About

More than 21 years of overall experience. Fourteen years of information assurance-specific experience, including managing and performing certification and accreditation (C&A) activities according to the policies and guidelines stated in DIACAP, DITSCAP, and NIACAP. Experience in performing certification activities such as compliance testing, risk and vulnerability assessments. Experience in producing and maintaining certification and accreditation documentation. Experience in the use of software tools such as Retina, Internet Security Scanner, Nessus, Security Content Automation Protocol (SCAP) scanning tools, Security Review Readiness (SRR) scripts provided through the Defense Information Systems Agency, Gold Disk, and various password/security scripts and programs. Experience in exercising configuration management principles. Working knowledge of Windows 9.x/NT/2000/XP. Working knowledge of Linux, and Oracle for the purpose of verifying security configuration using scripts and vulnerability assessment tools).

* Image courtesy of my personal insights



Home

Experience

Company

University of Maryland Smith College of Business Technological Resources

Dates

September 2000 - July 2014

duties Performed

College of Business, University of Maryland (September 1996 - May 1997) Network Technician. Resolved problems with hardware and software within the network, and assisted students and faculty in the use of the various software packages. Conducted one-on-one training sessions with faculty in the use of software packages (Microsoft Office, Windows 95, Lotus Notes). Coordinated and operated the Help Desk, receiving calls and troubleshooting problems with users over the phone. Situations ranged from connectivity issues to using features of an application to meet a specific user need. Provided assistance to users in the use of audio-visual equipment.

Skills Learned

Aspen Systems Incorporated

Dates
duties Performed

Aspen Systems Corp, (September 1995 - January 1996) LAN Technician II/Consultant. Worked at the MCImetro Help Desk answering calls and resolving computer software, hardware, and network problems. Fielded all calls professionally and courteously and provided responses as quickly and accurately as possible. Referred customers to appropriate staff members when problems were out of the scope of the Help Desk. Monitored the local area network (LAN) and performed maintenance when necessary and assisted senior LAN technicians in troubleshooting and resolving network problems. Monitored the workstations of several users to ensure that their connections to the network were accurate and resolved problems when they were not. Installed modems and other accessories into PCs and set up workstations (PCs, monitors, printers) for various users. Maintained the inventory database of MCImetro users, ensuring its accuracy.

Skills Learned
TWM Incorporated
Dates
s
duties Performed

Associates Inc. (November 1998 - September 2000) Information Security Analyst Involved in a number of research projects, including the software development life cycle (SDLC) research, the C&A process that involved documenting and testing systems according to DITSCAP, security auditing, security engineering, security testing and validation, database security testing, and configuration management emphasizing the verification of compliance with information security policy. SLDC research involved process modeling and requirements analysis. Security auditing involved verification of network equipment and computer processes for compliance with security policy. C&A and security engineering involved the interpretation of customer needs and security requirements into various types of security documentation, including product evaluations, SSAAs, configuration management plans, security incident response plans, implementation plans, and risk management plans. Database development involved logical database design and data modeling. Configuration management involved the application of configuration management principles to the unique needs of an organization and researching available software tools to meet the organization’s configuration management needs.

Skills Learned

SAIC Incorporatecd/Leidos Incorporated

Dates
duties Performed

08/2011 - 6/2014, SAIC, Ft. Meade Maryland. Systems Engineer. Execute security assessments and support activities necessary to support the continued accreditation of the Global Command and Control System (GCCS) system. Perform security assessments against Operating system components using the Security Content Automation Protocol (SCAP) tools, and against Oracle databases within a Solaris environment. Assist the engineering team in the testing of anti-virus software, security patches and baseline software to support the GCCS system. 10/2008 – 08/2011 SAIC, Falls Church Virginia. Information Assurance Officer. Execute Information Assurance activities in support of the JIEEDO (Joint Improvised Explosive Device Defeat Organization) Enterprise Management System. (JEMS). The primary task on this project is to serve as the information Assurance Officer (IAO). Maintain the Plan of Actions and Milestones (POA&M) and coordinated mitigation activities with security and system administrators. Maintain and review security documentation and ensure that the certification and accreditation packages contain all required information. Perform security compliance assessments and vulnerability assessments. Track vulnerability information within the Vulnerability Management System (VMS) and coordinate and perform resolution activities alongside system engineer s. Prepare IA procedure documents. Secondary role is to serve as tier-1 help desk administrator. SAIC (June 2008 to October 2008) Senior Information Assurance Analyst. Executed Information Assurance activities in support of the Joint Network Management System. (JNMS). These activities included performing security compliance assessments in the form of Security Readiness Reviews, performing vulnerability assessments in the form of network scans, and ensuring that vulnerability mitigations were recorded and tracked within the vulnerability assessment reports. SAIC (June 2007 to June 2008) Information Assurance Analyst. Executed Information Assurance activities in support of the Net-Centric Enterprise Services (NCES) system. These activities included performing security compliance assessments in the form of Security Readiness Reviews, performing vulnerability assessments in the form of network scans, and ensuring that vulnerability mitigations were recorded and tracked within the Vulnerability Management System. Maintained and updated the Plan of Actions and Milestones (POA&M) and coordinated mitigation activities with security and system administrators. Evaluated the HBSS security software for feasibility of incorporation within the NCES system. SAIC (December 2006 to July 2007) Systems Administrator. Performed system administrator duties, assist with calls to the DCTS help desk. Duties include performing system installation activities, IAVA compliance, and managing calls to the help desk. SAIC (August 2006 to December 2006) System administrator. Assigned to the ACTD laboratory and performed lab management and system administration activities on Windows 2000, and UNIX workstations and servers. Maintained and operated the lab in accordance with lab policies and security guidelines. Coordinated lab demonstrations, maintained the equipment inventory, and enforced security policy. Coordinated network connectivity issues, performed hardware and software maintenance, and maintained compliance to security policy. Maintained IAVA compliance by performing vulnerability scans on the lab assets and executing the necessary mitigation procedures. SAIC (December 2003 to August 2006) Network Security Engineer . Served as the Alternate Information Security Officer. Executed the activities necessary to obtain and support the certification and accreditation of the DISA NETCOP. Tracked the status of the accreditation, ensured the system was operated in compliance with the accreditation, coordinated with certifying officials in performing Security Test and evaluation activities. Maintained the Plan of Actions and Milestones (POA&M) and coordinated mitigation activities with security and system administrators. Maintained and reviewed security documentation and ensured that the certification and accreditation packages contained all required information. Tracked vulnerability information within the Vulnerability Management System (VMS) and coordinated resolution activities with security and system administrators. SAIC (August 2003 - December 2003) Systems Engineer Executed the activities necessary to provide system administration support the NIPRNET Connection Approval Process (NIPRCAP). These activities included configuration maintenance on the NIPRCAP web and database servers, upgrading server and application software, monitoring and implementation of IAVA alerts and technical advisories, maintaining user accounts, and maintaining SOP documentation. SAIC (September 2000 - August 2003) Information Security Engineer (Systems Engineer) Defined and executed the activities necessary for the completion of C&A process. These activities included systems planning and project management, testing systems for vulnerabilities and compliance with security requirements, benchmarking, and information engineering, which resulted in the interpretation of customer needs and security requirements into various types of security documentation (e.g., system security authorization agreements [SSAAs], contingency operations plans, configuration management plans, security incident response plans).

Skills Learned


* Image courtesy of



Home

Education

Education
Capitol Technology University
Masters Of Science in Information Assurance
University Of Maryland at College Park
Bachelors Of Science in Decision and Information Sciences

Relevant Coursework

Udemy Courses

The Udemy courses I took provided me with hnds-on instruction in the skills and concepts that i intend to use in my new career.

Programming Languages Studied
    • Javascript
    • HTML/CSS
    • C#
    • Java
    • Ruby
CyberSecurity Courses Studied
  • Ethical Hacking
  • SQL injection
  • Cross Site Scripting XXS
Database and Relared Courses Studies
  • MySQL
  • PostgressSQL
  • MicrosoftSQL Server
  • Oracle

The Programmer Coach

The Programmer Coach is an online learning platform that teaches full stack development focusing on connecting a web based application to a database platform. It teaches the basic programming concepts. The course is taught using the C# progrmming language along with .NET and Microsoft Azure concepts. The database used in the course is microsoft SQL Server, its' purpose to teach a student about the full stack database application developmdent process, and how it works. Mention C#, Microsoft SQLServer, Microsoft Asure, amd the learning platform.

* Image courtesy of



Home

Skills

Operating Systems

  • Windows
  • Linux

Software Tools

    CyberSecurity Related

  • Nmap
  • SQLmap
  • Burp Suite
  • DOD SCAP Vulnerability Assessment tool
  • Oracle Virtual Box
  • VMware
  • Exploit Database
  • Metasploit
  • Eclipse IDE

    Programming Related

  • Visual Studio
  • Visual Studio Code

Discuss the type of learner and worker you are. Lorem ipsum dolor sit amet consectetur adipisicing elit. Aspernatur deserunt modi consequuntur sit omnis quidem laudantium odit aut laborum dignissimos quos magni voluptates earum neque reiciendis illo, impedit itaque hic!

* Image courtesy of



Home

Intrests and Hobbies

I have a wide range of interests. I enjoy playing video games both retro and modern. I enjoy working with my hands on projects involving buiding things. I enjoy working on coding activities. I enjoy learning to play music. I enjoy watching and laying sports.

* Image courtesy of



Home
kk

Contacts

If you wish to contact me, please leave your information.







Please enter some text