Security Officer Project Manager
Resume:
SCOTT A. CLEMENT
Collinsville, Illinois 62234
Phone: 618-***-****
Email: adr5my@r.postjobfree.com
PROFESSIONAL SUMMARY
More than 25 years of Enterprise IT/IS Management experience with the Public and large Private sector organizations (Healthcare, Financial, Utilities and Manufacturing). Wide range of technical knowledge with experience managing IS teams and multiple projects. Strong knowledge of Security Compliance and Regulations (HIPAA, DIACAP, PCI, SOX, ISO 27000, FISMA, NISPOM). Experienced performing Disaster Recover/Business Continuity testing and reviews; New Technology roll-out/refresh; Storage Migration and Reclamation; Internal Security Audits; Application/Operational Readiness Testing; Security Vulnerability Assessments; and System/Network Security Certification and Accreditation. Thorough knowledge of DoD, NIST, FIPS, OMB, CNSS, DCID/JFAN, JSIG-RMF, and FedRAMP requirements, standards and documentation. Working knowledge and scholarly research in the areas of Enterprise Security Culture (policies, procedures, and awareness), Risk Management, CNSS, NIST SP 800, and FIPS documentation.
PROFESSIONAL EXPERIENCE
Scott AFB (USTRANSCOM/AMC), Shiloh, IL April 2021 – Present
Cyber Security Engineer in Executive Office (PEO)
Developed and led Risk Management plan for 2 global programs in AWS GovCloud.
Held several weekly meetings with program executives to discuss ongoing projects and risk assessments.
Managed SRR, SRG, STIG reviews and security scans using Retina and SCAP to measure compliance and manage security POA&M.
Reviewed and delivered RMF documentation required for system accreditation.
Provided support to system and application developers to address security findings.
Evaluate security assessment and compliance tools. Reviewed Fortify static code analysis reports to develop plan for remediation or mitigation.
Perform risk assessments using DoD tools and NIST SP800 guides to meet system security compliance.
Manage vulnerability assessments, risk remediation/mitigation process, incident response and support for operation issues.
Maintain security baseline for clients and servers in multiple domains. Implemented continuous monitoring and configuration management system.
Managed security integration into SDLC which save a significant amount of rework.
Provided security support for Agile and Waterfall development methodologies for different programs. .
The Boeing Company, St. Louis, MO November 2013 – June 2014 (Consultant)
IA Team Lead and Technical Lead Engineer June 2014 – January 2017
Cyber Security ECC January 2017 – September 2019
IA/Security Team Lead for AME and IMIS Health Management System Program and provide technical guidance to security team members.
Developed Supply Chain Risk Management (SCRM) Plan.
Performed Supply Chain Risk Assessment.
Evaluated attack vectors for weapons systems program based on MITRE CAPECs
Performed cyber assessment for embedded system trade study and wrote security requirements for the trade study
Developed and led project plan for certification and accreditation. Managed security requirements for programs.
Managed SRR, SRG, STIG reviews and security scans using Retina and SCAP to measure compliance and manage security POA&M.
Reviewed and delivered contract documentation. Contributed to Statement of Work reviews and proposals and Basis of Estimates for new proposals.
Develop plans for new business opportunities, and build business case for justifications.
Manage security test and verification automation project which would reduce manual assessment man hours by estimated 15%.
Evaluate security assessment and compliance tools. Reviewed and implemented application static code analysis tools to meet requirements.
Perform Risk Assessments, Static Code Analysis, and provided USAF support for DIACAP to Risk Management Framework (RMF) transition for ATO renewal.
Manage vulnerability assessments, risk remediation/mitigation process, incident response and support for operation issues.
Maintain security baseline for clients and servers in multiple domains. Implemented continuous monitoring and configuration management system
Managed security integration into SDLC which save a significant amount of rework.
Program POC for Navy and Air Force IA Management. Held weekly customer teleconferences with customers.
Develop and revise DAICAP C&A documents and CDRLs; Security Implementation Plan, Cyber Security Plan, IA/IS Processes, and Policies.
Lewis and Clark Community College August 2013 – Available
Adjunct Instructor
Develop lesson plans and lectures for the following classes: Security+; Certified Ethical Hacking; Penetration Testing; Security and System Forensics; Firewall and VPN; Intrusion Detection/Prevention Systems; Linux Operating Systems; Windows Operating Systems.
Developed assignments, exams, and hands-on labs for each course. (CISCO ASA, IPTables/Packet filter, Virtual Labs, Kali Linux, Metasploit, NMap)
Saint Louis University, St. Louis, MO
Information Security Compliance Consultant February 2013 – November 2013
Review and develop security policies and procedures for multiple projects.
Designed and developed repository and document management system for project documents/artifacts/archives using virtual storage, SQL server and SharePoint Server.
Research and present solutions for SaaS and Cloud computing services to support global projects.
Provide consulting security services and compliance guidance for multi-million dollar research projects (ITAR/EAR, FISMA, HIPAA, FedRAMP, NISPOM and CDC Select Agent projects). Assisted with RFP interpretation and response.
Develop Security Plan, data classification for HIPAA and FISMA data, Security Test and Evaluation Plan, and Certification and Accreditation Plan. These security projects support Clinical Trials, Biohazard Research programs, and aerospace engineering projects.
BJC Healthcare, St. Louis, MO.
Senior Systems Analyst (weekend night shift) November 2011 – December 2019
Provided Tier 2 support for information services operations. Monitored physical and virtual computing and network systems for multiple healthcare sites. Responsibilities included troubleshooting and fixing issues with network storage systems; network equipment and services; Windows, Linux, Unix, Solaris, AIX servers; Vmware Vsphere and ESX; Cisco ASA and CheckPoint firewalls and VPNs; Oracle and SQL Server databases; remote access and data protection.
Scott AFB (USTRANSCOM/AMC), Shiloh, IL October 2011 – January 2013
Information Assurance Consultant
Provide weekly presentation on status of open security issues to executive management.
Managed SRR, SRG, STIG reviews and security scans using Retina and SCAP to measure compliance and managed security POA&M.
Developed IA Security Strategy and FISMA Compliance Program for various projects requiring working knowledge of DoD, NIST, FIPS, OMB, CNSS, DCID/JFAN, JSIG-RMF, and FedRAMP requirements and standards.
Develop plan to migrate legacy systems/applications to Common Computing Environment (CCE). Automated CCE baseline image implementation reducing time by 20X.
Develop vulnerability assessment plan for web-based application and database servers using open source and third party products (OWASP, Metasploit, Nessus, Nmap,).
Managed vulnerability assessments and security control effectiveness verification for Windows Server 2003, 2008, SQL servers, Workstation 7, COTS applications, and RedHat Linux Server for CDE bastion host.
Evaluated and proposed solutions for Enterprise Syslog Servers, Network IPS, Firewall replacement, Host Based Security System (HBSS/HIPS).
Developed project plan and procedures for physical to virtual server (P2V) migration to VMware vSphere infrastructure.
Northrop Grumman, O’Fallon, IL November 2007 – October 2011
Information Security Manager/Project Manager
Managed project and team members on multiple mission systems programs.
Conducted performance reviews for team members and provided coaching and career guidance. Assisted in goal planning and professional development.
Security engineering project manager for Navy Enterprise Network Management systems.
Managed DIACAP and ST&E (Security Test & Evaluation) Project and FISMA compliance in order to meet Certification & Accreditation requirements for ATO.
Scheduled security resources to perform various phases of FISMA Implementation.
Coordinated third party audits and security compliance reviews with customers.
SME for FISMA, ISO 2700x, PCI, HIPAA, DoD 8570, and SSAE 16 / SAS 70
Established requirements and security controls based on NIST SP800 and FIPS documents for FISMA and PIA security compliance.
Managed assets, documentation, SLA requirements, IT Services, IA System Security, system support personnel and project schedules on a daily basis.
Conduct lessons learned and root cause analysis for critical incident response projects.
Coordinated planned outages. Planned and scheduled system upgrades, P2V migrations and new implementations.
Defined Data Governance and Stewardship Strategy, Information Assurance Security Controls, Risk Assessment and Acceptance, Remediation and Mitigation Plan.
Managed Data Center infrastructure for 3-tier application development and UA testing environment.
Enterprise Architect for the programs’ network and data center including resource allocation and server sizing. Managed primary and secondary/failover power requirements for multiple programs in expanded data center. Managed CRAC Design and developed RFP/RFQ for additional 60 tons HVAC.
Facilities POC for Enterprise VoIP Project, facilities Demarc and conference room Audio Visual resources. Led WiFi Network Infrastructure project.
Coordinate and scheduled projects with contractors, third party vendors and customers. Negotiated schedule and price for services.
Developed TCO reports and cost justifications to support hardware refresh project. Performed feasibility study and presented ROI by upgrading to newer technology for Enterprise Backup Solution, Server Migration, Network Upgrade, and Technology Refresh.
Installed and configured several Oracle (Sun) SAN Storage w/ Brocade switches connected to network hosts. Installed HP P4500 ISCSI storage w/ LACP Link Aggregation connected to Cisco 3750 switch and mapped to VMware ESX virtual servers. Installed and configured NetApps FAS SAN w/ fiber connections to Brocade switch and distributed to RedHat, Windows and Solaris hosts.
Lockheed Martin, O’Fallon, IL August 2006 - November 2007
Computer Development Lab Manager
Managed development environment for USTranscom Logistics program.
Developed and directed Security Readiness Reviews, DISA STIGS, Gold Disk Retina Scans.
Developed Information Security policies and procedures to improve security operations of program.
Held weekly conference meetings with government customers to review risk, issues and opportunities.
Managed vender proposals and worked with PMO on budgets for the project.
Developed Business Continuity /Disaster Recovery procedures, and architected and implemented High Availability Network Enclave project.
Managed multiple enclaves of Solaris 10 servers in a multi-tiered design. Technologies used: Windows 2003 servers, Windows Domain Controller, Account access administration, DNS, NIS+, NFS and QFS, Jumpstart server, Sun Cluster 3.1 servers, Sun StorEdge 3510 SAN storage, Sun Enterprise Directory Server, Oracle RAC, HP LeftHand P4000 iSCSI SAN Storage
AG Edwards, St. Louis, MO November 2005 – January 2007
Sun Product Manager
Product Manager for all Sun Solaris hardware and software.
Researched and proposed solutions to meet business requirements for multiple departments and projects.
Developed hardware and software standards based on system requirements. Managed and coordinated corporate wide roll-out of new technologies.
Developed security procedures, risk assessment program and implementation schedule for SOX (Sarbanes–Oxley) security compliance and SAS 70 audit standards. Working knowledge and experience using ISO 27000 family of standards framework and ISACA COBIT framework.
Managed system monitoring, event resolution, system patching and hardware/software upgrades and server builds.
Developed security assessment project and automated security testing/compliance verification of 400+ servers.
Facilitated SAN and NAS storage security and data privacy requirements.
Developed Security Awareness Program and coordinated implementation with HR Department.
Northrop Grumman., O’Fallon, IL November 2004 – November 2005
Lead Security Engineer, Scott AFB GTN21 Project
●Developed BC/DR plan for multiple operational sites and warm stand-by COOP site.
●Evaluated security hardware based on common criteria.
●Architected Oracle and Sybase server solution based on database security STIGs and best practices and system requirements.
●Developed installation and recovery procedures; System Hardening procedures; Disaster Recover and Business Continuity Plan, Patch Management, Capacity Planning Scripts, Developed test procedures for data validation.
●Managed Access Control Project which included 2-factor authentication, ACLs/FACLs, IPFilters, OpenSSL VPN and Firewall, IPsec VPNs, RBAC, BART and RSA.
MasterCard, O’Fallon, MO
Sr. Professional Services Consultant January 2001 – November 2004
●Data center migration of enterprise Unix systems and applications.
●Developed Disaster Recovery Plan, Coop Site Design; System Security, Auditing and Access Control Policy and Procedures.
●Performed internal security audit; Security Incident Reporting Policy and Procedures, and Risk Management Plan.
●Managed Sun Cluster development and installation for High Availability solutions.
●Provided training, documentation and support to the technical operations staff.
Telenisus Systems, St. Ann, MO April 2000 to January 2001
Network Security Sales Engineer,
Primary support for the Security Sales team on Checkpoint Firewall product suite.
Performed demonstrations and installations for Midwest customer base.
Instructor for Checkpoint Firewall Administration and Engineering certification courses taught onsite.
Peabody Holding Co., St. Louis, MO September 1996 to April 2000
Manager of UNIX Engineering
Responsible for all Enterprise Unix systems and solutions supporting multiple coal companies throughout the US.
Project Management for Network DMZ project, Corporate Firewall and Content Filter Project, Engineering Server and Workstation refresh project for all Peabody Holding companies.
Researched and evaluating new engineering technologies for 3D modeling project and ESRI GIS application. Presented solutions to West coast companies. Performed feasibility study on various project solutions.
Managed department budget, working with vendors on support contracts and developed RFP, RFI and RFQ for various projects. Negotiate service contracts and hardware procurement for network and server refresh. Worked with Accounting department reviewing actual cost and monthly schedule, approving invoices and forecasting.
Managed System Administration Team (Performance Evaluations, Training, Time Reporting, Salary and Award Recognition)
Developed Disaster Recovery Plan, Emergency and Incident Response Plan and Procedures.
Recovered Arizona Data Center resources and services after a fire.
EDUCATION
PhD in Information Assurance and Security, Capella University (Present)
MBA Webster University
B.S., Computer Science, Washington University of St. Louis
CERTIFICATIONS and TRAINING
ISC2 CISSP (Certified Information Systems Security Professional)
EC-Council CISO (Certified Chief Information Security Officer)
EC-Council CEH (Certified Ethical Hacker)
EC-Council CNDA (Certified Network Defense Architect)
GIAC G2700 (ISO 27000)
ITIL V3 Foundation
CheckPoint Firewall-1 CCSA, CCSE, CCSI
Certified CompTIA Network +
ISACA CRISC, CISM
Boeing .NET programming certification
Saint Louis University – Advanced Security certification courses (RMF Transition, Application security, Incident Response, Ethical Hacking)
Saint Louis University – Advanced Python Programming, Advance Agile Practitioner Certification, Project Management
MIT – Model Based System Engineering Certification
Boston University – Cybersecurity and Cybercrime (digital forensics)
PROFESSIONAL ORGANIZATIONS
FBI-Citizen Academy Alumni
Information Systems Security Association – (Former president of St. Louis chapter)
InfraGard
Federal IT Security Institute
The International Society of Forensic Computer Examiners
Association of Certified Fraud Examiners
International Information Systems Forensics Association
ISACA
Other:
Security Clearance: Secret, 2019, DISCO
Contact this candidate