Seeking a position that will utilize my education, abilities, and experience where I can effectively contribute proven security expertise to lead and support an organization's Information Security Program.
MicroPact, IncHerndon, VAInfoSec Engineer07/2014 to Current
Served as the Point of Contact (POC) supporting all security-related matters for MicroPact, including: Served as Lead ISSO for multiple government agencies in supporting continuous monitoring activities, security authorization efforts, and meeting compliance requirements such NIST, FedRAMP, PCI, ISO 27001, and SOC2 Supported a successful FedRAMP security assessment for the MicroPact Product Suite Identified security risks, threats and vulnerabilities of networks, systems, applications, and new technology initiatives Conducted complex security architecture analysis to evaluate and mitigate issues for MicroPact's web application software (entellitrak and icomplaints) Developed policies and procedures for securing the system infrastructure and applications Identified and oversee the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security Multitasks and manages several ongoing long term projects in addition to daily responsibilities Performs highly complex product evaluations, recommends and implements products/services for network security.
Validates and tests complex security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies Assisted with business proposals regarding security requirements and compliance Served as the backup for performing WebInspect and Nessus security scans Performed presentations to the sales and professional services team on FedRAMP and the Security Authorization Process in relation to the NIST Risk Management Framework (RMF) Worked with the Database, Middleware and IT Operations Team very closely in handling network, application, and database security related issues Assisted the sales team with proposals in security related areas.
Knowledge Consulting Group CAPDReston, VASenior Information System Security Officer /IT Security Consultant03/2013 to 07/2014
Served as the Senior ISSO for the Cyber Security Penetration Division (CAPD) team: Served as the ISSO in supporting the Ongoing Authorization activities for the Immigration Customs Enforcement (ICE) Collaboration Tool.
SharePoint System) Supported the Security Authorization activities for the Federal Retirement Thrift Investment Board (FRTIB) adhering to the NIST 800-37 Rev 1 Risk Management Framework Developed the System Categorization, Threat Assessment, and the System Security Plan (SSP) for the FRTIB Mainframe System in accordance with the NIST 800-53 Rev 4 Guidelines Performed Security Assessments for Federal Reserve Bank (FRB) systems in accordance with SAFR policy.
Similar to NIST 800-53A guidance) Developed and recommended technical and security solutions to enforce and maintain a strong security posture for information systems Performed interviews, with key personnel, examined documentation, and reviewed test results in obtaining evidence on security control implementation for FRB systems Conducted a Highlights Briefing presentation summarizing the findings based on assessment results Developed the Security Assessment Report (SAR) summarizing the findings from the security control assessment Provided recommendations on mitigating the risk to vulnerabilities identified in FRB systems Advised and provided guidance in improving the FRB assessment process Reviewed Rapid 7 Penetration Testing reports.
Missing Link SecurityAlexandria, VASenior Security Analyst12/2011 to 03/2013
Served as the Point of Contact (POC) and Information System Security Officer (ISSO) role to support government systems as a part of the continuous monitoring program at the United States Patent & Trademark Office (USPTO): Assist in all phases of the security authorization process in accordance with NIST 800-37 Rev 1.
for Data Storage Management and Patent Search Systems Develop and update information in the System Security Plan (SSP), Contingency Plan(CP), and the Risk Assessment Report (RAR) for each assigned Automated Information System (AIS) Developed various security authorization documents to include system boundary documents, e-authentication, privacy impact assessments, and FIPS-199 in accordance with NIST and FISMA policies and procedures.
Developed Security Guidelines for designing web applications for the USPTO Provided remediation assistance to the System Owners in order to both develop and work of Plans of Action and Milestones (POA&Ms) for assigned systems Reviewed and analyzed vulnerability and compliance scans for servers, URL and database targets Update the appropriate security authorization documents accordingly with the scan vulnerability results Coordinate with the Technical Lead (TL) and System Owner for any changes to a system and assess the Security Impact Analysis (SIA) of those changes Participated in Risk Assessments to periodically re-evaluate risks and mitigation strategies for a system Review and update security authorization documentations based on feedback from Assessment Team and Independent Verification & Validation (IV&V) team Performed Quality Assurance (QA) and review for system packages.
Electrosoft IncReston, VAInformation Security Engineer07/2008 to 11/2011
Provided oversight to the USPTO Continuous Monitoring Program for contractor systems and coordinated security audits conducted with third party assessors as well as the Inspector General (IG) Prepared Certification and Accreditation (C&A) packages for the Federal Aviation Administration (FAA) on Major Applications.
Performed system categorization using FIPS 200 and NIST 800-60, testing of security controls as defined in NIST 800-53, and produced System Security Plans adhering to NIST 800-18 Consulted with client to identify and mitigate risks and review POA&M reports to assist in cost-benefit analysis balancing between security and financial considerations.
Developed and updated System Security, Disaster Recovery, and Contingency Plans Developed and updated Security Testing and Evaluation Report (ST&E) Participated in client interviews and meetings as part of the risk assessment, system categorization, and ST&E Performed Security Test & Evaluation (ST&E) on an Environmental Protection Agency (EPA) General Support System (GSS) categorized at HIGH.
Conducted documentation reviews and interviews of EPA personnel and stakeholders for the target system.
Applied the NIST SP 800-53 Rev3 controls to the target system, and assessed the controls using the NIST SP 80053A Rev 2 test procedures Analyzed WebInspect and AppDetective scan reports for vulnerabilities and categorized them as low, medium or high impact Performed ST&E using NIST 800-53A for the National Gallery of Art (NGA) Worked on web application security vulnerabilities through the following tasks: Focused on exploiting vulnerabilities such as SQL Injection and modifying HTTP requests Demonstrated Application Software Security by utilizing the Fortify Security Code Analyzer (SCA) Installed, customized, and configured scan settings in HP WebInspect and AppDetective Utilized and configured Web Scarab as a proxy tool to intercept and modify browser requests in an insecure web application environment (Web Goat) Managed and coordinated the Electrosoft's Penetration Testing Lab.
This lab consists of demonstrations and exercises following the E-Commerce (EC) Council Ethical Hacking course Researched, analyzed, and developed a Whitepaper on Full Disk Encryption Researched and presented on SANS-CAG (Consensus Audit Guidelines) Researched and presented on Health Information Technology (HIT) Note USPTO experience was combined at both Electrosoft and Missing Link Security (3 years).
Bureau of Indian Affairs SeNet InternationalHerndon, VAInformation Security Engineer07/2006 to 07/2008
Aid in the development, coordination, and implementation of Net IQ Security Manager for AD (Active Directory) monitoring Assist in advising the Trust Active Directory (TAD) environment managers on Windows Active Directory (AD) security matters Configured and administered a test lab simulating the TAD environment using a STIG (Security Technical Implementation Guide) Provided documentation and assisted the Certification and Accreditation team on gathering information for NIST 800-53 Incident Response control family Assist in maintaining and tracking of POA&M (Plans of Action and Milestones) item status and efforts to address security issues identified in the POA&M.
Assist and aid in the planning, implementation, and testing of NetIQ security products for the Network Enhancement Project As the member of BIA's AD Security Team, interacted with users and respond to the security incidents in coordination with Information Security Officer (ISO).
Configured the network intrusion detection (SNORT) for perimeter and host intrusion detection system (NetIQ Security Manager on critical servers).
Fannie Mae Corporation Sapphire TechnologiesReston, VASenior Systems Analyst07/2005 to 07/2006
Provided Executive level support for over 3000+ employees of Fannie Mae's Restatement Project in the DC, Maryland, and Virginia locations.
Ensuring all incidents and problems are documented and followed throughout the incident/problem management process using PCM/Plus 3.0 Used Fannie Mae's Primary Internal Production application, Services Online, to research user profiles and make requests for software applications and provide the appropriate levels of access.
Train new employees on corporate policies and the procedures in the management process.
Uploaded reports and critical documents as well as providing the appropriate access levels to Microsoft Share point sites to specific users.
Created group mailbox using Exchange Server 2003 and controlling mailbox size limit through ADEX tools.
Managed and implemented software delivery using Systems Management Server (SMS) 2.5 and ensure that software patches, updates, and other applications were being received to user groups.
Installed and provided technical assistance using Point Sec Software security to offer encryption of hard drive data in Dell Latitude D600 laptops.
Installed and configured McAfee 8.0 Enterprise Edition Virus scan console using automated Software Delivery offering the latest updates of definition files for threats such as, viruses, Trojans, and worms.
Veterans Affairs CIRCVienna, VAIT Analyst07/2004 to 03/2005
Provide VPN (Virtual Private Network) support to Veterans Affairs Employees of 40,000+ users using Cisco VPN client version 4.02.
Served as point of contact for security incident, inquiry, and problem solution for the Veterans Affairs.
Monitor hostile probes using Remedy Ticketing System that could be seen as a threat to the Veteran Affairs Network from unexpected IP addresses.
Administrated database records of username and passwords for eRAS dialup software.
Inputted updated information of eRAS credentials for Veteran Affairs Employees users by using Microsoft Access database.
Created documents on Standards of Procedures (SOP) for the Call Center.
Surveyed and managed company inventory of hardware and software equipment.
Reported and tracked security problems using Remedy Ticking System 6.0.
Masters:Applied Information TechnologyGeorge Mason University, Fairfax, VAApplied Information Technology
Bachelors of Science:Information Technology BusinessBSIT)Information Technology Business
Department of Interior
Department of the Interior, Bureau of Indian Affairs (BIA), Public Trust approval.
Federal Aviation Administration (FAA), Public Trust approval.
United States Patent Trademark Office (USPTO), Public Trust approval.
Remedy, Microsoft Word, Excel, PowerPoint, Outlook, Access, Exchange, and Publisher. NetIQ Security Manager, NetIQ Secure Configuration Manager, DameWare Utilities, Nessus, nmap, WebInspect, AppDetective, Web Scarab, Web Goat, Snort, NetBus, Metasploit, Metasploit Pro, dsnsiff, dnsrecon, onesixtyone, MIB Browser, SET, aircrack-ng, John the Ripper, Wireshark, Burp Suite, Google-hacking
*Operating Systems: DOS, Microsoft Windows 98/NT/2000/Server/Professional/XP/ 2003/2012 Server, VMware, Ubuntu Linux, IBM z/OS, CA Top Secret, Kali Linux
*Systems: Cisco telephony equipment, Cisco VPN software version 4.02, Cisco 2950G-48 switches, McAfee Enterprise Edition 7.1 Virus Scan console, BlackIce Real Desktop Protector, Remedy, Norton Security Center, Nessus Security Center, entellitrak, icomplaints, SafeNet Client
CISSP, CAP, CEH, CCSK, MPCS, Security +, Network +, MCP
*Department of Defense (DOD) Top Secret Clearance (Current)
*Federal Reserve Bank (Secret Level Clearance)
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
Companies Worked For:
Knowledge Consulting Group CAPD
Missing Link Security
Bureau of Indian Affairs SeNet International
Fannie Mae Corporation Sapphire Technologies
Veterans Affairs CIRC
Department of Interior
George Mason University
Job Titles Held:
Senior Information System Security Officer /IT Security Consultant
Senior Security Analyst
Information Security Engineer
Senior Systems Analyst
Masters : Applied Information Technology Bachelors of Science : Information Technology Business
Create a job alert for [job role title] at [location].