Post Job Free
Sign in

Information Systems Technology

Location:
Germantown, MD
Posted:
January 06, 2025

Contact this candidate

Resume:

Kai-Feng Huang

*****, ******* ***** ***** 410-***-****

Germantown, MD 20874 **************@*****.***

● OBJECTIVE Seeking challenging work in Cybersecurity fields.

● EDUCATION

December, 2001 M.S. in Computer Information Systems University of Maryland Baltimore County, Maryland Systems Analysis and Design Track GPA 3.29/4.0 December, 2000 B.S. in Computer Information Systems University of Maryland Baltimore County, Maryland Networking Track. GPA 3.62 /4.0

COMPUTER SKILLS

Software Developments: Agile, Scrum, Information Technology Infrastructure Library (ITIL), Object- Oriented Programing/Design (OOP/OOD), SVN, JIRA

Programming Skills: Java, J2EE, Spring MVC, Servlets, JSP, JDBC, XML, HTML5, CSS3, jQuery, JavaScript, ASP.NET, SQL, PL/SQL, Oracle, My SQL, SQL Server, MS-Access, T-SQL, Application Design Patterns (MVC, Front Controller, Business Delegate, Composite Entity, Data Access Object, Intercepting Filter, Service Locator, Transfer Object), SOAP WebService, RESTful WebService, C++ Operating System: Windows, UNIX, Linux

Networking: LAN/WAN, Client/Server, ATM, TCP/IP, DHCP, DNS, WIN Computer Security: SSL, LDAP, Kerberos, Public Key Cryptosystems, DES, AES, S/MINE, IPSec, Security Software: Qualys, WebInspect (HP), Tenable (6.1.0), Burp Suite (Portswigger), Nmap (Open Source), Wireshark (Open Source), CLl (various OS command lines and shell scripts).

Tools: NetBeans IDE 7.4, Eclipse, Visual Studio 2013, Jbuilder, Visual C++ Certificates: Security SY0-601, SANS

WORK EXPERIENCE

03/23 – Present Security/Vulnerability Management Analyst, Federal Trade Commission

(FTC)/Leidos (03/06/2023 – Present).

Project:

• Review and analyze the Tenable dashboard(s)/Reports; measure the level of security incidents and provide recommendations for remediation to Windows, Network, Unix Teams by using ServiceNow.

• Responsible for managing risks related to the use of processing, storing, or transmitting information to reduce or eliminate impact, integrity, or availability of information and information systems.

• Responsible for meeting both regulatory and non-regulatory compliance demands.

• responsible for management and enforcement of information security policies, training and educating end-users on proper security practices, conducting security and risk assessments using security frameworks (e.g., NIST, RMF, Common Criteria, etc.), mitigating risk via security controls, testing and evaluation to certify and accredit commercial security products, ensuring privacy of data throughout its life-cycle, vulnerability management (scanning, assessment, reporting, and mitigation verification), business continuity and disaster recovery.

• responsible for a combination of duties to protect information and maintain security controls for an entire system, site, or program to reduce risk.

• Responsible for entire projects or processes within a technical area. 05/16 – 02/23 Senior Cyber Functional Analyst, Federal Communication Commission

(FCC)/NCI, INC. (05/16/2016 – 10/1/2018) /ITG (10/1/2018 –2/1/2020)

/ICF (2/1/2020 – 2/1/2023).

Project:

● Planned and Implemented security measures to protect about 80 NCI-Owned Computer Systems within the Federal Communication Commission (FCC).

● Interviewed with System developer(s) to analyze & measure the security policy & coding with the environment of systems by requested from the JIRA ticket.

● Set up the security scanning policy by following SP 800-53 which includes security control from National Institute of Standard and Technology (NIST).

● Scanned the FCC Systems (NCI-owned) to all environments (Development (Dev), ST (start to Test), UAT (users to test), Production (Prod), and Demo) by using WebInspect & Qualys scanner tools within FCC environment.

● Reviewed and analyzed the vulnerability findings and provided recommendations for remediation to System Owner(s), Project Manager(s), and Developer(s).

● Provided the WI Generated Report for FCC Chief Information Security Officer (CISO) to review the risk associated with unresolved findings and approve exceptions if needed. Roles:

● Served as a Cyber Security Engineer to scan and detect the vulnerability findings, fix the networking and web security vulnerabilities within a web-based automated application environment.

● Served as a Cyber Security Analyst to provide expert knowledge in application vulnerability types, attack vendors, and remediation approaches within FCC Applications & Systems.

● Served as an Information System Security Officer (ISSO) to track all of the findings in the POAM and be responsible for tracking the effort of remediation. Environment:

Qualys, WebInspect (HP), Burp Suite (Portswigger), Nmap (Open Source), Wireshark (Open Source), CLl (various OS command lines and shell scripts), Service Now, SharePoint, SVN, JIRA, Linux, Windows. 11/14 – 11/15 IT Specialist, IT Security & Networking Division, National Institute of Standards and Technology (NIST).

Project:

● Developed the NIST Automated-Type Testing System (NATS) Report Application for clients to generate reports online.

● Setup and configured the web server within the Windows-type virtual machine (VM) environment.

● Configured Application Web server (Tomcat) & installed CA (s) key store onto the Server to follow the SSL security policy within NIST.

● MySQL & MS SQL Database Design and Web-based Database Maintenance for NATS Database System.

● Developed the Risk Management Framework (RMF) Project Direction Diagram.

● Inputted the US Census Bureau RMF schema into MS SQL and analyzed the scripts and front-end view. Perform project/application architecture and design based on collected requirements.

● Fixed & Completed the NATS Reports Application vulnerabilities from WebInspect scan.

● Fixed & Completed the NATS Reports Application vulnerabilities from Tenable scan. Roles:

● Served as an IT Specialist to detect and fix the networking and web security vulnerabilities within web-based automated application environments.

● Served as a Web Developer to develop a web-based automated application for database maintenance to facilitate the back-end database within MySQL Database.

● Responsible for project management, maintaining the database from a front-end perspective, designing a working database to manage customers’ information, developing original web environments, building online communities and maintaining a high level of technical proficiency through training.

Environment:

Java, Java EE, Spring MVC, Servlets, JSP, RESTful WebService, JDBC, XML, HTML 5, CSS3, jQuery, JavaScript, Tomcat, MySQL, SVN, JIRA, Linux, Windows.

12/02 – 11/14 Programmer Analyst, Maryland Department of Transportation Office of Minority Business Enterprise (MBE).

Project:

● Database Design and Web-based Development for MBE Database System.

● Formula & Format design for Fiscal year MDOT/MBE Procurement Report.

● Create, design, and update MDOT/MBE office web pages event information.

● Perform project/application architecture and design based on collected requirements. Roles:

● Applied ITIL and Agile development methodology and utilized the following design patterns: Model

–View-Controller (MVC), Business Delegate, Composite Entity, Data Access Object, Front Controller, Intercepting Filter, Service Locator, and Transfer Object for Minority Business Enterprise (MBE) Database System.

● Served as the Software Engineer in customized J2EE (Eclipse) MBE application development. Create, design and update MBE legislative policies and outreach events on MDOT Homepage

(http://www.mdot.maryland.gov/MBE_Program/Index.html).

● Used Google Analytics extensively to create weekly and monthly reports for management level members.

● Served as the Web Developer by using Java, Java EE, Spring MVC, Servlets, JSP, Web Services

(RESTful), JDBC, XML, HTML5, Css3, jQuery, JavaScript with Oracle Database for the MBE Website.

● Developed customized OMBE web pages/applications using HTML 5, CSS3, and jQuery.

● Used HTML5, CSS3, and jQuery to develop MBE Application Forms on Mobile-wide Tech. Environment:

Java, Java EE, Spring MVC, Servlets, JSP, RESTful WebService, JDBC, XML, HTML 5, CSS3, jQuery, JavaScript, Oracle, MySQL, SVN, JIRA, Linux, Windows. 12/00 – 12/01 Software Engineer, Maryland Department of Transportation State Highway Administration (SHA).

Project:

● Pavement Management System Creation and Administration for the State Highway Administration

(SHA) yearly report.

● Database Design and Web-based Development for SHA Project.

● Gather project requirements from customers to define project scope. Roles:

● Served as the System Administrator to setup, configure and manage Windows 2000 Server, IIS 5 and SQL Server 2000 for the preparation of integrating several applications in the SHA project.

● Constructed and implemented baseline security for the above system such as applying service packs, security patches, auditing, authentication and managing access permission.

● Served as the database administrator to construct and manage pavement Management department database to fit the routine clients’ requirements in SQL Server 2000.

● Served as the software test engineer to test and debug the applications for SHA project.

● Accomplished the project documentation and constructed a secure web site to host the documentation about system configuration credentials for prospective project members. Environment:

● Java, Java EE, JavaScript, MVC, Servlets, JSP, JDBC, XML, Java Script, HTML, CSS, ColdFusion, Windows NT 4, Oracle, SQL Server 2000, VB, VB Script. 05/00 - 09/00 Web Development Assistant, Marketing & Communication Division of American Red Cross.

Project:

● Analyzed the differences, strengths and usability of XML, DHTML and ASP.

● Performed analysis on the Transcriptional Activity of American Red Cross Web from Server and Clients.

● Database Design and Web-based Database Maintenance for American Red Cross Project.

● Provide technical recommendations to customers.

Roles:

● Served as a Web Developer to develop a web-based application via ASP technology to facilitate the year-to-year database operation of the department.

● Responsible for project management, maintaining the database from a front-end perspective, designing a working database to manage customers’ information, developing original web environments, building online communities and maintaining a high level of technical proficiency through training.

Environment: Java, C++, WebMethods, UML, SQL, Object-Oriented Programing/Design (OOP/OOD), JDBC/ODBC.

09/98 – 06/99 Lab Consultant, Baltimore County Community College, Baltimore, MD. Environment: Window, UNIX, Linux, HTML, CSS, JavaScript. Roles:

● Trained staff and students on various computer software and database applications.

● Install new software and upgrade older versions.

● Monitored usage of PCs and the mishandling of PCs.

● Assisted end users on using the Internet and word processing applications. SELECTED COMPUTER PROJECTS

Online course – Health Insurance Portability and Accountability Act (HIPAA) Environment: Java, Java EE, HTML, MVC, Servlets, JSP, JDBC, HTML, CSS, JavaScript, ASP, MySQL, Networking troubleshooting, Networking security

The scope of this project is to provide a system to automate the administration of CE evaluations (quizzes) in the new HIPAA educational program - streamlining the process of awarding CE credits. This system module presents one of several assessments for the recipient to complete, score the responses, and report the scores.

● Data Warehousing for the Maryland State Highway Administration Environment: Java, Java EE, MVC, Servlets, JSP, JDBC, HTML, CSS, JavaScript, SQL, Oracle Express Client, Oracle Express Server

The scope of this project is to design a data warehouse for the Pavement Management Department in State Highway Administration (SHA) in order to solve the problem, which the original infrastructure does not fit the requirements users have at SHA for tasks related to data analysis (correlations), forecasting, and simulation (modeling). Venture Capital Expert System (Decision Support Systems) Environment: Expert Choice 2000, XML, PowerPoint, and Window Designed a general system to act like a venture capitalist, which evaluates business plans and decides whether the company mentioned in the plan at hand is a viable investment. The goal of this project is towards entrepreneurs instead of venture capital firms for the system has the functionality of examining business plans and supporting entrepreneurs to correct their business plans.

Taiwan Website (GUI Using Java)

Environment: Java Script, HTML, Window NT, Linux

This viewer allowed a pair of remote users to simultaneously view and highlight a common file. They could present photographs related to a common file in a handshaking way via JavaScript. The John Hopkins Hospital Nurse working schedule Database Application Environment: Java, Java EE, MVC, Servlets, JSP, JDBC, HTML, CSS, JavaScript, Cold Fusion, SQL, PL/SQL, Developer 2000, ORACLE, Windows, Unix

A database application enabled the staff to manage and oversee the nursing working schedule week-to-week in the hospital. The backend Oracle database was constructed via SQL running on a UNIX platform. The user-friendly interfaces were created by Developer 2000.

HONORS: Dean’s List Fall 1999, 2000.

LANGUAGES SKILLS: Fluent in English, Mandarin, Taiwanese. REFERENCES:

Mike Luong Federal Trade

Commission (FTC) Incident Response Manager 571-***-**** Michael Smith

Maryland Department

of Transportation

(MDOT)

Public Relations and

Outreach Manager

410-***-****

Ming Chan U.S. Department of

Agriculture

Director of IT Services 301-***-****

Grant Lee Development

Alternatives

Incorporated

Internal Audit Manager

240-***-****



Contact this candidate