Professional Documents
Culture Documents
B ROWN
Miss ou ri C it y, T e xa s
P h: 7 0 3 .7 9 8 .0 5 4 5 E ma il : jwb123@gmx.com www.linkedin.com/in/jwbrown/
Project Management
Client/Server Architecture
Vulnerability Assessments
Incident Response Reporting
Productivity Improvement
Security Monitoring
Performance Analysis
Business Continuity Planning
Disaster Recovery
Compliance Analysis
Systems Administration
Network Activities
Consistently maintained customer confidence in teams ability to produce results by effectively managing customer
relations and delivering all work products on time, with attention to quality.
Saved users numerous hours of reviewing each requirement and deciding its applicability to their systems above by
facilitating greater usability of database through development of questionnaire to be presented to each user once
database was open.
Reassigned as a senior Information System Security Officer to help the US Secret Service rebuild its security compliance
team. Defined procedures for capturing asset inventory information and for identifying vulnerabilities and mitigation
strategies. Developed test strategies for testing security controls of a new application and oversaw writing of System
Security and Contingency Plans.
Delivered critical Veterans Affairs project, a deployment of a Governance, Risk and Compliance (GRC) tool, RiskVision,
on time and within budget. Oversaw staff of ten, ensured project deliverables were submitted on time while meeting
quality standards.
Improved VAs Security Authorization assessments by authoring number of project deliverables including Service Level
agreement, Help Desk Plan/Procedures and Escalation plan, utilizing MS Project for project planning and tracking activities.
Maintained project productivity by establishing Service Management Plan and Procedure based on combination of
Information Technology Library and Microsoft Operation Framework Guidelines and creating ticketing procedures using
Computer Associates Service Desk Manager.
Enabled capturing of asset and vulnerability information and ability to perform continuous assessment of their
information systems 400,000 assets and 600 systems.
Personally completed the implementation of the contracts required 24x7 help desk support / call center despite lack of
funding by negotiating for less coverage, establishing staggered work schedule to address prime coverage. Funds
subsequently reimbursed when it was determined that center was key to continued work on contract.
Delivered comprehensive Security Management Program covering asset management, change management, business
continuity and disaster recovery planning, vulnerability management and risk management.
Led security assessment of several cloud-based systems including Amazon Web Services and Salesforce Cloud Services,
both hybrid Cloud implementations that where part Infrastructure as a Service (IaaS) and Software as a Service (SaaS).
Provided recommendations for data encryption and operational security to comply with Federal security policy.
Wrote all System Security and Contingency plans as well as Configuration Management Plans for all systems,
collaborating daily with Cyber security team.
Instrumental in reducing vulnerabilities, implementing new systems and evaluating new technologies by overseeing all
aspects of the Information System Security Program.
Provided security compliance, vulnerability management and risk management for all DM systems, consisting of two
general support systems and 18 major applications.
Successfully brought all systems into compliance, updated their documentation, reduced vulnerabilities and
reaccredited all systems.
Program included approximately 20 applications including three General Support Systems, with the rest being Major
Applications. GSS accounts for 40,000 assets across 19 locations and process involved establishing an effective account
management procedure and all system accounts.
Established vulnerability assessment procedure, mitigation process, patch management process and change
management process which was updated to include security review and risk assessment procedure.
Maintained business continuity in case of failure by creating Business Impact Assessment before developing allencompassing contingency plans to address all scenarios such as natural disasters, accidents, human errors or hardware
failures.
Effectively maintained and managed Contingency Plans by leading a Business Impact Assessment (BIA) prior to writing
the CP, including plans which called for high availability which meant there was instant failover in case of an outage with
no loss of service to business or customer and systems with low availability that could sustain a small period of time
without service with minimal impact to user community.
Successfully completed security assessment and authorization of 20 systems, maintaining compliance with FISMA, the
Federal Information Security Management Act.
Hired as part of Transportation Security Administration (TSA group) following departure of previous ISSO during
companys rebuilding process to address backlog of security issues. Directed all phases of TSAs most complex system
including the wide area network, local area network, windows infrastructure and end-user devices.
Significantly reduced over 400 action plans to a manageable few in just eight months including consolidation of all
440 remote operations ensuring physical and technical controls were up to TSAs standards; first agency up and
running in the new Department of Homeland Security Data Center.
Awarded ISSO of the year by the Department of Homeland Security.
Served as active member of Change Control Board with voting rights on any system changes such as firewall rules,
configuration files and hardware changes.
Assigned to the National Guard Bureau (NGB) as their Project Manager during companys conduction of an asset
inventory of all NGB IT assets across the 50 states and four territories. Facilitated interface with the inventory team
and NGB.
Played key role in deciding to store data collected into searchable online database; once database deployed, ensured
that system was documented and accredited by developing all necessary documentation required.
Acted as Principal writer of security documentation and building a small business practice to offer security
assessment services to other groups such as the Department of Agriculture and the National Geological Survey, which
led to companys diversification and development of Managed Services offering for small-to-medium businesses that
included a security operations center providing 24/7 client monitoring.
Launched this startup that developed a simulation modeling tool that predicted response times and resource utilizations
in a MS Active Directory Network; joint venture included team of developers from the U.K. and a directory services
company from Phoenix, while personally serving as simulation modeling SME. Coordinated all team components to
ensure optimum system functionality.