| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name , DSc 8142 Quill Point Drive Bowie, MD 20720PHONE NUMBER AVAILABLE or PHONE NUMBER AVAILABLEEMAIL AVAILABLESUMMARY:Over 20 years experience in the IT industry including task management. Additionally, have over 19 years in the cybersecurity/Information Assurance arena auditing or reviewing, analyzing, and testing information systems for vulnerabilities to help federal agencies, bureaus and divisions maintain their missions and business functions. Further, have several years designing, developing, and implementing object-oriented software for federal enterprise applications. Development in C, C++, Oracle Development and HTML utilizing structured methodologies for full software development life cycle development. Led teams of testers. Lastly, have DoD/DISA experience utilizing DIACAP and reviewing of VISNs and HIPPA laws/documentation.EDUCATION:12/2020 DSc. Cybersecurity,Capitol Technology University, Laurel, MD8/2015 MS Cybersecurity and Computer Forensics, The University of Maryland, UMUC3/ 2001 Oracle DBA Certification, Graduated summa cum laude Strayer University, Alexandria, VA6/2001 CIS BS Degree, Graduated summa cum laude Strayer University, Alexandria, VA12/1997 Masters ABA approved Certificate in Legal Studies, Graduated cum laude George Washington University, Washington, DC5/1991 Psychology, BS DegreeHoward University, Washington, DCCERTIFICATIONSCDPSE Certified Data Privacy Solutions Engineer (ISACA)CRISC Certified in Risk and Information System Control (ISACA)FITSP-A Federal IT Security Professional Auditor (FITSI)FITSP-M - Federal IT Security Professional Manager (FITSI)CESE- Certified Expert Security ExecutiveCECS Certified Expert Cloud SecurityCEPP Certified Expert Privacy ProfessionalSPECIALIZED TRAINING:Artificial Intelligence and Machine Learning Seminar, ISACA, GWDC, June, 2024Oracle DBA Certification, Strayer University, 2001Masters ABA approved Certificate in Legal Studies, George Washington, University, 1997Currently participating in a PMP reviewParticipated in CISSP bootcamp in preparation for the certification examParticipated in BigFix trainingParticipated in ForeScout trainingCCSP trainingSPECIALIZED CAPABILITIES:C, C++, Visual Basic, Java, Oracle Development 2000, Oracle 10G, MS Access, Linux, Solaris, Open VMS, O365, CIS, GoldDisk, Nessus, Tiger, LJK/Security, TeamTrack, Version Manager, Lumension Security (Patch Management), DumpSec, MBSA and MMC, NCAT, Trusted Agent, STIGS, CSAM, ArcSight, Security Center (Nessus), Big Fix (ECMO)/CDM/DEFEND, RISCS (Archer), Splunk, NIST and RMF and fedRAMP methodologies, GeminiCLEARANCE: TS/SCIEXPERIENCEGL, SQAM, IT Security Manager Vantage Systems Inc, Lanham, MDSeptember 2022-PresentCurrently serve as a contractor Group Leader to several Tasks within Branch 582 under the NASA Goddard Software Engineering Services III (SES III) contract. This position includes attending the monthly meetings with the Code 582 customer as well as reviewing monthly progress reports, 533 reports, forecasting, and budgeting which in turn are submitted for the SES II Program Director & Director of GSFC Programs to review and submit to the NASA customer. Responsible for, but not limited to:Staffing, planning, and reporting.Working with the Lead Technical Manager and DPM on the overall IDIQ task staffing forecasts with a focus on upcoming needs, missing skills, workload projections, and task performance.Interview and select task candidates.Evaluate employees for annual bonusesRecommend bonuses.manage highly technical staff.Have excellent writing and communication skills and the ability to understand and translate IT technology in order to interview and select staffExperience utilizing Microsoft and Mac applications.Manage, have experience, and knowledge of dealing with moderate groups of projects.Have extensive familiarity with NASA projects and processes.Have experience managing individual task financing.Also responsible for health and safety for all on the SESIII contract and sent monthly reports to the NASA GSFC Health and Safety Manager. The reports were also stored in their system of record.Additionally attended the health and safety forum meetings and the building assessments of those under the SESIII contract. Performed spot checks to make sure all stayed in compliance per OSHA and federal government standards. Regularly review the system of record for non-compliance. Also, report, in the system of record, any incidents, mishaps, close calls, or events. Create and maintain the Quality Assurance Plan in accordance with OSHA, NASA operational and company as well as Maryland health requirements.Also, as IT Security Manager, create and maintain the IT Security Plan for the SES III contract per FISMA mandates.Lastly, create and maintain the government property plan for all purchase orders under the SES III contract.GL ASRC Federal, Beltsville, MDNovember 2021- August 2022Served as a contractor Group Leader to several Tasks within Branch 585 under the NASA Goddard Software Engineering Services II (SES II) contract. This position included attending the monthly meetings with the Code 585 customer as well as reviewing monthly progress reports, 533 reports, forecasting, and budgeting which in turn were submitted for the SES II Program Director & Director of GSFC Programs to review and submit to the NASA customer. Was responsible for, but not limited to:Staffing, planning, and reporting.Working with the Lead Technical Manager and DPM on the overall IDIQ task staffing forecasts with a focus on upcoming needs, missing skills, workload projections, and task performance.Interviewing and selecting task candidates.Evaluating employees for annual bonusesRecommended bonuses.Managed highly technical staff.Having excellent writing and communication skills and the ability to understand and translate IT technology in order to interview and select staffExperience utilizing Microsoft and Mac applications.Managed, and have experience, and knowledge of dealing with moderate groups of projects.Had extensive familiarity with NASA projects and processes.Had experience managing individual task financing.Deputy ISSO ASRC Federal, Beltsville, MDMarch 2018- November 2021Served as Deputy ISSO for IT Security compliance under Goddard Space Flight Center, Code 770 - NASCOM review policies and procedures within NASCOM. Create monthly progress reports and submit to the Code 710 Team Lead. Was responsible for, but not limited to:Reviewing, developing, updating and, monitoring Code 770 IT Security documentation since the FY18 annual authorization and assessment evaluations as well as continual monitoring of the heterogeneous environment for adherence and compliance per FISMA mandates and the NIST RMF methodology.Security planning, assessment, risk analysis, risk management, CCB, verification, and awareness activities for Code 770 systems and networking operations.Participating as a member of the TIM - Operational Technology (OT) working group (OTWG) to assist in the creation of security policies and standards for Industrial Control Systems (ICS)/ Supervisory Control and Data Acquisition (SCADA) systems.oAttended the first TIM OTWG meeting at Langley Center comprised of other NASA Centers, Department of Energy and DHS/DoD personnel presenting an overview of environmental statuses of annual assessments and issues/potential solutions to address the complexity of systems which bear little resemblance to traditional information technology (IT) systems.Also reviewing and approving documentation of scanned internal and external systems and assisting the team in remediating vulnerabilities.Attending multiple weekly & biweekly meetings (below are a sampling):oCode 770 Divisional staff meetingoITSEC-EDW StatusoASUSoRISCSoOT ICS/SCADAISSO Team Lead ASRC Federal, Beltsville, MDNovember 2016 March 2018Served as ISSO Team lead for IT Security compliance under both Goddard Space Flight Center, Code 200 and Code 500 to assign tasks, monitor and control task progress, and created monthly progress reports to submit to the Deputy Program Manager. Was responsible for but not limited to the oversight of a team who was responsible for:Developing, updating and, monitoring for both Code 200 and Code 500 IT Security documentation in preparation for annual authorization and assessment evaluations as well as continual monitoring of the heterogeneous environment for adherence and compliance per FISMA mandates and the NIST RMF methodology.Security planning, assessment, risk analysis, risk management, verification, and awareness activities for Codes 200 and 500 systems and networking operations.Updating the SCA POAM spreadsheet and reviewing and updating RISCS including RBD and milestone updates prior to POAM closure.oSubmitted updated POAM documentation for review and closure.Participating as a member of multiple working groups to assist in the creation of security policies and standards.oBegan implementing the usage of Gemini to create automation of the following but not limited policies/procedures:CCBEnvironment topologiesRBDsPOAMSProjectsScanning systems and assisting the team in remediating vulnerabilities.Managing and monitoring resolutions of a security incident or vulnerability events.Reviewing, evaluating and making recommendations regarding proposed software as it relates to IT security with the system administrators and IT Managers.Keeping both Codes 200 and 500 environments aware of the latest vulnerabilities, ransomware or updates.Reviewing and updating the blocklist, BigFix and the manual inventory repository.As the ISSO for the Code 200 during their annual A&A putting documents together, creating the A&A schedule for both the assessors and Code 200 personnel, assisting within the technical A&A and addressing Code 200 POAMs, blocklists, vulnerabilities, ransomware (be it for SCADA or the heterogeneous environment within MOS.)Monitoring Splunk logs.Meeting weekly with the Code 500 IT Manager/ Directorate Computer Security Official.Meeting biweekly for and chair the two (2) following meetings the system administrators or CSO.Meeting for and chair CCBs for compliance and management knowledge for changes within the environments.Coordinating with the DHCP Team for the overhaul for Code 500 buildings from static IPs.Receiving security operation center (SOC) incident reports, responded to security operation center incident reports and interacted with SOC personnel to address and closeout the SOC incident reports.oContacting and communicating with personnel who created the incident(s) to remind them of vulnerabilities that may ensue as a result of risky behavior and gave instructions for next steps.Consulting with the Deputy Program Manager and review the spend plan from the ISSO aspect of the SES II Contract.Overseeing and addressing any government shutdown procedures.Team Lead Maximus Corporation, Falls Church, VANovember 2015 October 2016Served as Team lead for a small project team to assign tasks, monitor and control task progress, and develop periodic progress reports. Was responsible for but not limited to the oversight of a team who:Developed multi-year schedules and project plans for security programs, including A&A and POA&M remediation.Conducted audit and provide guidance of security programs (i.e., A&As, Continuous Monitoring, FISMA, NIST, DOC, NOAA fedRAMP and, cybersecurity, policies and procedures.)Assisted with technology evaluations, trade studies, briefing development, and engineering analyses.Determined acceptable level of risk for enterprise computing platforms.Prepared risk analysis reports with the use of Security Centers Nessus software, ArcSight, ECMO and DHS Cyber Hygiene programs and provide recommendations to the client.Analyzed penetration testing and vulnerability scan reports on all systems as required.Provided impact analysis on local Federal Civilian Agency with regard to updates and version changes on National Institute of Standards and Technology (NIST) Security Publications and FISMA notices.Updated and developed security standards and templates as required to meet new government and regulatory requirements.Used risk management techniques to develop and complete risk assessments based on NIST standards to ensure Information Assurance design sufficiently mitigates the risk.Presented quarterly IT security reports to federal executives.Forecasted and reviewed spend contractual plans.Facilitated with customers regarding the project/tasks and administrative duties related to the contract.ISSO OPM, Washington, DCOctober 2014 November 2015Served as an Information System Security Officer (ISSO) for the ITPS office, within the Office of the Chief Information Officer (OCIO), and assist with security issues, as well as, coordinate IT security activities with the Office of the Chief Information Officer IT Security personnel. Review and provide assistance in the preparation of system security plans, system contingency plans, system risk assessments, system security test and evaluations, and review authorization package.Served as a liaison between System Owner and the Executive Sponsors for assigned systems.Reviewed the contractual agreements for independent security control assessors and other IT Audit Liaison in preparation for independent auditing of assigned systems.Oversaw the management of any Plan of Action or Milestones (POAMS) that are created as the result of an assessment, audit finding and ensuring they are completed on time. Analyzed vulnerability scans, and worked with System Owners and staff to address the vulnerabilities and implement cybersecurity in a timely manner in accordance to published policy.Worked with designated staff to assist in continuous monitoring activities, gather evidence as requested and ensuring accurate inventory at all times. Ensured secure configurations were documented and implemented, and the System Owner was apprised of the status of their system's security posture at all times.Served as an advisor on laws, regulations, and policies and fedRAMP methodologies, where applicable, in the discipline of IT systems security and analyzes impact with regard to the OS's operational needs, cost, resources and consequences.ISSO KCG, Reston, VAJuly 2014-October 2014Was responsible for providing IT security oversight over both classified and unclassified federal government systems. Was also responsible for providing IT security training and participating as a facilitator of IT security during both federal and contract employee HR on-boarding as well as termination/position changes/adjustments. Additionally, performed IT security floor sweeps. Also, performed other IT security duties as assigned, both classified and unclassified.Independent Contractor, FISCAM/FFMIA AuditorOctober 2012- March 2014Served as an independent contractor for one of the Big Four accounting companies, and a member of the FISCAM IV Team auditing two (2) Navy GSSs for FISMA and FFMIA compliance. This included porting over from the DIACAP methodology and providing a gap analysis between the RMF and Information Assurance/cybersecurity policies and guidelines. Additionally, as a Team Lead, responsibilities included reviewing and providing a developed tailored approach to test Defense Logistics Agency (DLA) systems and interfaces utilizing the FISCAM framework and auditing SAP systems. Tests included testing the design and test of effectiveness. This was accomplished by assessing the design and operating effectiveness of DLA system controls and identifying and evaluating deficiencies. Also, prepared Notifications of Finding (NoFs) and assisted in the preparation of Corrective Action Plans (CAPs) and System Change Reports (SCRs) for applicable deficiencies. Additionally, prepared and validated with DLA assessment reports of findings. Also, reviewed two (2) GSSs.Security Specialist III GNS, Suitland, MDJanuary 2012 October 2012Managed system assessment (formally referenced as the certification and accreditation (C&A) process) supporting the NOAA Satellite Operations Facility (NSOF) community at National Oceanic and Atmospheric Administration (NOAA). Duties also included (not limited to):Performing system impact analyses (SIA)Evaluating Plans of Action and Milestones (POAMs) for conformance suggesting risk mitigations andAddressing security vulnerabilities to three (3) GSSs within the DOC CSAM C&A database.Manage system assessment (formally referenced as the certification and accreditation (C&A) process) projects supporting the NOAA Satellite Operations Facility (NSOF) community to include performing gap analysis and technical assessments, developing Plans of Action and Milestones (POAMs) and addressing security vulnerabilities.Authors and maintains system security documentation such as system security plan, configuration management plan, test plans and continuity of operations plans for NSOF.Propose security design and review recommendations to include mitigation strategies in accordance with the Department of Commerce (DoC) policies.Administering security standards throughout the system and software development lifecycle via implementing industry best practices in day to day Standard Operations Procedures (SOPs)Conducting formal Security Test and Evaluation (ST&E) in conjunction with the ISSO, report findings to management, then devise strategies to mitigate riskVerifying that system architecture address enhanced IT security elements to assure the confidentiality, integrity and availability of the system and its information while it is housed, utilized and transmitted via the system.Providing research and development recommendations regarding IT Security tools and industry trends then tracked information regarding security threats and potential vulnerabilities within the NSOF enterprise environment.Worked closely with the one of the ISSOs in the NESDIS organization reviewing security documentation (i.e. SSPs, CPs, CM plans, test plans, SOPs, FIPS 200 document tailoring) making sure they aligned with applicable NIST standards and guidelines, federal laws, Executive Orders, and NOAA organizational policies, procedures and regulations.Provided the customer with recommendations making sure that risks and vulnerabilities are addressed and that security measures are in place throughout the system development lifecycle (SDLC).Reviewed, analyzed, and reported to the customer, Nessus and Lumension security scans identifying those threats and vulnerabilities in order of criticality.Was a member of three (3) CCBs and POAM review meetings wherein verify that that security is addressed and the appropriate IT security elements of confidentiality, integrity and availability are in place.Reviewed proposed change requests, problem requests and work requests within the Request for Action Tracking System (RATS) database for the three GSSs assigned for vulnerabilities/risks.Assist with coworkers as needed with system ST&Es.Deputy Project ManagerMay 2009-January 2012, RCAI., Bethesda, MDProvided test plan reviews and technical support for the Office of Chief Information Office (OCIO) division at the National Institutes of Health (NIH) for the NCAT database system. Additionally, wrote, reviewed procedures and standards (i.e. for CIT, NIH and/or HHS (Health and Human Services) and NIST). Managed and provided security reviews and self-assessment support for the Center for Information and Technology (CIT) division at the National Institutes of Health (NIH). Additionally, as task lead for both the CIT IT Security Policies and CIT Compliance/Audit divisions, wrote, reviewed and tasked analysts for new and reformulated policies, procedures and standards (CIT, NIH and/or HHS (Health and Human Services) and NIST).Accomplishments included:Managing and providing security reviews and self-assessment support for the Center for Information and Technology (CIT) division at the National Institutes of Health (NIH). Additionally, as task lead for both the CIT IT Security Policies and CIT Compliance/Audit divisions, write, review and task analysts for new and reformulated policies, procedures and standards (CIT, NIH and/or HHS (Health and Human Services) and NIST).Ensuring maintenance and continued development of a strong information assurance program for the federal client.Being responsible for overseeing security control from a program view while assigning tasks at a project level.Being responsible for overseeing the construction and the evaluation of system assessment utilizing the Risk Management Framework (RMF) in its entirety.Was the Lead in the development of policies/ procedures, preparation and presentation of training for the full understanding of the system assessment process as well as policies and procedures within CIT.Was the Lead in reviewing and analyzing the FISCAM, SAS70 and, A123 audits.Took over the system assessment of NIHs intranet backbone which entailed complex and comprehensive testing and viewing of configuration management and risk management.Information Assurance ManagerNov 2006-May 2009, SAIC, Suitland, MDManaged and provided security reviews and self-assessment support during the development, integration, testing, and release phases for developed system components. Oversaw the security engineering and assurance principles in a heterogeneous environment supporting UNIX, Windows, RedHat and OpenVMS along with Oracle 10G. Developed security test plans and procedures. Also provided IA and security tools including security technical implementation guidance (i.e. Standard Operating Procedures manuals and recommendation documents), security readiness review checklists, and network scanning tools such as Nessus, GoldDisk, CIS, LJK/Security, DumpSec, MBSA and MMC. Have a complete understanding utilizing the NIST 800 Special Publication documents for the information Assurance Accreditation and Certification process and operational maintenance. Provided IA training to promote familiarity with Technical, Operation and Management controls including IA controls. Utilized Common Criteria this includes the ability to interpret security policy and IA controls into an IA configuration implementation that considers the operational environment, mission criticality, and application requirements for the security team three (3) for a multi-million-dollar contract for the Census Bureaus Millennia Lite contract.Accomplishments included:Ensuring the maintenance and continued development of a strong information assurance program for the federal client.Overseeing security control from a program view while assigning tasks at a project level.Overseeing the construction and the evaluation of systems in the pre-certification stage of certification and accreditation (C&A) at the Bureau of the Census;Overseeing operational performances (standard operating procedures with the systems team) such as security audits and benchmarking tools (i.e. Nessus, CIS, Gold Disk, LJK Security) on Windows, UNIX and VMS based operating systems to see whether systems were in compliance with the NIST 800-53 requirements to protect organizational/department assets.Oversaw my staffs evaluation and response to incidents while preserving Title 13 information. Lead for the resolution of security incidents and assisted in mitigating future risksProviding briefings and reports to the client and other upper management.Directing periodic reviews to ensure compliance with appropriate policies and procedures. Was the lead in the development of site plans and policies/ procedures, preparation and presentation of training. Assisted, along with my staff and government personnel, with reviewing logs, analyzing events, and identifying risks.My staff also documented and developed test plans, based upon NIST 800-53 in order to test compliance.Was responsible for providing security responses in the Monthly Status Report to the customer and GAO.On an annual basis, was responsible for briefing to upper management (SAIC and Government) securitys annual accomplishments in a Program Management Review setting.Implementing employee annual performance and development evaluations |
