Engineer Security

Technically sophisticated information technology professional with over 15 years of IT experience and demonstrated success in computer system/network administration. Proven expertise to increase reliability, maximize productivity, and introduce system efficiencies. 12 years of experience in System Administration of Unix and Windows based networks. Four years working in Quality Assurance as a Systems Integration Test Engineer.

Technical Skills

• Certified Information Systems Security Professional (CISSP) in good standing

• Creation and modification of risk assessments, Plan of Action & Milestone documents, as well as making and enforcing enterprise-wide policies and procedures

• Knowledge of HIPAA, HITECH, and Meaningful Use compliance standards

• Knowledge of ISO 27002:2005 IS Management Standard, and the CoBiT Maturity Model

• Extensive knowledge of DISA STIG and Gold Disk, NISPOM Chapter 8, and DoD 8500, and 5200 Series Directives

• Broad knowledge of Microsoft, Solaris, OpenBSD, and Linux operating systems

• Experience with Oracle, EMC SAN administration, as well as VMWare Workstation and Server

• US Government Security Clearance

• US Navy Veteran, with 8 years of Honorable service

Career History

Cynergistek, Austin TX, December 2011 – July 2012

Senior Information Security Compliance Consultant

Provided hands-on consulting services to clients that offered enhanced levels of information security

Conducted risk assessments and information security program assessments as mandated by HIPAA requirements. Interpreted HIPAA, HITECH, Meaningful Use and other requirements as they relate to a specific internal information system, and assisted with the implementation of these and other information security requirements.

• Traveled on-site to do risk assessments for hospitals according to HIPAA/HITECH guidelines, and the ISO 27002:2005 standard.

• Created specialized reports highlighting findings found during technical and non-technical evaluation of healthcare information systems. Non-technical evaluation required interviews of key personnel, as well as review of policies and procedures, training, and HR records to ensure the client was conforming to HIPAA/HITECH guidelines.

• Conducted physical security assessment of the facilities while on-site. This entailed checking security camera coverage, checking physical access points, evaluating the location of workstations and printers for possible tampering by outside sources, and assessing network security controls for possible breaches of sensitive information.

• Utilized the QualysGuard appliance to scan internal and external information system assets, and reports were created detailing the results of the vulnerability assessment to the client.

• Held workshops with hospital administration (CIO, Legal, Compliance, etc) to go over the results of the assessments and to chart out a course of action to help them address deficiencies found and to create a plan of action to address them.

• Created nightly reports using Log Logic appliance that detailed various metrics for hospital clients (accounts created/deleted, number of failed logon due to certain conditions, etc) and e-mailed those to proper hospital personnel utilizing e-mail encryption from Zix.

• Conducted Meaningful Use assessments on Hospital Electronic Health Record (EHR) systems to allow the hospital to attest for Meaningful Use Stage 1.

Ultra Electronics Advanced Tactical Systems (ATS), Austin TX, 2010 - 2011

Information System Security Officer (ISSO) / IAVA Engineer

Maintained Information Assurance Vulnerability Assessment (IAVA) scripts for several projects to ensure proper information security standards were followed. Managed classified computer systems according to NISPOM Chapter 8 Guidelines and policies set by the ISSM and FSO. Created Plan of Action and Milestone (POA&M) documents that initiated timelines to help customers understand when security vulnerabilities would be mitigated.

• Maintained accurate documentation to show changes between IAVA builds

• Interfaced with customers on changes being made to systems, and modified systems accordingly

• Updated SOPs and access control lists to ensure proper permissions were given to the proper personnel

• Used virtualization technology to create multiple hosts to decrease testing time by 30% and decreased time between customer deliveries by 50%.

• Saved approximately 250,000 US dollars per year by developing a FIPS 140-2 enabled OpenSSH for Windows, RedHat, and CentOS Linux

EDS/HP Enterprise Services, San Diego CA, 2006 - 2009

Systems Integration Test Engineer

Coordinated with vendors to resolve testing issues and develop possible solutions. Worked against deadlines on several key multi-million dollar incentive projects for the US Navy global information network

• Created complex and detailed test plans during white box testing

• Collaborated in review of testing processes to eliminate inefficiencies using Lean Six Sigma methodologies

• Applied certified test hardware to lab environment to mimic production environment

• Oversaw training of new personnel to enable faster and easier introduction to testing environment

• Implemented applications built on Windows and Solaris 8, 9, 10, as well as RedHat Enterprise Linux

• Provisioned storage area network (SAN) LUNs to create storage on various Windows and Unix servers utilizing the EMC Symmetrix DMX-3

• Setup service level agreements and statement of work agreements to provide customers with service after installation of software and hardware solutions

• Created server images and deployed them to Solaris and Windows PCs and servers to increase testing efficiency by nearly 80%

US Naval Meteorology Command, NAS North Island, San Diego, CA, 2005 - 2006

Senior System Administrator/ Information System Security Assistant (ISSA)

Supervised 4 person team to complete networking and setup of 20 unclassified and classified servers in the Weather Command operations center to support vital US Naval operations and exercises. Performed maintenance on 20-25 Sun Solaris 7, 8, and 9 workstations and servers including networking, patching, and security vulnerability compliance.

• Managed group of 6 technicians monitoring help desk functions and servicing user workstations. Created schedules for support based on operational necessity.

• Managed the Trusted Gateway System (TGS) and the Joint Operational Data Interchange (JODI) to pass unclassified data safely to classified networks for support of DOD assets worldwide.

• Maintained proper network documentation in accordance with the Defense Information Security Agency (DISA), Including updating network diagrams, IAVA compliance, and physical security guidelines.

• Setup and maintained DHCP, DNS and NFS servers, as well as Web servers for sharing information to external customers, and Windows file servers for sharing of information to internal personnel

• Cataloged and secured COMSEC equipment in accordance to physical and information security guidelines.

• Conducted training with operations personnel on operation of various meteorological and IT systems

• Created risk assessments on information systems to highlight operational need, and used assessments to create plans for business continuity and disaster recovery

• Conducted security training to help new personnel understand proper storage and handling of secure media and materials

• Briefed senior leadership on operational status and status of projects at weekly meetings

• Replaced outdated protocols like FTP, Telnet, and RSH, with OpenSSH and SFTP to further secure networks and reduce attack vectors from the outside

System Administrator and Weather Observer 1997 – 2005

Monitored Cray XMP supercomputers for completion of advanced weather forecast models using Hummingbird Exceed. Maintained heterogeneous network of Windows and Linux clients at a remote base to provide timely meteorological data to the US Navy Fleet in the Indian Ocean.

• Managed training records for military and civilian personnel using in-house database system

• Briefed senior leadership on weather phenomenon in areas of importance to Naval assets

• Performed maintenance and upgraded meteorological hardware to mitigate outages

• Setup and maintained Symantec Enterprise Antivirus to ensure proper distribution of anti-virus updates

• Created meteorological observations that required timely transmission to a centralized database using web site upload interface

Education & Training

Bachelors of Science, Information Technology, University of Phoenix, 2008

Certified Information System Security Professional, August 2010

Sun Solaris System Administrator, Intermediate, GCA Training Center San Diego, 2005

Sun Solaris System Administrator, Advanced, GCA Training Center San Diego, 2005

HP UNIX 11i v3 System Administrator Training, HP Training Division, 2008

Contact this candidate