Information Security Quality Assurance
Resume:
Christopher W. Harkness
Searching ***% Remote Position -Only
Location, Maine
E: ********.*@*****.***
LKI: www.linkedin.com/in/chris-harkness
CP: 207-***-****
Temporary work
Harkness Inc., Tri-State of Maine 02/2022-Presents
Freelance Residential House Painter, Landscaper & Computer Repair
Start out just for fun between jobs, various activities as in external and Internal House painting, Power washing desks and porches; minor yard working that became landscaper. As well voluntary myself to a senior center to fix computer problems. Setting up networking, Printers, Anti-virus software, Illustrated on how to send emails, As well installing router and WIFI, while continuing pursuing my goal for Cybersecurity Analysts, IT, ISSE, ISSO, GRC Consultant the future opportunities.
PROFESSIONAL EXPERIENCE
MKS2 Technologies; Togus, Maine, Subcontractor at United States Department of Veterans Affairs 02/16-6/2020 System Software Support Engineer -Teleworker 100% Remote
Manage tasks and projects that produce drafts for long range strategic plans to ensure information security compliance efforts are part of business practices and IT system life cycles and HR analytics and systems integration, and administration, National Institute of Standards and Technology ("NIST") Cybersecurity Framework Election Infrastructure
Continuing monitoring with ASM Research and CRISP Team and VA to transition medical files from Risk Vision into Emass with Electronic Health Records Managements Task (EHRMT) with along There are two types of FedRAMP authorizations: A Provisional Authority to Operate (PATO) from the Joint Authorization Board (JAB) and an Agency Authority to Operate (ATO) to maintained while assisting OIT auditors on projects in Cybersecurty Administration.
As a Cyber Security Engineer (Cloud/ATO Steward) you will work with system owners to create their ATO packages. Review and create artifacts that comply with the VA's authorization requirements, compliance and map those artifacts to the appropriate NIST 800-53 controls such as Assessment Procedures (AP) testing and evaluation. Review and help to write control implementation statements.
Contribute to the preparation of procedures, manuals and documentation for comprehensive assign to Cybersecurity Authority to
Operate (ATO) team to solving Authorizing Officials System Briefing (AOSB)`s conduct periodic customer, client satisfaction by
following SOP`s and guidelines of Department of Veterans Affairs in Continuous Information Security Program (CRISP)
Remediation Support Services (RSS) and ASM Research, Joint Authorization board (JAB) of the Federal Risk and Authorization Management
Program (FedRamp, Network Security Operation Center (NSOC, Security Management & Analysis (SMA), Architecture Structure & Design
(ASD), Enterprise Mission Assurance Support Service (eMASS), Information Security Risk Management (ISRM) 3554 Periodic Assessment of Risk Support (PARS)
Advanced knowledge of encryption, baseline vulnerability assessment, penetration testing, cyber forensics, intrusion detection, and incident response and remediation. Vulnerabilities and Remediation Status RASD: Reports, Briefings, and Recommendation Papers Report and Service Desk
Express (SDE) Vulnerabilities and Remediation Status Reports.
Reviews and interprets National Institute of Standards and Technology (NIST) Publication, Federal Information Security Management Act (FISMA), and OIT policies, program guidance and objectives related to assigned responsibilities and translates into operational management methods, systems, and operations.
Remediation coordinate and validation software’s and updates thru Desktop Baseline Assessment Toolkit (Dbat) to all Users computers, Nessus/ACAS and HBSS/McAfee, Cybersecurity and Infrastructure Security Agency (CISA) Researches policies, procedures, standards, and guidance, and applies needed changes under specific conditions for the protection of information and information systems,
Pervious activities working with VA and CRISP as OITOPS of remediation coordinate and validation software’s and updates thru Desktop Baseline Assessment Toolkit (Dbat), Tenable platforms to all Users computers.
Remotely into servers and user’s computer in VPN, as well assisting users with issues on ticket process.
Assess the Cybersecurity risk management of IT systems documenting them in formal risk assessments and supporting artifacts associated with (GRC) governance, risk and compliance with IT strategy to create a more responsive and transparent organization and assisting other (ISO) Information Security Officers. Organize, develop, and present briefings, written summaries, and written reports incorporating narrative, tabular and /or graphic implements
IT security solutions and assures successful implementation. Applies knowledge of security principles, Security Assessment Reports (SARs), Privacy Threshold
Assessments (PTA), Privacy Impact Analysis (PIA) policy and regulations to daily tasking, Risk Assessment Reports (RARs), Standard Operating Procedures (SOPs)
and Plans of Action and Milestones (POAMS) Create and maintain project content in the Governance, Risk, and Compliance (GRC) tool per client’s guidance.
Experience with Cyber Security documents management and is familiar with security and privacy rules.
Uses data collected from a NESSUS Baseline Vulnerability / Microsoft System Center Configuration Manager (SCCM), Microsoft Endpoint Configuration Manager (MECM) of cyber defense tools IDS alerts, firewalls, network traffic logs to analyze events that occur within their environments for the purposes of mitigating threats and following the Disaster Recovery Plans (DRP), Information System Contingency Plans (ISCP), Incident Response Plans (IRP)
The Integrated Project Team (IPT) initiative provides operational infrastructure and security protection support services that address these vulnerabilities. Consequently, the IPT ensures that information security risk controls are implemented, monitored, and compliant with Federal Information Systems Controls Audit Manual (FISCAM) audit reporting requirements as well scanning Tenable NESSUS Vulnerability scanner and remediation software with /SCCM,MCMEM
The FISCAM Compliance has represented the audit team's interests throughout change management implementations to ensure integration to FISCAM controls and systems. This individual will also assist in assuring compliance, and reducing risk across the enterprise, participate in audit related meetings and discussions as requested by the Audit readiness Manager, assist in the development and tracking of POA&Ms, and provide general audit liaison support and experience in RMF package development, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, system/site policies, procedures, and processes, architecture diagrams, hardware/software inventories and CIS benchmarks, Nessus audit files, and compliance scans.
Apex System Inc.; Burlington, MA 08/15-11/2015
Desktop Support Technician Specialist, Tier 2 & 3
Installs and configures end use devices (e.g., desktops, laptops, mobile phones and tablets)
Installment and configuration migration and deployment computers from Windows XP to Windows 7
Re-configuration on imaging new computers, servers, applications, and updates software
Reviews and interprets National Institute of Standards and Technology (NIST) Publication
Pro-Search Inc; Portland, Maine, Assignment Southern Maine Medical Hospital Center, Sanford, Maine 05/14-09/2015
Customer Services IT Help Desk Technician, Tier2
Customer Services to helpdesk Footprints tickets, by telephone calls, e-mail, configure and install client applications to mobile
Devices, for example: laptops, Desktops, tablets, and phones; network printers; document scanners; barcode scanners; and
Endpoint peripheral hardware, and user support, license tracking performing computer maintenance upgrades and configure.
Installs and configures end use devices (e.g., desktops, laptops, mobile phones and tablets)
Installment and configuration merging computers from Windows XP to Windows 7.
Re-configuration on imaging new computers, servers, applications, and updates software, and Tanium
Ensures a timely resolution and/or escalates non-resolvable issues to higher-level teams Installs, configures, supports,
Desktops, laptops, virtual workstations and install wired and wireless network devices.
Remotely customer PC`s, updating software and applications and troubleshooting issues
Creates, update, and resolves all issues within the current issues tracking OPAS Ticket System.
Organize and prioritize tasks to meet dynamic customer service level requirements, and Reviews and interprets National Institute of Standards and Technology (NIST) Publication as well following Governance, Risk, and Compliance (GRC) tool per client’s guidance.
Reset passwords in (AD) Active Directory and Remotely PC with (VNC) Virtual Network Computing Updates Software
Communicates highly technical information to both technical and non-technical personnel troubleshoot network access (LAN, WLAN, VPN)
National Employment; Portsmouth, NH. 10/13-05/14
IT Support/ Help Desk Technician
Assembling, disassembling and reconfiguration new and old computers, Printers, Copiers office equipment.
Rerouting servers and rewiring cables to connect to the network and update software when necessary.
Troubleshot and repair computers from call center and home use computers.
Assembling office equipment as Fax machines, PC`s, Printer, Copier, Telephones, coin coffee machines etc.
Managing ordering and storage inventory of office, operation and IT supplies and Reviews and interprets National Institute of Standards and Technology (NIST) Publication. Writing and editing Standard Operator Standards (SOP)
Altregra-Health Inc; Company was located: Los Angeles, CA, Station in Maine. 06/12-7/12
Medical Record Technician (Scanning Medical Records)
The operation of an enterprise level document control system, the upload/offload of data at File Transfer Protocol sites (FTP).
Scanning various different charts and batches of medical records into Electronic Documentation.
Spherion Temporary Agency; Smiths Medical, Inc., Boston, MA 11/07-5/08
QA Documentation Control Coordinator Specialist, (Medical Devices)
Development, implement and manage new documents and workflows required to support compliance initiatives in place for managed, controlled documentation and Data entry and form creation in electronic archive.
Tracking and storing paper documents such as faxes and images in Electronic Document Management. (EDM)
Maintaining scanning batches to process the documents into Documentation Control Workstation. (DCW)
Document and Process Engineering Change Notices (ECN), Engineer Change Orders (ECO), Standard Operator Procedure (SOP). Maintain the master electronic files, logs and update drawings to process into Pilgrim, Oracle, and Excel
CoWorx Staffing; Whatman, Inc. Saco, ME 12/05- 09/06
QA Technician, (Medical Devices)
Viewed and audited all inspection reports, data reports, technical reports, and analysis reports before products shipped.
Followed the guidelines and requirements of Good Manufacturing Practices (cGmp), ISO 13485, QCP-0001M Commodity
Howmet Turbine Component Casting Corp; (Military Contractor), Branford, CT 10/01-12/03
Quality Assurance Technical Documentation Coordinator Specialist, Supervisor (Aerospace Military Division)
Maintained records in Excel, Access, Specification Bulletin Board Reference Guide (SBBRG), Computerized Systems
Participated on validation teams for Quality Assurance or as QA validation contributor/reviewer for initiatives by other departments and exercises impendent judgment to optimize all commonplace compliance procedures.
Tracked and stored various paper documents as in fax and images in Electronic Document Management. (EDM)
Organized and distributed corporate manuals and ISO-9000, 9001, 9002, and AS-9100 Controlled Documents in Corporate library and arranged internal and external audits per manufacturing, government, and FAA requirements.
Distributed and maintained library of Corporate Process Method Sheets (PMS), Standard Operating Procedures (SOP), and Inspection Methods Sheets (IMS) for manufacturing.
United Technologies Corporation Branch Norden System, Melville, NY 02/84-9/96
Quality Assurance Source PWB, PCB Inspector, Secret Clearance
Quality Assurance Management on inspecting mechanical and physically private and military Radars, Printed circuit boards (PCB),Machine equipment using guideline of MIL-Standards in Workmanship
Maintaining source inspections on PWB,PCB at onsite audits and correct of actions inspection on corporations and vendors
Inspecting Commercial and US Military RADARS equipment and PCB by following military specification MIL-STD-454, MIL-STD-461, MIL-STD-130, MIL-STD-495L, MIL-STD-810H, MIL-STD-1689, QCP-0001M.
Out of Work Gap
06/2020-12/2021 Out of work due to medical, continue searching for remotely with obtained with work and continue my interests in computers, apps, software and programs. Assisting seniors in neighborhood with computer problems and maintaining updates/repairs on my own personal computers.
Education
Complication all necessary training for and for upcoming training for Veteran Affairs, Federal Virtual Training Enforcement
Certification in Substitute Teacher K-12, Adult Education of Biddeford Community Schools, Biddeford, Maine 2008
Certify on training on Codes of Ethics from DPMA Association of Information System Professional-1995
Mechanical Engineer B.S.M.E., University of Pennsylvania, International Correspondent School, Graduated 1996
A.S.C.A. in Culinary Arts and Hotel Management of New York Institution of Technology, Old Westbury, NY 1984
Diploma at Walt Whitman High School, South Huntington, NY 1981
Volunteer Experience
York Hospital, York, ME, Scanning Medical Records, Rehabilitation Dept. and Room Service 11/08-06/11 & 07/11-4/12
Brick Store Museum, Kennebunkport, ME, Photographer for museum artifacts 11/08-06/11
Animal Welfare Society, West Kennebunk, ME, Cage cleaner and dog walker 01/12-10/13
Albion Senior Center, Albion, ME, Computer repairs, Computer Instructor 02/2022- Present
RECOMMENDATION LETTERS
1 Recommendation Letter from Anthony Atkinson ASMR/VA/BAH 2020
2 Recommendation Letter from Southern Maine Medical Hospital Center 2014
1 Recommendation Letter from Smiths Medical Inc, 2008
2 Recommendations Letters from Howmet Turbine Component Casting 2002
License, Award and Recommendation Letter from Metropolitan Security Inc.-1996-1997
Dedication to AN/SPS-67 Radar Program UTC Norden System: 1989.
INDUSTRIES
Technology: 26 Years
Information Technology: 16 Years
Healthcare: 12 Years
Hospitality: 6 Years
Accomplishments
Converted an office into a fully functional corporate technical medical manufacture library-2002
Certified Cybersecurity Risk Vision and Risk Management Framework at VA-2016-2020
Certificate of Recognition from Nature Conservancy-2019
CRISP RSS Awarded Second Consecutive “Exceptional” Contractor Performance Assessment Reporting System (CPARS) Rating-2019
Award improved manufacturing of Converted an office into a fully functional corporate technical medical manufacture library From Howmet Turbine Casting-2003
Certificate of Recognition from The National Children`s Cancer Society- 2000
Certificate of Appreciation from National Law Enforcement Officers Memorial Fund -2000, 2001
Certificate of Appreciation from USA 2001 Team Partner Recognition the United States Olympic Committee-2001
Certificate of Appreciation from Veterans of Foreign Wars of The United States- 2001, 2002
Award for Outstanding Performance in line of Duty for Metropolitan Security Company 1997
Certificate of Appreciation from Handyman Club of America-1996
Received Letter of Appreciation from United Technologies Norden Systems for PCB quality inspection improvements-1989
Received a special award and recommendation by DoD and United Technology of Norden Systems of saving nearly $2Million dollars of cross examined of cross-section of printed circuit boards that dissolved when it was being processed in wave solder machine. Before the company merged into GE Westinghouse in 1989
Certificate of Appreciation from United Technology of Norden System on SEM RADAR AN/SPS-67-1977-1989
Award and Certification for Reduced damaged circuit board counts saving Norden Systems $185,000 per year in lost efficiency. 1986-1992
Certificate of Appreciation from Kiwanis Club of Manhasset on Long Island- 1986
Wrote a book with my family siblings titled: A World War 1 Adventure: The Life and Times of RNAS Bomber Polite by Donald E. Harkness (my
Grandfather)-2016 on Amazon and bookstores.
TECHNICAL SKILLS
Security Authorization Tools/ GRC Platforms: eMASS, SDE, JAB, CIO, SCCM
Security Assessment Tools: Dbat, Web Inspect, DB-Protect, STIG, KnowBe4, Phish Alarm, SIEM, Firewalls, McAfee
Scanning Tools: Tenable, Nessus, Burp, Stealth watch, Umbrella and Threat Response, EHRMT, SHCU, Security Patch management
Specializations: QMS, NIST, FedRAMP, NIST-FISMA, NIST-FISCAM, DFARS, NIST-RMF, HIPAA, DoD RMF, ISO/IEC27002, CAPP, RFMS, POA&M, CRISP, SCCM, GRC Platform,
Cloud Solutions: MS Office 365, MS Azure, AWS Federal, GovCloud
NIST 800 Publications: 800.53. Rev 4, 800.73, 800.18, 800.37, 800.30, 800.66, 800.171, ITM 212, ECTD
ISO-Manuals: ISO 13485
Mil-STD-Manuals: MIL-STD-454, MIL-STD-461, MIL-STD-130, MIL-STD-495L, MIL-STD-810H, MIL-STD-1689, QCP-0001M
ATO: ATO packages, mapping artifacts against NIST framework, eMASS
Operating Systems: Windows XP, Vista, 7, 8 & 10, Apple
Software Applications: Microsoft Office (Word, Excel, PowerPoint, Outlook, One Note), Skype Business IM, DCS, cGMP, MDPP, Microsoft Data Analyst Dynamics CRM 365 software, MS Visio, MS SharePoint, MS Office Suite
Tools: Ultra Edit, PowerBI SEM, OPAS, STIG View, Security Center, ACAS, Nessus, Web Inspect, App-Detective, Remedy, REEF, Dbat, GRC, VMware, SolarWinds SEM, SAP, IV&V, Tableau baseline vulnerability scans
Model: Model-based systems engineering (MBSE)
Server NOS: Windows 2016/2012 R2, Windows2008 R2, Windows 2003/2000, NT Server 4.0
Email Servers: Exchange 2013/2010/2007, Office 365
Web Servers: IIS 7.0/5.0, Apache 2.0.49 for UNIX/Linux
Hardware: Servers, Laptop & Workstation & Catalyst Switch, network card, printers, Routers, IPad, Samsung Galaxy Tablets, I-Phones,
Computers: Dell, Apple Desktop, Notebook, Toshiba Laptop
Protocols: DHCP, DNS, SNMP, POP3, TCP/IP, TCP
Security Tools: Router, Cisco ASA Firewall, FortiGate Firewall; VPN, IP-Sec
Database: MS SQL 2014/2008/2005/2000/6.5, MySQL, MS Access 2000, AD
Languages: Visual Basic, C#, SQL, HTML, T-SQL, LAN, WLAN, AWS
Scripting: Windows PowerShell 3.0, IBM Big Fix
Systems Administration/ other: EMC Unity 300, EMC Networker, Active Directory, SCCM-5 yrs., Symantec Backup Exec, SolarWinds NPM, ERP, POS
Bluetooth v1.1, v2.0 and v2.0+EDR, IEEE 802.15.1
Virtualization: VMware 5.1, 5.5, 6.5, Hyper-V 2008 R2, 2012 R2 and 2016, Citrix
Support Application Infrastructure: SharePoint, MS SQL Server, and Power BI, RSS
CERTIFICATIONS
CAP Computer/Electronics Accommodations Program - 2016
CISM 2013: Information Risk Management and Compliance (Part 1), 2018
COMPLIANCE SHORT: Cybersecurity, 2019
CompTIA Security+ CE SY0-401: Remote Access, Mobile, and Wireless Security, 2018-2023
CompTIA Cybersecurity Analyst+ CS0_001_Monitoring for Security Issues,
CompTIA Administrator+
CompTIA Network+ N10-005 Certification Prep Virtual Course (FedVTE) expired 2018-2023
CompTIA CASP CAS-002: Advanced Network Design, Management, and Controls-VA/BAH-2020
Cybersecurity Professional Certificate- 2023
Enterprise Mission Assurance Support Service (Emass) 2019, 2020
FedVTE and employer, from OIT to Cybersecurity Analysts EMPO-2019
Information Systems Security Professional (CISSP) Completed Dec 2022
Information Security Roles Training for IT Specialist, 2016 - 2020
Information Security Roles Training for Network Administration 2016 - 2018
Information Security Roles Training for System Owners 2016 - 2018
Information Security and Privacy Role-Based Training for System Administrators, 2016 – 2020
Information Security Role-Based Training for System Owners (WBT) -VA/BAH 2020
Information Security and Privacy Role-Based Training for Network Administration-VA/BAH 2020
Certified Information Systems Security Professional (CISSP) 2022
ITWD Review and Update a Finding in Risk-Vision for System Stewards, 2019
ITSM Tool (ServiceNow)-VA/BAH 2020
ITSM Tool Module 1 Introduction to ServiceNow and Incident-VA/BAH 2020
ITSM Tool Module 2 Knowledge Management-VA/BAH 2020
Microsoft System Center 2012 R2 – Monitor and Operate: Compliance, 2017, 2018
Nation Safety Council, First Aid Course, 2001-2012, Certified American Heart Association, CPR, 2001-2012
Overview of the OIT Professional Development Planning Process (PDPP), 2019
One-VA Technical Reference Model (TRM) Intro to TRM Training, 2019
Privacy and HIPAA for Veteran Affairs Training, 2016 – 2020
Risk Management Framework to Federal Information Systems, 2019
Registration for Quality Management System-ISO 9001:2010
Security Devices, Wireless Security, & Access Control-VA 2020
VA Privacy and Information Security Awareness and Rules of Behavior 2016 - 2020
Contact this candidate