ARTHUR E. WARD
*** ******* **** ** *****: 510-***-****
Culpeper, Virginia 22701 Email: ***********@***.***
SR. INFORMATION ASSURANCE OFFICER
PROFILE
Results-driven Information Security Officer with 15+ years of experience in Information Assurance (IA). Superb working knowledge of Certification and Accreditation in a wide range of computer related disciplines, with concentration in, DOD 8510, NIST and DCID 6/3 based Information Technology (IT) Accreditation, Network Security enforcement, Government IA Policy and Operations Management. Successful in designing, developing and deploying technology strategies and policy that ultimately align security initiatives to strengthen the security posture for both small and enterprise companies. Top Secret/SCI (Held By FBI) Awarded 2009, CI Poly. Areas of expertise and accomplishment encompass:
Risk Assessment
Risk Management
Auditing
Configuration Control
Project Management
Accreditations
Physical Security
Policy Development
IA Training
PROFESSIONAL EXPERIENCE
2010 - Present Invertix/INSCOM Futures Alexandria VA
Information Assurance Engineer
Perform DoD Information Technology Security Certification Accreditation (DITSCAP), and DoD Intelligence Information System (DoDIIS) Security Certification and Accreditation analysis for the United States Army Intelligence & Security Command (INSCOM), per Joint DoDIIS Cryptologic SCI Information Systems Security standards (JDCSISS), DODI 8500.01-E, 8500.2, DCID 6/3 and AR-25 Information Assurance.
• Assisted with computer security engineering for classified networks. Supported the government in preparation of C&A documentation; planning and implementation by reviewing and developing program documentation; ran RETINA scans, DISA STIG and SRR compliance.
• Develop and schedule submissions of all C&A deliverables including System Security Authorization Agreement SSAA, Risk Management Matrix (RMM), Certification Test Plan (CTP), System Requirement Traceability Matrix (SRTM), Plan of Action and Milestone (POA&M), and Certification Test Report (CTR).
• Provide guidance to less experienced systems personnel. Specific requirements include project level coordination of DCID6/3, DoD 8500.2 AR-25 C&A tasks; scheduling and identification of resources for upcoming tasks and creation and review of C&A packages
• Develop Security Concept of Operations which describes basic security philosophy, game plan, as well as a Plan of Action & Milestones (POAM) get-well-plan.
• Lead C&A projects and provide expert level knowledge to IT systems security and related areas, such as IT systems vulnerability assessments, system security policies and procedures.
• Documented, analyzed, registered reviews and submitted C&A packages in accordance with relevant C&A processes described in the DoDIIS, and DITSCAP guides.
2005 - 2010 Ingersoll Consulting/FBI Washington D.C.
Information System Security Representative
As an Information System Security Representative, responsible for performing Certification and Accreditation (C&A) analysis which includes reviewing C&A documentation, and identify that system operations, system architecture, accreditation boundaries, and security controls are properly addressed and information systems comply with security requirements and established security policies and guidelines.
Ensure that all system owners have complied with all FISMA guidance to include NIST 800-53, FIPS 200 and DCID 6/3 if a TS/SCI system is involved.
Assists the user community in getting their AISs through the C&A process with an ultimate goal of full accreditation in support of FBI operations.
ARTHUR E. WARD Page two
Responsible for validating system security packages assigned before they are turned over to the Accreditation Unit for determination on the level of accreditation approval for the system.
Support the ISSM in creating, certifying and accrediting major Federal Applications; security policies and System Security Plans (SSP) for the FBI’s Certification and Accreditation (C&A) security program; utilizing guidance provided by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-26 Security Self- Assessment Guide for Information Technology Systems, and NIST SP 800-53A, Guide for Assessing the Security Controls in Federal Information Systems.
Develop the Security Requirements Traceability Matrix (SRTM) and the Risk assessment document called the Risk Management Matrix (RMM).
Responsible for writing several official summary communication documents which are used to convey the formal certification decision and accreditation recommendation to higher authority.
Work with the tester to determine the best security control countermeasures to mitigate discovered vulnerabilities.
Developed a Risk Management Matrix (RMM) training program which was responsible for training the Information System Security Unit during a critical restructuring period.
Strong project management experience includes definition/analysis of system requirements, identifying risks and managing multiple projects using MS Project to ensure projects are properly defined, approved, planned, documented, resourced, scheduled, supervised and completed.
Member of the FBI C&A handbook working group. Responsible for making changes to the C&A process in accordance with CNSS 1253, FIPS 199/200, and NIST 800-53 requirements.
Perform assessments and administrative guidance on the FBI’s Disaster and Recovery Plan during the C&A process.
2003 – 2005 United States Navy Everett, WA
Information Systems Security Manager USS ABRAHAM LINCOLN (CVN-72)
High-profile position reporting directly to the Commanding Officer. Accountable for all aspects of Information Security for 17 departments and 79 divisions for an organization of approx 3,200 and an Air
Wing of 2,480 personnel. Authored approximately 11 DITSCAP and DCID 6/3 based Certification and Accreditation packages.
Managed 19 department Information Systems Security Officers (ISSO) in the daily management
of 6,354 e-mail and Internet accounts, as well as performing audits and risk assessments on 1,307 Unclassified, 285 Secret, 22 Top Secret SCI, and 700 stand-alone computers.
Served as a project manager during a $2.5 million PC refresh project that was completed two months ahead of schedule.
Implemented a password crack program which was responsible for reducing the password cracks from 19% to less than 1% for an organization of 5,000+ employees.
Designed and implemented an effective IA training program consisting of user guides, bulletins, training tapes, and PowerPoint presentations used by staff and management.
Managed several Computer Network Vulnerability Assessment (CNVA) inspections, which were graded well above the Navy’s average. Zero intrusions.
Improved the systems security from 45% to 98% and operations security from 75% to 95%
by developing methodologies and metrics to perform risk assessment and security
assurance.
Authored several Certification and Accreditation packages using the DITSCAP and DCID 6/3 process of seven systems and networks (Top Secret SCI/SIPR/NIPR networks, GCCS-M, BGPHES and BUSHHOG systems).
Performed random inventories on all ADP assets for 79 divisions for adherence to DOD standards.
Developed, implemented, and maintained all Department Of Defense (DOD) security standards, policies, and guidelines, including compliance monitoring procedures in accordance with DOD 8500.1 and 8500.2 standards.
Ensured that the latest hot fixes and security patches were installed for over 2,500 workstations.
Spearheaded the annual Commander Pacific Fleet (COMPACFLT) inventory for nearly 5,000 AIS items totaling $5 million in AIS assets.
ARTHUR E. WARD Page three
Oversaw a division of 13 staff members in the daily operation and maintenance of multiple intrusion detection systems and network security evaluation tools.
Reviewed technical requirements to ensure cost and schedule risks were clearly identified, and appropriate measures were identified to mitigate risks throughout the project life cycle.
Developed several long range and short range plans for the information security functions including current risk assessment, gap analysis, and desired goals. This strategy subsequently led to increased policy compliance and a significant reduction of security incidents.
1999- 2003 United States Navy San Diego, CA
Combat System Training Team Leader Afloat Training Group Pacific (ATG)
Served as a Combat Systems Training Team Leader coordinating the efforts of 23 instructors while performing audits, risk assessments, Disaster Recovery Training and IA training for over 50 organizations.
Trained and supervised a team of 23 in the selecting, testing, and monitoring process of IT controls for information systems.
Managed the training, development, implementation and maintenance of several Disaster Recovery Programs to include disaster recovery planning, risk assessments, testing, awareness and training for over 50 organizations.
Trained and assessed personnel in system operation, tactics, and doctrine related to communication support, attack, and protect measures.
Provided Certification and Accreditation training (SSAA) for over 30 Pacific Fleet units.
Conducted random audits and assessments using both NIST and DoD standards for all Pacific Fleet units.
Spearheaded a successful turnaround and ignited a stagnant Master Training Specialist program.
Managed a 22 person team to implement an extensive training initiative.
Successfully audited several computing facilities to ensure integrity of environmental and employee safety controls, including fire alarm systems, air conditioning, environmental alerts, and use of UPS/diesel generators.
Ensured that users were educated in the organization’s policies and procedures for marking, handling, and accounting for IS hardware, software, and firmware.
Planned curricula, scheduled instructions, established guidelines, and developed training materials.
1996 – 1999 United States Navy San Diego, CA
Information Systems Leading Petty Officer USS LAKE CHAMPLAIN (CG-57)
Oversaw 13 communication technicians in the daily operations of 40 UHF/HF; satellite voice and data circuits. Maintained and managed a flawless COMSEC material account dealing with keying material from time of receipt to time of transfer, safeguarding and destruction.
Performed audits and reported results to upper management via detailed reports.
Provided in-depth Information Assurance (IA) training to over 200 personnel during new employee orientation.
Identified and implemented a plan of action Disaster Recovery plan in case of power or system failure.
Revised numerous IA policies and standards, resulting in a major reduction in the amount of classified information spillage incidents across the organization.
Key member of the Configuration Change Management Board. Provided significant insight and developed policy to ensure all changes to the LAN meet network security requirements.
Designed and implemented a physical inventory system, which achieved a 98% accuracy.
Investigated audit findings and provided required actions documentation. Identified, implemented and controlled all mitigation strategies.
ARTHUR E. WARD Page four
TECHNICAL SKILLS
Windows 2003/2008
MS Office Project 2003
Tomcat Apache
Internet Proxy, content filtering anti-spam applications
McAfee, and Norton Anti-virus System including enterprise applications
OpenSSO
SNORT, PKI
Surf Control
EDUCATION AND TRAINING
Master in Information Security, Fairfax University, May 2008
Master in Business Administration, Salem University, December 2007
Bachelor of Science Degree in Information Technology, National University, October 2005
Associate Degree in Computer Science, Coastline Community College, October 2001
Crypto Material Systems Custodian (CMS) School
Advanced Shipboard Information
Systems Security Manager School
Information Systems Security Manager School
Tasked Based Curriculum Development School
PPP Based Curriculum Development School
Fundamentals of Total Quality Leadership (TQL) School
Instructor Candidate Training
Methods For Managing Quality (MMQ)
Nearing completion of CISSP certification studies