Cyber Security Information Technology

Dejuan S. Broughton

Email: ad769n@r.postjobfree.com Phone: 571-***-****

Proven, cleared, and certified technologist with Information Technology (IT) experience spanning over 14 years with demonstrated knowledge in Cyber Security, Information Assurance working with various tools, NIST 800 publication guidelines and FISMA compliance. Currently seeking an opportunity to utilize obtained IT skills in an Information Assurance or Cyber Security capacity that will leverage the combination of diverse knowledge and formal education accomplishments. Extensive knowledge of hardware and software implementation that seamlessly translates to the enhanced confidentiality, integrity, and availability of information systems.

CLEARANCE LEVEL – EDUCATION – PROFESSIONAL EXPERTISE

Active Department of Defense Top Secret Clearance

DeVry University: Bachelor of Science in Network & Communications Management

Associates Degree in Network System Administration

ECPI College of Network System Administrator Technical Diploma

Technology:

IT Certifications: CompTIA Advanced Security Practitioner (CASP+)

CompTIA Security + ce CompTIA Network + ce CompTIA A+ ce

Certified Ethical Hacking C EH

Certified Information Systems Auditor (CISA)

Microsoft Certified Technology Specialist (MCTS)

Microsoft Technology Associate (MTA)

HBSS DISA 201

Tools & Software: Tenable Security Center, RMF, Cyber Security, Nessus, Windows10, Windows Server 2008r2/2012/2016/2019, Microsoft SCCM 2007/2012, O365 IBM Big Fix, Burp Suite, Splunk, BMC Remedy, Netstumbler, Retina, Norton Ghost, Norton Antivirus, Symantec Endpoint Encryption, McAfee Antivirus, Cisco VPN, Flexera STIG Viewer, eMASS, CSAM, Risk Vision, PowerShell, Xacta

PROFESSIONAL EXPERIENCE

Information System Security Officer – DOI December 2021-Present

Securigence

Extensive knowledge and experience with information security standards, policies and practices - NIST (800-53 rev4), FISCAM, FISMA, DOD, DCID, FBI, etc.

Perform assessments for agency systems evaluating the design and operating effectiveness of controls within the system environment utilizing FISCAM guidance, and NIST and Federal criteria.

Demonstrated experience conducting information system security controls assessments (SCAs) and Appling standard auditing techniques during system security controls assessments, including the proper interpretation of the control requirements, determining if the artifacts provided are sufficient, and recommending remedial actions to the customer to ensure compliance.

Demonstrated experience writing information system security documentation (SSPs, POA&Ms, PTAs, PIAs, CMPs, CPs and IRPs).

Performing security controls assessments and reviewing security documentation in accordance to RMF guidelines; specifically, NIST 800-18, 800-37 and 800-53.

Proven ability to multi-task and deliver on-time with the highest quality.

Perform assessments of IT general and application controls supporting the overall financial statement audit for several government agencies including mock audit walk through and use of GRC tool (i.e. eMASS).

Help with audit readiness processes focusing on IT general and application controls for financially relevant systems.

Assist with performing IT assessments to evaluate controls from security management, access control, configuration management, and segregation of duties, contingency planning, interface, and business process control perspectives.

Provide vulnerability assessment and management support for FISMA and non-FISMA systems, scanning, remediation and incident response.

Assessment & Authorization (A&A) within the DOI to ensure designated systems/Enclaves/Networks can obtain and maintain Authorization to Operate (ATO).

Reviewing artifacts to identify and document weaknesses and potential findings and developing assessment reports, assertion packages and corrective action plans (CAPs).

Knowledgeable with Systems Development Lifecycle (SDLC) methodologies and continuous monitoring activities.

Well versed with using vulnerability assessment tools (NESSUS, Security Center, etc.) and analyzing the results generated from these assessments.

Ability to research and address information security issues as required, being an authority on the subject.

Manage program security using the Risk Management Framework process.

Information System Security Officer – DoJ May 2020-March 2022

Salient CRGT, Washington, DC

Extensive knowledge and experience with information security standards, policies and practices - NIST (800-53 rev4), FISCAM, FISMA, DOD, DCID, FBI, etc.

Demonstrated experience conducting information system security controls assessments (SCAs) and Appling standard auditing techniques during system security controls assessments, including the proper interpretation of the control requirements, determining if the artifacts provided are sufficient, and recommending remedial actions to the customer to ensure compliance.

Demonstrated experience writing information system security documentation (SSPs, POA&Ms, PTAs, PIAs, CMPs, CPs and IRPs).

Proven ability to multi-task and deliver on-time with the highest quality.

Provide vulnerability assessment and management support for FISMA and non-FISMA systems, scanning, remediation and incident response.

Assessment & Authorization (A&A) within the FBI to ensure designated systems/Enclaves/Networks can obtain and maintain Authorization to Operate (ATO).

Knowledgeable with Systems Development Lifecycle (SDLC) methodologies and continuous monitoring activities.

Well versed with using vulnerability assessment tools (NESSUS, Security Center, etc.) and analyzing the results generated from these assessments.

Ability to research and address information security issues as required, being an authority on the subject.

Manage program security using the Risk Management Framework process.

Information Technology Specialist - DoJ May 2015-May 2020

BlackSpoke LLC, Washington, DC

Testing and deploying security software (HBSS, FireEye, Digital Guardian) application packages using IBM Big Fix to be deployed across multiple classification enclaves.

Perform patch management and software updates for Information Systems, workstation, server operating systems and applications.

Provide vulnerability assessment and management support for FISMA and non-FISMA systems, scanning, remediation and incident response. Worked with ISSO’s and system owners on system development lifecycle (SDLC) in accordance with NIST 800-53 and maintained continuous monitoring.

Monitor and analyze client security alerts and event logs to troubleshoot issues.

Assessment & Authorization (A&A) within the FBI to ensure designated systems/Enclaves/Networks can obtain and maintain Authorization to Operate (ATO).

Experience with network technologies and with system, security, and network monitoring tools

Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities

Research and analyze system problems and initiate appropriate actions along with documentation.

Develop technical solutions to help mitigate security vulnerabilities and automate tasks.

Manage program security using the Risk Management Framework process.

Information Security Analyst – DoD Apr 2012 – May 2015 Northrop Grumman/Ace Info Solutions, Quantico, VA

Administers Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM) to conduct the automated deployment of security updates and patches as the first step in operating system hardening for classified and unclassified networks.

Maintain the latest HBSS configuration to address known exploits using the Host Intrusion Prevention System (HIPS). Developed automated reporting dashboards within the existing ePO system to provide near real-time reporting of computer system compliance information and maintain overall visibility for all connected assets.

Knowledge of host identification and exploitation of vulnerabilities

Knowledge of phishing procedures

Knowledge of script writing and crafting of payloads

Knowledge of database operations and system/network administration

In-depth knowledge and understanding of operation of assessment tools (including but not limited to Metasploit, Nmap, Burp Suite, Powersploit, and Cobalt Strike)

Performs scan, test, audit reports and mitigate the finding from audit scans (Retina, ACAS)

Knowledge of intrusion detection methods protecting DOD computer networks and systems.

Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management and content filtering.

Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities

Experience with SIEM technologies (such as NetWitness, Splunk)

Research, review and configure various polices and exclusion for a range of security applications (Symantec, McAfee)

Experience performing technical analysis involving threat event data, evaluating malicious activity, documenting unusual files and data, and identifying tactics, techniques and procedures used by attackers.

Performs vulnerability assessments followed by the creation of comprehensive finding reports used to track and mitigate identified vulnerabilities via Plans of Action & Milestones (POA&M).

Develops standard operating procedures (SOP) for the creation of custom secure operating system images meant to be deployed across multiple classification enclaves.

Installing, troubleshooting and configuring various security suite agents and clients (McAfee, Symantec)

Assists in the creation, review, and management of secure configurations for user accounts on Blackberry Enterprise Server adhering to federal government standards.

Help Desk Support Analyst – DoD Sep 2011 – Apr 2012 Black Stone Technology, Andrews AFB, MD

Provided technical support for personal computers assigned to VIP personnel at Andrews AFB to include desktop hardware, software packages.

On site HBSS Admin update DATS, troubleshooting clients install/uninstall.

Acted as a liaison for data transfer system designs, implementations and policies.

Performed hardware diagnostics and coordinated repairs combined with the assisted planning and design of personal computers including Microsoft Outlook, PST file setup, maintenance and recovery

Executed onsite installation and setup of new computers followed by the completion of data migrations from legacy computer configurations.

Senior Help Desk Technician – DoD Sep 2009 – Sep 2011 LOUi Consulting, Inc., Warner Robins, GA

Facilitated the installation, configuration, and troubleshooting of end-user hardware and software to ensure continued equipment usability for the U.S. Air Force 78th Medical Group.

Served as the Senior Helpdesk Technician Site Lead responsible for Blackberry infrastructure and the necessary training for junior technicians to support enterprise users.

Tested network connectivity, re-imaged hard drives with the use of Ghost, and conducted tracking of over 700 desktop computers, 50 laptops and associated peripherals.

Managed user accounts and access control utilizing Microsoft Active Directory followed by the detailed tracking of all interactions with the use of Remedy trouble ticketing system to document requests.

Executed onsite installation and setup of new computers followed by the completion of data migrations from legacy computer configurations.

Contact this candidate