Your Name
Summary
Accomplished, professional, and detail oriented Navy veteran. Passionate about new technology and learning new concepts.
Overview
12
12
years of professional experience
1
1
Certification
Work History
Security Control Assessor (SCA)
Bae Systems
Fairview Heights, IL
12.2016 - Current
- Reviewed technical and administrative controls and conducted RMF per the NIST 800-53, NIST 800-37 and CNSS 1253 requirements.
- Drafted and reviewed security artifacts including, but not limited to, System Security Plans, inventories, contingency plans, security control traceability matrices, and security assessment reports.
- Conducted Annual assessments of sites on compliance with organizational policy.
- Drafted and managed POA&M for authorized systems with appropriate remediation suspense dates and tracked findings until closure. If the POA&M would never be met, familiar with exceptions and waiver process as well as residual risk acceptance.
- As an assessor for cloud systems, designed the A&A process used for the AWS environment and drafted templates to be used in an agile SDLC.
- Experience with Nexpose Rapid 7 scanning tool, SPLUNK audit log aggregation tool, HP Fortify, Webinspect, as well as McAfee EPO.
- Reviewed and assessed seven different systems of different classification, scope, and mission and determined residual risk and mitigation methods to ensure the system was operating in it\'s most secure state.
Information Systems Security Manager
Rtx
Solvang, CA
01.2015 - 12.2016
- Led a division of 12 personnel in normal operational conditions managing and maintaining three network enclaves for 290 users and multiple voice and data circuits to include all outbound communications.
- Served as subject matter expert for site accreditation and Authorization to Operate (ATO) for command, ensuring all proper Information assurance paperwork was provided and that a proper vulnerability management program was in place and ran property in compliance with Department of the Navy standards.
- Oversaw and directly managed command Cryptography program, including 1,415 keys and associated cryptographic equipment. Familiarity with all Inline Network Encryption (INE) methods including symmetric, asymmetric, and hashing methods.
- Primary HBSS Administrator, managed two enclaves and 12 programs of record (POR) for regular vulnerability scanning and patch application. Managed Host Intrusion Prevention, Intrusion Detection, and Data Loss Prevention Agents through the use of EPolicy Orchestrator.
- Worked with both eEye Retina and ACAS as the primary means of vulnerability assessment and applied necessary patches and hot-fixes to ensure maximum availability and development of a stringent security posture.
- Ran the organization webpage using HTML and MSSQL management. Created webpages, updated current webpages and developed associated web platforms to assist in the everyday production and efficiency at the command.
- Familiar with CISCO and Alcatel network device management and configuration including port management, access list creation and editing, and general network troubleshooting.
Information Systems Security Officer
Booz Allen Hamilton Inc.
Rockville, MD
12.2011 - 12.2014
- Lead six personnel in the Information Systems Security division during all activities and information systems security processes as directed by the DCID 6/3, ICD 503, Risk Management Framework (RMF) and DoD Information Assurance Certification and Accreditation Process (DIACAP) control frameworks.
- Designed, developed, engineered, and implemented all security related solutions that meet security requirements with Department of Defense (DoD) standards.
- As Security Team Lead during three command security inspections, gained Authorization to Operate (ATO) for seven classified systems operating at three different Protection Levels.
-
Constructed reports and Plan of
Action and Milestones (POAMs) based on the results of vulnerability assessment
tools, including Gold Disk, eEye Retina, STIGViewer, Assured Compliance Assessment Solution (ACAS), and SCAP automation protocol scanner to ensure DoD and government compliance within the command.
-
Provided guidance and assistance to other units and agencies responding to security events, maintaining status of Information Assurance Vulnerability Alerts (IAVA), DISA assist bulletins, and compliance with other related Certifications.
-
Established and managed the system Public Key Infrastructure for over 250 users. This included installing software, ordering tokens, and making regular reports on completion status.
- Assisted in the management of Group Policy Objects (GPOs) and regular event monitoring
used in support of the Information Assurance Vulnerability Management
(IAVM) program and general Computer Network Defense (CND) Program.
Education
Bachelor of Science - Cyber Security
University of Maryland University College
Skills
- 7 years experience in Cybersecurity, Information Technology, and Risk Management
- Leadership and management of an ever-changing workforce
- Ability to adapt in a fast paced and time sensitive environment
- Ability to communicate well, both orally and through writing
- Expert knowledge of NIST/FISMA requirements and policy
- Experienced in vulnerability management and compliance regulation
- Highly technical network background with extensive knowledge of security tools and remediation methods
Certification
- CompTIA Advanced Security Practioner (CASP)
- Amazon Web Services Certified Solutions Architect: Associate
- CompTIA Security+ Certified
- Microsoft Certified Systems Administrator(MCSA) in Windows Server 2003 and XP
- CompTIA A+ Certified
Timeline
Security Control Assessor (SCA)
Bae Systems
12.2016 - Current
Information Systems Security Manager
Rtx
01.2015 - 12.2016
Information Systems Security Officer
Booz Allen Hamilton Inc.
12.2011 - 12.2014
Bachelor of Science - Cyber Security
University of Maryland University College