• Create customized scanning/testing configurations within testing tools to suit security configuration requirements.• Experience conducting security audits of information systems.• Vulnerability assessment and analysis experience utilizing SCAP, ACAS/NESSUS and DISA STIGs• Experience with DoD implementation of the Risk Management Framework (RMF) and governing directives (NIST, CNSS, DCSA, etc.)• Familiarity with the Defense Counterintelligence and Security Agency Assessment and Authorization Manual (DAAPM)• Assessed whether security controls are implemented correctly, operating as intended and producing the desired outcome• Installed, configured, and maintained DISA ACAS (Assured Compliance Assessment Solution) and HBSS (Host Based Security System) servers• Configured and conducted daily ACAS scans with the use of Security Center and conduct patching and remediation when necessary in accordance with the IAVM process• Perform security testing and evaluation of servers, workstations, databases, and network fabric devices (i.e. firewalls, switches, routers, load balancers) in order to determine security vulnerabilities and weaknesses, and to create reports of security findings in support of security authorization process. • Identify the applicable NIST 800-53 security controls or policies that correspond to any finding identified via manual or automated testing, to a specific CVE, IT technologies.• Perform analysis of cybersecurity directives, policies, and instructions to include, but not limited to: Communications Task Orders (CTOs), Fragmentary/Task/Operation Orders (FRAG/TASK/OPORDs), IA Vulnerability Management (IAVM), Public Key Infrastructure (PKI) guidance, and STIG requirements.• Track and report compliance status in the Vulnerability Remediation Asset Manager (VRAM) and similar reporting tools as applicable.• Perform risk analysis/independent verification on security configuration and STIG finding risk reports / POA&Ms for devices on the network.

• Consulted with team-members to analyze and define client’s current workflow, recommend alternative solutions to current processes, and anticipate changes for incorporating these processes into Microsoft Sentinel communication system.• Worked with diverse team on Cyber Threat Intelligence and Threat Hunting• Implementation of Microsoft Sentinel (SIEM) with Automation deployment and testing• Skilled in network packet for identifying malicious behavior and security threats• Created policies, process, and procedures, while being familiar with common industry best practices (NIST, NERC, AGILE, ITIL).• Works with the system team on all aspects of system security in collaboration with the DevSecOps team which includes security designs, security architecture, implementation, operations, and compliance.• Interprets security requirements, policy, standards, control statements and its applicability for DevSecOps team and/or system implementation.• Establishes and maintains a security-related operating procedure for DevSecOps teams such as rapid risk assessment procedure• Collaborates with the System Owner for developing and maintaining the System Security Plan (SSP) and Plan of Action & Milestones (POA&M). • Collaborates with other DevSecOps teams and security champions to build reusable security code components, collaboration to build code library, security automation, security checklist, do’s/don’ts, security, etc.

• Using the NIST Risk Management Framework (RMF) and other standards-based guidance like (NERC-CIP), perform risk analysis including identification, recommendation of mitigations, and tracking of risks throughout their lifecycle • Perform threat modeling and assessment on SCADA Industrial Control Systems• Coordinate audit activities by internal and external parties including SOC II Type 2 audits (external) • Using NIST SP800-53R4 and other NIST references, design and coordinate the implementation of cyber security controls with technical teams • Coordinate and oversee the development of system security plans and compliance with standards and policies • Interact with peer supplier organizations in the assessment of risk for their systems and technologies, and coordinate risk management and response activities • Evaluate transactions using established criteria to detect potential incident of fraud utilize resources to obtain forensic evidence for investigative purpose• Conduct data analysis to logically identify opportunities for improvement to shrink data loss (DLP)• Implemented company policies, technical procedures and standards for persevering the integrity and security of data loss prevention (DLP), reports and access• Maintain POAMs and supervise the completion of assign tasks and activities by others • Perform baseline assessments of cybersecurity compliance against documented standards and requirements • Ensure that SAIC and in scope systems are patched according to approved schedule and requirements • Provide input and assessment of new risks and recommend actions • Coordinate annual cybersecurity assessment across multiple vendors and service providers; produce consolidated assessment report • Provide reports, communication and engagement with stakeholders and management • Provide senior management and executive briefings, summaries and reports on activities, assessments and cyber-security posture

• Using AWS key Management Service (AWS KMS) to enable you to create and manage encryption keys to control the use of encryption across a wide range of AWS services and applications.• Using AWS identity and Access Management (IAM) policy to grant programmatic and AWS Management Console access to users.• Responsible for leading the INDUS’ IT Staff and the INDUS Managed Service Provider (MSP).• Using AWS shared responsibility model to setup Security group configurations, and encryption of data at rest and data in transit.• Routinely worked with applications hosting public clouds i.e., AWS and Azure.• Responsible for budgeting, planning, scheduling numerous projects.• Maintained accountability for Information Technology (IT) security system configurations, administration, and maintenance of all facility to ensure a fast response to distress situations while responding to multiple hazardous system failures.• Responsible for leading a team of engineers who migrated our outdated system to Microsoft 365 and Microsoft Azure AD in the cloud.• Responsible for leading a team of engineers who deployed Palo Alto Networks security appliances at multiple geographic locations and creating a hub and spoke persistent AES 256-bit encrypted VPN between locations. Responsible for building out a data center with IDF’s at several other suites and connecting them all together with fiber.• Wrote and established all of INDUS’ Information Security Policies and lead INDUS’ Insider Threat Program and the Company’s Insider Threat Plan.• Responsible for the guiding/leading the implementation of both INDUS’ NIST 800-171r2 requirements, including the NIST Assessment Methodology implementation efforts and all activities for meeting DFARS 7010, 7012, 7019,7020-7021 requirements.• Leading the effort to meet Cyber Maturity Model Certification (CMMC) level 3 compliance.

- Assume ISSO responsibilities in the absence of the ISSO; maintain required IA certifications- Develop, maintain, and facilitate the appropriate closure of POA&Ms and facilitate with the Agency-designated security Point of Contact (PoC)/ISSM any related remediation activities- Research, develop, implement, test and review an organization's information security in order to protect information and prevent unauthorized access to computer systems- Conduct a Vulnerability Assessment utilizing approved scanning software- Risk Management Framework NIST SP 800-53/171- Conduct and/ or analyzing vulnerability assessments to system compliance with RMF- Lead coordinator of all information security-related audits for SOC compliance, including any internal governance or oversight of controls.- Works directly with the outside auditors managing requests, findings, status, and remediation plans.- Works with Management and team members to create clear, actionable plans detailing specific deliverables, timelines, and accountability to resolve information security issues.- Coordination for the Information Security Training and Awareness program for the company responsible for developing content and changes to content, reporting metrics, and scheduling annual training activities.- Maintains Information Security Policy and Standards documentation and manages waivers too policy/standard.- Participates as required in Incident Response activities.

- Devise a mitigation plan against both external and internal vulnerabilities to enterprise computer infrastructures and sensitive digital assets- Assess and summarize the legal and ethical requirements of a Cybersecurity professional.- Integrate systems-level-infrastructure thinking into CSIA problem identification and resolution, and effectively communicate the solution- Integrate project management skills to produce a cybersecurity solution- Evaluate the results of a security assessment to assess the security status of a network or computer system- CYB/604- Wireless & Mobile Security with Policies and Labs- CYB/606- Network Defense & Cloud Security with Polices and Labs- CYB/608- Ethical Hacking with Polices and Labs- CYB/612- Disaster Recovery & Business Continuity, and Open Web Application Security Project with Polices and Labs- More Classes done can send if requested.

- Operational planner and proficient with GRC tools related to access controls and monitoring. Responsible for functional analysis and course of action development for complex environments in coordination with peers and upper management - Selected as lead advisor to Chief Executive Officer (CEO) for planning and resourcing deployments, conducted incident prevention, detection/analysis, containment, eradication and aid recovery across IT systems- Performed multiple updated security practices with Chief Executive Officer (CEO) and Senior Advisor, as the lead planner and supervisor for IP’s for servers, backup devices, printers and workstations to conform with new domain standards - Selected as the primary operator of management systems to track detailed information on personnel development and maintenance of an organizational cybersecurity plan readiness and equipment readiness, utilized to advise upper management in understanding organizations ability to meet objectives- Selected and responsible for coordinating with internal and external organizations to assist in led redesign and outsourcing of SaaS platform to leading-edge open-source standards, and the personnel in receiving and training on new modernized equipment - Proficient in SAP security principles, technologies and solutions, delivering functionality, and services on time, and within budget to meet business needs- Responsible for the accountability, maintenance, and operation readiness by network monitoring using Wireshark I could sniff or observe network traffic for malicious communication attempts, such as DNS resolution requests, or downloads. Maintained 100% accountability of all equipment during the entire period of responsibility

- Leader for an organization of 32 personnel. Responsible for the readiness of systems failure, modified and migrated DHCP scope during two corporate acquisitions. Achieved 96% success rating in personnel retention- Designed each practice to match the skill and learning levels of all participants. Set clear performance targets and evaluated team achievements - Developed, implemented, and documented formal security programs and policies - Network policy: Bluetooth requirement policy, remote access policy, routers and switches security policy - Server security: Database credentials policy, Software installation policy, Server security policy, Application policy: Web application security policy- Knowledge of techniques for analyzing TCP/IP network traffic and event logs- Maintained accountability of all patrons utilizing the facility to ensure a fast response to distress situations. Computer Incident Response Team (CIRT): The activities/procedures for securing a suspected computer incident and significant injuries prevented while responding to multiple hazardous scenarios - Optimized customer service by resolving issues quickly and with a courteous demeanor - Routinely completed safety update training and ensured all patrons followed safety rules

- Routinely worked with applications hosting public clouds i.e., AWS and Azure- Maintained accountability for Information Technology (IT) security system configurations, administration, and maintenance of all facility to ensure a fast response to distress situations while responding to multiple hazardous system failures - Lead with laying the foundation of cyber risk framework such as NIST 800-53 - Maintained extensive knowledge in enterprise security architecture design and enterprise security documents- Developed a better understanding of HIPPA privacy and HIPPA Hi-Tech compliance- Helped develop Security Technical Implementation Guidelines (STIGs) for company system- Development and maintenance of an organizational cybersecurity plan- Routinely completed safety update training and ensured cybersecurity system architecture, technical cybersecurity standards, and industry best practices

Supervised project superintendents and quality control managers. Prepared monthly construction CPM schedule and created construction government documents.- Systems Operations, moving over nine million pounds of equipment/5,000 troops, and planned/supported over 1,300 combat/combat-support missions.- Lead special operations mission planner in theater, commanding a staff of 30 personnel - spearheaded new voice communications procedures, reducing response time by 20%.- Lead logistics team and personally devised tracking method for ensuring over 3,000 troops and 800 tons of equipment arrived by rail and air in expeditious manner – lauded for superior customer service.- Data base management system software, Distributed database software Microsoft SQL Server, My SQL software

Ordered materials for six active projects and four in closing stage. Set up project schedules; provided administrative and technical support to departments and project managers.- Set up new filing system for recordkeeping of material drawings, SOP’s, bill of materials and change orders; thus improving efficiency and customer service.- Restructured blueprints per building specifications with outside coordinator.- Released change orders as quickly as possible to avoid construction delays.- Supervised and coordinated scheduling of pre and post job activities using Excel and Oracle.