Security Project Manager
Resume:
Harim Hicks, MBA
*** ********** **. ** **** B*, Washington, DC 20032
202-***-**** • **********@*******.***
Senior Information Assurance Engineer • Network Engineer & Administrator • MIS & Network Manager
Accomplished IT professional with over 14 years I have demonstrated success planning, coordinating, and implementing security measures for information systems to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information. Installing, configuring, and supporting an organization’s local area network (LAN), wide area network (WAN), and Internet and network systems. Skilled at maintaining network hardware and software; monitoring networks to ensure network availability; supervising network support and client server teams; and planning, coordinating, and implementing security measures for information systems to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information. Technology savvy self-starter, adept at using existing experience to quickly adapt to new technologies fluently; Possess first-rate communications and collaborations skills to lead and work in collaboration with diverse groups effectively as well as to write formal plans, reports, and to give presentations. Ability to implement strategic IT initiatives that improve business functionality with positive impacts on the bottom line; skilled project manager, with proven ability to lead and motivate teams to maximize productivity. Willing to travel.
QUALIFICATIONS HIGHLIGHTS
• Technology Expert • Project Management • Operations Management
• Technical Analysis • Network Engineering • Multi-Platform Networking
• Systems Integration
• Test planning, execution, results analyses
• Migrations/Upgrades
• Training
• Litigation Support Specialist • IT Strategy Development
• System Security
• HealthCare Information System
TECHNICAL EXPERTISE
Certifications: MCP, Security+
Operating Systems: Windows 9X & ME, Windows NT Workstation & Server 4.0, Windows 2000 Professional & Server, NT/200/2003 Novell 3.6.1 NetWare 4.11, Linux, UNIX
Hardware: Cisco 4000m/3600/3000/2600/1600 series Routers, Cisco 2900 series Switches, 3Com & Net gear Switches, Hubs, Laptops & Workstations & Servers (HP, Dell, Micron, Compaq, IBM), Raid, SCSI, Modems, Network Cards, Memory, Printer, Plotters, Scanners and the other peripherals
Software: Akoura Smart Token, IBM Tivoli Identity Management TIM, Password management software,Patch Management, Remote Authentication Dial-In User Service RADIUS software, Ping software, Stack smashing protection SSP software,, Exchange 5.5 & 2000, Lotus Notes Client and Server R4 & R5, Rumba, Citrix Client & Server, Windows Terminal Server, MS Proxy Server, MS IIS Server, Pervasive SQL 7.0 & 2000, Cisco IOS, Seagate Backup Exec, Nessus McAfee Virus Scan (FoundStone), Symantec Norton Antivirus, PC Anywhere, Reach out, MS Office Suite, AVAYA VOIP, Primavera Project Planner P3 2.0 & 3.0, Visio 5.0 & 2000, Acrobat 4.0, Software to generate ERD diagrams, Developing Data Dictionaries. Develop User's Manual, System Design and Configurations Documentation
Scanning Tool: (McAfee) FoundStone, (DISA) Gold Disk, Retina, Nessus WebInspect, SSR Script (Database Checklist) AppDetective Pro, Application Checklist (Manual).
Networks/Protocols: Cisco Systems Cisco Works, Hewlett-Packard HP Open View, Quest Big Brother, Sun Microsystems Net Manage, LAN/WAN, TCP/IP, IPX/SPX, NWLINK, NETBEUL, WINS, DNS, DHCP, POP3, SMTP, FTP, TELNET, VPN, ICMP, RIP, NAT, IGRP, TFTP, Ethernet, NX-OS
Government Assets: 6+years of experience in Information Assurance (IA), Federal Information Security Management Act (FISMA), Office of Management and Budget (OMB) Circular A-130, National Institute of Standards and Technology (NIST), SP800-18 Guide for Developing Security Plans for Federal Information Systems, NIST SP800-30 Risk Management Guide for Information Technology Systems, NIST SP800-53 Recommended Security Controls for Federal Information Systems and Department of Defense Information Assurance Certification and Accreditation (DIACAP); Extensive knowledge in Certification and Accreditation (C&A), Security Test and Evaluation (ST&E) of Federal Information Systems. HIPA Privacy Rule, 6+ years developing C&A documents in accordance with NIST and DIACAP guidelines, methodologies and procedures.
Security Clearance: Public Trust (NACI)
PROFESSIONAL EXPERIENCE
AETEA Information Technology, Inc, Rockville, MD
SR. Information Security System Officer (ISSO) USDA April 2012 to Present
• Serves as a SR. Subject Matter Expert in Certification & Accreditation (C&A) documentation development specialist following Federal Information Security Management Act (FISMA) requirements, and National Institute of Standards and Technology (NIST).
• Certification and Accreditation (C&A): support services to complete required C&A activities on designated software systems.
• Plan of Action and Milestones (POA&M): support for review of select controls, using an automated self-evaluation remediation and tracking tool. Identified vulnerabilities will be reported as part of the POA&M process.
• Generating FISMA related documentation using Risk Management System (RMS) and Trusted Agent FISMA (TAF) Complete and update of the automated security self-evaluation and remediation tracking questionnaire regarding system controls.
• Developing and updating HIPAA compliance documents
• Developing and updating PIA/PTA documents
• Contingency Drills: support services to complete the necessary reports for all the required activities during a Contingency drill.
• Document the framework and guidance needed to unify the existing IT Security elements into a cohesive, centrally managed, responsively Governance Organization. Specify the IT Security policies, processes and initiatives that will reinforce the governance.
Barling Bay, LLC, Charleston, SC
SR. SME Information Assurance Engineer (BIA) July 2011 to September 2011
• Serves as a SR. Subject Matter Expert in Certification & Accreditation (C&A) documentation development specialist following Federal Information Security Management Act (FISMA) requirements, and National Institute of Standards and Technology (NIST).
• Security Test and Evaluation (ST&E) and developing C&A packages.
• Conducting Internal controls, risk Using Internal Control Management Tool
• Conducting Annual Self-Assessment Bureau of Indian affairs System.
• Conducting CP Testing and Result, Updating CP, SSP.
• Conducting the full C&A, Developing and updating System Security Plan (SSP).
• Developing and updating Contingency Plan (CP).
• Conducting Contingency Testing.
• Conducting Security Test and Evaluation (ST&E).
• Conducting Security Test and Procedures
• Provided recommendation and remediation strategies to address findings, and Plan of Action and Milestones (POA&M).
• Conducting Privacy Analysis (PA).
• Developing and updating HIPAA compliance documents
• Developing and updating PIA/PTA documents
• Proven ability to create and maintain documentation, and process flows, as needed
• Experience in presenting/interacting with senior management
• Review Log Aggregation report my any finding/Monitoring
• Develops Mitigation Strategy Report (MSR) using difference scanning tools.
• Plans and executes IA control validation activities and produce risk assessments, POA&Ms.
• Supports and interacts with internal and external clients and support contractors.
Network Security Systems Plus (NSSPlus), Inc., Falls Church, VA
Sr. Lead SME: C&A Information Assurance Engineer (WRAMC) May 2010 to March 2011
• Under general direction, responsible of all activities relating to information assurance procedures and systems which includes the following:
o Meets with Base Realignment and Closure (BRAC) Intergraded Committee, Joint Task Force (JTF), Army, and Navy officials and update s them on the BRAC DOD Information Assurance Certification and Accreditation Process (DIACAP),
o Managing a team of 15 Contractors (Auditor and Engineers)
o Develops process for over 300 systems going through the DIACAP
o Develops Standard Operational Procedure (SOP)
o Develops Kick-Off Packages that include System Security Authorization Agreements, Contingency Plans (CP). BRAC DIACAP Role and Responsibility sheets, Certification & Accreditation Checklists, DIACAP Notification Email Templates, and DIACAP In-briefing (PowerPoint slide training)
o Develops DIACAP Implementation Plan (DIP), DIACAP Scorecard, Navy SIP,
o Develops System Security Authorization Agreement (SSAA), DADMS Reports
o Develops Mitigation Strategy Report (MSR) Using Retina, Gold Disk (DISA), WebInspect. AppDetective Pro, Application Checklist..
o Develops Contingency Plan (CP), AND PO&AM
o Delivers BRAC DIACAP kick-off meeting with system administrators and, system owners
o Develops a report template and document review list for system owner and system administrator
o Runs and Analyzes Defense Information Systems Agency (DISA) Gold Disk, Retina Scan, WebInspect, SSR Script and AppDetective Pro, DODI 8500.2 IA Control Checklist for MAC 2 and 3 Sensitive
o Develops SOP for Walter Reed Medical Center (WRAMC) and Navy National Medical Center (NNMC)
o Developing and updating HIPAA compliance documents
o Developing and updating PIA/PTA documents
o Assists with developing application timelines
o Proven ability to create and maintain documentation, and process flows, as needed
o Experience in presenting/interacting with senior management
o Review Log Aggregation/Monitoring
o Provided recommendation and remediation strategies to address findings, and Plan of Action and Milestones (POA&M).
o Develops Map and Gap for DODI 8500.2 IA Controls for MAC levels 2 and 3
o Hosts weekly staff meetings with 15 staff members
• Develops information systems assurance programs and control guidances.
• Confers with and advises subordinates on administrative policies and procedures and resolving technical problems, priorities, and methods.
• Consults with and advises other sections regarding internal controls and security procedures.
• Prepares activity and progress reports relating to the information systems audit function.
Bowhead Technical and Professional Service, Inc., Alexandria, VA
Sr. Security SME: C&A Analyst/Information Assurance (DOT) October 2009 to May 2010
• Serves as a Technical Writer and Subject Matter Expert in Certification & Accreditation (C&A) documentation development specialist following Federal Information Security Management Act (FISMA) requirements, and National Institute of Standards and Technology (NIST). Purpose of developing C&A packages.
• Conducting Annual Self -Assessment on Department of Transportation (DOT) System.
• Conducting CP Testing and Result, Updating CP, SSP.
• Conducting the full C&A, Developing and updating System Security Plan (SSP), Contingency Plan.
• Conducting Contingency Testing
• Conducting Internal controls, risk using Internal Control Management and Evaluation Tool (GAO)
• Conducting Security Test and Evaluation (ST&E).
• Review and develop policy regarding Single Sign-On User Access
• Conducting Privacy Analysis (PA).
• Developing and updating HIPAA compliance documents
• Developing and updating PIA/PTA documents
• Provided recommendation and remediation strategies to address findings, and Plan of Action and Milestones (POA&M).
• Develops Mitigation Strategy Report (MSR) using McAfee Foundstone,
• Developing the Certification and Accreditation Memo
• Plans and executes IA control validation activities and produce risk assessments, POA&Ms, and Scorecards.
• Technical Writer: Developing data dictionaries and generate ERD diagrams for existing database structures.
• Develop Business Process Documents
• Proven ability to create and maintain documentation, and process flows, as needed
• Experience in presenting/interacting with senior management
• Review Log Aggregation/Monitoring
• Creating Package Code, Updating Description/Configuration/Instructions, User Guide, Operating Administration Training Guide on ten (10) of DOT Application System
• Supports and interacts with internal and external clients and support contractors.
• Assists with the installation and configuration of Windows 2000/2003, SQL Server 2000/2005.
COACT, Inc., Columbia, MD
Senior Security Analyst March 2009 to September 2009
Conducted Phase I – and Phase II – Security Review for the National Contract Management Office / Forest Service GSS Major Application as outlined in the FISMA requirements by completing the activities and the documentation listed below:
• System Security Categorization Document (SCD) compliant with FIPS 199 methodology.
• Privacy Impact Assessment (PIA) – Help Developed PIA documentation compliance with FISMA and NIST guidance.
• Privacy Threshold Analyst (PTA) – Help Developed PTA documentation compliance with FISMA and NIST guidance.
• System Security Plan (SSP) – Help ensured that the SSP conforms to the National Institute of Standards and Technology (NIST) SP 800-18 and the USDA OCIO guidance.
• Security Risk Assessment / Security Assessment Report – Help Developed SRA/SAR compliance with FISMA and NIST guidance.
• Contingency Plan (CP)/– Help Developed CP to conform to NIST and USDA and Forest Service guidance and entry into the enterprise-wide tool.
• Security Control Compliance Matrix - Help Constructed a Compliance Matrix with controls that are compiled from USDA Cyber Security Manual 3500, OMB A-130, NIST 800-53, FISMA, and Industry Best Practices. The matrix lists each security control, the reference from which security control was derived, and whether or not the control has been implemented.
Security Test & Evaluation Plan, Report and Appendices – Help Developed ST&E compliance with FISMA and NIST guidance
STG Inc, Sierra Vista, Arizona
Senior Security Analyst/Security Engineer (DOD) October 2008 to February 2009
• Developed DIACAP Implementation Plan (DIP) that addresses all applicable and assigned IA Controls, per DODI 8500.2, Army Regulations (AR) 25-2 and ICAN /APC Best Business Practices (BBP).
• Developed IA Control Implementation Plan (IACIP)
• Prepared System Security Plan (SSP)
• Developed recommended allocations of IA Control/IACIP responsibilities
• Performed evaluations of emerging technologies to securely meet the organization’s requirements (based on operational, procedural, and technical).
• Developed Security Concept of Operations that will describe the basic security philosophy, ‘game plan,’ as well as a Plan of Action & Milestones (POAM) ‘get-well-plan.’
• Develops Mitigation Strategy Report (MSR) using Gold
• Developed a Security Design that describes the details of how security will be addressed in the system and how the functions, and IA Controls identified in the Security Concept of Operations are allocated and integrated into the system.
• Ensured all final architecture designs address Army and/or DoD IA guidance and regulations, provides defense-in-depth, and provided the required level of protection throughout the system’s lifecycle process
• Created Information Security Plan (ISP), system diagram (logical, virtual and physical), Hardware /Software / Firmware Inventory Lists, Baseline Configurations, Interface Ports, Protocols, & Service listings, Configuration. Management Plan, Engineering Control Board Charter, IA Acquisition, and Contingency Business Continuity Plan.
• Proven ability to create and maintain documentation, and process flows, as needed
• Experience in presenting/interacting with senior management
• Review Log Aggregation/Monitoring
• Personnel & Technical Security, Physical & Environmental Security, Incident Response Plan & Reporting
• Document, Remote Access Security, Identification & Authentication, Audit Sub-systems and Cryptographic artifacts in support of Certification & Accreditation (C&A) efforts.
• Prepared Security Action Plans and Schedules.
Data Systems Analysts, Inc, Fairfax, VA
Team Lead Security Controls Assessment Engineer (VA) September2007 to October 2008
• Directed staff while conducting VA Security Self Assessment on All VA Systems
• Ensured existing System Documentations – Upd. System Characterization were accurate
• Reviewed and ensured staff validated FIPS-199 Security Categorization for PII & SPI Systems Confidentiality and Mission Critical Systems
• Lead staff in administering NIST 800-53A & Technical Controls Questionnaire
• Updated C/DRP and ensured System Owners concur on documentation
• Administered NIST 800-53 Questionnaire to Senior Level Federal Employees
• Assisted Senior Level Federal Employees in updating ISSP & C/DRP Documents
• Lead performance testing and wrote documentation for C/DRP
• Performed Certification for FIPS 199 High watermark sensitivity level categorization information and information systems. Applied the National Institute of Standard and Technology (NIST) Special Publications 800-53, Revision 1, Recommended Security Controls for Federal Information Systems methodology and 800-53A, Guide for Assessing the Security Controls in Federal Information Systems testing procedures.
• Performed manual generic security technical test for legacy system in accordance with the NIST 800-53 controls.
• Executed client designed automated scripts in an effort to test technical baseline configuration requirements and control criteria(s) for Windows 2003 File, Print, Terminal, DHCP/WINS, IIS Servers, Windows XP Workstations and Laptops.
• Tested management, and operation controls as described in the NIST SP 800-53 and 800-53A guidance and provided recommendation and remediation strategies to address findings, and Plan of Action and Milestones (POA&M).
• Proven ability to create and maintain documentation, and process flows, as needed
• Experience in presenting/interacting with senior management
• Review Log Aggregation/Monitoring
• Participated in weekly stakeholder’s conference calls to discuss resource allocation, and deliverable milestones.
• Served as point of contact for 22+ sites.
Lockheed Martin/NISC II Program, Washington, DC
Mid-Level Security Engineer (FAA) July 2007 to October 2007
• Conducted FAA Security Self Assessment on all AVS Systems
• Validated FIPS-199 Security Categorization
• Reviewed existing POA & M Items
• Administer NIST 800-53A & Technical Controls Questionnaire
• Updated C/DRP and have System Owner verify information
• Analyzed NIST 800-53 Questionnaire
• Updated POA & M
• Proven ability to create and maintain documentation, and process flows, as needed
• Experience in presenting/interacting with senior management
• Review Log Aggregation/Monitoring
• Reviewed ISSP & C/DRP Documents
• Performed table top test of C/DRP (where applicable)
Office of Unified Communication, Washington, DC
Manager, Information Technology/LAN/WAN Security Administrator March 2006 to November 2006
• Performed as Project Manager
• Provided 1st, 2nd and 3rd tier support/ LAN/WAN Security Admin support for over 500 users/workstation at Central Office of Unified Communication (OUC/PSCC) and Unified Communication Center (UCC),
• Installed and maintained vendor supplied operating systems, meet DC Government security compliance on Windows XP/Vista PCs and Linux/Unix workstations, administration of core operating systems and all third party products, maintain IT
• Support, integrate and ensure interoperability of complex conceptual and tactical solutions to customers IP Telephony and call center requirements.
• Configuring Access Manager for UserApp and SAML | Novell User
• Deploy Provides Single Sign-On User Access
• Ensure successful customer implementation, operation. Develop strong relationships with customer technical personnel, and other technical resources.
• Lead technical design/installation post sales for implementation of complex Cisco contact center enterprise
• Provide installation Support for Cisco Call Center enterprise solution involving
• Cisco Communication manager
• Configuration or Cisco ASA Firewall configuration
• Cisco H323, SIP and Gatekeepers
• Configuration of virtual port channel using NX-OS
• Oracle 9i SQL DBA Support Administration
• Designed, developed and implemented tracking applications used to collect and report operating system and database system errors and exceptions
• Supported VMware ESX Infrastructure 3 in a server visualization environment
• Hardware/Software support, Access DB Admin.
• Installation of Cisco and AVAYA VIOP and provided Testing and Training
• Provided network security review for all workstations
• Install and Configured patch Management (Windows patch management), Software patches and upgrades
• Updated virus definitions on 22 servers weekly
• DHCP, WINS Support
• Responsible wireless network configuration
• Was responsible for the corporate Outlook e-mail system implementation, upgrade and maintenance.
Computer Science Corporation, Lanham, MD
Senior Software Engineer II/Spacecraft Controller May 2002 to December 2005
• Network Admin. Supporting Network Security, Updating Hardware and software.
• Configuring Access Manager for UserApp and SAML | Novell User
• Conducted Patch management and install and upgrades software patches
• Coordinated all ground system events with the spacecraft downlink sites
• Install and Configured patch Management (Windows patch management), Software patches and upgrades
• Installed and upgrade Hardware
• Applied a broad knowledge and software engineering concepts to integrated software systems
• Evaluated and help designs systems to structure and access databases.
• Analyzed the database requirements.
• Submitted all recommendations for solutions that require definition of the physical structure and functional capabilities of databases and support data security and data back-up/recovery specifications.
• Maintained flight operations computer systems
• Conducted direct troubleshooting, technical support and software training for ground systems crews
• Interpreted data received from NASA TDRSS and Ground station networks
• Performed ephemeris loads, star catalog; stored command loads, as well as narrow-band tape dumps
EDUCATION
Strayer University, Washington, DC
MBA, Information Systems Management
8/07
Robert Morris College, Chicago, IL
Bachelor of Science
5/1999
US Army/ Honorable Discharge
1984-1986
REFERENCES
Available upon request.
Contact this candidate