Senior Cyber Customer Service
Resume:
Carolyn M. Clarke
*************@*****.*** 804-***-****
Clearance Level: Secret – Top Secret/SCI
DoD 8570 compliant as a CNDSP Analyst, IAM Level II, IAT Level III
TRAINING
CompTIA CASP+ CE - 2019
EC Council Certified Ethical Hacker - 2016
Marine Corps Intrusion Detection Analysis Training – 2015 STIG Compliant - 2015
CompTIA Network+ CE - 2014 CompTIA Security+ CE – 2014
Microsoft Network Fundamentals - 2014
PROFESSIONAL PROFILE
Senior Cyber Specialist with expertise in a Vulnerability Management environment; conscientious attention to detail to prepare work performed.
Expert customer service; identify clients and/or customer needs to provide quality service or products.
Accurately communicate information through oral presentation, identifying problems, problem solving, ascertains root cause and impact, and providing recommendations for resolution.
Result-driven with an excellent track record of cooperation among cross-integrated team members and other organizational departments.
PROFESSIONAL EXPERIENCE
Senior Cyber Security Specialist
S.A.I.C.
12010 Sunset Hills Road. Reston, VA 20190
DCSA, Quantico, VA
October 2023 – March 2025
Provides cybersecurity authorization and compliance services and subject matter expertise supporting all steps of the Risk Management Framework (RMF) process for development and sustainment efforts by the Office of the CIO (OCIO) IAW DoD and DCSA OCIO policies and procedures and RMF compliance standards
Conducted cybersecurity risk assessments, implementing security controls according to the NIST Risk Management Framework (RMF) guidelines, developing security plans, and supporting system authorization packages, all while ensuring compliance with DoD and government regulations within a SAIC environment.
Responsible for supporting risk and vulnerability assessments with all incoming project requests according to DOD Cybersecurity policies and DISA STIGs.
Assisted with annual Genser audit completing Hardware/Software Lists, decommissioning systems, servers and other inventory as deemed necessary. Genser audit was successful with a passing score of 98.36
Extensive use of eMass website to update artifacts, create spreadsheets.
Created new CONOPS updating Rev. 4 and Rev. 5 revisions as necessary
Completed Detailed Compliance Matrices in support of RMF policy templates for NIST 800-53 Revision 5.
Updated policies annually.
Systems Senior Cyber Analyst/Engineer SCCI
5166 Potomac Drive King George, VA 22485
NSWCDD
September 2022 – September 2023
Responsible for supporting risk and vulnerability assessments with all incoming project requests according to DOD Cybersecurity policies and DISA STIGs.
Assisted in providing detailed DOD Cybersecurity Risk Assessment Mythology and Reporting including STIG Review, Encryption Methods, Authentication Review, Associate risk and vulnerabilities with specific COTS and GOTS technology, and review mitigations.
Completed (eMASS) training- Enterprise Mission Assurance Support Service in support of DOD RMF Authorization Process.
Maintain the scheduling of ATO project plan activities to include security control assessment and continuous monitoring activities while improving existing RMF processes and procedures.
Updating POAMs
Conduct A&A document reviews consisting of System Security Plans, Plan of Action and Milestones, Configuration Management Plans, Contingency Plans, and Security Categorizations for TSA systems.
Senior Cyber Analyst/Specialist
Marine Corp Cyber Operations Group (MCCOG) Vulnerability Management (VMT)
Quantico, Virginia, United States
AT&T/Leidos
June 2017 –July 2022
Support the Marine Corps Enterprise Network (MCEN) Vulnerability Management program in accordance with the Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01.
Evaluate IAVM (Information Assurance and Vulnerability Management)
Issue POA&M approval recommendations to the AO (Authorizing Official) or rejection based on the validity of topics such as: Plan of Action, Timeline, proposed Mitigation Strategies, and more.
Managed vulnerability compliance for IAVMs on an enterprise level.
Drafted and published MCEN Operational Directives (OPDIRS) based on IAVMs released by U.S Cyber Command (USCC).
Successfully release weekly OpDirs (Operational Directives) to the USMC
Manage compliance of the USMC as reported by each command.
Prepared and reported daily briefs by compiling units' compliance and reporting their compliance.
Reviewed Operational Directive Reporting System (OPDRS) for compliance and reporting on MCCOG issued OPDIRS.
Deep knowledge and understanding of OPDRS, and VMTDB (Vulnerability Management Team Database).
Managed MCEN compliance and POA&M reporting in the OPDRS (Operational Directives Reporting System).
Provided a capability to audit compliance and discover enterprise security discrepancies, assessing associated risks, and assisting in the development of remedial action.
Trained new hires providing leadership and guidance in getting their accounts and providing guidance and instruction to learn the necessary responsibilities to perform the duties of the position.
Assist in the execution of the Command Cyber Readiness Inspection (CCRI) Program for all Marine Corps Enterprise Network (MCEN) systems in accordance with Cyber Command directives and notices, by managing compliance reporting, providing updates to leadership, and by ensuring all deliverables are met within timelines.
Supervise and assist in the execution of compliance validation and pre-CCRI scanning of all MCEN systems; providing status reports to leadership and IAMs.
Assist in the release of MCEN Defense Tasking Messages (MDTM) concerning CCRI timelines and vulnerabilities.
Information Assurance Officer United States Marine Corp University Quantico, Virginia, United States
Epsilon, Inc.
January 2017 – May 2017
Provide support for the certification and accreditation of automated systems and networks in use at MCU, Quantico, VA as well as their associated satellite campuses throughout the Marine Corps enterprise.
Result-driven with an excellent track record of cooperation among cross-integrated team members and other organizational departments Apply advanced IA principles, concepts, methods, standards, and practices in development and interpretation of policies, procedures, and strategies governing the IA requirements of MCU.
Provide design, development, and management of a Command IA Program that meets current needs while remaining abreast of future requirements and responding to any dynamic changes required.
Implement IA concepts, principles, and methods of IA management including system design, implementation, change management maintenance and modification in compliance with the Defense Information Assurance Certification and Accreditation Process (DIACAP).
Coordinate with MCU personnel to obtain and maintain certification and accreditation for all MCU systems in compliance with the DIACAP process outlined in the graphic below.
Epsilon provides assistance to MCU personnel during responses to any IA incidents or breaches to ensure that causes are identified, appropriate corrective actions are taken, and reports are filed in a timely manner.
Responsible for maintenance of MCU satellite campus IA packages and Authority to Operate (ATO).
System Administrator Mid Quantico, Virginia, United States
BAI, Inc.
June 2016 – January 2017
Resolve all Active Directory tickets escalated from the service desk
Provide guidance and instruction to the service desk for handling standard Active Directory related incidents and service requests.
Provide Active Directory Service Desk Resolution Reports documentation to the service desk on the procedures for completing the task.
Utilize SCOM to monitor network issues with servers and fix any issues regarding services and escalating to the appropriate for any other related server issues.
Use Remedy to monitor, manage, escalate and resolve any issues for the enterprise.
Use robust file copy to migrate user data from one domain to another domain.
Use exchange management console to move user exchange mailbox accounts.
Migrate user accounts using Active Directory Migration Tool.
Assist with troubleshooting network outages on the enterprise level.
Assist all local Administrators with escalated issues on the enterprise domain
Create documentation on troubleshooting network related issues
Use RDP to remote into servers to manage issues related to AD DS database
Assist cyber security team regarding possible network intrusions
Microsoft exchange management console
Microsoft exchange management shell
Cyber Security Analyst Quantico, Virginia, United States
BAI, Inc.
August 2014 – June 2016
Support 24/7 operations watch floor environment
Monitor network-based IDS/IPS devices, correlate global actions and associated events into actionable/reportable analysis that could lead to an intrusion on the Marine Corps Enterprise Network working closely with the Marine Corps Network Operations Security Center (MCNOSC) on determining ‘real world’ events as they happen and also in trend analysis to provide indications and warnings of future intrusion and attack incidents.
Performed as Privileged System Administrator with access to system control, monitoring and administration functions
Delivers network security monitoring by evaluating Real-Time and Historical intrusion detection analysis, manual and automated event correlation, and event escalation activities.
Monitor raw network traffic through the use of various enterprise tools such as McAfee Intrushield, McAfee
Enterprise Security Manager ESM (Nitro), HBSS ePolicy Orchestrator (EPO), Fortianalyzer, Belmanage, Ironport, Interrogator, Bluecoat proxy, and Centaur.
Document a system from an IA perspective using Microsoft Office including MS Word, MS Excel, MS Visio and other appropriate tools.
Research and recommend logical and physical solutions that prevent, detect and correct the system to be certified and accredited.
Trained new hires providing leadership and guidance in getting their accounts and providing guidance for implementing the MCD database to create events.
Develops/participates in the improvement of local IT policy and procedures supporting activities. Analyze incidents and events captured in Intrushield, HBSS, NSM and other detection tools and correlate data for malicious trends, patterns, or actionable information. Gather supporting evidence and author detailed reports then enter to the MCD
(Marine Collection Database) for action.
Monitor dedicated inbox for reporting of suspicious emails. Perform analysis to email header, routing, and content to ascertain threat then respond to submitters with findings and recommendations.
Recommend ACL, DNS, and/or SMTP blocks as needed to neutralize/mitigate threats from suspicious email.
Analyze data packets, review signatures, analyze and interpret PCAP using Wireshark
Create HBSS queries and disseminate to entire Watch Team for monitoring of ePO - On Access Scan and VSE threat events.
Utilizing HBSS analyzed events and incidents, creating queries and dashboards, and monitoring dashboards.
Reported events as well as signature modification requests in HBSS.
Assess enterprise risk to network assets and performance, as was well as, identify type of attack, estimate impact while collecting evidence for reports (to include incidents, outages, threats/technical vulnerabilities)
Review and analyze findings that identify security issues on the system. Provide analysis for the Information System Security Engineer (ISSE), System Administrator (SA), and Project Manager (PM) for remediation and informational purposes.
Maintain current knowledge on immerging threats, malware, zero day exploits, APTs and apply information to identify new threats to MCEN (Marine Corp Enterprise Network).
Interpret incoming (classified and unclassified) Intel reports from various DOD agencies and take appropriate actions.
Report MCEN Incidents to the Joint CERT Database for US Cyber Command.
Coordinate with the Incident Responders and Senior Analysts to maintain situational awareness of issues within our respective AORs.
Provide technical support in identifying and specifying requirements and performing risk assessments
Perform daily duties as a Liaison to the Battle Captain.
Guidelines for creation of Remedy tickets for multiple purposes - ACL blocks, DNSBH, creating new accounts, review of SPAM.
Interpret incoming (classified and unclassified) Intel reports from various DOD agencies and take appropriate actions.
Help Desk Administrator/Field Technician Quantico, Virginia, United States
BAI, Inc
April 2014 – August 2014
Received incoming calls from users in the National Capital Region (NCR) and determined the best resolution for issues with software and hardware in the Enterprise Service Call Center.
Maintain calendar conference rooms, schedule appointments, meetings, reserve conference rooms
Created tickets in Remedy into ticket tracking database with 98% accuracy.
Ensure timely attention to all incoming calls by responding to 95% of calls within 5 minutes.
Ensure timely attention to all incoming emails by responding to all emails within 20 minutes.
Maintain facilities management systems by documenting customer request activity.
Front desk security checking in visitors for meetings, distributing parking passes, ensuring no electronic devices were in their possession. Signed for Federal Express deliveries.
Checked in new hires, checking JPASS to ensure they were on the roster.
Reset passwords on PKI system for CACs.
Acted a Queue Manager distributing trouble tickets to appropriate department for resolution.
Performed follow up on all open tickets before resolving.
User contact handling SAAR accounts, confirming they had necessary drives and email needed to perform their job
Activate and tether software for Blackberry Accounts.
Provide technical support to customers via telephone, email and through tickets analyzing, implementing, troubleshooting and maintaining hardware and software.
software and hardware issues
Help customers identify and resolve issues pertaining Lan/Wan connectivity, domain issues, BitLocker and Symantec issues, including software updates, and Microsoft repairs.
Maintained documentation of processes and tickets
Configuration, of workstations, laptops and other peripherals.
EDUCATION
Ashford University - Masters Degree in Learning & Teaching with Technology - 2013
Ashford University - Bachelors Degree in Organizational Management - 2011
Contact this candidate