1. Shelia S. Bradley
116 Douglas Drive, Stafford, VA 22554
(C) 843.277.7953
shelia.bradley08@gmail.com
shelia.bradley08@me.com
Clearance: Active Secret
Certifications: Security+ (studying for CISM, PMP, ITIL)
15 1/2 Year U.S. Army Veteran
OBJECTIVE
Obtain a leadership position where my skills and experience in information assurance can
be effectively utilized for the protection of information and resources and to establish
synergetic expertise visions, homegrown innovations, and customer loyalty in the face of
both prosperous and adverse times.
SUMMARY
● Over 16 years with extensive experience in project management and development of
System Security Authorization Agreement (SSAA) development and review, DIACAP
Implementation, Information Assurance documentation creation, vulnerability analysis
and management, risk assessments, FISMA, NIST, and DISA STIG implementation.
● SME in developing, implementing, and maintaining strategic, technical, and operational
security plans, diverse security architecture, risk management strategies, and security
procedures.
● Proven ability to remain flexible, but task oriented in order to overcome scope creep
challenges commonly associated with project development.
● SME is giving impromptu and planned oral presentations to small, medium, and large
sized audiences on the required Information Assurance Training, Policies, and
Guidelines to include creating the required documentation for training.
● SME in the use and analysis of various vulnerability scanning tools (Retina, Nessus),
Security Information and Event Management (SIEM) tools, ACAS and SCAP, HBSS and
other anti-virus devices
PROFESSIONAL EXPERIENCE
Information Assurance Manager/ DIACAP Team Lead Nov 14-Present
Sentar, INC (Walter Reed National Military Medical Center) Bethesda, MD
Manages the progress and status of the DIACAP efforts for the Walter Reed National
Military Medical Center (WRNMMC) DIACAP project. DIACAP Team Lead responsible for
leading a technical team (10 engineers) containing a mix of senior and junior engineers,
database administrators, and technical writers specializing in the development of the
DIACAP packages for over 100 medical devices. Responsible for the initiation, planning,
execution, and monitoring of the certification and accreditation process for these devices.
Assisted with the development of Request for Proposal’s (RFP’s) resulting in Sentar being
awarded multi-billion dollar 2 year w/ option contracts with the Department of Homeland
2. Security (DHS). Develops information assurance artifacts, performs vulnerability scans, and
provides remediation and mitigation guidance to system administrators and engineers.
Certification Authority Representative (CAR) CIO/G6 Aug 14-Nov 14
Meridian Technologies Fort Belvoir, VA
Directly supported the Chief Information Officer (CIO/G6), and Senior Information
Assurance Officer (SIAO)/ Certification Authority (CA) in the implementation of the
Department of Defense Information Assurance Certification and Accreditation Process
(DIACAP). Conducted technical reviews of DIACAP packages to gauge the level of
acceptable risk to networks or information Systems (classified and un-classified) within the
Contiguous United States (CONUS) and Outside the Contiguous United States (OCONUS).
Substantiated recommendations of accreditation's (e.g. ATO, IATO, IATT, Reciprocities, etc.)
before they are sent to the Designated Approval Authorities (DAA) for approval. Subject
matter expert on policies and requirements capable of providing input for changes,
determinations of applications versus information systems, and designations of Tactical
Platform Information Technology (PIT) and Platform Information Technology
Interconnections (PITI).
Information Assurance Manager Jul 13-Jul 14
Secure Mission Solutions, a Parsons Company Fort Belvoir, VA
Managed multiple PEO P2E and I3MP DIACAP projects while providing guidance to the
customers. Performed technical planning system integration, verification and validation,
risk and supportability and effective analysis for over plethora of network devices and
networks for all West Coast Army Military Posts and Bases. Completed Risk Assessment
Report (RAR) for the US Army BOMGAR appliance (used for remote help desk solutions) to
be placed onto AKO’s network, which was approved by the PEO deputy. IAM managing
voice and data network device upgrades for the I3MP Network Modernization (NETMOD)
and Installation Modernization (IMOD) efforts for all military installations on the West
Coast. Review and validates network device configurations, network topologies, and
POAMs for NETMOD and IMOD efforts providing assistance to the site NEC IAM’s.
Coordinate and facilitate working groups and meetings with customers, site IAM’s, and
engineers to determine requirements, individual responsibilities, and track project
statuses.
Senior Information Assurance Analyst Jun 12- Jun 13
GeoWireless, Inc. N. Charleston, SC
Created and managed the implementation of counter-measure and/or mitigation controls.
Provide guidance to customers by ensuring the integrity and protection of networks,
systems, and applications by technical enforcement of organizational and DoD information
security policies, through monitoring of vulnerability scanning devices and reports.
Managed and performed periodic and on-demand systems audits and vulnerability
assessments, including user accounts, application access, file system and external web
integrity scans to determine compliancy requirements. Developed organizational and DoD
required policies and procedures for C&A and DIACAP during Certification and
Accreditation activities. Prepared and managed POAMS and vulnerability management
reports from system audits and vulnerability assessments for risk management. Provided
3. technical and programmatic Information Assurance services to internal and external
customers in support of network and information security systems. Designed, developed
and implemented security requirements within an organization’s business processes.
Network Analyst II Oct ’11- Apr ‘12
Globalpundits, Inc. Columbia, SC
Developed and edited the Blue Cross Blue Shield of South Carolina (BCBSSC) Security
Information Management Team (SIM) information systems security management scanning,
vulnerability management, and IP360 desktop procedures for the Medicare, Tricare, and
Commercial Lines of Businesses (LOB). Managed and maintained the Vulnerability
Matrixes for the Medicare and Commercial LOB’s which includes over 20,000 devices.
Conducted PGD and Retina new install scans and device management scans for all LOB’s
providing engineers with device posture levels. Served as the liaison for BCBSSC consulting
clients (SSO’s) with best security practices for the Medicare, Tricare, and Commercial
LOB’s. Conferred with users to discuss issues such as computer data access needs, security
violations, and programming changes. Documented computer security and emergency
measures policies, procedures, and tests. Coordinated implementation of computer system
plan with establishment personnel and outside vendors.
Information Assurance Analyst May ‘11-Oct ‘11
Booz Allen Hamilton N. Charleston, SC
Drafted Standard Operating Procedures (SOP) for the VA AIDE Master Test Plan Database
used to generate test plans for various security control assessments which included test
cases for all security controls addressed in SP 800-53a Rev 1. Mitigation and Remediation
team member for Navy Medicine assisting with all vulnerability mitigation and
remediation’s using DoD authorized scanning tools Retina, Gold Disk, SRR’s, WSUS, REM,
HBSS in support of Navy Medical C&A processes. Provided mitigations and remediation’s
for Microsoft Server technologies to include Windows Server 2K3, Microsoft Office, IE, and
Windows XP.
Information Assurance Officer (C&A) Dec ’09- May ‘11
Secure Mission Solutions- SPAWAR N. Charleston, SC
Ensured the confidentiality, integrity, and availability of systems, networks, and data
through the planning, analysis, development, implementation, maintenance, and
enhancement of information systems security programs, policies, procedures, and tools.
Conducted risk assessments to identify possible security violations and to ensure system,
hardware, and software compliancy with DoD regulations and policies. Managed and
generated POAMs from self-assessment scans using DoD authorized vulnerability scanning
tools (retina, gold disk, SRR’s). Assisted engineers by analyzing risks and providing best
practice remediation’s and mitigations based on NIST, FIPS, and STIG’s. Organized and
conducted tabletop COOP’s for the C2 LAN ATO to maintain and ensure compliancy. In
charge of the certification and accreditation of the Navy Fleet NOC resulting in an
ATO. Implemented the SOM for the Navy Fleet NOC resulting in the elimination of
hundreds of risks ensuring backup and auditing procedures were documented and
implemented.
4. Information Assurance Manager Mar 09 –Aug ‘09
Glotel- Verizon Business Ashburn, VA
Developed Standard Operating Procedures (SOP’s) and related documentation for clients,
i.e. Contingency Plans (CP), Configuration Management Plans (CMP), Risk Acceptance
Reports (RAR), System Security Plan (SSP), and Rules of Engagements (ROE).Prepared and
delivered oral IA- focused presentations to technical and non-technical groups. Acted as a
liaison for clients, auditors, system administrators, and developers to complete an annual
assessment in a timely, professional, and organized manner. Included, but were not limited
to, performed Nessus scans after hours to prevent network interruption during work
hours, drafted and updated policies and procedures, and produced POAM’s and lifecycle
milestone schedules. Gave valuable insight and on-the-spot IA expertise to the Federal
Security Management (FSM) team and manager. Successfully completed the Department of
Labor’s (DOL) 2009 annual assessment on time and provided the customer with a thorough
Annual Assessment Report which assisted in having the reported risks mitigated in a
timely manner; thus resulting in the clients renewing their contract with Verizon Business.
Assisted system owners with overviews of artifacts such as C&A contractual boundaries,
diagrams, and ports and protocols as part of the continuous monitoring process. Instructor
for annual Information Assurance Training.
Senior C&A Analyst/ Information Assurance Officer Nov ’08- Jan ‘09
The Fountain Group- CACI Chantilly, VA
Evaluated ST&E plans, traceability matrices, and residual risk assessments that were
constructed based on the instructions presented in DoDI 8500.2 (DITSCAP), DoDI 8510.01
(DIACAP) and NIST 800-series publications. These duties included, but were not limited to
assisting clients with system security hardening and baseline development, analysis, and
auditing as well as analyzing detailed system design documents, network topologies,
operational procedures and other security centric documentation in order to obtain an
ATO for the Air Force IDECS Legacy and Modernization software.
Information System Security Officer Sept ’05- Nov ‘08
US Army Pentagon (E-6) Washington, DC
Conducted support to Pentagon organizations on matters relating to the vulnerabilities and
threats as they pertain to Computer Network Defense Service Provider (CNDSP)
responsibilities. As the Vulnerability Assessment Branch Team Lead, lead inspections and
assessments of Information Systems at the Pentagon, analyzed and evaluated Pentagon
secured networks, and recommended/evaluated procedures and products to improve the
overall security of those networks. Advised personnel on applicable network security
policies and procedures and coordinated and maintained liaison with appropriate DoD
personnel and staff from other government agencies in order to provide guidance on
network security matters, best practices, and assessment/audits. Served as the Non
Commissioned Officer in charge of the Network Security Services- Pentagon Certification
and Accreditation Branch and provided direct support to HQDA customers in the area IA of
C&A. Maintained and developed System Security Authorizations Agreements (SSAA’s) for
HQDA customers. Conducted monthly IAVM scans using Found stone and Retina scanning
software to ensure accredited computer systems of multiple Department of Defense
5. systems complied with DITSCAP. Non Commissioned Officer in charge of conducting and
tracking annual information assurance awareness training for all Soldiers and DA Civilian.
Information System Manager Dec ’03- Aug ‘05
1st CAV DIV- US Army (E-5) Fort Hood, TX
Responsible for the success of the deployment of the first tactical Voice over Internet
Protocol (VOIP) telephone network in a combat environment for OEF/OIF. Trained a team
of five personnel on the first use of the Command Post of the Future (CPOF) in an
operational theater (IRAQ). Help Desk Manager for the G-6 help desk for the 1st Cavalry
Division while deployed. Operated, maintained, and performed unit level maintenance on
the Multi Processing Unit Server in the 1st Cavalry Division Command Assault Vehicle that
provided remote secure and unsecure internet and VOIP communications. Accountable for
more than $2 million dollars’ worth of equipment to include: laptops, computers, monitors,
servers, scanners, printers, STE’s, Black Berries, cellular phones, and software as the CAV
Team project manager. Managed backup, security, and user help systems.
Help Desk Team Lead/System Administrator Nov ’02-Oct ‘03
501st Military Intelligence- US Army (E-5) Pyangtaek, Korea
Provided system and network administration support in the Install and maintenance of
network hardware and software. Analyzed problems, and monitored networks to ensure
their availability to the users. Gathered data to evaluate the systems performance,
identified user’s needs, and determined system and network requirements. Managed the
units exchange server, user accounts, and workstations. Assisted and instructed users on
system and application operations and security procedures.
Information Technology Specialist Mar ’00- Oct ‘02
I Corps- US Army (E-4) Fort Lewis, WA
Configured and managed Cisco routers, switches and firewalls. Installed, configured, and
monitored local and wide area networks, hardware, and software. Designed, Installed, and
maintained data communications between mainframe terminals, printers, LAN’s, and
remote site hardware. Installed, terminated, and managed Fiber and CAT-5 for LAN’s.
Installed and managed operating systems using Windows 2000, XP, NT, Server 2000/2003,
and Microsoft Office. Provided customer and network administration services such as
passwords, e-mail accounts, security, and troubleshooting. Constructed, edited, and tested
computer system programs.
6. EDUCATION/CERTIFICATIONS
Bachelors of Science Computer Science Computer Security
Capella University
Expected Graduation Date: March 2016
Security + CE Certified -COMP001020306548
Certified Information Systems Security Professional (CISSP) Training
Information System Security Officer (ISSO) Certification
CISCO CCNA Certification Training
Information Assurance Security Officer (IASO) Certification
GCCS UNIX & GCCS Basic Administrator Training
Information System Operator Analyst Certification