Professional Documents
Culture Documents
Summary:
Cyber Security Program Manager delivering cybersecurity capabilities including Secure Configuration
Management (SCM), Vulnerability Analysis and Assessment (VA&A), Security Engineering, Assessment and
Authorization (A&A), Cyber Inspection Program, and Cyber Incident Handling and Response within the
Department of Defense. Over 18 years of experience providing cybersecurity services enabling organizations to
exceed its established strategic strategy supporting decision makes in the DoD.
Security Clearance:
Top Secret - SCI
Education:
M.S. Cybersecurity, Strayer University – Cyber Forensic - Ongoing
M.S. Information Systems, Strayer University – Cybersecurity Program Management
B.S. Information Systems, Strayer University – Cybersecurity Administration
A.G.S Columbia College of Missouri – General Studies
Certifications:
ISC2 Certified Information System Security Professional (CISSP), Awarded 12/31/2009, Expires 12/31/2018
ISACA Certified Information Security Manager (CISM), Awarded 02/17/2017, Expires 12/31/2020
ISACA Certified in Risk and Information System Control (CRISC), Awarded 12/31/2012, Expires 12/31/2019
ISC2 Certified Authorization Professional (CAP), Awarded 06/10/2010, Expires 06/30/2019
ISC2 Systems Security Certified Practitioner (SSCP), Awarded 10/30/2008, Expires 10/31/2020
ECCOUNCIL Certified Ethical Hacker (CEH), Awarded 05/28/2011, Expires 12/31/2018
ECCOUNCIL Certified Network Defense Architect (CNDA), Awarded 05/28/2011, Expires 12/31/2018
ECCOUNCIL Certified Security Analyst (ECSA), Awarded 03/23/2012, Expires 12/31/2018
EXIN Information Technology Infrastructure Library V3 (ITIL-F), Awarded 05/20/2012, Expires Never
COMPTIA Security+, Awarded 06/30/2008, Expires Never
COMPTIA Network+, Awarded 09/30/2008, Expires Never
Microsoft Certified System Admin (MCSA), Awarded 02/09/2007, Lifetime
Microsoft Certified System Admin + Messaging (MCSA + Messaging), Awarded 02/09/2007, Lifetime
Microsoft Certified Practitioner (MCP), Awarded 02/08/2005, Lifetime
Lean Six Sigma Yellow Belt, Awarded 12/30/2008, Lifetime
Lean Six Sigma Green Belt, Awarded 12/30/2008, Lifetime
Training:
TANIUM – 2016
FEDRAMP – 2016
ACAS – June 2012
Nessus – March 2012
SCAP – March 2012
DIACAP – December 2011
Technical Summary:
Program Languages – None
Tools: ACAS, HBSS, TANIUM, Splunk, Encase, BCWipe, Nessus, Proxy Solutions (Blue Coat, McAfee, Microsoft
(TMG,UAG)), WireShark, SCCM, SCOM, ArcSight, BMC ADDM, Exchange, Citrix, SCAP tools, Remedy, and more.
Methodology: DISA FSO CCRI/CCORI, RMF, DIACAP, SCCVI, and others
Experience Summary:
Conducts program oversight, including on-going monitoring and periodic auditing of systems and systems
operations. Develops, recommends and implements incident response procedures and technologies to identify,
assess, and ensure the appropriate response to threats and vulnerabilities.
Lead, support, and/or facilitating security assessments of new or modified hardware, operating, systems, and
software applications ensuring integration with DoD IA security requirements.
Manages 22 IA analysts in conducting Vulnerability Management, Security Engineering, Certification and
Accreditation, and Computer Network Defense activities. Provide CLIN management; develop training plan,
evaluation, and workforce improvement for Network Security Operations Branch.
Leads certification and accreditation (C&A) activities and prepare documents/artifacts in accordance with the
Department of Defense (DoD) Certification and Accreditation Process (DIACAP). This includes, but is not limited
to: Analyze and define security requirements, develop System Security Authorization Agreements (SSAA)/System
Security Plans (SSP), Contingency Plans, Risk Assessment Reports, Security Assessment Reports and Plan of
Action and Milestones (POA&Ms).
Manage the DoD Information Assurance Vulnerability Management (IAVM) program and security compliance
activities for the JS OCIO. Monitor and enforce the implementation of vulnerability notifications (i.e., alerts,
bulletins, and technical advisories/notifications) in accordance with United States Cyber Command and Defense
Information Systems Agency (DISA) requirements. Direct the corrective actions on affected system(s) within the
enclave, which were not in compliance with IAVM program directives and vulnerability response measures.
Track, monitor and maintain assets in the Vulnerability Management System (VMS). Analyze technical reports
and sensitive data to identify deficiencies, trends, problem areas, and compliance with DISA Security Technical
Implementation Guides (STIGs) and Checklist. Generate vulnerability reports from VMS and distribute them to
various groups within Operations.
Perform periodic vulnerability scans using Retina, Gold Disk, Nessus, SRR, and other SCCVI tools on network
infrastructures. Actively communicated with operational managers to collect remediation progress, monitored
status and provide weekly vulnerability remediation progress reporting to client leadership.
Principle advisor to Joint Staff (JS) program managers, IA Manager (IAM), system administrators, user
representatives and developers Provide expert technical interpretation and implementation oversight of
applicable information security policies, processes, and practices to ensure operational availability and integrity
of enterprise applications, systems, networks, and data.
Provide verbal and written client updates or briefings on vulnerability mitigation strategies, IAVA compliance
efforts, POA&M status, team's activities and project timelines.
Responsible for the IAT Workforce Program for the program to ensure all contracting personnel meets the DoD
8570 requirement.
Promotes awareness of security issues among management and ensuring sound security principles are followed.
Conducts program oversight, including on-going monitoring and periodic auditing of systems and systems
operations. Develops, recommends and implements incident response procedures and technologies to identify,
assess, and ensure the appropriate response to threats and vulnerabilities.
Managed 6 IA analysts in conducting Vulnerability Management, Security Engineering, Certification and
Accreditation, and Computer Network Defense activities.
Provided advice and guidance on the implementation of network/system security in accordance with mandates
through the application of information assurance vulnerability alerts (IAVAs), Security Technical Implementation
Guides, Command Tasking Orders (CTOs), FRAGOs, INFOCON, Coordinated Alert Messages (CAMs), and other
directives.
Conducted risk assessments, security evaluations, and reviews of information systems and technologies
throughout the system life cycle. Using Retina, Disk Gold Disk, DISA STIG's, HBSS, and Patchlink.
Conducted DoD Information Assurance Certification and Accreditation Process (DIACAP) mission assurance
planning and implementation that follow DoDI 8500.2 and DODI 8510. Develop and review of certification plans
and accreditation documentation (i.e., system security plans, risk mitigation plans, contingency plans, and
disaster recovery plans, etc.)
Developed and updated Plan of Action Milestones (POA&M's) for all enclaves.
Experience with FISMA, NIST, FIPS, OMB, and other applicable Federal requirements, policies, methodologies,
tools, standards, and procedures.
Served as a liaison between the organizational staff, Information Assurance Officer (IAO), Information Assurance
Manager (IAM) and the IT support personnel. Provide expert technical interpretation and implementation
Manages 528 classified and unclassified servers for the Department of the Air Force National Capital Region.
Coordinates and integrates technical aspects of enclave boundary protection with administrative matters such
as standards management, acquisition and configuration management, IT security, and risk management
ensuring the confidentiality, integrity and availability of systems through the planning, analysis and maintenance
of information systems security programs, policies, procedures and tools.
Conducts risk assessments, security evaluations, and reviews of information systems and technologies
throughout the system life cycle. Using Retina and Disk Gold Disk.
Knowledge of certification and accreditation processes. Experience reviewing System Security Plans, policies,
and guidance. Experience in performing vulnerability assessments including development of risk mitigation
strategies
Provide advice and guidance on the implementation of network security in accordance with mandates through
the application of information assurance vulnerability alerts (IAVAs), patches, hot-fixes and Security Technical
Implementation Guides
Provide guidance in implementing IT security policies, development of standard operating procedures, and the
physical/logical placement of all network assets.
Promotes awareness of security issues among management and ensuring sound security principles are reflected
in organizations, visions and goals.
Monitors/Troubleshoots network systems for network degradation, system hardware faults, VPN checks, SMTP
issues, and replication issues with the use of SMS and MOM 2007.
Performs network account administration and manages rights/permissions for all network objects throughout
the agency using NETIQ and Active Directory.
Ensure organization internal/external mail is flowing properly; troubleshoot all existing mail backlogs issues.
Manages 2003/2007 email storage groups, mailbox quotas, and create group distribution lists.
Resolves all incidents on a timely manner using Remedy.
Monitor 115 network systems for attempted penetration and network degradation.
Perform network installation and maintenance throughout the agency.
Observes computer systems, peripheral equipment, and network monitors to detect error conditions; Conduct
periodic and scheduled testing to ensure that network operations are performing to normal standards; Corrects
minor problems on network systems and notifies the correct personnel of the problem, and initiates proper
recovery procedures.
Perform network account administration and reporting for the SecureID remote access subsystem; monitor
virtual private network session ensure proper authentication methods are being upheld.
Monitor all network support facilities including Power Distribution Unit; Uninterruptible Power Supply; and air
conditioning, fire protection, and access control equipment, and correction of minor problems and notification
of venders and expert staff when necessary.
Analyze and release quarantine traffic from unauthorized or unknown hosts.
Conduct data back-up/restoration services on 115 servers totaling to 16 terabytes using VERITAS 6.5 and
Managed Electronic Key Manager System (EKMS). Responsible for the electronic key issuing and destruction for
400 cryptographic items
Programmed and configured all CCI devices to ensure proper telecommunication transmissions are maintained.
Managed CCI lifecycle replacement project and ensure CCI equipment are up-to-date to minimize coverage
lapses.
Administered monthly communication security inspection to ensure proper electronic transmission, storage, and
documentation is conducted to strengthen our security posture.
Performed security audits and provides accurate reporting data to senior management.
Established electronic database to condense reporting of events, items, and resolutions.
Responsible for managing complex physical data models that describe the structure for data storage, data
indexing, data manipulation, and data retrieval applications for the DoD.
Ensures that databases meet the business requirements of client organizations, are accessible to authorized
customers, and being kept up-to-date.
Reviews usage logs and determines the need for changes in access methods, storage media, or other elements
based on usage and performance trends.
Responsible for oracle account administration, assigning database permission, views, and roles.
Notify senior management of any service outages and the potential impact of the client organizations.
Responsible for the proper destruction of classified media.
Established Standard Operation Procedure to ensure database analyst were properly trained to complete all task
that were assigned.
Provide 24-hour direct customer support to Department of Defense and the Joint Chief of Staff.
Generate and resolved 1,500 trouble tickets using Remedy
Responsible for managing complex physical data models that describe the structure for data storage, data
indexing, data manipulation, and data retrieval applications for the DoD.
Ensures that databases meet the business requirements of client organizations, are accessible to authorized
customers, and being kept up-to-date.
Supervise 8 personnel.
Reviews usage logs and determines the need for changes in access methods, storage media, or other elements
based on usage and performance trends.
Responsible for oracle account administration, assigning database permission, views, and roles.
Notify senior management of any service outages and the potential impact of the client organizations.
Responsible for the proper destruction of classified media.
Established Standard Operation Procedure to ensure database analyst was properly trained to complete all tasks
that were assigned.
Provide 24-hour direct customer support to Department of Defense and the Joint Chief of Staff.
Generate and resolved 1,500 trouble tickets using Remedy
Responsible for the daily maintenance and system analysis for multiple networks.
Performs work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and
data through the planning, analysis, development, implementation, maintenance, and enhancement of
information systems security programs, policies, procedures, and tools.
Installed network media and operating system software components, primary storage devices, operating system
software, remote access servers, and intrusion detection systems.
Implements, promotes, ensures, and monitors the rigorous application of approved information security
policies, procedures, principles, and controls in the delivery of all IT services.
Scan, review, and implement security on systems.
Provide status reports on system compliance and document deviations using standard forms.
Performed network account administration and system administration of identified servers.
Manages organizational mailboxes for user can archive, access, and share all departmental mail
Established user accounts in Microsoft Exchange and Active Directory.
Monitored exchange mail queues in Exchange 5.5 and 2000 to identify any potential backlogs on all outgoing
traffic.
Coordinated and schedule systems/data backups for system recovery efforts.
Migrated and Planned 3 network operating system changes. Developed operation system build.
Maintained audit logs and document errors; ensure compliancy with Department of the Navy regulations.
Responsible for the Norton Antivirus Server updates and ensure all patches were pushed via SMS to network
clients and servers.
Deployed IAVA's using SMS packages; ensured updates were successfully applied.
Supervised the Incident Management Team; which led to the closure of 10,000 trouble tickets.
Provided customer support to over 350 users with the organization for 4 different networks.