EXPERIENCE
L3Harris, Colorado Springs, CO
Information System Security Engineer | November 2022 – Present
- Supports multiple programs in preparing Risk Management Framework (RMF) Bodies of Evidence (BoE) documents to obtain an Authorization To Operate (ATO)
- Gathered/submitted all required documents for the quarterly Contract Data Requirement List
- Experienced in conducting and analyzing Assured Compliance Assessment Solution (ACAS) scans
- Experienced with reviewing and checking applicable Security Technical Implementation Guides (STIGs)
- Experienced in using Security Content Automation Protocol (SCAP) and STIG viewer tools
- Conducted software scans using Coverity and communicated with the Software Team about the findings
- Enhanced and improved processes and procedures to improve technical efficiency
- Conducts hardware and software inventory and matched it with system diagrams for accuracy
- Review Certificates to Field (CTF) to ensure they are valid and on the Air Force Intelligence Community (AF IC) site as well as on the Approved Product List (APL)
- Updated Plan of Actions and Milestones (POA&M) documentation for continuous monitoring
Odyssey Systems, Colorado Springs, CO
Information System Security Engineer | February 2021 – November 2022
- Experienced with Risk Management Framework (RMF), eMASS DOD RMF Accreditation and Authorization (A&A) Process, and Security Technical Implementation Guides (STIGs)
- Experienced with analyzing Assured Compliance Assessment Solution (ACAS) scans
- Experienced with creating, entering, and updating POA&Ms into eMASS
- Reviewing and checking applicable STIGs and Information Assurance Vulnerability Alert (IAVA) in accordance with the Information System’s Hardware and Software
- Conducted Security Impact Assessments (SIAs) when necessary for any system and/or given change
- Created and reviewed documentation (ie. Policies, Plans, and Procedures) were correct and kept up to date for all Information Systems
- Successfully prepared an Information System’s package and obtained an ATO (Authorization To Operate) and ACV (Annual Control Validation)
- Reviewed System Security Plan (SSP), Security Assessment Reports (SAR) and Cybersecurity Risk Assessments (CRA) for accuracy for continuous monitoring and prior to an ATO/ACV
Insight Global, Colorado Springs, CO
Network Defense Analyst | November 2020 – February 2021
- Monitoring of intrusion detection systems, alerts, and logs to identify intrusions and vulnerabilities from various sources (such as Host Based Security System (HBSS) malware alerts and Assured Compliance Assessment Solution (ACAS) scan results)
- Monitor and detect cloud hosted systems for misconfigurations, possible intrusions, suspicious activity via Amazon Web Service, Microsoft Azure and Oracle Cloud API and flow logs
- Modify/Create Intrusion Detection System (IDS) signature-based rule sets
- Conduct open source and commercial threat intelligence research for IOCs, new vulnerabilities, and other attacker TTPs
- Identify trends and patterns and the second order affects it would have on the operating system
Peraton, Colorado Springs, CO
Information Security Analyst/Defense Cybersecurity Operator | February 2019 – October 2020
- Used Splunk (Security Information and Event Management) to monitor threat detection, incident management, and investigate/respond to internal and external attacks on a Linux operating system
- Perform real time traffic analysis and packet logging using Snort and Bro (IPS/IDS)
- Analyze packets using Wireshark to monitor network activity
- Communicate complex technical and programmatic information effectively and maintain positive working relationships
- Identify security inconsistencies and/or indicators of system performance and remediation; report and respond to security incidents
- Contribute to the development of DCO tactics, techniques, and procedures
U.S. Army
October 1994 – June 2017
Medical Specialist/Physical Therapy Technician/Environmental Science and Engineering Officer
