CISSP & CISM Certified Info System Security Pro

Multi-certified Info System Security Pro seeks employment. Have certifications CISSP and CISM (Certified Info Security Manager -

For credentials, see CISSP+CISM WIKI:

For commentary, see

To see my TOP links, see


for the top 104 infosec links

via RSS

Location: Orlando, Florida, United States

Certifications: CISSP, CISM LinkedIn (Most info, contacts) PeopleAggregator (Prettiest) VOX

Monday, October 16, 2006

Resume (download)


to get Word .doc or Acrobat .pdf of resume!

Sunday, October 08, 2006

CISM Body of Knowlege/Domains

• Information security governance
• Risk management
• Information security program(me) management
• Information security management
• Response management

Friday, October 06, 2006

Oh, my words!

CISSP,CISM,information Assurance,Security,Systems Engineering,

Tuesday, October 03, 2006


Information System Security Professional - 15 years in IT; over 8 years IS Security experience.

Lockheed Martin (1997)2003-present
Joint Strike Fighter F-35 Program Autonomic Logistic Information System (ALIS)

  • Information Assurance (Governance) - policy, procedure, standards, compliance
  • Requirements - creation, revision and validation
  • Information Security analysis - requirements, initial design, architecture
  • Information Security - Network and Operating system protections (firewall, intrusion, virus, permissions)
  • Value: Cost/Technology/Schedule - Program Estimate at Completion, Risk, Basis of Estimate
  • CISSP - (ISC)2, 2005
  • CISM - ISACA, 2005
  • Information System Security Association (ISSA), Central Florida Chapter President 2006
  • Information Systems Audit and Control Association (ISACA), 2005 Board
  • International Council on Systems Engineering (INCOSE), Orlando Chapter Secretary 2006
  • ISC2 CISSP Exam Supervisor


  • CISM

  • US DoD Clearance
    • Top Secret (active)
    • NATO access
    • Foreign Government Information

Monday, October 02, 2006

Works, Writings and Publications

  • Development of policies, procedures and architecture.
  • Development and implementation of information technology security methodologies, protocols and technologies (encryption, firewall, technical policies and configurations).
  • Analysis of applicable regulation and standards such various ISO (e.g. 17799) and NIST (e.g. FIPS and SPs)
Analyze customer need statements.
Compare to guidance, regulation, standards and policies.
Create appopriate policies and/or requirements statements.
Analyze existing requirements for appropriateness, parentage, and allocation.

Occasional expert reference source for publications such as Information Security Magazine,, and Certification Magazine. Occasionally quoted by such on industry issues.

Standards, Regulations, Guidance and Policy

  • IETF, IEEE, ISO and other relevant standards
  • NASA and DoD standards, policies handbooks and guidelines, expecially DoD 8500 and related.
  • Federal Information Processing Standards (FIPS), NIST, OMB, White House and GAO Standards and Practices
  • Public Law (P.L.) 100-235, "Computer Security Act of 1987"
  • Office of Management and Budget Circular No. A-130, "Management of Federal Information Resources"
  • P.L. 106-398, Government Information Security Reform Act (The Security Act of 2000).
  • DITSCAP by inference of the above citations
  • Sarbanes-Oxley

Key Technologies

  • Firewall; Intrusion detection; Virtual Private Networks, Public Key Infrastructure, and cryptography;
  • Perimeter Security and Vulnerability Assessment:
  • Used tools such as ISS Internet Scanner, Nmap, Cheops and Nessus.
  • Deploy security systems and devices (firewalls, intrusion sensors).
  • Networks:
    • Network security technology and practices - routers, firewalls, etc. Configuration, rules, ACLs, protocols, ports.
    • General Security Functions - anti-virus/malicious, vulnerability management (scanners, security evaluation testing, penetration testing), intrusion controls, VPNs, encryption
    • DNS
    • VLAN
    • IP network design
  • Operating Systems
    • Windows
      • Web Server configuration, especially security managment of services, port, protocols
      • Operating System secure configuration - services, ports, protocols, permissions/shares

Experience (1)

Systems Engineer Sr

Lockheed Martin Simulation, Training & Support
Performs technical planning, system integration, verification and validation, cost and risk, and supportability and effectiveness analyses for total systems. Analyses are performed at all levels of total system product to include: concept, design, fabrication, test, installation, operation, maintenance and disposal.

Includes Requirements analysis for system-wide and subsystem allocation. Analyze and interpret requirements proposed from higher tier organizations.

Ensures the logical and systematic conversion of customer or product requirements into total systems solutions that acknowledge technical, schedule, and cost constraints. Performs functional analysis, timeline analysis, detail trade studies, requirements allocation and interface definition studies to translate customer requirements into hardware and software specifications.

Experience (2)

Network Security Strategic Design:

apply current and new technologies to the design, development, evaluation, and integration of System Security.
Interact with senior internal and external personnel on significant matters requiring coordination between internal groups and other organizations.
Apply regulations and standards based on a full and competent knowledge of governmental, industry and best practices and principles.
See list below.

Author Security Policies, analyses and other technical documentation at multiple levels.
Demonstrated participation and leadership within several Information Security focused organizations and publications

Experience (3)

System Engineering in support of developing the System Security Architecture.

Investigated various technologies and methodologies in order to provide most effective solution based on cost, schedule and technical measures. Provided and proposed architectures:

Assessed Security Requirements. Used various methodologies (e.g. DoDAF and NC3TA). Knowledge of various standards (such as NIST and DoD publications, directives & instructions (e.g. FIPS, DoDI/D 8500, NISPOM, DCID6/3), industry standards (e.g. RFCs, ISO 17799, ISO 13335, SSE-CMM) utilized to analyze information risks, gaps and develop requirements. Information System Risk (Threat & Vulnerability management) Analysis. Define and design safeguards and countermeasures appropriate to accepted level of risk and budget.
• Infrastructure Defense, Design Integration and System Analysis:
Worked with interdisciplinary Teams to develop Security Architectures.
Contributing author to Security Architecture
Architecture Development (e.g. DoD Architecture Framework, NATO NC3TA, Open Group TOGAF, etc.)

Experience (4)

Provide direction on Threat Management, Identification Management.
Support for program financial planning (“Estimate At Completion”) and sub-project pre-proposal.
Reviewed and revised Program Security Requirements, contract analysis; gap analysis
• Program Internationalization Sub-Project
Analysis of multi-national requirements and standards.
Utilized NATO C3 Technical Architecture to create sub-project architecture
Designed preliminary estimate for technical elements.
Correlated ISO standards (
ISO 17799, 13335) to program requirements; gap analysis.

System engineering costing estimation:
Estimation of effort of multiple tasks over various periods to occur during seven e year period.


Key Experience

Joint Strike Figheter (F-35)
System Engineering
System Security
Engineering Estimates

Back in to the Chase

Another mass Reduction in Force. Only second in ten years. Its a love-hate relationship when it comes to governement contracting business (5 years in support of NASA, 4 i/s/o Joint Strike Fighter).