FFIEC Security Audit Project– Madison Bank of Maryland

Project Lead for security team responsible to complete the FY2012 Annual Assessment for Madison Bank of Maryland. The security audit consisted of developing a audit plan, manual evaluation and testing of all security control families from the FFIEC IT Examination Handbook. The testing included security assessment, vulnerability assessment using Nessus vulnerability scanner and running the MBSA tool to analyze security problems in Microsoft Windows servers and workstations. Responsible for developing a formal Risk Assessment and recommendation reports.

C&A Project – Corporation for National & Community Service (CNCS) OIG

Key member of a security team responsible to complete the FY2007 C&A for the CNCS Office of Inspector General (OIG) General support system. The C&A consisted of developing a System Security Plan, conducting Security Test and Evaluation, including vulnerability assessment using Nessus vulnerability scanner. Responsible to develop a formal Risk Assessment analysis and PO&AM reports.

FISMA IT Security Review – Federal Housing and Finance Agency (FHFA)

Key member of an IT security assessment team that was responsible to perform an independent evaluation of FHFA’s IT Security Program and perform security assessments on the information system in accordance with NIST SP800-53 guidelines. Responsible to independently review FHFA’s Information Systems Security Program to determine the effectiveness of implemented security controls in accordance with NIST standards. Responsible to perform vulnerability assessments to validate that FHFA has implemented the appropriate controls to mitigate risks. Evaluate and review FHFA’s network configuration settings and identify exposures in the network environment using both internal and external penetration testing. Conduct configuration testing on a representative sample of servers, firewalls and routers using the Center for Internet Security (CIS) Benchmark tool. Conduct Nessus vulnerability scans on all servers, routers, switches and firewalls, in addition to a representative sample of workstations. Responsible to prepare a comprehensive security assessment report

Network Engineer – Queens Surrogates Court, Jamaica

Network Engineer for the Surrogates Court, Queens County. Responsible to plan and supervise the installation of the network security architecture in accordance with standards established by Information Technology Services. Responsible to work with the local area network (LAN) administrators to develop and implement server hardening scheme for Windows and Netware servers. Installed networks utilizing standards of Windows using LAN and wide area network (WAN) technologies in a Novell, Windows and other network operating systems with intelligent hubs and switches. Performed continuous monitoring of firewalls and routers syslogs to identify security issues. Trained local area administrators on security and threat related issues. Reviewed logs and records of local area network administrators regarding security and performance issues.

Network Administrator – Office of Court Administration, New York

Network Administrator for the New York State Office of Court Administration (OCA). Responsible to install and configure local and wide area network architecture in accordance with the OCA IT standards. Monitor and maintain daily operation of computer systems and networks for testing, training, and production. Configure and install switches, bridges, and routers. Install and maintain networks utilizing Simple Network Management Protocol. Resolved and monitored cabling and network equipment hardware and software problems: contact vendors and visit remote locations to resolve such problems. Review and explain procedures to network users to resolve problems or to train new users. Responsible to install hardware and software. Deliver complete remote and on-site support for Windows XP/2000/NT network and desktop infrastructure servicing courts in 5 boroughs. Lead and coordinate hardware/software deployments with other network administrators.