John Blanchard Email and Phone Number

Penetration Testing Healthcare, Banking, and other Commercial environments.

• Examined and analyzed electronic media in support of computer intrusion, counter terrorism, counterintelligence and criminal cases• Conduct both network, application, and mobile Penetration Security Assessments• Reviewing documentation for compliance with security policies, and procedures • Providing support in operating and monitoring protection• Analyzed media using a broad range of computer forensic tools then summarized findings in a technical report• Reviewed information on various computer related evidence obtained from various crime scenes and believed to contain evidence of criminal activity• Restored damaged and erased computer hard drives to attempt to collect evidence and information• Compiled reports including chain of evidence forms, evidence logs and entered data into various computer programs for access by investigating officers• Examined and analyzed electronic media in support of computer intrusion, counter-terrorism, counterintelligence and criminal cases• Providing analysis of audit logs pertaining to performance and cyber security activities• Developing/updating/reviewing risk assessments and risk management plans in support of Certification and Accreditation activities• Supporting audits, assessments, and reviews • Assist in developing, testing, and reviewing disaster recovery and continuity of operations plans• Perform forensic analysis as needed to support incident management activities• Perform product testing of new technology and provide written assessments (including recommendations) for possible implementation• Perform research and development on emerging threats and techniques to mitigate the risk

Functional Responsibilities:●Performing security analyses and risk/vulnerability assessments●Conduct both network and application security assessments●Worked with “Security Lifecycles” as applied to information systems, including Security categorization, privacy impact assessments, system security plans (SSP) and contingency plans (CP), certification testing, plans of action and milestones (POA&M), continuous monitoring, consensus audit guidelines (CAG), security content automation protocol (SCAP)●Implementing, monitoring, and maintaining IDS (SNORT)●Familiar with all range of NIST guidance, including special publications (SP-800-series), and Federal Information Processing Standards (FIPS), AR 25-2 (Information Assurance)●Managing and leading efforts in the review, application, and maintenance of informationassurance policies and procedures ●System log forensics ●Utilizing ArcSight,SCCM,SCOM,HBSS to secure systems●Conduct risk assessments and prioritize remediation and mitigation activities●Review and maintenance of certification plans and accreditation documentation●Ensuring compliance of applicable systems through vulnerability scanning●Conducting security tests and evaluations.●Coordination of certification and accreditation activity for project teams.●Evaluation of information assurance technologies for application to the projects and systems.●Planning and support of security engineering●Forming documentation of penetration testing and vulnerability testing results and make recommendations to software architects, developers, and system administrators on remediation●Experience with application security(and issues), ethical hacking, offensive security and application penetration testing methods, tools, and techniques, along with other types of application security assessments

•Vulnerability management and compliance•Website design and security•Penetration testing (Network, Systems, Mobile Devices and Web Apps)•Provided technical support, installation and assembly of computer systems, workstations, servers, and peripheral hardware. Installed and managed VPN using point-to-point topology •Responsible for network management including network performance tuning, security monitoring, file server backup, remote access, and email server administration•Provided technical support for application systems integration with database servers

•Obtaining and managing security certification and accreditation of systems, networks, and sites•Managing and leading efforts in the review, application, and maintenance of information assurance policies and procedures•Review and maintenance of certification plans and accreditation documentation•Performing security, analyses and risk/vulnerability assessments•Conducting security tests and evaluations•Coordination of certification and accreditation activity for project teams•Evaluation of information assurance technologies for application to the projects and systems•Planning and support of security engineering•Development of information assurance training for Information System Security Managers and Officers (ISSM and ISSO)•Working with Information Assurance working groups, planning teams, etc

•Teach, train, coach and mentor students on the subject matter developed and presented•Conduct training programs and administer written and/or practical exams to evaluate trainees’ performance•Design and create cutting-edge innovative ideas and suggest enhancements to existing products based upon results of completed needs assessment and stated objectives•Design and implement features from concept to completion•Establish milestones in accordance with life cycle management

• Assist in the design, installation, evaluation and administration of the USASC&FG SIGCEN Training Network (STN) and components as required. Support the School of Information Technology (SIT) in the daily operation of the LCIT X Corps common enterprise services, and the acquisition and resolution of hardware/software related problems in support of this program.• Support the LCIT by providing coordination support for all Capstone exercises facilitated within the SIGCEN and external agencies. Attend meetings with the SIGCEN DOT and external agencies. Manage common training scenarios, orders, and exercise schedules.• Operate, update, maintain, patch, and manage core servers, routers, switches, and services.• Prepare, review and update technical documentation to support timely and effective changes to the Capstone Exercises. Facilitate maintaining currency of program documentation as identified and approved by the government.• Installing/configuring Windows Server 2003/2008 operating systems in an VMware environment