1. David M. Patterson
1837 Staley Manor Drive
Silver Spring, MD 20904
Home: 301-388-0117
Cellular: 301-237-0378
drd.drd@verizon.net
SUMMARY
Senior Cyber Security Engineer with 31 years’ experience and expertise as a Technical Manager, Hardware Engineer, System and Network Engineer.
Monitoring, analyzing, migration, designing, consulting, deploying, troubleshooting and Project and technical Management of large network
systems .Proven record of evaluating system vulnerabilities, compiling actionable analysis, reporting threats, and recommending security
improvements. Ability to quickly assess and troubleshoot complex problems involving a wide variety of information systems, work independently
on large-scale projects, and thrive under pressure in fast-pace environments. (This is just a few of many Technical and Managerial task I have done
in the Federal Government and commercial space.)
TECHNICAL SKILLS
Security Applications Tools: ISS Real Secure IDS, Snort IDS, Tipping Point IPS, ISS Proventia IDS, Juniper Net Screen IDS, McAfee Intrushield Gateway
IPS, Trend Micro Antivirus Virus, Symantec Enterprise Anti-Virus tools, Anti-Virus tools, Linksys, D-link Firewalls, Check Point NGX Firewalls, Juniper
Firewall, Security Event Management of firewalls, ISS RealSecure, Tivoli Big Fix, Nessus, Nmap LEM Checker, Web Sense 6.2, Bluecoat Proxy SG
8000 Series, Iron Port, SIEM monitoring, HP ArcSight SIEM, HP Sensege SEIM, Cisco Mars SIEM, Tenable Security Center, Fore Scout NAC Active
Scout & Counteract CT4000, Symantec EP ,McAfee Virus Shield, McAfee Nitro SIEM, McAfee ePO, Bluecoat Proxy SG810 & SG510, Niksum Packet
Analyzers, Riverbed Cascade Anomaly Detection, Fire Eye CMS 4310: WEB MPS 4300 & Email MPS 5000 , Cisco Iron Port Email security, Imperva
Application Firewall Secure Sphere X4500: Secure Sphere X2500 & Secure Sphere M150 , DB Protect ver. 8.1 and Symantec DLP, Checkpoint IPS and
IBM Site protector IDS. Cisco IOS, N-Stalker Enterprise 2012, HP WebInspect , Nmap, Super Scan4, Retina Network Security Scanner 5.17.1, Http
TrafficGen, GFI LanGuard 11.0, Cain 4.9 and Backtrack 5,
Working on my Security + and CEH Certs
Operating Systems: Windows NT/XP/Vista/7/8, 2003, 2008, 2012, Microsoft Exchange Server, Novell GroupWise, Lotus Notes, OS2, Linux,
UNIX, and Apple OS X
Network Systems: LAN/WAN, TCP/IP, DNS, Wireless, Cloud Computing, VMWare, Windows Server 2003/2008/2012, Citrix, Novell, Right Fax
Servers, Win Port Servers, Banyan Vines Networks, switches and routers. HP OpenView, IBM Tivoli, IBM Netcool, Cisco
Works, DSView,
PROFESSIONAL EXPERIENCE
Kforce Inc. March 2016–present
Ameritox Medication Monitoring Solutions Inc. Columbia, MD March 20016–present
Network Security Administrator
Supporting Ameritox Health Care and medication Network System. Provide reasonable and appropriate countermeasures and safeguards which
ensure the confidentiality, integrity, and availability (CIA) of information assets by protecting those assets from unauthorized access, modification,
destruction, and/or disclosure. Hands on technology work of deployment, configuration all security tools. Performing Network Operation (NOC)
and Security Operation (SOC) duties
Responsible for:
Cisco IPS ASA5515-IPS, Cisco IPS ASA-SSM-40 IPS using Cisco IPS Manager Express 7.2.7
Cisco ASA 5515 firewalls using Cisco ASDM-IDM management tool
Websense Triton 7.8 for Web content filtering and the DLP protection module Web & URL Security locking down what site a user can
go to through the policies setting. Data Security DLP Network and Endpoint Discovery, audit logs Email Security inbound and
outbound ,blocking virus, spam, bulk mail and other Threats Monitoring
Splunk 4.0 SEIM Tools monitoring network Traffic
Nessus Professional 6.5 vulnerabilities scanner
SolarWinds Orion monitoring all Windows, Linux , database, switches, routers and other network gear, includes systems health,
Application monitor, events, syslog,. Monitoring VOIP Phone (Polycom phones). Analyzing Netflow Traffic and etc.
Nmap/Zenmap 7.01 scanner
BMC Track-it for inventory, reports, Change Management, and technical documents store.
Data encryption, Symantec Endpoint Protection 12.1.5
Research Technology
Write and implement the policies to govern an organization's network environment and the systems that are connected to it.
Find security gaps by performing routine audits of hardware and software entities on the network and closing those gaps.
Apply operating system updates, patches and make configuration changes to tighten security.
Protect the network from malicious entities such as hackers, viruses and spyware.
Ensure the security of traffic that passes through the network.
Ensure that network equipment is physically secure.
Maintain an inventory of computers, servers, terminals, modems and other access devices that are attached to the Network.
Page | 1
2. Manage, assign, and maintain the list of network addresses.
Upgrade, manage, and maintain Firewall and other security equipment.
Assist system owners in the development and maintenance of security plans for all general support systems and major applications
under their responsibility.
Assist system owners in the development and maintenance of contingency plans for all general support systems and major
applications under their responsibility.
Participate in risk assessments to periodically re-evaluate sensitivity of the system, risks, and mitigation strategies.
Assist the system owner in the identification of resources needed to effectively implement technical security controls.
Ensure the integrity in implementation and operation of technical security controls by conducting control security test and
evaluation.
Notify the responsible Information System Security Officer, or if none, the responsible IT Security Officer of any suspected incidents
in a timely manner, and assist in the investigation of incidents if necessary;
Blue Canopy Group LLC. July 2015- March 2016 contracted to
US Dept. of Education/Federal Student Aid (FSA)
Sr. Security Engineer/ Architectural Design (Oversee SOC environment and supporting the SOC Engineers)
Provide full life-cycle IT Technology Engineering, including: Product Evaluation, Product Deployment, Configuration and Maintenance, and
Third-Level Support in a security operations center environment. Coordinate with other organizations, assist the user community,
coordinate with vendors, and be able to adapt to a changing environment. To insure all security tools are up and working to secured
Dept. of Education/FSA network environment. Research, test and evaluation in the lab of any new tools that may be deployed in
production. Hands on with VMWare ESX, ESXi, and VSphere security testing and hardening of virtual machines, Cisco Layer 3 switch
provides connectives and network routing between virtual LANs (VLANs), Linux and databases security, Vulnerability scanning with
Nessus, Vulnerability and Threat Analysis visualizes potential attacks against the enterprise by building a network model using results
from vulnerability scanners, asset management, firewall rules and other data sets as needed with Cauldron Security tool, Centralized
Enterprise Endpoint Security Management using McAfee ePO, Enterprise Configuration Monitoring and Network mapping with Red Seal
tool, Enterprise Security Operations detecting and respond to Advanced Persistent Threats (APTs) using Archer SecOps Tool , Network
and Host Intrusion Protection (NIPS/HIPS) using McAfee, Network Intrusion Prevention and Cisco IDS, Security Information Event
Monitoring through Splunk SEIM Tool, Vulnerability Scanning also with Qualys Guard, Database Scanning using AppDetective , NetOptics
Director Plus Tap for Aggregation, Regeneration, Matrix Switching, and smart filtering in a single device for Improves network visibility
and security threat management ,Relieves oversubscribed tools by filtering and logs gathering., Imperva WAF for Web application and
web server security real=time monitoring and blocking. PEN Testing with Core Impact, Metasploit , Kai Linux suite
Standard Operating Procedures ,Concept of Operations (CONOPS),Installation/Deployment Plans, Test Plans, Network Diagrams, System
Architecture Diagrams, Tool configurations. Also build the Security Test Lab. (These are some of the ongoing deployment of new
Security tools that will be put in place each year)
Responsibilities: Develop and maintain Enterprise security engineering concept of operations (CONOPS) documentation. Develop and
maintain Standard Operating Procedures for security engineering roles and responsibilities. Maintain deployed security technologies
providing accurate, detailed configurations, repeatable processes, all under change management control.
Deploy security technologies in development and production environments. Develop processes that analyze data and produce accurate,
meaningful, easily interpreted results based on user requirements and use cases. Conduct product evaluations of security technologies as
directed. Develop product comparisons and detailed reports. Make recommendations to management appropriate to an organizations
needs and requirements. Provide third-level troubleshooting support for security applications and appliances.
Wrote Security Assessment Report (SAR) and provided (POA&M) Plan of Action and Milestones with risk analysis. Contribute to
initiating FISMA metrics such as Annual Testing
Design network and system architectural placement of new Security tools within the currant architectural layout, which includes make
changes to better secured FSA networks.
BBA Technical Services January 2015 – June 2015, contracted to
Treliant Risk Advisor LLC.
Sr. Security Engineer and Policy Advisor
Manage Sophos Web appliance Model WS1100 for Advanced protection from web malware, URL Filtering, Control rogue users and
enforce safe search and reporting
Manage Sophos Email Gateway appliance ES1100 for encrypting e-mail, DLP for data protection, Block spam, malware and phishing
attacks
Manage Cisco IPS Manager Express 7.27 ASA5512, Nessus, Nmap, Cisco ASDM For ASA Firewall
Installed and configured Sourcefire/virtual IPS Defense Center using Cisco FireSight System.
Identify, plan, and coordinate the delivery of security assessment and other security services required.
Provide security consultancy to support change initiatives to ensure new projects and services are deployed in a manner that ensures
adoption of relevant security strategy, designs, standards, controls and tools.
Accountable for representing Technology Operations in cross-functional change programs and business meetings to ensure that
information security considerations are included and considered and informed decisions are made to achieve agreed outcomes.
Provide clear and concise security requirements that meet corporate direction, regulatory requirements and security best practices.
Involvement and contribution in more complex designs with regard to IT security expertise, providing guidance early in project planning
and solution definition phases.
Page | 2
3. Key contributor in designing IT security solutions according to business and architectural requirements and standards.
Review project solution designs to ensure security requirements are met.
Implement security solutions, and provide technical leadership during the design, implementation, and testing phases of major initiatives.
Work closely with other team members to ensure proper deployment of IT security solutions.
Research, formulate and present detailed security positions relative to new technologies to Senior Management and project Teams.
Review IT security solutions for high risk projects and confirm that these meet guidelines and requirements.
Perform internal and external security assessments.
Perform 3rd party security assessments and audits.
Production and management of internal technical vulnerability reports as per approved standards and processes.
Production and management of design review memos as per approved standards and processes.
Ensure security controls are implemented and operating effectively as part of solutions delivery.
Provide technical advice and guidance on IT security related queries to both project and business areas as and when required.
Provide Information Security subject matter expertise to business and technology customers.
Support the supplier assessment process used in order to ensure that a suppliers capability to support services to an agreed
level/standard is accurately assessed and reported.
Lead, product evaluation activities from an IT security perspective to ensure products comply with minimum security requirements.
Working knowledge of ISEC requirements, Working knowledge of PCI regulations, previous experience with preparing audit responses.
Responsible for writing the SSP, Risk Management, and Business Continuity Plan documentations.
Alethix LLC. June 2014 – August 2014, contracted to
Federal Communications Commission (FCC) Washington, DC,
Information System Security Officer (ISSO) / Cyber Security Architect Team Lead
Information System Security Officer (ISSO) for the FCC Auction Cloud Development Project
Oversee the Security Operation Center (SOC) Engineers
Reporting to the Chief Information Security Officer, manage the information security
Acts as an internal consulting resource on information security issues.
Conduct the information security risk assessment program.
Review compliance with the information security policy and associated procedures.
Coordinate information security efforts with the Internal Audit Department.
Support and manage multiple operating systems within FCC.
Utilizing FISMA, FIPS 199, NIST 800 53rev4 Security controls, ensure all systems are in compliance with POAM process.
Analyzes and assesses vulnerabilities in the infrastructure (software, hardware, and networks)
Performs security monitoring, security and data/logs analysis, and forensic analysis, to detect security incidents, and oversee incident
response process.
Investigates and utilizes new technologies and processes to enhance security capabilities and implement
Managed and help build FCC Security Operation Center as well as putting workflow and policies in place.
Tools: Tenable Security Center, Checkpoint Firewalls NGX R61& Power 1 5077, Encase , Fore Scout NAC Active Scout & Counteract
CT4000, Symantec EP ,McAfee Virus Shield, McAfee Nitro SIEM, McAfee ePO, Bluecoat Proxy SG810 & SG510, Niksum Packet
Analyzers, Riverbed Cascade Anomaly Detection, Fire Eye CMS 4310: WEB MPS 4300 & Email MPS 5000 , Cisco Iron Port Email
security, Imperva Application Firewall Secure Sphere X4500: Secure Sphere X2500 & Secure Sphere M150 , DB Protect ver. 8.1 and
Symantec DLP, Checkpoint IPS and IBM Site protector IDS, and a few others scanning and monitoring tools
PCI, HIPAA self-assessment process ,Physical security reviews ,Evidence collection and submissions for internal and/or external audit
requests
Responsible for writing the SSP, Risk Management, and Business Continuity Plan documentations. Also writing and managing the POAM
process.
Volt Inc. September 2013 - March 2014, contracted to
Social & Scientific Systems, Inc. Silver Spring, MD
Sr. Security Analyst/ Information System Security Officer (ISSO)
Protect computer assets by establishing and enforcing system access controls, maintaining disaster preparedness.
Oversee and manage any changes and the deployment of Security tools. SourceFire IPS, Palo Alto Web filtering, Symantec Endpoint
Protection, PGP File encryption, TrueCrypt, Tivoli Endpoint Manager (BigFix), Tenable Security Center Scanner, and IBM AppScan, Trend
Micro Office Scan.
Develop framework for controls and levels of access recommending improvements.
Maintain Security on all systems, providing and revoking customer access also reporting usage violations.
Perform audits on network system and documentation.
Establish computer and terminal physical security by developing standards, policies, and procedures; coordinating with facilities security.
Develop security awareness by providing orientation, educational programs, and training.
Develop and implement SSP documentation and insured that all NIST 800-53 Security controls are being addressed.
Working knowledge of ISEC requirements ,Working knowledge of HIPAA, and PCI regulations, Previous experience with preparing audit
responses
Responsible for writing the SSP, Risk Management, and Business Continuity Plan documentations.
Apex System Inc., March 2013 - September 2013, contracted to
Page | 3
4. US Dept. of Justice Washington, DC
Security & Information Assurance Analyst
Ensure department system and network equipment is protected from Malware, Hacker, Data lose and other forms of cyber-attacks.
Ensure all equipment is up-to-date with the DISA Security Technical Implementation Guides (STIGs), as well as the many NIST Security
Standards from, the 800 NIST series.
Provide security for all VMware desktops and servers
Evaluate vulnerability scans utilizing network scanning tools and software to notify system administrators of applicable Information
Assurance Vulnerability Alerts (IAVA).
Manage Blackberry Administration, as well as, Air Watch for Android phones
Perform monthly Penetration testing on SQL databases using Pen testing features with DB Protect.
Deploy and manage DISA STIG CAT 1 standards for all systems.
Monitor outbound and inbound traffic using Snort IDS and Sourcefire IPS, also using HP ArcSight for Log management, IPS, database,
Firewalls and Switches
Scanning systems and network equipment for vulnerability and compliancy with Nessus Scanner
Managed and Patch systems and third party application with Tivoli Endpoint Manager (BigFix)
Create POA&M and ensure fixes are applied
Creating and writing SOP documentations
Aquas Inc., August 2012 – March 2013, contracted to
The State of Maryland Health Information Exchange (HIX) Linthicum, MD
Senior Security Engineer / Project Lead
Administer and manage the Eligibility and Enrollment Systems built on Windows Server 2008, AIX, and Red Hat Linux.
Assist in the design, configuration and testing in the building the Maryland Health Information Exchange (HIX) utilizing IBM Tivoli Identity
Manager, and Access Management and the Federated Identity Manager.
Perform accountability audit log collections using Splunk.
Perform daily scans and Pen Testing for vulnerability on all servers and web applications servers using N-Stalker Enterprise 2012, HP
Webinspect , Nmap, Super Scan4, Retina Network Security Scanner 5.17.1, Http TrafficGen, GFI LanGuard 11.0, Cain 4.9 and Backtrack 5,
Utilize Guardium Vormetric Data Security Encryption 2.0 tool to encrypt sensitive data, while securing databases. IBM InfoSphere
Guardium Monitoring tool 8.2 was utilized in monitoring users and DBA activities.
Identify and provide details on the security controls related to the system
Responsible for writing the SSP,SOP, Risk Management , Data Center Continuity Plan documentations.
PowerTek Inc., April 2012 – June 2012, contracted to
US Export/Import Bank, Washington, DC
Senior Security Engineer
Perform penetration testing on all domain servers, web servers, mail servers, Windows, Linux, and UNIX platforms including network
equipment and port scanning.
Monitor the network traffic using Firewalls, IDS/IPS, web and mail filtering systems also monitoring any changes to database and network
drives.
Present daily status report, reporting on new vulnerabilities and remediation.
Provide investigative monitoring on user network activities.
Manage and oversee a team of 8 Engineers.
Writing SOP documents and Logging POAMs process
Tools: Cisco ASDN Firewall ver. 6.4- Perimeter firewall, Rules management, Troubleshoot firewall issues, viewing syslog, Palo Alto Firewall
Net-Generation Firewall PA-5000- Internal firewall, BelManage/ System Management 2012,McAfee Network Security Manager 6.1 IPS
,Cisco Iron Port Web filtering ,Cisco Iron Mail filtering ver.C350- Nessus 4.41 Vulnerability Scanner, Qualys Guard Web Service
Vulnerability Scanner ver. 7.0.61-1 scan subnets, firewalls, public facing server, DMZ, developer apps, printers, network scanning, routers
and Trend Micro Office Scan, Tripwire Enterprise manages. Nmap/Zenmap 5.51- Scanner, GFI LanGuard 9.0 - Security scanner and patch
management 2011, Dragon/Snort IDS, and Cisco 6500, 3500 switches.
Digital Tradecraft Inc., Washington, DC, October 2011 – March 2012
Cyber Security Engineer
Perform Penetration testing for Government and private sector clients.
Evaluate computer system security or networks by simulating attacks from malicious hackers.
Search for unknown hardware or software flaws, or operational weaknesses in processes or technical countermeasures.
Assess the magnitude of potential business and operational impacts of successful attacks.
Test the ability of network defenders to successfully detect and respond to the attacks.
Define and deliver all Security Service offerings, including Vulnerability Assessment, Penetration Testing, Security Architecture and
Security Integration services.
Built advanced hacking labs to assess the vulnerabilities of test, Internet, and/or Intranet connected systems, networks, and applications
with the Breaking Point network simulation
Security Evaluation testing: Evaluating and testing new security product such as IPS, Firewalls, Mail encryption, and Checkpoint IPS,
Endpoint and Firewalls products, Surefire IPS, Encrypts and Cloud Computing.
Page | 4
5. Tools: Super Scan, Nmap, Nessus, NEWT Professional, Putty, Back Track, Spiceworks, Brutus, Cain & Abel, HP Web Inspect, Core Impact,
Netstumber, Kismet and WEPCrack and Wireshark
ALTA IT Services, January 2011 – October 2011, contracted to
Federal Reserve Board, Washington, DC
Senior Security Engineer/ Access Management Lead
Work with IT Teams to insure that all system, appliances, applications and infrastructures are secure; also manipulating logging and
auditing features.
Administer Active Directory Groups.
Work closely Network Security teams reviewing their security tool and processes also recommending best practices.
Delegated requests to different levels of IT personnel; also acting as an Approver and Overseer.
Administer Lotus Notes ACL access to Lotus Notes email and applications.
Ensure the implementation of all contractual requirements following the Agile Methodology.
Monitor internal and external network traffic as well a security scanning.
Install and configure software and hardware for HSPD-12 PIV card Authentication
Tools: Web Sense 6.3 ,Tipping Point IPS 5100n, HP Web Inspect7.7, Quest AD and Domain Management tool, Tivoli Big Fix, Checkpoint
Firewall 4000, Checkpoint Endpoint Security, Nessus, Microsoft SMS, ArcSight ESM, ArcSight threat intelligence, HP Web Inspect ,Trend
Micro Office Scan for clients machines.
Covenant Security Solutions, LLC, September 2009 – January 2011, contracted to
Client: U.S. Census Bureau, Suitland, MD
BOC-CIRT Network Security Engineer
Secure and monitor the Network and the Desktop environments, as well as, performing investigation on US Census Bureau users and
conducting deep analysis on inbound traffic that emulates a possible threat.
Oversee a Security Operation Center (SOC) team consisting of 5 members handling configuration and deployment of new security
equipment.
Installed new Sourcefire IPS 3D3000 Defense Center and Tipping Point SMS 5100 IPS/DLP appliances and sensors
Perform all updates and fine tuning of sensor, policies and compliance; patches and updates; and writing signatures.
Create, manage and perform all changes and tasks sensors running weekly reports utilizing Websense 6.3.
Create daily and weekly reports from IDS searching for matrices of top ten IP’s, ports, IDS signatures, identifying sources and destination
IP addresses by their FQDN name.
Investigate the top ten alerts by using Web Sense and firewall logs.
Tools: Cisco Mars, Cisco IronPort M 1070:, SenSage 4.5 SIEM, Websense 6.3, Cisco ASA and Checkpoint firewalls.
Covenant Security Solutions, LLC, September 2008 - September 2009, contracted to
Federal Aviation Administration, Washington, DC
Project Manager /Sr. Security Engineer
Manage and view all Security and Network designs working with new technology to implement them throughout the NAS and Non-NAS
systems (National Airspace System) of the Federal Aviation Administration.
Work closely with other Security Engineers contractors assigned to other FAA in implements Security control such as Access Control
Policy Management, Audit, Authentication, Authorization, Automated Workflow Provisioning & De-Provisioning, Event Monitoring Alerts
and Logging, Federation Services, Meta-Directory and Virtual Directory Services, Single/Reduced Sign-On Support, Self-service, and
Service Management.
Utilize NIST 800-94 and NIST-41 in the implementation of Firewall and IDS/IPS deployment. Plan and build Public Key Infrastructure (PKI),
working with VeriSign and PIV card technology.
Oversee information system requirements analysis, system design, development, implementation, and testing.
Develop all activities related to information assurance procedures, control guidelines and systems.
Confer with and advise all levels of government personnel on administrative policies and security procedures, technical issues and
resolution.
USMAX Inc., October 2007 - July 2008, contracted to
U.S. Patent and Trademark Office, Alexandria, VA
Lead Sr. Network Security Engineer
Responsible for designing and rebuilding the Security Operation Center, while supporting a large enterprise network.
Duties include incident response; intrusion analysis and methodologies; vulnerability assessments; and network surveillance and
monitoring.
Perform research, written documentation and tests on new network security products.
Updating and patching all Security tools and appliances.
Created SOC workflow and operation process for the SOC Security Engineer.
Tools: Checkpoint Firewalls NGX and VPN-1 version R65 and Juniper Firewall Net Screen-Security, Crossbeam, Web Sense 6.2 & Bluecoat
Proxy SG 8000 Series ver. 4.2.6.1, HP Open View, McAfee IntruShield Network IPS Solution, High Tower and HP ArcSight
EDUCATION
Page | 5
6. Capitol College, Laurel, MD
Certificate, Electronic and Computers Systems 1983
TRAINING
Academy of Computer Education, Ethical Hacking and Advanced Penetration Testing, 40CEU's, 2011
Sourcefire 3D TM System, Managing and Deploying Sourcefire 3D IPS Systems, 2010
Deploying Public Key Infrastructure (PKI), 2009
Certificate, HIPAA Privacy, Security and Confidentiality Policy & Procedures, 2007
Deploying and Managing IDS/IDP Systems, 2007,
Juniper Networks Intrusion Detection Protection1100c NCM, 2007
Page | 6
7. Capitol College, Laurel, MD
Certificate, Electronic and Computers Systems 1983
TRAINING
Academy of Computer Education, Ethical Hacking and Advanced Penetration Testing, 40CEU's, 2011
Sourcefire 3D TM System, Managing and Deploying Sourcefire 3D IPS Systems, 2010
Deploying Public Key Infrastructure (PKI), 2009
Certificate, HIPAA Privacy, Security and Confidentiality Policy & Procedures, 2007
Deploying and Managing IDS/IDP Systems, 2007,
Juniper Networks Intrusion Detection Protection1100c NCM, 2007
Page | 6