• Acting ISSM December 2020 – May 2021• Maintained and completed Plan of Action & Milestones (POA&M) document per monthly Continuous Monitoring requirements which included vulnerability, STIG, and inspection findings for tracking and remediation• Assured Compliance Assessment Solution (ACAS) administrator for classified environment• Maintained security disposition of Top Secret (TS) room enclaves including backups, auditing, and new/old system deployment/disposition• Responsible for mainting security disposition of Secret Standalone Systems which included weekly auditing, logging, hardening, investigating, and reporting suspicious activity• Back up Host Based Security System (HBSS) administrator for classified environment• Back up Splunk administrator for classified environment• Developed Vulnerability Management program, Classified System Deployment program, and Incident Response Plan (IRP) • Responsible for running annual table top exercises for Disaster Recovery Program, IRP and Change Control Board (CCB) processes• Main trainer for new security employees for processes and procedures and to help new security members operate securely while executing duties in classified environments• Interfacing, communicating, and briefing executive level leadership on a weekly basis

-Security Consultant working on FedRAMP cloud service authorization for the US Government for multiple commercial customers- Creating SSPs (System Security Plan), Contingency Plans, Incident Response Plans, Plan of Actions and Milestones (POA&M), and all other documentation necessary to receive FedRAMP authorization from US Government- Advising on scan tools, implementation, use, and continuous monitoring activities related to such products like Nessus, Splunk, BurpSuite, and other scan utilities to meet FedRAMP authorization standards & RMF (Risk Management Framework)- Assessing and auditing the security posture of several commercial customers for initial or continual FedRAMP authorization against all NIST 800-53 Rev. 4 control families- Interfacing, communicating, and briefing executive level leadership on a weekly basis

- Responsible for weekly audit logs across multiple programs and operating systems (Windows & Linux) in order to support POA&M and RMF activities- Configuring and hardening systems to a baseline before implementing them into classified environments with the assistance of Security Content Automation Protocol (SCAP) scans- Giving security and operation briefings and ensuring users have the training/awareness necessary to do their jobs without incident- In charge of inspecting contractor/visitor assets such laptops, tablets, and other PEDs (Personal Electronic Devices) for digital threats before entering classified facility- Accountable for proper classified marking, storage, and documentation of assets- Responsible for the proper disposition of classified assets in order to mitigate data spillage after the completion of their life cycle

- Responsible for maintaining security operations for classified laboratory- Configuring and hardening cyberlab computers for active tests for vulnerabilities in computer systems with tools like Nessus- Planning and executing new areas of operations for new lab activities- Configuring and hardening Redhat Linux machines, Windows machines, & interfacing with users daily- Utilization of VMware & establishing virtual environments for users

- Working with Project Managers on a daily basis from common break/fixes to organizing cross site moves and developing new areas of classified operations in secure manner.- Developed security training processes for new hires focusing on working in classified environments- Working with software like Nessus, Splunk, and Snort for intrusion detection and network hardening- Configuring and hardening systems to a baseline before implementing them into classified environments with the assistance of Security Content Automation Protocol (SCAP) scans.- Back up Information Assurance Officer (IAO)- Audit logging across multiple caveats and networks- Responsible for the proper disposition of classified assets in order to mitigate data spillage after the completion of their life cycle