Cybersecurity

SUMMARY

• IT/Cybersecurity/Business specialist with 18 years of diverse, progressive experience in the financial services, health insurance, space, and defense sectors.
• A proven leader who is flexible, possesses the ability to work under tight deadlines, the ability to handle multiple tasks through prioritization and time management skills, excellent oral and written communicator, with exceptional collaboration and organizational management skills.
• Proven ability to elicit, analyze and document business system requirements and successfully implement infrastructure and technology improvements in close collaboration with stakeholders.
• Highly proficient with NIST, FIPS, RMF, Common Criteria, OWASP, FISMA, DoD, DISA, Army, SOX, SEC, FINRA, HIPAA and Patriot Act compliance, Business Continuity / Disaster Recovery Planning and technology project management.
• Demonstrated ability to apply exceptional creative, analytical, troubleshooting and problem-solving skills.
• Active U.S. TS/SCI clearance

TECHNICAL SKILLS / CERTIFICATIONS

• Certified Information Systems Security Professional (CISSP) designation – achieved in 2015.
• CompTIA Advanced Security Practitioner (CASP) designation – achieved in 2013.
• Certified Ethical Hacker (C|EH v7) designation - achieved in 2012.
• CompTIA Security+ designation – achieved in 2013.
• Highly proficient with Security Center (ACAS), Nessus, Qualys, Nexpose, and NMAP Scanning Tools.
• Highly proficient with McAfee Host Based Security System (HBSS) as a Global Administrator.
• Highly proficient in multiple advanced Penetration Testing skill sets.
• Solid understanding of an IS multi-platform environment (UNIX, Windows, and Linux) operational/security considerations.
• Proven track record of vulnerability mitigation in a large enterprise computing environment.
• Solid knowledge of regulatory compliance, corporate security, network policies & procedures; developing information security processes that improve effectiveness, efficiency, and controls.
• Expert knowledge of application design and architecture. 
• Inspecting network traffic to identify security vulnerabilities in network-connected systems, monitoring, and detection and ensure protection of High Risk / Classified Information.
• Security event aggregation, correlation, analysis and reporting. Aggregates security event log data from infrastructure resources. Analyzes data, which may be used for incident response planning, risk assessment, computer forensic investigation, etc.

EXPERIENCE

DCI Solutions

Director of Cybersecurity / Program Manager 03/2020 – Present

Primary responsibilities include:

• Direct technical cybersecurity and system engineering aspects of a project for a prime customer on a DoD contract
• Formulate, direct, and implement the cybersecurity policy for the DCI Solutions corporate infrastructure.
• Direct the overall cybersecurity posture of all DCI systems.
• Provide Subject Matter Expertise support for all DCI programs.
• Creation and implementation of the DCI CMMC internal project and Line of Business (LoB).
• Identify, interview, and hire teams of multiple employees from multidisciplinary technical engineering and cybersecurity backgrounds to fulfill customer obligations.
• Conduct management of DCI personnel and assets from the cost, schedule and performance metrics perspective for a large DoD contract.
• Conduct day-to-day technical management of system engineering and cybersecurity personnel and activities.
• Design, review, approve, and guide implementation of system architecture and engineering activities.
• Successfully formulated, led, and delivered an RMF Body of Evidence on TS//SCI systems within schedule.

United States Army

NH-2210-04 (GS-14) – Cybersecurity Lead / ISSM-O 10/2018 – 02/2020

Primary responsibilities include:

• Formulates, directs, and leads all cybersecurity activities for Project Manager Positioning, Navigation, and Timing (PM PNT), currently a $1.6 Billion overall Defense Acquisition Portfolio of products.
• Management for a team of cybersecurity professionals.
• Actively participates in a multitude of high-level teams across DoD and Army to ensure the furtherance of effective, agile and adaptive cybersecurity within the US Government.
• Represents PM PNT in all Space-related PNT affairs (DoD-wide).
• Responsible for overall Cyber Risk Management for PM PNT.
• Serve as cybersecurity SME for PNT devices and technologies to include novel / alternative PNT (signals of opportunity).

Booz | Allen | Hamilton

Lead Engineer / Sr. Cybersecurity SME 8/2017 – 10/2018

Primary responsibilities include:

• Supporting Project Manager Mission Command (PM MC) Technical Management Division (TMD) Cybersecurity team on client site.
• Provide SME services to PM MC for all new development projects in the Tactical Mission Command (TMC) space for the Command Post Computing Environment (CPCE) V3.
• Design and promulgate security architectures for all the Command Post Computing Environment (CPCE) V3.
• Champion and lead cybersecurity efforts across PM Mission Command.

Telesis, Inc.

Computer Forensic Intrusion Analyst 11/2014 – 8/2017

Primary responsibilities include:

• Manage a team of 25+ cybersecurity analysts and engineers.
• Architect, formulate, direct, document and implement the technical Information Security for a US Department of Defense contract in direct support of the warfighter.
• Development of Vulnerability, Compliance and Patch Management Tactics, Techniques and Procedures that ensures all hardware/software is accounted, monitored, and current on mandated security standards - instituting a routine vulnerability assessment methodology that includes network, configuration, and application testing.
• Design, implementation, maintenance and data analysis / monitoring of SIEM and IDS appliances distributed throughout the network.
• Design, implementation, maintenance and data analysis / monitoring of Host-Based Security Systems distributed throughout the network.
• Design, implementation and maintenance of a Commercial Off the Shelf Vulnerability Assessment tool in the network.
• Ensure that the Information Security of the project remains aligned with all DoD, DISA, Army and NIST publications and regulations.
• Investigation, remediation and reporting on security threats, violations, and other security incidents; lead post event reviews of security incidents and actions not in compliance with policies and procedures.
• Implementation of security metrics covering incidents, risk management, compliance, availability, data integrity and service.
• Architecting and executing technical projects related to the following technologies: IDS/IPS, firewalls, SIEM, log management, vulnerability management, configuration management, Two-Factor authentication, Anti-virus, Remote Access and File Activity Monitoring.
• Prepare and execute briefings to management on all Information Security items for the operational component of the project.
• Ensure the Confidentiality, Integrity and Availability of the data that traverses the project’s operational and test networks.
• Subject Matter Expert (SME) on the following products: HBSS (McAfee), ACAS (Tenable), McAfee ESM / IPS, DoD RMF and eMASS.

Telesis, Inc.

Senior Security Engineer 9/2014 – 11/2014

Mitchell Consulting Services Group, Inc.

Security Engineer 11/2012 – 9/2014

Primary responsibilities include:

• Create, staff, and manage a team of 20+ cybersecurity analysts and engineers.
• Formulates, directs, documents and implements the technical Information Security for a US Department of Defense contract in direct support of the warfighter.
• Development of Vulnerability, Compliance and Patch Management Tactics, Techniques and Procedures that ensures all hardware/software is accounted, monitored, and current on mandated security standards - instituting a routine vulnerability assessment methodology that includes network, configuration, and application testing.
• Design, implementation, maintenance and data analysis / monitoring of SIEM and IDS appliances distributed throughout the network.
• Design, implementation, maintenance and data analysis / monitoring of Host-Based Security Systems distributed throughout the network.
• Design, implementation and maintenance of a Commercial Off the Shelf Vulnerability Assessment tool in the network.
• Ensure that the Information Security of the project remains aligned with all DoD, DISA, Army and NIST publications and regulations.
• Investigation, remediation and reporting on security threats, violations, and other security incidents; lead post event reviews of security incidents and actions not in compliance with policies and procedures.
• Implementation of security metrics covering incidents, risk management, compliance, availability, data integrity and service.
• Executing technical tasks related to the following technologies: IDS/IPS, firewalls, SIEM, log management, vulnerability management, configuration management, Two-Factor authentication, Anti-virus, and File Activity Monitoring.
• Prepare and execute briefings to management on all Information Security items for the operational component of the project.
• Ensure the Confidentiality, Integrity and Availability of the data that traverses the project’s operational and test networks.

Kelly & Associates Insurance Group, Inc.

Security Engineer 3/2012 – 11/2012

• Directs the technical Information Security of a private health insurance Third-Party Administrator within the framework of HIPAA Regulations and Federal / State Laws.
• Development of the corporate Vulnerability and Patch Management Processes that ensures all hardware/software is accounted, monitored, and current on designated security standards, instituting a routine vulnerability assessment methodology that includes network, configuration, and application testing.
• Partnering with the corporate compliance committee to ensure the scope and span of accountability for information security remains aligned with the overall corporate risk management framework and HIPAA.
• Development, implementation, and maintenance of company-wide information security policies, program standards, processes and guidelines, while instituting awareness programs that are simple and relatable.
• Execution of periodic information security risk assessments and leads annual Corporate Vulnerability Assessments via the engagement and management of a third-party firm.
• Investigation, remediation and reporting on security threats, violations, and other security incidents; lead post event reviews of security incidents and actions not in compliance with policies and procedures.
• Identification of opportunities to deploy security technologies and processes to enhance Corporate-wide operations and competitive market positioning.
• Implementation of security metrics covering incidents, risk management, compliance, availability, data integrity and service.
• Exploit opportunities as the primary technical resource responsible for implementing security monitoring technologies.
• Executing technical tasks related to the following technologies: IDS/IPS, firewalls, SIEM, log management, vulnerability management, configuration management, Two-Factor authentication, Anti-virus, and File Activity Monitoring.

IT Customer Support - Tier II 01/2011 – 3/2012

• Daily IT support for 450+ users in an enterprise-distributed computing environment.
• Direct the timely resolution of issues arising within proprietary web and enterprise-distributed desktop applications.
• Create, distribute and maintain business intelligence reporting, utilizing SQL.
• Interact with senior management, stakeholders and team members to quantify and prioritize requests for changes in applications.
• Designed and implemented metrics for evaluating pain points within the software support space.
• Evaluate, document, compose and publish user-friendly process and procedure documentation.
• Create, implement and maintain SharePoint sites for user documentation and release notes communication.

Founders Financial Securities LLC

Member Services Representative 4/2006 – 11/2010

• Responsible for tactical information technology planning and infrastructure deployments across enterprises.
• Demonstrated success in partnering with business users to document requirements for all technology initiatives.
• Served as Lead Business Analyst and Project Manager on many initiatives, including the design of a proprietary ticketing support system to manage communication between operations and the financial advisors.
• Designed and maintained the Business Continuity / Disaster Recovery Plan for the enterprise.
• Performed data aggregation and analysis to produce metrics reporting to senior management, leading to efficiency gains and increased customer satisfaction.
• Consistently assumed new and increased responsibilities within the firm across both the business and technology segments, leading to productivity gains over the span of tenure.

J.P. Morgan Chase

Operations Senior Specialist on Fixed Income Trading Desk 3/2004 - 4/2006

• Investigated, responded to and resolved concerns as the primary contact for all compliance issues, including SOX, Fed White Paper and US Patriot Act.
• Served as product specialist and primary point of escalation of issues in daily business processes.
• Created and implemented many new control procedures, reducing corporate risk and improving compliance-related business processes and service.
• Promoted as Operations Team Leader with supervisory responsibilities, based on demonstrated individual performance and trading systems expertise.

EDUCATION

Bachelor of Science, Cybersecurity Management and Policy. University of Maryland, University College – College Park, Maryland