Summary
Overview
Work History
Education
Skills
Certification
Clearance
Timeline
Generic

WILLIE J. MCALLISTER

Port Tobacco,MD

Summary

Certified Information Systems Security Professional (CISSP) with extensive experience in enterprise systems for the Navy and Joint Military. A seasoned Security Engineer adept at designing, implementing, and maintaining secure infrastructures, demonstrating a strong command of cyber security principles. Successfully improved system infrastructure and conducted comprehensive vulnerability assessments to mitigate security risks. Proven ability to communicate effectively, collaborate within teams, and identify potential security threats while delivering robust risk management solutions.

Overview

23
23
years of professional experience
1
1
Certification

Work History

Senior Information Systems Security Engineer

P Solutions
, Washington
09.2023 - Current
  • Provided Senior ISSE support for a contract supporting NAVWAR PMW 240
  • Successfully maintained certification/compliance for multiple systems with high levels of Classified Data
  • Administered the use of Tenable, Webinspect, and Fortify for Vulnerability Management
  • Reviewed Vulnerability Scans using Tenable, Webinspect, and Fortify
  • Reviewed logs from Splunk, OpenSearch, and Sentinel for Cloud/On-prem/SAAS systems to ensure compliance with M21-31
  • Worked with stakeholders to mitigate vulnerabilities
  • Actively collaborated with team members and security stakeholders to define security policy and controls in an easily understood and adoptable manner
  • Coordinated with information systems owners and Cloud providers (AWS, Google Cloud, Azure) to effectively migrate Military HR System to the DISA Cloud infrastructure
  • Coordinated, maintained, and certified packages for ATO under NIST 800-53A Revision 4, including PII and PHI information types/overlays
  • Developed and managed system security documentation by reviewing and updating them at least annually for all assigned systems
  • Provided Cloud Security Architecture and Compliance expertise
  • Worked closely with Account Security Officer (ASO), Segment Security Officers (SSO), and Cloud Service Providers (CSP) to ensure FedRAMP compliance
  • Conducted Cloud Computing Migration Assessments and Accreditations Services (A&A) for Software (SaaS), Infrastructure (IaaS), and Platforms (PaaS) using FedRAMP compliant criteria
  • Worked with ASO and SSO to ensure operational security measures are implemented
  • Decomposed complex security processes and solutions to identify relevant risk areas, potential control points, and provided sound recommendations for risk treatment
  • Engaged with cross-functional teams to design and implement scalable security systems and controls, enhancing the security posture of data center infrastructure
  • Collaborated with engineering and operations teams to enforce security best practices, including network segmentation, identity management, and access control policies
  • Deployed and managed security measures for on-premise environments, including firewalls and intrusion detection/prevention systems (IDS/IPS)
  • Assessed, monitored, and mitigated physical and cyber risks across data centers, ensuring compliance with industry standards and regulatory requirements
  • Automated security operations by integrating security monitoring, logging, and response mechanisms for data center infrastructure
  • Developed and enforced secure configurations for servers, hypervisors, and network appliances to prevent unauthorized access and data breaches
  • Engaged with vendors to assess the security of third-party hardware and software used in data center deployments
  • Performed Computer Security Incident Response activities for a large organization and coordinated with other government agencies to record and report incidents
  • Recognized potential intrusion attempts and compromises through detailed analyses of event data.

Cybersecurity Consultant

Onyxpoint
Washington, DC
04.2023 - 09.2023
  • Drove enterprise-level process improvement initiatives to enhance security control adoption.
  • Spearheaded pilot programs for innovative processes and procedures to enhance overall productivity of the enterprise security workforce
  • Decomposed complex security processes and solutions to identify relevant risk areas, potential control points, and provided sound recommendations for risk treatment
  • Worked closely with security stakeholders to understand challenges in security risk management and identified governance solutions to overcome obstacles
  • Developed a proactive mindset to identify and address security gaps or inefficiencies through automation and tooling
  • Engaged with cross-functional teams to enhance security measures and ensure the robustness of infrastructure against evolving threats.
  • Assisted with incident response activities such as forensic analysis of compromised systems and investigation of malicious activity.
  • Delivered technical guidance on cybersecurity best practices to staff to ensure system integrity.

Senior ISSE

DHA
11.2020 - 03.2023
  • Provided Senior ISSE support for a contract supporting DHA/NWIC
  • Successfully maintain certification for multiple systems with high levels of PIA/PHA
  • Develop secure solutions to implement medical devices, and equipment within Military Health Facilities
  • Administered the Use of Tenable, Webinspect, and Fortify in order to be used for Vulnerbility Management
  • Reviewed Vulnerability Scans using Tenable, Webinspect, and Fortify
  • Administered the use of LogRhythm SEIM Tool for log Management, and Aggregation
  • Test Military Health Facilities and Enterprise Networks (On-Prem, Hybrid, and Cloud environments) for Web, Network, and Application vulnerabilities, using Tenable, Webinspect, and Fortify
  • Work with Stakeholders to Mitigate vulnerabilities
  • Actively collaborated with team members and security stakeholders to define security policy and controls in an easily understood and adoptable manner
  • Develop secure solutions to implement medical devices, and equipment within Military Health Facilities
  • Coordinate with information systems owners and Cloud providers (AWS, Google Cloud, Azure) to effectively migrate Military Health Facilities networks to the DISA Cloud infrastructure
  • Coordinate, maintain and certify packages for ATO under both NIST 800-53A Revision 4
  • Packages have consisted of PII, and PHI information types/overlays
  • Developed and managed system security documentation by reviewing and updating them at least annually for all assigned systems
  • Provides Cloud Security Architecture and Compliance expertise
  • Worked closely with Account Security Officer (ASO), Segment Security Officers (SSO) and Cloud Service Providers (CSP) to ensure FedRAMP compliance
  • Provided Cloud Computing Migration Assessments and Accreditations Services (A&A) for Software (SaaS), Infrastructure (IaaS), and Platforms (PaaS) using Federal Risk and Authorization Management Program (FedRamp) compliant criteria
  • Worked closely with Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented
  • Decomposed complex security processes and solutions to identify relevant risk areas, potential control points, and provide sound recommendations for risk treatment
  • Worked closely with security stakeholders to understand the challenges that they face performing security risk management activities and identify ways which security governance can help overcome identified obstacles
  • Performed Computer Security Incident Response activities for a large organization coordinates with other government agencies to record and report incidents
  • Recognized potential successful and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.

Information Systems Security Officer (ISSO)/Engineer

DNI, Delaware Nation Industries,
Crystal City, VA
08.2019 - 11.2020
  • Lead a team 6-8 Contractor Personnel in order to meet Command Accreditation/ATO deadlines
  • Lead process improvement initiatives that drive better security control adoption, situational awareness, and assurance
  • Initiatives will have a strong emphasis on consistent process and tool enablement to help shrink the security attack surface
  • Review, and Provide Security Control Evidence for Security Control Assessors
  • Administered the Use of Tenable, Webinspect, and Tenable in order to be used for Vulnerbility Management
  • Reviewed Vulnerbility Scans using Tenable, Webinspect, and Fortify
  • Administered the of use LogRhythm SEIM Tool for log Management, and Aggregation
  • Coordinate, maintain, and certify packages for ATO under NIST 800-53A Revision 4
  • Packages have consisted of Classified information types/overlays
  • Develop and manage system security documentation by reviewing and updating them at least annually for all assigned systems
  • Decompose complex security processes and solutions to identify relevant risk areas, potential control points, and provide sound recommendations for risk treatment
  • Work closely with security stakeholders to understand the challenges that they face performing security risk management activities and identify ways which security governance can help overcome identified obstacles
  • Performs Computer Security Incident Response activities for a large organization coordinates with other government agencies to record and report incidents
  • Monitor and analyzes Intrusion Detection Systems (IDS) to identify security issues for remediation
  • Recognize potential successful and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
  • Evaluate firewall change requests and assess organizational risk
  • Communicate alerts to agencies regarding intrusions and compromises to their network infrastructure applications and operating systems
  • Evaluate network applications, services, security operations, and controls
  • Provide in-depth technical analysis of applications, systems and architectures being reviewed by the Network and Technology Audit team.
  • Performed risk assessments of existing IT infrastructure.
  • Audited networks and security systems to identify vulnerabilities.
  • Collaborated with internal teams to develop comprehensive disaster recovery plans.
  • Investigated data breaches and other cyber-security incidents.
  • Designed and implemented plans to secure computer files against breach, destruction, or accidental modification.
  • Reviewed security bulletins and vulnerability patch releases.
  • Designed, implemented, and maintained security systems and controls.
  • Collaborated with stakeholders to implement and update disaster recovery plans.
  • Developed and implemented organization-wide information security policies, procedures, and standards.
  • Made recommendations to improve security procedures and systems.
  • Coordinated security updates to avoid outages and downtime.
  • Maintained up-to-date knowledge of emerging threats and countermeasures in the field of information security.

Lead ISSO

Mpire Technology Group
Falls Church, VA
10.2018 - 08.2019
  • Offered high-level ISSO expertise for a DHA-supporting contract.
  • Successfully accredited multiple systems with high levels of PIA/PHA
  • Actively collaborated with team members and security stakeholders to define security policy and controls in an easily understood and adoptable manner
  • Interpret test results of Military Health Enterprise Networks Web, Network networks, and Application vulnerabilities, using Tenable, Webinspect, and Fortify
  • Develop secure solutions to implement medical devices, and equipment within Military Health Facilities
  • Coordinate with information systems owners and Cloud providers to effectively migrate Military Health Facilities networks to the DISA Cloud infrastructure
  • Review, and Provide Security Control Evidence for Security Control Assessors
  • Coordinate, maintain and certify packages for ATO under both NIST 800-53A Revision 4
  • Packages have consisted of PII, and PHI information types/overlays
  • Developed and managed system security documentation by reviewing and updating them at least annually for all assigned systems
  • Provides Cloud Security Architecture and Compliance expertise
  • Worked closely with Account Security Officer (ASO), Segment Security Officers (SSO) and Cloud Service Providers (CSP) to ensure FedRAMP compliance
  • Provided Cloud Computing Migration Assessments and Accreditations Services (A&A) for Software (SaaS), Infrastructure (IaaS), and Platforms (PaaS) using Federal Risk and Authorization Management Program (FedRamp) compliant criteria
  • Worked closely with Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented
  • Decomposed complex security processes and solutions to identify relevant risk areas, potential control points, and provide sound recommendations for risk treatment
  • Worked closely with security stakeholders to understand the challenges that they face performing security risk management activities and identify ways which security governance can help overcome identified obstacles
  • Performed Computer Security Incident Response activities for a large organization coordinates with other government agencies to record and report incidents
  • Recognized potential successful and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
  • Evaluated firewall change requests and assessed organizational risk
  • Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure applications and operating systems
  • Evaluated network applications, services, security operations, and controls
  • Provided in-depth technical analysis of applications, systems and architectures being reviewed by the Network and Technology Audit team.

Cyber Team Lead, Assessor

NAVAIR, DS, Patuxent River Data Center, 22nd Century Technology
, MD
05.2017 - 10.2018
  • GS-13, , ISSE, ISSO, Security Control, Lead a Cyber Team of ISSE’s, ISSO’S, and Security Control Assessors in order to successfully security Naval Business systems in on prem, hybrid, and cloud environments (AWS, Google, AZURE)
  • Coordinated, maintained and certified packages for ATO under both NIST 800-53A Revision 4, and DOD 8500.1 DIACAP
  • Packages have consisted of PII, FISMA, and Classified information types/overlays
  • Developed and managed system security documentation by reviewing and updated them for all assigned systems
  • Transitioned current DIACAP ATO’s to NIST 800-53A Revision 4/Risk Management Framework (RMF)
  • Provides Cloud Security Architecture and Compliance expertise
  • Test Military Enterprise Networks for Web, Network, and Application vulnerabilities, using Tenable, Webinspect, and Fortify
  • Review, and Provide Security Control Evidence for Security Control Assessors
  • Administered the Use of Tenable, Webinspect, and Tenable in order to be used for Vulnerbility Management
  • Reviewed Vulnerbility Scans using Tenable, Webinspect, and Fortify
  • Worked closely with Account Security Officer (ASO), Segment Security Officers (SSO) and Cloud Service Providers (CSP) to ensure FedRAMP compliance
  • Provided Cloud Computing Migration Assessments and Accreditations Services (A&A) for Software (SaaS), Infrastructure (IaaS), and Platforms (PaaS) using Federal Risk and Authorization Management Program (FedRamp) compliant criteria
  • Worked closely with Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented
  • Decomposed complex security processes and solutions to identify relevant risk areas, potential control points, and provide sound recommendations for risk treatment
  • Performed Computer Security Incident Response activities for a large organization coordinates with other government agencies to record and report incidents
  • Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation
  • Communicated alerts to agencies regarding intrusions and compromises to their network infrastructure applications and operating systems
  • Evaluated network applications, services, security operations, and controls
  • Provided in-depth technical analysis of applications, systems and architectures being reviewed by the Network and Technology Audit team
  • Assisted with implementation of countermeasures or mitigating controls
  • Ensured the integrity and protection of networks systems and applications by technical enforcement of organizational security policies through monitoring of vulnerability scanning devices
  • Performed periodic and on-demand system audits and vulnerability assessments including user accounts application access file system and external Web integrity scans to determine compliance
  • Prepared incident reports of analysis methodology and results.

Cyber Security Analyst/IAO NAWCAD 7

Patuxent River
12.2016 - 05.2017
  • 2.6.1
  • Lead a Cyber Team of ISSE’s, ISSO’S, and Security Control Assessors in order to successfully security Naval Business systems in on prem, hybrid, and cloud environments (AWS, Google, AZURE)
  • Coordinated, maintained and certified packages for ATO under both NIST 800-53A Revision 4, and DOD 8500.1 DIACAP
  • Packages have consisted of PII, FISMA, and Classified information types/overlays
  • Lead transition current DIACAP Accreditations to NIST 800-53A Revision 4/Risk Management Framework (RMF)
  • Provides Cloud Security Architecture and Compliance expertise
  • Test Military Enterprise Networks for Web, Network, and Application vulnerabilities, using Tenable, Webinspect, and Fortify
  • Worked closely with Account Security Officer (ASO), Segment Security Officers (SSO) and Cloud Service Providers (CSP) to ensure FedRAMP compliance
  • Provided Cloud Computing Migration Assessments and Accreditations Services (A&A) for Software (SaaS), Infrastructure (IaaS), and Platforms (PaaS) using Federal Risk and Authorization Management Program (FedRamp) compliant criteria
  • Review, and Provide Security Control Evidence for Security Control Assessors
  • Administered the Use of Tenable, Webinspect, and Tenable in order to be used for Vulnerbility Management
  • Reviewed Vulnerbility Scans using Tenable, Webinspect, and Fortify
  • Administered the use LogRhythm SEIM Tool for log Management, and Aggregation
  • Worked closely with Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented
  • Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation
  • Responsible for monitoring potential successful and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
  • Evaluated firewall change requests and assess organizational risk
  • Evaluated network applications, services, security operations, and controls
  • Provided in-depth technical analysis of applications, systems and architectures being reviewed by the Network and Technology Audit team
  • Assisted with implementation of countermeasures or mitigating controls.

Cyber Team Lead, Security Control Assessor

Patuxent River Data Center, GCR
, MD
05.2016 - 12.2016
  • ISSE, ISSO, Lead a Cyber Team of ISSE’s, ISSO’S, and Security Control Assessors in order to successfully security Naval Business systems in on prem, hybrid, and cloud environments (AWS, Google, AZURE)
  • Coordinated, maintained and certified packages for ATO under both NIST 800-53A Revision 4, and DOD 8500.1 DIACAP
  • Packages have consisted of PII, FISMA, and Classified information types/overlays
  • Lead transition current DIACAP Accreditations to NIST 800-53A Revision 4/Risk Management Framework (RMF)
  • Provides Cloud Security Architecture and Compliance expertise
  • Test Military Enterprise Networks for Web, Network, and Application vulnerabilities, using Tenable, Webinspect, and Fortify
  • Worked closely with Account Security Officer (ASO), Segment Security Officers (SSO) and Cloud Service Providers (CSP) to ensure FedRAMP compliance
  • Review, and Provide Security Control Evidence for Security Control Assessors
  • Administered the Use of Tenable, Webinspect, and Tenable in order to be used for Vulnerbility Management
  • Reviewed Vulnerbility Scans using Tenable, Webinspect, and Fortify
  • Administered the use LogRhythm SEIM Tool for log Management, and Aggregation
  • Provided Cloud Computing Migration Assessments and Accreditations Services (A&A) for Software (SaaS), Infrastructure (IaaS), and Platforms (PaaS) using Federal Risk and Authorization Management Program (FedRamp) compliant criteria
  • Worked closely with Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented
  • Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation
  • Responsible for monitoring potential successful and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
  • Evaluated firewall change requests and assess organizational risk
  • Evaluated network applications, services, security operations, and controls
  • Provided in-depth technical analysis of applications, systems and architectures being reviewed by the Network and Technology Audit team
  • Assisted with implementation of countermeasures or mitigating controls.

Lead

Suprtek, LRA
Arlington, VA
05.2012 - 05.2016

Lead

SMARTRONIX
Arlington, VA
09.2011 - 05.2012
  • ACTR & Classified LRA (PKI) IAO
  • Developed, evaluated, and implemented security products, procedures and requirements to ensure compliance with DoD Information Assurance policies and to ensure DoD systems meet applicable requirements
  • Verified Security Controls for Classified Token LRA machine
  • Audited, backed up and deleted logs for Classified Token LRA machine
  • Responsible for all Classified Token LRA machine Security Controls
  • Stored Classified Token LRA machine for 10 years
  • Coordinated, maintained and certified packages for ATO under DIACAP
  • Set security controls in compliance with NSS DoDD 8500.01E and DoDI 1000.13 for Classified Token LRA machines, and Provides technical support and guidance to staff in matters relating to Cybersecurity/Information Assurance (CS/IA) and information technology (IT) issues that involve a wide range of IT management that typically extend and apply to an entire organization or major components of an organization
  • Ensured the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools
  • Developed policies and procedures to ensure information systems security, reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data; conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs; promotes awareness of security issues among management and ensures sound security principles are reflected in organizations visions and goals
  • Implemented, maintained, and conducted on-site and remote analyses of information system standard security products and associated systems in order to determine overall technical features and standard security protection required for information systems and networks processing at all levels of information security
  • Provided expert level advice and assistance in the areas of security architecture, systems auditing, security tools, and all areas related to CS/IA
  • Developed CS/IA plans and procedures; serves as a government Action Officer (AO) for security assessments performed on systems and/or networks to ensure they meet certification/accreditation requirements
  • Assisted and managed various NMCI projects to provide IT services to the ONR contract
  • Provided direct support to the Contract Technical Representative (CTR) for all NMCI related functions
  • Supported NMCI ordering and build out processes in NMCI Enterprise Tool (NET) to obtain and implement new NMCI equipment, software, and services for customers
  • Supported NMCI equipment deliveries and technical refresh efforts for unclassified and classified computer equipment
  • Lead validation of NMCI invoices and provide reports to management
  • Managed/applied Security Groups, and Policies to the NMCI Active Directory
  • Developed business process documentation to define the processes used to administer NMCI Administration responsibilities
  • Integrated hardware, software, and/or computer related services to provide an integrated information system
  • Provided technical support to diagnose and resolve problems in response to customer reported incidents is provided by IT Service Desk staff via the phone, remote desktop support, and desk-side support, as required
  • Ensured corrective responses to problematic trends and patterns in customer support requirements are implemented
  • Service performance requirements are attained
  • Support policies, procedures, and standards are implemented
  • Information security and information assurance policies, principles, and practices are followed
  • Customer hardware and software is installed, configured, maintained and disposed
  • Liaison between ONR and NMCI as Assistant Contract Technical Representative (ACTR) identifying and providing required documentation or information to enable HP to provide NMCI services.

NET Trainer/Application Tester

Lockheed Martin
, California
05.2008 - 09.2011
  • Reviewed configuration changes to NET (e.g
  • Functional and technical) to update regression test cases
  • Reviewed system production packages to close out release artifacts
  • Performed software testing to successfully demonstrate functional processes
  • Reviewed test scripts (e.g
  • Functional and technical) to ensure compliance with industry testing documentation standards
  • Used Software Development Lifecycle (SDLC) activities (e.g
  • Planning, design, implementation, testing, documenting, requirements analysis, deployment and maintenance) to ensure high-quality testing of “NET” functionality
  • Worked with eMarketplace (eMp), RAP Tool, Homeport, and Service Request eForm (SReForm)
  • Interfaced with the NET development team and HP to work advanced issues relating to the order/delivery process and account creation process
  • Supported the ISF Tools database that includes all authorized software for NMCI machines; kept all software versions up to date; assist users with account issues; assist in finding software for users; assist in creating RFS (Request for Service) IDs
  • Worked in QA environment to test and evaluate new systems and process as they were added to the system, documenting issues and reporting them to the NET Development team for correction
  • Worked as a member of a five person Help Desk team supporting the NMCI Enterprise Tool in a fast-paced environment averaging over 1000 tickets per week
  • Supported the entire order to delivery process for a system that includes over one million services functioning on the NMCI network
  • Directed users on how to create Services within NET; assist in getting new services through the ordering process; assist users with getting the new services delivered on a Buildout; assist in creating and running reports to validate data; assist in creating new accounts; assist in guiding users through the Move-Add-Change (MAC) process, advised which form or steps to take to complete each MAC type
  • Troubleshoot any and all issues that arise during the process of ordering and building out new services and accounts
  • Created training documents, PowerPoints, and Computer Based Trainings (CBT) for the NET application, an application that supports over 8,000 Navy and Marine Corp Users
  • Performed Release Trainings for several Major and Minor releases on-site, in the field, on the phone and, through web conferencing tools
  • These trainings ranged from individual training, to user groups over 100
  • Trained people in the Add, Move, and Change process for NMCI products/Services
  • Including but not limited to creating services, and submitting orders to eMarketplace, checking the t status of orders in eMp, and submitting buildouts
  • Trained NET users to troubleshoot a variety of network problems by analysis and monitoring tasks
  • Trained users to Schedule and create Navy and Marine Corps Internet (NMCI) unclassified and classified accounts, entry and maintenance of all customer profiles through NMCI databases.

Program Management ASC/ Application Tester

Lockheed Martin
Arlington, VA
01.2007 - 05.2008
  • Reviewed configuration changes to SDMS, CERCLIS, SEMS (e.g
  • Functional and technical) to update regression test cases
  • Reviewed system production packages to close out release artifacts
  • Performed software testing to successfully demonstrate functional processes
  • Reviewed test scripts (e.g
  • Functional and technical) to ensure compliance with industry testing documentation standards
  • Created and updated line items to track scheduled project task in MS Project for multiple projects
  • Successfully tracked the progress of Management, and Development Task to ensure those tasks are completed according to the Customer accepted project schedule
  • Sent updated weekly schedule to Customer to current progress of projects
  • Analyzed weekly and monthly expenditures of physical and human resources to calculate Estimate to Completion Reports for customer and upper management
  • Used the SAP application to maintain, procurement records, and generate financial reports of expenses
  • Constructed Basis of Estimates (BOE)s to acquire funding from customers to be used for new tasking
  • Assisted in the day to day Management of 12 projects with over 65 employees
  • Coordinated, wrote and edited internal Weekly Reports, Monthly Reports, and Task Order Specific Reports on a Portfolio Level
  • Assisted in writing Quick References Guides for Applications
  • Tracked actions items in action item database
  • Reviewed Task Order documents and submitted them to Technical Editing
  • Provided telecommuting agreements and VPN forms to new employees
  • Drafted Purchase Requisition Requests
  • Assisted in management and control of Subcontractors.

IT Technician/Proctor

Nyack College
Nyack, NY
01.2003 - 05.2005
  • Recorded problems which occurred, such as down time and actions taken
  • Demonstrated effective presentation skills
  • Oversaw computer lab
  • Network Setup
  • Deployed O/S and Security updates to LAN workstations
  • This resume and the information contained herein is the proprietary and confidential information of Kforce
  • It is provided solely for your evaluation of the Candidate named herein and may not be used for any other purpose or disseminated to any other party
  • Your receipt of this resume constitutes a Candidate referral which shall entitle Kforce to a placement fee for a period of 365 days
  • This resume and the information contained herein is the proprietary and confidential information of Kforce
  • It is provided solely for your evaluation of the Candidate named herein and may not be used for any other purpose or disseminated to any other party
  • Your receipt of this resume constitutes a Candidate referral which shall entitle Kforce to a placement fee for a period of 365 days
  • This resume and the information contained herein is the proprietary and confidential information of Kforce
  • It is provided solely for your evaluation of the Candidate named herein and may not be used for any other purpose or disseminated to any other party
  • Your receipt of this resume constitutes a Candidate referral which shall entitle Kforce to a placement fee for a period of 365 days.

Information Assurance Officer/Assessor

PKI
  • Developed, evaluated, and implemented security products, procedures and requirements to ensure compliance with DoD Information Assurance policies and to ensure DoD systems meet applicable requirements
  • Assessed Security Controls for Classified Token LRA (PKI) systems
  • Audited, backed up and deleted logs for Classified Token LRA machine
  • Responsible for all Classified Token LRA machine Security Controls
  • Stored Classified Token LRA machine for 10 years
  • Coordinated, maintained and certified packages for ATO under DIACAP
  • Set security controls in compliance with NSS DoDD 8500.01E and DoDI 1000.13 for Classified Token LRA machines, and Provides technical support and guidance to staff in matters relating to Cybersecurity/Information Assurance (CS/IA) and information technology (IT) issues that involve a wide range of IT management that typically extend and apply to an entire organization or major components of an organization
  • Ensured the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools
  • Developed policies and procedures to ensure information systems security, reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data; conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs; promotes awareness of security issues among management and ensures sound security principles are reflected in organizations visions and goals
  • Implemented, maintained, and conducted on-site and remote analyses of information system standard security products and associated systems in order to determine overall technical features and standard security protection required for information systems and networks processing at all levels of information security
  • Provided expert level advice and assistance in the areas of security architecture, systems auditing, security tools, and all areas related to CS/IA
  • Developed CS/IA plans and procedures; serves as a government Action Officer (AO) for security assessments performed on systems and/or networks to ensure they meet certification/accreditation requirements
  • Assisted and managed various NMCI projects to provide IT services to the ONR contract
  • Provided direct support to the Contract Technical Representative (CTR) for all NMCI related functions
  • Supported NMCI ordering and build out processes in NMCI Enterprise Tool (NET) to obtain and implement new NMCI equipment, software, and services for customers
  • Supported NMCI equipment deliveries and technical refresh efforts for unclassified and classified computer equipment
  • Lead validation of NMCI invoices and provide reports to management
  • Managed/applied Security Groups, and Policies to the NMCI Active Directory
  • Developed business process documentation to define the processes used to administer NMCI Administration responsibilities
  • Integrated hardware, software, and/or computer related services to provide an integrated information system
  • Provided technical support to diagnose and resolve problems in response to customer reported incidents is provided by IT Service Desk staff via the phone, remote desktop support, and desk-side support, as required
  • Ensured corrective responses to problematic trends and patterns in customer support requirements are implemented
  • Service performance requirements are attained
  • Support policies, procedures, and standards are implemented
  • Information security and information assurance policies, principles, and practices are followed
  • Customer hardware and software is installed, configured, maintained and disposed
  • Liaison between ONR and NMCI as Assistant Contract Technical Representative (ACTR) identifying and providing required documentation or information to enable HP to provide NMCI services.

Education

Master’s Degree - Information Management Systems with Concentration in Information Security

DeVry University - Keller Graduate School
Arlington, VA
02.2016

Bachelor’s Degree -

Nyack College
Nyack, NY
05.2005

Skills

  • EMASS
  • Vulnerability management
  • Cloud security architecture
  • Incident response
  • Security control assessment
  • Risk management framework
  • Process improvement
  • Stakeholder engagement
  • Technical documentation
  • Security policy development
  • Effective communication
  • Problem analysis
  • Attention to detail
  • Team collaboration
  • Threat analysis
  • Managing security breaches
  • Excellent communication
  • Multitasking Abilities
  • Cloud security proficiency
  • Security information and event management
  • Risk mitigation
  • Vulnerability assessment
  • Decision-making
  • Written communication
  • Disaster recovery planning
  • Developing security plans
  • Analytical thinking
  • Information security
  • Incident reporting
  • Policy development
  • CSAM
  • Xacta
  • ACAS (Tenable Nessus)
  • VRAM
  • Vulnerator
  • Fortify
  • AppDective
  • PCAT
  • WebInspect
  • SCAP
  • SHARPS
  • Evaluate STIG
  • LogRhythm
  • Splunk
  • OpenSearch
  • Sentinel
  • AZURE
  • Google Cloud
  • AWS
  • Word
  • Excel
  • PowerPoint
  • Access
  • Visio
  • Project
  • HTML
  • MetaMatrix
  • C
  • Bash
  • Powershell

Certification

  • CISSP
  • Security +
  • ITLv3
  • HDI
  • Navy Qualified Validator
  • DAU Level III
  • Nessus/ACAS Administrator
  • Certified LogRhythm Security Analyst

Clearance

Top Secret (Active) (SSBI-completed 02/18)

Timeline

Senior Information Systems Security Engineer

P Solutions
09.2023 - Current

Cybersecurity Consultant

Onyxpoint
04.2023 - 09.2023

Senior ISSE

DHA
11.2020 - 03.2023

Information Systems Security Officer (ISSO)/Engineer

DNI, Delaware Nation Industries,
08.2019 - 11.2020

Lead ISSO

Mpire Technology Group
10.2018 - 08.2019

Cyber Team Lead, Assessor

NAVAIR, DS, Patuxent River Data Center, 22nd Century Technology
05.2017 - 10.2018

Cyber Security Analyst/IAO NAWCAD 7

Patuxent River
12.2016 - 05.2017

Cyber Team Lead, Security Control Assessor

Patuxent River Data Center, GCR
05.2016 - 12.2016

Lead

Suprtek, LRA
05.2012 - 05.2016

Lead

SMARTRONIX
09.2011 - 05.2012

NET Trainer/Application Tester

Lockheed Martin
05.2008 - 09.2011

Program Management ASC/ Application Tester

Lockheed Martin
01.2007 - 05.2008

IT Technician/Proctor

Nyack College
01.2003 - 05.2005

Information Assurance Officer/Assessor

PKI

Master’s Degree - Information Management Systems with Concentration in Information Security

DeVry University - Keller Graduate School

Bachelor’s Degree -

Nyack College

Similar Profiles

CREATE PROFILE
WILLIE J. MCALLISTER