Information System Systems Engineer
Resume:
QUALIFICATIONS:
Extensive experience in cyber-security engineering, systems engineering, and DoD acquisition lifecycle management processes. Executed a myriad of engineering activities, from requirements development to test & evaluation (over 20 years). Multiple years of leadership and vast opportunities in advising senior DoD government officials with effective high-performance cost-sensitive strategies.
Continuous Monitoring proficiency with Splunk, Tanium, Nessus, and Linux, within hybrid On-Prem/AWS environments.
CLEARANCE:
Top Secret Clearance, SCI (latest re-investigation: October 18, 2018), with CI polygraph (latest reassessment: October 28, 2024); Full Scope polygraph (latest reassessment: March 22, 2016);
EDUCATION:
M.S., Electrical Engineering 1998
Florida A & M University, Tallahassee, FL
B.S., Electrical Engineering 1996
Florida A & M University, Tallahassee, FL
CERTIFICATIONS:
Cybersecurity Maturity Model Certification (CMMC): Certified CMMC Assessor (CCA) 2023
CMMC – Certified CMMC Practitioner (CCP) 2022
Certified Information System Security Personnel -Information Systems Security
Engineering Professional (CISSP-ISSEP): 424-***-****
AWS Security 2020
Splunk Power User 2019
Certified Information System Security Personnel (CISSP): 2013
Certified Ethical Hacking (CEH): ECC73858955984 2013
Defense Acquisition University (DAU), Acquisitions Fundamentals Certification 2009
Cisco Certified Network Associate (CCNA) 2003
EXPERIENCE:
November 2024 – Present, Sunayu (Bethesda, MD)
Security Systems Engineer Lead
Currently leading an Information System Security Engineer (ISSE) team; aspiring to obtain security authorization, regarding architecture design enhancements of a DoD AWS cloud-based Continuous Integration/Continuous Delivery (CI/CD) environment
●Translating 800-53 (rev 5) control sets for DevOp Engineers, for the purpose of obtaining quality supporting evidence
●Drafting organizational documentation, to support the Body of Evidence (BOE) package requirements
●Analyzing NIST 800-190 (container security) and NIST 800-204 (microservices security) controls against proposed architectural enhancements
● Contributing as a team member in formulating NIST 800-53 (rev 5) AU-16 event types and alerts regarding Splunk based centralized organizational audit and audit reduction processes
●Working with Program Managers in reassessing cross-functional SCRUM team make-up and planning interval (PI) schedules
September 2017 – Present, IAMUS (Eldersburg, MD)
Security Systems Engineer Lead; Director of Governance, Risk and Compliance (GRC)
Engaged as the lead ISSE supporting the security authorization, risk mitigation and technical modification efforts of a DoD AWS cloud-based analytic architecture:
●Performing as a CMMC consultant, preparing body of evidence (BOE) for IAMUS Consulting, as they prepare for CMMC contract evaluation
●Performed continuous monitoring activities over various cloud enclaves w/ varying data protection and classification requirements
oAssured Compliance Assessment Solution (ACAS) Nessus Security Center vulnerability scanning and POAM development
oContinuous Auditing and Reporting
●Assisted system architects and DevOp team in the identification and implementation of appropriate information security functionality to ensure uniform application of security policy and compliance
opart of a senior collaboration team to fine tune the security architecture of varies cloud products against parent 800-53 (rev 5) controls
oensuring architecture diagrams and dataflows, and overall requirement designs are fully apparent in the architecture, to include best practice segmentation (i.e., separate VPC’s and collocated security groups), data transfer and storage mechanisms, authentication and authorization per roles, as well as the incorporation of protocols and ports to delineate proper remote access (i.e., ssh/port 22 using TLS at the Application layer)
Developed, as the Director of GRC, the strategic planning of the CMMC effort
●Outlined and managed the steps required to be CMMC assessment ready:
odetailed explanation and translation of 800-171 security controls to leadership and support groups
odrafted a series of corporate policy documentation for leadership review and approval
oconstructed a prioritized approach plan of tasking
oconstructed and evolved artifacts such as network architectural specifics, dataflow, data storage settings, and delineation of CSP accessibility and compliance level of third-party applications
Supported, as an ISSE, the GSA Electric Vehicle Supply Equipment Security Team, by evaluating tailored Cloud Service Provider (CSP) systems against GSA and FedRAMP authorization requirements:
●Advised and assessed the security packages of CSP vendors in their attempt to acquire authorization via GSA, against FedRAMP (rev 5) controls; review included:
odetailed analysis of the Security System Plan (SSP)
oevaluation of the security boundary and dataflow
obreakdown of all third-party applications and interactive system processes (i.e., library updates and performance metrics)
odeep review of the access controls and authentication/authorization process
●Performed continuous monitoring activities via scan and POAM reviews, and evaluated any Security Relevant Change Requests of authorized CSP vendors
Supported the Census Decennial efforts, by executing in the role of Risk Management Framework (RMF) Analyst:
●Performed continuous monitoring activities via audits and vulnerability scans of the hybrid AWS and On-Prem environments using Splunk, ACAS Nessus Security Center and Tanium Comply
●Identified points of vulnerability, non-compliance and recommended mitigation strategies, over Linux and Windows based platforms
●Engaged as a member of a Triage committee, with key Enterprise ISSEs and Enterprise Security Assessors, to reach concurrence on the best (as well as minimal threshold) requirements for “adequate” and “sufficient” evidence per the NIST 800-53 (rev 5) controls, to achieve accreditation without any Plans of Action and Milestones (POA&M) liens
●Engaged system admin, developers and Enterprise ISSEs, performing basic Information System Security Officer (ISSO) duties:
oDrafted security BOE documentation
oManaged the overall Risk Management Framework (RMF) security efforts for obtaining accreditation under National Information Security Specification (NIST) 1253 controls
oIdentified and managed customer-responsible controls for FedRAMP hosted Cloud systems
●Managed the RMF Analyst team, as an RMF Team lead
December 2015 – September 2017, Parsons (Columbia, MD)
Principal Cyber Security Systems Engineer
Supported the Ft Meade client in a litany of Information Assurance (IA) activities:
●Engaged system owners and system admin, performing basic Information System Security Officers (ISSO) duties:
oDrafted security BOE documentation via XCATA
oEnsured rigorous application of information security information assurance policies and procedures
oManaged the overall RMF security efforts for obtaining DoD accreditation under National Information Security Specification NIST 1253 controls
oPerformed continuous monitoring activities such as periodic audits using Splunk and the internal enterprise audit reduction tool
●Evaluated NIST 800-53 security controls test matrix (SCTM) against system architectures and hosting environments
●Provided guidance and expertise in the development of a disaster recovery plan, and in the integration process of the enterprise service authorization mechanism
●Utilized the ACAS Nessus tool for vulnerability scanning
●Managed the contractor ISSO team, as the TTO lead.
January 2014 – November 2015, DigiFlight, Inc (Columbia, MD)
Senior Information Assurance Engineer
Engaged as an Enterprise ISSE supporting the Ft Meade client:
●Functioned as a liaison for the government (DoD), assisting system owners and ISSOs with the development of their respective systems and architectures
●Aided in the RMF process, providing Information Assurance expertise to ISSOs, advising throughout the C&A process
●Constructed agency-based “overlays”, based off the Committee on National Security Systems (CNSS) 1253 controls, to apply to pertinent systems that share hybrid controls with enterprise related systems
●Participated as a member of the Cross-Domain Solutions (CDS) team, a group solely responsible for providing ISSE support to all CDS systems undergoing implementation and accreditation efforts
●Participated in a group embarked on various cloud initiatives, i.e., Amazon Web Services GovCloud: developing overlays, establishing “Rules of Engagement” from a security perspective of how to utilize the cloud capability within government security guidelines
●Provided Information Assurance expertise for an upcoming high-profile DoD related service order:
oDrafted Information Assurance related Service License Agreements (SLAs)
oAssessed various draft Security Systems Task Orders
May 2013 – December 2013, Sotera Defense Solutions (Chantilly, VA)
Senior Information Assurance Engineer
Tasked as the lead Information Assurance Engineer for managing the overall security efforts concerning the Army Cloud Security Gateway (CSG), a Cloud–related CDS; duties included the overall IA management tasking related to the accreditation of a system, under ICD 503 guidelines. The preparation of the CSG BOE package included:
●CSG security categorization, based on:
oNIST 800-60
oFederal Information Processing Standards (FIPS) 199
●Security Control Identification, based on:
oUnited Cross Domain Management Office (UCDMO) CDS Overlay
oCNSS 1253
oNIST 800-53
October 2011 – May 2013, Texeltek Inc (Annapolis Junction, MD)
Senior Information Assurance Engineer
Tasked as an ISSO on various Cloud related initiatives, to include the CSG; activities included:
●Drafted BOE documentation
●Managed the overall RMF security efforts of obtaining DoD accreditation for varied Cloud systems, to include a DCID 6/3 PL 4 CSG; fully responsible for the management and attainment of an accreditation of the CSG system, under DCID 6/3 requirements
●Day to Day activities covered the continuous monitoring engagement with accreditation principals, developers and system admin. The on-going engagement was integral in the development and sustainment of Cloud related technologies in a secure manner, consistent with the DCID 6/3
September 2009 – October 2011, Van Dyke Technology Group (Columbia, MD)
Security Engineer
Engaged as a Contractor Designated Authority Official (Contractor DAO), for the Ft Meade client:
●Coordinated and conducted day-to-day required activities pertaining to the security authorization and accreditation process, on behalf of the Government Authorizing Officer (AO)
●Overall duties included the evaluation of security system engineering plans, the management of risk assessments and the related implementation of the POA&M, in accordance with DCID 6/3 and the NIST RMF
●Primary DAO focus centered on numerous Ft Meade Cloud architectures
Engaged as a Security Engineer, supporting the Ft. Meade client with preliminary security requirements development, in relation to the virtualization of a CDS:
●Co-authored a technical paper that details the rewards and risks of virtualizing a CDS, as well as outlines the COTS hypervisor vendors that can or cannot support the required CDS virtualization requirements
●Performed a Gap Analysis: reviewing CNSS 1253 and NIST 800-53 against virtualization related Security Technical Implementation Guides (STIGs), to outline virtualization security controls that currently exist, and to develop virtualization security controls that do not exist but are pertinent for a virtualized secured environment
October 2005- September 2009, WILLCOR (College Park, MD)
Risk Management Assessor and Consultant
Provided Security Assessment support to Ft. Meade client:
●Operated, per client preference, as a temporary security assessor, against DCID 6/3 controls:
oParticipated as a full team member of the assessment team (14 months)
oPresented reports and briefings of findings
Provided general System Engineering Technical Assistance (SETA) support to Ft. Meade client:
●Interpreted Information Assurance related technical issues, against the DCID 6/3 controls, and translated for non-technical management, via periodic briefings
●Refined the system design review process by incorporating a degree of security oversight influence
●Drafted quarterly projected plans and fiscal quads for senior management review
Performed best business-practice audits for DoD Acquisition Managers as it pertained to risks from a system engineering process, program management and production readiness perspective:
●Aided in drafting components of multiple SSPs and Security CONOPs (SECONOPs)
●Conducted multiple readiness reviews for programs such as:
oMulti-functional Information Distribution System Joint Terminal Radio System (MIDS JTRS
oExpeditionary Fighting Vehicle (EFV)
oEmbedded Platform Logistics System (EPLS)
May 2004 - October 2005, MITRE (Woodbridge, VA)
Communications Systems Engineer
Engaged as the lead Communications Engineer for the Direct Reporting Program Advanced Amphibious Assault (DRPM-AAA) office in all viable communications system areas of EFV:
●Provided technical analysis and recommendations, requirements validation, and risk management of the sustained and planned EFV radio systems:
oSingle Channel Ground and Airborne Radio System (SINCGARS)
oSatellite Communications (SATCOM) radios such as the PSC-5D and PRC-117
oEnhanced Position Locating Reporting System (ELPRS) 11.4
oJTRS
●Updated the SATCOM related Interactive Engineering Technical Manual (IETM) for improved clarity for customer users
●Assessed satellite radio system requirements against DCID 6/3 security requirements by assisting security assessors in the evaluation process of the communications unit
April 2000 – April 2004, Booz Allen Hamilton (McLean, VA)
SATCOM Systems Engineer
Managed a requirements development and sustainment effort for the MILSATCOM Joint Terminal Engineering Office (JTEO):
●Led group in the overall development of an Advanced EHF (AEHF) Interoperability protocol specification, for the Air Force Space Command (AFSPC):
oAuthored various interoperable technical requirements and communications protocols
oCoordinated with the Program Offices to remediate requirement and protocol issues
oCo-authored supporting components of the CONOPS of the AEHF system
oValidated traceability issues using Dynamic Object-Oriented Requirements Systems (DOORS)
●Served as T&E lead for testing an Air Force terminal image-loading system, Time Distribution System Preprocessor (TDSPP))
●Managed the development of internal corporate assets by administering team-oriented training; based off the collective subject-matter intellectual capital within team; thus, expanding the knowledgebase of the entire team
August 1998 – April 2000, IBM (Research Triangle Park, NC)
Development Engineer
Co-managed, as hardware developer, a Radio Frequency Identification (RF-ID) asset management tool, known as “AssetID”:
●Modified AssetID related C/C++ internal testing code to aid test groups, during test assessments
●Authored AssetID reference specifications and test procedures, for commercial deployment
●Collaborated with marketing team and respective business partners to supplement commercial deployment effort
May 1996 – August 1998, NASA (Glenn Research Center, Cleveland, OH)
Telecommunications Research Assistant
Extent of role centered greatly on research activities; thus, assisted in authoring of the following documentation as a result:
●White paper assessing past performance studies of Code Division Multiple Access (CDMA) and Time Division Multiple Access (TDMA), thereby supplying a technical analysis of the two major multiple access schemes
●Performance analysis of digital video transmitted over a simulated wireless link; output of such analysis employed in the overall development of a published paper, “MPEG-2 Over Asynchronous Transfer Mode (ATM) Over Satellite Quality of Service (QoS) Experiment: Laboratory Tests”
Contact this candidate