IA/Cybersecurity Engineer III

• Apr 2021 - Present

Senior Network/IA/Cybersecurity Engineer, RMF Expert, MISSM/ISSM/ISSE and Qualified NQV Senior Network/IA/Cybersecurity Engineer, RMF Expert, MISSM/ISSM/ISSE and Qualified NQV

Senior Network and Cybersecurity Engineer, RMF Expert, ISSE

• Apr 2020 - Apr 2021

Senior Network and Cybersecurity Engineer, NQV, RMF Expert, and ISSE

• May 2019 - Apr 2020

Top-Level Cybersecurity Advisor to the Deputy Comptroller, U.S. Department of State, Global Financial Services, Global Compensation (CGFS/GC), North Charleston SC. Provided the site with guidance in achieving an Authority to Operate on the JWICS WAN. Additionally, provided the US Dept. of State’s Bureau of Intelligence and Research, Information Support System Team (INRISS) with the applicable RMF-Based security control(s) required for compliance prior to requesting an Authority to Operate (ATO) on the JWICS backbone. Developed and submitted to INRISS a Tier I/II/III Inheritance Model that was readily accepted and approved. This all based on the governing authority of the CNSSI 1253 and applicable overlays. Note that this level of effort commenced from the “ground-up” and is to culminate with an ATO in the very near future.

Project Manager, Senior IA/Cyber Security Engineer

• May 2015 - Apr 2019

Project Manager and Lead Cybersecurity Assessor for the DISA HQ Systems Engineering and Integration Cybersecurity Assessment Team. Manage Cybersecurity Assessment scheduling, customer interface, project status reporting, conducting Cybersecurity Assessments for system accreditation and authorization. SME for DIACAP to NIST-Based RMF Transitioning. SCAP, STIG Viewer, ACAS scanning and reporting, IV&V, assist sites with mitigations/remediation, and residual risk determination. DISA SCA Representative. I manage the project, but unlike most, I still love to get my hands dirty!

Senior IA/Cyber Security Engineer

• Oct 2013 - Apr 2015

Assigned to the DHS/FEMA Authorization, Accreditation, and Assessment project. This effort is a very aggressive and high Op-Tempo contract created for the sole purpose of assessing the security and posture of every IT-based FEMA site in the continental USA. In order for this to be successful, this had to be performed within one fiscal year. Responsible for the independent verification and validation of security settings for all network and stand-alone IT assets at each site visited. Performed Nessus scans with FEMA accredited policies and audits, WebInspect for web server vulnerability scanning, and AppDetective scanning for database vulnerabilities. Generated NIST-based documentation for the site to have and maintain (SAP, SAR, Risk Assessments, etc.). Generated final out-brief presentation which the FEMA CISO goes by and displays during her presentation to each site at the conclusion of each visit. Previously assigned to the Certification and Accreditation Team for the Defense Health Agency (DHA) effort. Responsible for conducting network systems security scans, manual verification of IA controls in accordance with the DIACAP governing authority, personnel interviews, assist sites with remediation/mitigation of any findings that may occur, and validating POAM entries.

Senior Systems Analyst

• Jan 2013 - Oct 2013

Assigned to the SPAWAR Systems Center Atlantic Data Center Consolidation Application Optimization Team located in Charleston, SC (SSC LANT, DCAO). Responsible for Information Assurance packages with systems transitioning into the SSC New Orleans, LA Data Center from their like legacy systems which currently reside in remote areas of the continental United States. Perform compliance and validation/verification scans, manual checks and documentation verification for inclusion in the sites' eMASS package.

Senior Information Assurance Engineer

• Jan 2011 - Jan 2013

Authoring and reviewing customer network security documentation packages, verifying compliance with DCID 6/3, DIACAP, NIST 800 series, DODIIS, ODNI, CNSS, and/or NSA governing documents. Visit sites to conduct Organizational/System Risk Assessments, System Certification/Accreditation, thus determining validity of organizational and network security posture, and compliance with governing directives. Assist sites in generating Certification Test Procedures for operating systems and applications. Authoring and reviewing customer network security documentation packages, verifying compliance with DCID 6/3, DIACAP, NIST 800 series, DODIIS, ODNI, CNSS, and/or NSA governing documents. Visit sites to conduct Organizational/System Risk Assessments, System Certification/Accreditation, thus determining validity of organizational and network security posture, and compliance with governing directives. Assist sites in generating Certification Test Procedures for operating systems and applications.

SDREN NOC MISSM/ISSM/IAM, SDREN NOC Security and Support Team Lead

• Sep 2000 - Jul 2010

Responsible for the successful and secure operation of the Department of Defense High Performance Computing Program Secret Defense Research and Engineering Network Operations Center (HPCMP SDREN NOC) to include the confidentiality, integrity, and availability of systems and services to the SDREN Community to include web, system security tools, email, WAN monitoring, and WAN appliance control services. Ensure proper and up to date site documentation is available to NOC personnel. Responsible for the implementation of all security measures germane to the operation of the NOC, as well as ensuring maximum uptime of all NOC systems. Maintain system accreditation in the form of ATO/ATC.

Systems Analyst

• 1999 - 2000

Managed the USN Infosec server, both unclass and SiPRNet. Managed the USN Infosec server, both unclass and SiPRNet.

Network Engineer

• 1995 - 1999