703-***-**** Veronica R. Warner ***********@*****.***
EDUCATION
Bachelor of Science in Information Technology with a specialization in Information Assurance and Security
Capella University
Master of Science in Information Assurance and Cybersecurity
Capella University (expected 2022)
CLEARANCE
TS/SSBI SCI
TECHNICAL SUMMARY
Certifications
Certified Information Systems Security Professional (CISSP)
Information Technology Infrastructure Library Foundation (ITIL) v3 Certified
CompTIA Project+
Microsoft Certified Systems Engineer (MCSE)
Microsoft Certified Professional plus Intranet (MCP+I)
Novell Netware 4x, 5x Certified Netware Engineer (CNE)
Novell Netware 4x, 5x Certified Netware Administrator (CNA)
Areas of Expertise
The Federal Risk and Authorization Management Program (FedRAMP)
Cybersecurity Intelligence Community Directive (ICD) 503
Department of Defense Information Assurance Certification and Accreditation Process (DIACAP)
Director of Central Intelligence Directive (DCID)6/3
Security Technical Implementation Guides (STIGs)
Department of Defense (DOD) and Intelligence Community (IC) Certification and Accreditation (C&A)
Cloud Computing/Virtualization Systems
Public Key Infrastructure (PKI), X.500/Lightweight Directory Access Protocol (LDAP) Directory Services
Management Reporting
Team building and mentoring
Process design and implementation
Requirements Analysis
Technical writing
Customer presentation
PROFESSIONAL EXPERIENCE
Mantis Security, Inc.
Information Systems Security Manager (ISSM), November 2020 - Present
Information Systems Security Manager (ISSM) responsible for information security and information assurance at the facility, to include site systems, hardware systems, information systems, personal electronic devices, information systems on multiple networks, and support to security incidents and events. As well as assisting the Regional ISSM in the oversight, inspection, review, and accreditation of Information Systems. Ensuring and validating hardware and software inventory process and procedures to oversee equipment and software entering and departing the data centers. Ensuring and validating backup and data restoration processes and procedures for customer managed systems and network. Performing media and laptop inspections and scans. Providing review and progress reports of all Plan of Action and Milestones (POA&Ms).
Northrop Grumman Information Systems September 2011 to November 2020
Sr. Principal Cyber Information Assurance Analyst June 2020 – Present
Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits. Assist in the implementation of the required government policy (i.e., NISPOM, DCID 6-3), makes recommendations on process tailoring, participate in and document process activities. Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports. Document the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M. Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed.
Sr. Principal Cyber Systems Administrator September 2019 – June 2020
Responsible for supporting a restricted customer’s classified networks by working in conjunction with the Systems Administration team and the Information Security (InfoSec) team to ensure the networks maintain Authorization to Operate (ATO.) Implementing automated processes to streamline operations which includes Windows Software Update Server (WSUS) as well as vCenter 6.7 update 3.
Manager of CAFÉ Data Center, October 2016 to September 2019
Responsible for managing the Independent Research and Development (IRAD) Cloud Architecture Framework Environment (CAFÉ) Data Center. CAFÉ supports non-production projects that require data management & analysis but do not have their own infrastructure readily available to provide evaluation test-beds for cloud research. Created and implemented Single Sign On environment, instituted a maintenance window schedule, reduced category I and II findings from 70% to 7%, and developed end-to-end documentation of all software and hardware. These activities provided and maintained stability of the entire development environment. These efforts reduced project deployment time from over one week to one day. Activities included: account provisioning, capturing usage metrics, patching hardware, software and firmware as well as authoring, updating and maintaining CAFÉ documentation of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) on a virtualized infrastructure. A significant additional responsibility was taking the lead on preparing the Northrop Grumman Information Systems Security Plan (ISSP) in response to an internal InfoSec inquiry. Interacted regularly with Dell, EMC, VMWare, CORAID for hardware and software purchasing and technical support. Interacted with Northrop Grumman Development Network (DevNet) Engineers as well as the Transformational Research, Integration and Demonstration (TRIAD) Network Team regarding router and firewall configuration.
Supervised a team of contractors who provide third party vendor support to for CAFÉ. Regularly interacted with all levels of Northrop Grumman internal customers, communicating with them in an effective manner regardless of their level of technical expertise. These efforts allow the CAFÉ Data Center to consistently provide quality support and customer service.
Cyber Systems Engineer, IdAM Team, February 2016 to October 2016
Supported a restricted customer as a member of an Identity and Access Management Team (IdAM) designing and implementing business rules based upon role-based access. A key project task was the installation of software in the Amazon Web Services (AWS) cloud environment and documenting the process in order to duplicate the effort in development, test and production AWS environments. Participated in daily scrum meetings to provide updates of JIRA tasks, and when required, overall team work status. Continued to support CAFÉ on a part-time basis.
Secondary Systems Engineer, CAFÉ Data Center, April 2014 – February 2016
Responsible for supporting Northrop Grumman’s Cloud Architecture, Framework, and Environment (CAFÉ) Data Center which provided enterprise application provisioning for sector-wide exploratory research. Assisted business development team by building proof of concept Active Directory environments for proposals.
Information Assurance Engineer, National Exploitation System (NEXSYS), February 2013 – April, 2014
Promoted to this position to support the Defense Intelligence Agency (DIA) implemented a patch management program in accordance with the Department of Defense Intelligence Information Systems (DoDIIS) and DOD Joint Security Implementation Guide (DJISG) and for the primary intent to mitigate potential risks to the integrity of all DIA environments. Responsible for updating System Security Authorization Agreement (SSAA) in accordance with DCID 6/3. A key area of responsibility was information serving as the Northrop Grumman (NG) representative at weekly and monthly NEXSYS Information Assurance joint contractor meetings and providing feedback to the NG program management team. Additionally, coordinated system scans with the ISSO, participated in internal information assurance audits, lead the risk management efforts, and coordinated with Northrop Grumman internal Information Assurance teams to facilitate corporate compliance to Information Assurance requirements on the development network.
Senior Systems Administrator, National Exploitation System (NEXSYS), December 2012 to February 2013
Supported software development efforts for the Defense Intelligence Agency (DIA). Responsibilities required work in both classified and unclassified Local Area Network (LAN) environments on client/server applications.
Senior Systems Engineer, Einstein 3 Program, Department of Homeland Security (DHS), September 2011 to December 2012
Built and documented the Microsoft Active Directory. Authored the Automated Test Plan (ATP) which was utilized for validation of the system prior to the Certification and Accreditation (C&A) process. Lead the vetting of the integrity of the documentation in a test lab environment prior to formal release of the system. These efforts included testing for network connectivity and PKI certificate enrollment and revocation. Assisted DHS C&A team by providing access to the systems during the accreditation process.
Hydra Technologies, Inc., June 2010 to September 2011
Principal Engineer
Responsible for providing hardware and software troubleshooting and third level support to local and remote customers with varied levels of technical knowledge, and effectively communicating appropriate information to resolve trouble tickets.
CACI-CMS Information Systems, Inc. 05/09 – 06/10
Senior Windows Systems Engineer
Responsible for support and coordination of a multidiscipline team comprised of database administrators, developers, software testers and networking team. Coordinated between CACI IT and Directorate of Information Management (DOIM) at Ft. Belvoir to resolve issues between firewalls which achieved successful connectivity to the Army Knowledge Management Online (AKO) test environment for testing Army Force Management System (FMS) single sign-on capability. Improved the documentation of all processes, mentored junior engineers, and effectively communicated technical issues to non-technical staff. A significant accomplishment was the development of a standard laptop imaging process that resulted in the reduction of the time to on-board new developers from two weeks to two hours.
Northrop Grumman Information Technologies, September 2007 to February 2009
Senior Infrastructure Engineer
Responsible for supporting the Next Generation ABIS (the DOD core biometric repository) development, test, and production environments. Assisted Information Assurance team via execution of DISA Gold Disks and manual procedures to apply patches and configuration changes required within the DIACAP Security Technical Implementation Guides (STIGs). A component of this work included documenting the process of installation and configuration of the biometric software components. Upon peer review this documentation was deemed the standard format for all other system documentation on the project. Responsible for coordinating with software developers, test team, configuration management team, Quality Assurance (QA) Manager.
Hydra Technologies, Inc., February 2002 to September 2007
Principal Engineer
Performed and provided customers’ requirements analysis and recommendations that addressed unique business needs. Responsible for providing hardware and software troubleshooting and third level support to local and remote customers with varied levels of technical knowledge and effectively communicated appropriate information to promptly resolve issues.
CMS Information Services, July 2001 to February 2002
Senior Systems Engineer
Directly supervised junior engineers and coordinated with multiple technical team leads at the Ballistic Missile Defense Organization (BMDO). Prioritized technical tasks and coordinated between the program’s CMS management and team and the COTR regarding requirements analyses, test plans, documentation of test results, and technical recommendations.
Northrop Grumman Information Technologies, November 1998 to July 2001
Senior Systems Engineer, Global Combat Support System (GCSS), Defense Information Systems Agency (DISA)
Installed, tested and evaluated Netscape Directory Suite and Microsoft Active Directory Supported directory services Private Key Infrastructure. Author of Chapter Three of GCSS Infrastructure Plan.
As Project Manager on the Naval District Washington (NDW) CyberDeck II Intranet Portal Enhancement Project, led the requirements analysis team that met with multiple executive/command level members of the departments within NDW to determine requirements for an intranet that would be accessible from multiple sites.
Provided engineering analysis and implementation for the VisionWeb intranet hardware and software systems for the U.S. Army PM Night Vision.
Supported the DISA D2 Directorate as a Netware 4.x and 5.x C2 subject matter expert and authored the first Novell Netware Security Technical Implementation Guide (STIG).
As Manager of the Logicon Center for Advanced Technologies (development and test facility), responsible for process definition, operations, configuration management, security compliance, and documentation for all aspects of this facility. Responsible for regularly meeting with developers and engineers to coordinate test and development resources.
Timeplex Federal Systems, May 1997 to October 1998
Regional Systems Manager
Responsible for requirement analysis, as well as network and system design, implementation and support, to include the wide area circuits between regions, and also all infrastructure maintenance.
Home Buyer Publications, July 1996 to May, 1997
Manager of Information Systems
Responsible for all aspects of network and system design, implementation and support. Evaluated and streamlined systems usage and security procedures seeking to optimize capabilities of the environment, which resulted in a major operating system and email application migration from Novell Netware 4x to Microsoft Windows NT 4.0. Additionally, performed a requirements analysis between Lotus cc: mail, Groupwise and Microsoft Exchange and implemented Exchange 5.0.
SETA Corporation, December 1994 to July 1996
Corporate Systems Administrator
Responsible for all aspects of network and system design, implementation and support. Duties included system administration, management, monitoring, maintenance, backup, and troubleshooting of servers in an Ethernet twisted pair 10BT environment.