| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidate1Candidate's Name
Cybersecurity ProfessionalEmail: EMAIL AVAILABLE Phone: PHONE NUMBER AVAILABLE LinkedIn: LINKEDIN LINK AVAILABLE Summary:I am a Top Secret cleared seasoned cybersecurity leader with over 30 years of experience in the Department of Defense(DoD) and corporate environments. I am adept at cybersecurity engineering and management. My education consists of many U.S. Government, and civilian training courses focusing on digital systems and cybersecurity. My specialties include cybersecurity management, compliance, and product certification. I seek a challenging role to contribute expertise in designing and securing critical information systems. Professional Experience:Malpass Construction Virginia Beach, VACybersecurity ConsultantJune 2023- Present Performed NIST 800-171 CMMC Assessment and reported the results in the U.S. Navy SPRS, allowing the company to compete for U.S. Government Contracts. Generated and implemented the Malpass Construction Company System Security Plan and associated policies and procedures necessary to meet NIST compliance requirements. Designed a remote cybersecurity monitoring solution to satisfy CMMC continuous monitoring requirements. Global Technical Systems (GTS), Virginia Beach, VA Director of Cybersecurity and Product Certification May 2016 - April 2023 Managed cybersecurity and product certification for GTS, overseeing 200+ networked users across multiple sites. Developed and implemented the corporate security plan, safeguarding US Government Controlled Unclassified Information (CUI) and Industry Sensitive Proprietary data. Designated National Security Agency (NSA) Commercial Solutions for Classified (CSfC) Trusted Integrator (TI) qualified to architect, design, integrate, test, document, field, solutions, and support systems that meet the requirements of the CSfC program. Developed CSfC Solution architectures based upon each of the NSA Capability Packages and associated Annexes. Designed and configured high-assurance IPSEC Virtual Private Networks (VPN) solutions incorporating virtual network hardware, FIPS-approved encryption algorithms, PKI Digital Certificates (hardware and user), and 2continuous security monitoring, for mobile and cloud-based military applications processing national security information. Oversaw all GTS defense product cybersecurity certifications, including Federal Information Processing Standards(FIPS) for encryption and National Information Assurance Partnership (NIAP) common criteria. Led the development of the GTS Technical Integration Lab (TIL), providing a controlled network service environment for product design, development, integration, and testing. Pioneered the creation of the GTS Virtual Cyber Range, offering cybersecurity staff a virtual training environment for threat detection and incident response workflows using open-source software. Successfully adopted the Cybersecurity & Infrastructure Security Agency (CISA) Cyber Security Evaluation Toolset (CSET) for efficient system accreditation documentation and security control compliance monitoring. FGS, LLC - Norfolk, VAInformation Assurance Specialist IVJuly 2015 - May 2016I supported the US Navy Commander, Operational Test and Evaluation Force (COMOPTEVFOR) in planning and executing Cybersecurity Operational Test and Evaluation (OT&E) of military digital systems aboard U.S. Navy ships during fleet exercises. Completed the COMOPTEVFOR Operational Test Director course, enabling effective Cybersecurity Operational Test & Evaluation (OT&E). Developed efficient batch scripts to capture and parse massive amounts of machine data and convert large PCAP files for indexing by Splunk. Conducted forensic analysis of cybersecurity test data to validate OT&E results. Super Systems Inc. - Norfolk, VASenior Information Assurance EngineerSeptember 2014 - June 2015 Supported the US Navy Space & Naval Warfare Systems Command (SPAWAR) by conducting cybersecurity security assessments of Military Sealift Command (MSC) Afloat System Baseline applications and networks. Created a virtual software testing environment for MSC applications, utilizing commercial and open-source penetration testing tools, including HP Fortify Static Code Analyzer (SCA). Integrated a Wide Area Network (WAN) emulator into the virtual test environment to simulate ship-to-shore satellite communications for application testing.3General Dynamics Information Technology, Inc. - Suffolk, VA Principal Information Security Analyst and Information Systems Security Officer (ISSO) April 2013 - August 2014Provided contract support to the U.S. Joint Staff J7 in security certification of IT systems and applications accreditation under DIACAP and RMF Frameworks. Managed vulnerability assessments for classified and unclassified Joint Staff networked systems. Implemented the static code security analysis of in-house developed and open-source software applications, providing a reliable method to assess and screen application source code. Falconwood, Inc. - Norfolk, VAInformation Assurance Analyst, Office of Compliance and Assessments January 2012 - April 2013 Part of a DISA team conducting Command Cybersecurity Readiness Inspections (CCRI) of U.S. Navy ships and shore commands worldwide. This program provided critical ground truth assessments of command cybersecurity readiness. Reviewed and validated Host-Based Security System (HBSS) STIG configurations and documented inspection results required to identify and correct vulnerable configurations. Developed a virtualized training lab for HBSS CCRI Reviewer training and streamlined security reviews of DISA HBSS.TechGuard Security, Inc. - RemoteInformation Systems Security EngineerAugust 2010 - December 2011 Supported the Military Sealift Command (MSC) Headquarters by performing comprehensive Independent Verification and Validation (IV&V) Inspections of MSC systems and sites. Integrated DISA Security Content Automation Protocol (SCAP) tools and STIG Checklists into the IV&V Inspection Process, which provided accurate assessments based on repeatable test results. Developed an IV&V Tracking and Reporting Database to track site IA Control compliance and provide the necessary metrics to produce a monthly report to the Military Sealift Command (MSC) Information Assurance Manager (IAM).4General Dynamics Information Technology, IncPrincipal Information Security Analyst and ISSOMay 2006 to August 2010Managed a team of Information Assurance Engineers in implementing the Joint Advanced Training Technologies Laboratory (JATTL) Information Security Program. I provided subject matter expertise on all matters related to Information Assurance (IA), including system Certification and Accreditation (C&A), Security Engineering, Computer Network Defense (CND), and IA policy. The JATTL was a DoD Modeling and Simulation Laboratory. Designated the Information Systems Security Officer (ISSO) by the Joint Warfighting Center (J7) Designated Approving Authority (DAA). Managed all lab network security systems and configuration, including firewalls, network intrusion Prevention System (IPS), log server, wireless monitoring, and HBSS endpoint security services. Developed local IA plans, policies, and procedures governing the laboratory that enhanced operational security and augmented technical security controls. Implemented virtual machine technology which made better use of lab network resources and provided increased redundancy for mission-critical services. Received General Dynamics "Spot Bonus Award" for sustained superb performance throughout the year. Certifications:CISSP - Certified Information Systems Security Professional January 2003 to January 2027 Certification #: 42611 CISM - Certified Information Security Manager April 2014 to December 2027 Certification #: 1425282 CISA- Certified Information Systems Auditor December 2011 to December 2027 Certification #:194466 Education:High SchoolRalph L Fike High School Wilson, NC, HS Graduate, May 1978 High SchoolAtlantic Christian College, Wilson, NC - Non-Degree, August 1980 Relevant US Government and Military TrainingBasic Electricity and Electronics Modules 1 34 - Naval Training Center Orlando, FL August 1980Tactical Aircraft Mission Planning System (TAMPS) Administration - Naval Marine Corps Intelligence Training Command - Virginia Beach, VA. May 1994 Data Systems Technician Class "A" SchoolCombat Systems Technical Schools Command - Mare Island, CA September 1980 Data Systems Technician Class "C" School - (Data Link Technician) Combat Systems Technical Schools Command - Mare Island, CA March 1981 5Instructor Basic Course A-012-0011 (NEC 9502) - US Navy: Naval Guided Missiles School - Virginia Beach, VA September 1985Joint Maritime Command Information Systems (JMCIS) (NEC 1677) Naval Marine Corps Intelligence Training Command - Virginia Beach, VA. September 1998 Computer Security Specialist Course for Information Assurance Managers. Marine Corps Computer Science School, Quantico, VA November 1993 C4I Systems Engineering - Fleet Combat Training Center - San Diego, CA August 1995 Intelligence Center Maintenance (ICM)Course- Naval Marine Corps Intelligence Training Command (NMITC) Virginia Beach, VA September 1998Network Operations 101 Naval Marine Corps Intelligence Training Command - Virginia Beach, VA July 2001Network Security and Firewall Administration and Designing Security Architectures DISA, Virginia Beach, VA May 2002Vulnerability Management System (VMS) Course - DISA - Chambersburg, PA, March 2012Secure Configuration Remediation Initiative (SCRI) Hercules 4.0 Course, Defense Information Systems Agency (DISA) - Chambersburg, PA June 2007 to June 2007 Security Readiness Review (SRR) Walk-Thru Course for HBSS DISA - Chambersburg, PA February 2012 to February 2012Windows 2003 Security Course DISA, Virginia Beach, VA February 2012 Windows Server 2003 Incident Preparation & Response (IP&R) Parts 1 and 2, DISA January 2012Certificate in Public Key Infrastructure (PKI)- DISA Virginia Beach, VA October 2010Auditing Logs for Information Assurance Managers - DISA) Virginia Beach, VA. February 2012Linux Technology Overview - Naval Marine Corps Intelligence Training Command - Virginia Beach, VA August 2004Windows Server 2003 Incident Preparation & Response (IP&R) Parts 1 and 2 DISA January 2012Host-Based Security System (HBSS) Classroom Training - DISA Chambersburg, PA. October 2007Introduction to Cisco Routers and Network Security course DISA, Virginia Beach, VA May 2003Relevant Commercial TrainingISC2 Certified Information Systems Security Professional (CISSP) Common Body of Knowledge Review, Catskill, NY December 2016ISC2 Certified Information Systems Security Engineering Professional (ISSEP) Common Body of Knowledge ReviewThe IT Training Camp - Virginia Beach, VA December 2002 Hewlett Packard (HP) Fortify Hands-on Workshop - Suffolk, VA November 2013 to November 2013Securing Wireless NetworksComputer Dynamics Institute (CDI) - Virginia Beach, VA March 2004 to March 2004 IP Packet Analysis Course - SANS Institute - Virginia Beach, VA July 2002 Integrating Wireless Networks Course - Computer Dynamics Institute (CDI) - Virginia Beach, VA March 2004Introduction to BOTS and Worms - Sans Institute - Virginia Beach, VA July 2002 to July 2002Cisco Secure Intrusion & Detection Systems courseComputer Dynamics Institute (CDI) - Alexandria, VA June 2002 Supporting Microsoft Windows 2000 Professional & Server (2152) - America's Computer Training Source (ACTS) - Virginia Beach, VA. June 2001 Implementing and Administering MS Windows 2000 Directory Services (2154) ACTS Virginia Beach, VA August 2001Microsoft Windows 2000 Network & Operating System Essentials (2151) ACTS, Virginia Beach, VA June 2001Microsoft Security Essentials course, SANS, Virginia Beach, VA July 2002 Relevant Online TrainingDetection Engineering Masterclass Udemy Remote, December 2023 Network Security Monitoring - Udemy Remote, December 2023 Mastering AI for Cyber Threat Detection - Udemy Remote - November 2023 The Complete Computer Forensics Course for 2023 - Udemy Remote, October 2023 Masterclass: Data Protection - Udemy - Remote March 2023 Digital Forensics Masterclass Forensic Science 2023 DFMC Udemy Remote - December 2022Learning Windows PowerShell - Udemy Remote - December 2022 Cybersecurity Threat Hunting for SOC Analyst - Udemy Remote - December 2022 The Complete Cyber Range Hacking Lab: Full Course - Udemy - Remote October 2022 to November 2022The Complete Ethical Hacking Course: Beginner to Advanced Udemy Remote November 2022SolarWinds Security Event Manager SIEM, Full Lab - Udemy - Remote December 2021 MS-500: Microsoft 365 Security Administration Lectures and SIMS Udemy Remote - December 2021Java Programming, The Master Course - Udemy Remote - December 2020 Cloud Security with Microsoft Azure - Udemy Remote - September 2021 Cybersecurity Operations and Technology Solutions - Udemy - Remote October 2020 Complete Ethical Hacking & Cyber Security Masterclass Course Udemy Remote - November 2019VMware vSphere 6_0 Part 1 Virtualization ESXi and VMs - Udemy Remote -October 2018 CCNA Security 210-260 Course: All About VPNs - Udemy - Remote July 2017 The Complete Wireshark Course: Go from Beginner to Advanced - Udemy Remote - December 2016IT Security for Cisco CCNA: 640-554 IINS = Udemy Remote - July 2016 Certificate in Creating Splunk Knowledge Objects - Splunk Remote - January 2016 Searching and Reporting with Splunk - Splunk Remote - December 2015 Operational Intelligence and Machine Data with Splunk Online - Splunk Remote - October 2015IT Security for Cisco CCNA: 640-554 IINS - Udemy Remote July 2016 6Skills:Professional Groups:National Security Agency (NSA) Commercial Solutions for Classified (CSfC) Trusted Integrator (TI) June 2016 to Present. NSA Trusted Integrator (TI) Status was obtained by meeting all the knowledge and experience criteria necessary to architect, design, integrate, test, document, field, and support CSfC Solutions for the U.S. Government. The NSA Trusted Integrator List is maintained online at Trusted Integrator List (nsa.gov)NSA General Purpose Computing Platform (GPCP) Protection Profile (PP) Working Group April 2022 to December 2022. NSA Industry working group to define requirements for General Purpose Computing Platforms, National Information Assurance Partnership (NIAP) Common Criteria Testing. Cybersecurity Management (10+ Years) Cybersecurity Plans, Policies, Procedures Development, and Implementation (10+ Years)Security Operations Center (SOC) Management (7 years) Vulnerability Management (10+ years) Risk Management (10+ years) Enterprise Cybersecurity Architecture Design and Implementation (10+ years) Incident Response (10+ years) Operational Technology (OT) (7 Years) UNIX, Linux RHEL, CENTOS, Kali (8 years) Microsoft Azure (7+ years) Port, Protocol, and Service Management (PPSM) (10+ years) Microsoft Office 365 Cloud Security management and monitoring Security Information & Event Management (SIEM) Implementation and Administration (7 years)Host-Based Security System (HBSS) Administration (10+ years) Wireless Intrusion Prevention Implementation and Operation Operating System (OS) Secure Configuration, DISA STIGS, SRGs (10+ years) Network Virtualization and Administration. VMWare vSphere, Oracle VirtualBox(10+ years)Python Coding (3-Years)Network & Host-Based Firewall Implementation & Administration (10+ years) Data Loss Prevention (DLP) Implementation & Administration (7 years) Static Application Security Testing (SAST) HP Fortify (10+ years) Dynamic Application Security Testing (DAST) Metasploit Pro, Fuzzing (10+ years) Network Device secure configuration. Cisco, Trellix, SonicWALL Network Packet Analysis (7 years) Machine Data Analysis - Splunk (3years)Machine Language coding - Ultra-32 (4-Years)Intrusion Prevention System (IPS) Implementation & Administration Network Monitoring (10+ years) Virtual Private Network (VPN) Implementation & Administration (7 years) Mobile Device Management (MDM) Implementation & Administration (2- Years) Contingency Planning and Disaster Recovery (10+ years) NIST Cybersecurity Standards. NIST 800-53, 800-171 (7+ years) Mainframe Computer and Display Systems Repair Cybersecurity Auditing (10+ Years) Encryption (20+ Years) CMMC (4-Years)Enterprise Mission Support Service (EMASS) (10+ Years) Assured Compliance Assessment Solution (ACAS) (10+ Years) Virtualization (15+ Years) |
