Security Analyst Information Officer
Resume:
JEFFREY A. MILLER
APO AE *****
Italy Cell: +39-388-***-****
Alt Cell: +1-703-***-****
Email: adnh2m@r.postjobfree.com
PROFESSIONAL SUMMARY:
U.S. Air Force (Retired)
Clearance: Top Secret (SCI)
NQV Level II (NQV-I-01066) Expired Jun 2021
ISACA Certified Information Security Manager (2158906)
CompTIA Security+ CE, Certificate (COMP001020822417)
BS Military Intelligence, Excelsior College
AAS Transportation Management, Community College of the Air Force
AAS Communications Applications Technology, Community College of the Air Force
Global Information Assurance Certification (GIAC); Senior Leadership Certificate (GSLC1828) Expired
Six Sigma
Business Administration Certificate (30 semester hours), Central Texas College
Certificate, Security Leadership Essentials for Managers, SANS Institute, Jul 2007
PROFESSIONAL EXPERIENCE:
August 2020 – Present Information Security Analyst Advisor, GDIT, Vicenza, Italy
-Oversees/manages 509th Signal Battalion, Cyber Security Division (CSD) Tenant Security Plan (TSP) processes; ensuring 20+ tenant units utilizing the 509th network remain compliant with cyber security and Risk Management Framework (RMF) mandates, directives, and regulations in-order-to continue operating on the network.
-Advises USAREUR-AF units in Information Security and Cybersecurity.
-Monitors USAREUR-AF units cybersecurity management plans to ensure compliance to maintain ATO.
-Makes periodic technical evaluation visits of C4I systems located throughout USAREUR-AF, noting discrepancies, and recommending corrective actions.
-Assists units in determining system hardware components and configuration as well as software required to meet operational requirements.
-Recommend equipment acquisition or replacement.
May 2020 – August 2020 Security Specialist IV, Peregrine Technical Solutions, North Charleston, SC
-Provide Security Assessment Testing support to Naval Information Warfare Center (NIWC).
-Provides client support with Defense Information Assurance Certification & Accreditation Process (DIACAP), Certification & Accreditation (C&A) activities, and migration to RMF Assessment & Authorization (A&A) environment.
-Responsible for initiation and preparation of A&A RMF packages, ensuring C&A and A&A packages are maintained in a compliant status while verifying and validating that C&A and A&A package requirements.
-Review configuration modifications are performed and tested.
December 2019 – April 2020 Sr. Cybersecurity Analyst, RMF Validator, TIAG, North Charleston, SC
-Provided support to NIWC and the Commander, Navy Installations Command (CNIC).
-Supported CNIC N64 Validation Security Assessment Testing.
-Provided client support through DIACAP, C&A activities, and migration to RMF A& A environment.
-Responsible for initiation and preparation of A&A RMF packages. Ensured C&A and A&A packages are maintained in a compliant status while verifying and validating that package requirements and configuration modifications are performed and tested.
-Responsible for conducting Risk Assessment (RA) activities in support of the CNIC customer (Validation Security Assessment Testing, System Risk Documentation, System Audits, Security Hardware and Software Testing).
-Performed Validation Security Assessment testing at the enterprise and system level and assess and document risks in accordance with DoD and Navy policy and guidance.
-Responsible for creating and providing all RMF appropriate artifacts and documentation necessary to plan and execute a thorough test of systems, document the system risks and report on the identified risks as necessary.
-Actively work with the designated IPTM ISSM to provide final Security Assessment support and guidance.
-Conducted periodic auditing of RMF artifacts to ensure proper adherence to DoD instruction, Navy requirements, and the NIST Special Publication 800 series standards and industry best practices.
-Worked to enhance the overall quality of RMF packages for the purpose of receiving an ATO from the Navy Authorizing Official (AO) or Authorizing Official Designated Representative (AODR).
-Engaged with the system ISSE and ISSE support staff throughout the RMF process.
-Responsible for validation events for CNIC systems (Approximately 68 currently active systems in various steps of the RMF process).
-Exercise strong customer service and excellent communication skills in a fast paced environment.
October 2019 – December 2019 Cybersecurity RMF Validator/Assessor, KBR, North Charleston, SC
-CNIC contract ended with KBR. Offered/accepted position with new company, TIAG.
-Provided Cybersecurity support for Commander, Navy Installations Command (CNIC).
-Performed Navy Assessment & Authorization (A&A) supporting Authorization to Operate (ATO) and Authorization to Connect (ATC) certifications.
-Verified security standards and compliance requirements, processes, and documentation for information systems, and enclaves.
-Conducted and document security test and provide evaluation of RMF control security posture.
-Generated cybersecurity A&A strategy, boundary diagrams, A&A packages, and supporting documentation.
-Conducted risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs.
-Updated CNIC Cybersecurity Task Assessment Repository (CSTAR) RMF progress status weekly including "System Effort" section maintaining project schedule plan.
-Advised stakeholders of system RMF progress and required actions.
-Updated the Enterprise Mission Assurance Support Service (eMASS) Navy database
-Applied Security Technical and Implementation Guide (STIGs), Information Assurance Vulnerability Alerts, Bulletins, and Technical (IAV-A/B/T) and report compliance.
-Reviewed generated vulnerability reports in support of cybersecurity risk assessments and mitigations.
-Provided RMF Subject Matter Expert (SME) assistance to the Cybersecurity Work Force (CSWF).
-Assigned as interim ISSO/ISSE for a system when position became empty due to ISSE resigning and waiting for a new hire to replace previous ISSO/ISSE.
-Verified system compliance of NIST 800 series policies & Guidance, NIST Federal Information Processing Standards (FIPS), and, Department of Defense Instructions (DoDI).
-Utilized RMF implementation tools including STIGViewer, Assured Compliance Assessment Solution (ACAS), Vulnerability Re Host Based Security System (HBSS) mediation, Asset Manager (VRAM) and Security Content Automation Protocol (SCAP).
June 2018 – October 2019 Cybersecurity RMF Assessor, Chipton-Ross, CNIC N64, North Charleston, SC
-Consultant to KBR Cybersecurity contract supporting Commander, Navy Installations Command (CNIC).
-Performed all tasks in positions above, June 2018 – April 2020.
January 2018 – April 2018 Senior Cybersecurity Project Manager, Grove Resource Solutions, Inc. (GRSi), SPAWAR, North Charleston, SC
Provided functional project and personnel management to GRSi employees providing cyber security support to Space and Naval Warfare Systems Command (SPAWAR), Battlespace Awareness and Information Operations Program Office (PMW 120) for the Distributed Common Ground System - Navy (DCGS-N) and Cryptological Carry-On Program (CCOP) programs at both the GENSER and SCI levels.
December 2016 – November 2017 IT Program Manager, Web Applications (Web Apps), Delivery Management, US Dept. of Treasury, Internal Revenue Service (IRS), New Carrollton, MD
- Planned, coordinated and managed assigned tasks supporting the Web Apps Program operating as a “prime integrator” across Web Apps Business and Delivery Partners to deliver web-based applications using Agile Methodologies.
- Enterprise Life Cycle (ELC) artifact coordinator; ensured documentation related to 9 week deployment cycles are updated and prepared for required reviews and signatures with Web Apps’ cross-organizational partners for Milestone Exit Review (MER).
- Coordinated and facilitated the Program development/test teams and the Process Owners of the Computer Operator Handbook (COH) and 508 Accessibility documents on document updates for system deployments and to define a schedule and alternatives for meeting document requirements while supporting document reconstruction to reflect changes to the system and infrastructure.
- Evaluated initiatives to ensure compliance with IT and corporate policies and procedures. Negotiated with Enterprise Operations (EOps) to execute the expedited Bundled Document Review (BDR) process for signature approvals of the COH beginning with Program Increment 10 in August 2017 and future system deployments.
August 2015 – December 2016 Project Manager, ReMilNet LLC, Marine Corps Logistics Base, Albany, GA
Managed, lead two contract personnel supporting Marine Corps Systems Command (MARCORSYSCOM), Global Combat Support System –Marine Corps (GCSS-MC) Logistics Information Systems (LIS) Program Management Office Product Manager (PdM) and Project Managers (PjM) team. Primary roles and responsibilities:
- Assisted PjMs in concurrent projects for LIS system/software development life cycle (SDLC) management events/timelines, forecasts/track progress, schedule performance parameters, and costs to effectively manage project.
- Ensured compliance with directives to meet user deliverable requirements on schedule to include short/long term strategic and operational support planning. Recommended a formal management methodology such as Agile should be instituted to better manage processes.
- Developed analytic assessments in accordance with published project plans (e.g. integrated master plans and schedules) within the command directed assignments.
- Monitored Investment Review Boards (IRB) approved budget spending plan and Capital Planning and Investment Control (CPIC).
- Provided monthly deliverables, prepare high-quality written documents, such as project charters/plans/schedules, risk management plans, cost benefit/cost analysis, interface connectivity documents, operational analysis, acquisition plans, post-implementation reviews, reports, etc.
September 2014 – August 2015 Cybersecurity -- Information Assurance Analyst (ISSO), Smartronix, Inc., Marine Corps Logistics Base, Albany, GA
- Provided technical and policy guidance to GCSS-MC LIS and Department of Defense (DoD) programs regarding system information assurance and cyber defense.
- Researched and provided recommendations to the GCSS-MC LIS Information Systems Security Manager (ISSM) to resolve vulnerabilities or mitigations that involve security problem sets where guidelines are nonexistent or conflicting with DIACAP, NIST, FISMA, STIG Reviews, and C&A processes and guidance.
- Prepared documentation, staff papers and policy reviews for operational integration. Prepare accreditation packages for ISSM to present to the Approving Official (AO)/Chief Information Officer (CIO) in a system’s Approval to Operate (ATO) determination.
- Prepared current and archive DIACAP data/documents for transition from Xacta to Marine Corps Certification and Accreditation Tool (MCCAST) for RMF and NIST 800-53 compliance standards.
August 2011 – September 2014 Deputy Program Manager and Lead Project Manager/Sr. Multi-Functional System Analyst, Lockheed-Martin, Arlington, VA
Deputy Program Manager – oversaw operations of the Joint Improvised Explosive Device Defeat Organization (JIEDDO) Knowledge and Information Fusion Exchange (JKnIFE) SharePoint 2010 (SP2010) collaboration portal. Primary roles and responsibilities:
- Advised management and analyst personnel of corrective actions needed to maintain cost, schedule and performance parameters set by the command; coordinating with all levels of staff members and management to facilitate day-to-day financial and administrative requirements.
- Participated in business management decisions and processes for JKnIFE task; included budgeting, manning, interviews, employee assessments.
- Reviewed, consulted and wrote sections for contract bid (request for proposal (RFP)) submissions.
- Assisted senior management in negotiating difficult or controversial issues with other parties.
As Lead Project Manager - led team of 21 personnel; content managers/analyst, SP2010 software developers, and IT experts in the redesign and reengineering of the JKnIFE site to focus on Counter Improvised Explosive Devise (C-IED) training.
- Gathered business requirements through customer interviews and feedback on user interface, recommended and implemented changes, and coordinated system testing to ensure improvements met customer requirements.
- Evaluated client initiatives to ensure compliance with IT and corporate policies and procedures.
- Developed project plans, set priorities and deadlines for completion of work, distribute tasks among team members based on skills set, priorities and deadlines. Primarily used Agile methodology; would use other methodologies or a hybrid process depending on the requirements.
- Designed analytical studies of systemic and project related issues and activities to assess the efficiency and/or effectiveness of project implementation.
- Identified ways to resolve or address issues which directly affect the accomplishment of principal program/organizational goals and objectives based on collected metrics.
- Redesign focused on functionality enhancements transitioning from SP2007 emphasizing improved user interfaces incorporated into SP2010.
- JKnIFE’s user feedback during Initial Operational Capability (IOC) was very positive with high praises for the capabilities of the redesigned site. A third-party company evaluated and rated the site with user’s response at a high satisfaction rating.
- JKnIFE team leveraged unclassified and classified automation systems and databases from National, Joint, Foreign Military Intelligence Communities and Federal Law Enforcement agencies.
April 2010 – August 2011 Team Lead/Sr. All-Source Intelligence Subject Matter Expert (SME), Lockheed-Martin., Arlington, VA
Advised and supported JIEDDO efforts to mitigate global IED incidents. Performed as insurgent and IED network SME to the International Security Assistance Forces (ISAF) Joint Command (IJC) Commander, Kabul, Afghanistan while assigned to the Counter-IED (C-IED) Branch. Primary roles and responsibilities:
- Researched and prepared briefings for IJC and ISAF Commanders; portions used by General Petraeus to brief President Obama for his strategy plan in Afghanistan.
- Appointed Team Lead of 6-12 multi-INT analyst to perform research, data mining, analysis, evaluate correctness and accuracy of source data, data set and knowledge management to assist in positively identifying individuals as potential target sets.
- Established methodology and long-range plans to satisfy intelligence problems related to the JIEDDO mission.
- Knowledge of collection management and all-source intelligence processes from tactical to national level.
- Applied extensive knowledge of intelligence, data-set management, threat analysis, and forecasting methodologies analyzing intelligence information, assess developments, trends, and threat implications within critical geographical and functional areas.
- Leveraged knowledge of joint military, federal law enforcement, and Foreign Coalition Intelligence agencies Automated Information Systems (AIS) and databases to develop intelligence assessments.
- Assisted/advised software development team with programs and tools to improve intelligence user interfaces to access data sources; led to development of a command wide data repository tracking information on criminal entities.
- * Awarded Lockheed-Martin’s prestigious Annual Celebration of Excellence Innovator of the Year 2010, for developing a web-based SharePoint portal/repository for collaboration efforts in the C-IED and Coalition Community. Portal provided link, nodal, network studies and analysis products for tracking nefarious entities.
September 2004 – April 2010 Senior Information Assurance Analyst, ANSER Inc., Headquarters Air Force, A3O-AY, Command and Control (C2)/Battle Management Division, Rosslyn, VA
Served as the Designate Approval Authority (DAA) Representative, Information Assurance (IA) member of a project team focused on evaluating and meeting the cost, schedule and performance parameters associated with AF acquisition of Information Technology (IT) systems of the Aerospace Operations Center – Weapons System (AOC-WS). Primary roles and responsibilities:
- Participated in complex project integrating systems into a suite of operational weapons systems to include short/long term strategic and operational support planning; identifying and resolving problems such as test and evaluation, engineering, production, and contract requirements; and developing and preparing briefs/reports to key officials to plan, monitor and/or approve program requirements/changes.
- Ensured IA was designed into the development process and tested to ensure compliance at key milestones to expedite the final test and evaluation (T&E), user’s acceptance test, and deployment of the upgrade. Significantly decreased increment release dates from an average 2 years to an average of 15 months.
- Analyzed C&A test reports, facilitated mitigation and risk management activity for solutions to minimize security vulnerabilities while balancing the operational need for the warfighter to expedite fielding of systems.
- Oversaw the Plan of Action and Milestones (POAM) for assigned systems. Led and arbitrated POAM update meetings between stakeholders, developers and system administrators to ensure corrective actions and priorities were on a realistic completion timeline and meeting compliancy requirements.
- Provide analytical performance assessments in support of positional verification and validation processes for the AOC systems when new upgrades or patches are in review.
February 2003 – August 2004 Mission Planning Support Contract, Field Service Engineer II, BAE Systems N. A. 8 Fighter Wing, Kunsan AB, Korea
- Provided dedicated System Administrator (SA) services and training of the mission planning systems used by three flying squadrons assigned two distinct model airframes on Kunsan AB.
- Troubleshoot system errors and notify help desk to track and inform other SAs of potential issues with software.
- Beta tester/evaluator for software upgrades.
- Provided technical advice for configuration management, technical C4ISR, and modeling and simulation systems operations and maintenance.
- Created stand-alone mission planning network within the flying squadron facility to facilitate data sharing among systems instead of using numerous floppies or CDs to download and move data between systems.
- Assisted pilots and Intelligence personnel using mission planning tools; providing better data and products during mission planning process.
MILITARY CAREER HIGHLIGHTS:
Always top rating on performance evaluations and awards throughout career; assigned increased leadership responsibilities ahead of peers. Culmination of career before retiring was;
September 2000 – January 2003 Superintendent, Wing Intelligence, 35 Fighter Wing, Misawa AB, Japan
Managed and mentored daily activities concerning the effective utilization, professional development, and welfare of 33 intelligence personnel, assets in excess of $500,000 and $90,000 annual budget. Tailored all-source force protection and counter-terrorism intelligence support to command staff. Wing Threat Working Group (Information Operations and Force Protection) Intelligence representative. Participated in TBMCS-AF Test and Evaluations to help redline documents and assess software upgrades. * Recipient of Fifth Air Force (5 AF) Air Force Intelligence Awards Program (AFIAP), 2000.
MILITARY/DOD EDUCATION:
SPAWAR RMF-ISSE 201 Series CBT, Jan 2019 (Contractor)
SPAWAR RMF-SCI 303 Pt 1 CBT, Nov 2018 (Contractor)
SPAWAR RMF-NQV 302 Pt 1 CBT, Oct 2018 (Contractor)
Appointed Navy Qualified Validator (NQV), Oct 2018 (Contractor)
Defense Information Systems Agency (DISA) ACAS v5.3 (2016) CBT, Sep 2018 (Contractor)
DISA eMASS CBT, DoD RMF Controls Assessor Role, Sep 2018 (Contractor)
SPAWAR NQV-100 Series CBTs, Aug 2018 (Contractor)
SPAWAR RMF-101 CBT, Aug 2018 (Contractor)
NIST Applying RMF to Federal Information Systems, Jun 2018 (Contractor)
FedVTE CISM (2013) CBT, Feb 2018 (Contractor)
DoD Information Assurance and Certification and Accreditation Process (DIACAP) Course, Jun 2007 (Contractor)
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Course, Feb 2005 (Contractor)
Contact this candidate