Focused on enabling Information Security Strategy and initiatives to align with corporate objectives. Develop, manage, implement, and monitor Information Security Governance Risk and Compliance (GRC), Risk Assessment Processes, Review and Assess Compliance for Security Policy, Standards, and Controls. Leading the integration of Information Security Risk Management within the SDLC and business operations. Key Initiatives:- Corporate Information Security Risk Governance (GRC) within IT and Business- Information Security technical requirements definition, analysis, validation- Risk Assessment & Analysis, Vulnerability Assessment & Remediation Program Management- HMG Global HQ SOC Alert and PEN Test and Remediations- Vendor Risk Management Process and Assessments- Corporate InfoSec Risk Governance Over IT SDLC and Business Processes- Information Security Policy, Standards, and Procedures- KSOX GRC, Audit, and Control Design.

ISSE Navy IA Validator of DODI 8510.01 DIACAP Certification & Accreditation for NAVSEA NSWC Corona; contract support of 17 systems, including networks environments and application systems.• Perform vulnerability assessments, scans, remediation, and mitigations using e-Eye Retina, DISA Security Technical Implementation Guides (STIG) Security Readiness Review (SRR) scripts, DISA STIG Check Lists, NIST and NSA IA Guidelines. • Provide IT Systems Engineering services – including security requirements definition, configuration of IA Components such as Intrusion Detection / Prevention Systems (IDS/IPS), security baseline configuration for Windows XP, Windows 2007, and Windows 2008 servers.• Collaborate between Systems Developers, Integrators, End Users, Information Assurance Officers, Information Assurance Managers, and external Navy E2 Certification Authorities, Designated Approving Authority agencies.• Develop DIACAP C&A Packages (artifacts, IA Policies and Procedures) and support Navy CA collaboration processes and present recommendations for accreditation and certification. • Perform DISA STIG compliance auditing, reported findings, and presented recommendations in support of the DISA Command Cyber Readiness Inspections.• Support the Information Assurance Manager in the development of the NSWC base's Incident Response Plan, and Configuration Management Plan in accordance with NIST SP 800-34.

IASE for the Army Future Combat System (FCS) / Brigade Combat Team Modernization (BCTM) program.• Developed DIACAP IA C&A artifact packages for up to 7 different BCTM system platforms. Achieved 6 Interim Authority to Test (IATT) packages and 1 Authority to Operate (ATO) submissions to the Army customer.• Developed the Alternative Method of Compliance and Mitigation (AMOCAM) process for the program office. The AMOCAM has been established as the IA Control mitigation documentation and communiqué between the Army Information Assurance Manager (IAM) and the BCTM program management for risk analysis and program development planning.• Documented and initiated IA Vulnerability Assessments and Remediation processes for the program. This required establishing policies and procedures for vendors, developers, and program engineering / integration labs.• Participated program Systems Test and Evaluation (ST&E) and Certification Test & Evaluation (CT&E) milestone events on prototypes and field operated system. • Conducted audits and vulnerability assessments using e-Eye Retina Network Scanner and DISA UNIX SRR scripts and DISA STIG Checklists. Prepared audit report findings with recommendations for remediation and mitigations.• Lead IASE to audit and validate DoDI 8500.2 IA Controls compliance for the Network Integration Kit (NIK), the Unmanned Aerial Vehicle (UAS) Class I, the Common Mobile Platform (CMP), and various Battle Command System sub-components. • Research lead on the emerging DOD requirements for NIST Security Content Automation Protocol (SCAP) for implementation for the BCTM program.

Eight years of systems engineering support for the Navy Integrated Tactical Environmental System (NITES) program.• Performed ECPs, CMP, and NITES Engineering team lead duties.• Performed system architecture design, integration, and implementation for the shipboard, shore, and mobile variant systems. • Lead HW SE for NITES Ashore systems installations at six sites worldwide. • Performed UNIX Certification and Accreditation (C&A) assessments for the NITES UNIX database servers IAW DoD's DITSCAP C&A requirements.• Lead NITES team to achieve certifications for DoD's Joint Interoperability Certification, MIL-STD-461E EMI, MIL-STD-810E Environmental, and MIL-STD-910D Shock & Vibe.

Promoted from IT Help Desk Analyst I to IT Systems IV at the City of San Diego, Metro Wastewater Department within 5 years. • Operated and managed departmental E-mail and File storage servers, 500 plus Windows PC environment. • Performed systems admin duties with Novell NDS/Netware and Sun Solaris server installation, configuration, and troubleshooting.• Peformed & coordinated Help Desk Support at mutiple customer sites in SD County. • Operated enterprise data backup systems running Solaris and Veritas Netbackup.

Senior year student work study program for credit turned into paid position within the College of Education at SDSU.• Performed systems analysis and design support for the SDSU Department of Education’s Graduate Program. This included customer interviews and briefings to gather requirements and define business process flows.• Designed and developed a prototype RDBMS for the graduate enrollment system, using Oracle 7.0 tools. This included database design and normalization of table structures to meet data requirements. • Programmed and test SQL queries using Oracle SQL-Plus 3.1 and Oracle SQL-Forms 3.0.16. This included data entry forms, trigger coding, data form linking development. • Created systems documentation, user operation manuals, and performed end-user training. This included technical writing and oral presentations to the customers.