Experience

US General Services Administration

• United States
• Government Administration
• 1 - 100 Employee

• IT Specialist (INFOSEC) - Privacy Analyst & CUI Program Manager

  • Mar 2020 - Present

  Ensure the protection of Controlled Unclassified Information (CUI), evaluating privacy risks, and developing strategies to enhance data privacy and securityConduct privacy risk assessments to identify vulnerabilities and gaps in data protection measuresEvaluate and monitor compliance with federal privacy regulations such as the Privacy Act of 1974, Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA),and other relevant laws and regulationsDevelop and deliver privacy training and awareness programs to educate agency employees and contractors on privacy best practices, federal regulations, and agency-specific policiesConduct privacy impact assessments (PIAs) for new projects, systems, or processesRespond to privacy incidents and data breaches, including conducting investigations, coordinating response efforts, and developing incident response plansConduct vendor privacy assessments and due diligence for federal agencies to ensure compliance with federal privacy requirements and assess potential privacy risks associated with third-party vendorsSupport the development and maintenance of privacy-related policies, procedures, and documentation specifically tailored to federal needs and requirementsConduct regular privacy audits and assessments to evaluate the effectiveness of privacy controls, identify areas for improvement, and ensure complianceProvide expert advice and guidance on federal privacy-related matters to stakeholders, senior leadership, program managers, and IT professionalsCollaborate with IT teams to ensure privacy and security controls are properly implemented, maintained, and aligned with federal guidelinesParticipate in privacy-related projects and initiatives such as privacy impact assessment frameworks, interagency privacy working groups, and federal privacy compliance initiatives Show less

• Senior Information Systems Security Analyst

  • Nov 2012 - Mar 2020

  IT Systems Security Analyst - •Develops policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data;•Conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs;•Promotes awareness of security issues among management and ensuring sound security principles are reflected in organizations’ visions and goals;•Serves as an expert consultant for functional teams to assist them in anticipating, identifying, evaluating, mitigating and minimizing risks associated with IT systems vulnerabilities.•Develops systems security contingency plans and disaster recovery procedures;•Participates in network and systems design to ensure implementation of appropriate systems security policies;•Assesses security events to determine impact and implementing corrective actions; and/or•Develops policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data;•Conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs;•Promotes awareness of security issues among management and ensuring sound security principles are reflected in organizations’ visions and goals;•Conducts systems security evaluations, audits, and reviews;•Develops systems security contingency plans and disaster recovery procedures;•Develops and implements programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures;•Participates in network and systems design to ensure implementation of appropriate systems security policies;•Ensures the rigorous application of information security/information assurance policies, principles, and practices Show less

• Senior Information System Security Officer

  • Jan 2007 - Nov 2012

  •Serve as an advisor in the execution of the Risk Management Framework for GSA’s IT systems and the agency Information Security Performance Plan to ensure compliance with the Federal Information Security Act Management Act and the Federal Information Security Modernization Act (FISMA).•Support the development and implementation of effective security requirements for new IT projects and emerging technologies.•Ensure that audit activities effectively evaluate compliance of IT systems with National Institute of Standards and Technology (NIST), GSA, and relevant security policies, Presidential Directives, and Federal standards.•Support the development of the system security policy and ensuring compliance on a routine basis in coordination with my team of information system security officers (ISSOs) and systems owner (SO).•Develop and update the System Security Plan, managing and controlling changes to the system, and assessing the security impact of those changes.•Support multiple projects and planning efforts to ensure Cyber Security and IT Security compliance requirements. Show less

• Senior IT Desktop Support Technician and Project Manager

  • Oct 2000 - Jan 2007

  •Review and approve assessment of configuration management processes.•Skill in adapting analytical techniques and evaluation criteria to the measurement and improvement of program effectiveness•Ability to prepare special studies and staff reports, including the ability to meet emergency and/or changing program requirements within available resources and with minimum sacrifice of quality or quantity of work.•Lead, review, and/or approve the results of the assessment of the effectiveness of security controls, to include recommendations for corrective action when necessary. •Develop procedures and assist in testing fail-over for system operations transfer to an alternate site based on system availability requirements.•Knowledge of information technology (IT) risk management policies, requirements, and procedures.•Review, approve and/or report to senior leadership the status of systems security operations and maintenance activities.•Team Lead for all IT COOP activities for hot, warm, and cold sites.•Represent the IT department to Senior Regional Officials regarding IT training needs•Discover, evaluate, review, and suggest new technologies for enterprise implementation.•Develop training plans, resources, and informational presentations for Regional employees for all types of access to the GSA IT network infrastructure. •Function as the primary team POC for all IT questions, initiatives, IT pilot groups. •Lead and organize the Regional Veterans Special Emphasis Program for all activities related Veterans holidays, programs, and special events. •Partner with multiple Federal agencies for combined Veterans events.•Liaised with GSA HR, colleges, and military bases to set up and attend recruiting events and job fairs around the state of Colorado for both Veterans and civilian talent. •Effectively build networking relationships with multiple educational and professional institutions, and help to recruit several talented individuals into Region 8. Show less

• Federal Police Officer / Senior Security Specialist

  • Jan 1993 - Oct 2000

  •Conduct physical security and risk vulnerability inspections, evaluate and provide recommendations•Lead security and/or safety awareness training for personnel•Recommend actions to avoid conditions conducive to threats such as vandalism, terrorism or theft•Evaluate clearances for management and personnel according to the information and property they may access•Protect citizens by preventing crime, enforcing laws, apprehending suspects, and monitoring traffic.•Prevent crime by explaining and enforcing applicable federal, state, and local laws and ordinances; teaching preventive, protective, and defensive tactics; mediating disputes; patrolling assigned area; responding to notices of disturbances;•Apprehend suspects by responding to complaints and calls for help, observing violations, and making arrests.•Conduct criminal investigations by gathering evidence, interviewing victims and witnesses, and interrogating suspects.•Document observations and actions by radioing information and completing reports.•Maintain safe traffic conditions by monitoring and directing traffic, enforcing laws and ordinances, investigating accidents, providing escort, and reporting unsafe streets and facilities.•Minimize personal injury by rescuing and reviving victims and radioing for medical assistance.•Maintain operations by following department policies and procedures and recommending changes.•Ensure operation of equipment by practicing responsible use, completing preventive maintenance requirements, following manufacturer’s instructions, troubleshooting malfunctions, notifying supervisor of needed repairs, and evaluating new equipment and techniques.•Maintain professional and technical knowledge by studying applicable federal, state, and local laws and ordinances; attending educational workshops; reviewing professional publications; practicing skills; and participating in professional societies. Show less



United States Army Reserve (Retired)

• Signal Officer / Space Operations Officer

  • Nov 1990 - May 2012

  Officer in Charge / Team Leader for CIO (G-6) Army Reservists: •Establish effective working relationships to communicate well with others, orally and in writing, including preparing and conducting formal and informal briefings to all levels of personnel •Develop global IT strategic support and training plans. •Provide support to Active Duty military and civilian workforce in electronic warfare, information operations campaigns, and special technical operations (STO). •Provide coaching, professional development guidance and personal development for all of my soldiers. •Authorize and submit awards for all of my assigned troops. •Establish regular periodic listening, troubleshooting, and problem solving meetings with my team. •Coach subordinate officers in developing specific training plans and goals to further individual development and career advancement via training plans, classes, training aides and training calendars. •Volunteered in Army Recruiting Assistance Program (RAP) to attend recruiting events at various job fairs and events. Show less