Security Project
Resume:
Sally Thomas
Bowie, Maryland *****
240-***-**** (cell)
+1-301-***-**** (Home)
Email: ********@*****.***
CLEARANCE: Secret
Submitted TS/SCI (January 2012)
EDUCATION:
Bowie State University Bowie, MD 20715
Bachelor of Science: Computer Science Technology
Master of Science: Management Information Systems
Computer Skills
HTML, Windows 2000/XP/7, MS DOS, Windows Server, WordPerfect , Microsoft Works, Microsoft Office 97,Microsoft Publisher, HEAT, Peregrine, Mac OS 9, DB2, Microsoft Project
Information Security tools: Wireshark, ArcSight, HBSS, ArcSight Logger, Wireshark, Proventia Desktop Protection, Black Ice, ISS SiteProtector, ISS Realsecure, ISS Scanner, Cybercop, Nessus, E-Security, Webinspect, Lumeta, Appdetective, Symantec Norton Antivirus, McAfee Antivirus, ArcSight, Altiris, EnCase, TrendMicro, AS&W.
Work Experience
5/11 – present Mannheim, Germany
Information Security Analyst
Analyze all data from various reporting systems including IPS, IDS and custom signatures for malicious intentions or suspicious activities
Use Arcsight to perform triage duties by reviewing fired signatures and further analyzing them for possible malicious activity
Managed events on NIPR and SIPR networks
Run Log Collector to obtain system dump for investigations
Use Arcsight logger to confirm malware and also to confirm services that were stopped and other intrusions that may have taken place
Ran reports on HBSS to confirm systems have updated AV information and also to gather additional information on malware/viruses that were ran on the machine
Use other in-house tools to gather logs for review of system activities while investigating an incident
Prepare reports for serious incidents reported via telephone, email or from monitoring
Implement blocks on the network on devices and hosts that pose a threat to the network
Evaluate security situations to determine the best action to mitigate risks on the network
Monitor web, email and network activity and work through tickets to gather information for completing related incident
Review snort logs for various custom signature alerts and determine whether an incident or false positive activity
Used AS&W to run pcap on the IP addresses that are currently investigated
Report activity to Information Assurance staff at various government sites for resolution
Work through various daily reports to identify activity that requires further action including personal systems placed on network without permission
Use Wireshark to review pcap (packet captures) data to further determine activity from systems
Use Putty to parse through web activity using various grep commands to further evaluate system web activity traced via proxy servers, blue coats and mail servers
3/05 – 4/11 Annapolis Junction, MD
Senior Information Security Engineer (Anti-Virus/Host-Based IDS/Firewall)
Northrop Grumman Corporation
Managing deployment and removal of retired IDS and AV to 600,000 client and server machines
Engineering the removal of current Antivirus and IDS/IPS applications
Engineering the pilot for implementation of a new Antivirus and HIPS/HIDS applications
Implementing intrusion detection and intrusion prevention system agents network-wide
Managing exceptions for false positive IDS/IPS policy changes
Adding/Editing Firewall/IPS rules using Siteprotector and/or Sophos management consoles
Perform vulnerability scans using Webinspect and ISS Internet/Enterprise Scanner
Provide reports of vulnerabilities and remediation steps to administrators and
Administer and maintain ISS Proventia Desktop agent
Deployed ISS Siteprotector and components in current Infosec architecture
Install and Manage ISS Proventia server on all server resources within company
Apply needed updates to host based and network based ISS Intrusion Prevention Systems
Create and Implement new policies for ISS Proventia users
Maintain ISS database server for management of ISS IDS/IPS
Perform queries on ISS database server to improve system functionality and performance
Maintain host based and network based ISS Intrusion Prevention and detection systems
Create and Implement new policies for ISS Proventia users
Support and troubleshoot ISS Proventia issues and warnings
Manage Infosec projects including scheduling, procurement, baseline and implementation
Organize and manage weekly project status meeting
Manage project risks using custom designed risk management template
Balance financials for project to ensure team doesn’t go over budget
Contact procurement teams to get status of purchases and delivery
Interact with vendors to obtain order status and get quotes as needed
Manage and edit Infosec policies that relate to server and desktop products
Review network conditions and include recommendations for a more secure network
Used EnCase forensics tool to gather and protect evidence when investigating compromises
Use MIC tool to analyze desktops and servers to gather information during an investigation
Report illegal computer activity to legal department for prosecution or termination as requested
Perform investigations on possible exposed systems to identify vulnerabilities and/or attacks
Coordinate security incidents
Respond to virus/Trojan activity based on reports on the Siteprotector/Arcsight consoles
Assist users with security incidents via email and telephone
Answer emergency security line to manage security activity
Investigate security issues and coordinate emergency response team as needed via conference
Document security processes
Use Arcsight to monitor and investigate firewall and IDS/IPS events in real-time
Perform tests on user’s machine for spy ware, viruses, Trojans or unauthorized software
Perform forensics testing on user machines to collect evidence for prosecution or termination
Performed procurement duties for Information Security projects for the company including coordinating requests for bids and application details
Perform penetration testing as needed under ethical hacking policies for the SOC
Perform war dialing semi-annually
Use TCP/IP layouts to perform some investigative functions
Use Windows commands to get additional information on systems including IP addresses
Perform forensics investigations using EnCase utilities
Research spam emails for malicious content and implement blocks as necessary
08/03 – 2/05
Management Analyst (Consultant) Washington, DC
BearingPoint, Inc.
Coordinated Incident Response effort for Department of Education
Coordinated patch management presentations
Inspected and Scan local telecommunications equipment against security measures
Assisted with personnel and information security improvement efforts
Assisted with migration of several independent systems into a large online system for the Department of Education
Oversee Incident Response and Management procedures
Assisted with risk assessments and C&A using standards set for DITSCAP, NIACAP and HIPAA
Managed and Implement IT and Information Security projects to ensure completion, adherence to DOE policies and directives
Consulted with FISMA, OMB, NIST and other publications to conduct evaluations of DOE systems
Developed policies and documents on security improvements to information systems
Maintained website for Information Security department
Maintained supplies for contractors to perform regular office duties
Managed maintenance requests for contractors under DOE Security projects
Produced forms and publications (guides) for improved security
Developed an improved reporting system for vulnerabilities, threats and other security issues within the Department of Education system
Coordinated security awareness classes and programs
Conducted training in security related issues including incident response
04/03 – 08/03
Information Security Analyst Germantown, MD
SAIC
Answer all inquiries via email, telephone and online submission
Assisted with monitoring vulnerability scans
Analyzed data from security control devices for anomalies
Prepared security awareness documents
Prepared shift paperwork for distribution amongst peers
04/01 – 04/03
IT Security Specialist Washington, DC
United States Senate
Supported clients via telephone and email with security related issues
Operated a security support hotline to respond to IT emergencies
Coordinated implementation of network-wide Anti-virus project to include gateway and server implementation
Coordinated all virus related testing, resolution analysis and deployment of AV product research and implementation of projects
Coordinated vulnerability testing
Constructed reports for project presentations
Administered ACF2 mainframe accounts
Coordinated vendor presentations
Ran vulnerability programs to assure hacker-proof environment
Reinforced incident handling procedures
Updated anti-virus software and user notifications
Used DITSCAP and NIACAP documents and procedures to perform system accreditation and security certifications
Oversee Intrusion detection program administration
Performed scans for illegal devices on the network including wireless LANs
Researched new security tools for implementation in our network
Managed Antivirus projects
Supported customers with escalated Anti Virus issues
Planned Security Awareness Programs
Used Microsoft Project to plan assigned tasks and projects
Performed fingerprint scans on assigned network IP addresses
Used security tools/applications to check status of patches and service packs on servers
Tested new software for implementation on the network
Performed IT Security Assessments of new office systems for patch updates and service pack increments
Conducted forensic studies of infected/exploited computers using various tools
Performed fingerprinting scans of systems to determine operating system and other information about system
Implemented a security assessment review that is used to identify vulnerabilities on systems prior to adoption into network
Performed scans for unauthorized wireless networks within Senate community
Contact this candidate