Raphael Bargallo Email & Phone Number

San Antonio, Texas, US

• test and provide evaluations of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security.
• Demonstrate subject matter expertise with the RMF process and apply it to meet the government’s security needs.
• Work with the government and provide subject matter expertise with the development of a cybersecurity process improvement roadmap (CPIR) initiative at the government’s direction.
• Evaluate security control assessment documentation and provide written recommendations for security authorization to the AO.
• Provide recommendations to remedy and mitigate security vulnerabilities and threats to ultimately improve the protection of IT resources and to execute the AF ISR mission.

Hanover, MD, US

• Assesses DoD Information Systems against the RMF security controls (IAW) Department of Defense (DoD) Instructions 8500.01 and 8510.01, NIST SP 800-37, 800-53, and 800-53A, Army Regulation 25-1 and 25‐2, US Army Best.
• Effectively performs interviews of technical Subject Matter Experts (SMEs) as well as non-technical management personnel to ascertain the security posture of an IT system.
• Identifies mitigating factors for identified risks and proposes additional mitigation strategies for identified vulnerabilities
• Evaluates a wide array of IT devices for Security Technical Implementation Guide (STIG) compliance using ACAS/ Nessus, SCAP Compliance Checker, and manual checklist reviews. This includes Windows, Solaris, and Red Hat.
• Submit findings input into the Enterprise Mission Assurance Support Services (eMASS) system or other Army approved tracking database

Reston, Virginia, US

• conducting security and risk assessments using security frameworks (e.g., NIST, RMF, Common Criteria, etc.), mitigating risk via security controls, testing and evaluation to certify and accredit commercial security.
• Manages McAfee HBSS environment, from updated running the ePO server, to updating McAfee Agents, and monitoring network traffic
• Manages ACAS Vulnerability management environment with Tenable Security Center and Nessus. Running weekly vulnerability reports for mitigation of secure computer enviroment.

Colorado Springs, Colorado, US

• Provides key government personnel with policy coordination and interpretation support, general information security support, and assisting with the development and implementation of a defensive security program that.
• Responsible for ensuring and documenting that all systems are regularly scanned and audited in accordance with applicable DOD policy and procedures, and that incidents are documented and accounted for as necessary.
• Maintains a database to track trends, unauthorized activities, and common practice procedures and remedies to be followed by subordinate units in correcting deficiencies identified during information assurance.
• Employs network scanning tools such as ACAS, QTIP, and SCCM etc., to detect system and network vulnerabilities / deficiencies as part of a proactive network security policy. Provides 24/7 Anti-Virus and IAVA reporting..

Falls Church, VA, US

• Responsible for facilitating the certification process for DHAGSC systems and networks in accordance DOD Instruction 8510.01.
• Risk Management Framework (RMF) --Monitor and report compliance with DHA IA
• Vulnerability Management program --Develop, implement, and support cybersecurity training for DHAGSC staff during in-processing and provide ongoing refresher activities as deemed necessary by the leadership team
• Assessing Security and Privacy Controls in Federal Information Systems and Organizations using NIST SP 800-53A --Monitor HBSS ePO Dashboard for alerts, analyze and report the HBSS operational output parameters.

Hanover, MD, US

• Configure and perform NERC cyber vulnerability assessment (CVA), configuration baseline, and compliance audit scans using Tenable Security Center and Nessus.
• Analyze the results of all scans identifying vulnerabilities, configurations, ports and service changes that need to be addressed according to the Vulnerability Management Program and NERC CIP standards.
• Develop remediation and mitigation plans to address identified vulnerabilities. Communicate the vulnerability scan reports and the remediation and mitigation plans to the project teams for implementation.
• Look for newly identified vulnerabilities, changes to STIGs, Tenable product plugins, new security guidance and other changes to vulnerability management tools and processes.
• Communicate exceptions and acquire risk acceptance forms from SME’s where necessary.

• Study the technology architecture in place to support applications and processes for the organizational technology architecture involving a range of different technologies running on different platforms i.e. Windows.
• Facilitate the protection of the flow of information within the corporation by considering threats from outside entities, attacks on the security of the corporate Intranet or electronic data interchange (EDI) between.
• Assist the corporation to institute a complete information security solution for DIACAP processes
• Ensure the safety and integrity of the network with the testing of software prior to it being introduced to the production network
• Performs security penetration test, security audits, and software application testing

Durham, North Carolina, US

• Troubleshoot and resolve Microsoft network environments and operating system configurations in compliance with the Department of Defense (DoD) security standards to include the Department of Defense Information.
• Construct documentation to aid in the delivery of compliance packages to the DoD and for the maintenance of the Information Assurance (IA) systems.
• Conduct and analyze vulnerability scans in a simulated DoD lab environment. Perform mitigation and remediation actions of vulnerabilities.
• Performs troubleshooting analysis of servers, workstations, and associated systemsTest and evaluate applications against system patches and upgrades to ensure compatibility
• Performs scans using Retina, SCAP, and Nessus vulnerability scanning tools.

Colorado Springs, Colorado, US

• Performs network scanning tools such as Retina, Q-tip, HBSS, etc., to detect system and network vulnerabilities/deficiencies.
• Ensures that all systems are regularly scanned and audited in accordance with DoD policy and procedures, also makes sure incidents are documented and accounted for as necessary through leadership.
• Maintaining over 95% or higher on IAVA compliance on all weekly scans for Kandahar, Afghanistan.
• Maintains a database to track trends, unauthorized activities, and common practice procedures and remedies to be followed by subordinate units in correcting deficiencies indentified during information assurance.
• Performs correct DIACAP documentation for network/Server accreditation

Marietta, GA, US

• Assisted in the development and documentation processes to deploy Zero Touch Installation (ZTI) images for an Enterprise environment utilizing SMS/SCCM 2003 Operating System Deployment (OSD).
• Assisted in capturing generated images into SMS 2003 OSD and prepared for Enterprise deployment.
• Assisted in providing Tier 3 Technical Support for remote SMS Administrators in order to provide in depth troubleshooting for OSD related deployment issues.
• Assisted in recording and tracking IT related problems and solutions via Configuration Management system.

Chevy Chase, MD, US

• Promoted from previous position of Configuration Management Technician.
• Provided programmatic and technical evaluation on tasks relating to the 171 user Bed Down and integration processes, configuration, and integration.
• Provided recommendations and technical direction as necessary to complete the tasks to the site Information Architect.
• Provided technical support and activity to image and configure machines as required.

Falls Church, VA, US

• First line of support for over 20 Army Medical installations for IT desktop support.
• Remotely through SMS(Systems Management Server) BOMGAR and Dame Ware access IT problems and resolved them in a very high pace environment.
• Provided clear, concise, complete, accurate and timely assistance and support to develop robust, sustainable communications/computer architecture. Responded to phone, email and face-to-face requests from customers..

Arlington, Virginia, US

• Supported 18th Airborne Corps Command Team’s Communications.
• Supports key military and civilian personnel on hardware and software issues.
• Supported over 200 blackberry users on Fort Bragg and deployed Iraq users.
• Installed and configured Microsoft Exchange 2003 and 2007email clients, troubleshot and resolved email, calendar, and blackberry issues.