Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
What Keeps You Awake at Night?
Agile Armory leverages risk management framework, industry proven enterprise security architecture and systems engineering principles to provide adaptable, holistic security and information assurance solutions specifically tailored to each client environment. We believe in building security in, from system inception to production deployment, rather than in response to changing, vectors of advanced persistent threats methodologies of sophisticated nation state cyber actors and unpredictable insider threats.
Security and Exchange Commission OIG – FISMA Audit Project
IT security auditor for the Securities and Exchange Commission Office of the Inspector General (SEC OIG) with responsibility to audit the Commission’s information systems, programs, contracts operations and program participants. Responsible to review available information assurance guidelines, regulations, and directives from various sources and command levels, and recommend appropriate changes as needed. Develop recommendations for deploying information security program requirements, policies, and procedures to safeguard sensitive information processed within the SEC OIG information system accreditation environment. Perform surveys of organizational units to be audited. Review audit program for assigned area and proceed with examinations, tests and analysis. Survey technical, operational and management aspects of the OIG’s information systems in accordance with Office of Budget and Management (OMB) FISMA reporting requirements. Evaluate configuration of hardware and software platforms, remote access architecture, identity and access management, and security training and configuration compliance requirements. Prepare and maintain accurate work papers, document audit work performed and record collected audit data.
FFIEC Security Audit Project– Madison Bank of Maryland
Project Lead for security team responsible to complete the FY2012 Annual Assessment for Madison Bank of Maryland. The security audit consisted of developing a audit plan, manual evaluation and testing of all security control families from the FFIEC IT Examination Handbook. The testing included security assessment, vulnerability assessment using Nessus vulnerability scanner and running the MBSA tool to analyze security problems in Microsoft Windows servers and workstations. Responsible for developing a formal Risk Assessment and recommendation reports.
Key member of a security team responsible to complete the FY2007 C&A for the CNCS Office of Inspector General (OIG) General support system. The C&A consisted of developing a System Security Plan, conducting Security Test and Evaluation, including vulnerability assessment using Nessus vulnerability scanner. Responsible to develop a formal Risk Assessment analysis and PO&AM reports.
FISMA IT Security Review – Federal Housing and Finance Agency (FHFA)
Key member of an IT security assessment team that was responsible to perform an independent evaluation of FHFA’s IT Security Program and perform security assessments on the information system in accordance with NIST SP800-53 guidelines. Responsible to independently review FHFA’s Information Systems Security Program to determine the effectiveness of implemented security controls in accordance with NIST standards. Responsible to perform vulnerability assessments to validate that FHFA has implemented the appropriate controls to mitigate risks. Evaluate and review FHFA’s network configuration settings and identify exposures in the network environment using both internal and external penetration testing. Conduct configuration testing on a representative sample of servers, firewalls and routers using the Center for Internet Security (CIS) Benchmark tool. Conduct Nessus vulnerability scans on all servers, routers, switches and firewalls, in addition to a representative sample of workstations. Responsible to prepare a comprehensive security assessment report
Network Engineer – Queens Surrogates Court, Jamaica
Network Engineer for the Surrogates Court, Queens County. Responsible to plan and supervise the installation of the network security architecture in accordance with standards established by Information Technology Services. Responsible to work with the local area network (LAN) administrators to develop and implement server hardening scheme for Windows and Netware servers. Installed networks utilizing standards of Windows using LAN and wide area network (WAN) technologies in a Novell, Windows and other network operating systems with intelligent hubs and switches. Performed continuous monitoring of firewalls and routers syslogs to identify security issues. Trained local area administrators on security and threat related issues. Reviewed logs and records of local area network administrators regarding security and performance issues.
Network Administrator – Office of Court Administration, New York
Network Administrator for the New York State Office of Court Administration (OCA). Responsible to install and configure local and wide area network architecture in accordance with the OCA IT standards. Monitor and maintain daily operation of computer systems and networks for testing, training, and production. Configure and install switches, bridges, and routers. Install and maintain networks utilizing Simple Network Management Protocol. Resolved and monitored cabling and network equipment hardware and software problems: contact vendors and visit remote locations to resolve such problems. Review and explain procedures to network users to resolve problems or to train new users. Responsible to install hardware and software. Deliver complete remote and on-site support for Windows XP/2000/NT network and desktop infrastructure servicing courts in 5 boroughs. Lead and coordinate hardware/software deployments with other network administrators.
Technical Support Specialist – Hampton Industries, Inc., New York
Technical Support Specialist for the New York branch of Hampton Industries, Inc. Duties included providing Helpdesk, Novell Netware and Microsoft Office Suite support. Lead numerous process improvements and project deployments with little to no budget, including innovative printing distribution and standardized computer graphic design processes. Administer group policies and control network resource access.