Provided Cyber Security support for the Port Authority of New York & New Jersey (PANYNJ) working in conjunction with the Cyber Security Operations Center (CSOC) to help identify and resolve security concerns specific to the Port Authority’s (PA) operational environment. Primary duties consist of but are not limited to performing cyber related examinations and security assessments on Operational Technology (OT) and ICS systems and devices; performs onsite integrity checks for identified security incidents; performs advanced threat detection activities assisting with the identification and resolution of known and unknown indicators of compromise (IOCs); develops and implements incident response processes for high risks systems; creates detailed assessment reports (e.g. findings report, situation and after action reports, etc.). Supplemental to the aforementioned tasks, I provide direct support to investigative personnel to help resolve complex security concerns relating to malicious activities performed by the client’s employees. Assist with the management of a 24/7/365 Cyber Security Operations Center (CSOC) by ensuring real-time monitoring and reporting on security threats that may affect an organization’s overall security posture. All tasks are accomplished through the utilization of Splunk, a Security Information and Event Management (SEIM) tool in conjunction with several other ancillary applications (e.g. McAfee ePO, Symantec Managed Services, FireEye Central Management, etc.). Also ensure the proper protection of the client’s network and associated devices and play an integral role in the development of realistic risk-based solutions (e.g. audits, risk assessments, etc.) that helps to thwart against security-related threats.

Provided support to the Air Force Civil Engineer Center (AFCEC) assisting with the proper classification of AFCEC’s Platform Information Technology (PIT) and Platform Information Technology Interconnected (PITI) legacy and future Industrial Control Systems (ICS). The ICS systems consisted of but not limited to Energy Management Control Systems (EMCS), Fire Alarm Reporting Systems (FARS), Automated Meter Reading Systems (AMRS), Utility Monitoring and Control Systems (UMACS), Airfield Lighting Control Systems (ALCS), Traffic Signal Controls, Intrusion Detection Systems and various Supervisory Control and Data Acquisition (SCADA) systems. Assisted with determining systems correlation with base Local Area Networks (LAN) and the Air Force Global Information Grid (AF-GIG) through the performance of risk assessments that helped to determine systems operational statuses based on identified vulnerabilities and/or threats. Developed security assessment documentation, infrastructure topologies and provided mitigation strategies all in accordance with applicable Air Force, DoD and national guidelines. Prepared and presented detailed briefings to key stakeholders providing comprehensive valuations of systems threats as they related to Information Technology Security. Provided leadership and technical advice on the security aspects of network architectures and systems designs that ensured the appropriate implementation of security controls. Scanning tools used to achieve results consisted of eEye Retina, Security Content Automation Protocol (SCAP) and the implementation of the appropriate DISA Secure Technical Implementation Guides (STIGs). Also played an integral role in reviewing RFPs, RFIs, and RFQs to ensure the technical aspects of requests were in line with the company’s obligatory responsibilities and that responses meet the recipient’s concerns. Perform all required technical research concerning the proposal to ensure detailed responses were provided.

Managing consultant with IBM Business Consulting Services in support of physical and information security requirements supporting the Security, Privacy, Wireless, and IT Governance practice area. Assisted federal agencies with identifying shortcomings and determining best practices to remediate deficiencies utilizing various frameworks such as the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP), Sarbanes- Oxley (SOX), Control Objectives for Information and Related Technology (COBiT) and the Information Technology Library (ITIL) fundamentals. Also assisted with Certification and Accreditation (C&A) efforts by performing the necessary vulnerability scans that helped to ensure system(s) compliancy IAW national, DoD, and applicable policies, procedures, and regulations.

Independently provided guidance and assistance with the distribution of Communications Security (COMSEC) physical and electronic keying material utilizing the Local Management Device/Key Processor (LMD/KP). Developed standards and procedures for command-level policies, programs, and activities relating to communications security within Headquarters USCENTCOM and USCENTCOM Area of Responsibility (AOR). Interfaced and coordinated with Joint Staff, National Security Agency (NSA), DoD Components, and various other security support offices to resolve complex COMSEC concerns.