Deborah M.

Talley
2604 Larchmont Drive, Gwynn Oak, Maryland 21207
Home: (443) 200-3479
dt7ad3cc@westpost.net
Senior Systems Security Analyst, Honeybee Industries, Incorporated, Windsor Mill
s, Maryland 07-10
Lead Security Architect over Development team task with the creation of Honeybee
Information Assurance Manager Penetration Testing Appliance. I planned baselin
e security components of Honeybee Information Assurance Manager (HIAM) Penetrati
on Testing Appliance. Analyzed the architecture of the basis of competitor's pen
etration scan tool, verified that HIAM complied with NIST security scanner guide
lines. I supervised the development of the performance testing of HIAM in prepa
ration of Microsoft Server 2003 certification program. Provide implement suppor
t services, install and configuration support to customers using Microsoft Windo
ws Server 2003 and Windows Server 2008, and Microsoft Small Business Server 2003
, Microsoft Internet Information Server 2003, Microsoft SQL 2005, Microsoft Exch
ange 2005, and Microsoft Terminal Services businesses.
Senior Systems Information Security Analyst, Subject Matter Expert Computer Secu
rity Architect Lockheed Martin, Windsor Mills, Maryland 05-07
I wrote computer system procedures and I wrote the developer, administrator and
user manuals for Sun Identity and Access Manager. Data Center Operations Securi
ty advisory support services as a member of Lockheed Martin's Chief Technology O
fficer for Windows Server 2003 and Sun Solaris 9.0 Server Farm. Provide securit
y architectural planning for the implementation of Sun Identity and Access Manag
er that integrated with Microsoft LDAP, Microsoft Active Directory and IBM mainf
rame. Develop administrative guidelines and support for the configuration of th
e 300 Window Servers baseline user and group security policy profiles. Provided
penetration test support service to CMS using Tenable Security Center penetrati
on test solution in a data center consisting of 800 servers locate in the mid ti
er of a three tier infrastructure for CMS. Provide the leadership for the CMS d
eployment of a joint Department of Justice and Health and Human Services HSPD 12
. Develop formal HSPD 12 policy, processes, and procedures using the CMMI compl
iant standard process. Acting liaison between Lockheed Martin and CMS for the 5
0 software solutions and created a repository for Section 508 Compliance documen
tation. Develop provisioning checklists, test plans, and risk analysis documents
to ensure compliancy. I coordinated the implementation of IBM Tivoli Monitorin
g at CMS. We used it to identify all applications in need of 509 Compliance of
applications installed in the Lockheed Martin enterprise infrastructure at CMS m
anaged and maintained by Lockheed Martin. Coordinated the implementation of VPN
SAFENET for the Chief Technology Officer at Lockheed Martin I manually perform
ed a NIST 800 53 AUDIT for CMS System Security Group in preparation for a financ
ial and network Health and Human Services Inspector General Audit of the Centers
for Medicare and Medicaid 17,000 square foot. data center. Wrote the procedure
for PKI RACF mainframe environment. Lobbied for the creation of a heterogeneou
s network firewall environment from solely Checkpoint Firewall 1 to a Checkpoin
t Firewall 1 Nokia Firewall environment as a reduction of vulnerability strategy
. Lobbied for the purchase of, performed a cost analyst, developed implementati
on project plan, created a staffing plan, and established communication plan imp
lementing:
* VPN SafeNet Upgrade
* Checkpoint Firewall-1, Nokia Firewall Implementation
* Tenable Security Center Penetration Test Tool
* Datapower XML Firewall Appliance Implementation
* McAfee ePolicy Orchestrator Upgrade
* IBM Tivoli Monitoring Proactively manages the health and availability of your
IT infrastructure, end to end, including operating systems, databases and server
s, across distributed and host environments.
* IBM Tivoli Netcool/OMNIbus Consolidated fault monitoring for real time service
 management
* IBM Tivoli Provisioning Manager Provisions and configures servers, operating s
ystems, middleware, applications, storage and network devices
* IBM Tivoli Configuration Manager Delivers an integrated solution for deploying
software and for tracking hardware and software configurations across an enterp
rise
* IBM Tivoli Network Manager IP Edition Real time network discovery, topology an
d root cause analysis for layer 2 and 3 networks
* IPv6 Implementation
* HSPD-12 Implementation
Senior Systems Security Engineer, General Dynamics Corporation 03-05
C & A Information Security point of contact for www.va.gov which is a web hostin
g application provider containing 80 Internet Information Servers, supporting ov
er 2000 users for Department of Veteran Affairs and 31 major applications. I ha
d responsibility for implementing FISMA for the Enterprise Management, Web Divis
ion. This consisted of filing the interim authority to operate documents, such
as, the System Security Plan, the Contingency Plan, the Continuity of Operations
Plan, the Security Testing and Evaluation Plan to receive FATO. Coordinated th
e penetration test results migration efforts and included them in the updated Co
ntingency Plan. Planned, documented and coordinated the C & A process for new s
ystems in the FISMA database, which was the starting point for the certification
, and accreditation process at the VA. Recommended by senior management to assis
t and support other divisions inside VA in the preparation of the request for Ce
rtification and Accreditation for the Full Authorization to operate which lead t
o seven major computer systems to receive Full Authorization to operate status a
t the Department of Veterans Affairs. Worked with USCERT and VACIRC to coordinat
e and update hot fixes and dat files in response to threats daily. Provided admi
nistrative support for the maintenance of McAfee ePolicy Orchestrator, an anti v
irus solution in the Windows environment, supervising the work of two staff to a
dminister the process. Provided patch management administrative support services
for Web Operations with St. Bernard and McAfee ePolicy Orchestrator for 80 Wind
ows Server 2000 web hosting facility. I saved VA several million dollars by show
ing that the 5,000 system owners incorporated inside of my application for full
authority to operate. Responsible for keeping abreast of all VA CIRC, US CERT Co
mputer Emergency Response Team bulletins and their applicability to web server f
arm and provided consultation to management team the findings. Expert level kno
wledge of Federal Information Security Management Act provides security guidance
and compliance allow me to assist in saving the Office of Information Cyber Sec
urity from having to process over 2000 systems through the accreditation and cer
tification process. Wrote the Interconnect Security Agreement between the Silver
Spring, Maryland and the Hines, Illinois Office of Information.
Information Systems Security Manager, eBusiness Security Solutions 02-03
As security team lead architect, provided service to North American and Canada s
upporting companies that were Computer Associates Value Added Implementers. I a
cted as an advisor to architects responsible for implementing solution that incl
uded documentation of client business requirements, identified vulnerabilities a
nd defined security policy for midsized companies.
Information Systems Security Consultant, Computer Associates 99-02
Provide expert level architectural assistance to very large organizations locate
d in North American and Canada in designing eTrust security solutions. Identifi
ed, architect, documented client business requirements, and define security poli
cy for many clients including but not limited to the National Hockey League Webs
ite Project. At NHL website architect, installed and configured eIntrusion Detec
tion, eFirewall. As Lead eTrust, Architect, on project for www.Betrusted.com a
subsidiary of Pricewater House Coopers, planned installed and configured eAudit,
eAdmin, eAccess Control, eIntrusion Detection. Tested and assessed network sec
urity to ensure that it meets the intended security objectives and functions. D
esigned, conducted periodic, ad hoc security auditing of IT systems and networks
 to identify security incidents and breaches for Social Security Administration
with ePolicy Compliance Manager. Assisted them in auditing existing security pol
icy implementation and assess for adherence to security best practices. Recommen
d and implement IT system security hardening and configuration guidelines to enh
ance system and environment or enterprise security. Installed, configured and d
esign eVPN Project for the Federal Reserve's Automated Systems Division. This pr
oject consisted of nine locations that required encrypted communications across
the Internet. Lead a FAA Unicenter/eAudit trial. This client wanted to integrat
e points of data to Unicenter from the midrange mainframe called Tandem then cre
ate an audit log using eAudit. My assignment was the integration of eTrust Audit
with Unicenter data from Tandem Computers. This client had nine airports that a
cted as central hubs for the hundreds of other airports. This centralized data i
mported into eAudit as a log file repository. The First Bank of Puerto Rico tria
l consisted of a one month where this client had three banks offering internet a
ccess to bank accounts through the internet. They used eIntrusion Detection at
three locations reporting to a centralized management console located at headqua
rters. eAudit used to gather security logs from the various platforms that consi
sted of Sun Solaris platform.