Information Security Professional, Authorization and Accreditation
Resume:
Information Technology (IT) Specialist (INFOSEC)
Dear Hiring Manager,
I am a highly effective Information Technology Specialist with extensive knowledge regarding information security, information assurance and network administration. I have specialized experience performing system monitoring and troubleshooting using intrusion prevention (IPS), intrusion detection systems (IDS), and Vulnerability Assessment (VA) tools. I am confident that I offer an expertise that will benefit you.
As you can see from my enclosed résumé, I have more than 15 years of specialized experience in Information Technology security procedures, tools, policies and methods. I maintain the proven ability to define and develop projects and acquire the resources to complete them; Operate as project leader whose authority and scope of responsibility crosses organizational and geographic lines; Develop guidelines that will be used by other specialists in the course of the projects, which have an impact on broad agency goals; Lead major national level projects such as the review of proposed new systems, networks, and software designs for potential security risks, recommending mitigation or countermeasures; and Resolve integration issues related to the implementation of new systems within the existing infrastructure. My record speaks to my ability to:
Lead the implementation of security programs designed to anticipate, assess, and minimize system vulnerabilities, coordinating the implementation of security programs across platforms (Tier I, II and III) and establishing vulnerability reporting criteria.
Review proposed new systems, networks, and software designs for potential security risks, recommending mitigation or countermeasures, and resolving integration issues related to the implementation of new systems within the existing infrastructure.
Provide authoritative advice to other specialists in disaster recovery, business continuity, and operating systems security, and develop and implement agency wide guidelines.
Develop contingency plans (Disaster Recovery or Business Continuation Plans for information technology systems) to ensure availability and accessibility of network resources in the event of emergencies.
Develop long-range plans for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities.
Coordinate the implementation of security programs across Tier I, II, and III systems, and establishing vulnerability reporting criteria.
Review and evaluate security incident response policies; identify need for changes based on new security technologies or threats; test and implement new policies and institute measures to ensure awareness and compliance.
Implement security requirements resulting from new Public Law, Presidential directive, or other external mandate; integrate security programs across business units and organizations; and define the scope and level of detail for security plans and policies applicable to the security program.
Evidence of my ability to be a solid contributor to your company includes knowledge of, and skill in the development and interpretation of policies, procedures, and strategies governing the planning and delivery of services; Providing expert technical advice, guidance, and recommendations to management and other technical specialists on critical IT issues; Applying new developments in the occupation to previously unsolvable problems; and making decisions or recommendations that significantly influence important IT policies or programs; Applying, the interrelationships of multiple IT specialties, the IT architecture, new IT developments and applications, emerging technologies and their applications to business processes, IT security concepts, standards, and methods; Project management principles, methods, and practices including developing plans and schedules; Estimating resource requirements, defining milestones and deliverables, monitoring activities, and evaluating and reporting on accomplishments; and oral and written communication techniques; Applying total infrastructure protection environment, systems security certification and accreditation requirements and processes; and Federal information systems security protocols to integrate information systems security with other security disciplines; certify systems or network accreditation; and Ensuring coordination and/or collaboration on security activities.
I would like to explore the possibility of putting my knowledge and skills to work for you. My résumé will provide you with further details of my accomplishments. I can be reached at the phone number or email address listed above should you have any preliminary questions. I appreciate your time in reviewing my qualifications and look forward to speaking with you soon.
Sincerely,
Ken K. Murphy
Information Technology (IT) Specialist (INFOSEC)
Auditing
Business Impact Assessment
Business Recovery & Continuity
Capital Planning & Investment
Configuration Management
Governance
Incident Management & Privacy Breach Reporting
Performance Management
Policy Development / Enforcement
Risk Management
Security Awareness Program
Security Planning
System Accreditation / Acquisition
15 years of specialized experience developing solutions to integration/interoperability issues; designing, developing, and managing IT security systems that meet current and future business requirements, and applying, extending, enhancing, or optimizing the existing architecture; Managing assigned projects; Communicating complex technical requirements to non-technical personnel; and Preparing and presenting briefings to senior management officials on complex/controversial issues.
Highly effective professional with the proven ability to lead IT security systems development projects from design to support; Evaluating the effectiveness of installed systems and services; and Providing advice on and devising solutions to a wide range of IT issues.
Team Leader with experience planning, implementing, and managing problem management systems designed to effectively recognize, report, track, and resolve problems; and Evaluating the feasibility of adapting new methods to enhance customer satisfaction
Professional Experience
Department of Treasury - (Washington, DC)
Information Technology Specialist 2021 – Present
Provide support and management in the Department of Treasury's High Value Assets (HVA) Program Management Office (PMO) overseeing information and information systems that are critical to Treasury, its bureaus and the nation. Work with federal agencies within Treasury in the classification of systems as being Primary Mission Essential Function (PMEF) or Mission Essential Function (MEF); these categorized systems are then further grouped into tiers: Tier 1 or Non-Tier 1. In the execution of this role of support in the HVA PMO work closely with the Department of Homeland Security (DHS) / Cybersecurity and Infrastructure Security Agency (CISA) during data calls which provide the latest leading practice information and techniques for securing the HVAs and other critical infrastructure resources from cybersecurity attacks. Coordinate and track tri-annual assessment of HVAs and other critical systems between the federal agencies within Treasury, DHS/CISA and the contracted third-party assessment team. Participate in the coordination of pre- and post-planning of assessments, oversee the assessment team, coordinate logistics and attend technical exchange meetings (TEM). Synthesize post-assessment report from DHS or Third-party assessment team and report to Treasury Associate Chief Information Officer (ACIO) leadership. As the HVA PMO for Treasury work with bureaus to provide monthly reports, through closure, to DHS on POA&Ms resulting from assessment findings rated as Critical or High. Work with bureaus in the identification and categorization of their Cyber Critical Infrastructure Protection (CIP) asset.
Prioritize and schedule areas to be evaluated and develops assessment criteria.
Analyze findings and develop long-range plans for security systems that minimize risks, mitigate vulnerabilities, prevent security incidents, and insure systems reliability.
Evaluate the effectiveness of existing programs.
Identify new processes, techniques, and procedures to upgrade and enhance security protocols.
Consult with other IT Specialists to make recommendations on strategies and policies that govern implementation of security and reliability procedures throughout the organization.
Review and/or approve IT system access requests and/or processes to ensure IT security access requirements such as clearance, need-to-know and minimum training are accomplished before access is granted.
Apply understanding of computer systems and operations, especially security technology and processes; arrange cybersecurity modernization effort with bureau HVA POCs
Monitoring current reports of IT threats and vulnerabilities to determine risks, criticality and potential impact on IT systems.
Performing risk assessments and executing tests of IT systems to ensure correct functioning of IT system processes and security measures.
Coordinate regular meetings with Bureau POCs for HVAs on addressing changes from Executive Orders, Binding Operational Directives (BOD) or OMB mandates.
Perform monthly tracking and reporting of POA&M from Bureaus to DHS.
Qualifications:
Specialized experience Interpreting and implementing the existing IT security policies, standards, guidelines and procedures; interpreting and reporting vulnerability assessments of networks and systems identifying weaknesses and make recommendations to senior management for corrective actions; Developing, implementing and coordinating activities to ensure, protect and restore IT systems, services and capabilities; and Coordinating implementation of computer security technical solutions and/or corrective actions with system stakeholders; explaining the impact of newly released security standards or guidelines from the federal government or industry leaders on the organization’s situational awareness.
Delmock Technoloies Inc – Department of Education (Washington, DC)
INFORMATION ASSURANCE – ASSESSMENT & AUTHORIZATION (SME) 2020 – 2021
Provided information assurance and assessment and authorization support services to the Department of Education in support of the installation and implementation of new system-wide applications. In the execution of this role supported the adoption of the Risk Management Framework (RMF), Federal Information Security Management Act (FISMA) mandate adoption, assessment and authorization, creation of plan of actions and milestones (POA&Ms). Performed the initial ATO on ED’s Cyber Data Lake (EDCDL) and Information Assurance Services Tools (IAST) utilizing Cyber Security Asset Management (CSAM) tool. Developed and improved policy documentation for the retirement of networked IT system resources. Wrote the system descriptions for both systems that received an initial ATO and documented all the various applications and components that comprised EDCDL and IAS Tools.
Collected and reviewed artifacts needed for ATO processing (SSP, Disaster Recovery plan, Service Level Agreements (SLA), MOU/A
Populated CSAM with implementation statements for selected controls
Created POA&Ms where findings were discovered (ISSO addressed/remediated findings)
Analyzed information assurance-related technical problems and provided basic engineering and technical support in resolving or mitigating the problems.
Ensured service level agreements (SLA) and MOU/As were in place and adhered to organizational requirements
Ensured interconnection security agreements (ISA) were in place for each system sharing an interconnection, and they adhered to organizational security requirements.
Telesis Corporation - Housing and Urban Development (Washington, DC)
INFORMATION ASSURANCE, LEAD & DEPUTY PROGRAM MANAGER 2016 – 2020
Provided information assurance support services to the Housing and Urban Development (HUD) in support of the implementation of NIST’s Cybersecurity Framework. In the execution of this role support in the areas of Risk Management Framework (RMF) program support, Federal Information Security Management Act (FISMA) mandate adoption, assessment and authorization, creation of plan of actions and milestones (POA&Ms), continuous monitoring policy and strategy implementation and the adoption of an enterprise-wide data loss prevention. Support of HUD’s identity and access management program and its enterprise configuration and patch management program support and evaluation. Provide technical support to the Director; Plan and carry out difficult and complex assignments; develop new methods, policies, approaches and procedures; provide advice and guidance on a wide range and variety of complex issues; interpret Operation Security (OPSEC) policies, standards and guidelines; Performed assessment and authorization (A&A) on HUD’s general support systems (GSS) utilizing Cyber Security Asset Management (CSAM) tool.
Initiated and managed tracking system used to design, develop, engineer, and implement solutions that meet security requirements, resulting in multiple POA&Ms per year as part of the A&A process when systems being assessed required remediation.
As Information Assurance SME, led and managed project to determine enterprise information assurance and security standards resulting in providing integration and implementation of the computer system security solution.
Developed and wrote memorandum of understanding/agreement (MOU/A) and interconnection security agreement (ISA) that was adopted by the Office of the Chief Information Officer (OCIO).
Reviewed and evaluated (over 50) service level agreements (SLA) for adherence to organizational requirements, rejected SLAs that needed for further revisions.
Developed and implemented information assurance/security standards and procedures following NIST, FISMA and other government and industry best practices.
Developed and presented contingency planning and incident response training at the request of HUD’s Office of the Chief Information Officer (OCIO)
Coordinated, developed, and evaluate security programs including Configuration Management and Patch Management for HUD organizational units.
Recommended information assurance/security solutions to support customers’ requirements (develop/write policies, write procedures which were approved by the OCIO for adoption by program offices across HUD)
Identified, reported, and resolved security violations.
Established and satisfied information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
Supported customers (Chief Information Officer (CIO), Chief Privacy Officer, and Chief Information Security Officer (CISO) at the highest levels in the development and implementation of policies.
Applied know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
Analyzed, performed assessment, and define security requirements for 7general support systems which include mainframes, SharePoint, Windows servers and UNIX/Linux systems.
Analyzed general information assurance-related technical problems and provides basic engineering and technical support in solving these problems.
Supervised a team of 7 charged with ensuring that HUD’s general support systems (GSS) are functional, secure and functioning with valid authority to operate (ATO)
Qualifications:
Specialized experience Interpreting and implementing the existing IT security policies, standards, guidelines and procedures ; Performing vulnerability assessments of networks and systems to identify weaknesses and make recommendations to senior management for corrective actions; Developing, implementing and coordinating activities to ensure, protect and restore IT systems, services and capabilities; and Coordinating implementation of computer security technical solutions and/or corrective actions with system stakeholders; explaining the impact of newly released security standards or guidelines from the federal government or industry leaders on the organization’s situational awareness .
Camber Corporation - Administrative Office US Courts (Washington, DC)
INFORMATION SYSTEMS SECURITY ENGINEER (ISSE) 2014 – 2016
Provided information security services to Defenders Services Offices (DSO) across the country on matters related to network security, vulnerability management, security awareness training for users, security policy development, and incident response. Implemented higher-level security requirements such as those resulting from laws, regulations, or Presidential directive; Integrated security programs across disciplines, defines the scope and level of detail for security plans and policies; applicable to the security program; Assessed new systems design methodologies to improve software quality; leading implementation activities; instituting measures to ensure awareness and compliance; Reviewed and evaluated security incident response policies; developed long-range plans for IT security systems that anticipated, identified, evaluated, and minimized risks associated with IT systems vulnerabilities; Reviewed proposed new systems, networks, and software designs for potential security risks; Resolved integration issues related to the implementation of new systems with the existing infrastructure; Established guidelines and performance expectations for staff members; Developed work improvement plans, recommending personnel actions as necessary.
Advised system administrators across 81 offices on matters of IT security strategy and implementation.
Coordinated the preparation of office telecommunications, data, and information system security plans.
Administered security awareness training program for over 1,000 users across the US
Assisted in keeping the local office security policies and guidance up to date.
Supported all applicable client security policies, directives, and mandates.
Ensured security requirements for offices’ major applications or general support systems are being achieved.
Wrote monthly bulletin which assisted offices in developing and implementing the security recommendations
Provided oversight for Plan of Action and Milestones (POA&M) security issues for networks and systems.
Provided technical review and recommendations for all risk assessments and vulnerability assessments conducted for a system or site.
Assisted with incorporating security best practices into office-initiated projects and applications.
Assisted field offices in performing IT security assessments and creating security strategies and initiatives.
Attended security awareness and related training programs and conducted basic security assessments as appropriate.
Identified, tracked, and developed a methodology to manage and mitigate vulnerabilities.
Optimized the use of security and network management tool sets.
Assisted network managers and system administrators in the eradication of identified risks.
Verified the security compliance of the offices and became directly involved, with a hands-on approach, if needed.
Coordinated the updating of an office’s Contingency Plan and, if needed, participated in testing the plan.
Ensured risk analysis for projects were completed to determine if cost-effective and essential security controls were in place.
Understand the security risks involved with interconnecting systems.
Helped in the preparation and development of system security plans (SSP).
Monitored IT security incidents in accordance with established procedures, and report those not involving IT resources to the appropriate security office.
Supported the appropriate IT security personnel in the preparation of security reports.
Evaluated change recommendation to current networks and systems for their security impact.
Provided security analysis of IT activities to ensure appropriate security measures were in place and were being enforced.
Provided oversight for penetration testing or other activities that might occur at/or traverse the system’s infrastructure as part of a Security Test and Evaluation.
Led and attended status meetings with government personnel as needed.
Applied NIST guidance in the design and delivery of office-wide security awareness and training programs.
Developed and implement security policies, as directed, to ensure compliance with all applicable client security policies, directives, and mandates.
Qualifications:
IT related experience reviewing work to ensure it is in line with established standards or to identify deficiencies; collaborating with customers to identify their information technology needs or to resolve their hardware and software problems; explaining technical information orally to non-technical audiences; and evaluating alternatives to recommend solutions to hardware or software problems. Specialized experience integrating security programs across disciplines; analyzing software and hardware vulnerabilities to develop mitigating strategies to protect sensitive information and systems; providing technical advice to managers on cyber incidents; coordinating responses to cyber incidents of national significance; directing and managing teams to address cybersecurity issues; and creating operational policies and procedures based on new security technologies or threats.
Enterprise Information Services, Inc. (Arlington, VA)
SYSTEMS TEST AND EVALUATION (ST&E) ENGINEER 2012 – 2014
Provided Information Assurance (IA) support that included facilitating in the conducting of security assessments for all Office of Biometric Identification Management (OBIM) systems, (including Automated Biometric Identification System (IDENT), Arrival and Departure Information System (ADIS), OBIM MAN, US VOICE, NPE, and Remedy), for major software releases, annual assessments, and assessments support of tri-annual Certification and Accreditation activities; Translated business rules and processes into requirements; Evaluated the feasibility of proposed new systems development projects; Consulted with customers to refine functional requirements; Translated functional requirements into design specifications; Determined best approaches for implementation within the technical environment; Worked with applications developers to isolate and solve design problems encountered during testing and implementation stages.
Successfully developed plans utilized to conduct regular Contingency Plan (CP) tests that led to greater awareness of and corrective actions to data processing, and networked systems. Developed numerous testing scenarios to ensure effective operations with minimal interruptions. Program previously lacked consistency and structure with infrequent C&A tests conducted. The positive impact of tests on the entire network infrastructure was highly visible, resulting in official recognition awarded to the entire team.
Reviewed and accessed all system life cycle documentation for each release requiring System Test & Evaluation (ST&E).
Executed the ST&E test cases in strict adherence to the established plan and documented the results in detail and accurately in Security Assessment Reports (SAR).
Facilitated the preparation and review of the Security Assessment Plans (SAP), Security Requirement Traceability Matrix (SRTM), Department of Homeland Security (DHS) Configuration Guidance Studies and Plans of Actions and Milestones (POA&M).
Executed and reported on OBIM system Contingency Test Plans and Contingency Test Plan Results as well as OBIM Security Test and Evaluations (ST&E).
Performed assessments of systems configuration against DHS Configuration Guidance and of Nessus scan outputs.
Completed and reported on OBIM systems Annual Assessments.
Submitted items to Technical Editor for review; performed suggested edits, packaged and submitted items to Enterprise Information System (EIS) Configuration Management.
Reviewed and remained current on DHS, Federal Information Security Management Act (FISMA) mandates.
Actively participated and contributed to meetings for dissemination of information to OBIM Information System Security Manager/Officers (ISSM/ISSO).
Assessed security controls used by OBIM IT systems such as IDENT and ADIS. Among security controls considered are those specified in the NIST 800-53 standard, DHS 4300, Defense Information System Agency (DISA), Security Technical Implementation Guides (STIGs) and DHS Configuration Guidance Studies.
Reviewed, managed, verified and validated security activities and artifacts in XACTA supporting Certification and Accreditation (C&A) efforts.
Continuously researched and consistently maintained knowledge of intrusion detection, security assessment, and vulnerability scanning tools including but not limited to Nessus, Tipping Point, QRadar, and NexPose by networking and doing research independently.
Coordinated and actively participated in C&A activities with team members and collaborated with Systems and Database Administrators and federal clients.
Managed expectations to maintain client satisfaction throughout the entire project process.
Developed and provided Security Plans, IT Contingency Plans, Incident Response Plans, Business Impact Assessments, Risk Assessments, Annual Assessments, DHS Configuration Studies, E-Authentication Profiles, FIPS 199 Profiles, Plan of Actions and Milestone (POA&M) and other documents that supported the C&A process.
Made recommendations for remediation of identified weaknesses based on knowledge and experience level as well as analytical thought processes.
Conducted training for the system administrators, Database Administrators and all other staff involved in the system tests. Training followed the National Institute of Standards and Technology guidelines and based on the security level of the system from low to medium to high.
Qualifications
Specialized experience defining what system interrelationships must be considered, or what operating mode, system software, and/or equipment configuration is most appropriate for a given project; leading major agency-wide process improvement projects/initiatives; planning and coordinating an agency-wide implementation of process improvement methods and concepts to improve the quality of software products; serving as the principle advocate within the agency/organization for the application of process improvement concepts and practices; and consulting with senior specialists and IT managers in the implementation of process improvement practices.
National Oceanic and Atmospheric Administration (NOAA) (Silver Spring, MD)
SECURITY ENGINEER 2011 – 2012
Lead the implementation of security programs designed to anticipate and minimize system vulnerabilities; Review proposed new systems, networks, and software designs for potential security risks; recommend mitigation or countermeasures, and resolve integration issues related to the implementation of new systems within the existing infrastructure; Develop contingency plans (Disaster Recovery or Business Continuation Plans for information technology systems) to ensure availability and accessibility of network resources; Develop long-range plans for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities; Coordinate the implementation of security programs across Tier I, II, and III systems, and establish vulnerability reporting criteria; Review security incident response policies and identify the need for changes based on new security technologies or threats; Implement security requirements, integrate security programs and define the scope and level of detail for security plans and policies.
Performed triage and categorization of new incidents as a member of the Incident Handling team.
Conducted forensic investigation on MS Windows Operating Systems.
Performed review of system logs, browser history, and system cache to discover and remove suspicious or malicious entries and ensured a lessened risk to system thus promoting system efficiency and saving money.
Made industry best practice recommendations to system administrators on techniques to secure the systems that interacted with the internet.
Qualifications
Proven ability to work difficult and complex programs which will include establishing, implementing, and interpreting the security requirements; Coordinating the review and evaluation of the agency infrastructure protection program, including policies, guidelines, tools, methods, and technologies; Identifying current and potential problem areas; Updating or establish new requirements; and making recommendations for a fully compliant infrastructure protection program to be implemented throughout the agency.
Institute for Defense Analyses (IDA) (Alexandria, VA)
INFORMATION SECURITY GROUP - INFORMATION SECURITY ANALYST 2006 – 2011
Provided information security support to the wider IDA network and user community. This position’s responsibilities were split between the Information Security group and performing Information Assurance duties working in the SIPRNet addressing Information Assurance Vulnerability Alert (IAVA) and Plan of Actions and Milestones (POA&Ms) necessary for meeting C&A requirements. Validated IA technical and physical controls in accordance with the DoD standards. Additionally, performed system hardening utilizing DISA’s Gold Disk for STIG review along with systems risk mitigation achieved through strict patch management, vulnerability management utilizing eEye Retina’s network vulnerability scanner.
Provided risk management and mitigation through patch management generated through
Contact this candidate