Security Clearance Risk Review

Location:

Tuscaloosa, AL

Posted:

March 20, 2025

Contact this candidate

Resume:

DARRYL L. GAY

Email: ***********@*****.***

LinkedIn: www.linkedin.com/in/DarrylLGay

205-***-****

SUMMARY

Cybersecurity professional with 20+ years of experience securing government networks and systems. Maintains a VA security clearance at the Moderate BI level.

SKILLS

Operating Systems: Windows Server 2019, 2016, 2012R2, 2008R2; Windows 11, 10

Network Protocols: TCP/IP; DNS; DHCP; SMTP; IPSec; SSL; TLS; NAT; SNMP; UDP; Telnet; ICMP; ARP

Networking Tools: NMAP; Wireshark; NetWitness Investigator; Putty; Cisco Network Assistant

Languages: MS T-SQL

Tools: Nessus; SIEM; SOAR; OWASP ZAP; Vega; Shodan; Norton & McAfee Anti-Virus

Backup Software: Backup Exec; Veritas; Seagate

WORK EXPERIENCE

Lead Senior Information Security Analyst (Ops/Risk Review) 11/22 – 09/24

9th Way Insignia

Demonstrated working knowledge of the Federal Risk Management Framework (RMF) and NIST Security Engineering Standards by integrating security and privacy into the enterprise architecture.

Validated systems and data to ensure that the current system baseline could be transitioned to the target environment (VA production network) per Governance Risk Compliance (GRC), Enterprise Mission Assurance Support Service (eMASS), VA System Inventory (VASI), Power BI, Monitoring Service Registry (MSR), Service Now (SNOW), Security Configuration Compliance Data (SCCD), LEAF, and any authoritative systems required in support of the A&A and Risk Review processes.

Experience using eMASS to test, validate, review controls, and provide compliance reporting to validate key regulatory requirements and guidelines related to enterprise architecture.

Met and provided verbal and written recommendations to stakeholders to address system deficiencies while considering why they were non-compliant with current IA, OIS, and VA6500 policies.

Demonstrated an understanding of basic architecture by documenting the results of risk review assessments, incorporating mitigation strategies, and reviewing/managing/evaluating Plan of Action and Milestones (POA&M) in assessing information system vulnerabilities that impact the Enterprise network.

Provided evidence to streamline the Risk Review process of IT systems being evaluated for live production assignment.

Experience securing and protecting systems by determining and documenting access privilege, control structures, and resources using the concepts of confidentiality, integrity, and availability (CIA Triad).

Compared the security benefits and limitations of approved open-source applications with vendor-developed or in-house software applications (COTS/GOTS) to determine acceptable risk factors.

When doing risk reviews on government websites, scored and documented privacy, security, and accessibility concerns.

Assessed and ranked risks associated with vulnerable systems and information and provided the documentation to Sr. Leadership (AO) to help them make “go/no go” decisions on whether the system could remain part of the VA network enterprise.

Researched, reviewed, determined, and recommended to stakeholders the most effective security controls as directed by VA policies, guidelines, and procedures.

Prepared presentations and training material to assist Sr. Leadership (AO) and vital stakeholders in thoroughly understanding the processes relating to IA services and support, Authorizing Official System Briefing (AOSB), ATO review and submission, and Risk Review scoring and reporting.

Researched, identified, and evaluated the technical resources required to achieve and maintain acceptable levels of security based on system criticality and information (data) sensitivity.

Darryl L. Gay Page 2

Remained knowledgeable of current standards and submitted documentation recommendations for appropriate security levels to stakeholders according to VA policies, guidelines, and mandates.

Demonstrated proficiency in various security-engineering disciplines associated with Application, Data, Security and Data Center, and Cloud Computing Infrastructure.

Conducted training in a virtual setting regarding IA services, policies and practices, risk review processes, and operational reporting requirements.

Ensured the A&A process status for each ATO was tracked, maintained, and reported across the Pre-Authorization, Assessment, and Sustainment Lifecycles, utilized all VA systems of record, and maintained authoritative data in automated dashboards and reports provided from near real-time automated ATO Status Reporting, defined by supporting primary responsibilities.

Supported IA and the Authorizing Official (AO) in ATO renewal/evaluation and A&A activities by developing the AOSB, validating stakeholder dispositions and submitted artifacts, and the associated metrics for each of the systems, utilizing all VA systems of record and authoritative data sources.

Provided improvement processing to manage ATOs for the AO, which included verifying each ISO of the ATO and supporting the ISO by ensuring all documents were completed promptly and per the ATO SOP.

Conducted data collection and requirement analysis with the participants or stakeholders to ensure operational expectations were being met.

Operationally enabled the Triage process, proactively leveraged VA processes, tools, and reports, and increased understanding across all organizations to identify, register, and achieve initial operational compliance.

Worked to identify process and automation capabilities with the team and included metrics and findings in regular reporting.

Engaged and supported IA by supporting System Security Categorization processes within the RMF cycle.

Demonstrated familiarity with Nessus, particularly CVE and Plugin IDs to determine vulnerability details, identify mitigations, and assess what current security mitigations are in place and appropriate.

Experience analyzing Nessus/ACAS scans, HP Fortify, and SCAP scans and manually evaluating STIG checklists to produce reports in support of AO ATO decisions.

Lead Cyber Security Engineer/Regional Assistant Team Lead 12/19 – 10/22

MKS2 Technologies

Researched, analyzed, and implemented enterprise-wide IT security solutions to remediate identified threats to VA infrastructure and cloud servers to ensure confidentiality, integrity, availability, and non-repudiation were not violated.

Assessed and ranked risks associated with vulnerable systems and worked with stakeholders to ensure hardening techniques were implemented timely and safely using frameworks like NIST, HIPAA, HITRUST, ISO 27001, PCI DSS, and COBIT.

Tested, debugged, and maintained detailed work instructions to verify servers performed according to their intended purpose.

Reviewed standards, guidelines, and baselines to determine the required level of security protection of servers from threats or deficiencies according to VA policy criticality standards.

Verified that there were no unauthorized or unlicensed applications installed on servers and if there were implemented the process (security incident ticket) to have the application removed or have the stakeholder follow VA standards and guidelines of accepting the risk by adhering to established POA&M policies.

Tested and provided application security solutions for logical structures to local sites and ensured they were configured and implemented correctly.

Researched, adopted, and applied established systems engineering perspectives and processes to the software development lifecycle.

Verified that VA information security/assurance policies, principles, and practices were an integrated element of the operating environment by comparing the system configuration to the established baseline configuration.

Researched, tested, and applied emerging and evolving technologies to current and future business needs at the enterprise, operational, and tactical levels once approved by VA leadership and stakeholders.

Darryl L. Gay Page 3

Contributed to developing the information security program to enable consistent, repeatable, and effective information security practices that minimize risk to ensure confidentiality, integrity, availability, and non-repudiation of information critical to delivering patient care within the VA.

Proactively worked with the different regions and sites to determine the application owner of vulnerable applications to ensure that required controls were implemented to maintain VA security baseline compliance.

Researched and developed solutions to newly identified and unresolved issues occurring with Windows 2019, 2016, and 2012R2 at the enterprise level that affect confidentiality, integrity, and availability of servers.

Updated, sustained, and administered a high level of security for in-house and cloud server security infrastructures of VA servers.

Continuously identified and remediated security deficiencies on VA’s enterprise network infrastructure, database platforms, and web application servers.

Maintained fluency in security trends, evolving threats, risks, vulnerabilities, associated tools, and strategies to mitigate risk to an acceptable level per VA policy mandates and baselines.

Member of the VA’s Governance Team responsible for ensuring compliance with security policies for Windows 2019, 2016, and 2012R2 servers in an enterprise environment.

Supported, communicated, reinforced, and defended the VA organization's cybersecurity mission, values, and culture to VA employees and vendors.

Ensured that the VA’s data and infrastructure were protected by enabling security controls that provided appropriate confidentiality, integrity, and availability to authorized personnel.

Created OOB (Out-of-band) accounts for network cards to ensure their security against persistent threat agents.

Managed and implemented an internal VA process that ensured servers were moved into the correct containers to be assigned to the proper Team for vulnerability remediation assignment and management.

Advocated and enforced cybersecurity best practices and shared insights throughout the VA organization.

Contributed to information security policies, standards, and practices and oversaw their approval by appropriate business and technology leadership.

Ensured all internal security policies aligned with the VA’s overall security strategic vision.

Evaluated and reviewed policy security enforcement practices to ensure they met ongoing VA policy mandates.

Verified that system designs followed current VA policies and procedures.

Researched emerging technologies, hardware, and software, and suggested using them to stakeholders.

Trained employees on different IT topics, especially understanding how malicious actors executed various cyberattacks, such as phishing and social engineering attacks.

Designed, developed, implemented, and coordinated systems, policies, and procedures.

Ensured all employees followed the appropriate ethical behavior at work.

Researched server hardware and applications and made recommendations on vendors, manufacturers, and product versions to ensure compliance with established VA policy.

Identified areas of process improvement and communicated to management and stakeholders.

Spearheaded project in the VA enterprise to identify, reconfigure, and harden OOB (Out-of-band) devices attached to servers to allow access to those servers when they have been physically powered off.

Member of the Windows 2012 & Windows 2012R2 Decommission Team responsible for removing all Microsoft unsupported servers from the VA infrastructure in a concise and timely manner.

Assisted Regional Team Lead in making decisions that would benefit our Team and ensured that the VA’s policies and mandates were implemented to verify that all systems were properly protected.

Analyzed server security breaches to determine their root cause, recommended and installed appropriate tools and countermeasures to ensure confidentiality, integrity, and availability were re-established to current VA baselines.

Contributed to the implementation and ongoing maintenance of information security and risk management policies, standards, and processes consistent with the VA security policy to protect classified and sensitive health information and the privacy of patients (HIPAA and HI-TECH) and maintained compliance with all legal and regulatory requirements.

Initiated, facilitated, and promoted activities to foster information security awareness and education within the associated area of responsibility.

Darryl L. Gay Page 4

Senior System/Security/Network Administrator 11/15 – 11/19

Tetra Tech

Investigated and collaborated with teammates and VA leadership to clearly understand the implications of legislation, regulations, and standards relating to information assurance and security.

Incorporated network engineering knowledge in design, operations, and security activities when installing and configuring routers and switches to the VA enterprise infrastructure.

Researched, tested, and applied emerging and evolving technologies to current and future business needs at the operational and tactical levels as approved by VA leadership.

Remained current on standards determining and recommending levels of security protection required to protect and reduce exposure/risk to systems and information to stakeholders, per VA organization and federal standards.

Analyzed, designed, and implemented security measures for enterprise-wide IT solutions, including servers, network appliances, printers, and workstations/laptops, aligning with the VA’s structure and goals.

Inventoried, managed, and securely removed hardware and software obsolescence including servers, network appliances, printers, and laptops/workstations per VA mandate and policy.

Hardened servers, routers, switches, and workstations/laptops ensuring system availability, functionality, integrity, and efficiency while verifying system configurations were consistent with required VA baselines.

Tested and implemented security procedures and tools to ensure rigorous security measures were applied to VA servers, network appliances, printers, and workstations/laptops.

Accepted and integrated key regulatory security requirements and guidance relating to the VA’s enterprise architecture.

Utilized network engineering knowledge in the design, operations, and security of wired and wireless network configurations of appliances.

Researched and evaluated new systems engineering technologies to ensure the systems and applications could adequately support business needs and processes.

Anticipated and forecasted hardware upgrades based on emerging software requirements to streamline VA processes.

Managed accounts and network rights required to access VA systems and equipment.

Considered, tested, and integrated security and privacy into the enterprise architecture per shareholder approval.

Monitored software configuration changes to anticipate and address the impact of data reliability and customer satisfaction issues within specific regions and local sites.

Used the concepts of confidentiality, integrity, availability, and non-repudiation as applied to information systems security to assess risk associated with vulnerable systems and the information housed on them.

Verified procedures for detecting, reporting, and responding to security incidents were consistent with and followed standards and guidelines issued by VA policies, regulations, and guidelines.

Investigated, identified, and evaluated resources needed to achieve acceptable security levels and remedy deficiencies based on system criticality and information sensitivity.

Researched and developed solutions to newly identified and unresolved issues with Windows 2019, 2016, 2012R2, and 2008R2 servers at the enterprise level.

Member of the VA’s Governance Team responsible for ensuring compliance with security policies for Windows 2019, 2016, 2012R2, and 2008R2 servers in an enterprise environment.

Installed patches on Windows 2019, 2016, 2012R2, and 2008R2 servers, Windows 10 and 7 workstations, and printers to address security deficiencies.

Coordinated, configured, and installed network port configurations on Cisco switches and routers.

Participated as a technical advisor on all technical projects to ensure security standards were adhered to.

Configured and reset VLAN port configurations on networked switches for VOIP phone and computer, or computer only per VA policy mandate.

Member of the Windows 2008R2/2008, Windows 2003, and Windows 2000 Decommission Team responsible for removing all Microsoft unsupported servers from the VA infrastructure in a concise and timely manner.

Researched and implemented network security measures to protect data, software, and hardware.

Configured and implemented port security on Cisco switches and routers.

Darryl L. Gay Page 5

Analyzed server security breaches to determine their root cause, recommended, and installed appropriate tools and countermeasures.

Developed the following Reports:

oWeekly/Monthly Activity Reports

oPatch Implementation Report

oTicket Trend Report

oTicket Resolution Report

oLine Issue Report

oGap Analysis Report

Reassigned orphaned servers to the correct Region to ensure that security patches were properly applied.

Adhered to standardized system development and change management controls for mission-critical systems.

Provided technical expertise as required by each VA location.

Adhered to HIPAA and HI-TECH rules concerning the handling of sensitive and classified data.

Assisted Tier 1 and 2 personnel with the following duties:

oResponding and resolving tickets promptly.

oImplementing patches and corrective actions required to mitigate security risks and vulnerabilities.

oIdentifying any IT-related deficiencies based on scan or other IT assessment tests or techniques, as part of a gap analysis.

oImplementing IT policies, procedures, and system controls.

oProviding hardware and software support/troubleshooting.

oTesting and imaging desktops and laptops.

oMaintaining, analyzing, and troubleshooting software and computer peripherals.

oSetting up and configuring all hardware.

oEnsuring all tickets requiring follow-up work and/or calls were properly resolved.

oProviding technical support to end users via telephone.

oTesting, imaging, and cleaning PCs, laptops, and other related hardware.

Senior Systems/Security/Network Administrator/Team Lead 03/05 – 11/15

Inteva Products LLC

Utilized knowledge of IT principles, methods and practices to plan, implement, and coordinate services to diagnose and resolve computer hardware or software problems and recommend timely resolution to ensure continuous service.

Researched and evaluated current and emerging best practices in IT relative to the company’s strategic plan.

Developed and implemented security plans to protect the confidentiality, integrity, availability, and non-repudiation of the organization's information, information systems, and networks per policies, guidelines, and procedures.

Created metrics, critical success factors, and key indicators to monitor and assess the success of implemented controls.

Utilized network engineering knowledge in the design, operations, and security of wired and wireless network configurations of appliances.

Verified that the company’s information security/assurance policies, principles, and practices were an integrated element of the operating environment by comparing the system configuration to the established baseline configuration.

Anticipated, forecasted, researched, planned, tested, and scheduled the installation of new hardware, operating systems, and software as required to ensure continued business continuity.

Inventoried, managed, and securely removed hardware and software obsolescence including servers, network appliances, printers, and laptops/workstations per Inteva mandate and corporate policy.

Monitored the systems environment to ensure the effective performance of servers and network appliances in a production environment.

Daily demonstrated working knowledge and implemented best practices for relational database management systems (RDBMS) when creating customized SQL Server scripts to modify data warehouse tables and records and securely transmitting the unique records to the customer (MBUSI).

Darryl L. Gay Page 6

Maintained, analyzed, backed up, and updated SQL Server databases.

Tested and implemented security procedures and tools to ensure rigorous security measures are in place.

Compared, contrasted, and evaluated internal and external sources of information to ensure awareness and understanding of new and emerging technologies and their business implications for the organization.

Addressed opportunities and challenges of implementing transformational technology like virtualization, cloud computing, AI, and emerging technologies into the organization’s environment.

Applied network systems knowledge to plan, design, and develop systems, and properly deploy those systems to support the organization's ongoing needs.

Researched, tested, and applied emerging and evolving technologies to current and future business needs at the operational and tactical levels as approved by Inteva leadership.

Investigated and evaluated cost benefits of alternative IT and non-IT solutions to develop a business case, and ensure support and justification for the best alternative.

Monitored software configuration changes to anticipate and address the impact of data reliability and customer satisfaction issues.

Comfortable working alone in a dynamic and fast-paced environment while resolving all IT-related issues.

Troubleshot ESX issues related to storage, network, and performance issues.

Replaced hard drives in Raid 5 Array and configured new hard drives to operate in VMware environment.

Proactively coordinated and monitored servers to isolate, diagnose, and resolve common system problems.

Diagnosed server hardware issues and worked with service providers to facilitate repairs promptly.

Reactively responded to incidents concerning production servers to accurately diagnose and resolve problems.

Daily demonstrated the ability to operate effectively and professionally under pressure.

Possessed strong knowledge of system testing best practices and methodologies.

Identified, troubleshot, and resolved hardware, software, and network-related problems.

Upgraded multiple ESX boxes from VMware 3.5 to VMware 4.1 and virtual hardware of VM servers.

Configured VMware tools on local VM servers.

Monitored ESX servers (CPU, Memory, Disk, and Network Utilization).

Applied performance tuning of VMware servers.

Moved VMware servers from one ESX box to another for load balancing.

Upgraded operating systems of all VM servers from MS Sever 2003 to MS Server 2008.

Monitored the performance of VMware servers to determine if additional resources needed to be virtually added.

Determined, recommended, and employed changes to improve systems and network configurations.

Planned, coordinated, and implemented network security measures to protect data, software, and hardware.

Maintained the performance of Windows 2008 and 2003 servers through proactive monitoring and maintenance.

Installed patches and service packs to keep servers and databases current per company policy.

Coordinated and performed system startups and restarts around production needs.

Created Active Directory accounts and assigned group permissions as required.

Upgraded, installed, and troubleshot networks, networking hardware devices, and software.

Administered and supported the customer’s networked printers, including the configuration and administration of wireless networked printers.

Installed, configured, and troubleshot 2D and 3D barcode scanners.

Created virtual switches, ports, and port groups and set up Layer 2 security policies for virtual networks.

Planned, implemented, and provided advice on VMware configurations and migrations.

Installed, configured, and tested a new version of Man-IT (MES system) on VMware servers and successfully switched over to a new configuration without causing downtime to the customer (Mercedes Benz USA).

Architected and implemented the use of non-routable IP addresses (10 ) on LAN enhancing security.

Researched, tested, and implemented the upgrade of IBM WebSphere MQ (MQ Series) per customer mandate.

Worked closely with the vendor to implement a new plant floor production application (Man-IT).

Architected, reconfigured, and implemented network peripherals to work on new Cisco switches.

Active part of the Operations leadership team for the plant and provided input on employee’s job performance.

Planned and trained the Operations team for different aspects of Man-IT (MES system).

Supervised tape backup operations for the entire corporation.

Communicated with customers to accurately facilitate the implementation of new technologies and initiatives.

Darryl L. Gay Page 7

Designed, tested, and implemented business continuity and disaster recovery guidelines for the entire plant.

Provided direction to the on-site IT support team to include task assignment and prioritization, schedule management, and problem escalations.

Developed relationships with the Inteva Operations staff and external Inteva IT staff via meetings, visits, emails, and phone calls.

Gathered data about customer needs, and used the information to identify, predict, interpret, and evaluate system and network requirements.

EDUCATION

Bachelor of Science: Mathematical Statistics/Computer Science

The University of Alabama

PROFESSIONAL DEVELOPMENT

CISSP 1: Security and Risk Management, VA Learning University (Talent Management System), 1/24

CISSP 2: Asset Security (Virtual On Demand), VA Learning University (Talent Management System), 2/24

CISSP 3: Security Architecture and Engineering (Virtual On Demand), VA Learning University (TMS System), 3/24

CISSP4 Communication and Network Security, VA Learning University (Talent Management System), 4/24

CISSP5 Identity and Access Management, VA Learning University (Talent Management System), 5/24

CISSP6 Security Assessment and Testing, VA Learning University (Talent Management System), 6/24

CISSP7 Security Operations, VA Learning University (Talent Management System), 7/24

CISSP8 Software Development Security, VA Learning University (Talent Management System), 8/24

Contact this candidate