Scrum Master Security Representative
Resume:
Kenneth E. Triplin
***** ********** ***** ********, ** 20176 703-***-**** (Home) 703-***-**** (Cellular) Email: advw1t@r.postjobfree.com
1
Mr. Triplin is a highly experienced technical professional, with over 35+ years of combined IT experience as an IT Solutions Consultant; a Sr. Network/Systems Engineer with LAN/WAN infrastructures; an Information Assurance Officer (IAO) performing and supporting the DITSCAP process on COTS applications, and recently on IT and legacy systems supporting Information Assurance and Information Security projects under DCID 6/3 and ICD 503 utilizing the Risk Management Framework (RMF).
Core Competencies
Extensive domestic and international experience in network installations; system configurations, software support, and LAN/WAN solutions development.
Background in Network/Systems Engineering, Project Management support, IT solutions consulting and Information Security (InfoSec) identifying specific technical needs while maintaining quality standards and strict deadlines.
Collaborates with teams to effectively coordinate project efforts, thereby incorporating new security ideas and identifying areas of weakness, vulnerabilities, and risk.
Outstanding analytical, and problem-solving abilities and skills.
Dependable and diligent IT/IS professional, with a solid and focused work ethic.
Has worked with a vast number of industries ranging from: Health & Hospitals, Banking & Finance, Insurance, major Accounting Firms, and InfoSec with the Federal Government supporting IT and legacy systems.
10 years of Information Management, Information Security, and Information Assurance experience with a primary focus on designing secure enterprise network/systems, applications, and security architectures within U.S. Federal Government environment.
After several years of experience with LAN/WAN, Mr. Triplin is now in the process of obtaining the PMI CAPM Project Management Associate certification, the CompTIA CASP, and ultimately other Cyber Security and Cloud Computing certifications. DoD Clearances
DOD TS/SCI with Polygraph – March 2017
DOD Top Secret/SCI Clearance – March 2011
DOD Top Secret Clearance – February 2011
DOD TS/SCI with CI Polygraph – August 2006
DOD Top Secret/SCI Clearance – August 2005
DOD Top Secret Clearance – April 2004
DOD Secret Clearance – November 2002
Professional IT/InfoSec Experience
SAIC, Chantilly, VA 01/19 – 02/23
Security Engineer/Program Management-Team Manager
• Captured and refined information security requirements and ensured that these requirements were integrated into the IT system component products, and the Information Systems through purposeful security architecting, designs, development, and configurations.
• On an ongoing basis, met with and participated with the development teams working on newer IT system designs and enhancing current development products to ensure that the required security components, and controls are included in every aspect of their products.
• Prepared, maintained, and reviewed all A&A security artifacts, and documentation for the program’s products and systems, in accordance with DoD Instructions, Directives, Policies, and Regulations.
• Supported the process of Cross-Domain transfers from High to Low systems (and vice versa), and across non-disparate networking environments. Kenneth E. Triplin
43973 Riverpoint Drive Leesburg, VA 20176 703-***-**** (Home) 703-***-**** (Cellular) Email: advw1t@r.postjobfree.com
2
• Reviewed the latest or the recently received Information Assurance Vulnerability Management (IAVM) notifications to determine if the reported vulnerability affects a system or an application being reviewed for the current accreditation (i.e., IATO, ATO, etc.) being initiated.
• Has effectively developed solutions founded on various IT Best Practices within the Risk Management Framework (RMF) and the Assessment and Accreditation (A&A) process with operational successes toward system and application accreditations.
• Reviewed and provided technical feedback for various architectural diagrams.
• Within a team environment, worked with the PM, ISSM, ISSO, System Engineers and Developers to create purposeful RMF packages for review for accreditations.
• Team-Lead and Manager for a team of nine SAIC employees. Engility, Inc. Chantilly, VA 09/17 – 12/18
Section Manager in Support of SEAC Contract
• Section Manager/Team Lead in support of a team of IT members/contractors within the Office of Special Program (OSP) at the National-Geospatial Agency (NGA). National Intelligence Account (NGA), Springfield, VA 10/15 – 8/17 Security Engineer
• Security Engineer supporting various security related projects within the ICD 503 Risk Management Framework (RMF) process.
• Supported the Office of Special Program (OSP) department/directorate with data transfers as an alternate Data Transfer Agent/Officer (DTA/O), to transfer data to and from various systems and Mission Partners with varying classifications, and various domains.
• Functioned as the Lead when conducting bi-weekly meetings with the Operations & Sustainment (O&S) Security Working Group (SWG) to obtain the most recent status, and project updates that affect OSP.
• Reviewed Discrepancy Request (DR), Change Request (CR), and Software Request (SR) to determine if these requests had the required security related components, changes, and documentation updates (i.e., SSAA’s, STP’s, BoE’s, etc.) that had been properly rationalized to match the noted changes in the requested and distributed documentation.
• Supported team member for various accreditation projects, and task as they relate to Information Security (InfoSec), Assessment & Accreditation (A&A), and Security Testing.
• Assisted in the implementation of the required government policies (i.e., National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53A, CNSSI 1253, FIPS- 199, FIPS-200, SP 800-30, SP 800-34), and made recommendations on process tailoring.
• Assisted with the formal Security Test and Evaluation (ST&E) process through pre-test preparation, participated in various testing segments, analyzed their results, and prepared the required reports for briefing management.
TASC, Inc. Chantilly, VA 10/14 – 09/15
Section Manager in Support of IS&S/P2E
• Team Support/Lead for a team of six members/contractors across various TASC related government contracts at the NRO.
TASC/Engility - Chantilly, VA 07/14 – 10/15
Information Assurance/Cyber Analyst
• Supported two IC customer related projects under the Landmark AOS contract at the NRO with ICD 503 Assessment & Authorization (A&A) Risk Management Framework (RMF) process flow support, where daily guidance is given on ensuring IA compliance for systems seeking accreditation.
• Instrumental in providing A&A level support to “new and proposed” security related projects between the NRO and SAP NS2.
Kenneth E. Triplin
43973 Riverpoint Drive Leesburg, VA 20176 703-***-**** (Home) 703-***-**** (Cellular) Email: advw1t@r.postjobfree.com
3
• Initiated the necessary security requirements, and posture for NS2 HANA (i.e., security configurations, security scanning using DoD tools, security documentation/artifacts, and summary report) to be approved for a preliminary IATT ICD 503 A&A accreditation.
• Interfaced daily with Project Leads, the Acquisition Office (AO), and SETAs with Information Assurance (IA) guidance, as new directives are disseminated from the NRO, NSA Security Leads, and other Mission Partners.
• Reviewed RFCs as they pertain to Information Assurance (IA) and the ICD 503 A&A process flow for systems, and assets being presented for approvals at the Engineering Review Boards (ERBs).
• Attended Technical Engineering Meetings (TEMs), Design and Readiness Reviews in support of new and existing projects, within the acquisition process.
• Reviewed Security Artifacts, and Security Vulnerability Scans within Nessus/ACAS in advance of systems being accredited by the Designating Approving Authority/Officer
(DAA.DAO).
TASC, Inc. Chantilly, VA 03/11 – 10/14
Computer Systems Security Analyst V
• Demonstrated an intimate knowledge of DCID 6/3, ICD 503, NIST, and other Industry Standards publications for Computer Security support.
• Responsible for the IT security of complex government networks/systems, that included: Windows, Solaris, and UNIX operating systems, as well as, multiple technologies utilizing Controlled Interfaces (CI), Firewalls, VPNs, and perimeter protection devices.
• Provided knowledge and support of the Certification and Accreditation (C&A) process of Classified Computer Assets within the Intelligence Community (IC). Booz Allen Hamilton, Herndon VA 04/10 – 02/11
Associate – DAA Liaison & SME
• Supported the NGA Designated Accrediting Authority (DAA) as a technical security representative, and Subject Matter Expert (SME) ensuring that security had been integrated into and implemented throughout the lifecycle of a system for C&A processing.
• Responsible for coordination of security efforts between the Agency, IC and DoD entities, in order to provide C&A security recommendations and assessments to the NGA DAA. Booz Allen Hamilton, Herndon VA
Associate – IA and C&A Team 07/07 – 04/10
• Responsible for defining, implementing, and testing C&A, and Information Assurance requirements for the GeoScout/NGA security programs.
• Provided C&A support for development systems; provided security planning support for enterprise systems and supported functional developers in applying technical security controls and countermeasures during product development as required by DCID 6/3.
• Assisted in incorporating security into system architectural designs, product development, and provided security policy support and consulting services to the NGA program.
• Supported strategic to tactical security work, including block-level; increment-level, and project-level security activities.
• Conducted Security Risk Analysis, and Assessments using the DISA Gold Disk, DISA ESX server checklist, the UNIX SRR security scanning tools, and entered results and remediation into XACTA.
• Provided Cross-Domain Solutions (CDS) support using Radiant Mercury High Assurance Guards (HAGs) for PL4 SCI to TS domain transition.
• Traveled to other NGA program offices to conduct C&A security pre-scans, prior to the required Vulnerability Assessment Team (VAT), and Pen Testing security scans/testing. Kenneth E. Triplin
43973 Riverpoint Drive Leesburg, VA 20176 703-***-**** (Home) 703-***-**** (Cellular) Email: advw1t@r.postjobfree.com
4
BearingPoint, McLean, VA
Sr. Consultant – Information Assurance Officer (IAO) 01/07 – 07/07
• Supported the Joint Medical Information Systems (JMIS) Program Office of the DoD Tricare Management Activity (TMA) Clinical Information Technology Program Office
(CITPO), with C&A support reviewing security documents for DAA approval.
• Information Assurance (IA) support providing DoDI 8500.2, DOD 8510.1M, and DoDI 8510.bb (DIACAP) security guidance, policy, and oversight.
• Conducted DISA Gold Disk vulnerability scanning, product risk assessments, and security oversight and technical direction on applicable Automated Information Systems (AIS) and networks.
• As a certified DoD PKI Trusted Agent (TA), provided software security engineering to support the many medical applications that spans across the various Armed Services of the U.S. Military in conjunction with the Tricare Management Activity (TMA) and Medical Health Services (MHS).
Sr. Consultant – Information Systems Security Engineer (ISSE) 9/06 – 12/06
• Supported the DoD Theater Medical Information Program (TMIP) with C&A support reviewing SSAAs for DAA approvals.
• Information Assurance (IA) support providing DoDI 8500.1, 8500.2, and 8510.1M security guidance and DISA Gold Disk vulnerability scanning.
• Provided Audit & Controls and Acquisition support, and Software Security Engineering to support the many medical applications that spans across the various armed services of the U.S. military through the TMA and MHS programs.
SAIC, McLean, VA
Information Systems Security Certification Engineer (CE) 10/05 – 09/06
• Provided domestic and international Automated Information System (AIS) security support addressing hardware, software, administrative\procedural, physical, and communications for international systems and projects for the National Geospatial Agency (NGA).
• Reviewed, and when necessary, prepared the certification packages supporting the accreditation process, and entered results and remediation into the XACTA database.
• Performed risk assessments, provided security oversight, and technical direction on AIS systems, networks, and media needing Independent Verification and Validation (IV&V).
• Assisted in system/technology analysis and Risk Assessment (RA), Security Testing and Evaluation (ST&E), and Independent Verification and Validation (IV&V) of legacy systems.
• Provided recommendations for formal accreditation of all IT systems processing SCI, and collateral information with DCID 6/3.
SETA, McLean, VA
Systems Assurance Test Lab Manager – Defense Threat Reduction Agency 12/04 – 10/05
• Supported and assisted the Test Engineers with testing the received Information Assurance Vulnerability Alerts (IAVA) security patches and vendor hotfixes before they were packaged and pushed to the client workstations via Novadigm Radia and tested new and revised software revisions for vulnerabilities and omissions before a global installation was deployed.
• Provided Security Testing and Evaluation (ST&E), and Independent Verification and Validation (IV&V) of IT systems and software.
• Aided the C&A (Certification and Accreditation) Team with reports, security policies and procedures concerning both domestic and international DTRA security.
• Interfaced with DTRA’s Cyber Security Division ascertaining the latest security issues and risk.
Kenneth E. Triplin
43973 Riverpoint Drive Leesburg, VA 20176 703-***-**** (Home) 703-***-**** (Cellular) Email: advw1t@r.postjobfree.com
5
Sr. Information Assurance Engineer – Defense Threat Reduction Agency 8/04 – 12/04
• Functioned as the Information Assurance (IA) Team Lead to provide various DTRA groups with information concerning the most recently received Information Assurance Vulnerability Alerts (IAVA).
• Ensured that all desktops, servers, and networking devices received the proper, and updated security patches were up-to-date and relevant.
Sr. Network Engineer – Defense Threat Reduction Agency 6/03 – 8/04
• Provided network enterprise solutions, and integration support to the U.S. Army at Fort Belvoir.
• Provided integration and integrity assurance support with Tripwire for Servers, and Network Devices using Tripwire Manager.
• Assisted in the DOD NGOS (Next Generation Operating System) integration project to upgrade all departments and groups to Windows XP, with Windows Server 2003 and Active Directory globally.
• Team Lead for the DMS\AMHS secure messaging support project.
• Lead Server Administrator for the DoD CWC network integration support team.
• Provided installation and integration support for the RIM Blackberry server projects at Fort Belvoir.
• Applied DISA/CERT security policy configurations to the DoD Windows LAN Servers and Desktops.
Continuing Education
• Participated in a Doctorate degree program in Information Assurance (DIA) and Security Policy Analysis, in support of Information Security/Information Assurance initiatives at the University of Fairfax, Vienna, VA campus.
• Obtained Cyber Security Graduate Degree Certificates from UMUC, and have also received Information Security (IS) Graduate Certificates from Jones International University, Denver, CO.
• Currently completing a Doctorate degree program for Professional Computer Studies (DPS) at Pace University (ABD), White Plains, NY campus in support of Information Security
(InfoSec) with a focus on Software Development and Design, Cyber Analysis, Network Security, Artificial Intelligence (AI), and Machine and Deep Learning (ML). Kenneth E. Triplin
43973 Riverpoint Drive Leesburg, VA 20176 703-***-**** (Home) 703-***-**** (Cellular) Email: advw1t@r.postjobfree.com
6
IT Certifications
Currently Held Certifications Certifications Obtained DISA ACAS v5.4 Certification
DISA ACAS v4.8 Certification
Agile Certified Scrum Master (CSM)
Cisco Certified CCNP
IBM Certified OS/2 Engineer (v.2.11/v3.0 Warp)
CompTIA Cloud & Virtualization IBM Certified LAN Server Engineer (v3.0/4.0) GIAC Security Leadership Certification (GSLC) IBM Certified Professional Server Expert (PSE) EC-Council CEH v6.0, IACRB CPT 3Com Certified 3Wizard, Windows NT v 3.51 MCP
DoD 8570.1-M NSA Certified CNSS 4011
NSA Certified IAM/IEM
DISA Certified Windows 2003 SRR Reviewer
Novell Certified 3.1x CNE, Novell 4.x CNA, and
Novell 5.x CNE
Certifications In Process
ISC2 Certification in Cloud Computing in Process
ISC2 CISSP Certification (Exam is in progress)
AWS Certifications in Process: Solutions Architect, DevSysOps Administrator, and Cloud Practitioner
CompTIA CASP Certification (Exam is TBD)
PMI Project Management Associate (Exam is TBD)
Cyber Security Network Specialist (Exam is TBD)
Education & Training
Doctorate in Professional Computer Studies (D.P.S.) in Computing & Information Technology (IT) Pace University – White Plains, NY – May 2018 (ABD) Certified Scrum Master (CSM) Agile Certification Training – December 2015 TASC - CSM for Government Class
Graduate Degree Certificate in Cyber Security Technology – December 2012 University of Maryland University College – Adelphi, MD Master’s Information Security Management (MSISM) – September 2012 University of Fairfax – Vienna, VA
Graduate Degree Certificate in InfoSec Program Management Strategies – September 2010 Jones International University – Centennial, CO
Graduate Certificate in InfoSec Research Methods – May 2009 Jones International University – Centennial, CO
NSA/CNSS 4011 Information Security Certification – October 2009 University of Fairfax – Vienna, VA
Graduate Certificate in Information Assurance Competencies – October 2009 University of Fairfax – Vienna, VA
Graduate Certificate in InfoSec Research Assessment – May 2009 Jones International University – Centennial, CO
Kenneth E. Triplin
43973 Riverpoint Drive Leesburg, VA 20176 703-***-**** (Home) 703-***-**** (Cellular) Email: advw1t@r.postjobfree.com
7
Graduate Certificate in Disaster Recovery and Continuity Planning – December 2008 Jones International University – Centennial, CO
MBA courses with a focus on Information Security Management – November 2007 Salem International University – Salem, WV
NSA Sponsored INFOSEC Assessment Methodology & Evaluation Methodology Training - April 2007 Security Horizon/University of Fairfax – Vienna, VA Master’s Degree in Information Security Analysis – March 2007 University of Fairfax – Vienna, VA
Acquisition 101/102- January 2007
Defense Acquisition University (DAU) – Online
Bachelor of Science Degree in IT Networks and Telecommunications – December 2005 Capella University – Minneapolis, MN
DISA Windows 2003 Server Security Readiness Review (SRR) Training – June 2005 Letterkenny Army Depot, Chambersburg, PA
Coursework in Professional Computer Studies - 1991 Pace University, New York, NY
Associate of Science in Business Administration – May 1988 Bronx Community College, Bronx, NY
References Furnished Upon Request
Keywords: InfoSec, Information Assurance (IA), DITSCAP, DIACAP, DCID 6/3, RMF, C&A, A&A, IV&V, ST&E, LAN/WAN network support, and Cross-Domain Solutions Support
Contact this candidate