Eric  Eskelsen, MBA-IA, CISSP, Security+, ITIL v3, CNSS

Work Experience: 
US Department of Education
Washington, DC    United States
06/2005-Present
Hours per week:  40
Series:  2210
Pay Plan:  GS
Grade:  14
 
IT Specialist (INFOSEC)
Supervisor: Daniel Commons (202-245-6841)
Okay to contact this Supervisor: Yes
Cleared for Top Secret SCI level

Computer Network Exploitation/Operation-Completed penetration tests, conducted readiness review exercises, conducted external technical information gathering exercises, conducted malware analysis

SOC Service Level Agreement Manager-Oversaw SOC operations in a contractor owned-contractor operated environment. Approved deliverables and validated security metrics.

OCIO ISSM-Responsible for managing the Information System Security Program within the Office of the CIO.

Security Engineer-Reviewed projects to ensure that security was evaluated and considered as part of the overall system life cycle

Project Manager-Managed Security Services Provider-Formulated budget plans, reviewed project deliverables, completed project GANTT Charts, performed cost to benefit analysis

Data Clearance Custodian-maintained the cleared information for OCIO up to and including the secret level

NSO (Network Security Officer)/Cyber Chief-chair Change Control Review Board; threat management; approval of data center access requests; approval of content filtering waivers; approval for requests of non-Departmental computers on main network; liaison between OIG-Technical Crimes Division and Contractor Security Operations Team; and approval of security architecture designs

Lead Department CSO (Computer Security Officer)-Oversee all certification and accreditation issues within OCIO, oversee all issues related to clearances for contractors and employees within OCIO, maintain physical security within OCIO, maintain and grant physical and logical access to Department systems and areas, audit access control lists, audit systems to ensure compliance, verify that security is considered in all proposed projects and ongoing projects during the system life cycle, work with the Chief Information Security Officer to verify federal regulations are met, review documents from the CIO counsel, enforce FISMA requirements, ensure that contractors and employees complete online general security awareness training and, as required, complete specialized security training.

Departmental Incident Response Coordinator: Maintain lists of incidents (cyber, physical, etc), report incidents to the proper authorities (OIG, US-CERT, Senior Management, etc), development of Department Incident Response Policy and Procedures, ensure that Incident Response procedures are followed, recommend solutions in the event of an incident, internal focal point for all incident response communications, review incident reports for completeness and exactness, computer forensics, network forensics, Einstein analysis and assessment, penetration testing, malware analysis, liaison with US-CERT, DHS, NSA, and other federal agencies,and communicate to and work with the proper authorities concerning the status of remediation and/or actions taken.

Project Management-Managed the development of several projects through the implementation life cycle. These projects include Einstein, Managed Security Services Provider, and IPv6 implementation.

Member of the following boards- Independent Validation and Verification (IV and V) Management Committee, Security Test and Evaluation (STE), IPv6 Transition and Security, TRB (Technology Review Board), SRB (Security Review Board), and CCRB (Change Control Review Board).

National Information Assurance Training and Education Center
Pocatello, ID    United States
09/2003-06/2005
Hours per week:  20
 
Programmer Analyst-Research Associate
Supervisor: Corey Schou/Ryan Lind (208-282-4893)
Okay to contact this Supervisor: Yes
Researched Information Assurance Topics developing the research into teaching modules for use in Federal Agencies, development of a major application that monitored performance and tracking of Knowledge, Skills, and Abilities using C#, ASP.net, and SQL Server, designed computer programs in VB.net and ASP.net, integrally involved in the creation of NSTISSI and CNSS standards, intricately involved in the creation of policy and technology standards for Senior System Managers for Federal Agencies, performed forensics work using accepted forensic techniques on a compromised server, developed system hardening guides for Windows and Linux systems, performed threat and risk based assessments of systems, performed vulnerability and penetration testing, taught Information Assurance topics to graduate and undergraduate students in a University setting, delivered presentations to faculty and staff about best security practices, and developed the University's acceptable use policy.

Blackfoot Cheese Company
Blackfoot, ID    United States
05/2002-09/2003
Salary:  24,500
Hours per week:  40
 
Manager/IT Security Specialist
Supervisor: Gaylord Fowler (208-785-1828)
Okay to contact this Supervisor: Yes
Manager-Supervised employees that ensured production delivery schedules were met
IT Security Specialist-I oversaw computer systems and networks in the plant, responded to cyber incidents and threats, ensured software patches were applied, hardened the operating system at each workstation, and troubleshot general network security and computer system problems.
I further recommended and approved technology purchases and educated users about best practices in securing their computers.


Idaho State University
Pocatello, ID    United States
07/2001-09/2001
Salary:  23,900
Hours per week:  40
 
IT Production Specialist
Administrator of the student information request database-managing user accounts, enforced password complexity requirements, audited system access logs, and created reports for senior management Performed queries on the campus wide information systems database to ensure that state requirements were met.
I further developed databases in FoxPro, managed work-study students, networked and assembled the department's local area network, performed virus scans, installed software, managed software licenses, and performed system hardening.

Snake River Cheese
Blackfoot, ID    United States
11/1994-10/1999
Salary:  21,000
Hours per week:  40
 
Leadman, IT Specialist
Supervisor: Randall Thompson (208-785-6895)
Okay to contact this Supervisor: Yes
Leadman-managed a group of thirty employees and oversaw the night operations within the plant. I recommended pay raises and oversaw budget issues.
IT Specialist-maintained and secured the computer systems in the plant, installed software, reset passwords, replaced computer systems, connected the computer network to the Internet, and recommended software/hardware purchases. I educated users on computer security best practices including passwords and sharing of folders across the Intranet.

Education: 
Idaho State University  Pocatello, ID  United States
Master's Degree 05/2005

Major: Business Administration/Information Assurance
Relevant Coursework, Licenses and Certifications:
Graduated with a master's degree from an NSA Center of Academic Excellence in Information Assurance Program
Coursework: Operations/Project Management, Intermediate Information Assurance, Malware Analysis, E-Commerce, Risk Analysis, and Coursework in Federal CNSS Standards 4011, 4012, 4013, 4014, 4015

Certified:
CNSS 4011 -- National Training Standard for Information Systems Security (INFOSEC) Professionals
CNSS 4012 -- Senior Systems Manager
CNSS 4013 -- Systems Security Administration
CNSS 4014 -- Information Systems Security Officer
CNSS 4015 -- Systems Certification
Comptia Security+ Certified Professional
Certified Information Systems Security Professional (CISSP) Certified
Information Technology Infrastructure Library (ITIL) v3 Foundation Certified
Core Impact Certified Professional
 
Idaho State University  Pocatello, ID  United States
Bachelor's Degree 08/2000

Major: Computer Science Minor: Mathematics
Relevant Coursework, Licenses and Certifications:
Coursework:
Computer Security, Information Security and Privacy, Cryptography, Database Implementation and Design, Management Information Systems, Advanced Systems Analysis and Design, Software Programming Languages, Electronic Commerce, Web Programming, Software Engineering, Operations Research, and Digital Image and Audio Processing
 
Ricks College Rexburg, ID  United States
Some College Coursework Completed 04/1994

Major: Mathematics Minor: Computer Science
Relevant Coursework, Licenses and Certifications:
Selected as outstanding mathematics student 1993-1994

Job Related Training: 
Mandiant Incident Response Conference 2013-November 2013
EnCase ® Computer Forensics I-June 2013
Windows Penetration Testing-November 2011
Core Impact Penetration Testing-November 2011
Blackhat/Defcon-2011, 2012
Advanced Information Security for Technical Staff-2011
Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth-2008
Computer Forensics for Technical Staff-July 2007
Advanced Incident Handling for Technical Staff-December 2006
ISC2 ISSEP (Information Systems Security Engineer Professional) Concentration Review Seminar-November 2005
FISMA Risk Management and Compliance Training with Tools and Techniques for Risk Assessment and Compliance Audit Testing Workshop-March 2006
IPv6 Summit-December 2005
Federal CIO Conference on IPv6 Security-October 2006
US-CERT Silk Training for Einstein Program-November 2006
Microsoft System Administration-February 2005

Professional Publications: 
"Guidelines for Secure Use of Social Media by Federal Departments and Agencies", September 2009, available at https://cio.gov/wp-content/uploads/downloads/2012/09/Guidelines_for_Secure_Use_Social_Media_v01-0.pdf

References: 
Name Employer Title Phone Email
Steve Grewal (*) US Department of Education Chief Information Security Officer 202-245-6316 Steve.Grewal@ed.gov
Ivan Hardaway (*) US Department of Education IT Specialist (INFOSEC) 678-838-5338 Ivan.Hardaway@ed.gov
Corey Schou (*) NIATEC Director, Informatics Res & Edu (NIATEC) (208) 282-3194 schocore@isu.edu
Ronald Luczak (*) US Department of Education Chief Personnel Security Officer 202-260-7727 Ronald.Luczak@ed.gov
    
(*) Indicates professional reference

Additional Information: 
I have programmed in C, C++, C#, Perl, PHP, SQL, SQL Server, ASP, ASP.net, Cold Fusion, Visual Basic, Visual Studio, Visual .NET, Ruby, and Pascal.
Affiliate faculty member of Idaho State University's Information Assurance program.
I have worked with several penetration/vulnerability testing programs.
Performance Award for handling key logger files provided by US-CERT-August 2007 from US Department of Education.

NIATEC National Science Foundation Information Assurance Directorate Department of Homeland Security CISSE Scholarship For Service