| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Aberdeen, MarylandPHONE NUMBER AVAILABLE EMAIL AVAILABLE1Professional SummaryIT Security Manager with over 24 years of experience in the areas of Operational IT Security, Enterprise Resilience, Risk Management, Security Analysis, Information Security, governmental and financial policy for certification and accreditation (DoD, NIST 800-53, ICD 503) Network (LAN/CAN/WAN) Management, and system analysis and design for desktop and network applications. Skilled in designing and modernizing infrastructure and implementing such as email/web servers, Storage Area Networks, and various network monitoring tools (HP Openview, SNORT) supporting large user groups at government headquarters as well as multiple remote locations. Managed $10 million dollar IT budgets and staffs of over 100+ personnel. Proven ability to effectively translate customer needs into technological requirements that support customer objectives and successfully manage all phases of IT projects from requirements definition to implementation and maintenance. Clearance: Top Secret (May 2019)Technical SkillsOperating Systems: Windows 10, 8.1, 7, NT, 2K, XP, Vista, Familiarity with Linux, UNIX and Apple Solaris 10, Microsoft Active DirectoryApplications: MS Project - Intermediate, MS Office, SQL Server, XML, Retina, SharePoint, Real Secure, Mozilla, xfirewalls, Vulnerability Management Systems (VMS), Microsoft Visio, MS Exchange Rsam, Archer Hardware: UNIX V series, Dell, Gateway, custom PCs, Cisco routers, switches and hubs, VOIP, Training: CCISO Boot Camp, CISSP Boot camp, PMP Boot camp, DISA IA Certified, XML, Security+ Project Management for IT Professionals, BCOT, Leadership, Junior Executive Management School (SOS) Certifications: DRI-CR, CISSP (115937), C CISO, ITIL v3 Work ExperienceCareFirst BlueCross BlueShield September 2019 April 2024 Manager, Cyber SecurityLeads and manages a six-person team of system administrators assigned to a portfolio of security applications for CareFirst BlueCross BlueShield's enterprise IT network by implementing a selected set of technical security controls to protect critical business data and information. Ensures 24/7/365 support to business owners service- level agreements to meet requirements based on contractual obligations and maintenance agreements. Saved more than $2M dollars combining a network and information protection solution from two existing products, resulting in more secure encryption and WIFI 6 network utilization. Closed an audit finding by implementing an application whitelisting solution for the entire network. Upgraded internal/external certificate authorities from an old IBM solution to the latest Microsoft CA in AZURE. Implemented the Proofpoint User Repository allowing external customers a "self-service" process to access business sensitive emails and information, significantly reducing account creation wait times from days to minutes, and increased system administrator productivity by 20 percent. Expeditiously migrated from Blue Coat Web Proxy to Palo Alto's Parisma solution to remediate the use of a compromised web browser that created a company-wide internet outage. This significant undertaking was turned around in weeks, preventing the loss of millions in insurance subscriptions and ensuing reputation. Planned and implemented a cloud-based solution to allow users to manage email that could be considered SPAM in a low risk virtual environment without delay; this was significant in reducing access to information for corporate executives during meetings with external partners and clients. United States Federal Reserve, National IT October 2018 July 2019 Manager, Information SecurityLed a two-person team tasked with developing and operationalizing an enterprise cyber resilience service for the Federal Reserve Systems most critical business functions during catastrophic system outages and major breaches; maintained a catalog of tunable defenses that could be deployed to remediate specific cyber threats. Candidate's Name
2 Established a schedule of milestones and tasks across multiple functional areas to track to key objectives to be delivered to the System CIO on behalf of the OCISO Cyber and Technology Resilience Teams by end of year. Delivered a critical audit documentation package 6 months ahead of schedule. Led the refresh of the 130 technical capabilities within the Federal Reserve's "Cyber Resilience Playbook" by coordinating with key functional areas to update key stakeholders and technologies used to protect and defend against cyber threats. Documented automation requirements to support the development of a new module to conduct business impact assessments in the existing tool used to maintain the cyber resilience technical capabilities. Senior Information Security Advisor November 2011 October 2018 Provided leadership and guidance for the information security policy direction for the Federal Reserve System, including the public key infrastructure; developed, published, maintained, and interpreted the information security policy framework; supported the enterprise information security performance program to develop and assess composite risk metrics and compliance statistics as a holistic measure of the Federal Reserve System's information security posture; and provided direction and leadership to business and IT management to facilitate informed strategic and tactical decision-making as they executed risk management activities under the Federal Reserves information security program by assessing and communicating enterprise-level information security risk and security program gaps. Led an 18 month working group across six different Reserve Banks to develop, pilot, and implement automation requirements for the Federal Reserve System enterprise information security and risk management program - project finished on time and under budget. Authored an IT risk management process document to capture information security requirements for minimal impact to IT components within Federal Reserve information systemsreducing cost and overhead for IT risk management activities. Hand selected to lead an enterprise shared IT risk project for the entire Federal Reserve System: challenged to develop a new methodology to organize and identify common information security control responsibilities for IT Service providers: provided leadership, brought all delayed tasks current and back to "green" status. Developed a third-party risk management toolkit for the entire Federal Reserve Systema collection of documents that collect critical information security assurance data on potential IT service suppliers during the procurement process. Co-authored a series of enterprise "Best Practices" documents for customers to capture and adhere to information security requirements on all Federal Reserve System information systems. Eagle Alliance, (National Security Agency) June 2011 November 2011 Information Systems Security EngineerPerformed technical security planning, integration, verification, and risk analysis for security Agency enterprise systems. Supported Certification and Accreditation (C&A) NISCAP testing, and security validation procedures. Interpreted security requirements into technical solutions and analyzed system configurations to determine the security posture. Researched, recommended, and implemented changes to procedures and standards to enhance data systems security. Established a schedule of milestones and tasks across multiple functional areas to track to key objectives to be delivered to the System CIO on behalf of the OCISO Cyber and Technology Resilience Teams by end of year- delivered a critical audit documentation package 6 months ahead of schedule. Verified user access on three major mission systems within division evidence collection squad; coordinated with each individual user to ensure there was still a valid need-to-know to maintain system access. Candidate's Name
3Emagine IT, (Federal Bureau of Investigation (FBI)) February 2011 June 2011 Information Systems Security OfficerResponsible for ensuring that operational security is maintained on a day-to-day basis for assigned information systems at the FBI Baltimore Division. Presented a risk case to senior management on 13 undiscovered systems within the organization; initiating certification and accreditation efforts to reduce current threat levels to mission. Documented an "ad hoc" portable electronic device registration process to ensure outside agency electronic devices were probably accounted for when entered into FBI space. Point man for all INFOSEC training: reported division's course completed progress for more 585 employees and contractors.CSSS.net, FBI April 2010 January 2011Senior Information Assurance EngineerPerformed security risk assessments on Top Secret SCI systems. Tracked and managed security milestones for Certification and Accreditation activities. Authored COMSEC Risk Assessment for Program of Record. BAE Systems June 2007 March 2010Senior Information Assurance EngineerPerformed technical security planning, integration, verification, and risk analysis for DoD systems. Conducted network security and vulnerability assessments, penetration testing, Certification and Accreditation (C&A) testing, and security validation procedures. Interpreted security requirements into technical solutions and analyze system configurations to determine the security posture. Researched, recommended, and implemented changes to procedures and standards to enhance data systems security. Established US Navy Strategic Systems Programs Information Assurance Working Group (IAWG); Commanded communication focal point for dissemination of IA policy to ensure compliance with FISMA, DOD, and US Navy regulations. Developed policy for technical reviews for information security documents for Command Integration Branch Manger; trusted independent agent to ensure SSAA documents are valid and inline with current C&A process. Brain trust to ensure DoD Information Vulnerability Management (IAVM) Program was in place for Command's tactical and tactical support systems aboard DoD Weapon Systems. Defense Information Systems Agency (DISA) January 2004 May 2007 Computer Program AnalystResponsible for monitoring commercial software products (COTS/GOTS) ensuring compliance with government security policies, DISA STIGs, and IAVA notices, throughout system's life cycle. Program manager's point person to coordinate and schedule demonstrations showcasing new functionality and features incorporated into each new software version release. System Engineer for Top Secret C2 Network supporting 100+ users. Designed the system architecture for a Top-Secret network; provided Unix and Windows based, automated collaborative planning and messaging tools for nine sites under budget and within the projected timeline. Scripted, assigned personnel, and scheduled a $84K system demonstration to exhibit vast new capabilities in DOD command and control system of record; Delivered Program Management Office's signature presentation to all potential/current users. Led a 10-week system installation and validation team to US Logistics agency; Led eight IT professionals and four Subject Matter Experts (SME) through WBS schedule for 5-week installs at two different sites. Authored System Security Authorization Agreement between three government agencies; providing the official guidelines and procedures to maintain system compliance with federal regulations (DITSCAP; DIACAP; DISA STIGs) and guidelines.Candidate's Name
4Langley Air Force Base, Hampton VA March 2003 January 2004 Multimedia ManagerManaged a 51-person organization supporting a full range of graphics design, multimedia, video documentation, production, still media production, presentations, publishing, post-production operations, quality assurance, website development, maintenance and training; within a $3M budget. Captured over 300 images of extensive damage during Hurricane Isabel by assigning photographers to critical locations on the base during the storm to document damage images used by senior management to get approval for $250M in Base relief funds by Congress. 2003 Air Force Assistance Fund Campaign Manager; blew away Base projected goal by 27 percent by defining target goal to 50+ key workers instructing them to contact and collect donations over a 4 week period in their respective organizations.Network Operations Center, Langley Air Force Base April 2002 February 2003 Technical ManagerLed a 102-person work center overseeing daily network operations for over 12,000 users; maintained over $40M worth of computer systems; responsible for coordinating network activities with three outside agencies. Established Base's first real-time intrusion detection capability against internal/external attacks using Cisco IDS equipment. Orchestrated the installation of vital network monitoring tools (HP Openview, Solarwinds, SMNP Informant, etc.) for secure and unsecured networks; reduced threat matrix by 50%. Built Base's first 24/7 network operations center; produced one focal point for all communications areas of interest. Spearheaded the installation of the Base first Storage Area Network (SAN) with IBM Blade Center; migrated 18,000 mailboxes with minimal downtime replacing 90 Compaq mail servers with EMC2 Symetrix hardware. Systems Analyst, Desktop and Network Applications December 2000 April 2002 Executed multiple projects simultaneously, analyzed system requirements, estimated costs, produced high level designs, wrote software specifications, and developed prototypes to validate automated customer solutions. Engineered tactical telephone solution to reduce hardware footprint; released $3.5M in organization annual budget. Followed SDLC principles to design a web based application to increase customer joint combat training capability meeting operations requirements on time and under budget - COO's #1 project. EducationWebster University-Bolling AFB, Washington DC (2004 - 2005) Master of Arts - Computer Resources and Information Management* Only thesis remainsThe Citadel, Charleston SCBachelor of Science - Computer Science (August 1994 - May 1998) Burke High School, Charleston SC (August 1990-June 1994).AffiliationsLeadership Maryland Class of 2018United States Air ForceProfessional Military OfficerCitadel Alumni AssociationArmed Forces Communication and Electronics Association American Jujitsu Association |
