SlideShare uma empresa Scribd logo

Resume -Resume -continous monitoring

Transferir como DOCX, PDF
T
Tony Kenny
1 de 6
John A Kenny 10200 DaylilyCt, Manassas, VA 20110| (H) 703-330-3983| (C) 703-403-0503| kennyja@gmail.com Professional Summary My experience in the electronic/computer industry spans more than twenty years in both secure and non-secure situations to include the EOP Whitehouse complex. I have a strong background in customer service oriented environments, requiring a judicious mixture of creativity, administrative, and managerial skills. I have in served many positions during the course of my career to include team member, team lead management roles. I am known for my ability to deal effectively in high stress,time sensitive areas,and am eager to apply this knowledge and skills. I am a highly motivated individual with an exceptional track record for handling diverse and special projects. Both on-the-job and at home, I have developed an thorough understanding of enterprise security and layered security architectures. I am intimately familiar with NIST, DOD DITSCAP/DIACAP,CNS1253, ITIL security standards ,In prior work experiences I have been a key participant in the design, installation and service of Microsoft NT, NOVELL NetWare,Ethernet,Token Ring and other Local Area Networks,as well as various modem communications systems. I have also been involved with the implementation of network and computer security items such as SIEM tools, PKI,TACACS,Radius and other Single Sign-on solutions. Skills Certifications: CISSP,CFCP,MCSE, Novell CNE McAfee EPO training Spector 360 training Nessus Security Center training Tripwire training Splunk training Apache Solr (ELK stack) PKI and Single Sign-on Solutions Remote access technology Excellent diagnostic skills NIST, DOD DITSCAP/DIACAP,CNS1253, ITIL Clearances: DOD Top Secret NACI with Presidential Access DoS Top Secret Education Bachelor of Science: Information Systems Security American Public University Work History Senior Cyber Information Assurance Analyst June 2007 - Current Northrop Grumman (Multiple NGC Customers) (DHS)-current Implemented an information security continuous monitoring (ISCM) platform using Splunk and Solr (ELK) analytics tools to create security reports for DHS classified HSDN network. Integrated new data source inputs into Splunk including data feeds from Remedy, Tripwire, MS Exchange, Spectre360, Tenable, BigFix, Active Directory, and Cisco SourceFire. Created Splunk dashboards and correlated report outputs across multiple data feeds. Created metrics and reports to use different data source inputs to validate each other increase integrity level of management level security reporting. Configured Splunk to meet Whitehouse mandated ICS 500-27 Insider Threat monitoring requirements. AirForce(AOC)-9/2014-8/2015 Documented and streamlined all C&A Security processes at AOC,and created a decision based flowchart to diagram them. This action directly resulted in over a million dollar cost savings and 35% reduction in man hours to the program with regard to applying STIG settings to environment. Created a process to track, triage and prioritize security findings within the AOC WS system. Instrumental in developing and maintaining metrics used for progress reporting to management. Key contributor to the selection of software that provided a database solution to storing, analyzing and reporting vulnerability data and was the only technician experienced in installing, configuring and
maintaining the software after purchase. Participated in the conversion of the Information Assurance data from the old manual process to the new database. NATO-6/2014-9/2014 Operated an information security continuous monitoring (ISCM) platform using Northrop custom written analytics tool NCCCS to provide near real time statistics and reporting on the NATO CIS networks at SHAPE HQ Mons Belgium. Reconfigured NCCCS software to use Active Directory authentication. Integrated new data source inputs into NCCCS and created NCCCS dashboards and created correlated report outputs across multiple data feeds. Created metrics to and reports to use different data source inputs to validate each other increase integrity level of management level security reporting. BEP-9/2014-11/2012- Served as a supervisor and Subject Matter Expert for Information Assurance Engineers on the Bureau of Engraving and Printing project. Coordinates with Systems Developers, Administrators, and Program, and Project Managers to compile and document all required FISMA C&A documents required for system authorization (ATO). Provides security expertise on customized BEP business systems, to include customized printing and manufacturing systems and associated SCADA devices. Provides security related subject matter input to System Administrators to correct or mitigate vulnerability findings. Provides SME guidance and advice on UNIXand Windows hosts in order to improve security posture. Implemented company policies, technical procedures and standards for preserving the integrity and security of data, reports and access. Architected, designed and implemented CAESARS based Security Continuous Monitoring solution in order to meet NIST FISMA requirements. Recommended network security standards to management. Implemented the ComplyVision, automated C&A tool for the BEP. The ComplyVision tool is a core element of the BEP Continuous Monitoring solution mandated by OMB. Configured security application platforms such as QRadar,SolarWinds, Nessus,Micrsoft SCCM to feed data into ComplyVison in order to create security dashboard, and holistic security reporting foundation to support migration from client-server product lines to enterprise architectures and services and Continuous Monitoring. Managed severalprojects from concept to completion while managing outside vendors. Developed work-flow charts and diagrams to ensure production team compliance with client security deadlines. Supervised and provided direction for six technical direct reports regarding network activities. Dept ofState(Consular Affairs) 2009 - Nov 2012 Served as a supervisor for Information Assurance Engineers on the Dept of State Bureau of Consular Affairs project. Coordinated with Systems Developers, Administrators, and Program, and Project Managers to compile and document all required FISMA C&A documents required for system authorization (ATO). Provided security expertise on customized CA business systems, to include customized systems associated with productions and maintenance of passport and VISA information. Provided security related subject matter input to System Administrators to correct or mitigate vulnerability findings. Provided SME guidance and advice on UNIXand Windows hosts in order to improve security posture. Implemented company policies, technical procedures and standards for preserving the integrity and security of data, reports and access. Recommended network security standards to management. Implemented the ComplyVision, automated C&A tool for Consular Affairs Bureau. The ComplyVision tool is a core element of the Consular Affairs Continuous Monitoring solution mandated by OMB. Configured security application platforms such as IPost,SolarWinds, Nessus,Micrsoft SCCM to feed data into ComplyVison in order to create security dashboard, and holistic security reporting foundation.to foundation to support migration from client-server product lines to enterprise architectures and services. Managed severalprojects from concept to completion while managing outside vendors. Developed work-flow charts and diagrams to ensure production team compliance with client security deadlines. Supervised and provided direction for six technical direct reports regarding network activities. VITA 2008 - Jan 2009 Performed initial C&A activities including security related deliverable documents for Virginia Information Technologies Agency (VITA) Enterprise Security Operations Center (ESOC). These duties included the creation of System Security Plan (SSP), Plan of Action and Milestones (POA&Ms),Process and Procedure documents. Assisted VITA in implementing industry best practices such as SANS, ITIL, and vendor guidance, as well as federalstandards such as NIST in the newly formed Virginia Enterprise IT Infrastructure. Assisted with the the Mcafee ePolicy Orchestrator project, and wrote the process guides and operation procedure documents, and assisted with the installation and configuration of Mcafee EPO at VITA. TechnicalLead for a Security Dashboard project to provide situational security awareness for VITA Security Directorate and enterprise-level agencies. FEMA Nov 2007 - Apr 2008 Assisted in the security assessment and FISMA compliance of multiple systems at the FEMA Mt Weather facility. Created security related C&A documents using the requirements specified in the National Institute of Standards and Technology (NIST) guidelines and FEMA / DHS Policies and Procedures. Assisted with an effort to update and standardize SSP information using an automated security tool (RSA). Established and documented a baseline of security controls shared by all elements of FEMA. Dept ofState (Diplomatic Security) Jun 2007 - Nov 2007 Assisted in the security assessment and compliance of the Messaging Center Officers (MSO) portion of the Department of State (DoS) OpenNet Plus and DoS classified network (ClassNet).These duties included the creation of General Support Systems (GSS) documents, System Security Plan (SSP), Plan of Action and Milestones (POA&Ms),Compliance and Vulnerability Scan Reports, and Certification and Accreditation Recommendations for the (DoS) using the requirements specified in
the NIST Special Publications DoS Policies and Procedures Foreign Affairs Manual (FAM). Assisted with an effort to update and combine severalsystem SSPs into one OpenNet GSS SSP. Information Assurance Engineer/AnalystAug 2005 - Jun 2007 SAIC Falls Church, VA Served as a member of the System Security Engineering team to provide life-cycle information assurance (IA) engineering support for DOD's C2 system GCCS-J. Aided the customer in applying IT and security engineering expertise into the software development phase of the project, rather than at the C&A phase. This effort gave the developers a chance to recognize and correct security flaws before seeking a certification. Assisted customer with security guidance, including the Common Criteria, DITSCAP,as well as DOD and NSA technical configuration guides. Helped integrate security practices into the early stages of the Systems Design Lifecycle (SDLC) process. Developed security test plans and assisted in the integration of security testing software to evaluate system assets. Senior Security Analyst Feb 2005 - Aug 2005 Aquent Reston, VA Performed Certification and Accreditation activities (C&A) for multiple VHA hospitals to include both generic (type) and site accreditations in accordance with the (NIST), (HIPPA),and (SOX) standards along with VHA policy and procedures. Wrote critical project security documents at both the site level, as well as the enterprise level. Provided mentoring and guidance to junior INFOSEC personnel to relay knowledge of INFOSEC, LAN,WAN, and operating system security principles, as well as lessons learned during site surveys. Provided security and OS hardening expertise to VHA personnel. Senior Security Engineer Oct 2002 - Feb 2005 Northrop Grumman (Multiple Customers) DHS(HSDN) July2004-Feb2005 Served as Senior Security Engineer for multiple DHS clients while on the HSDN (Homeland Security Data Network) project. THis effort included both generic (type) and site accreditations in accordance with the DoD Information Technology Security Certification and Accreditation Process (DITSCAP). Deliverable documents included SSAs (Site Specific Addendums), RRAs (Residual Risk Assessments),STEs (Site Technical Evaluations) and CTE (Compliance Test Evaluation) for the Datacenter,NOC and SOC environment. Provided mentoring and guidance to junior INFOSEC personnel to relay knowledge of INFOSEC,LAN, WAN,and operating system security principles, as well as lessons learned during site surveys. Assisted in the development of security policies, plans and architecture, and provided expertise and knowledge of DCID 6/3 as well as practical experience with Intelligence Community (IC) customers. Dept ofState(Diplomatic Security)May 2003 - July 2004 Served as a Senior Security Engineer while tasked to the Department of State (DoS) Diplomatic Security Services Bureau (DSS). Provided security engineering and integration services to customers at foreign embassies worldwide in a team lead capacity. Instrumental to the department in meeting FISMA, and HIPA certification at the embassies. Resolved security issues including architectures,electronic data traffic, and network access. Coordinated with vendors in the design and evaluation of secure operating systems, network tools, and database products. Used Encase forensic tools, and other tools to gather information for the enforcement of computer policy violations. Performed penetration and vulnerability analysis and information technology security research. Configured and maintained the customer's operational and lab equipment in compliance with established DoS security standards. Reviewed customer's audit checklists and processes for relevance and applicability. Served on review boards and panels to ensure procedures and equipment met the evolving federal government security requirements. Prepared formalsecurity reports for submission to government CIO. PSRCP Oct 2002 - May 2003 Served as System Administrator supporting the PSRCP Network Management Component (NMC) development effort. Responsibilities included the daily monitoring, performance and maintenance of the NMC release systems under a strict configuration control environment. Responsible for systems backup and recovery, security, installation and upgrade, disaster recovery,vendor coordination and project personnel support. Designed and implemented a Veritas Netbackup Data recovery system to incorporate 25 Unix servers with a SAN attached robotic tape library. Wrote extensive scripts and utilities for this backup and recovery system to enhance the performance, and security of the system.Troubleshot all maintenance problems and recommended courses of action. Enterprise Network Implementation Engineer Jan 2002 - Oct 2002 Wheeler Network Design Washington, DC
Functioned as Technical Team Lead for group of technicians on the OpenNet Plus Enterprise Network implementation project. Traveled to foreign and domestic embassies to perform security C&A and remediation tasks in preparation to migrate to the new enterprise infrastructure. Oversaw and coordinated planning efforts of Embassies and Consulate offices overseas and domestic posts. Resolved team issues as well as post issues during visits. Ensured that all systems at posts visited conformed with security settings policy issued by DS Security Configuration Guidelines. Submission of daily status reports to project management in Washington DC along with status reports to post management. Provided documentation on problems found, resolutions applied, and recommendations for the future health of the network. Provided operational guidance for current and proposed projects. Acted as a SME in initial pilot for the migration to Win 2K from NT 4.0 to include design of Active Directory, GPO, and Win 2K Security. Defense Messaging System (DMS) Lead Product Tester Apr 2000 - Jan 2002 Geologics Manassas, VA Worked onsite at Lockheed Martin on the Defense Messaging System project. DMS is a suite of products integrated by Lockheed Martin, to provide secure E-mail and directory services for the Department of Defense. Served as lead tester for Microsoft products within the DMS suite. Worked with Microsoft Exchange 5.5, Exchange 2000, and Outlook to ensure secure encrypted E-mail message flow between Microsoft and Lotus Domino servers. Troubleshot X.400 message flow between Microsoft Exchange, and Lotus Domino servers,as well as X.500 directory services. Instrumental in troubleshooting Fortezza and PKI certificate problems within the DMS system in the lab environment. Worked with severalDMS specialty products, including MFI Multifunction Gateway, MLA X.500 mail list agent, MWS management station, and PUA Profile User Agent. Network Manager Feb 1998 - Apr 2000 Logicon Syscon, Inc Functioned as Helpdesk manager/Network manager on a project for DOJ. Project included the integration and migration of an existing predominately UNIXsystems to a true enterprise network using Microsoft Windows NT as the NOS platform. Responsibilities included managing resources in order to maintain proper phone coverage at the call center. Acted as buffer between level 1 support group and the level 2 and 3 support groups. Responsible for scheduling all down time for network and server outages, to include backups, and downtime needed for upgrades. Performed regular security compliance tests of servers,and integrity checks of backup tapes Implemented Microsoft SMS and SMS remote control tools at helpdesk, which resulted in a 25% reduction in call resolution time. Senior Network Engineer Jun 1996 - Feb 1998 Raytheon Systems Lexington Park, MD Functioned as a LAN Network Engineer for Hughes Aircraft,which later became Raytheon Systems. Responsible for maintaining a 17 server LAN network which included a mix of Novell 3.x, 4.x, Windows NT,and SUN UNIX platforms. Responsible for maintaining and troubleshooting all core LAN/WAN network equipment including Wellfleet router, severalCisco routers and 3Com Ethernet switches. Implemented a NetWare Multiprotocol Router, to perform TCP/IP tunneling to provide connectivity to remote servers across the Internet. Functioned as lead engineer on a project to convert 16MB Token Ring LAN environment to a switched Ethernet platform. This effort included the design implementation of LAN/WAN assets to facilitate the migration project. Planned and implemented migration from cc:Mail to Exchange 5.5. Implemented and configured DHCP and WINS on newly migrated network Designed and implemented a network wide backup scheme. Network Engineer Jan 1996 - Jun 1996 GE Capitol Fairfax, VA Served as a Network Administrator while contracted to the National Rifle Association as lead engineer/ administrator, to provide network and help desk support for an 18 server Novell PC/LAN. Responsible for general PC support and help desk support. Implemented TCP/IP protocol at workstations and configured DNS server. Responsible for administering cc:Mail E-mail system as well as ensure connectivity to the NRA's IBM mainframe and IBM AS400 via a Netware SAA Gateway.
Network Administrator Dec 1994 - Jan 1996 I-Net (Multiple Customers) Dept ofJustice Mar 1995 - Jan 1996Network Administrator at the Department of Justice, Antitrust Division for the management of a 37 server Novell PC/LAN. Responsible for administering the PC/LAN network,GroupWise E-mail system, and Soft Solutions Document Management system. Assisted with revision of security policies with regards to Soft Solutions security settings, and GroupWise shared mailboxes, as well as mailbox proxy rights. Served as an escalation point, providing second level support to the Help Desk analysts. Daily duties included monitoring GroupWise message servers as well as a X.400 link used to communicate with other Department of Justice agencies. Setup and administered 3 optical disk library servers so that users could access WORM disks via the network Provided tier 2 and 3 support for the service center. DoD OUSD-PR Dec 1994 - Mar 1995 Functioned as the LAN / hardware technician on a contract with the Department of Defense at the Pentagon. Duties included repair and installation of all PersonalComputer and LAN hardware within the Office of the Under Secretary of Defense Personneland Readiness (OUSD-PR) group. Diagnosed complex network problems on the OUSD-PR LAN,which consisted of 12 Windows NT servers,as well as a Microsoft Mail E-mail server in three different buildings. Assisted in the administration of the network and E-Mail services,and provided support at the (OUSD-PR) help desk. Worked with junior members of the network team to aid in diagnosing of network problems as well as offered suggestions as to how network performance. Computer Equipment Specialist Feb 1991 - Dec 1994 PRC Inc Network technician in the PersonalComputer Support Group at the Executive Office of the President (EOP) and White House Complex. Lead technician in troubleshooting and maintaining Novell, Ethernet and IBM Token-Ring LAN networks as well as networked mainframe and fax connections. Performed regular reviews of security, and other audit logs on networked fax server to look for suspicious user activity, and system related problems, and prepared routine reports on same. Responsible for software installation and implementation in a variety of configurations. Recommended standards for workstations and server configurations as well as assisted in the testing and evaluation of hardware and software for integration into the EOP LAN / WAN environment. Assisted in the design and installation of a remote login system for home use. Performed administrative duties on the White House Novell LAN network which consisted of 4 domains and 36 NetWare servers. Computer Equipment Specialist Apr 1989 - Feb 1991 EDS Inc Lead technician in installing and troubleshooting cabling systems for Novell, Ethernet and IBM Token-Ring LAN networks as well as networked mainframe and fax connections. Responsible for software installation and implementation in a variety of configurations. Recommended standards for workstations and server configurations as well as assisted in the testing and evaluation of hardware and software for integration into the Pentagon LAN / WAN environment. Implemented a training program to teach other technicians how to terminate, splice, and certify fiber optic cables. Computer Equipment Specialist Jan 1988 - Apr 1989 Federal Bureau ofPrisons Washington,DC Served as a Lead Technician while at Federal Bureau of Prisons (BOP). Responsibilities included troubleshooting and maintaining all desktop equipment at the Bureau of Prisons headquarters building. Acted as Systems Administrator for Bureau of Prisons electronic BBS system. BOP BBS system was a Mustang/DOORS dialup electronic bulletin board used to transmit prison population information, as well as other vital communications between prison facilities. Responsible for management, operation and maintenance of servers,as well as account management, and folder permissions, also monitored chat room logs for suspicious activity, and possible BOP information being posted in public forums. Front Desk Manager Aug 1986 - Jan 1988 Sheraton Hotels Arlington, VA Night Front Desk Manager at Sheraton Hotel in Arlington VA. Supervised other desk clerks on night shift, and performed
night auditing duties, and reviewed desk clerk console transactions reports on an as needed basis. Responsible for check- in and checkout of guests, and resolving problems related to guest, and other convention related issues. This was a full time night shift position that was concurrent with daytime school activities at Computer Learning Center.

Recomendados

Information Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyInformation Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyLblum1234
 
08252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA108252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA1jjdoylecomcast
 
Jesse Hinton Resume
Jesse Hinton ResumeJesse Hinton Resume
Jesse Hinton ResumeJesse Hinton
 
Guy-Crumpley-Resume-June-29-2015
Guy-Crumpley-Resume-June-29-2015Guy-Crumpley-Resume-June-29-2015
Guy-Crumpley-Resume-June-29-2015Guy Crumpley
 
CLR Resume'
CLR Resume'CLR Resume'
CLR Resume'Clay Ramsey
 
Mark_Koehler_Resume_JUN2015_v1.1
Mark_Koehler_Resume_JUN2015_v1.1Mark_Koehler_Resume_JUN2015_v1.1
Mark_Koehler_Resume_JUN2015_v1.1Mark Koehler
 
John Michael Rzepkowski Resume Oct2015
John Michael Rzepkowski Resume Oct2015John Michael Rzepkowski Resume Oct2015
John Michael Rzepkowski Resume Oct2015John Rzepkowski
 
Dunkle resume Info tech spec2
Dunkle resume Info tech spec2Dunkle resume Info tech spec2
Dunkle resume Info tech spec2david dunkle
 

Recomendados

Information Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyInformation Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyLblum1234
 
08252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA108252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA1jjdoylecomcast
 
Jesse Hinton Resume
Jesse Hinton ResumeJesse Hinton Resume
Jesse Hinton ResumeJesse Hinton
 
Guy-Crumpley-Resume-June-29-2015
Guy-Crumpley-Resume-June-29-2015Guy-Crumpley-Resume-June-29-2015
Guy-Crumpley-Resume-June-29-2015Guy Crumpley
 
CLR Resume'
CLR Resume'CLR Resume'
CLR Resume'Clay Ramsey
 
Mark_Koehler_Resume_JUN2015_v1.1
Mark_Koehler_Resume_JUN2015_v1.1Mark_Koehler_Resume_JUN2015_v1.1
Mark_Koehler_Resume_JUN2015_v1.1Mark Koehler
 
John Michael Rzepkowski Resume Oct2015
John Michael Rzepkowski Resume Oct2015John Michael Rzepkowski Resume Oct2015
John Michael Rzepkowski Resume Oct2015John Rzepkowski
 
Dunkle resume Info tech spec2
Dunkle resume Info tech spec2Dunkle resume Info tech spec2
Dunkle resume Info tech spec2david dunkle
 
Torben Verdich Resume TS-SCI
Torben Verdich Resume TS-SCITorben Verdich Resume TS-SCI
Torben Verdich Resume TS-SCITorben Verdich, MCITP
 
Priscilla_Y_Thankudas Resume USAJOBS
Priscilla_Y_Thankudas Resume USAJOBSPriscilla_Y_Thankudas Resume USAJOBS
Priscilla_Y_Thankudas Resume USAJOBSPriscilla Thakurdas
 
JoeMills
JoeMillsJoeMills
JoeMillsJoe Mills
 
Biga_8_9_16
Biga_8_9_16Biga_8_9_16
Biga_8_9_16James Biga
 
My CV-Jan-2016
My CV-Jan-2016My CV-Jan-2016
My CV-Jan-2016Adel Zayed
 
Nancy conelley.cv
Nancy conelley.cvNancy conelley.cv
Nancy conelley.cvNancy Conelley
 
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityNIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityDavid Sweigert
 
Edward E Copeland_Resume
Edward E Copeland_ResumeEdward E Copeland_Resume
Edward E Copeland_ResumeEdward Copeland
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nistNaveen Koyi
 
24th April 2016
24th April 201624th April 2016
24th April 2016ydmec
 
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkInformation Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkJames W. De Rienzo
 
CCNA Revised Resume
CCNA Revised ResumeCCNA Revised Resume
CCNA Revised ResumeMichael Kerman
 
Hayat Resume-1
Hayat Resume-1Hayat Resume-1
Hayat Resume-1Hayat Azizi
 
ConklinResume2
ConklinResume2ConklinResume2
ConklinResume2Telisha Conklin
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015Debra McElvy
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
Dinesh_Resume
Dinesh_ResumeDinesh_Resume
Dinesh_Resumedinesh kumar
 
Jamison2 Resume
Jamison2 ResumeJamison2 Resume
Jamison2 ResumeLarry Jamison
 
McFarlin 2016
McFarlin 2016McFarlin 2016
McFarlin 2016Maureen McFarlin
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14James Nesbitt
 
MyHeritage backend group - build to scale
MyHeritage backend group - build to scaleMyHeritage backend group - build to scale
MyHeritage backend group - build to scaleRan Levy
 
Astricon 2016 - Scaling ARI and Production
Astricon 2016 - Scaling ARI and ProductionAstricon 2016 - Scaling ARI and Production
Astricon 2016 - Scaling ARI and ProductionDan Jenkins
 

Mais conteúdo relacionado

Mais procurados

Priscilla_Y_Thankudas Resume USAJOBS
Priscilla_Y_Thankudas Resume USAJOBSPriscilla_Y_Thankudas Resume USAJOBS
Priscilla_Y_Thankudas Resume USAJOBSPriscilla Thakurdas
 
My CV-Jan-2016
My CV-Jan-2016My CV-Jan-2016
My CV-Jan-2016Adel Zayed
 
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityNIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityDavid Sweigert
 
Edward E Copeland_Resume
Edward E Copeland_ResumeEdward E Copeland_Resume
Edward E Copeland_ResumeEdward Copeland
 
24th April 2016
24th April 201624th April 2016
24th April 2016ydmec
 
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkInformation Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkJames W. De Rienzo
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015Debra McElvy
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14James Nesbitt
 

Mais procurados (20)

Torben Verdich Resume TS-SCI
Torben Verdich Resume TS-SCITorben Verdich Resume TS-SCI
Torben Verdich Resume TS-SCI
 
Priscilla_Y_Thankudas Resume USAJOBS
Priscilla_Y_Thankudas Resume USAJOBSPriscilla_Y_Thankudas Resume USAJOBS
Priscilla_Y_Thankudas Resume USAJOBS
 
JoeMills
JoeMillsJoeMills
JoeMills
 
Biga_8_9_16
Biga_8_9_16Biga_8_9_16
Biga_8_9_16
 
My CV-Jan-2016
My CV-Jan-2016My CV-Jan-2016
My CV-Jan-2016
 
Nancy conelley.cv
Nancy conelley.cvNancy conelley.cv
Nancy conelley.cv
 
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityNIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
 
Edward E Copeland_Resume
Edward E Copeland_ResumeEdward E Copeland_Resume
Edward E Copeland_Resume
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nist
 
24th April 2016
24th April 201624th April 2016
24th April 2016
 
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkInformation Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual Framework
 
CCNA Revised Resume
CCNA Revised ResumeCCNA Revised Resume
CCNA Revised Resume
 
Hayat Resume-1
Hayat Resume-1Hayat Resume-1
Hayat Resume-1
 
ConklinResume2
ConklinResume2ConklinResume2
ConklinResume2
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
Dinesh_Resume
Dinesh_ResumeDinesh_Resume
Dinesh_Resume
 
Jamison2 Resume
Jamison2 ResumeJamison2 Resume
Jamison2 Resume
 
McFarlin 2016
McFarlin 2016McFarlin 2016
McFarlin 2016
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14
 

Destaque

MyHeritage backend group - build to scale
MyHeritage backend group - build to scaleMyHeritage backend group - build to scale
MyHeritage backend group - build to scaleRan Levy
 
Astricon 2016 - Scaling ARI and Production
Astricon 2016 - Scaling ARI and ProductionAstricon 2016 - Scaling ARI and Production
Astricon 2016 - Scaling ARI and ProductionDan Jenkins
 
Fostering a Culture of Analytics
Fostering a Culture of AnalyticsFostering a Culture of Analytics
Fostering a Culture of AnalyticsAlex Welch
 
Software Architectures, Week 3 - Microservice-based Architectures
Software Architectures, Week 3 - Microservice-based ArchitecturesSoftware Architectures, Week 3 - Microservice-based Architectures
Software Architectures, Week 3 - Microservice-based ArchitecturesAngelos Kapsimanis
 
Chicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveChicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveAWS Chicago
 
#speakgeek - Open Source Software Infrastructure at iconnect360
#speakgeek - Open Source Software Infrastructure at iconnect360#speakgeek - Open Source Software Infrastructure at iconnect360
#speakgeek - Open Source Software Infrastructure at iconnect360Derek Chan
 
Advanced Microservices - Greach 2015
Advanced Microservices - Greach 2015Advanced Microservices - Greach 2015
Advanced Microservices - Greach 2015Steve Pember
 
IM World presentation from Chris Swan: Application centric – how the cloud ha...
IM World presentation from Chris Swan: Application centric – how the cloud ha...IM World presentation from Chris Swan: Application centric – how the cloud ha...
IM World presentation from Chris Swan: Application centric – how the cloud ha...Cohesive Networks
 
Nagios Conference 2014 - Fernando Covatti - Nagios in Power Transmission Util...
Nagios Conference 2014 - Fernando Covatti - Nagios in Power Transmission Util...Nagios Conference 2014 - Fernando Covatti - Nagios in Power Transmission Util...
Nagios Conference 2014 - Fernando Covatti - Nagios in Power Transmission Util...Nagios
 
Streaming architecture with HDP & ELK
Streaming architecture with HDP & ELKStreaming architecture with HDP & ELK
Streaming architecture with HDP & ELKAlain Douangpraseuth
 
Get complete visibility into containers based application environment
Get complete visibility into containers based application environmentGet complete visibility into containers based application environment
Get complete visibility into containers based application environmentAppDynamics
 
Catálogo 15 16 elksport
Catálogo 15 16 elksportCatálogo 15 16 elksport
Catálogo 15 16 elksportElk Sport
 
Apostila De Dispositivos EléTricos
Apostila De Dispositivos EléTricosApostila De Dispositivos EléTricos
Apostila De Dispositivos EléTricoselkbcion
 
Business selectors
Business selectorsBusiness selectors
Business selectorsbenwaine
 
What does "monitoring" mean? (FOSDEM 2017)
What does "monitoring" mean? (FOSDEM 2017)What does "monitoring" mean? (FOSDEM 2017)
What does "monitoring" mean? (FOSDEM 2017)Brian Brazil
 
CloudStack EU user group - Trillian
CloudStack EU user group - TrillianCloudStack EU user group - Trillian
CloudStack EU user group - TrillianShapeBlue
 

Destaque (20)

MyHeritage backend group - build to scale
MyHeritage backend group - build to scaleMyHeritage backend group - build to scale
MyHeritage backend group - build to scale
 
Astricon 2016 - Scaling ARI and Production
Astricon 2016 - Scaling ARI and ProductionAstricon 2016 - Scaling ARI and Production
Astricon 2016 - Scaling ARI and Production
 
Fostering a Culture of Analytics
Fostering a Culture of AnalyticsFostering a Culture of Analytics
Fostering a Culture of Analytics
 
CV
CVCV
CV
 
Software Architectures, Week 3 - Microservice-based Architectures
Software Architectures, Week 3 - Microservice-based ArchitecturesSoftware Architectures, Week 3 - Microservice-based Architectures
Software Architectures, Week 3 - Microservice-based Architectures
 
Chicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveChicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at Cohesive
 
#speakgeek - Open Source Software Infrastructure at iconnect360
#speakgeek - Open Source Software Infrastructure at iconnect360#speakgeek - Open Source Software Infrastructure at iconnect360
#speakgeek - Open Source Software Infrastructure at iconnect360
 
Advanced Microservices - Greach 2015
Advanced Microservices - Greach 2015Advanced Microservices - Greach 2015
Advanced Microservices - Greach 2015
 
IM World presentation from Chris Swan: Application centric – how the cloud ha...
IM World presentation from Chris Swan: Application centric – how the cloud ha...IM World presentation from Chris Swan: Application centric – how the cloud ha...
IM World presentation from Chris Swan: Application centric – how the cloud ha...
 
Nagios Conference 2014 - Fernando Covatti - Nagios in Power Transmission Util...
Nagios Conference 2014 - Fernando Covatti - Nagios in Power Transmission Util...Nagios Conference 2014 - Fernando Covatti - Nagios in Power Transmission Util...
Nagios Conference 2014 - Fernando Covatti - Nagios in Power Transmission Util...
 
Streaming architecture with HDP & ELK
Streaming architecture with HDP & ELKStreaming architecture with HDP & ELK
Streaming architecture with HDP & ELK
 
Kelompok 2
Kelompok 2Kelompok 2
Kelompok 2
 
Get complete visibility into containers based application environment
Get complete visibility into containers based application environmentGet complete visibility into containers based application environment
Get complete visibility into containers based application environment
 
Item analysis
Item analysisItem analysis
Item analysis
 
Catálogo 15 16 elksport
Catálogo 15 16 elksportCatálogo 15 16 elksport
Catálogo 15 16 elksport
 
Apostila De Dispositivos EléTricos
Apostila De Dispositivos EléTricosApostila De Dispositivos EléTricos
Apostila De Dispositivos EléTricos
 
Business selectors
Business selectorsBusiness selectors
Business selectors
 
What does "monitoring" mean? (FOSDEM 2017)
What does "monitoring" mean? (FOSDEM 2017)What does "monitoring" mean? (FOSDEM 2017)
What does "monitoring" mean? (FOSDEM 2017)
 
CloudStack EU user group - Trillian
CloudStack EU user group - TrillianCloudStack EU user group - Trillian
CloudStack EU user group - Trillian
 
Java standards in WCM
Java standards in WCMJava standards in WCM
Java standards in WCM
 

Semelhante a Resume -Resume -continous monitoring

Brian_Starr_Resume
Brian_Starr_ResumeBrian_Starr_Resume
Brian_Starr_ResumeBrian Starr
 
Resume_Michael_Baker_0424016
Resume_Michael_Baker_0424016Resume_Michael_Baker_0424016
Resume_Michael_Baker_0424016Michael Baker
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson
 
Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin Carrow
 
William H Cooke resume 1
William H Cooke resume 1William H Cooke resume 1
William H Cooke resume 1William Cooke
 
Willard_Grayson_201505
Willard_Grayson_201505Willard_Grayson_201505
Willard_Grayson_201505Will Grayson
 
Lancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy Menezes
 
Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Tom Reinheimer
 
Simon Shearer Resume Updated Non WorleyParsons
Simon Shearer Resume Updated Non WorleyParsonsSimon Shearer Resume Updated Non WorleyParsons
Simon Shearer Resume Updated Non WorleyParsonsSimon Shearer
 
Noel_De_Leon_Alvior_CV
Noel_De_Leon_Alvior_CVNoel_De_Leon_Alvior_CV
Noel_De_Leon_Alvior_CVNoel Alvior
 
Byron Jackson Resume - 2016
Byron Jackson Resume - 2016Byron Jackson Resume - 2016
Byron Jackson Resume - 2016Byron Jackson
 
M.Yassen_Sr.System & Network Admin_CV
M.Yassen_Sr.System & Network Admin_CVM.Yassen_Sr.System & Network Admin_CV
M.Yassen_Sr.System & Network Admin_CVMahmoud Yassin
 
O%22Grady Resume V4
O%22Grady Resume V4O%22Grady Resume V4
O%22Grady Resume V4Bob O'Grady
 
IGSS Corporate Briefing
IGSS Corporate BriefingIGSS Corporate Briefing
IGSS Corporate Briefingmrsjennbrown
 

Semelhante a Resume -Resume -continous monitoring (20)

Jenkins_ Carlasha 2016 v1
Jenkins_ Carlasha 2016 v1Jenkins_ Carlasha 2016 v1
Jenkins_ Carlasha 2016 v1
 
Brian_Starr_Resume
Brian_Starr_ResumeBrian_Starr_Resume
Brian_Starr_Resume
 
Hayat resume 1
Hayat resume 1Hayat resume 1
Hayat resume 1
 
Resume_Michael_Baker_0424016
Resume_Michael_Baker_0424016Resume_Michael_Baker_0424016
Resume_Michael_Baker_0424016
 
Resume_Santoro_Aug_2016
Resume_Santoro_Aug_2016Resume_Santoro_Aug_2016
Resume_Santoro_Aug_2016
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016
 
Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015
 
Torben Verdich Condensed TS-SCI
Torben Verdich Condensed TS-SCITorben Verdich Condensed TS-SCI
Torben Verdich Condensed TS-SCI
 
William H Cooke resume 1
William H Cooke resume 1William H Cooke resume 1
William H Cooke resume 1
 
Willard_Grayson_201505
Willard_Grayson_201505Willard_Grayson_201505
Willard_Grayson_201505
 
Lancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy-Curriculum Vitae
Lancy-Curriculum Vitae
 
Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016
 
Simon Shearer Resume Updated Non WorleyParsons
Simon Shearer Resume Updated Non WorleyParsonsSimon Shearer Resume Updated Non WorleyParsons
Simon Shearer Resume Updated Non WorleyParsons
 
Noel_De_Leon_Alvior_CV
Noel_De_Leon_Alvior_CVNoel_De_Leon_Alvior_CV
Noel_De_Leon_Alvior_CV
 
Byron Jackson Resume - 2016
Byron Jackson Resume - 2016Byron Jackson Resume - 2016
Byron Jackson Resume - 2016
 
M.Yassen_Sr.System & Network Admin_CV
M.Yassen_Sr.System & Network Admin_CVM.Yassen_Sr.System & Network Admin_CV
M.Yassen_Sr.System & Network Admin_CV
 
Saravanan_Resume_IBM Updated
Saravanan_Resume_IBM UpdatedSaravanan_Resume_IBM Updated
Saravanan_Resume_IBM Updated
 
O%22Grady Resume V4
O%22Grady Resume V4O%22Grady Resume V4
O%22Grady Resume V4
 
Terrance A. 10.20.15
Terrance A. 10.20.15Terrance A. 10.20.15
Terrance A. 10.20.15
 
IGSS Corporate Briefing
IGSS Corporate BriefingIGSS Corporate Briefing
IGSS Corporate Briefing
 

Resume -Resume -continous monitoring

  • 1. John A Kenny 10200 DaylilyCt, Manassas, VA 20110| (H) 703-330-3983| (C) 703-403-0503| kennyja@gmail.com Professional Summary My experience in the electronic/computer industry spans more than twenty years in both secure and non-secure situations to include the EOP Whitehouse complex. I have a strong background in customer service oriented environments, requiring a judicious mixture of creativity, administrative, and managerial skills. I have in served many positions during the course of my career to include team member, team lead management roles. I am known for my ability to deal effectively in high stress,time sensitive areas,and am eager to apply this knowledge and skills. I am a highly motivated individual with an exceptional track record for handling diverse and special projects. Both on-the-job and at home, I have developed an thorough understanding of enterprise security and layered security architectures. I am intimately familiar with NIST, DOD DITSCAP/DIACAP,CNS1253, ITIL security standards ,In prior work experiences I have been a key participant in the design, installation and service of Microsoft NT, NOVELL NetWare,Ethernet,Token Ring and other Local Area Networks,as well as various modem communications systems. I have also been involved with the implementation of network and computer security items such as SIEM tools, PKI,TACACS,Radius and other Single Sign-on solutions. Skills Certifications: CISSP,CFCP,MCSE, Novell CNE McAfee EPO training Spector 360 training Nessus Security Center training Tripwire training Splunk training Apache Solr (ELK stack) PKI and Single Sign-on Solutions Remote access technology Excellent diagnostic skills NIST, DOD DITSCAP/DIACAP,CNS1253, ITIL Clearances: DOD Top Secret NACI with Presidential Access DoS Top Secret Education Bachelor of Science: Information Systems Security American Public University Work History Senior Cyber Information Assurance Analyst June 2007 - Current Northrop Grumman (Multiple NGC Customers) (DHS)-current Implemented an information security continuous monitoring (ISCM) platform using Splunk and Solr (ELK) analytics tools to create security reports for DHS classified HSDN network. Integrated new data source inputs into Splunk including data feeds from Remedy, Tripwire, MS Exchange, Spectre360, Tenable, BigFix, Active Directory, and Cisco SourceFire. Created Splunk dashboards and correlated report outputs across multiple data feeds. Created metrics and reports to use different data source inputs to validate each other increase integrity level of management level security reporting. Configured Splunk to meet Whitehouse mandated ICS 500-27 Insider Threat monitoring requirements. AirForce(AOC)-9/2014-8/2015 Documented and streamlined all C&A Security processes at AOC,and created a decision based flowchart to diagram them. This action directly resulted in over a million dollar cost savings and 35% reduction in man hours to the program with regard to applying STIG settings to environment. Created a process to track, triage and prioritize security findings within the AOC WS system. Instrumental in developing and maintaining metrics used for progress reporting to management. Key contributor to the selection of software that provided a database solution to storing, analyzing and reporting vulnerability data and was the only technician experienced in installing, configuring and
  • 2. maintaining the software after purchase. Participated in the conversion of the Information Assurance data from the old manual process to the new database. NATO-6/2014-9/2014 Operated an information security continuous monitoring (ISCM) platform using Northrop custom written analytics tool NCCCS to provide near real time statistics and reporting on the NATO CIS networks at SHAPE HQ Mons Belgium. Reconfigured NCCCS software to use Active Directory authentication. Integrated new data source inputs into NCCCS and created NCCCS dashboards and created correlated report outputs across multiple data feeds. Created metrics to and reports to use different data source inputs to validate each other increase integrity level of management level security reporting. BEP-9/2014-11/2012- Served as a supervisor and Subject Matter Expert for Information Assurance Engineers on the Bureau of Engraving and Printing project. Coordinates with Systems Developers, Administrators, and Program, and Project Managers to compile and document all required FISMA C&A documents required for system authorization (ATO). Provides security expertise on customized BEP business systems, to include customized printing and manufacturing systems and associated SCADA devices. Provides security related subject matter input to System Administrators to correct or mitigate vulnerability findings. Provides SME guidance and advice on UNIXand Windows hosts in order to improve security posture. Implemented company policies, technical procedures and standards for preserving the integrity and security of data, reports and access. Architected, designed and implemented CAESARS based Security Continuous Monitoring solution in order to meet NIST FISMA requirements. Recommended network security standards to management. Implemented the ComplyVision, automated C&A tool for the BEP. The ComplyVision tool is a core element of the BEP Continuous Monitoring solution mandated by OMB. Configured security application platforms such as QRadar,SolarWinds, Nessus,Micrsoft SCCM to feed data into ComplyVison in order to create security dashboard, and holistic security reporting foundation to support migration from client-server product lines to enterprise architectures and services and Continuous Monitoring. Managed severalprojects from concept to completion while managing outside vendors. Developed work-flow charts and diagrams to ensure production team compliance with client security deadlines. Supervised and provided direction for six technical direct reports regarding network activities. Dept ofState(Consular Affairs) 2009 - Nov 2012 Served as a supervisor for Information Assurance Engineers on the Dept of State Bureau of Consular Affairs project. Coordinated with Systems Developers, Administrators, and Program, and Project Managers to compile and document all required FISMA C&A documents required for system authorization (ATO). Provided security expertise on customized CA business systems, to include customized systems associated with productions and maintenance of passport and VISA information. Provided security related subject matter input to System Administrators to correct or mitigate vulnerability findings. Provided SME guidance and advice on UNIXand Windows hosts in order to improve security posture. Implemented company policies, technical procedures and standards for preserving the integrity and security of data, reports and access. Recommended network security standards to management. Implemented the ComplyVision, automated C&A tool for Consular Affairs Bureau. The ComplyVision tool is a core element of the Consular Affairs Continuous Monitoring solution mandated by OMB. Configured security application platforms such as IPost,SolarWinds, Nessus,Micrsoft SCCM to feed data into ComplyVison in order to create security dashboard, and holistic security reporting foundation.to foundation to support migration from client-server product lines to enterprise architectures and services. Managed severalprojects from concept to completion while managing outside vendors. Developed work-flow charts and diagrams to ensure production team compliance with client security deadlines. Supervised and provided direction for six technical direct reports regarding network activities. VITA 2008 - Jan 2009 Performed initial C&A activities including security related deliverable documents for Virginia Information Technologies Agency (VITA) Enterprise Security Operations Center (ESOC). These duties included the creation of System Security Plan (SSP), Plan of Action and Milestones (POA&Ms),Process and Procedure documents. Assisted VITA in implementing industry best practices such as SANS, ITIL, and vendor guidance, as well as federalstandards such as NIST in the newly formed Virginia Enterprise IT Infrastructure. Assisted with the the Mcafee ePolicy Orchestrator project, and wrote the process guides and operation procedure documents, and assisted with the installation and configuration of Mcafee EPO at VITA. TechnicalLead for a Security Dashboard project to provide situational security awareness for VITA Security Directorate and enterprise-level agencies. FEMA Nov 2007 - Apr 2008 Assisted in the security assessment and FISMA compliance of multiple systems at the FEMA Mt Weather facility. Created security related C&A documents using the requirements specified in the National Institute of Standards and Technology (NIST) guidelines and FEMA / DHS Policies and Procedures. Assisted with an effort to update and standardize SSP information using an automated security tool (RSA). Established and documented a baseline of security controls shared by all elements of FEMA. Dept ofState (Diplomatic Security) Jun 2007 - Nov 2007 Assisted in the security assessment and compliance of the Messaging Center Officers (MSO) portion of the Department of State (DoS) OpenNet Plus and DoS classified network (ClassNet).These duties included the creation of General Support Systems (GSS) documents, System Security Plan (SSP), Plan of Action and Milestones (POA&Ms),Compliance and Vulnerability Scan Reports, and Certification and Accreditation Recommendations for the (DoS) using the requirements specified in
  • 3. the NIST Special Publications DoS Policies and Procedures Foreign Affairs Manual (FAM). Assisted with an effort to update and combine severalsystem SSPs into one OpenNet GSS SSP. Information Assurance Engineer/AnalystAug 2005 - Jun 2007 SAIC Falls Church, VA Served as a member of the System Security Engineering team to provide life-cycle information assurance (IA) engineering support for DOD's C2 system GCCS-J. Aided the customer in applying IT and security engineering expertise into the software development phase of the project, rather than at the C&A phase. This effort gave the developers a chance to recognize and correct security flaws before seeking a certification. Assisted customer with security guidance, including the Common Criteria, DITSCAP,as well as DOD and NSA technical configuration guides. Helped integrate security practices into the early stages of the Systems Design Lifecycle (SDLC) process. Developed security test plans and assisted in the integration of security testing software to evaluate system assets. Senior Security Analyst Feb 2005 - Aug 2005 Aquent Reston, VA Performed Certification and Accreditation activities (C&A) for multiple VHA hospitals to include both generic (type) and site accreditations in accordance with the (NIST), (HIPPA),and (SOX) standards along with VHA policy and procedures. Wrote critical project security documents at both the site level, as well as the enterprise level. Provided mentoring and guidance to junior INFOSEC personnel to relay knowledge of INFOSEC, LAN,WAN, and operating system security principles, as well as lessons learned during site surveys. Provided security and OS hardening expertise to VHA personnel. Senior Security Engineer Oct 2002 - Feb 2005 Northrop Grumman (Multiple Customers) DHS(HSDN) July2004-Feb2005 Served as Senior Security Engineer for multiple DHS clients while on the HSDN (Homeland Security Data Network) project. THis effort included both generic (type) and site accreditations in accordance with the DoD Information Technology Security Certification and Accreditation Process (DITSCAP). Deliverable documents included SSAs (Site Specific Addendums), RRAs (Residual Risk Assessments),STEs (Site Technical Evaluations) and CTE (Compliance Test Evaluation) for the Datacenter,NOC and SOC environment. Provided mentoring and guidance to junior INFOSEC personnel to relay knowledge of INFOSEC,LAN, WAN,and operating system security principles, as well as lessons learned during site surveys. Assisted in the development of security policies, plans and architecture, and provided expertise and knowledge of DCID 6/3 as well as practical experience with Intelligence Community (IC) customers. Dept ofState(Diplomatic Security)May 2003 - July 2004 Served as a Senior Security Engineer while tasked to the Department of State (DoS) Diplomatic Security Services Bureau (DSS). Provided security engineering and integration services to customers at foreign embassies worldwide in a team lead capacity. Instrumental to the department in meeting FISMA, and HIPA certification at the embassies. Resolved security issues including architectures,electronic data traffic, and network access. Coordinated with vendors in the design and evaluation of secure operating systems, network tools, and database products. Used Encase forensic tools, and other tools to gather information for the enforcement of computer policy violations. Performed penetration and vulnerability analysis and information technology security research. Configured and maintained the customer's operational and lab equipment in compliance with established DoS security standards. Reviewed customer's audit checklists and processes for relevance and applicability. Served on review boards and panels to ensure procedures and equipment met the evolving federal government security requirements. Prepared formalsecurity reports for submission to government CIO. PSRCP Oct 2002 - May 2003 Served as System Administrator supporting the PSRCP Network Management Component (NMC) development effort. Responsibilities included the daily monitoring, performance and maintenance of the NMC release systems under a strict configuration control environment. Responsible for systems backup and recovery, security, installation and upgrade, disaster recovery,vendor coordination and project personnel support. Designed and implemented a Veritas Netbackup Data recovery system to incorporate 25 Unix servers with a SAN attached robotic tape library. Wrote extensive scripts and utilities for this backup and recovery system to enhance the performance, and security of the system.Troubleshot all maintenance problems and recommended courses of action. Enterprise Network Implementation Engineer Jan 2002 - Oct 2002 Wheeler Network Design Washington, DC
  • 4. Functioned as Technical Team Lead for group of technicians on the OpenNet Plus Enterprise Network implementation project. Traveled to foreign and domestic embassies to perform security C&A and remediation tasks in preparation to migrate to the new enterprise infrastructure. Oversaw and coordinated planning efforts of Embassies and Consulate offices overseas and domestic posts. Resolved team issues as well as post issues during visits. Ensured that all systems at posts visited conformed with security settings policy issued by DS Security Configuration Guidelines. Submission of daily status reports to project management in Washington DC along with status reports to post management. Provided documentation on problems found, resolutions applied, and recommendations for the future health of the network. Provided operational guidance for current and proposed projects. Acted as a SME in initial pilot for the migration to Win 2K from NT 4.0 to include design of Active Directory, GPO, and Win 2K Security. Defense Messaging System (DMS) Lead Product Tester Apr 2000 - Jan 2002 Geologics Manassas, VA Worked onsite at Lockheed Martin on the Defense Messaging System project. DMS is a suite of products integrated by Lockheed Martin, to provide secure E-mail and directory services for the Department of Defense. Served as lead tester for Microsoft products within the DMS suite. Worked with Microsoft Exchange 5.5, Exchange 2000, and Outlook to ensure secure encrypted E-mail message flow between Microsoft and Lotus Domino servers. Troubleshot X.400 message flow between Microsoft Exchange, and Lotus Domino servers,as well as X.500 directory services. Instrumental in troubleshooting Fortezza and PKI certificate problems within the DMS system in the lab environment. Worked with severalDMS specialty products, including MFI Multifunction Gateway, MLA X.500 mail list agent, MWS management station, and PUA Profile User Agent. Network Manager Feb 1998 - Apr 2000 Logicon Syscon, Inc Functioned as Helpdesk manager/Network manager on a project for DOJ. Project included the integration and migration of an existing predominately UNIXsystems to a true enterprise network using Microsoft Windows NT as the NOS platform. Responsibilities included managing resources in order to maintain proper phone coverage at the call center. Acted as buffer between level 1 support group and the level 2 and 3 support groups. Responsible for scheduling all down time for network and server outages, to include backups, and downtime needed for upgrades. Performed regular security compliance tests of servers,and integrity checks of backup tapes Implemented Microsoft SMS and SMS remote control tools at helpdesk, which resulted in a 25% reduction in call resolution time. Senior Network Engineer Jun 1996 - Feb 1998 Raytheon Systems Lexington Park, MD Functioned as a LAN Network Engineer for Hughes Aircraft,which later became Raytheon Systems. Responsible for maintaining a 17 server LAN network which included a mix of Novell 3.x, 4.x, Windows NT,and SUN UNIX platforms. Responsible for maintaining and troubleshooting all core LAN/WAN network equipment including Wellfleet router, severalCisco routers and 3Com Ethernet switches. Implemented a NetWare Multiprotocol Router, to perform TCP/IP tunneling to provide connectivity to remote servers across the Internet. Functioned as lead engineer on a project to convert 16MB Token Ring LAN environment to a switched Ethernet platform. This effort included the design implementation of LAN/WAN assets to facilitate the migration project. Planned and implemented migration from cc:Mail to Exchange 5.5. Implemented and configured DHCP and WINS on newly migrated network Designed and implemented a network wide backup scheme. Network Engineer Jan 1996 - Jun 1996 GE Capitol Fairfax, VA Served as a Network Administrator while contracted to the National Rifle Association as lead engineer/ administrator, to provide network and help desk support for an 18 server Novell PC/LAN. Responsible for general PC support and help desk support. Implemented TCP/IP protocol at workstations and configured DNS server. Responsible for administering cc:Mail E-mail system as well as ensure connectivity to the NRA's IBM mainframe and IBM AS400 via a Netware SAA Gateway.
  • 5. Network Administrator Dec 1994 - Jan 1996 I-Net (Multiple Customers) Dept ofJustice Mar 1995 - Jan 1996Network Administrator at the Department of Justice, Antitrust Division for the management of a 37 server Novell PC/LAN. Responsible for administering the PC/LAN network,GroupWise E-mail system, and Soft Solutions Document Management system. Assisted with revision of security policies with regards to Soft Solutions security settings, and GroupWise shared mailboxes, as well as mailbox proxy rights. Served as an escalation point, providing second level support to the Help Desk analysts. Daily duties included monitoring GroupWise message servers as well as a X.400 link used to communicate with other Department of Justice agencies. Setup and administered 3 optical disk library servers so that users could access WORM disks via the network Provided tier 2 and 3 support for the service center. DoD OUSD-PR Dec 1994 - Mar 1995 Functioned as the LAN / hardware technician on a contract with the Department of Defense at the Pentagon. Duties included repair and installation of all PersonalComputer and LAN hardware within the Office of the Under Secretary of Defense Personneland Readiness (OUSD-PR) group. Diagnosed complex network problems on the OUSD-PR LAN,which consisted of 12 Windows NT servers,as well as a Microsoft Mail E-mail server in three different buildings. Assisted in the administration of the network and E-Mail services,and provided support at the (OUSD-PR) help desk. Worked with junior members of the network team to aid in diagnosing of network problems as well as offered suggestions as to how network performance. Computer Equipment Specialist Feb 1991 - Dec 1994 PRC Inc Network technician in the PersonalComputer Support Group at the Executive Office of the President (EOP) and White House Complex. Lead technician in troubleshooting and maintaining Novell, Ethernet and IBM Token-Ring LAN networks as well as networked mainframe and fax connections. Performed regular reviews of security, and other audit logs on networked fax server to look for suspicious user activity, and system related problems, and prepared routine reports on same. Responsible for software installation and implementation in a variety of configurations. Recommended standards for workstations and server configurations as well as assisted in the testing and evaluation of hardware and software for integration into the EOP LAN / WAN environment. Assisted in the design and installation of a remote login system for home use. Performed administrative duties on the White House Novell LAN network which consisted of 4 domains and 36 NetWare servers. Computer Equipment Specialist Apr 1989 - Feb 1991 EDS Inc Lead technician in installing and troubleshooting cabling systems for Novell, Ethernet and IBM Token-Ring LAN networks as well as networked mainframe and fax connections. Responsible for software installation and implementation in a variety of configurations. Recommended standards for workstations and server configurations as well as assisted in the testing and evaluation of hardware and software for integration into the Pentagon LAN / WAN environment. Implemented a training program to teach other technicians how to terminate, splice, and certify fiber optic cables. Computer Equipment Specialist Jan 1988 - Apr 1989 Federal Bureau ofPrisons Washington,DC Served as a Lead Technician while at Federal Bureau of Prisons (BOP). Responsibilities included troubleshooting and maintaining all desktop equipment at the Bureau of Prisons headquarters building. Acted as Systems Administrator for Bureau of Prisons electronic BBS system. BOP BBS system was a Mustang/DOORS dialup electronic bulletin board used to transmit prison population information, as well as other vital communications between prison facilities. Responsible for management, operation and maintenance of servers,as well as account management, and folder permissions, also monitored chat room logs for suspicious activity, and possible BOP information being posted in public forums. Front Desk Manager Aug 1986 - Jan 1988 Sheraton Hotels Arlington, VA Night Front Desk Manager at Sheraton Hotel in Arlington VA. Supervised other desk clerks on night shift, and performed
  • 6. night auditing duties, and reviewed desk clerk console transactions reports on an as needed basis. Responsible for check- in and checkout of guests, and resolving problems related to guest, and other convention related issues. This was a full time night shift position that was concurrent with daytime school activities at Computer Learning Center.