Apr 2023 – Present · 3 yrs 1 mo · Frederick, Maryland, United States · Remote

• I provide independent consulting for:
• FISMA, FedRAMP, and HIPAA Compliance
• Cybersecurity Best Practices
• Cloud Engineering, Architecture, and Design
• Digital Forensics, Chain of Custody, Evidence Recovery, and Incident Response
• Cybersecurity and the Law (e-discovery, case preparation, expert witness)

Apr 2023 – Nov 2025 · 2 yrs 7 mos · Frederick, Maryland, United States · Remote

• Providing FedRAMP assessment and advisory services.

Jul 2022 – Apr 2023 · 9 mos · Frederick, Maryland

• Spent the year managing my local chicken flock and garden. Produced over 400 pounds of vegetables from my backyard space and brought 16 hens to laying age. My favorite, Roamer-Loaner, is the hen in my profile picture.

May 2019 – Jul 2022 · 3 yrs 2 mos

• Managed FedRAMP assessment program.
• Performed pre-sales activities, including initial sales call, review of the client needs, and submittedformal price quote.
• Led and trained a team of two assessors and one penetration tester.
• Ensured company compliance with 3PAO program requirements as defined by A2LA, includingsupporting documentation, policies and procedures, records of assessment activities, and annual audit/training requirements.
• Performed 3 FedRAMP audits for corporate systems seeking authorization.
• Performed 3 FedRAMP compliant assessments for organizations to meet their compliancerequirements.
• Advised one government client on cloud security requirements.

Nov 2017 – Apr 2018 · 5 mos

• Performs technical assessments on information systems in conjunction with Security Control Assessments.
• Reviews automated scans (e.g. Nessus, Nipper, nmap, DBprotect, HP Fortify) to validate findings generated through the SCA process. Defines exploitable findings for penetration testing.
• Reviews configuration files to ensure compliance with controls defined for testing.
• Creates System Assessment Plans to define scope of testing, which includes defining system boundaries and controls relevant to the system.
• Other Duties:
• Deputy Project Manager - Manages 4 staff on the task. Reports risks and personnel issues to the Project Manager.

Nov 2014 – Nov 2017 · 3 yrs

• Performed security assessments of Enterprise-level public and internal government IT systems.
• Reviewed Nessus, manual penetration testing (WASA), HP Fortify, nmap, and A&A documentation to identify weaknesses in system design and implementation.
• System flaws and vulnerabilities were compared to industry best practices and NIST guidelines to develop a holistic view of the system security level. Security posture is evaluated over a period of time to identify trends and patterns in system maintenance efforts, such as applying software patches and removing outdated software.
• Drawing from systems administrator experience, created recommendations to remedy design/implementation flaws on systems.
• Other Duties:
• Served as technical expert for multiple contracts, teaching non-technical employees the technology that underlies compliance in relation to federal guidelines.

Apr 2018 – May 2019 · 1 yr 1 mo

• Successfully completed 8 FedRAMP assessment on corporate systems seeking approval to sell their services to the federal government. Including:
• Infrastructure as a Service (IaaS) and Software as a Service (SaaS) systems.
• FedRAMP Moderate and High level systems.
• System documentation review.
• Technical review of vulnerability scans, baseline configuration scans, architecture diagrams, and system configuration.
• Advised 3 corporations on creating FedRAMP compliant system documentation, including the system security plan (SSP), technical guidelines for implementing security controls, compliance requirements, and policies and procedures.

Aug 2013 – Nov 2014 · 1 yr 3 mos · Rockville, MD

• Conduct analysis of potential phishing, malware distribution, and brand infringing web sites. Perform shutdown activities to prevent further fraudulent activity. Recover stolen customer credentials from fraudulent web sites and notify clients to prevent further fraudulent activity.
• Create automated daily reports to inform management of metrics and trends.
• Perform database queries and in-depth analysis addressing fraudulent web site trends over a given time period.
• Serve as escalation point for the Security Operations Center to address unique or difficult fraudulent sites.
• Inform non-technical site owners of the methods used to compromise their site and instruct them how to fix vulnerabilities to prevent further intrusion.
• Conduct regular SOC training to improve working knowledge of internet technology to SOC analysts.

Feb 2012 – Aug 2013 · 1 yr 6 mos · Gaithersburg, Maryland

• Responsible for the administration of one external web server, one internal web server, two development servers, 11 internal production servers, and 14 internal desktops utilizing Mac OS X, CentOS, and Ubuntu.
• Performs systems administration and engineering tasks on Ubuntu 12.04 LTS Ubuntu 12.10, CentOS 6.2, Mac OS X, and Windows 7 computers.
• Responsible for hardware maintenance and installation for one production server rack and one development server rack.
• Reconfigured the forensic imaging script to capture data from 5.25 inch floppy drives.
• Created a database and web interface to allow for centralized control of forensic imaging scripts on 14 separate computers.
• Reverse engineered the checksum methodology used on the Super Nintendo and Sega Genesis game consoles in order to forensically capture data stored on cartridges.
• Performed research into the effectiveness of Forensic Tool Kit (FTK) in regards to utilizing the Known File Filter (KFF) database and comparing the results to the current Reference Data Set published by the NSRL.
• Conduct digital forensics research and testing in relation to the Reference Data Set published by NIST. Researched and developed new methods of collecting hash values from computer software, to increase file recognition for forensic investigators.
• Reconfigured Mac OS X Snow Leopard software to work in an Ubuntu virtual machine, in order to create a portable version of the National Software Reference Library hashing, imaging, and web interface (NSRL-in-a-Box)

Aug 2010 – Jan 2012 · 1 yr 5 mos

• Information sensitive role collaborating with the Senate Sergeant-At-Arms IT security to alleviate daily security threats to Senate intranet. Developed internal websites and debugged pages as needed. Strengthened working knowledge of C#.
• Expertly mitigated security threats and potential breaches to Senate intranet through daily tactical assessment of rogue internet traffic.

Apr 2008 – Aug 2010 · 2 yrs 4 mos

• Administered exceptional technical support and resolution for more than 20+ mission critical servers. Effectively trained new team members on all aspects of database administration, server administration, and troubleshooting techniques to maximize productivity. Consistently explored innovative solutions to daily problems to eliminate extraneous expense.
• Strategically minimized daily workload 75% and reduced escalations from 200+ to less than 30 by assessing and eliminating redundant tickets.
• Revamped Standard Operating Procedure (SOP) for Perl database to streamline system operations.
• Heightened functionality of Perl database by recognizing and executing programming solutions.
• Proactively educated self on Perl and HTML to expand operational contributions and involvement.
• Significantly reduced overhead by identifying creative solution to major server malfunction.

Sep 2005 – Apr 2008 · 2 yrs 7 mos

• Deployed to Iraq with Tactical Relay Facility (TRF) to effectively manage data connection between deployed aircraft and stateside Integrated Processing Facility (IPF). Supported intelligence-gathering equipment maintenance, including pre-flight, post-flight, and emergency equipment repair, for 8 unique aircrafts.
• Instrumental in successful redeployment of all 8 aircrafts from Iraq to Georgia.
• Facilitated deployment preparation by implementing GGB 1.0 upgrade and ensuring optimal functionality of shelter operations.
• Respected as Subject Matter Expert for GGB 2.0, training and mentoring 6 new soldiers on aircraft SOP prior to their Iraq deployment to drive outstanding performance.