Cyber Security SME

• Aug 2020 - Present

Cyber Security SME

• Mar 2019 - Aug 2020

Sr Cybersecurity Consultant

• May 2017 - Mar 2019

Sr. Cyber Security Specialist

• Jun 2015 - Jun 2018

Serve as primary Cyber Security POC supporting multiple US Patents and Trademarks Office (USPTO) Financial Systems. Develop all Cyber Security artifacts to support RMF certification and Continuous Monitoring in compliance with NIST 800-53 and 800-37 and USPTO Policies and Procedures. Ensure all Continuous Monitoring processes related to supported systems are executed and tracked. Ensure quarterly vulnerability scans are performed against supported systems. Perform technical analysis of scan results and provide technical remediation advice. Develop Plan of Action & Milestones (POA&M) for remediation of any findings that cannot be quickly addressed. Show less

Cyber Security Consultant

• Aug 2014 - Jun 2015

Cyber Security Team Lead

• Aug 2013 - Aug 2014

Manage the complete DIACAP C&A process, utilizing eMASS and DHA IA Portal, to ensure all activities occur according to Timeline. Lead CS Team in conducting Certification and Accreditation (C&A) efforts on DHA Information Systems (ISs), utilizing Department of Defense (DoD) Instruction 8510.01, “DoD Information Assurance Certification and Accreditation Process (DIACAP)” as a baseline. Prepare DIACAP information packages, to include site visit Agendas, DIACAP Briefs, Timelines, Overviews of automated scanning tools, DHA IA C&A Policies and Templates containing the DISA STIGs, Security Checklists, Security Requirements Guides (SRGs), DISA SRR scripts, SCAP STIG Benchmarks, Retina/AppDetectivePro/WebInspect policies, and DIACAP Artifact templates. Show less

Information Assurance Manager

• Jul 2010 - Sep 2013

Information Assurance Manager - US Army PEO-EIS/PM I3MP Establish and develop an IA program; Hire and manage IA Officers, develop PM IA Strategies, policies, procedures and other documentation. Develop IA guidance and integrate into existing contracting documentation to ensure adherence to IA requirements throughout the projects managed by the PM office. Work closely with higher HQ IA leaders and staff members on certification and accreditation (C&A), security policy and compliance, IA training and certification requirements. Track compliance with DoD 8570.1-M using Army Training and Certification Tracking System (ATCTS). Work with senior management to convert strategic goals into programs, policies and/or procedures. Serve as an expert authoritative consultant to ensure compliance with DoD and Army IA/security regulations, policies, guidelines and executive directives. Recognized as a technical/functional authority to provide IA oversight and support to over 50 active projects per year, to ensure PM fielded systems are developed and deployed in accordance with DIACAP and DISA connection requirements. Show less

Senior Information Security Engineer

• Oct 2008 - Jul 2010

Plan, coordinate and provide security engineering support to PEO level projects. Responsible for coordinating IA efforts with customers, along with government or contractor systems engineers. Conduct objective security analysis, planning, testing, evaluation, certification and validation of systems to ensure compliance with DoD 8510.01, DoD8500.2, AR 25-2, DIACAP, Army Best Business Practices (BBP), as well as regulations, policies, system unique requirements and industry best practices to determine residual risk to the system and to the LandWarNet. Conduct in-depth validation of internal and external system interfaces, Firewall and Network security, Intrusion Detection, data flows, TCP/IP security, cryptography, physical security, Operating System security configuration, application security, etc. to determine their significance in terms of the network security environment, Defense in Depth, mitigation efforts, etc. Analyze and evaluate system requirements, Security Policies and Procedures, Contingency Plans, Incident Response Plans, Personnel Security, Access Control mechanisms, Continuity of Operations Plans, Disaster Recovery Plans, Incident Response Plans and Identification & Authentication mechanisms. Develop DIACAP artifact documentation. Show less

Senior Information Security Engineer

• Mar 2001 - Oct 2008

Technical security testing of network layer 2/3 switches, routers and firewalls for compliance with AR25-2, 8500.2, Defense Information System Agency (DISA) Security Technical Implementation Guide and security related industry and Army best business practices (BBP). Testing was performed at the Technology Integration Center (TIC), Ft. Huachuca, AZ. Conduct in-depth validation of internal and external system interfaces, Firewall and Network security, Intrusion Detection, data flows, TCP/IP security, cryptography, physical security, Operating System security configuration, application security, etc. to determine their significance in terms of the network security environment, Defense in Depth, mitigation efforts, etc. Network switch, router and firewall security testing at the Army Technology Integration Center (TIC), Ft. Huachuca, AZ. Develop technical documents and templates including DIACAP/security test plans and procedures, security risk analysis reports, device security test reports, and DIACAP ST&E reports. Led over 30 DIACAP certification efforts for type accredited systems and Army base installations. Played a key role in the Ft. Huachuca campus network infrastructure migration from Windows NT to Active Directory. Show less