC NCTS, Bahrain

4/12-5/13

Developed system specifications to address business requirements. Analyzed systems, defining objectives and creating specifications to meet requirements. Created logical data models. Performed quality-assurance review of specifications. Worked with clients and SMEs to define problem, determine data availability, report requirements, and resolve system design problems. Developed, published, distributed, and assisted in maintaining support plans for C4I and FP systems, authoring Turnover Agreements (TOAs), Project Management Responsibility Transfers (PMRTs), Life Cycle Cost (LCC) Analyses, Logistics Support Analyses (LSA), Age Exploration Analyses (AGE), and so on. Generated logistic plans and agreements for PACAF C4I and FP systems; and when directed by the government, represented HQ PACAF at integrated logistics-support meetings. Presented IT program plans to senior management and non-technical peers. Managed contractors. Served as SME for certification & accreditation for managing packages in eMass. Performed threat-vulnerability assessments. Developed information-system security studies and reports addressing encryption methodologies and algorithms. Performed source-code reviews, threat modeling/risk analysis, and application/network/system-based attack and mitigation methodologies.

Sr. Security Consultant PACAF A6

SecureInfo Corporation, Yokota AB Japan

11/07 – 12/11

Serves on a team of information security professionals in the development of security policies, procedures, and security certification & accreditation (C&A) packages Oversaw the development of the comprehensive System Security Authorization Agreements DIACAP. Performed threat vulnerability assessments, provided security test and evaluation support, provided technical support in the evaluation of security products, and developed information-system security studies and reports to address areas of concern. Consulted in all areas of information-system security, including physical security, administrative security, personnel security, computer security, operations security, and industrial security.

Information Assurance Senior Tech Lead

C4 Planning Solutions

10/2005 to 10/2007

Lead systems analyst for computer and communications/networks systems. Oversaw the overall installation of computer operating systems, network, and application software. Provided senior-level technical direction. Managed large, complex network operations involving legacy systems and state -of-the art technology. Operated and maintained large, complex enterprise telecommunications networks.

Information Technology Security Specialist

SAIC,

2004 to 10/2005

Evaluated, planned, designed, implemented, and maintained AIS Security Program, including DOS, Audit, and Policy. Served as and leading technical authority and program manager for carrying out requirements of Automated Information Systems (AIS) Security programs set forth by DOD, DON, and Defense Information Technology Security Center.

TECHNOLOGIES

•DOD networks and related applications

•SSDLC Security Software Development Life Cycle

•Tenable Security Center

•SIEMs

•IDA Pro(Interactive Disassembler)

•Ollydbg(Win 32 debugger)

•x64dbg( Both x86 & x64 bit debugger

•Hex Workshop

•Windbg

•HxD Hex Editor

•Online Hex Editor

•PEid

•RDG Packer Detector

•DIE (Detect IT Easy)

•Regshot

•Procmon

•Unpacking Scripts & Unpackers

•ASCII Table

•Windows Scientific Calculator

•Hex-Rays IDA

•Wireshark

•Fiddler

•CFF Explorer

•Apktool

•Scylla

•JEB Decompiler

•Hex Calculator

•Oracle VM VirtualBox

•Burpsuite Pro

•Fiddler

•Netsparker

•Fortify

•Checkmarx

•ACAS

•eMass,

•HBSS

•Solar Winds

•Darktrace

•Cloudflare

•Open DNS

•CISCO Umbrella

•Spector

•Nexpose

•KCM

•Splunk

•Netbrain,

•CISODEF

•OpsView

•Securosis

•Event Sentry

•Mantis

•Fire Power

•Barracuda

•Qradar

•Nmap

•Nessus

•SolarWinds

•Stealthwatch

•Opsview

•Darktrace

•Security in both Linux and Windows environments as it pertains to Web application hosting, middleware (IIS, Apache, Tomcat, PHP, ColdFusion, Ajax), and databases (Oracle, MySQL, MS SQL Servers)

Contact this candidate