Sample Template Example of Beautiful Excellent Professional Curriculum Vitae / Resume / CV Format with Career Objective, Job Description, Skills & Work Experience for Freshers & Experienced in Word / Doc / Pdf Free Download
Download Resume Format
My cumulative work experience spans all
aspects of the software/system life cycle. Development experience includes
design, code, test and integration of software products. Management experience
includes the business acquisition process, the proposal process and the role of
project leader. Additional experience includes field installation, field
support and training (in-house and in the field). My career focus progressed
from Software Developer, to System Integrator, to Task Leader, to Systems
Engineer and finally to Information Systems Security Engineer (ISSE).
As an Information Systems Security
Professional (ISSP) I deal with information security as an integral function of
the total enterprise. I work to develop and maintain an overall coordinated
security program. A major part of the ISSP role is to raise the company's
awareness of the security needs of the enterprise. The ISSP works with the
company to assess where they are today, to define where they want to be in the
future and help develop a strategy to get there.
A complete security program must consider
hardware, software, people and process and therefore must include, but is not
limited to: policy definition, technical controls, physical controls,
procedural controls, monitoring, awareness training, incident response,
disaster recovery, and business continuity.
A primary component of my work experience
can be characterized as Risk Management, including performing risk assessments,
risk reviews, risk evaluations and cost benefit analysis. Risk Management
includes assessing current controls in place, selection of new controls and the
evaluation of new controls prior to implementation.
A secondary component of my work experience
can be characterized as security compliance and metrics. Compliance assesses
the degree to which the enterprise complies with corporate security policies,
contractual security requirements and statutory security requirements. Metrics
provide a measure of how well the enterprise is meeting its’ security goals,
requirements and obligations.
Risk Management and Compliance Management
encompass the foundational concepts and skills required for implementing and
managing:
- Health Insurance Portability and Accountability Act (HIPAA)
- Gramm-Leach-Bliley Act (GLBA)
- Sarbanes-Oxley Act (SOX)
- Payment Card Industry (PCI) Data Security Standard (PCI DSS)
- DoD Information Assurance Certification and Accreditation Process (DIACAP)
Other non-security related work experience
includes, but is not limited to: math teacher, software programmer, software
engineer, systems engineer, database developer, technical writer, process and
procedure developer.
In my most recent position I worked in
Program Protection providing security for all of the program’s critical
information assets. In this position I
revised and maintained the Program Protection Management Plan (PPMP). The PPMP is an umbrella document that spells
out how all the program’s information protection requirements are to be
implemented. I was integral in
developing the Security Training Road Show, a security awareness initiative to
communicate security policies, resources and responsibilities outlined in the
PPMP to all program sites and personnel.
I developed the Program Protection Assessment (PPA) process, which
assesses the degree to which the PPMP is implemented and followed at all
program sites. I planned, coordinated and conducted the monthly Team Execution
review (TER) meeting. I planned, coordinated and participated in the quarterly
program wide System Protection Working Group (SPWG) meetings. Tasking included:
·
Manage,
develop, maintain and execute procedures and processes
o
Program
Protection Management Plan (PPMP)
o
Program
Protection Unique Processes
o
GMD
Processes and Procedures (PnP)
·
Perform
assessments
o
Program
Protection Assessment (PPA)
o
Enterprise
Service/Application Assessment (ESA)
o
Classification
Assessments
o
Risk
Assessments
·
Design,
develop and maintain custom internal tools
o
Classification
Activities Tracking Database (CATDB)
o
Proposal
Activities Tracking Database (PATDB)
o
Products
List Tracking and Statusing Database
o
Action
Item Tracking and Statusing Database
o
Hot
Items List (HIL)
o
End of
Day Processing Tool
·
Create
and maintain metrics
o
Classification
Activity Metric
o
Proposal
Activity Metric
o
Action
Item Metric
·
Coordinate
joint Boeing and customer meetings
o
System
Protection Working Group (SPWG)
o
Team
Execution review (TER)
·
Provide
proposal support and represent Program Protection
o
ECPs,
Tis, TAs, ROMs, etc.
·
Develop
training materials and deliver training
o
Security
Classification Guide (SCG) Training
o
For
Official Use Only (FOUO) Training
o
Encryption
Training
·
Establish,
manage and maintain Points of Presence
o
Boeing
GMD Portal
o
MDA
Knowledge Online (MKO)
o
Integrated
Development Environment (IDE)
o
Program
Protection & Security SharePoint
In my previous position my responsibilities
as Information Security Engineer included:
·
Providing leadership and
direction for the Information Security Program;
·
Facilitating and providing
guidance to the Security Council (VPs and Directors) and the Security Working
Group (Managers and Administrators); Establishing policies, standards,
guidelines, procedures and controls ensuring the security and integrity of all
computing environments, networks, systems and information assets;
·
Defining and developing
methodologies, processes and procedures for penetration testing, vulnerability
scanning, log monitoring and incident management;
·
Working with the Development,
Roll-Out and Quality groups to incorporate security into their respective
processes;
·
Providing support to Internal
Audit in developing and conducting security audits and reviews;
·
Acting as liaison with the
Legal Department on matters of electronic privacy, acceptable use, terms of service
and 3rd party agreements;
·
Assisting the Regulatory Group
with the annual European Union Audit and privacy initiatives;
·
Providing security consulting
and expertise to all projects;
·
Promoting security awareness
across the enterprise with security web pages, security presentations and
security reading rooms;
·
Performing risk reviews, risk
assessments and product reviews for functional groups, such as Human Resources,
Finance and Product Development;
·
Supporting Technical Operations
and Internal Systems with the planning and design of security solutions for all
Intranet and Internet connectivity;
·
Assisting the Marketing Group
in responding to security questions and issues that come up as part of the
proposal process.
CERTIFICATION: Certified
Information Systems Security Professional (CISSP)
EDUCATION: University of
Florida Math Masters
CLEARANCE: DoD Top Secret
clearance SSBI (valid/inactive)
CONTACT INFORMATION:
James O. Truitt
james.o.truitt@att.net
256-830-1184
Other
specialized training:
- Certified Information Systems Security
Professional (CISSP)
- CSI Secure Network Architecture
- CSI Secure Network Vulnerability
Assessment
- MIS Security Managers' Symposium
- NTI Computer Forensics
- Global Knowledge Ultimate Hacking
The following pages provide a full work
history.
Boeing (2/04
– 7/11)
Position: Information Security Engineer
In this position I worked in Program
Protection providing security for all of the program’s critical information
assets. In this position I revised and
maintained the Program Protection Management Plan (PPMP). The PPMP is an umbrella document that spells
out how all the program’s information protection requirements are to be
implemented. I was integral in
developing the Security Training Road Show, a security awareness initiative to
communicate security policies, resources and responsibilities outlined in the PPMP
to all program sites and personnel. I
developed the Program Protection Assessment (PPA) process, which assesses the
degree to which the PPMP is implemented and followed at all program sites. I
planned, coordinated and conducted the monthly Team Execution review (TER)
meeting. I planned, coordinated and participated in the quarterly program wide
System Protection Working Group (SPWG) meetings. Tasking included:
·
Manage,
develop, maintain and execute procedures and processes
o
Program
Protection Management Plan (PPMP)
o
Program
Protection Unique Processes
o
GMD
Processes and Procedures (PnP)
·
Perform
assessments
o
Program
Protection Assessment (PPA)
o
Enterprise
Service/Application Assessment (ESA)
o
Classification
Assessments
o
Risk
Assessments
·
Design,
develop and maintain custom internal tools
o
Classification
Activities Tracking Database (CATDB)
o
Proposal
Activities Tracking Database (PATDB)
o
Products
List Tracking and Statusing Database
o
Action
Item Tracking and Statusing Database
o
Hot
Items List (HIL)
o
End of
Day Processing Tool
·
Create
and maintain metrics
o
Classification
Activity Metric
o
Proposal
Activity Metric
o
Action
Item Metric
·
Coordinate
joint Boeing and customer meetings
o
System
Protection Working Group (SPWG)
o
Team
Execution review (TER)
·
Provide
proposal support and represent Program Protection
o
ECPs,
Tis, TAs, ROMs, etc.
·
Develop
training materials and deliver training
o
Security
Classification Guide (SCG) Training
o
For
Official Use Only (FOUO) Training
o
Encryption
Training
·
Establish,
manage and maintain Points of Presence
o
Boeing
GMD Portal
o
MDA
Knowledge Online (MKO)
o
Integrated
Development Environment (IDE)
o
Program
Protection & Security SharePoint
Worldspan (7/98 - 11/01)
Position: Information Security Engineer
In my previous position my responsibilities
as Information Security Engineer included:
·
Providing leadership and
direction for the Information Security Program;
·
Facilitating and providing
guidance to the Security Council (VPs and Directors) and the Security Working
Group (Managers and Administrators); Establishing policies, standards,
guidelines, procedures and controls ensuring the security and integrity of all
computing environments, networks, systems and information assets;
·
Defining and developing
methodologies, processes and procedures for penetration testing, vulnerability
scanning, log monitoring and incident management;
·
Working with the Development,
Roll-Out and Quality groups to incorporate security into their respective
processes;
·
Providing support to Internal
Audit in developing and conducting security audits and reviews;
·
Acting as liaison with the
Legal Department on matters of electronic privacy, acceptable use, terms of service
and 3rd party agreements;
·
Assisting the Regulatory Group
with the annual European Union Audit and privacy initiatives;
·
Providing security consulting
and expertise to all projects;
·
Promoting security awareness
across the enterprise with security web pages, security presentations and
security reading rooms;
·
Performing risk reviews, risk
assessments and product reviews for functional groups, such as Human Resources,
Finance and Product Development;
·
Supporting Technical Operations
and Internal Systems with the planning and design of security solutions for all
Intranet and Internet connectivity;
·
Assisting the Marketing Group
in responding to security questions and issues that come up as part of the
proposal process.
Booz-Allen & Hamilton (1/97 - 6/98)
Position: Senior Associate
Network Security and
Information Assurance (IA) task area leader supporting the IA Branch of N5 of
the National Communications System (NCS), which included supporting the Network
Group (NG) and Information Infrastructure Group (IIG) of the President's
National Security Telecommunications Advisory Committee (NSTAC). Additionally I
was involved in the Firm’s Information Security (IS), Information Warfare (IW),
Infrastructure Protection (IP) and IA activities. I managed a small group of
six consultants.
SSDS, Inc. (11/95 - 5/96)
Position: Security Engineer
GlaxoWellcome Firewall
migration, supported the customer's project to consolidate two existing
firewalls (TIS Gauntlet and DEC SEAL) into a single new firewall (TIS
Gauntlet), supported business development activities and assisted in the
development of security services offerings.
General Research Corporation International (6/95 - 11/95)
Position: Information Systems Security Engineer
Defense Investigative
Service (DIS) Integration program Information Systems Security Engineer for the
integration effort, responsible for the integration of security controls in the
overall DIS integration effort. Responsibilities include; review of the DIS
Computer System Security Plan (CSSP), review and refine security requirements,
provide support to the test organization for developing security test plans and
procedures, define and create a Security Integration and Test Environment
(SITE), interface with customers to resolve security issues and develop
solutions for the program, work with vendors to assess how their products may
be applied as part of the DIS security solution, assist in the development of a
Continuity of Operations Plan (COOP) for DIS.
Harris Information Systems Division (10/89 - 12/94)
Position: Staff Engineer
National Crime
Information Center (NCIC) 2000 program Security Engineer, with full
responsibility for security in the developed system. A major component of the
security effort was the development and integration of an intrusion detection
capability.
* Security requirements analysis and
allocation
* Security presentations at program
reviews:
System Requirements Review (SRR), System Design Review
(SDR),
Preliminary Design Review (PDR), Critical Design Review
(CDR),
In Process Reviews (IPRs), Technical Interchange meetings
(TIMs)
* Create
security documentation:
System
Security Plan (SSP), Security Architecture, Security CONOPS, Security Policy,
Trusted Facility Manual (TFM)
* Designed Intrusion Detection
subsystem:
Assessed hardware/software components, generated design
documentation;
Prime Item Specification (B1), Software Requirements
Specification
(SRS),
Interface Control Document (ICD)
ISDN Security Program:
Exposed to ISDN protocol, ISDN services, ISDN security, ISDN Key management
services, Secure Data Network System (SDNS) security protocol (a study/research
activity).
DNS team: The DNS team
designed the replacement network for NASA's back-end DNS, migrating from
dedicated point-to-point communication lines to a true, networked environment
using the TCP/IP protocol suite. Tasks dealt with computer/network security
issues/concerns associated with this migration. This culminated in a 75 page
Security White Paper and four ESRs to implement the papers recommendations.
* Performed Risk Analysis:
Identified
assets and threats, evaluated vulnerabilities, determined probabilities and
assessed impact due to breach of security
* Developed recommendations for risk
mitigation
* Proposed
controls included:
Firewalls,
gateways, packet filtering, hand-held authenticators, restricted shells, use of
proxies, Kerberos
* Network
architecture: FDDI backbone bridged to FDDI global buses, in turn routed to
Ethernet LANs
* Worked with routers, bridges, comm
servers
* Worked with TCP/IP, SNA, GOSIP/OSI
* Worked with Ethernet, Token Ring
* Generated
estimates for cost and schedule to implement security ESRs selected from DNS
Security White Paper
* Researched
and evaluated the feasibility of implementing hand-held authenticators for
access control
Range Operations
Checkout and Control (ROCC) program: Provided coding support in the areas of
data acquisition and display processing. Development was done per
DoD-STD-2167A.
* Design, code, test, integrate,
document custom software
* Designed, coded, implemented test
drivers and automated test files
* PDL, Peer reviews, code walkthroughs
* 17 CSUs, 125 modules, 40,000 LOC
(these are approximate values)
* Involved re-engineering a large amount
of legacy code
Cost History Database
(CHDB): Designed and implemented an Oracle database to house project measures
and metrics related to project estimated and actual cost and schedule. Designed
and implemented Sequel screens to access, format and display the data. Designed
and implemented standard reports.
Harris Controls Division (12/77 - 10/89)
Position: Associate Principle Engineer.
Real-time Supervisory
Control and Data Acquisition (SCADA) systems for electric utilities: Activities
covered all areas of system development, system configuration and build,
database configuration and build, system integration and test. Developed and
taught custom courses and provided support for problem resolution (phone
support and on-site support). I designed, coded, integrated, tested and
documented custom code. General
categories included: Data Acquisition
(DAC), Man-Machine-Interface (MMI), Database (DB), data links and handlers. The
coding was done in assembly language and FORTRAN. Other activities included Task Leader and
proposal support.
Computer Science Corporation (10/77 - 12/77)
Position: Scientific Programmer.
Continuation of work
done for Federal Electric Corporation
Federal Electric Corporation (6/77 - 10/77)
Position: Scientific Programmer.
Centaur launch support:
Maintained programs written in Honeywell’s GMAP assembly language and provided
programming support to the weather office at the Kennedy Space Center. Designed, coded, tested and integrated a
program to plot wind shears. Programming
was done in BASIC.
Brevard County School Board (3/71- 6/77)
Position: Teacher, Secondary Mathematics.
Taught high school
mathematics including, basic math, algebra, geometry and trigonometry.
Download Resume Format
.JPG)
0 comments:
Post a Comment