Cloud Security Architect
Resume:
LINKEDIN PROFILE
www.linkedin.com/in/victor-zebron-794b09b5/
EDUCATION
B.S. Information Systems/Computer Security, Strayer University, Washington DC 2012
A.A. Information Systems, Strayer University, Washington DC, 2010
Primary Leadership Development Course, Grafenwoehr, Germany, July-August 2000
U.S. ARMY Information Systems Operator Analyst School Fort Gordon, GA 1998-1999
SUMMARY OF QUALIFICATIONS:
Currently hold a Public Trust Clearance and possess 20+ years of solid experience in the following:
·Security engineering and architecture, networking, system and security administration/management utilizing resources such as the Cyber Security Assessment & Management tool (CSAM), Amazon Web Services, PEGA, Microsoft Azure DevOps, JIRA, Trusted Agent FISMA (TAF), Drupal, Fortify, Nesus, SCUBA, Zenoss, Windows 95, 98, NT, 2000, 2003, 2008 XP, Windows 7, Exchange 5.5, Active Directory, LDAP, Falcon, Archer, Heat, Remedy, Magic, Dos, Norton Anti-Virus, McAfee, Norton Ghost, Cisco Meeting Place, RSA Secure ID, Emergin Wireless Office (J-Page), Checkpoint Firewall, NetScreen Firewall,Symantec/McAfee Intrusion Detection System, Websense, Securify, Linux, Unix, LAMP Stack for Platform as a Service, Eucalyptus, BMC/CLM, VMware/vCAC and Unix.
·Experience in contract oversight management.
·Advanced education and professional development with AWS CSA, CCSK, ITIL, Security+, Network+ and A+ Certifications and various System/Network and IT Security training.
·Proven analytic abilities with attention to detail and ability to work effectively in high stress, fast-paced, combat and financial environments.
May 2018 – Present
Beacon Hill Staffing Washington, DC / IBSS Corporation Silver Spring, MD
Cloud Security Architect / Security Engineer for Department of Justice (DOJ) Office of Justice Programs (OJP) Justice Grants IT Solution (JGITS)
Assist the Department of Justice (DOJ) Office of Justice Programs (OJP) Justice Grants IT Solution (JGITS) in obtaining and maintaining their Authority to Operate (ATO) for systems which fall under the JGITS initiative.
Provide security support analysis and work with C-level government officials in recommending solutions and technology for the JGITS innovation and migration initiative.
Identify and document information system security requirements as part of the system development lifecycle process.
Act as a security engineering representative for agile project teams developing JGITS systems and JGITS related systems (PEGA, Acquia, Socrata).
Assign, develop and input program increments/agile related security user stories for JGITS related systems into JIRA and Microsoft Azure DevOps.
Worked exclusively with Agile developer delivery teams to interpret agile security related user stories for sprints and program increments to establish/insert DevSecOps and security as code.
Ensure new information systems are designed and developed with appropriate security controls and automation tooling from the cloud service providers software features are included in the divisions developing CI/CD pipeline.
Validate the effective implementation of NIST/FedRAMP/FISCAM and A-123 security controls.
Provide security-related subject matter expertise for IaaS, PaaS and SaaS cloud service models.
Coordinate with outside agency IT security staff for joint level projects that interact with the JGITS initiative.
Assist in evaluating and assessing viable IT security software to enhance the effectiveness of the JGITS security boundary.
Provide recommendations for security solutions to implement controls related to NIST/FedRAMP control families.
Mar 2015 – February 2018
Knowledge Analytics Incorporated (KAI), Rockville, MD
Director of Cyber Architecture & Engineering for Knowledge Analytics Incorporated
Sr. Cloud Security Architect / Information Security Engineer – Federal Aviation Administration (FAA)
·Assisted FAA Federal Cloud Services (FCS) in obtaining its Authority to Operate (ATO) for Infrastructure as a Service (IaaS) for the FAA Federal Cloud Services Program.
·Conduct cloud security evaluations/assessments and Plan of Action and Milestone (POA&M) remediation’s for the FAA Federal Cloud Services Security Office utilizing Office of Management and Budget (OMB), The Federal Information Security Management Act (FISMA), The National Institute of Standards and Technology (NIST), and The Federal Risk and Authorization Management Program (FedRAMP) laws, policies, standards and regulations for Amazon Web Services (AWS) Cloud/GovCloud instantiated environments.
·Perform senior advisory duties for cloud security implementation and integration across multiple cloud deployment models.
·Provide AWS best practice and overall strategy guidance recommendations for cloud security approaches tailored to the FCS project.
·Assist the FCS Security Office with the appropriate use of FedRAMP and NIST controls for multiple FCS hosting environments that comprise the FCS multi-tier Cloud Ecosystem.
·Develop documentation addressing risk, threat models, mitigations, security control comparisons, best practice security architectures, security requirements, security metrics delivery evaluations and suggested courses of action.
·Collaborate with FCS enterprise/operations management on security management approaches within the AWS cloud and migration strategy for cloud service offerings.
·Prepare and conduct cloud and security related briefings to the FCS security office.
·Coordinate integration activities, control responsibilities, and cloud lifecycle management requirements with the FCS selected cloud broker (CSRA).
·Provide NIST technical control assistance, recommendations and reviews of Plan of Action and Milestones (POA&M’s) to the FAA’s Security Assessment Group.
·Provide strategic guidance to Knowledge Analytics Incorporated regarding division and contract expansion.
·Consult and advise C-Level Executives in regards to governance, business logic, compliance standards and overall risk regarding security and operations in the cloud.
Aug 2012 – November 2014
Kelco Computing Solutions, Washington, DC
Cloud Security Architect / Subject Matter Expert –NASA-Goddard Space Flight Center
·Perform security assessments for NASA-Goddard Private Cloud environments.
·Advise and direct NASA-Goddard Cloud Innovations Team on solutions for best security practices and FedRAMP security control requirements.
·Assess multiple vendor security solutions for interjection into Private Cloud Proof of Concepts.
·Assist in drafting Private Cloud innovations to operations roadmap.
·Perform Security Gap Analysis for Cloud Suites under Proof of Concept evaluation such as Eucalyptus, Open Stack, BMC/CLM and VMware vCAC.
·Assist in overall project schedules and timelines for Proof of Concept evaluations.
·Prepare NASA-Goddard’s operational environment for FedRAMP Certification and Accreditation to become the Governments First Agency Cloud Service Provider.
·Integrate NASA’s WorldWind project into a Cloud service offering.
·Assist in establishing organization resources required for PaaS and SaaS offerings.
·Inform and advise senior staff on current security posture for innovations projects concerning cloud solutions and technology.
Jul 2011 – August 2012
Creative Computing Solutions, Inc (CCSi), Rockville, MD
Senior IT Security Engineer and Information System Security Officer-Department of Homeland Security (DHS)
Information System Security Officer for all DHS Headquarters public cloud systems.
Information System Security Officer for Web Content Management as a Service and Platform as a service.
Drafted the first Risk Assessment for Infrastructure as a Service for DHS.
Utilize FedRamp guidance to establish key security controls for Platform as a Service for the DHS Public Cloud offering and a common controls catalog for tenants inheriting Infrastructure as a Service, Platform as a Service, and Web Content Management as Service.
Drafted the first security authorization package for Web Content Management as a Service/ Platform as a Service for DHS.
Drafted the first security authorization package for hosted tenants utilizing the DHS Public Cloud for Infrastructure as a Service.
Defined Key Security Controls for Platform as a Service and Web Content Management as a Service in the DHS Public Cloud utilizing FedRAMP/ National Institute of Standards and Technology (NIST) security controls and guidance.
Assist in the development of concepts of Risk Acceptance for DHS Cloud hosted systems versus traditional approvals for an Authority to Operate for the Authorizing Official.
Develop an on boarding process for Web Content Management as a Service tenant.
Educate and assist tenant organizations in cloud security concepts and formulation of security packages with the intent of risk acceptance.
Scan, assess and approve Linux hosted Drupal code builds/ module add-ons for hosting into the DHS Public Cloud environment.
Develop Drupal Module Vetting Process for DHS.
Determine security requirements of the LAMP Stack by analyzing purposed systems and applications to be used for WCMaaS
Develop and prepare guidance for security control inheritance and responsibilities for Platform as a Service, Web Content Management as a Service and hosted DHS Public Cloud tenants.
Generate and deliver C-Level presentations describing the DHS Public Cloud environment addressing multi-tenancy, FedRamp implementation, Infrastructure as a Service, Platform as a Service and Software as a service.
Ensure all assigned traditional Federal Information Security Management Act (FISMA) systems are accredited based upon NIST SP 800-53 guidance and accredited using NIST SP 800-53A and DHS 4300A criteria.
Manage different components for FISMA compliance identifying security requirements, risks and milestones while serving as technology advisor.
Resolve and manage Plan of Action and Milestones (POA&Ms) for each system residing in Trusted Agent FISMA (TAF).
Support Secure Test and Evaluation (ST&E) and resolution of security findings.
Continuous monitoring of security controls pursuant to Security Plans (SPs.)
Implement system patches identified by the DHS Security Operations Center and work with patching team to baseline scans and identify ISVMs.
Review System Security Plan (SSP), Risk Assessment, Privacy Impact Analysis (PIA) and POA&M for and provided analysis to determine compliance.
Execute corrective or protective measures for identified security incidents or problems.
Perform Bi-weekly reviews of Domain Controller Logs, Linux based local logs and audit trails of each system to ensure appropriate use each of system in accordance with DHS policy.
Work with known system and application vulnerabilities to determine if enhanced safeguards are required for mitigations in the system environment.
Jan 2009 – July 2011
Science Applications International Corporation, Columbia, MD
Information Assurance Analyst for the National Oceanic & Atmospheric Administration (NOAA) contract
·Assessed and conducted the annual update of the National Oceanic & Atmospheric Administration (NOAA) Common Security controls per FISMA, NIST, and Department of Commerce (DOC) policy and procedures.
·Managed and coordinated POA&Ms in CSAM database and provide subject matter expert consulting to the Office of Marine & Aviation Operations (OMAO) for the internal IT Security process and procedures to include, POA&M mitigation, IT Security artifact recovery, Certification and Accreditation (C&A) compliance according NIST, vulnerability assessments, and documentation preparation, review, and establishment throughout the organization.
·Participated in C&A and Continuous Monitoring assessments as a document assessor for IT Security control testing according to NIST publication standards.
·Ensured the organization’s officers and contractors were properly aware of CSAM uses and capabilities and trained staff in practical use of the CSAM Database.
Oct 2007 – June 2008
Information Technology Center, Old Bridge, NJ
Information Security Operations Analyst for Morgan Stanley’s Security Threat Assessment and Response Team (STAR) managing the security of 75 network devices.
·Managed and maintained content filtering of company policies with regards to internet usage and electronic communication.
·Leveraged Intrusion Detection System and Proxy management through Websense and Bluecoat systems.
·Managed communication and technical aspects of security incidents.
·Conducted Initial security reviews of 3rd party software to evaluate risk of use for firm distribution.
·Investigated usage of unauthorized applications on Firm desktops and laptops according to Morgan Stanley software policies.
·Monitored security alerts for escalation of items such as Sybase failed login attempts and unauthorized password resets.
·Monitored vulnerability alerts through the use of Secunia, Windows, and Cisco reporting devices (to include IDS and Web Proxy) and research known vulnerabilities and exploits to versions of operating system and application software used within Morgan Stanley.
·Assessed security posture penetration and vulnerability testing of internal and external infrastructure.
·Conducted anti-spyware scanning for periodic spyware scans and remediation across the Windows environment.
Dec 2006 - Oct 2007
Trawick & Associates, Bethesda, MD
Information Security Manager / Team Lead for the National Navy Medical Center
NetScreen Firewall Administrator supervising 2 Firewall/Network Administrators.
Managed, update and maintain firewall VPN's and Policies for over 5,000 users.
Tier 3 Firewall/Network support for Navy Medical Center and its 16 supporting outer clinics.
Daily monitoring and maintenance of McAfee Intrusion Detection System for internal and external security awareness.
Monitor and report all hacking attempts and brute force attacks on the Navy Medical Center Network.
Pre-configured, updated and maintained various network monitoring tools and logging systems for Information security compliance i.e. Securify, IDS, Samba, Nesus, Fedora logserver.
Oct 2005 - Oct 2006
Lockheed Martin, Tysons Corner, VA (Bagram Afghanistan)
Senior Systems Analyst / Information Management Officer for the Army Material Command, Bagram Afghanistan
Troubleshoot and repaired server/desktop hardware and software.
Approved user access to the local network.
Advised the Army Material Command of DOD Implementations, Policies and Procedures.
Enforce IAVA and IT Security Policies throughout the AMC Battalion servicing over 350 users.
Aug 2004 - Sept 2005
SETA Corporation, McLean, VA
Network / System and Assistant Firewall Administrator for Defense Threat Reduction Agency Operation Center
·Maintained Operation Center Operations Support Network (OSN) by administering, configuring, migrating, installing and maintaining Check Point and Unix Sidewinder Firewall, Windows 2000/2003 servers, Alert Paging, and Secure ID server applications.
·Responsible for replacing life cycle legacy hardware and software to new generation operation system standards.
·Maintained IAVA, Virus, and system security standards.
·Provided first line IT support to Operations Center Staff.
MILITARY EXPERIENCE - United States Army
2002-2004 System Administrator 1st Information Operation Command, Fort Belvoir, VA
·Windows System Administrator for over 600 customers.
·Sr. Help desk technician and hardware recovery/repair specialist completing over 600 Customer Service Center trouble tickets in a six month time frame.
·Trained incoming Customer Service Center personnel to accomplish a critical server restructuring move which minimized downtime by 20%.
·Migrated 64 user workstations during migration from ATM to Cisco equipment.
·Administered, troubleshoot, and corrected Windows NT, 2000, and XP network and desktop configurations conflicts
·Troubleshoot and repaired server/desktop hardware and software.
·Created and maintained e-mail accounts on MS Exchange 5.5 Server.
·Maintained Windows, NT and 2000 servers.
·Maintained specialized government user software.
·Baselined and upgraded Windows 2000 systems and network.
·Configured and installed fiber optic and Cat 5 cables.
Jun 2003-Dec 2003 Afghanistan
Sr. System Administrator for Maneuver Control System-Light
·Self-taught subject matter expert in the use of the Maneuver Control System-Light software for Win 2k servers and clients.
·Conducted training for Windows 2000 end users and administrators on the use of MCS-Light throughout all participating subordinate organizations within Afghanistan.
·Lead desktop support technician for an emergency repair team that replaced a failed domain controller working 30 hour shifts in a 72 hour time frame which resulted in restoration of daily network operations.
·Sr. hardware repair specialist and advisor to the 10th Mountain Division Automation helpdesk.
2001-2002 Pentagon
Assistant Network Project Manager ODIT&C
·Assisted, managed the transition, and accountability of network devices supporting company divisions and agencies operating within the National Capital Region valued at over $7.9 million.
·Enforced procedures to provide government oversight of a network contract valued at over $37 million per year.
·Assisted with the development of detailed contract monitoring procedures that were adopted by similar sections inside the Pentagon.
·Led a five man Army cabling team in support of network restoration operations after the 9/11 attacks on the Pentagon.
·Supervised and accounted for five personnel during multiple shifts averaging over 90 hours per week during network restoration activities.
·Resourced over 20 technicians to maintain over 1700 network devices supporting over 23,000 users in the National Capital Region.
1999-2001 Germany
Jr. Computer Analyst/ Helpdesk Technician
Maintained and implemented computer helpdesk support for over 400 users.
Provided support for network connectivity for over 150 users.
Maintained and configured hardware/software components for Windows 95, 98 and NT workstations.
Tactical communications chief in charge of 2 personnel for Operation Task Force Falcon Landing in support of Kosovo Forces rotations.
Advanced Individual Training Enlisted Cadet/Student Information Systems Operator Analyst School Fort Gordon, GA 1998-1999
Training in strict military environment on basic computer operation for Dos, NT, 95 and 98 workstations, Microsoft Office suite training, basic PC repair, basic operation and troubleshooting analysis of Windows and Unix based Servers workstations and networks, basic understanding of Local, Wide, and Tactical networks, basic configuration of Cisco switches and routers and user/administrator training in the Defense Messaging System.
CERTIFICATIONS
CompTia Certified A+ Hardware Technician October 2001
CompTia Certified Network + Technician September 2002
CompTia Certified Security + Professional December 2010
Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK) July 2017
AWS Certified Solutions Architect – Associate October 2017
ITIL Foundation V4 May 2019
Accreditations
Amazon Web Services Business Professional January 2017
Amazon Web Services Technical Professional May 2017
Technical Training and Abilities
1999-2000, ARIS
Administering Windows NT 4.0
Supporting Windows NT 4.0 Core Technologies
Internetworking TCP/IP
Secure Web Access Using Proxy
Creating and Configuring Web Sever Using IIS
FrontPage 2000
April 1999, U.S. Army Training
Global Command and Control System, Army User Training Course
September- October 2001, Global Knowledge
Internetworking with TCP/IP
A+ PC Technical Boot Camp
September 2002, Wave Technologies
Network + Boot Camp
2002-2004, New Horizons+
Interconnecting Cisco Network Devices (ICND)
Supporting Users Running the Microsoft XP Operating System
Supporting Users Running Applications on Microsoft Windows XP
December 2006, Dynamic Worldwide Training Consultants (DWWTC)
Implementing NetScreen Security Gateways (INSG)
January 2010- June 2010, SANS Institute On Demand Computer Based Training
Management 414 SANS® +S™ Training Program for the CISSP® Certification Exam
February 2017,Amazon Web Service Partner Network (APN) Portal
AWS Business Professional
March 2017, APN Portal
AWS Business Professional
AWS Technical Professional
COMPUTER SKILLS
Software
CSAM, NESUS, Ethereal, Windows NT Server, Windows 2000/2003 server, UNIX, Windows NT 4.0, MS Office Suite, MS Exchange, Microsoft WINS, Microsoft DHCP Windows 95, 98, NT, 2000, Windows XP, Norton AV, McAfee AV, Cisco Meeting Place, RSA Secure ID, Emergin Wireless Office (J-Page), Microsoft Outlook, Falcon HelpDesk, Archer HelpDesk, Heat Helpdesk, Magic Helpdesk, Norton Ghost Cast Server, Symantec Ghost, Remedy Helpdesk, Checkpoint Firewall, NetScreen Firewall, Blue Coat Proxy, Websense Proxy, Intrusion Detection System (IDS), and Securify Enterprise Manager, PEGA Cloud Platform, JIRA, Microsoft Azure Devops
Hardware
Cisco Router and Switches, Hubs, Nortel Alteon Switch, Network Interface Cards, Hard Drives, HP/Cannon Printers, CD ROM (Readers and writers), Memory, Palm Pilots (various versions), Dell/ Hp and Compaq Servers/workstations and Laptops, Panasonic Laptops, Fiber Optic & CAT 5 Termination kits, RSA Secure ID Tokens, Juniper NetScreen Firewalls/VPN's, Securify Servers, and Various Networking tools
MISCELLANEOUS
Member of the National Society of College Scholars
Member of the Information Systems Security Association (3142947)
REFERENCES
L. Hendricks
Chief Information Security Officer
Michel Landry
Sr. Security Engineer
Contact this candidate