John Howarth, MBA, Security+, CISSP
IT Specialist | Information Security: SPAWAR Systems Center Atlantic, Charleston, South Carolina January 2013 – Present
• Perform Information System Security Engineer work for a multi-million dollar Navy program of record.
• Conducted risk analysis/management of shipboard variant of CEC. Resulting analysis saved program office 7+ million in funds by prioritizing IA capabilities to get the most out funding dollars.
o Resulting risk management methodology is being evaluated for use at other Navy engineering commands and NAVSEA.
• Evaluating and updating work processes to better utilize program workforce to enable greater efficiency and productivity for the C&A process.
o Designed and managed SharePoint site, used for work collaboration between government and contractor personnel.
• Conduct and plan system test and evaluation events to determine system risk posture and FISMA compliance. Test networking equipment, workstations, and embedded computer systems.
• Generate risk analysis reports and recommendations for DAA officials.
• Manage secure lab environment, ensuring physical security and policy requirements are being met.
Senior Information Assurance Analyst: NIATEC, Idaho State University, Pocatello, Idaho
August 2010 – January 2013
• Participating in the Scholarship for Service Cyber Corps at NIATEC - an intensive education of information assurance and its application in federal, defense and intelligence organizations.
• Develop training modules based on the CNSSI 4013 and 4014 standards to assist in the instruction of government employees about various topics within the realm of information assurance. These standards detail the training and knowledge requirements for government employees holding the titles of System Administrator or Information Systems Security Officer, respectively.
• Assisting with the redesign of the National Information Assurance Training and Education Center's websites. This resulted in a significant improvement to the look and flow of information on the site. This also resulted in an improved ability to maintain the content of the site.
• Lead a team tasked with the design and implementation of a security operations center using various types of open source software that monitored network traffic for multiple servers and workstations.
• Designed and implemented intrusion detection system event mapping software. The software maps the sources and destinations of events on a 3D representation of the Earth. The user is able to see severity, source, destination, signature, and frequency of events. Trend information can also be viewed through animation.
• Contribute in a weekly round-table discussion regarding the implementation and implications of the National Institute of Standards and Technology’s (NIST) Risk Management Framework, based on guidance provided by SP 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems.
Summer Internship: United States Senate, Office of the Sergeant at Arms, Washington, D.C.
May 2011 – July 2011
• Gathered requirements for updating and adding features to the internal incident handling system. Developed software to accomplish those requirements. Developed appropriate documentation for new features and specifications. This resulted in increased accuracy of data entry, improved the security of the data, and reduced the completion time of some tasks by up to 90% in some instances.
• Worked with a team conducting interviews and research with various departments under the CIO to determine current access control posture. Generated reports for management detailing the results of that review, highlighting problem areas and proposing possible solutions.
• Worked with a team to conduct information security training sessions covering “information security for the end user” for approximately 60 interns. The training received very positive feedback and resulted in the CIO requiring the same training for all employees.
Student Aide: Idaho State University, Pocatello, Idaho
January 2008 – August 2010
• Graded assignments for the following classes:
o Foundations of Computer Programming, a class based on Visual Basic.NET 2005. Student assignments were programs that taught the basics of programming, including the essential concepts of sequence, selection, and iteration, as well as the importance of adhering to programming standards.
o Advanced Object Oriented Programming, a class based on Visual Basic.NET 2008. Student assignments emphasized the basic concepts of object –oriented programming and the advantages it offers.
o Developed or modified grading rubrics for the above assignments to facilitate grading and provide guidance for students.
• Designed and implemented programming examples for student practice sets, focusing on secure programming techniques, and incorporated those examples in web pages for easy delivery for students.
• Volunteered to create and operate a programming lab to assist students having trouble understanding programming concepts. Worked with professors to gain their approval, establish operational guidelines, and acquire the space needed to operate the lab.
Computer Information Systems Tutor: Idaho State University, Pocatello, Idaho – Content Area Tutors Program
September 2008 – December 2008
• Tutored students with varying levels of expertise in various Computer Information Systems classes. Accomplished this by providing examples tailored to each student’s strengths and life experiences. In two instances I empowered two students to gain the skills and confidence needed to excel in classes they had previously failed.
• Worked closely with both student and professor to develop goals for areas that needed improvement.
Customer Service Representative: Convergys, Pocatello, Idaho
October 2003 – March 2007
• Assisted customers with technical troubleshooting, equipment purchases, and billing inquiries. Maintained an outstanding record of no credit errors, minimal escalation calls, and outstanding customer satisfaction.
• Mentored new employees in proper customer care handling and proper use of computer systems to maintain accurate customer information.
• Served as a member of the employee relations and retention committee. Tasked with identifying incentives to help retain employees as well as recognize employee achievements.
• Masters of Business Administration: Computer Information Systems Major, Information Assurance Emphasis
Idaho State University, Pocatello, Idaho: An NSA Center of Academic Excellence – Information Assurance
Graduation: May 2012
Cumulative GPA: 3.5
Courses: Intermediate Information Assurance, Systems Security Management, System Security for Senior Management, Systems Security Administration, Advanced Informatics Practicum, Information Systems Security, Managerial Decision-Making, Quantitative Information for Business Decisions, Business Policy and Strategy in Global Environments
• Bachelor of Business Administration in Computer Information Systems
Idaho State University, Pocatello, Idaho
Graduation: May 2010
Courses: Individual and Organization Behavior, Operations and Production Management, Problems in Policy and Management, Legal Environment of Organizations, Interactive Web Development, Intro Business Programming, Advanced Object Oriented Programming, Systems Analysis and Design, Advanced Systems Analysis and Design, Database Design, Networking, Intermediate Information Assurance, Terrorism and Political Violence
• Navy Validator Course
Naval Postgraduate School – Navy Certifiers Course
Senior Systems Managers, CNSSI No. 4012; Systems Certifiers, NSTISSI No. 4015
• Marine Corps Validator Course
University of Tulsa – Marine Corps Validator Course
Risk Analysts, CNSSI No. 4016; INFOSEC Professionals, NSTISSI No. 4011
ORGANIZATIONS AND ACTIVITIES
• Vice President – Association for Computing Machinery, Idaho State University Chapter
• Vice President / Treasurer – Association of Information Technology Professionals, Idaho State University Chapter
• CompTIA - Security+ Certified Professional - November 22, 2010 (DoD 8570) IAT2, IAM1
• Associate of ISC2 – CISSP – August 28, 2012 (DoD 8570) IAT3, IAM2, IAM3
• Navy Validator, Entry – January 2014
Risk Management Framework:
SP 800-53, SP 800-53A, SP 800-30
SP 800-37, FIPS 199,
FIPS 200, DoDD 8510.1
DoDD 8500.1, DoDI 8500.2
Linux: Debian, RHEL UNIX, Systems Development Life Cycle, Web Site Development Virtual Machines
Snort IDS, FTK, Backtrack, Nagios, Wireshark