| Contact Information | |
| Name: | Angie Patterson |
| Email: | angiejpatterson (at) hotmail (dot) com [email concealed] |
| Location: | Owings, , United States |
| Resume | |
| Position/Title: | Sr. Security Analyst |
| Resume: |
Angela Patterson 8990 Southern Maryland Blvd., Owings, MD 20736 angiejpatterson (at) hotmail (dot) com [email concealed] INFORMATION TECHNOLOGY SECURITY SPECIALIST Insight, results-driven IT professional with notable success leading a broad range of IT security initiatives while participating in planning, analysis, and implementation of solutions in support of business objectives. Demonstrated ability to expedite multiple responsibilities in a deadline driven environment with excellent organizational and analytical skills. Hands-on experience in all stages of the Certification and Accreditation efforts, including system security categorization, risk assessment report, system security plan, contingency plan, rules of behavior, self assessment, plan of action and milestone, and continuous monitoring in support of achieving an authorization to operation. Outstanding project lead; able to coordinate and direct all phases of project-based efforts while motivating and guiding a team. CORE COMPETENCIES * Systems Security * Incident Response and Recovery * Risk Assessment * Contingency Planning * Team and Project Leadership * Policy Planning and Implementation * Technical Specifications Development * Research and Development * Familiar with FIPS 199, 200, NIST SP 800-37 SP 800-26, SP 800-53, SP 800-18 TECHNICAL PROFICIENCES Platforms: Unix (Solaris, HP-UX), Windows 2000/XP, MAC OS Networking: TCP/IP, ISO/OSI, Ethernet, VPN, SSH, RSA SecureID, PKI, HIPPAA Languages: Unix Korn Shell Scripting, HTML, SQL, mysql Tools: Tenable Network Security Center 3.0, ISS, Nessus, Zone Alarm, Black Ice, McAfee/ Norton Virus Protection Utilities, Cisco Firewall, HP OpenView, Microsoft Office Suite, Sybase, HSPD-12, SpyDoctor, Numara Track-It, Cisco VPN, Snort, Patchlink PROFESSIONAL EXPERIENCE Earth Resource Technologies, Annapolis Junction, MD 3/24/08 – Present Sr. IT Security Analyst Currently contracted to NOAA/NESDIS in Suitland, MD developing and maintaining C&A documentation including system security plans, contingency plans and risk assessment reports. Perform technical security planning, testing, verification, and risk analysis. Produce system security plans in accordance with NIST SP 800- 37, 53, 53A, 30 and 18; draft security test procedures and conduct security testing and evaluation. Conduct Vulnerability scanning. Compile assessment results into a POA&M spreadsheet. Conduct weekly IDS monitoring and report on any anomalies found and report to management for further review. Compile entire C&A package contents to present to CIO office as part of the C&A review process. Interact and provide status reports to the customer on a daily basis. ManTech SRS, Greenbelt, MD 8/2005 – 3/20/08 IT Security Analyst/Computer Security Experience with systems certification and accreditation. Perform routine and regular vulnerability Assessments using automated tools. Responsible for Directorate IT Security procedures development and implementation in compliance with NASA IT security requirements as well as other federally mandated IT Security requirements. Analyze identified vulnerabilities and compliance failures and provide recommended mitigation measures. Create Risk Assessment Reports, Contingency Plan, System Component, Boundary & Network Diagrams, NIST 800-26 Appendix A: Self Assessment, POA&M, and the System Security Plan, in support of system Certification & Accreditation. Support audit investigation by NASA (OIG) and respond to all findings, take corrective actions, track scheduled deliverables and provide auditors with additional supporting documentation upon request. Write-up reports on all IT Security Incidents and ensure compromised hosts are mitigated. Manage the directorate ip address range. Manage the directorate Patchlink database. Process all IT related waivers and review for compliance with NASA - GSFC policies. Represent the directorate on several working groups such as the Center Firewall Review Board, Windows, and CISB/FDCC groups. Ensure compliance with NASA - GSFC local administration policies. Provide guidance to system administrators within the directorate on IT Security issues. Continuously review systems and document their levels of security. Perform software audits for compliance of standard software settings. Review and appropriately act upon security bulletins (NASIRCs) relevant to directorate systems. Independently verify the effectiveness of backup and recovery procedures by planning and executing contingency exercises while coordinating with the emergency response teams to train contingency responders and identify and correct any weaknesses identified. Coordinate IT Security Training for directorate employees and maintain records verifying the training. Promote IT Computer Security Awareness within the directorate. Ensure all appropriate user account request paperwork is completed and filed. Ensure user accounts are disabled in a timely manner as users exit. Key Contributions: • Generated an IT Security Plan package for our corporate office upon contract award on an expedited schedule. • Instrumental in developing Risk Assessment Report, Contingency Plan, System Component, Boundary & Network Diagrams, NIST 800-26 Appendix A: Self Assessment, POA&M, and System Security Plan in support of system Certification & Accreditation. • Created a Laptop Use & Security Policy for the directorate • Implemented Center for Information Benchmarks (CIS) on Windows 2003 Servers • Create and distribute on a monthly basis a IT Security Awareness Newsletter • Our Directorate is recognized as one with the lowest of Incidents on Center • Managed Help Desk support calls and logged calls into Track-It software system • Lead the Active Directory Migration for our organization by planning, and implementing the required steps in order to migrate 100 + users a.i. solutions, inc., Lanham, MD 1/1/04 – 8/26/05 System Administrator/Alternate Computer Security Official Provided web administration support to several sites. Provided system and security administration support functions that ensured the availability of the systems, managed accounts and assigned security profiles, added and removed system users, performed backup and recovery functions, mounted disks and tapes, handled printer issues, changed file access levels. Created Implementation Plans for new or existing configuration changes to systems and networks, and lead a few of the projects. Reviewed all security alerts for applicability to their computing environment, tracked response/resolution by affected organization, resolved security incidents. Assisted in the development of the organization’s Risk Assessments. Documented recommended security procedures for the organization, documented all assessments of security products, and assisted the CSO in ensuring the compliance of security plans, risk management plans, and contingency plans with NPR 2810.1. Provided detailed technical explanation to the CSO on IT security incidents. Performed ISS vulnerability scans and interpreted the results, eliminated medium and high vulnerabilities within the systems. Key Contributions: • Migrating desktops, printers and servers behind a Center Network Firewall and converting all Ip addresses to the new address space. • Reduced the number of outstanding vulnerabilities which were detected as part of an audit. Lockheed-Martin, (formerly Intellisource and RMS ACS GSG), Rockville, MD 4/00 – 12/31/03 Principal Information Management Specialist Provided Xerox DocuShare system administration. Administered several web sites and a UNIX (Solaris) server, applied Security patches and updates regularly to the server. Provided back-up support for the FDAB Lab in the absence of the Windows System Administrator. Provided User Desktop support for approximately 100-125 users, disabled, enabled accounts, from servers. Maintained and coordinated the use of loaner laptops and STK license dongles. Maintained Lab Software/Hardware Inventory document to include vendor quotes, PR status, costs, advance notification of maintenance/contract renewals for the equipment. Maintained Lab Equipment Inventory to include workstations, servers, loaner pc, laptops, hostnames, ip addresses, location, for each piece of equipment. Maintained Lab Network Drops and Circuit Breaker Configuration diagrams. Ordered all IT related supplies needed for the Lab in coordination with the Branch Secretary. Interpreted ISS scan results and eliminated medium and high vulnerabilities within the systems. Applied all Windows Security updates to desktops, and applied all vendor patches to Solaris server. Key Contributions: • Single-handedly, set-up the Solaris server and configuring the Xerox DocuShare software. QSS Group, Inc., Lanham, MD 12/97 - 3/00 Programmer/Web Developer Worked with NASA-WIDE Directives, Policies, and Procedure documents, converted their native formats to html and uploaded to the NODIS Library. Administered production and development Sybase databases, created usernames, passwords, database accounts, removed users, database loads from dump files, initialized disks, and assigned roles and privileges, and created databases with Sybase Central software, and Transact-SQL commands and statements with isql in Unix. Administered Netscape Suite Spot Compass Server Search Engine 3.01 - Set-up configuration files, created categories and category rules. Installed Sybase Adaptive Enterprise Server 11.5 software on an SGI, IRIX 6.5 OS. Installed, set-up Sybase Central utilities on Windows NT 4.0. Collected, compiled and distributed monthly status report for the task. Compiled and created documentation for Web Applications User Guide, System Definitions Guide, Test Plan & Procedures and Database Data Dictionaries. Created links, directories in new and existing web pages for the NASA Online Directives System (NODIS). Tested web applications for Y2K compliance and prepared documentation for certification. Installed scanner software, SCSI cards, and internal modems. Scanned NASA Directives and other contract-related documents to be uploaded into the NODIS system. Key Contributions: • Took the initiative to learn about Sybase and set-up and configured a database for a production server. Hughes STX Corporation, (currently Raytheon) , Greenbelt, MD Senior Data Technician 07/95 - 11/97 Worked as a Data Support Team Liaison of the Distributed Active Archive Center (DAAC). Performed all UARS/TOMS selections of data files, transfer, and ingest archives and distribution activities for the group using the CDHF VAX and V.0. System. Created Unix shell scripts to run off-line processing jobs for new TOGA COARE data sets onto 4mm, 8mm, DLT tapes, and made back up copies for the permanent archive. Performed SQL queries from the Oracle database for ingest, archive and distribution related information. Restored data files, received new data sets and put onto ingest disks. Handled TOMS and Adeos TOMS data set transformations, which included dumping data files to disk, monitoring disk space, running scripts, special weekly distribution to scientific users, and ingest and archive of the data through the DAAC system. Performed request processing of on-line and off-line satellite data requests, and system back-ups on 8mm and 4mm using TAR and mtcp formats, initialized new DLT tapes for the secondary and tertiary archives as needed. Compiled statistics for monthly operations reporting. Tested new software builds and trained new staff on the GSFC DAAC V.0. System. Performed Quality Control of AVHRR satellite images, Product Inventory Management Control. Generated Operations scenario documentation. Updated and maintained the GSFC DAAC Internal Operations web pages. Performed Unix Korn shell script writing. Interacted with the DAAC USO/Help Desk to resolve customer questions regarding data set questions. Interacted with System Administrators to report hardware/software problems, the software developers regarding staff tools and current system software, with government customers, outside vendors, and the outreach staff on a daily basis. Data Technician 11/94 - 07/95 Worked in the AVHRR PGS Group at the Distributed Active Archive Center. Created HDF files from raw orbital data. Updated Production sheets, schedule boards, and documentation of procedures and daily production. Performed Quality Control techniques for all AVHRR DAAC images and machines. Managed the Calibration data set collection task. Created 10-day composite images, back up tapes, spool scripts, monitored and scheduled disk space while running jobs, ftp’ed HDF files to and from various DAAC machines. Associate Data Technician 07/92 - 11/94 Worked in the National Space Science Data Center Customer Support Office. Handled all office correspondence, i.e., mail email, fax, phone, and bank deposits. Managed all credit card account transactions, electronic credit card equipment and supplies. Trained other co-workers in request processing procedures. Drafted, edited and proofread letters for final copies, prepared customs forms, compiled Bills for Collection. Interfaced with outside customers and government customers. Processed satellite data requests on 9-track tapes, CD-ROMS, photos, and documents EDUCATION AND CREDENTIALS Information Systems Security Program, 2006 A.A. Community College, Arnold, MD Business Administration Program, 1993-1996, Howard Com. College, Columbia, MD Business Management Program, 1992-1993, P.G. Community College, Largo, MD Business Management Program, 1989-1990, Penn State University, Altoona, PA Office Information Specialist Program, 1987, General Communications, Rockville, MD Professional Training and Certifications Global Knowledge, CISSP Exam Preparation Course 2007 Brainbench IT Security for System Administrators Certification (3 yrs) 2006 Learning Tree Int, Securing Windows Server 2003: Hands-On 2005 Global Knowledge, Securing Wireless Networks 2005 MIS Training Institute, Audit and Security of Applications Development 2005 Brainbench Unix System Administrator Certification (3 yrs.) 2003 Brainbench Network & Internet Security Certificate 2003 NASA GSFC Certificate of Completion in Hacking Your Own Network 2003 NASA GSFC Certificate of Completion in Implementing Web Security 2001 NASA GSFC Certificate of Completion Controlling & Securing Unix-Based OS 2001 |