Evaluate, maintain and communicate the risk posture of FISMA systems to executive leadership and make risk-based recommendations to the Authorizing Official. Subject matter expert in all areas of the Risk Management Framework. Support stakeholders in Acceptable Risk Standards requirements. Assist in the implementation and enforcement of risk management procedures. Monitor system security posture and review proposed security and privacy artifacts. Provide guidance to stakeholders on required actions, potential strategies and best practices for closure of identified weaknesses and vulnerabilities.

One person, service-disabled Veteran-owned business. Handle investigations or analysis of complex tickets received from incident analyst, operator, or engineer. Work with the appropriate technical engineers or outside organizations in order to solve complex incidents and network events. Support the Incident Response Manager when necessary for resolution of incidents or complex events. During security incidents, perform analysis and client communications. Monitor, tune and configure system tools in order to identify anomalies and other incidents not automatically identified. Develop tuning requests for firewalls, IDS and SEM tools. Monitor external threat sources and associate threat information with traffic identified as suspicious. Draft and publish daily incident summary reports for Executive Agency leadership. Use security evaluation tools (Symantec ESM, Nessus, Nmap, CyberCop, and Typhoon) to identify security vulnerabilities in a Commercial enterprise. Middle to advanced level operating system capabilities in SunOS, AIX, RedHat Linux and SuSE.

A notaries public serve an important role in the prevention of fraud and protection of the parties involved by acting as an official, unbiased witness for certain documents.

Supporting the Provider Enrollment, Screening & Monitoring (PRESM) Discover Your Provider (DyP) solution for the State of Wyoming. Provides project-wide IT security oversight through the establishment of a comprehensive and sustainable governance, risk management and compliance framework and IT security policies, standards, guidelines and procedures. Ensures IT security/privacy plans and practices are in place to comply with the Health Insurance Portability and Accountability Act’s (HIPAA) security rule and standards, as well as FISMA and FedRAMP regulatory and compliance requirements. Responsible for planning and implementing information security, compliance, and privacy risk management strategies, processes and programs, across the solution. Development and execution of information security risk controls and management strategies. Perform application security assessments as needed. Coordinate external audits and penetration tests and findings remediation. Design, document and implement security controls. Identify strengths, areas of vulnerability, and opportunities to mitigate risks. Manage the development and implementation of sustainable IT security policies, standards, guidelines and procedures. Ensure a high state of readiness for responding to IT security events and events that may compromise the availability, accuracy and reliability of IT systems and data.

Responsible for CMS business partner security requirements includes obtaining and maintaining the Authority to Operate (ATO) and participate fully in the Security Assessment and Accreditation process; Determine enterprise information security standards; Provide configuration management (CM) for information system security software, hardware, and firmware; Review, maintain, and ensure all Security Assessments and Authorization (SA&A) documentation to include System Security Plans (SSP); Manage changes to system and access the security impacts of those changes; Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, Security Assessment and Accreditation packages; Responsible for the day-to day oversight of computing systems ensuring they are operated, maintained, and disposed of in accordance with applicable government guidelines; Provide direct support as a technical representative for ensuring security is integrated throughout the CMS expedited Life Cycle (XLC) and residual risk is acceptable; Provide recommendations concerning safeguarding of information systems and conduct a comprehensive assessment of the management, operations, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls; Provide project documentation to include risk management and system security plan, information assurance assessments on systems development, integration, and operations and maintenance supports in compliance with the customer certification and accreditation process pursuant to security guidelines following government standards and best practices; Recommend courses of action and policies to senior management that allow company to securely meet its organizational goals; Ensure that company automation security programs are implemented through development and promulgation of notices, policies, procedures, training and awareness programs, and customer surveys

Key Contributions:• Served as security officer across five FISMA systems which were inspected annually with no security findings in four consecutive years. This was a total of twenty-three separate security assessments.• Eliminated configuration errors by developing scripts and monitored databases containing PHI, PII and other sensitive information. • Boosted employee performance by delivering CISSP training to thirty personnel leading to successful outcomes for three candidates. • Pinpointed potential security weaknesses by conducting comprehensive reviews and recommended improvements to remediate vulnerabilities. Protected organizational information and prevented unauthorized access by researching, developing, implementing, testing, and reviewing information security functions. Developed and maintained documentation for system certification and accreditation in full compliance with government requirements. Communicated with clients for system accreditation, and other IT security issues. Verified compliance with security procedures and standards, identified and documented vulnerabilities, and mitigate risks by making sound recommendations. Understood agency, NIST, OMB and other guidelines. Assisted and supported eight separate engagements with security and privacy controls assessment teams.

Key Contributions:• Reduced security risks by performing information and physical security risk assessments, security scans, and penetration test on assets and processes. • Conducted security scans three times a week for over 200 systems to support information assurance and settings for security and privacy controls. • Identified over 100 discrete risks and spearheaded remediation prior to third-party security and privacy controls assessments necessary for Authority to Operate (ATO).Drove security efforts by maintaining existing capabilities, making recommendations, and implementing updated security technologies including firewalls. Encryption, and anti-virus software. Enforced compliance with security policies including administrative, physical and technical safeguard policies. Coordinated incident response and remediation activities. Launched and tracked progress of investigations to ensure optimal and timely resolutions. Provided security tools, policies, and technologies around operating systems, applications systems, code, and data.

Assessed antivirus, firewall, IDS/IPS, proxy, DHCP, NAT, application and security event logs as well as maintained and provided user support for cyber security tools. Analyzed security products involving research, development, testing, and evaluation. Delivered hands-on support of equipment installation at enterprise network security operation centers at five divisions. Installed and configured deep-packet analysis and threat protection devices at two Federal agencies.

Consulted on information security for DHHS/CMS healthcare integrated general ledger accounting system (HIGLAS) supporting over 45M providers and beneficiaries, and processing over 51M claims daily. Reduced findings from over 150 to less than five in the following year by evaluating and coordinating security posture. Triggered high cost savings by taking preventive measures during software development and deployment to avoid remediation expenses. Sole CMS-designated onsite representative for pre-ATO Security Test and Evaluation (ST&E) audit

Handled investigations or analysis of complex tickets received from the analyst, operator, or engineer. Supported the on-call Incident Response Manager when necessary for resolution of incidents or complex events. Actively monitored, tuned and configured system tools to identify anomalies and other incidents. Generate advanced reports from the reporting console. Develop tuning requests for firewalls, IDS and SEM tools. Monitor external threat sources and associate threat information with traffic identified as suspicious. Draft and publish daily incident summary reports for Executive Agency leadership. Daily Reporting of security vulnerabilities to senior management

CISSO position for the Maryland State Board of Elections. Successful security environment for the 2006 Maryland Gubernatorial Election Cycle Mitigation responses to Third-party Security Audit of Electronic Voting Systems Responsible for the day-to-day security operations of the election system Develop and update the Election Systems security plan Manage and control changes to the e-Voting system and assess the security impact of those changes

Install and deploy single sign on solution from Computer Associates. Install, configure and maintain UNIX access control software (SymarkPowerBroker/Powerkeeper) Install and system administrator of 32 Solaris 8/9 Enterprise Servers. Use of Solaris DiskSuite and FDR Upstream software for clustered system reliability Distribute and maintain enterprise cryptographic key structure for OpenSSH. Cryptographic custodian for internal/external ATM cryptographic material

Security compliance reviews of 187 HP/UX, Solaris Sun, IBM AIX, Linux and NCR MP-RAS/Srv4 UNIX servers. Develop, coordinate and publish security policies for UNIX operating systems. Identify security enhancements for distributed server applications. User security evaluation tools: Symantec ESM, Nessus, Nmap, CyberCop, and Typhoon to identify security vulnerabilities in the Bank enterprise Email filtering and release decisions for over 1000 daily messages to ensure compliance with Bank policy

Managed a Fortune 500 company network of 63 Netware/Windows NT/2000 servers Establishment of UNIX/Windows/Netware WAN-wide time synchronization Wide area network upgrade/installation over FDDI/Frame Relay/ATM WAN links to 23 locations NAT and DHCP centralized management of IP number assignments

Sole Novell consultant support for Maryland State Assessment and Taxation Departments 32 server, statewide network with over 400 users Installation of several small-to-medium size Novell networks to support business ADP needs Deployment of firewall support through Novell BorderManager software and email through Novell Groupwise gateways to FAX and Internet services Troubleshoot and upgrade existing network installations of Netware 2.2./3/1 to InterNetWare 4.11 and work stations using Windows 3.1x, Windows 95 and Windows NT

Consultant to local County and municipal agencies to support enterprise applications and networking. Troubleshooting and repair of network problems with small-to-medium business installations. Second tier engineering support for Netware issues, including restoration after catastrophic failure at client sites. BNA was acquired by Alpha Engineering in 1997.

Supported a 225 user, Novell 3.12/4.1 WAN at two separate geographic locations Implemented various hardware solutions including 100VG/10BaseT and Cisco/Rockwell routers Installed software applications for software metering, cc:Mail/MSMail gateways, server/client virus protection, and office productivity suites from Microsoft/WordPerfect Network setup and maintain printers from Hewlett-Packard, IBM/Lexmark, Xerox/Tektronics