Senior Security Controls Assessor (SCA) for a Federal government client. Performs assessment of security controls against six enterprise service systems and applications against Committee on National Security Systems Instruction (CNSSI) Number 1253, Security Categorization and Control Selection for National Security Systems, and NIST Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations. Prepares risk recommendations in Security Assessment Reports (SARs) based on results of interviews and demonstration on implementation of security controls with risk recommendation for the client Authorization Official (AO).

Leads team of information assurance analysts at the Office of Naval Research (ONR).Responsible for developing and executing effective initiatives for information assurance and management options to oversee ONR enterprise and AWS hybrid cloud enclaves.Leads risk management tasks including internal security controls assessment to attain and maintain Authorization to Operate (ATO) of ONR enclaves and business applications.Ensures the IA and Cybersecurity requirements for ONR systems are integrated into the system development lifecycle and are applied through the Risk Management Framework (RMF) lifecycle.Monitors and reports Command compliance with the Federal Information Security Management Act (FISMA), which includes providing Cybersecurity Awareness training, maintaining annual security plan, testing contingency plans, and performing annual security reviews, Privacy Impact Assessment (PIAs) and gaining and maintaining ATOs.

Security controls assessor (SCA) for the Defense Advanced Research Projects Agency (DARPA) Strategic Technology Office (STO).Responsible for the assessment of 25 performer and partner Wide Area Networks (WANs), Local Area Networks (LANs), and stand alone systems at classified Special Access Program (SAP) against Joint Special Access Program (SAP) Implementation Guide (JSIG) for SAP systems and DoDI 8510.01, “Risk Management Framework for DoD Information Technology.”Provides risk recommendations of performer systems for Authorization to Operated (ATO) decisions for the DARPA Senior Authorization Official (SAO) and STO Program Security Officer (PSO). Evaluation of risk includes briefing the SAO and PSO with consideration of Department of Defense SAP, JSIG, and DARPA policies and mandates with consideration of mission success and risk appetite.Prior to internal promotion to STO SCA, served as lead DARPA SCA for classified enterprise information systems and networks.Responsibilities included oversight evaluation and continuous monitoring of secure configuration and compliance for the DARPA Authorization Official and Chief Information Security Officer (CISO) on the SAVANNAH SAP, ASCEND SAP, DARPA cyber range enterprise SAP network, DARPA Secret Network (DSN), and DARPA Secret Wide Area Network (DSWAN).Managed database reporting for a DARPA inventory of approximately 150 performer SAP systems for reporting to the DARPA AO. Tracks security control issues on performer SAP systems for failed compliance and current ATO status.Provided Subject Matter Expert (SME) representation and ad hoc risk analyses for the AO and CISO through participation in DARPA Information Technology Directorate (ITD) operations and security status meetings.

Performs security control assessment at the Defense Advanced Research Projects Agency (DARPA) ranging in scope and scale from large agency enterprise networks to specialized SAP systems.

Served as the security engineer on the Army Intelligence Campaign Initiatives Group (AICIG) project to build, operate, and maintain the Analytic Assessment Tool (A2T) application for the Department of the Army, Office of the Deputy Chief of Staff (ODCS) G-2 (Military Intelligence).Primary role involved evaluation of the security risk and compliance for the A2T application version currently in development through the Risk Management Framework (RMF) process. A2T is a multi-tier web application, business logic, data store, and report generation tool designed with RESTful architecture and a MongoDB database hosted on a Red Hat Enterprise Linux operating system.Functioned as the information security officer (ISO) and expert for assessing current application controls in compliance with DoDI 8500.01, "Cybersecurity," and DoDI 8510.01, "Risk Management Framework for DoD Information Technology." Categorized information sensitivity and selects, provides guidance for implementation, and assesses effective implementation for validation by the Army NETCOM Security Control Assessment Validator (SCA-V) and G2 Authorization recommendation.Served as liaison for AICIG to the Army INSCOM infrastructure hosting and G2 client organization through which he obtains support for inheritance and implementation of required security controls.Collaborates with the AICIG software development, quality assurance, and system administration teams in identifying vulnerabilities and directing mitigation actions to build and maintain the A2T system within security requirements.Managed A2T's integration in the Enterprise Mission Assurance Support Service (eMASS) Governance Risk Compliance (GRC) tool for entry, validation, management, and Plan of Action and Milestones (POA&M) of security controls, supporting artifacts, and vulnerabilities.

Security Engineer and Analyst for the BNY Mellon client in support of Ginnie Mae.Performed FISMA analysis on the Ginnie Mae General Support System (GSS), GinnieNet, Integrated Pool Management System (IPMS), and Unclaimed Funds System.Prepared analysis and briefs senior BNY Mellon management for tactical and strategic security program planning and budgeting to provide optimum risk management and continuous monitoring.Provided guidance and mentoring to Lunarline technical team at BNY Mellon to integrate their technical vulnerability scanning, audit analysis, and planning with Splunk and Nessus with client security program.Reviewed security controls on Ginnie Mae systems for compliance with NIST SP 800-53 R4 and FISCAM standards.Authored, drafted, edited, and reviewed required security documentation including the System Security Plan for the GSS.Prepared security control review and security documentation development for BNY Mellon’s Small Business Administration Fiscal Transfer Agent (FTA) system.

Information Assurance Analyst assigned to the U.S. Department of State (DoS) Bureau of Human Resources, Executive Office (HR/EX) System Development Division.Provided guidance and task management for the HR/EX Director and Government Program Managers for security of three internal and two external applications. Performed the annual security control assessments on all internal HR/EX systems including the Integrated Personnel Management System (IPMS), Human Resource Network (HRNet), Personnel Reporting and Statistics (PRAS) systems using the NIST SP 800-53A test cases against the system’s critical, vulnerable controls annually and a sampling of one third of all other controls. Communicated annual assessment results to the system owner, Information System Security Officer (ISSO), operations team lead, and system development lead formulating clear and measurable Plans of Action and Milestones (POA&Ms) for mitigation. Analyzed the security impact and required security control changes to support proposed introduction of changes to HR/EX production environment applications, software subsystems, and interconnections through the development of planned change comparative analysis reports.Coordinated the mitigation of vulnerabilities from A&A Security Assessment Reports (SAR) into and through POA&Ms and serves as the liaison between the independent assessment teams from the State Information Resource Management (IRM) Bureau, Information Assurance (IA) Assessment and Authorization division and the HR/EX system owner in order to manage the process to authorize, re-authorize, and report on the status of system owner designated continuous monitoring tasks. Prepared system administrators, database administrators and developers for security assessments through analysis of configuration settings at the operating system, database, and application levels.

• Serves in an elected position for the Northern Virginia Chapter of one of the premier professional associations with over 500 members in the information assurance/security career field.• Promotes, manages, and coordinates a 13-week study group for aspiring CISSP candidates.• Works with chapter membership in the information security field to assist in their career development through arranging effective instruction and learning methods and providing exam preparation guidance in the CISSP study group.• Reports and coordinates programs, scheduling, and budgeting with other elected and appoitned positions to promote the ISSA International and Northern Virginia chapter goals of growing the professional knowledge of our membership through networking and speaker events.• Coordinates the development of presentation materials for additional study groups within the information assurance career field including Certifed Ethical Hacker (CEH), Certified Secure Software Lifecycle Professional (CSSLP), and Certified Information Privacy Professional (CIPP).

Performed security control assessments and compliance monitoring for the TSA Chief Information Security Officer (CISO) and Information Assurance and Cyber Security Division.Evaluated, analyzed, monitored, and reported on the status of TSA information systems in accordance with the Federal Information Security Management Act (FISMA), National Institute for Standards and Technology (NIST) SP 800-53, Department of Homeland Security (DHS) Management Directive (MD) 4300A, and TSA MD 1400.3.Held security assessor responsibilities on critical, high visibility systems including TSANet, which is the administration’s primary General Support System (GSS); the TSA Security Operations Center (TSA SOC); Crew Vetting Program (CVP); and the TSA Contact Center (TCC). Managed security engineer teams in performance of technical vulnerability scans during security control assessments of systems to prepare for initial or renewal of authorizations to operate.Conveyed findings of managerial, operational, and technical vulnerabilities through a combination of briefing and written reporting for the CISO to determine the system’s operational risk and to support the Authorization Official’s authorization decision making.Represented the TSA Information Assurance and Cyber Security Division assessor team for ongoing efforts including the IT Security Technical Standards Working Group, System Configuration Control Board (SCCB), and U.S. airport regional outreach support. Assisted information system owners and management in understanding risks to system operation “as is” and develops strategies for risk mitigation and resolution.Provided leadership and oversight for TSA Information System Security Officers (ISSOs) through assigned system’s engineering and security lifecycles.