Cyber Security Engineer
Resume:
Jordan Fitzgerald
Penetration Tester/Project Manager/Cyber Security Engineer, CISSP, Active Secret Clearance
PROFESSIONAL EXPERIENCE
Broadleaf-Inc. Cyber Security Analyst Sep. 2019-present
Supports the Government with coordinating RMF Package requirements to include TEMPEST testing, Ports, Protocols, Services Management (PPSM) registration and Security Control Assessor-Validator (SCA-V) / Security Control Assessor-Organization (SCA-O) testing Conducts the Federal Information Security Management Act (FISMA) annually required Information System (IS) RMF Security.
Control Test to include updating existing RMF artifacts.
Works with ISSOs to ensure Risk and Vulnerability Compliance and continuous monitoring using tools such as Nessus, Tenable, Qualys and Security Center using Symantec agents.
Configure, conduct, and asses vulnerability scans.
Review and evaluate security impact of changes to authorized networks/systems Collect Cybersecurity RMF Metrics
Booze Allen Hamilton. Sr. Penetration Tester
Aug. 2019-Sep. 2019, Tyson’s Corner VA
I joined Booz Allen’s Red Team as a Senior Penetration Tester. Unfortunately, life circumstances didn’t permit me to continue in Tyson’s Corner VA
Worked with Blue Team to establish the Purple Team.
I created advanced attack scenarios which emulated past APT behavior which allowed the blue team to capture signatures for the scenarios used.
I became very advanced with Atomic Red Team (ATR) by Red Canary and even custom made an attack on platform which merged ATR, MITER’s “Caldera” and Cobalt Strike.
Also built custom C2 infrastructure for the tool leveraging AWS & Lambda Functions, Google’s Firebase and Cobalt Strike.
Broadleaf-Inc. A&A Project Lead June 2018 (Current Position)
US Army CECOM Software Engineering Center, APG MD
Hired as the first employee to lead a newly awarded contract with Broadleaf doing Assessment & Authorization activities. Managed a $22M IDIQ as program manager and subject matter expert.
Develop and manage schedule, ensures deadlines are met, and provide technical guidance, mitigations and solutions for SECs SCA-V contracting team.
Establish process for conducting Assessment and Authorization efficiently and in accordance with Army TTP.
Buildup staff: interview, hire and mentor the appropriate staff while managing budget constraints and booking the amount of appropriate work.
Lead and establish the A&A project from the ground up following CMMI Level III company standard.
Prepare reports, risk assessment and recommendation for the system approving official as part of the Army’s RMF process.
Validate RVA with ISSOs to ensure Risk and Vulnerability Compliance and continuous monitoring using tools such as Nessus, Tenable, Qualys and Security Center using Symantec agents.
Accurately estimate and quote jobs based on system size and the complexity of the assessment.
Develop and update procedures, workflows, configurations guides, administration guides, and SOP’s, as required.
Develop and provide status reports and briefings as required.
Zermount RVA Project SME (Short term 1099-FT)
Library of Congress, Washington D.C.
Feb 2018 – July 2018 (Some overlap with next position)
Notable Achievement: Acted as the company SME questioned by a panel of experts to gain the HACS certification and independently won 3 categories to include Penetration Testing, Risk and Vulnerability Assessment/Continuous Monitoring
I was hired by Zermount to be the subject matter expert and help guide the RVA program at the Library of Congress. Ultimately, I left because once my administrative skill was discovered I was vectored into that and their contract only had 7 months to renewal. While there my duties included:
Conduct penetration tests of web applications, APIs and various other library products. Including Kiosks, Congress.gov, Copyright.gov
Perform red team activities to evaluate employee training and awareness. Analyze cyber threats by conducting engagements using TTPs and threats currently seen in the wild and assess SOC response/employee training efficacy.
Conduct penetration testing assuming the “insider threat” actor role.
Develop an in-house tool suite to be used in RVA/CM/SOC activities.
Implemented a federated identity solution with 2FA.
Manage 3 contractors in the SOC and stay informed/act as SME on Cyber Hunt/Response activities. Develop TTPs of the same.
Manage 5 penetration testers and act as manager for reporting/ROE development/scope definition and work closely with system ISSOs doing the same.
DoD Civilian DB-03(GS-14) IT Manager
EKMS Software Development July 2015-Feb 2018
Army Software Engineering Center, Aberdeen Proving Grounds, MD
Was promoted from Engineering Supervisor to IT Manager while still responsible for managing all technical aspects of the project. Supervised a team of 27 employees in diverse roles including: Cybersecurity, Sys Admin, Developers, Testers, CM, DBA.
Conduct and coordinate penetration testing to provide analysis and mitigate risk/harden systems.
Lead ATO effort implementing NIST/RMF/FISMA and DISA standards for cyber security.
Communicate status with high level stakeholders.
Defined and reviewed software requirements and oversaw development and testing in conjunction with respective leads.
Manage schedule, budget, WBS, Scrum/Kanban
AASKI Technology Engineering Supervisor
EKMS Software Development July 2015-Mar 2018
Army Software Engineering Center, Aberdeen Proving Grounds, MD
Awarded “On-The-Spot” from CEO for achievements.
As the Engineering Supervisor I was responsible for ensuring the EKMS project ran smoothly. The SME in charge of resolving technological challenges through collaboration or personal experience. I lead the cybersecurity efforts for the enclave leading a team of 4 security engineers/penetration testers.
Conduct and coordinate penetration testing to provide analysis and mitigate risk/harden systems.
Ensure the Risk and Vulnerability assessment program was running smoothly, and conduct penetration tests as needed to cover gaps in the attack surface that automated RVA scans may miss to include: Database penetration, Network penetration/escalation of privilege/HIDS & NIDS response/SIEM response and firewall efficacy. Smaller tests were conducted manually as white box tests to help harden critical machines against APT.
Booz Allen Hamilton R&D Project Engineer (Penetration Tester) Short Term Contract Jan – Aug 2015, Linthicum, MD
Hired by BAH to help develop a platform to showcase engineering capabilities and conduct R&D. Ultimately Booz decided to drop the project due to competition from larger competitors within the market vertical.
Engineered telecommunications solutions across a broad spectrum of applications.
Performed full spectrum of manual and automated penetration tests proving the FirstNet “bring your own device” concept on the platform secure.
Developed cyber security policy and conducted penetration testing/hardening of next gen system.
Worked with Satcom, engineered LTE networks and Software Defined Radio and microwave telecoms.
Performed path and link budget analysis.
Lead System Engineer for a mobile platform tying together Mobile devices, IoT, LTE, Mobile Radios serving video, data and voice with reach back for processing.
C2 Planning Solutions Network Engineer
6 Months – Ended Sept 2014 APG, MD
C4 Planning Solutions hired me because they had an immediate need for a Network Engineer (the previous had quit) to perform security hardening as well as configuration of a LAN located on APG. I was hired as part time due to still have some limited Active Duty Military obligations as well as school at the time.
Active Duty, US Air Force
Tactical RF Transmissions Supervisor/Combat Readiness School Instructor/Anti-Terrorism Level 2 Certified/Physical Security Expert
2004 - Sept 2014
Variety of CONUS and OCONUS Locations
During my time in the Air Force I worked on a variety of communications equipment. I’ve engineered systems to cover a wide variety of mission requirements in austere environments. I also maintained stateside data centers and communications. Conducted system hardening and physical, sigint, and cyber threat analysis and testing. Promoted well ahead of peers during my 10 years.
Liaison to US State Department organizations to enable cross platform communications.
Worked both stateside STEP/Teleport communications focal point operations as well as a variety of tactical RF applications including commercial applications.
Maintained and configured SONET and ATM technology as well as a variety of fiber optic links.
Led teams of junior communicators in the field where outside help was unavailable to accomplish the mission.
Built training plans and coordinated training.
Reverse engineered communications equipment to fit mission needs and ensure interoperability.
Managed $100+M worth of communications equipment and over 40 communications troops at a time.
SKILLS
Agile/Waterfall Project Management – Schedule/Budget Expert
Master’s Level Certificates in ITIL/PMP
Cybersecurity/Penetration Testing FISMA/RMF/DIACAP/NIST/FISCAM/PCI DSS
CISSP-Sec +
Offence: OSCP Materials purchased (Projected Sept 2019)
Tools: (Too many to list automated and manual testing) Nessus-Kali Linux-Immunity Canvas-HAK5 Tools (Bash Bunny/LAN Turtle)/Burp Suite/Metasploit/Cobalt Strike/dnscat2/p0wnedShell/Pupy Shell/PoshC2/MultiRelay.py (Better Responder)/NMap—many more
Offensive skills include: Intel Gathering/Initial Foothold/Persistence/Local Privilege Escalation/Local – Network Enumeration/Lateral Movement/Social Engineering(Hacking Humans)/Physical Security Expert
Cloud Architecture Design and Security Expert
PFSense/Forescout/Carbon Black and many more enterprise level tool integration/maintenance and design for RVA
Spunk Intermediate User/Snort/Bro/Suricada/ELK
Able to ensure and test compliance with most common industry standards
FISMA/RMF/DIACAP/NIST/FISCAM/PCI DSS
Amazon AWS/CloudOcean Design-Admin
DISA STIG/CIS Benchmark/RMF Compliance
Virtualization/Oracle VirtualBox/ESXi
Windows Server/Linux-Unix-Solaris System Administration
Networking-Network Optimization Riverbed/Solarwinds/Wireshark
Satellite Communications-15 years’ experience
Radio/Wideband/Microwave Comm Expert
Intermediate Programming Knowledge – Violent Python, Bash Scripting, VBA/VBS,
RF/Software Testing – Network analyzers, Fireberd 8000, Spectrum analyzers, digital signal analyzers, O-scope etc.
HIGHLIGHTS
Diversity of experience – Perfect for dynamic environments where a wide array of experience can lead to innovative solutions. Ideally in a Red Team environment.
Air Force Veteran (10 Years)
14-year proven Project Management track record with references available
Won awards as Engineering Supervisor and several notable awards while active duty
EDUCATION
Bachelor of Science, Business Administration Bellevue University
Master’s Certificate, IT Project Management (PMP) Villanova University
Master’s Certificate, IT Process Management (ITIL) Villanova University
OPM Emerging Leader Program Graduate, 4 lenses, conflict resolution and management style 2-week course
A.S., Information Systems Technology, Community College of the Air Force
Certified Information Systems Security Professional (CISSP), License 631037
Anti-Terrorism Level 2 Certified (Conducted Air Force base physical penetration tests requested by the commander and used social engineering skills to gain access to critical infrastructure/gain information)
Modern Army Combatives Instructor Lv 3
Combat Krav Maga Certification
Combat First Responder School
Security + CompTIA, License COMP001020784022
Lean Six Sigma Green Belt
DISA ACAS (Nessus) Certified
DISA IAM formerly IASO Certified
iDirect SATCOM Architect Certified
ViaSat Advanced UHF Course
US Army Satellite Communications Course (31S/25S): 1392 Hour Course
Contact this candidate