Information Technology Security
Resume:
Albert Kelvin Dominic
***********@*****.***
Dumfries, VA. 22025
• Cell 202-***-****
OBJECTIVE:
To obtain a challenging position in the field of Information Technology that will utilize my experience as an Information Technology Cyber security and compliance professional. To obtain a position in a progressively innovative work environment that allows me to use my assets as a leader, self-starter and problem solver for the benefit of an organization.
Summary:
Detail-oriented IT professional with over 20 years of experience in Security Compliance, Risk Management practices and procedures, and regulatory frameworks and procedures to include the implementation of the standards provided by FedRAMP, StateRAMP, National Institute of Standards Technology (NIST), the Defense Information Security Agency (DISA), Information Process Standards (FIPS), Risk Management Framework (RMF), SANS Top 20 Critical Controls, HITRUST, DevSecOps, HIPPA, SOC2, MARS-E, CMMC, CMMI, CSF, DFARS and ZeroTrust,(ZT). Capable of managing multiple large engagements simultaneously, including several customer engagements and the continued management of internal company IT infrastructures
Certifications: Certified Information System Security Professional (CISSP)
Project Management Professional (PMP)
Experience:
Pyramid Solutions
Principal Information Security Consultant, June 2023 – Present
Led the effort in performing the requisite tasks to obtain a FedRAMP “moderate” and “high” JAB and Agency authorizations for three (3 Cloud Service Providers (CSP’s). Tasks to include:
oImplementation of controls
oCreation of the SSP
oCompletion of all relevant FedRAMP documentation
Rules of Behavior, Information Security Contingency Plan, CIS/CRM workbook, Integrated Inventory Workbook (IIW), System Security Plan (SSP) and the Plan of Action and Milestones (POA&M’s)
Led the effort on assessing FedRAMP controls for nine (9) CSP’s that eventually were able to obtain either a “Ready” or “Authorized” Status
Led self-assessment efforts to ensure that CSP’s were prepared to successfully pass both a mid-year and annual audits.
Perform ISSO functions for multiple FedRAMP systems and lead the team responsible for daily operations of that system.
Assist customers with FedRAMP accreditation packages including interviewing SMEs, documenting control implementations, identifying system gaps, and providing suggestions for closing those gaps with secure implementations.
Led a team in the creation of compliance-related documentation for the secure use of cloud services using FedRAMP (NIST 800-53), DoD L4 & L5 (NIST 800-53), GDPR, PCI DSS, HIPAA, DFARS, UK NCSC, Australia Protect, ISMAP and NIST 800-171 compliance frameworks.
Investigate and document risks associated with information systems for management review and acceptance.
Participate in the management of information security risks at the system and program level.
Support Authorizing Officials with their risk-based decision process by preparing appropriate system and risk documentation.
Extensive work on the management and integrations of endpoint, on-premise solutions and technologies via NetApp.
Leads all advisory engagements, working with SaaS, PaaS, and IaaS providers to evaluate gaps in their implementation of relevant security controls, recommending compliant solutions, and creating the System Security Plan (SSP) and related documentation.
Supported cloud service providers through audits and in their interactions with related governing bodies.
Managed the day-to-day operations of an authorized system.
Ensured that new customer deployments, continuous monitoring activities, and security review requirements all meet FedRAMP requirements.
Deloitte Washington DC
Information System Security Manager (ISSM) August 2018-May 2023
Oversee the process from start to finish in efforts to achieve a FedRAMP authorization for all cloud systems that existed in the Deloitte network, to include: The Security Assessment Plan (SAP), FedRAMP ready status, The Security Assessment Report (SAR) and the final FedRAMP authorization (Agency and JAB)
Enforce cyber security policies across all systems, infrastructures, networks and data in accordance to mandated directives, in efforts to achieve the highest level of security via the DevSecOps model.
Oversee the department’s programs and identify security enhancements for existing systems, providing project management and quality assurance expertise.
Serve as the point of contact for cybersecurity issues or concerns for all systems and ensure that those systems are monitored and configured in accordance with Department of State and applicable federal policies.
Formulate, coordinate, and recommend policies concerning new technologies for all related initiatives and their applications to existing and planned systems, in coordination with other DoS offices.
Explore new technologies of potential value to the Department, in conjunction with IRM/BMP, and departmental consolidation initiatives.
Manage the Authority to Operate (ATO) process in accordance with the Risk Management Framework (RMF).
Perform yearly security audits, update documentation, and perform Security Impact Analysis’ (SIA) in efforts to support the Continuous Monitoring (CM) efforts.
Identify risks and vulnerabilities and provide remediation solutions to strengthen the overall security posture of the system via the Plans of Actions and Milestones (POA&MS) process.
Provide relevant notices of emergent threats to all systems.
Work with the Information Technology Change Control Board (ITCCB) to analyze and incorporate all security baseline changes associated with all DoS systems and ensure they are in line with security standards.
Partake in the day-to-day operation and maintenance of all systems and ensure that system owners and administrative staff are responsible for implementing any changes necessary to bring the systems into compliance with policy.
Provide briefings to all users of all systems and ensure that all users comply with the annual cybersecurity awareness training requirements.
Aid in external security investigations when necessary.
Booz Allen Hamilton Fort Meade, MD/Fort Belvoir, VA/Alexandria, VA
Lead Technologist/Senior Security Engineer February 2015-July 2018
Served as a team lead supporting the Defense Information Systems Agency (DISA), Risk Management Executive (RME), Certification and Assessment Branch (RE52) under the ENCORE II TO41 Assessment and Certification contract.
Provide Cybersecurity program support to assist DISA and Defense Logistics Agency (DLA) CA and DAA to ensure compliance with DOD Cybersecurity policy and includes the daily activities required for successful C&A program completion
Provide technical support in the review, analysis, and development of Cybersecurity processes, policy, doctrine, directives, regulations, and implementation of instructions for DLA
Provide Cyber Security expertise (FEDRAMP) for applications that reside in the cloud (Amazon Web Services, Appian, and Microsoft Azure) and applications that utilize IaaS, PaaS, and SaaS services.
Led efforts to convert all DISA systems, programs, and labs from the Defense Information Assurance Certification and Accreditation Process (DIACAP) to the DOD mandated Risk Management Framework (RMF).
Conducted categorization meetings with upper management to determine the Confidentiality, Integrity, and Availability (CIA) levels using the NIST 800-60 scale of low, moderate and high for all systems. Once determined, selected the appropriate security controls via the NIST 800-53 rev 4 directives.
Performed day-to-day tasks to include: reviewing and providing risk assessments for Change Requests, Accreditation Extension Requests, performing vulnerability testing (using the Nessus ACAS scanner), security control assessments (using eMASS) and compliance checks under the Fragmentary Orders (FRAGO) and Communication Tasking Orders (CTO) compliance checks for DOD facilities, networks, and systems.
Determined the residual risk that all systems have on the DoD Information Network (DODIN) and the larger Global Information Grid (GIG). Drafted a Certification Recommendation for the system's Accreditation.
Managed POA&M’s and mitigation strategies via eMASS.
Performed continuous monitoring processes to include Security Impact Analysis and a re-evaluation of high-risk controls.
Assisted Booz Allen Hamilton internal staff by writing technical proposals in efforts to obtain new business for the team.
Handled Booz Allen administrative activities as a Career Manager to include: Conducting in person interviews, involved in the process for hiring and onboarding of new staff and ensuring that all new staff had the correct system access.
Lunarline Arlington, VA
Lead Cyber Security Engineer November 2013-January 2015
Assisted in the effort to migrate all applications residing in the Program Executive Office Enterprise Information System (PEOEIS) branch of the United States Army to the Defense Information Security Agency (DISA) Fed RAMP approved cloud service, in efforts to consolidate, reduce the total computing infrastructure, and improve the overall security posture of all PEOEIS applications.
Led the effort in ensuring that all applications desiring to migrate to the DISA cloud broker met the required Defense Information Assurance Certification and Accreditation Process (DIACAP) 8510.0 directives.
Assisted in the implementation of the newly developed Risk Management Framework (RMF) for all applications under the PEOEIS branch and for the Department of Transportation (DOT).
Developed security architecture and design documents pertinent to migrating applications into the DISA FedRAMP approved cloud service.
Analyzed the physical architecture, software architecture and application architecture of all applicable applications in efforts to determine where the modernization process could improve the business value of each application.
Identified and analyzed all application requirements, Platform As A Service (PAAS) requirements, Storage as a Service (SaaS) requirements, Infrastructure as a Service (IAAS) requirements, networking requirements and interfaces/interdependencies requirements to determine which DISA cloud service would suffice for each individual application.
Booz Allen Hamilton Mclean, VA
Senior Information Assurance Consultant April 2011-November 2013
Led the effort in the development of a department-wide program to provide information security for systems that support the Veteran Affairs (VA) operations and assets, including those provided or managed by external agencies and contractors.
Created the Minimum System Security Requirements (MSSRs), which mandated that all Booz Allen Hamilton information systems meet the required security controls addressed in the MSSRs. Upon completion of these requirements, a recommendation for an Authority to Operate (ATO) was made to the Chief Information Security Officer (CISO).
Performed an independent security control assessment/testing for initial ATO decision and subsequent annual assessment and continuous monitoring requirements.
Assisted in the implementation of the Annual FISMA assessment that determined the extent to which the VA’s information security program complies with the requirements of FISMA, Federal Information System Control Audit Manual (FISCAM), Office of Management and Budget (OMB), and National Institute of Standards and Technology (NIST) guidance.
Document application state, including logical and physical diagrams, connectivity, communication, and data flow diagrams, both internal and external to the system.
Assisted system owners, system developers, and system project managers in understanding the implementation of required security controls in accordance with HIPPA, NIST 800-53, SANS and OMB directives.
Coordinated with system ISSOs on developing appropriate system security documentation (SSP, Risk Assessment plans, CONOPS, and Rules of Behavior) which provided evidence of compliance with applicable laws and regulations.
Conducted periodic security control reviews in preparation for external auditors, where appropriate.
Coordinated with ISSOs and system owners to remediate findings resulting from external audits.
Ensured that all proposed configuration changes to systems were formally approved, tested, and documented prior to the change being implemented
Worked closely with IDM Subject Matter Experts (SME’s) by implementing security practices through the integration of technologies such as directories, Single Sign On (SSO), provisioning and delegated administration. Coordinated with business processes surrounding the management of user information, access rights, and security policy within the IDM solution.
Northrop Grumman Herndon, VA
Information Assurance Engineer Lead November 2008 – April 2011
Support the Defense Security Service (DSS) in the implementation of the Defense Information Assurance Certification and Accreditation Processes (DIACAP) processes for the Identity and Access Management Services (IdM) System solution.
Assisted in the Certification and Accreditation, acquisition of an Interim Authority To Test (IATT), Interim Authority To Operate (IATO) and Authority to Operate (ATO) for the Identity and Access Management solution.
Support the Independent Verification and Validation (IV&V), Government Acceptance Testing (GAT), and interface with other contractors/vendors that support the operation of the system and support the Security Test and Evaluation (ST&E) of the system.
Conduct certification testing including System Readiness Reviews (SRR), monthly vulnerability scans, annual compliance testing via DISA STIG checklists, and recertification for the project’s software systems
Perform security hardening procedurals of applications within the IDM solution, as well as harden and baseline the operating system according to DISA requirements.
Participate in monthly meetings with the Information Assurance Manager (IAM) and Information Assurance Officer (IAO) to keep them informed on system security matters and issues.
Produce security documents including the Concept of Operations (CONOPS), System Rules of Behavior, System Security Plan, Monthly IAVA and Vulnerability Report, Security Incident Report, and Self Evaluation Reports.
Provide strategic security services to enhance the confidentiality, integrity, availability of the IDM solution
Work closely with the requirements, development, configuration management, system administration and integrators, quality assurance and test team members to ensure the implementation of correct security practices across all platforms.
Participate in establishing and implementing CMMI level 3 practices and procedures across the project.
SAIC/SNVC Fairfax, VA
Information Assurance Analyst/Software Engineer September 2007-November 2008
Analyze and report on the scope of the Certification and Accreditation (C&A) process with compliance to the National Institute of Standards in Technology (NIST) 800.53 and 800.37 special publications, FIPS, and FISMA directives.
Perform technical vulnerability assessments while engaging in intrusion detection and prevention
Review, analyze, and report on technical security documentation (Installation and Migration Guides, Test Plans, Release Plans, Test Reports, and System Problem Reports).
Installing, configuring, and implementing security hardware and software solutions (hot fixes, patches, etc.)
Oversee the product level, system integration, and Security Test and Evaluation (ST&E) phases of the software development cycle.
Verification and validation (V&V) of contractor developed, customized software applications and hardware used by the Army National Guard (ARNG) and the United States Army Reserve (USAR) to include RCAS, DTTP, GCLS, and emerging information technology projects
Support the Government Configuration Management team by participating in Lab Configuration security audits.
Software engineering support of .NET and Visual Basic framework applications according to assigned Engineering Change Proposals (ECPs).
American Systems Cooperation/Intelligent Concepts Rosslyn, VA Security Test Engineer, Security Network Administrator October 2005-September 2007
IV &V support to the U.S. Department of State Consular Affairs (CA)
Automated software testing, regression and development of test cases and designs for the American Citizenship Services (ACS+), Passport Services, Visa, Non-Immigrant and Immigrant Visa applications.
Verification of development vendor’s overall testing requirements.
Verify that test plan qualification methods and plans are enough to validate software requirements and operational needs.
Verify regression tests are enough to determine that the software is not adversely affected by changes.
Develop and define test cases to be applied to various partitions of the development vendor software, system components, major systems/subsystems/ or iteration packages.
Develop, implement, manage and maintain the User Acceptance Test Plan, including procedures, methods, criteria, and scripts defined within, assistance from the development vendor.
Collect, organize and present the outcome of all dynamic testing in a Unit Test Results deliverable that highlights successful and failed tests and all expected and actual results.
Security administrator of the testing environment which included updates of security settings, user capabilities within the database, running test scripts, applying security patches and hot fixes, and various hardware installations.
Skills and Concepts:
Cyber related:
Background in Cyber and Information Assurance frameworks and procedures to include, the Certification and Accreditation (C&A), Security Assessment and Authorization (SA&A), Configuration Management, Risk Assessment, Verification and Validation (V&V), System Test and Evaluation (ST&E), Quality Assurance methodologies, Third Party Assessment Office (3PAO) and System Analysis and administrative processes. Experience with implementing the standards and procedurals provided by FedRAMP, National Institute of Standards Technology (NIST), the Defense Information Security Agency (DISA), Security Technical Implementation Guides (STIGs), Security Readiness Reviews (SRRs), Federal Information Process Standards (FIPS), Risk Management Framework (RMF), SANS Top 20 Critical Controls, DevSecOps, HIPPA, SOC2, MARS-E, CMMC, DFARS and StateRAMP frameworks.
Additional Areas of Cyber Security expertise:
Security Operations Center (SOC)
Computer Security Incident Response Team (CSIRT)
NIST SP 800-18 Rev. 1 – Guide for Developing Security Plans for Federal Information Systems
NIST SP 800-53A Rev. 4 – Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
The Six Stages of Incident Response
NIST SP 800-61 Rev. 2 – Computer Security Incident Handling Guide
NIST SP 800-137 – Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
Expert:
Windows Operating Systems, MS word, Excel, Outlook, PowerPoint, Adobe Photoshop, Microsoft, Eye Retina, GoldDisk, Xacta, eMASS, FedRAMP, NIST, FISMA, FIPS, CMMI practices and the Certification and Accreditation (C&A) processes.
Intermediate:
System Architect Program, Popkins Systems, Visio, Publisher, MS Suite Application, Minitab, TOAD, Rational Suite, Dimensions, Six Sigma and Lean Six Sigma methodologies, Sun Solaris, VMware workstations, Host Based Security Service (HBSS), ACAS, AWS Amazon Web Services, Wireshark, FireEye Central Management System, Microsoft System Center Configuration Manager, (SCCM), DevSecOps, Splunk, Tripwire, Tenable Security Center, ServiceNow
Proficient:
JavaScript, SQL Server, HTML, Microsoft .Net Frameworks, (C# and VB.net) UNIX, Oracle WebCenter, Oracle Database, Sun Identity Management (IDM) Single Sign On (SSO) applications, Oracle Weblogic, LifeRay.
Education:
Georgetown University Washington, D.C.
Master of Business Administration August 2011
Concentration: Technology Management
Track: Information Assurance
Old Dominion University Norfolk, VA
Bachelor of Science in Business and Public Administration
Major: Information Technology
Minor: Business Management
Defense Acquisition University (DAU)
ACQ 101- Systems Acquisitions Management Certification
CLE 007 - Six Sigma Concepts and Processes Certification
CLE 042 - Concepts in Value Engineering Management Certification
‘
References furnished upon request
Contact this candidate