Project Management
- Manage the life cycle of information technology projects from concept development through implementation; identify and document customer requirements, coordinate project resources through project schedule definition, conduct status meetings and manage action item resolution, develop project documentation, conduct integration testing, create user manuals and other training documentation, and provide post-implementation support
- Analyze and interpret IT regulatory and policy issues applicable to IT security, software and technical support services
- Coordinate and execute IT security projects under the direction of the ISSO
- Coordinate technical team analysis and draft agency responses to information security incidents
- Assist in the definition of remediation strategies to address identified security weaknesses and manage resolution of associated remedial measures defined in the Plan of Action and Milestones (POA&M)
- Assist the Security Authorization team with technical deliverables, evaluations and security testing for agency applications in developing complete FISMA and NIST compliant Assessment and Authorization packages
- Contract and cost management, and financial reporting
Architecture and Development
Architecture
System design, architectural planning, technology refresh planning, software and system cost estimation
Programming Languages
C#, Java, JavaScript, VB.NET, PL/SQL, XSLT, SQL, T-SQL, Ruby, various scripting languages, and SSAS
Server-side Frameworks
ASP.NET MVC and Java Servlet/JSP implementations using Tomcat and Jetty, Ruby on Rails
Client-side Development
JavaScript and HTML 5, Java Swing, Microsoft VSTO, Section 508 compliance for web applications
JavaScript Libraries
jQuery, AngularJS, YUI, Twitter Bootstrap
Compile-to-JavaScript Languages
Microsoft TypeScript
Search
SOLR and ElasticSearch for full text search, faceting, and reporting
Currently in the process of migrating an internal search application to Amazon’s CloudSearch and EC2 utilizing an nginx front end. The application will serve over a half a terabyte of information per month.
Reporting
Extensive experience in the setup, configuration, and development of reports within the Microsoft SharePoint and Microsoft SSAS (tabular) and SSRS reporting models
Web Servers
IIS, Tomcat, NGINX, Apache
Cloud Services
Experience with Amazon EC2 instances, Cloudfront, RDS
Database, Search and Reporting
- Oracle, MS-SQL Server, MySQL, SOLR
- Extensive experience in the setup, configuration, and development of reports within the Microsoft SharePoint and Microsoft SSAS (tabular) and SSRS reporting models
- Administrators are also developers who possess a deep understanding of RMAN and its related processes
Imaging/OCR
Develop scanning, reviewing, and indexing applications. Design, implement, and maintain an OCR farm that converts millions of documents to searchable PDF files.
Document Conversion
Preparation, scanning, indexing, categorizing and quality control of millions of pages of paper documents to electronic format. Review publicly disclosable filings for personally identifiable information, then redact this information from the filings.
IT Security and Vulnerability Management
Federal Information Security Management Act (FISMA)
- Implement, document, and assess required elements of the Federal Information Security Management Act (FISMA)
- Analyze security requirements as they apply to IT systems
- Conduct FISMA security audits and assessments for IT systems
- Develop policies and procedures in support of security mandates
- Assist with implementation of security policies and procedures
Security Assessment and Authorization
- Create and edit security-related documents including System Security Plans, Risk Analysis reports, Contingency Plan, Incident Response Plan, Rules of Behavior, and Authority to Operate packages.
- Design, develop, document and publish Access Control policies, procedures, standards, guidelines and training materials to ensure NIST 800-53 Access Control FISMA compliance throughout the agency.
- Perform and log continuous user account management auditing and monitoring analysis to verify compliance with established access control policies and notify appropriate personnel of violations.
- Participate with the Information Systems Security Officer (ISSO) in the formulation of policies, procedures, systems, programs and training designed to secure the information security domain.
Emergency Planning Documentation
- Create and maintain emergency planning documents: Disaster Recovery Plan, Continuity of Operations Plan (COOP), Business Impact Analysis, and the Contingency Plan.
- Design, develop, document and test the agency’s Contingency and Disaster Recovery plans through the execution of annual tabletop exercises and phone tree drills. Develop and publish Contingency Plan Testing After Action Reports.
Plan of Action & Milestones (POA&M) Documentation
Create and manage the Plan of Action & Milestones (POA&M) items for the Agency using Cyber Security Assessment and Management (CSAM) software
Cybersecurity
Assist with the implementation of automated tools for auditing and continuous monitoring by developing a requirements matrix and identifying product features and parameter settings to fulfill those requirements. Continuous monitoring areas include vulnerability scanning/management, patch management, system inventory, incident response, and security configuration settings management.
Network Security
Design and implement network security best practices to secure wired and wireless network infrastructure. Ensure proper security posture utilizing a layered defense strategy starting from the perimeter to the end-point.
Certifications
CISSP, CISA, CEH, CAP
Networking
Network Operations and Maintenance
Utilize network management best practices to keep critical network systems operating at required performance, security and reliability. Utilize monitoring system to proactively alert admins.
Network Planning, Design and Implementation
Perform capacity planning to ensure performance meets customer’s requirements. Spec out networking equipment that meets requirements and allow for scalability to protect future investments. Design network infrastructure using industry best practices and to meet customer’s requirements. Implement and configure network devices based on required design.
Network Documentation, Diagrams and Change Management
Diagram network from high-level to detail level to supplement network documentation. Perform Change Management process to any network changes including approval and sign-off.
Network Assessment
Perform full assessment of the network infrastructure including discovery of devices and recommendations for improvement.
Network Security
Design and implement network security best practices to secure wired and wireless network infrastructure. Ensure proper security posture utilizing a layered defense strategy starting from the perimeter to the end-point.
Certifications
CCIE Security, CCIE Routing and Switching, CCNP, CISSP, CISA, CEH