I am the Information System Security Manager (ISSM) for the Air and Space Operations Center Weapon System (AOC WS). I provide the security posture assessment and security sustainment and enhancement for our type accredited system at all 24 sites worldwide. The AOC WS is a type of command center used by the United States Air Force. It is the senior agency of the Air Force component commander to provide command and control of air and space operations. The purpose of the AOC is to sift through all information that goes through the Department of Defense. Data must be sorted, evaluated, and formulated into action plans via systems that enable commanders to manage massive amounts of data. The AOC develops strategy and planning documents, monitors the execution of all air, space and information operations, and provides combat assessments.

• Manage information security resources and security system implementations to reduce risk and support business continuity • Identify and create information security-related policies and standard practices for the enterprise • Manage a proactive approach to information technology (IT) security risk to coordinate incident response and serve as the point of contact for internal and external information security communicationsAccomplishments include: • Completed IT risk/vulnerability assessment of Mercury’s information infrastructure. Mitigation solutions plan prepared to provide an effective and achievable two year mitigation strategy. • Prepared security policies including e-mail, blogging, document retention and acceptable use based on best practice and put the written information security program in place to meet regulatory requirements. • Advocated and supported an ITAR access restriction framework. • Worked across facilities, legal, accounting and HR to implement and coordinate best business practices for financial records storage. • Appointed as ISSM/ISSO for Classified resources; prepared the Master System Security Plan and Information System Profile for a multi-user, stand-alone computer, compliant with NISPOM requirements; received Interim Approval to Operate from DSS ODAA. • Created and implemented the written Information Security Program with procedures needed for company compliance with the new Massachusetts Personally Identifiable Information (PII) laws. • Assisted in the SOX compliance audit as the security/access control part of the IT team. • Managed implementation of IT/IS elements of the strategic security plan. • Led execution of the Intrusion Prevention/Detection blade in a Checkpoint Firewall, Blue Coat Proxy for best practices Web filtering and access logging and selection and implementation of the DLP Pilot Program.

• Developed, implemented, supported and maintained operational information-related security policies, practices and solutions based on ISO standards and best practices to enhance Kronos’ overall security posture. • Led activities to update existing policy and develop new policy to reflect the ISO standards, PCI data security standards, compliance considerations and both Federal and State laws and regulations for security governance. • Coordinated with core IT group to develop the network security architecture, ensure the safety and security of the network perimeter and provide secure mechanisms to move data across the external boundary. • Supported proactive security philosophy of risk mitigation through greater security awareness training, cost-effective security countermeasures,host-level security configurations, and security planning/integration. • Recommended best practices to business units for internal data and resources to support company-wide business objectives. • Renewed the process for internal developments to anchor on security; provided security solution options to mitigate risk and enhance company security posture • Coordinated the review and analysis of all external connectivity issues, including telecommuting, in support of customers, partners and employees for potential security impact. • Recommended information security-related policies and standard practices for the enterprise ensuring currency and effectiveness of authentication,encryption, and intrusion detection methods. • Worked with business units to recommend information security efforts and provide guidance on risks and vulnerabilities related to common application protocols and Web services security; provided internal pre-release security scans of both existing and new code to identify unsafe practices and known vulnerabilities for mitigating action.

• Led a team of professionals to complete a security assessment, requirements analysis and conceptual design for the U.S. Army Corps of Engineers New England District Headquarters Complex and the Cape Cod Canal facilities including highway and railroad bridges. The task required the completion of a threat assessment, risk analysis, identification of security vulnerabilities, evaluation of potential countermeasures, security requirements and a security system design and budget for recommended system enhancements. • Managed engineering team to assess and respond to the Force Protection Condition of flood control dams for the U.S. Army Corp of Engineers, New England District. The task included verifying the postulated threat assessment previously completed by the Corps, using threat data and identifying vulnerabilities to prepare system design and install solutions consistent with overall system operational philosophy.

• Conducted security assessments and simulated network attacks for government agencies, dot-com e-commerce financial system providers, and others. Analyzed existing network and design schemes, executed security scans, captured system vulnerabilities and provided recommendations for restoration of high security posture. • Performed in-depth network analysis to support re-architecting the network at a major city housing authority. Activities included: network reconfiguration recommendations; installation and configuration of firewall; reconfiguration and validation of the configuration of the enterprise routers and switches; installation and configuration of a Proxy Server for Internet access control, local DNS Servers, and mail server configuration tasks. • Designed a knowledge management system for one of the largest for-profit research firms in the country. Defined evaluation criteria used to assess success of pilot implementation; designed the architecture for the production system and provided an accurate budgetary estimate for the production rollout.

• Project Engineer for the Kuwait Border Security System (KBSS) project; responsible for design, specification development, bid evaluation and implementation management of all electronic communications and intrusion detection subsystems. • Senior System Engineer supporting the development of the Defense Nuclear Agency computer based Corral Monitoring System. • Senior System Engineer supporting a joint contract effort with the Raytheon Service Company, supporting the Defense Nuclear Agency's Portal Perimeter Continuous Monitoring Program (PPCM); provided system engineering design and prototype development for the Strategic Arms Reduction Talks (START) and Conventional Forces in Europe (CFE) treaty monitoring efforts. • System Engineering Division Chief provided engineering support to the U.S. Air Force Base and Installation Security System (BISS)/SAFE Programs for the ESD Physical Security Systems Directorate (PSSD); including support for the Technical OnSite Inspection (TOSI) program, advice and consultation to the U.S. Customs Service. • Project Manager, provided support to the U.S. Navy Joint Tactical Information Distribution System (JTIDS) for an advanced Integrated Communication/Navigation/Identification (ICNI) system.