Maureen A. Collins 6813 Silverbrook Drive Spotsylvania, Virginia 22553 Home: (540)548-2689 Cell: (540)735-6658 Email: mc1326014@westpost.

net OBJECTIVE: To obtain a position that exemplifies project management, security, certification and accreditation and communication skills for Information Technol ogy Information Assurance policies and projects. Superior Technical Resources (SRC) December, 2010 Present United States Air Force (Andrews Air Force Base, Maryland) Technical writing using the DIACAP process Extensive experience in the research and analysis for Plan of Actions and Miles tones (POA&M) mitigations and strategies, Scorecard (FISMA), System Implementati on Plan (SIP) and overall regulations and policies via NIST, CNSS, FISMA, FIPS, DISA, and other Information Technology laws, rules, and regulations. Risk Management processes incorporated with process Strategic meetings to technically write System Security Plans and Standard Oper ating Procedures for Network devices, architecture, CONOPS, requirements, connec tions, port and protocol services, and other documentation. Contingency Planning, Disaster Plans, Backup plans for systems reviewed and mod ified for FISMA scoring. Included were elements of emergency response procedures for any incident or activity that may endanger lives, property, or the capabili ty to perform essential functions. Federated IT (July, 2010 September, 2010) Reston, Virginia C&A/IT Specialist Contract included preparing, writing, and researching NIST SP800-53 Rev 2 and R ev 3controls for current Certification and Accreditation (C&A) for 2 projects wi th critical Department of Homeland Audit Reviews. Attended meetings with points of contact for Configuration Management, Network Administration, and Database controls to provide support for C&A projects for FI SMA compliance. Knowledge of Rev2 NIST 800-53- Rev 2 and Rev 3; along with other NIST, DIACAP, and FISMA requirements for Information Technology security ( NIST SP 800-53, SP 800-47, SP 800-46, SP800-37, SP800-26, SP800-14, FISMA, CC2.1+,SP800-18, NSA/CSS 130-1, 130-2, NSTISSP No11, OMB A-130, DCID 6/3, DIACAP 8500, DIACAP 8500.1) Technical Writing for Plan of Action and Milestones (POA&M), System Security Pl an (SSP), System Assessment for Risk Management (SAR), vulnerability scans using NESSUS, Authority to Operate (ATO) recommendation, e-authentication requirement s, designation of roles and responsibilities, Requirements Traceability Matrix ( RTM) using the NIST methodology, CNSS, and DHS requirements. Provide security program support for Chief Information Security Officer (CISO) FISMA compliant worked in 2 week timeline to provide FISMA Scorecard review f rom DHS for project; very few discrepancies. Wrote SSPs, POA&M, SRTMs, RAs, and all other associated ISSO documentation to c omply with C&A Risk Assessments and Risk management plans based upon threat, significance of o ccurrence, and vulnerability were reviewed, assessed and provided as part of the overall C&A package Provided mitigation strategies for the reduction of risk to meet the ATO timeli ne and minimize risk. Contingency Planning, Disaster Plans, Backup plans for systems reviewed and mod ified for FISMA scoring. Included were elements of emergency response procedures for any incident or activity that may endanger lives, property, or the capabili ty to perform essential functions.

Ensured vulnerability scans were completed using Nessus 4.0 for system review a nd analyzed results, provided report and recommended mitigation results. SARUM LLC (November, 2009 - May, 2010) 5400 Shawnee Avenue Suite 110 Alexandria, VA 22312 C&A Specialist C&A Specialist using DIACAP to review critical packages for accreditation Tracked POA&M items to completion Worked in a team environment to modify, change, and control templates used for government Provided weekly status in a timely manner to ensure compliance Reviewed POA&M, SCORECARD, DIP and SIP for appropriate artifacts and wrote leng thy reports on each control Worked on FISMA C&A Packages to report progress to OMB Wrote recommendations on how to reduce risk for POA&M items Wrote policy documents and researched white papers on tool enhancements and usi ng new tools in the environment IT Security Specialist Federal Bureau of Investigation (FBI) (2005 - July, 2009) Retired -7/1/2009 Accreditation Representative in IA for several FISMA related systems Knowledge of ODNI and Intelligence Community re-vitalization effort for C&A Worked on policy objectives for new C&A efforts with CNSS, NSA, DOJ, ODNI, and FBI Advised and wrote policy for FBI related to IA Security measures, i.e. PED, cro ss-domain, etc. using NIST Risk Framework Wrote white papers and worked on research for cloud computing in environment Advised and worked on advisory boards for C&A revitalization for CNSS policy Wrote security documentation; i.e. Risk management plans, Risk assessment, cont ingency plans, System security plans, Concept of Operations, Accreditation recom mendations, status reports, management reports, presentations for tools, and map ping of organizational goals to strategic goals in all positions that have been held. Approved SRTMs in relationship to NIST guidelines Mapped RTM to other C&A documents and ensured all requirements were met Attended training class for comparison of NIST and DIACAP methodology Analyzed DIACAP document for implementation at a Defense facility Managed and tracked the POA&M process for executive management; tracked conting ency plans and other FISMA artifacts for C&A of systems Risk Management Assessment and Risk Analysis white papers written to support Ri sk Executive in C&A Transition. Worked on evaluation of tools for IAS and CIO usage to streamline C&A Created database for tracking POA&M items and Risk Management Matrix items for all systems and kept history to compare with new tool that I advised to procure. Provided security program support to the Chief Information Officer (CIO) Prepared system security plans and prepared accreditation package with recommen dation to approve or deny system implementation/production Knowledge of DoD, ODNI, DOJ, Exhibit 300, FISMA, FBI, NIST, DIACAP, and other security policy, guidelines and law. Responsible to brief and present various issues on security of a system; attend meetings, and resolve issues with various stakeholders Wrote white papers on Risk Assessment and risk methodology, as well as, calcula ted risk (threat assessment) for system deployment for C&A. Reviewed Certification Test Reports (CTR), Test Analysis Reports (TAR) and thre ats to systems. Wrote POA&Ms from Foundstone scans based on CTRs and TARs and wrote threat anal ysis. Reviewed SSPs and ensured that the ISSO updated the documentation.

Reviewed accreditation boundaries of systems and advised system owners and ISSM s if firewalls or VPNs were required Drug Enforcement Administration 1993-2005 (Government) COTR for several systems in previous job reviewed RFPs, evaluations, aligned o rganizational goals with strategic goals. Provided QA and QM support to reach CMMI Level III compliance. Risk Management Assessment and Risk Analysis papers written to support Risk Exe cutive in C&A Transition. Worked on evaluation of tools for IAS and CIO usage to streamline C&A Created database for tracking POA&M items and Risk Management Matrix items for all systems and kept history to compare with new tool that was brought in. Implemented new tool (Rational Tool Suite) and trained users on all components and roles COTR for Web Implementation of Web Architecture Wrote compilers, programmed, and created several management artifacts in previo us jobs.

CERTIFICATIONS: o Global Information Assurance Certificate (GIAC) January 2010 January, 2013 o Department of Homeland Security Information Awareness Course (July, 2010) o Federal Information Security Management Act (FISMA) presentation May, 2010 o Auditing Logs for IA Managers June, 2010 o Information Assurance Policy And Technology Course May, 2010 o Zero Day Attacks and Prevention Version 1.0 May, 2010 o DoD 8570.01-M IA Workforce Improvement Program Lesson (V2) May, 2010 o Information Assurance Policy and Technology Course, May 2010 o Information Assurance Vulnerability Management (IAVM), April 2010 o Federal Information Security Management Act (FISMA), May 2010 o Security Technical Implementation Guide (STIG) presentation, April 2010 o Auditing Logs for IA Managers, March 2010 o Information Assurance Controls, February 2010 o Information Assurance Security Awareness, Nov-2009-Present o DoD 8570.01-M IA Workforce Improvement Program V2 o Zero Day Attacks and Prevention Version 1.0, May 2010 EDUCATION 1989-1999 Associates in Applied Science: West Virginia University; Parkersburg, WV Clearance: ACTIVE TS/SCI Clearance (Currently in JPASS) Available: Immediately May, 2011 References: 1. Eugene Fowler (PM) Federated PM 301-904-1207 2. Mark LoGalbo (SARUM CEO) 703-2 03-8879 3. Vernon Campbell (202) 383-9670 Vernon@ve rnoncambell@com [FBI co-worker] 4. Pauline Stillwell (443) 243-1651 (HOME) Former colleague at FBI 4. Lee Shelton 202-383-8717 Lee .shelton@ic.fbi.gov [FBI Government UC] 5. Aaron Wallace Cell: (563)-676-3300 AWallace @sarumllc.com [SARUM Chief Operations] 6. Brad McAllister cell: 703) 774-5023 orker] bmcallister@sarumllc.com [SARUM co-w