IT specialist - Auditor at U.S. Department of Commerce - Office of Inspector General (Washington D.C.)
January 2006 - Present (6 years 4 months) Performing cybersecurity audits and systems development and acquisition audits. Activities include:
• Evaluating cybersecurity of SCADA/ICS systems for NOAA satellites and weather observation systems against NIST 800-53 and NIST 800-82 standards.
• Testing system security configurations, vulnerability scanning, digital forensics. o Tools used: Nessus, nmap, SleuthKit, DISA Gold Disk, RAT
• Managing audit projects and teams.
• Evaluating IT development plans, methodologies and practices.
• Evaluating system architectures including all tiers.
• Interviewing agency directors, CIOs, project managers, system architects, system administrators, etc.
• Writing reports distributed to the public and Congress.
• Briefing findings to senior agency officials.
IT Specialist - Auditor - Intern at U.S. Government Accountability Office (Dallas, Texas)
May 2005 - August 2005 (4 months) IT Security Auditor - Internship. Responsible for review and reporting on segregation of duties, configuration management, and certification and accreditation auditing issues of a Federal computing center.
IT Security Research Assistant at NIATEC - Idaho State University (Pocatello, Idaho)
August 2003 - December 2005 (2 years 5 months) Wrote and taught graduate and undergraduate information security curriculum. Performed research into information security topics.
Software Tester at HealthCast LLC. (Boise, Idaho)
January 2001 - August 2003 (2 years 8 months) Development and execution of test plans and automated testing scripts. Also managed testing labs. During my last six months I wrote scripts to automate application authentication for a single sign-on solution.
Idaho State University
MBA, Computer Information Systems, 2003 - 2005
Boise State University
BBA, Computer Information Systems, 2001 - 2003
AAS, Computer Information Systems, 2000 - 2001
Certified Information Systems Security Professional (CISSP)
Certified Ethical Hacker (CEH)
Job Experience: Visual Basic .Net, SQL, Linux command line scripting