John F. RobertsArlington, VA 22202 ~ (202) 489-7635 (Cell)

JohnFRoberts@yahoo.com

   

BACKGROUNDSenior computer security professional with both a policy and systems engineering background looking to enhance or develop a cyber-security program using compliance to verify security and security to ensure the confidentiality, integrity, and availability of information. I feel compliance is pointless without security and security is pointless unless the system enables the user. Incidents have demonstrated that information is a liability without security. Compliance can help ensure cost-effective security and reduce liability if applied with diligence and common sense.

SKILLSCyber Security, including: IA Compliance (FISMA, FedRAMP, Federal Law, OMB Policy, DoDD/DoDI, NIST Standards (FIPS) and Guidance (SP 800-53, etc.), and Agency Policy); Security Authorization (previously Certification & Accreditation) including Document Development/Review (Security Categorization, SP, RA, CP, IRP, etc.); Incident Response; Log Management/Review; Continuous Monitoring; Vulnerability Testing (ISS, Nessus, AppDetective, WebInspect); Remediation (Configuration Management (hardening); Patch Management, Malicious Code Protection); Risk Assessment and Mitigation; Policy Development; IT Support; Non-Technical Communications (oral and written); Team Leadership and Mentoring; User and Technical Training; Server Administration; Basic Network Support; Advanced Troubleshooting; Inventory Management; Account Management; Change Management; Firewall Management; “What if” situational risk analysis; Technical Research

PROFESSIONAL EXPERIENCETRANSPORTATION SECURITY ADMINISTRATION June 2013 – May 2015Information Systems Security Officer

ISSO overseeing security and compliance for up to 5 TSA Operations and Engineering systems (including Mission Essential, Enterprise and Law Enforcement), including ensuring Cyber Security requirements compliance such as: developing Authorization Packages including Security Plan, Contingency Plan, CP Test, Plans of Action and Milestones (POA&Ms); managing weaknesses (requesting additional time via a temporary waiver, requesting acceptance of the risk via an exception, or requesting closure via submitting evidence of applied remediation); and operational support such as patch management, rights management (privileged account approval and audits), log review, and configuration management

o Delivered 2 Security Authorization packages in 4 months leading to 2 ATOs

o Moved system documentation to new FISMA reporting tool (TAF to XACTA)

o Began process for moving 2 systems from Security Authorization method of FISMA compliance to Continuous Monitoring based Ongoing Authorization

John F. RobertsArlington, VA 22202 ~ (202) 489-7635 (Cell)

JohnFRoberts@yahoo.com

Performed as ISSO in reviewing requirements and providing recommendation for potential migration from TSA Microsoft Exchange solution to DHS Community Cloud offering of Email as a Service (EaaS)

Reviewed public cloud E-mail solutions for compliance with TSA requirements and FedRAMP status

Attended training from NIST on Cloud Forensics and from USCIS on best practices and lessons learned from moving their primary infrastructure to AWS

Provided support for FBI audit of 2 systems, DHS OIG audit and several internal audits

Established process to accurately track Information Security Vulnerability Management (ISVM) compliance for all assets on system inventories including verifying patching through spot checks, vulnerability scanning and asset by asset confirmation on the patch management solutions (Microsoft SCCM and Altiris)

o Consistently maintained 100% acknowledgement and over 95% compliance for 5 systems

Worked with contractor support to ensure security requirements are met Reviewed Requests for Change (RFCs). Created Risk Assessment and

recommendation for each RFC. Performed as ISSO for security on migration from Exchange 2007 to Exchange

2010 Worked with IT support for systems which were managed externally to

implement TSA methodologies and develop processes for security requirements (ISVMs, POA&Ms, Change Management, etc.)

KNOWLEDGE CONSULTING GROUP (TSA Contractor) August 2010 – June 2013Risk Management Analyst/Information Systems Security Officer

ISSO overseeing security and compliance for 5 TSA Information Assurance Division IT systems, including ensuring Cyber Security requirements compliance such as: developing Authorization Packages including Security Plan, Contingency Plan, CP Test, Plans of Action and Milestones (POA&Ms); managing weaknesses (requesting additional time via a temporary waiver, requesting acceptance of the risk via an exception, or requesting closure via submitting evidence of applied remediation); and operational support such as patch management, account management, log review, and configuration management

o Delivered 4 Security Authorization packages in 16 months leading to 4 ATOs

Established process to accurately track Information Security Vulnerability Management (ISVM) compliance for all assets on system inventories including identifying specific support for each asset to enable verification of compliance and tracking of who reported for each asset

o Consistently maintained 100% acknowledgement and over 90% compliance for 5 systems

Coordinated between users, System Owners and engineering support to ensure maintenance does not affect mission and to develop System Owners’ confidence to authorize maintenance (patching) with sufficient frequency to support ISVM compliance

Established and refined audit compliance such as access forms, training requirements, entry logs, etc.

o Within 30 days of new Privileged Access Training requirement (with no set compliance requirement date) all 5 systems over 90% compliant (4 at 100%)

John F. RobertsArlington, VA 22202 ~ (202) 489-7635 (Cell)

JohnFRoberts@yahoo.com

Created RFCs including detailing goal, process, back-out plan and coordination of IAD engineering teams and did a Risk Analysis and recommendation for each RFC which affected my systems

Reviewed new federal and DHS policies and requirements to advise FISMA Compliance and Policy how they might affect TSA and reviewing and providing recommendations on upcoming TSA policy/guidance

o Participated as part of team to develop new Privileged Account Request form and process

Performed as Cyber Security SME providing policy and technical guidance to TSA Risk Management Team and FISMA Compliance Section for over 70 IT systems as part of Risk Management Team (in Risk Analyst Role) and as part of Compliance and Policy Branch and FISMA Compliance Section (in ISSO role)

Acted as Technical lead developing continuous monitoring reporting requirements of CPE, CCE & CVE data to OMB CyberScope via DHS including DHS Continuous Monitoring Working Group participation

Lead review of SharePoint security capabilities and issues within constraints of different privileges based on role for IAD Compliance and Reporting Management Application (CARMA)

Reviewed vendor submittal to ensure that both role and scope (need-to-know) were maintained in CARMA through limiting view to relevant systems for ISSO/System Owners

INSIGHT GLOBAL, INC./SILOSMASHERS (GSA Contractor)December 2006 – July 2010Security Analyst

Researched applicable federal law, policy, regulation, requirements and guidance for the E-Gov Travel Project Management Office (PMO), including assessing new and upcoming requirements

o Reviewed initial FedRAMP release and tracked development process of GSA, DHS, and DoD (DISA) including tracking control-by-control voting for PMO ISSO

o Reviewed FedRAMP for applicability to Contractor-Owned, Contractor-Operated (COCO) virtualized systems which have not been designated cloud

o Produced white papers for new requirements or relevant technologieso Maintained ISSO library of applicable documentation

Reviewed E-Gov Travel vendor submitted documentation (Security Plan, COOP, Contingency Plan, etc.) for compliance with federal Law, Presidential Directives, OMB Mandates, NIST Guidance and GSA Policy including new C&A submissions due to expiration and significant system changes

o Provided technical review in support of ISSO for 3 primary Electronic Travel System vendors

o Lead GSA efforts for C&A of 4th vendor system which would connect to the 3 primary systems to gather statistical data for analysis of government-wide travel

o Reviewed 4 vendor systems for compliance with FedRAMP upcoming standards in preparation in case they were determined to be applicable

John F. RobertsArlington, VA 22202 ~ (202) 489-7635 (Cell)

JohnFRoberts@yahoo.com

Documented security processes and best practices for consistent application, tracking and results

o Developed SOPs for document review process, background investigation tracking, vendor POA&M management and review

Reviewed Plans of Action and Milestones (POA&Ms) for technical accuracy of vendor assertions and compliance updates (e.g. identified false positives, acceptance recommendations, not remediated)

Lead technical aspects of cyber incident response for PMO during government-wide incident

o Established the scope of the incident which was 1 vendor/multiple agency

o Assisted PMO leadership with vendor and client agencies leadership meetings

o Reviewed and provided recommendations on PMO communications and briefings

o Coordinated vendor and client agency technical staff in identifying vector of issue

o Recommended GSA ATO action for vendor system and requirements for reestablishing ATO

Technical SME for assessing compliance capabilities of tools and resources Taught brown-bag lunch training to PMO non-technical staff to explain FISMA

process and how each step of the C&A Process works to ensure that security is managed to a known and accepted state throughout the life of the system

OXFORD SOLUTIONS, INC. (3eTI/Navy Subcontractor)May 2006 – December 2006Senior Security Engineer

Established C&A efforts for Naval District Washington, Dahlgren Division and lead “By Type” C&A effort of 3eTI wireless product to be Accredited by NETWARCOM for use throughout DoD

o By Type ATO was granted for 3eTI wireless perimeter monitoring system with included wireless access point (3eTI was first FIPS 140-2 certified wireless implementation approved for SBU) which authorized deployment of the system to any location where the requirements detailed in the Security Plan were met.

o By Type ATO included waivers to policy where compliance would have degraded the overall security of the system and/or the environment which they monitoring system was protecting

Developed NDWDD Information System Security Policies to meet the needs of the client and applicable Navy policy and provide guidance for NDWDD systems to ensure consistency

Documented existing and future network environments for Certification and Accreditation efforts

o Performed technical assessment to recommend boundaries of existing information systems

o Performed data type analysis to determine recommendations for MAC levels of systems

o Diagramed network connectivity; data flow and asset inventory for SSAA’s

Developed security documentation (SP, IRP, CP) for System Security Authorization Agreements (SSAA’s)

John F. RobertsArlington, VA 22202 ~ (202) 489-7635 (Cell)

JohnFRoberts@yahoo.com

Documented variance from Navy Policy for vulnerability mitigation and waiver requests

o For both the 3eTI perimeter monitoring system and the existing NDWDD systems

Directed client in implementation of security on an existing network to meet policy and remain functional

Recommended technologies to meet policy requirements and improve security of NDWDD environment

TECHNOLOGY RESOURCES, INC. (EDS/USDA Subcontractor) August 2004 – October 2005Senior Security Engineer

Provided guidance for Government Services personnel regarding industry best practices and helped determine current practices to propose streamlined and functional business practices

Assessed environment to determine existing issueso Performed vulnerability scanning using Internet Security Scanner (ISS)o Performed configuration scanning using Microsoft Baseline Security

Scanner and Hyenao Performed log review to identify possible security issues

Researched applicable policy/regulation/requirements for a U.S. Government computer network

o Recommended changes to Rural Development environment to comply with federal and USDA requirements and improve security

Proposed solutions to client management and implemented solutionso Standardized Privileged Access (Admin Accounts) including removing

rights which did not have justification and implementing Restricted Groups through MS-Windows Group Policy

o Turned off unnecessary printer functionality (web management interfaces, SNMP, etc.) which was producing substantial vulnerability findings

o Worked with tier-3 server support to gradually harden servers without affecting availability

Applied/Managed patch/anti-virus deployment and Configuration Management for enterprise

Assisted planning/implementation for migrating 3 divergent networks into one large office environment

Worked as an additional Tier 3 Engineer supporting the server infrastructure and the user community

STEELCLOUD, INC. May 2004 – August 2004Consulting Manager

John F. RobertsArlington, VA 22202 ~ (202) 489-7635 (Cell)

JohnFRoberts@yahoo.com

Managed 22 Field I.T. Contractors including performance reviews, mentoring and corrective action

o I.T. Contractors included Helpdesk Technicians (Tier 1 through Tier 3), Technical Writers, Server Engineers and Network Administrators

o Clients included law firms, hotels, local and federal agencies and small businesses

Lead field I.T. support on high end client needs as well as fill in for staffing conflicts

Team Member for Business Development Strategy in General I.T. and Security practices

Sales Engineer for acquiring new clients and presenting proposals to current clients

WORLD IT SOLUTIONS (NMCI EDS Subcontractor) April 2003 – May 2004NMCI Senior Server Engineer (IA)

Functioned as part of the Transition Team from Government Services support to EDS’s Navy Marine Corp Intranet (NMCI) project for IT services to Naval Air Station Key West

Lead “Sys. Admin & Messaging” and Helpdesk teams to improve service to end users

o Developed consistent processes including fostering professional standards

o Identified particular skills within the team to assign team members to issues more efficiently

o Fostered team mentality with informal morning meetingso Developed standard SOPs

Daily/Weekly/Monthly server checklist Troubleshooting SOP including establishing “30 minute stuck”,

which means requesting help on tickets where forward progress is stopped so as to use collaboration and technical guidance for preventing wasted work cycles

Developed searchable knowledge base in Microsoft Access for recurring issues with training for team members for creating new solutions based on template

o Mentored team members through: informal training; sharing of training resources; developing a test lab which was used for troubleshooting and scenario testing; and career guidance

Established process and performed data gathering over network for server/workstation vulnerabilities and configuration issues

o Performed vulnerability scans using Nessuso Patch and configuration scans using Microsoft Baseline Security Analyzero User and configuration scans using Hyenao Network scans using SolarWindso Used ARP tables from core routers to identify rogue computers which

were communicating across network but not replying to scanning tools Performed similar functions to position below for DOD and Navy policy and IAVA

compliance issues

John F. RobertsArlington, VA 22202 ~ (202) 489-7635 (Cell)

JohnFRoberts@yahoo.com

NORTHROP GRUMMAN I.T. (Bethesda Naval Hospital, Client) August 2001 – October 2002InfoSec Technical Lead/Helpdesk Manager

Lead departmental helpdesk for National Naval Medical Center ITS to reduce latency in customer response and increase controls to the point of compliance with HIPAA and DITSCAP

o Improved coordination between Tier 2 Helpdesk and Server and Network engineering teams to provide support and communicate system issues so that Helpdesk is aware (and does not perform separate troubleshooting) and can communicate issues with the users

o Established workspace for Tier 2 personnel who specialize in hardware repair (replacing the hoteling method which was in place), which enabled the technicians to establish their own toolset and resources (such as reference books) and helped to prevent confusion and conflict

Researched Navy and DOD policies for compliance and improvements to existing configurations

o Recommended configuration and process changes to IT Leadership including NNMC CIO

Researched HIPAA/InfoSec due diligence baseline for non-repudiation and privacy of electronic data

o Recommended VPN over wireless as compliant methodology of providing kiosk support to hospital users and providing connectivity to sections of hospital which did not have wiring infrastructure

o Supported CIO during vendor presentations to assess products for functionality and compliance

Maintained OS/software vulnerability patch status for enterprise from industry alerts & Information Assurance Vulnerability Alert (IAVA) and Bulletin (IAVB) messages

o Collected installed software screenshots and created database of enterprise software including support contacts for system

o Reported to the CIO status of patching through IAVA/IAVB so that internal reporting to the NNMC Commanding Officer was up to date and executive action could be implemented if a deadline was approaching without response from a systems support personnel

Performed scans on network resources (routers, switches, servers, workstations) o Performed vulnerability scans using Nessuso Patch and configuration scans using Microsoft Baseline Security Analyzero Network scans using SolarWindso Identified process of pulling ARP table from core router to identify any

rogue computer which would not respond to ping, MBSA, Nessus or Microsoft System Management Server

Investigated threats and violations identified by our IDS system and other sources

o Established coordination with Network Team to identify and isolate systems which triggered IDS alarms

Worked with Firewall Manager and vendors to tighten security on legacy systems and applications

Taught classes for ITS department to improve overall security awareness and foster best practices

o Developed and presented material on security

John F. RobertsArlington, VA 22202 ~ (202) 489-7635 (Cell)

JohnFRoberts@yahoo.com

o Coordinated with network and server engineers for them to present on their specialty

CERTIFICATIONS(ISC)² Certified Information Systems Security Professional (CISSP) (ISC)² Certified Authorization Professional (CAP)National Security Agency InfoSec Assessment Methodology (IAM)National Security Agency InfoSec Evaluation Methodology (IEM)ISACA Certified Information Security Manager (CISM) Microsoft Certified System Engineer (MCSE) 2000/2003Microsoft Certified System Administrator (MCSA) 2000/2003(MCSE:Security) and (MCSA:Security) 2000/2003CompTIA Cloud+, Security +, A+