Sr. Lead Technologist (Manager)
Booz Allen Hamilton
Total years of experience :18 years, 1 Months
As a Senior Lead Technologist for Booz Allen Hamilton, my role involves leading firms' Cybersecurity projects within Commercial market. The work spans from providing insight and guidance around cybersecurity best practices to performing security and vulnerability risk assessments, developing comprehensive strategies and solutions which enable organizations to increase their ability to monitor threats, as well as strategies to enable the growth of organizations' technical capabilities.
Key Achievements:
Lead Cybersecurity implementation strategy programs, including coordination and delivery of managed security services. Deliver consulting expertise on security engagements for the clients’ enterprise and industrial control systems (ICS/SCADA) environments
Provide cyber domain expertise and project management leadership in Cybersecurity and ICS Cybersecurity programs for commercial clients
Provide insight into the industry's relevant Cyber threats, mitigation, and remediation techniques. Perform gap analysis of client security posture and regulatory requirements and develop detailed Cybersecurity documentation, including risk management strategies, road maps, and technical recommendations
Develop cybersecurity defensive strategies for network/system infrastructure and benchmark across other industries for best practices, lessons learned, and other valuable technical indicators
Work in collaboration with cross-functional peers, leaders across various teams, and third-party vendors to deliver value and quality solutions to our clients
Lead Attack Surface Reduction (specifically Vulnerability Management, Penetration testing) efforts for multinational organizations in the US and Middle East
Managed a team to develop comprehensive security analytics solution for streamlining advanced threat response readiness in industrial and IoT networks
Participate in various marketing, RFP/RFI and proposal writing activities to support future work
Employed to assist with 10Pearls clients, across US, with various information and application security and compliance needs. Designed and implemented security processes, procedures, and assisted the clients to develop various risk mitigation strategies.
Key Achievements:
Performed full-scope risk assessments of client infrastructure and implementations from a security perspective, and recommend resolution of potential threats and issues
Led efforts around designing complex solutions addressing vulnerability detection, threat analysis, network intrusion and development/implementation of vulnerability mitigation strategies
Engaged in various cross-functional cybersecurity and compliance projects (such as, focused phishing exercises, penetration testing, and continuous security training)
Assisted clients in the development of security policies, standards, and procedures
Worked as a senior resource on the team that provided technical architecture support to the PKI program for a Fortune 500 company
Provided security operational support to the administrative office of the US Courts by proactively researching and handling security incidents. Confirmed potential breaches by performing analysis and data correlation using various tools such as Sourcefire IDS, ArcSight, Splunk, Firewall logs, Web server logs, DNS logs and WAF.
Key Achievements:
Identified misuse, malware, or unauthorized activity on monitored networks. Reported the activity appropriately as determined by the customer and provided remedial support to end client when needed or required.
Investigated potential or actual security violations or incidents in an effort to identify issues and areas that require new security measures or policy changes.
Developed internal knowledge repository of the current security threats by monitoring related Internet postings, Intelligence reports, and other related documents as necessary.
As a senior engineer, my main role was to plan, design, implement and maintain vulnerability management program. The biggest challenge was to work effectively with cross-functional teams to ensure success of the program.
Key Achievements:
Single handedly created and implemented vulnerability management program as well as deployed and configured Tenable Security Center (Nessus).
Formulated strategies for the resolution of highly visible vulnerabilities resulting in exceeding milestone date expectations.
Played key role as Subject Matter Expert in ensuring security baseline meet the criteria for excellent rating during security audit.
Developed custom reporting for various departments that enabled them to remediate findings efficiently.
Crafted specific rules sets to process events and identify relevant information.
Took a lead role in Incident Responses and handling situations.
Supported investigation of security violations and incidents using firewall logs.
Managed and led end-to-end efforts in the review, application, and maintenance of IA policies and C&A procedures for the Program Acquisition office to obtain an accreditation of information systems. Supported Security Test and Evaluations (ST&E) of FDIC’s various general support systems and major/minor applications in accordance with NIST SP 800-53A Rev.1 by performing independent verification and validation (IV& V).
Key Achievements:
Developed Certification and Accreditation (C&A) artifacts and system security documentation for FISMA compliance requirements using the NIST SP-800 series. Provided project status reports for detailed and thorough visibility of contract performance.
Validated information system boundaries in support of the C&A process; worked with information system managers to verify operating environment, system interconnections, and user and system level boundary protections.
Created PoC for vulnerabilities discovered during independent verification & validation (IV&V).
Assisted in modifying Solaris CIS Benchmarks to organization specific policies in order to create secure.
Responsible for maintaining security infrastructure as well as designed and implemented two-factor authentication and intrusion detection solutions to proactively manage security threats. Performed regular O&M functions such as problem management, patching, configuration management, system documentation and reporting. Performed vulnerability testing, risk analyses and security assessments.
Provided support to the Configuration Management team working on the United States Postal Service project. Analyzed the IA controls of a program to include secure configuration management and continuous monitoring, making recommendations to CM stakeholders to mitigate risk prior to implementation to the enterprise network. Reviewed USPS policies, procedures and standards identifying security gaps and implemented workflows, enhancing internal USPS processes, controls and security tools.
Served as security consultant and project manager, helping small to mid-size organizations with their technological needs and guide them on security policies and best practices. Acted as virtual CISO for these clients and helped them create an IT budget for the fiscal year. Among other things, one key element was to directly manage infrastructure upgrade projects end-to-end.