| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Street Address Atlantis LaneWhite Plains, MD Street Address
EMAIL AVAILABLEPHONE NUMBER AVAILABLEEducationUniversity of Maryland University College, Largo, MD Bachelor of Science, Computer Information Technology University of Pennsylvania, Philadelphia, PAGraduated: 5/2013College of Engineering & Applied Sciences, Chemical Engineering Attended: 9/75 5/77 Active Security Clearance - TS/SCI (DoD) w/ Special Access Programs (SAP) Technical Skills/ PublicationsAssessment & Authorization Support (DADMS, VRAM, OCRS, VMS, DITPR-DON, DITSCAP/ DIACAP/ RMF/ NIST/ DCID-6/3/ ICD-503)DOD Instructions 8510.01, 8500.01, & 8500.2NIST 800-53, 800-53A, 800-37, 800-137, 800-18, and 800-26 DHS 4300ACNSS 1253FIPS 199, FIPS 140-2FISMANetwork & System SecurityRisk Management Framework (RMF)Vulnerability Assessments (Nessus, eEye Retina, SECSCAN, WASSP, Unix SRR Scripts, DISA STIGS, SCAP, and Tenable Nessus (ACAS))Security Test & Evaluation (ST&E)Configuration Management with Remedy, Jira and Gitlab Hands-on experience with eMASS, XACTA, CSAMSystem Event Monitoring & Management (UNICENTER TNG) McAfee ePO and Host-Based Security System (HBSS)Windows 11 workstations and Windows 2022 serversOpenVMS/Sun Solaris/Red Hat Linux/ VMware/ CENTOSCertifications:CISSP - cert. #114192 since August 2007Fully Qualified Navy Validator Level III, since July 2010 NSA InfoSec Evaluation Methodology, since March 2009 NSA InfoSec Assessment Methodology, since March 2009 MCSA/ MCP, 2002Compaq ASE 2001Certified UNICENTER Engineer (CUE), since 2000ExperienceStepTech LLC September 2022 PresentOffice of Naval Intelligence (ONI), Suitland, MD (Subcontractor for WILLCOR) Sr. Cybersecurity Consultant/ Technical Program Manager Responsible for developing and maintaining a formal Information Systems (IS) Security Program and implementing / enforcing security policies for all three security domains(NIPRnet, SIPRnet and JWICS). Provides senior-level Information Assurance support as the Subject Matter Expert for N33-ACINT Reconstruction, Measurement, Analysis and Data Archival (ARMADA) Program Office. Served as the Senior Cybersecurity consultant for ONI/N-32s ORCA/ELCA program. This program provides for next generation cloud-based, machine-to-machine transfer of IMD and Modeling and Simulation data providing digital threat support for Navy Operations StepTech LLC December 2021 September 2022Bureau of Census, Suitland, MD (Subcontractor for ECS Tech) Lead Information System Security Officer for the Office of the Chief Information Officer(OCIO) Enterprise Applications Performed duties to include support to the Information System Security Manager (ISSM) for the Cybersecurity Assurance Branch. Served as the Lead ISSO for all subcontractor ISSOs on the IronVine and ECS Tech contractor team. Primary ISSO support for the Associate Directorate for Demographic Programs (ADDP) and the Office of the Chief Information Officer (OCIO) Enterprise Data Lake. Responsible for performing System Impact Analysis on all system Change Requests. Performed in-depth editing of technical documents and IA briefings; responsible for performing final security checks before products are delivered to the customer; guidance to include writing styles, naming conventions, references, and terminology to be used in all documents and briefings. Duties also consisted of developing, reviewing, and maintaining security policies and standards for Windows, Linux, and Cloud environments. Provided ISSO support for both Amazon Web Services (AWS) and Microsoft Azure. Provided advice and technical guidance to Census programs regarding system requirements related to Security Assessments for new and existing systems. Responsible for executing and reviewing vulnerability scans using Tenable Nessus, implementing system hardening using CIS Benchmarks and/ or DISA System Technical Implementation Guides (STIGS). Created Plan of Actions and Milestones (POA&Ms), documented the systems Security Controls and Security Control Implementation Statements within the Department of Commerces Governance Risk Compliance (GRC) tool: Cyber Security Assessment Management (CSAM). Conducted Ongoing Authorization Assessment briefings in support of each systems reaccreditation. Provided technical and management guidance for mid-level cybersecurity analysts. StepTech LLC June 2017 December 2021Office of Naval Intelligence, Suitland, MD (Subcontractor for CACI) Fully Qualified Navy Validator (FQNV) Level III/ Information System Security Officer (Lead) Performing duties to include support to the Information System Security Manager(ISSM) as well as serve as Certified Navy Validator for the Farragut Technical Analysis Center at Office of Naval Intelligence (ONI) National Maritime Intelligence Center(NMIC). Responsible for developing and maintaining a formal Information Systems (IS) Security Program and implementing and enforcing security policies for all three networks(NIPRNET, SIPRNET and JWICS) for the Acoustics Intelligence Division (ACINT). Serves as the senior IA consultant for the Acoustics Intelligence Division (ACINT). Direct and provide guidance in the development of all Assessment and Authorization(A&A) artifacts to government Information Assurance Officers (IAOs), where necessary. Perform in-depth editing of draft documents and IA briefings; make the final check before products are delivered to the customer; guidance to include writing styles, naming conventions, references, and terminology to be used in documents and briefings. Duties consist of developing, reviewing, and maintaining security policies and standards for Windows and UNIX environment. Provide advice and technical guidance to ACINT on system requirements related to security certification and accreditation for new and existing systems. Responsible for executing and reviewing vulnerability scans using ACAS and SCAP Benchmarks. Currently using SCAP to assess STIG compliance. Assess compliance based on DOD, DODIIS, DCI, DON and Intelligence security policies and corresponding security tests and evaluation procedures. Created reports for ONI ISSM and provide briefings on the results of the evaluation. Provides Information Systems Security (INFOSEC) Management and IA program support to the ISSM in several areas from Certification and Accreditation (C&A) using the DIACAP framework to ICD-503 using the Risk Management Framework (RMF) related information from project managers, CCB's and technical personnel, and complete contract deliverables by updating the DODIIS site accreditation documents (ONI Site Security Architecture and ONI Concept of Operations (CONOPS). CACI (formerly L-3 NSS) May 2014 May 2017Office of Naval Intelligence, Suitland, MDFully Qualified Navy Validator (FQNV)/Information Security Lead Performing duties to include support to the Information System Security Manager(ISSM) as well as serve as Certified Navy Validator for the Farragut Technical Analysis Center at Office of Naval Intelligence (ONI) National Maritime Intelligence Center(NMIC). Responsible for developing and maintaining a formal Information Systems (IS) Security Program and implementing and enforcing security policies for all three networks(NIPRNET, SIPRNET and JWICS) for the Acoustics Intelligence Division (ACINT). Serves as the senior IA consultant for the Acoustics Intelligence Division (ACINT). Direct and provide guidance in the development of all C&A artifacts to government Information Assurance Officers (IAOs), where necessary. Perform in-depth editing of draft documents and IA briefings; make the final check before products are delivered to the customer; guidance to include writing styles, naming conventions, references, and terminology to be used in documents and briefings. Duties consist of developing, reviewing, and maintaining security policies and standards for Windows and UNIX environment. Provide advice and technical guidance to ACINT on system requirements related to security certification and accreditation for new and existing systems. Responsible for executing and reviewing vulnerability scans using ACAS and SCAP Benchmarks. Currently using SCAP to assess STIG compliance. Assess compliance based on DOD, DODIIS, DCI, DON and Intelligence security policies and corresponding security tests and evaluation procedures. Create reports for ONI ISSM and provide briefings on the results of the evaluation. Provides Information Systems Security (INFOSEC) Management and IA program support to the ISSM in several areas from Certification and Accreditation (C&A) using the DIACAP framework to ICD-503 using the Risk Management Framework (RMF) related information from project managers, CCB's and technical personnel, and complete contract deliverables by updating the DODIIS site accreditation documents (ONI Site Security Architecture and ONI Concept of Operations (CONOPS). Leidos, LLC December 2013 May 2014Office of Naval Intelligence, Suitland, MDFully Qualified Navy Validator (FQNV)/ Security Controls Assessor Rep. Performed duties to include support to the Information System Security Manager (ISSM) as well as serve as an Information Assurance (IA) Security Specialist for the Office of Naval Intelligence (ONI) National Maritime Intelligence Center (NMIC). Responsible for developing and maintaining a formal Information Systems (IS) Security Program and implementing and enforcing security policies for all three LANS (NIPRNET, SIPRNET and JWICS). Currently using SCAP to assess STIG compliance, but training on ACAS, as it will be the DoD tool of choice. Duties consist of developing, reviewing and maintaining security policies and standards for Windows and UNIX environment. Provide advice and technical guidance to ONI command on system requirements related to security certification and accreditation of new and existing systems. Assess compliance based on DOD, DODIIS, DCI, DON and Intelligence security policies and corresponding security tests and evaluation procedures. Created reports for ONI ISSM and provided briefings on the results of the evaluation. Provides Information Systems Security (INFOSEC) Management and IA program support to the ISSM in several areas from Certification and Accreditation (C&A) using the DIACAP framework to ICD-503 using the Risk Management Framework (RMF) related information from project managers, CCB's and technical personnel, and complete contract deliverables by updating the DODIIS site accreditation documents (ONI Site Security Architecture and ONI Concept of Operations (CONOPS). Perform in-depth editing of draft documents and briefings; make the final check before products are delivered to the customer, guidance will include writing styles, naming conventions, references, and terminology to be used in documents and briefings. Watershed Security, LLC, (part-time evenings) November 2013 June 2016 (20hrs/ wk.) Dahlgren, VAFully Qualified Navy Validator (FQNV) 11/2015 6/2016 Contract support for 1043, NSWCDD Providing contract support as Sr. Validator for NAVSEAs RDT&E systems. Assist the government by providing: Input/instructions/guidance as needed for the creation of RMF accreditation package artifacts. Evaluate IA discrepancies and recommend mitigation measures for reducing or eliminating specific risk items.Engage the Navy CA Liaisons, AODR Reviewers, and ODAA Action Officers (AO) to discuss and obtain mitigation guidance.Function Expert/ SME, Washington Navy Yard, DC 1/2013 11/2015 (20hrs./wk.) Primarily served as a Certification & Accreditation Subject Matter Expert to assist the Military Sealift Commands (MSC) Information System Security Manager. Provided assistance in drafting mitigation statements for Plan of Actions and Milestones(POA&M). Reviews and analyzes Retina Vulnerability scans for NIPRNET/ SIPRNET Ashore and Afloat systems assigned to the MSC. Provided network and system monitoring support for the Enterprise Network Operations Center (ENOC). Provided basic UNIX and Cisco helpdesk support for the ENOC. L-3 (Stratis) Communications December 2012 October 2013 Office of Naval Intelligence, Suitland, MDFully Qualified Navy Validator (FQNV)/ Security Controls Assessor Performed duties to include support to the Information System Security Manager (ISSM) as well as serve as an Information Assurance (IA) Security Specialist for the Office of Naval Intelligence (ONI) National Maritime Intelligence Center (NMIC) Responsible for developing and maintaining a formal Information Systems (IS) Security Program and implementing and enforcing security policies for all three LANS (NIPRNET, SIPRNET and JWICS). Currently using SCAP to assess STIG compliance, but training on ACAS, as it will be the DoD tool of choice. Duties consist of developing, reviewing, and maintaining security policies and standards for Windows, UNIX, and Apple environments. Provided advice and technical guidance to ONI command on system requirements related to security certification and accreditation of new and existing systems. Specifically provided consulting for the Mission Support Directorate in planning and documenting the MSD JWICS Graphix LAN for the purpose of Certification & Accreditation. Provided recommendations for documenting their anticipated network infrastructure. Also served as the C&A consultant to MSD in support of MDA Enclave accreditation.Created reports for ONI ISSM and provide briefings on the results of the evaluation. The candidates will collect INFOSEC- Provides Information Systems Security (INFOSEC) Management and IA program support to the ISSM in several areas from Certification andAccreditation (C&A) using the DIACAP framework to ICD-503 using the Risk Management Framework (RMF) related information from project managers, CCB's and technical personnel, and complete contract deliverables by updating the DODIIS site accreditation documents (ONI Site Security Architecture and ONI Concept of Operations(CONOPS). Perform in-depth editing of draft documents and briefings; make the final check before products are delivered to the customer, guidance will include writing styles, naming conventions, references, and terminology to be used in documents and briefings. James Secure Solutions (JSS), Alexandria, VA April 2012 December 2012(ISSR) ISSM Representative Provided support as the Information System Security Representative (ISSR) for the FBI Information System Security Unit. Providing technical oversight of information technology systems for the Information System Security Officers (ISSOs). Responsible for creating and maintaining certification and accreditation packages with strong attention to detail; creates the System Requirements Traceability Matrix (SRTM). Creates the Plan of action and Milestones (POA&M); Risk Management Matrix and the Risk Management Plan based upon findings in the Vulnerability Assessment. Reviews and suggests implement improvements on the IASs continuous monitoring plan, using NIST 800-37 as a roadmap. Ensures compliance with information assurance guidance and directives for Enterprise-level TS/SCI systems. Responsible for identifying, assessing and resolving security-related issues affecting the accreditation of Department of Justice (DOJ) systems and networks. Conducted risk assessments and produces site interviews and site inspection reports in accordance with the site accreditation schedule approved by the government. Works directly with client senior management officials and information technology staff in support of DOJ security and network policies and procedures. Also provides site accreditation training to the field office ISSOs. Provide advice and guidance on complex and unique IT issues to junior level personnel. Responsible for providing technical briefings and presentations to senior-level staff with respect to the overall security posture of related accredited FBI systems. Committed to providing sound judgments, recommendations and quality technical information security support for the client.IT Coalition, Inc. Alexandria, VA January 2012 March 2012 Security Consultant Served as the companys Principal Security Analyst; primarily responsible for providing proposal assistance for several Information Assurance (IA) opportunities: o DHS S&T o DCWASAProvided advice and guidance for complex and unique IT issues in efforts to assist with technical proposal submissions. Responsible for providing strategic direction for the companys efforts in IT Security. Works directly with client senior management officials and technical staff to provide sound technical decisions related to perusing future IA opportunities. Conducted senior-level briefings and presentations, when required to provide status, present technical recommendations or address customer concerns related to a process or procedure. Performed one-off vulnerability and risk assessments for Commercial and Federal customer accounts utilizing eEye Retina, DISA Gold Disk scans, DISA STIGS, and DISA SRR scripts for UNIX systems. Provided thorough attention to detail with respect to network and security policies, as defined by all Department of Defense Directives and Federal guidelines. Utilized NIST and DIACAP IA Controls for Security Test & Evaluation. Developed and coordinated new testing methodologies based on DITSCAP/ DIACAP guidelines. Planned and implemented Symantec Endpoint Manager as an Antivirus solution for the company.Data Tactics, Mclean, VA September 2011 - December 2011 Information System Security OfficerSupported DARPA and Data-Tactics as the Information Systems Security Officer. Provided thorough attention to detail with respect to network and security policies, as defined by DARPA. Provided expertise in network and security-related IT products and services. Responsible for creating and maintaining all C&A documentation for unclassified and classified systems accredited through DIACAP and DCID 6/3. Also responsible for documenting all approved hardware and software products using Xacta IA Manager. Responsible for providing senior-level presentations and technical forums for training, address customer concerns or providing situational awareness. Conducted and analyzed vulnerability assessments using eEye Retina, DISA Gold Disk, SRR scripts, UNIX Security Scanner (SECSCAN), and Windows Automated Security Scanning Program (WASSP). Responsible for identifying, assessing and resolving security-related findings. Responsible for initiating and updating Anti-Virus scans using Symantec Endpoint Protection and MacAfee. Also responsible for documenting all approved hardware and software products using Xacta IA Manager.SAIC, Washington Navy Yard, D.C. April 2006 September 2011 Senior Security Engineer Supported SAICs Naval Strike and Intelligence Division as DIACAP Consultant for the Tomahawk Command and Control System (TC2S). Conducted program security inspections to assist in preparation for general IT security audits. Provided C&A support for all Low and High-side accreditations. Provided vulnerability assessments using eEye Retina, DISA Gold Disk, WASSP, and SRR Scripts. Monitored and evaluated system compliance in accordance with DISA STIGS. Communicates with Echelon II, Navy CA, the ODAA rep, and the Office of Naval Intelligence (ONI) for all SCI-level accreditation efforts. Collaborated across divisions and program management offices to build strategic relationships to assist in meeting customer expectations. Provided IA support for the ISSE GUARD upgrade; Cross Domain Solution (CDS). Providing technical oversight as the Technical C&A lead for the Military Sealift Command Headquarters, in support of all AFLOAT and ASHORE systems. Responsible for identifying, assessing and resolving security-related issues affecting the accreditation of Department of Navy (DON) systems and networks. Lead the technical direction of the Information Security Analyst Staff and was actively engaged in identifying unique system characteristics; interviewed key organizational personnel (technical, administrative, and executive). Interpreted existing IT policies and guidelines to assist in developing functional requirements. Worked with the accreditation team to compose requisite documentation (security categorizations, risk assessments, contingency planning, etc.); and mapped complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices. Provided vulnerability assessments using eEye Retina, DISA Gold Disk, Manual DISA STIGS, and DISA SRR Scripts. Supported O/S to include Windows, UNIX and Apple Macintosh systems. Assisted the Military Sealift Command by maintaining and documenting FISMA compliance for TRANSCOM.Dynamic Research Corp, Vienna, VA December 2004 Apr 2006 Network Security Architect Supported Air National Guard Readiness Center (ANGRC) as the Network Security Architect for the GUARDIAN Program Management Office. Responsible for providing technical briefings and presentations to senior-level staff with respect to the overall security posture of Air National Guard Readiness Center (GUARDIAN systems). Responsible for all DITSCAP/C&A support for all GUARDIAN systems and networks in the Vienna, VA office and at Andrews AFB (including SSAA and appendices creation, ST&E, Certificate to Operate (CTO) documentation, and vulnerability assessments). Provided all System Test & Engineering (ST&E) support for the ANGRC GUARDIAN project. Utilized NIST standards for assigning IA Controls. Knowledge of NIST 800-53, 800-37, 800, and 800-18 standards. Helped implement the GUARDIAN CERT. Provided guidance to senior management on all DoD security policies and Air Force instructions. Served as C&A Team Lead for all accreditation documentation and testing efforts. Provided all ST&E support for JEOD during testing phase. Provided vulnerability assessments using eEye Retina and DISA Gold Disk scans. Provided initial DITSCAP/C&A consulting to the Navy in support of the Joint Explosive Ordnance Disposal Network (JEODNET) implementation. DigitalNet, Rosslyn, VA June 2004 December 2004Information System Security Engineer Provided senior ST&E support as Technical Validation Engineer on the Pentagons Headquarters Network Infrastructure Services & Operations (NISO) DITSCAP/C&A team. Supported C&A for the Unclassified, Secret, and Top-Secret network backbone. Assisted in implementing the NISO CERT.Stanley Associates, Alexandria, VA January 2004 May 2004 Information Assurance Officer Provided all ST&E support for the Joint Strike Fighter (JSF) project. Performed penetration testing and vulnerability assessments using Harris STAT Vulnerability Scanner. Created and maintained the SSAA and related documentation. Certicom Corp, Herndon, VA December 2002 November 2003 Technical Pre-Sales Engineer Provided Technical Pre-sales Support for commercial and governmental customers in the areas of wireless security products for constrained devices (PDAs, cell phones, laptop devices). Provided technical sales presentation and implementations of encryption, VPN, and CAC authentication for mobile devices.Vyant Technologies, Vienna, VA July 2002 December 2002 Technical Pre-Sales Engineer Provided Technical Pre-sales Support and short-term Implementation support for Real- time and World-View (web-based backup reporting) proprietary Enterprise Storage products.Digex, Inc. Beltsville, MD June 2000 May 2002Technical Pre-Sales Engineer Provided advanced hosting solutions by gathering initial requirements, creating functional specifications, and designing wide-area networks solutions for those clients conducting business on the internet. Supported Windows, UNIX, and Cisco networks and firewalls based on industry standard best practices.Computer Associates Inc., Herndon, VA September 1997 June 2000 Technical Director/ Pre-Sales Engineer Managed a staff of system engineers in support of civilian agency government accounts as the Federal Technical Director. Responded to RFPs/ RFIs. Provided Technical Presales Support to federal civilian agency government customers for enterprise management solutions implementing CAs UNICENTER TNG product set on OpenVMS, UNIX, and Windows platforms. Committed to providing sound judgments, recommendations and quality technical information security support for the client.PharMark Corp, Rosslyn, VA September 1995 September 1997 Director of Network and Internet Services Provided support as the DEC PATHWORKS expert. Implemented Windows PC-to-VAX/VMS network connectivity thereby using VAX/VMS systems as network resources. Managed the implementation and administration of VAX/VMS systems and networks for all PharMark corporate offices. Provided supervisory support for all systems and network administrators supporting VAX/VMS operating systems, Microsoft Windows operating systems and networks. Smoke N Mirrors Inc. (SNM), Herndon, VA February 1993 September 1995 Systems and Networking Consultant Provided PC-to-midrange computer network integration support using DEC PATHWORKS, Microsoft Windows, Banyan Vines and Novell NetWare. Provided customer consulting services for network integration of dissimilar LAN environments to include DECnet, Novell NetWare, AppleTalk, Banyan Vines and Microsoft networks.Digital Equipment Corporation (DEC), Landover, MD May 1983 February 1992 Software Consultant Provided software consulting services to Federal and DoD customers implementing DEC Alpha, OpenVMS, VAX/VMS, RSTS-E and RSX operating systems. Provided Pre and Post sales technical implementation services of DEC Alpha, Open VMS, VAX/VMS and DEC PATHWORKS operating environments. Served as the Mid-Atlantic software services training registrar for all technical training of DEC operating systems. |
