Cyber Security SME
Resume:
Brandy Turner
Jessup, MD *****
301-***-**** Cell US citizen **********@*****.***
Certifications:
CompTIA CASP+
CompTIA Security+
ITIL v3
Experience:
**/** – current Tek Systems – Ft Meade, MD
Position: Information Assurance Manager
Functionally assigns and manages tasks for the team that covers all ATOs on the task order.
Builds IA into systems deployed to operational environments.
Assist with the implementation of security procedures, and verify information system security requirements, including coordinating the execution, review, and disposition of STIG checklists for systems, applications, developed code and other components.
Support IT Security Strategy, Cyber Security, and Compliance and Risk Management supporting IT Security and Compliance Teams.
Collaborate with stakeholders to ensure an appropriate security posture and Authorization to Operate (ATO) accreditation conditions and requirements are maintained.
Author, review, coordinate and submit cybersecurity authorization required artifacts to eMASS (including change requests) to achieve milestones such as Interim Authority to Test (IATT) and Authorization to Operate (ATO) in accordance with the project schedule.
Develop and maintain assessment and authorization documentation (Body of Evidence) for management and continuous monitoring of information systems.
Participate in regular briefings with stakeholders on cybersecurity status, including preparing briefing materials working closely with Government Cyber Leadership & technical teams to support ATO conditions and requirements.
Act as the primary liaison for all IA-related matters, ensuring clear and consistent communication with both internal and external stakeholders.
08/23 – 10/24 Peraton – Rosslyn, VA
Position: Cyber Systems Engineer SME
Performs Federal cyber community outreach to further Directorate cybersecurity mandates.
Provides guidance to systems owners for compliance with cyber configuration standards and policies.
Provides emerging technology analysis and trend reporting to CTS designated recipients.
Provides Cloud, wireless, and mobile security expertise, device assessment, vulnerability analysis, and risk mitigation services.
Provides knowledge of Cloud environments and application of Cyber Security baselines.
Research and formulate open-source software innovations integration in support of network modernization efforts using industry best practices for cost efficiency solutions.
Facilitates the adoption of cyber and technological security solutions.
Coordinates Enterprise-wide Common Control Documentation and provides technical expertise as needed to Department partners on proper implementation of NIST Common Controls.
Provide technical responses and recommendations to Cyber Policy Support Requests
Review, record and communicate the status of Change Control Board decisions to stakeholders
Review, record and communicate the status of Firewall Advisory Board decisions to stakeholders
Provide mentorship and supervision to lower-level change management specialists
Implement course corrections to drive continuous improvement
Identify opportunities to add value and increase success by incorporating change management best practices
05/18 – 8/23 Applied Insight – Washington, DC
Position: Lead Cyber Security Engineer
• Successfully able to review and interpret scan results utilizing tools (Tenable Security Center, Burp Suite, Kali Linux, Accunetix and AppDetective)
• Perform enterprise scanning requirements to include but not limited to monthly vulnerability, adhoc and compliance scans on CTHO IT systems supporting 60,000+ endpoints
• Support the development of Security Assessment and Vulnerability Reports for support with CTHO assessments, the creation/remediation/mitigation/closure of POA&Ms, and the gathering of artifacts
• Able to interpret Vulnerability Reports for scans completed on CTHO Systems
• Supports Risk Management Framework (RMF), FedRamp, NIST-CSF, DISA Stigs and FISMA compliance
• Ability to collaborate and review System Assessment Reports (SARs),and convey technical information within documents to System Owners, Project Teams, ISSOs and other applicable Stakeholders
• Provide recommendations on configuration changes, updates and vulnerability analysis for the scanning tools
• Attention to Detail when communicating technical information and documentation to executive leadership and stakeholders.
• Communicates information to stakeholders effectively with the ability to influence changes in processes and behaviors; evaluates alternative resolutions to suggest recommendations
•Prepares monthly reports and executive level briefs
•Directly supports the Branch Chief and Division Chief with departmental communications
12/17 – 05/18 CSRA – Ft. Meade, MD
Position: Security Systems Engineer Sr
•Analyses total system product to include: concept, design, fabrication, test, installation, operation, maintenance and disposal
•Ensures the logical and systematic conversion of product requirements into total systems solutions that acknowledge technical, schedule, and cost constraints
•Performs functional analysis, timeline analysis, detail trade studies, requirements allocation and interface definition studies to translate customer requirements into hardware and software specifications
•Coordinates and/or performs additions and changes to system hardware and operating systems and attached devices; includes investigation, analysis, recommendation, configuration, installation and testing of new hardware and software
•Provides enterprise direct support in the day-to-day operations on system hardware and operating systems ( McAfee HBSS); duties include evaluation of system utilization, monitoring response time and primary support for detection and correction of operational problems supporting 100,000 + endpoints
•Troubleshoots at all levels of the network and systems, working with network measurement hardware and software, as well as physical checking and testing of hardware devices at the logical level working with communication protocols
•Participates in planning design, technical review and implementation for new system infrastructure hardware and operating systems for information systems
•Provides technical consultation, training and support to IT staff as required
12/16 – 11/17 Antietam Technologies – Germantown, MD
Position: Cyber Vulnerability Analyst
•Provide enterprise expertise in vulnerability management processes and network vulnerability scanning using Tenable Security Center, Nessus Manager, AppDetective, Netsparker and Burpsuite supporting 30,000+ endpoints
•Configure network scans, schedule network scans to run with bandwidth usage and ensure accurate vulnerability assessment analysis results are generated and disseminated to system owner/ISSM/ISSO
•Troubleshoot issues arising from vulnerability scanning and serve as technical expert for vulnerability assessment tools
•Familiarity with AppDetective database vulnerability assessment tools
•Perform web application vulnerability assessment scans using Netsparker and Burp Suite tools
•Manage/maintain asset inventory for each system, database, and web application URLs as provided by each system ISSO / ISSM
•Provide support to system owner /ISSO/ISSM interpreting scan results and recommend remediation plans
•Conducting vulnerability assessments and IA security engineering analysis for compliance to systems and application security implementation policy and measures for cyber security
•Reviewing and recommending information assurance (IA) solutions to customer problems based on an understanding of how products and services interrelate and supports the IA mission of the federal agency
11/15 – 12/16 KPS - Alexandria, VA
Position: Vulnerability Assessment Analyst
•Centrally coordinate enterprise Vulnerability Assessment (VA) and penetration testing activities supporting Federal Information System Management Act (FISMA), Ongoing Authorization and Continuous Monitoring reporting metrics supporting 100,000+ endpoints
•Ensure complete and accurate scans for all FISMA systems. Schedule, plan, coordinate and execute assessments with directorates, program offices and other security teams
•Provide analysis of scan data to identify critical and high risk vulnerabilities for each FISMA system
•Manage, track, and report ISVMs for all systems and ISVM compliance validation and reporting
•Perform regularly scheduled vulnerability assessments using a master schedule via Tenable Security Center, Tenable Nessus Manager, AppDetective, WebInspect and Burpsuite
•Coordinate the VA testing in advance with the system ISSO and the Government SOC TM to assure coordination with network maintenance, availability, and operations. Coordinate with system owner/ISSM/ISSO any necessary changes to the schedule
•Use approved test procedures, information collecting scripts, and VA tools that are Security Content Automation Protocol (SCAP) compatible; the latest versions of tools with up-to-date lists of vulnerability checks; appropriate to CBP’s policies, needs and technologies
•Conduct specialized VA testing to include Database and Web application assessments, penetration testing, and all Wireless technology testing and analysis
•Prepare and submit security testing Rules of Engagement (ROE) for Government managerial approval prior to conducting of penetration testing
•Ensure the ROE provides the operational security controls to protect both the system and network
•Employ ad-hoc or emergency VA scanning to support targeted incident investigation, escalation and emergency response to security events in accordance with documented procedures
•Support external audits including but not limited to Office of Inspector General
•Manage/maintain asset inventory for each FISMA system, database, and web application URLs as provided by each system ISSO
•Provide support to ISSO/ISSM interpreting scan results and recommend remediation plans
•Provide to the appropriate systems owner/ISSM/ISSO vulnerability assessment summary reports of the testing and document the findings
•Submit to owner/ISSM/ISSO after action report from Penetration and any wireless testing
•Archive VA data and reports and use findings to support ISSO owner Plan of Action and Milestones (POAM) and conduct of follow-on assessments, to compare results, focus on deferential findings, look for evidence or lack of improvements thereof to report trends, determine effectiveness of mitigation strategy, and provide recommendations to changes in Policy or architecture
•Provide written reports detailing all security events relative to network security matters and submit these reports according to established procedures and reporting requirements
05/06 – 11/15 Department of Homeland Security FEMA
Hyattsville, MD
Position: Information Technology Specialist
•During government shutdown was tasked with managing daily IT operations
•Currently working in CISSP (Certified Information Systems Security Professional)
•Administration of objects and access control list using Active Directory
•Administrator for the Symantec Ghostcast Server, deployment of all images
•Ensures prevention of security vulnerabilities for desktop and laptop images, uses D.O.D disk wipe to sanitize hard drives, install security patches and updates
•Conducts IT Security annual awareness training for new employees
•Provides customer support related to McAfee’s ePolicy Orchestrator (ePO), Host Intrusion Prevention System (HIPS v8.0), McAfee Agent (MA v4.8), and Virus Scan Enterprise (VSE v8.8) on Windows systems
•Performs compliance monitoring, reviews, and took corrective actions to eliminate the security vulnerabilities
•Ensures that technical teams understand and adheres to necessary policy and procedures to maintain HBSS systems throughout the enterprise.
•Maintains compliance of endpoints clients through HBSS
•Performs research, test and evaluated security patches prior to installation on network devices
•Participates and Creates disaster recovery plans to mitigate production downtime for ITIL
•Captures and analyze data to determine scope of security incident and resolved issue
•Connect network cables and troubleshoot toning from data port to the switch panel
• Experience with provisioning RSA tokens, Knowledge of the RSA Security console and iOS
•Communicate and enforce security policies, procedures and safeguards for all systems and staff in accordance with DHS 4300A and B, NIST 800 series, POAMs and FISMA guidelines
•Provides support to the cyber security service desk requests, vulnerability assessments and remediation efforts
•Provides Certification and Accreditation support in accordance with the DHS 4300A & 4300B
•BrightStor Arcserve Server Backup, migrating data from one server to another, data restore from backup medium
•Tested and documented Avaya VoIP solutions based on customer's needs
•Maintained Systems Management Server (SMS) database to improve tracking and reporting, deploying security updates via Patch Management (Shavlik)
•Software Inventory Specialist and wrote Software Standard Operating Procedures (SOPs)
•Provide support to internal helpdesk, server and client workstations to resolve user concerns to provide support for software, hardware and network access
•Remedy Action Request System (monitor, assign and complete request tickets)
•Trained personnel on accessing FEMA network with Cisco VPN Connection through customers home ISP and the Avaya Agent Software for Telework usage and PIV smart cards
•Installation and troubleshooting of mission essential software to include Windows XP and 7, Symantec Antivirus, McAfee HBSS, Citrix, Apple iOS, Lumension Patch Agent, Avaya CMS, SMS administration console, NEMIS, Adobe Acrobat 9 Pro, MS Office Communicator, RightFax Client, Blackberry, Terminal Services, Avaya One-X Agent and Communicator, Cisco VPN client, MS Office Lync, Cisco AnyConnect, MS Office 2003, 2007 and 2010 suite
•Install, configure, support, identify and troubleshoot problems to include Network Interface Cards, Video Cards, Hard drives, Floppy Drives, CD Rom Drives, DVD drives, Power Supplies, Motherboards; Punch down Cat 5E cable for network access
•Implements the improvement of office operations and customer service
•Ability of multitasking effectively in a fast paced environment, while maintaining an emphasis on quality
•Coordinate with vendors and manufacturers for equipment replacement and acquisitions
Education and Degrees:
Capitol Technology University – Laurel, MD 05/2015
Master of Science Degree: Information Assurance
Capitol Technology University – Laurel, MD 04/2015
Graduate Certificate: Security Management
Capitol Technology University – Laurel, MD 04/2015
Graduate Certificate: Information Assurance Administration
Capitol Technology University – Laurel, MD 01/2015
Graduate Certificate: Network Protection
University of Maryland University College – College Park, MD 05/2012
Bachelor of Science Degree: Computer Information Technology
Anne Arundel Community College - Arnold, MD 12/2008
Associate of Arts Degree: Transfer Studies
Training:
CompTIA Cloud + 09/2018
Compliance Checklists NIST Framework 10/2015
Cloud Computing Technologies 09/2015
CISSP 08/2015
Certified Ethical Hacker 08/2015
Essentials of Cloud Security Management 08/2015
CNSSI 4016(A) National IA Training Standard Risk Analyst 05/2015
Vulnerability Assessment 07/2013
Penetration Testing: Tools and Techniques 05/2013
DOD Information Assurance Boot Camp 10/2012
(Certification & Accreditation, DIACAP, STIGs, Identification & Authentication Controls, POAMs)
McAfee Host Based Security System MR4 – 201 05/2012
McAfee Host Based Security System v4.5 09/2011
Advanced Digital Forensics 12/2011
Microsoft Windows 7 07/2011
CompTIA Security + 05/2011
Microsoft Windows Directory Server Infrastructure 2008 05/2011
Microsoft Windows Network Infrastructure 2008 05/2011
Microsoft Windows Server 2008 12/2010
Microsoft Windows Server 2003 06/2009
Microsoft Windows Vista 06/2007
Microsoft Windows XP 02/2006
Cisco Certified Network Associate 01/2006
CompTIA Network + 10/2005
CompTIA A+ 06/2005
Contact this candidate