Experience

• 

  Pillar systems

  Jan 2007 - Jun 2008

  C&a specialist at us coast guard

  • Supported Certification and Accreditation program for USCG at the Certification Authority levelo Developed and updated documentation review processeso Performed multiple onsite security audit inspections for Accreditation of systems and networks, utilizing NIST 800-53a and DHS 4300a test procedures and controls o Performed analysis of vulnerability scan (RETINA) data during certification phase audito Analyzed network and information flow diagrams to validate accreditation boundaries and hardware and software inventorieso Developed Certification and Accreditation package documentation including Risk Assessment, System Security Plan, Security Assessment Plan and Procedures, Security Assessment Report, and Contingency Planso Reviewed C&A packages for completeness and compliance against DHS and USCG requirements on behalf of the Certification Authority prior to Authority to Operate (ATO)o Experienced with DHS Risk Management System (RMS) and Trusted Agent-Speaker at annual Coast Guard ISSO Conference as C&A subject matter expert Show less

• 

  Sarum llc

  Sept 2008 - May 2010

  • Provided Independent Verification and Validation (IV&V) services to the Certification Authority of the agencyo Review system documentation and controls within XACTA to determine compliance of documented policies and procedures.o Participate in on-site inspection team for validating security controls of those systems that have previously been accredited. This includes interviewing, observing and testing in accordance with the DoDI 8500.2 baseline security controlso Ensure a Plan of Action and Milestones (POA&M) has been created for all IA control findings, including a realistic date of completion, corrective action and resources (both personnel and financial) have been assignedo Responsible for completing a detailed reported outlining the residual risk to the agency DAA and recommended accreditation outcomeo Performed managerial tasks including tasking projects, assembling weekly reports, and attending meetings with contract leads Show less • Supported the agencies IA Directorate (J61), providing IV&V services to the twelve DLA regional CA, located world-wideo Reviewed completed C&A packages via DoD e-Mass for completeness and compliance with FISMA, DoD and DLA policy and standardso Ensured all relevant IA controls have been documented and meet the required standards as per their MAC and Sensitivity levelso Ensured a Plan of Action and Milestones (POA&M) has been created for all IA control findings, including a realistic date of completion, corrective action and resources (both personnel and financial) have been assignedo Responsible for completing a detailed reported outlining the residual risk to the agency DAA and recommended accreditation outcomeo Participated on on-site inspection team for validating security controls of those systems that have previously been accredited. This includes interviewing, observing and testing in accordance with the DoDI 8500.2 baseline security controlso Provided recommendations and guidance to local C&A teams, system owners, and CA's as requested Show less

  • Senior IA Engineer at Defense Threat Reduction Agency

    Jun 2008 - May 2010

  • Senior C&A Specialist at Defense Logistics Agency

    Sept 2008 - Apr 2009
• 

  Knowledge consulting group

  Mar 2010 - Nov 2010

  Isso

  • Provided Certification and Accreditation services to the Solutions Delivery branch of the Office of Information Technology o Manage ISVM compliance for assigned systems • Review ISVMs upon their release for applicability and reported on the status.• Direct engineering teams to ensure that mandatory level of compliance was reached.o Participate in audits of managed systems• Obtain necessary documentation, provide information to auditors via interviews, and review results.o Responsible for managing POA&Ms for systems• Review audit and ST&E results to determine whether or not they are correct.• Submit POA&Ms to System Owner and upload them to Trusted Agent FISMA (TAF) for DHS management and review.• Create Waivers and Exceptions for existing POA&Ms after determining whether or not corrective actions will be completed on schedule or are able to be completed.• Perform Altiris reporting to ensure compliance of completed POA&Ms Show less

• 

  Tsa

  Nov 2010 - Aug 2014

  Information system security officer

  Provided Certification and Accreditation services to the Operations and Engineering Division of the Office of Information Technology. Participated in audits of managed systems through obtaining necessary documentation, providing information to auditors via interviews, and reviewing results. Created Waivers and Exceptions for existing POA&Ms after analysis of recommended corrective actions. Performed Altiris reporting to ensure compliance of completed POA&Ms.• Chaired the TSA Security Change Control Board. Interfaced with the Department of Homeland Security for data center related changes. Documented performance issues with contractors. Managed all changes for correct implementation time and completion. Chaired the semi-weekly meeting• Designed Roadmap for Virtualization of the TSA environment. Created Functional Requirements Document and Project Timeline.• Represented TSA at the Department of Homeland Security Mobility Working Group.• Represented TSA at the Department of Homeland Security IPv6 Working Group. Show less

• 

  Ementum

  Aug 2014 - May 2015

  Senior manager

  Provides subject matter expertise to the Department of Justice (DOJ) for Public Key Infrastructure (PKI) and Attribute Based Access Control (ABAC). Manages the DOJ Access Control Test Lab and tests vendor solutions for applicability for the Access Control Project.• Completed the Technical Requirements Framework and Notional Architecture for the Access Control Project. Reviewed applicable government documents (NIST 800-162, FICAM, etc) and industry best practice to develop DOJ specific documentation and architecture diagrams. Show less

• 

  Total wine & more

  Jun 2015 - Apr 2016

  It security architect

  Acted as Project Manager for Security Assessment Review of Total Wine & More, which included establishment of deliverables and schedules, working with vendors to mitigate findings, and developing budgets for the solutions. Worked across company divisions in order to achieve Payment Card Industry Data Security Standard Level 1 compliance. Established a system for vulnerability scanning, documentation, and remediation with the engineering team leads.

• 

  Axxum technologies

  Apr 2016 - Apr 2017

  Senior information security specialist

  Served as contractor Team Lead for the Secure Infrastructure Team. This included tasking team members, daily reporting to the contract and government leads, and performance reviews of team members. Improved the software evaluation process that previously existed and trained new hires to properly implement this process. Acted as subject matter expert for Apple (iOS and macOS) and ICAM. As SME for these two systems, was tasked with the design, implementation, and documentation of potential solutions.Supported the White House Transition Team as macOS and PKI Subject Matter Expert during the 2016 Inauguration. Show less

• 

  Transportation security administration (tsa)

  May 2017 - Jun 2019

  Information technology specialist

  • Implemented Jamf Pro within the client’s existing environment, including integration with Microsoft Active Direc-tory, Red Hat Linux, and Windows File Share• Generated product comparison matrices, engaged with vendors to secure quotes, designed a network implementa-tion plan, engineered secure configurations, and collaborated with the engineering team to define network rules pri-or to the implementation of Jamf Pro• Performed a hands-on implementation of Jamf Pro with the support of 3 engineers, acted as the go-to resource for all things Jamf Pro, and provided mentorship to the team as needed• Earned recognition as the team’s subject matter expert for all things related to mobile devices• Built test environments and ran testing for Apple’s Device Enrollment Program (DEP), Mobile Device Management (MDM), and Mobile Threat Defense (MTD) products• Integrated a cloud-based instance of Jamf MDM• Tested IBM AppScan and the Venafi Trust Protection Platform in both a cloud-based and proprietary TSA testing environment, which included the creation of test cases for functional and security testing• Authored documentation for the production deployment of IBM AppScan and Venafi Trust Protection Platform• Researched and established a minimum security baseline for mobile device hardware settingsTECHNOLOGIES: Jamf Pro, Apple’s Device Enrollment Program (DEP), Mobile Device Management (MDM), and Mobile Threat Defense (MTD), IBM AppScan, Venafi Trust Protection Platform Show less

• 

  Scientific research corporation

  Jun 2019 - Dec 2021

  Apple administrator

  • Spearheaded the implementation of Jamf Pro within the client’s existing environment, including the integration of Linux, Microsoft Active Directory, Apple Business Manager, Cisco ISE, and SolarWinds• Appointed to the position of Security Lead for the migration from Windows 7 to Windows 10• Deployed DISA STIGs to MacOS devices• Developed scripts, applications packages, and configurations for proprietary U.S. Navy solutions• Engineered 802.1x posture configurations for Cisco ISE• Authored technical documentation including the Authorization to Operate and POA&M documentation TECHNOLOGIES: Jamf Pro, Red Hat Linux, Microsoft Active Directory (AD), Apple Business Manager, Cisco ISE, MacOS, Windows 10 Show less

• 

  Jamf

  Dec 2021 - now

  Professional services engineer - security