John A Kenny
Professional Summary
My experience in the electronic/computer industry spans more than twenty years in both secure and non-secure situations to include the EOP Whitehouse complex. I have a strong background in customer service oriented environments, requiring a judicious mixture of creativity, administrative, and managerial skills. I have in served many positions during the course of my career to include team member, team lead management roles. I am known for my ability to deal effectively in high stress, time sensitive areas, and am eager to apply this knowledge and skills. I am a highly motivated individual with an exceptional track record for handling diverse and special projects. Both on-the-job and at home, I have developed a thorough understanding of enterprise security and layered security architectures. I am intimately familiar with NIST, DOD DITSCAP/DIACAP, CNS1253, ITIL security standards. In prior work experiences I have been a key participant in the design, installation and service of Microsoft NT, NOVELL NetWare, Ethernet, Token Ring and other Local Area Networks, as well as various modem communications systems. I have also been involved with the implementation of network and computer security items such as SIEM tools, PKI, TACACS, Radius and other Single Sign-on solutions. Serve as a Cyber Patriot mentor for Columbia High School.
Skills
Certifications: CISSP, CFCP, MCSE, Novell CNE
Excellent problem-solving abilities
Data privacy, and SEIM applications
Network maintenance and security practices
Enterprise security technologies and practices
Data backup and retrieval
Technical specifications creation
PKI and Single Sign-on Solutions
Remote access technology
Excellent diagnostic skills
NIST, DOD DITSCAP/DIACAP, RMF, CNS1253, ITIL
Clearances: DOD Top Secret NACI with Presidential Access DoS Top Secret
Education
Bachelor of Science: Information Systems Security
American Public University
Vendor Training Courses
Tenable -Security Center Administrator
McAfee -Security Center Administrator
Splunk -Enterprise Administrator
Tripwire -Enterprise Administrator
Northrop -RMF Transition Planning
SpectorSoft –Spector360 Administrator
Northrop -Security Architect
Northrop –Cyber Warrior
Work History
Sr. Principal Cyber Architect June 2017 – Present Northrop Grumman Huntsville, AL
Design, build and implement enterprise-class security systems for C-RAM production environment. Align standards, frameworks and security with overall business and technology strategy for products and sub-systems within the C-RAM boundary. Review current system security measures and recommend, and implement enhancements. Identify and communicate current and emerging security threats and IAVAs. Design security architecture elements to mitigate threats as they emerge. Create solutions that balance business requirements with information and cyber security requirements. This includes continuous monitoring and making improvements to those solutions, working with an information security team. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements. Consulting and engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.
Responsible for systems administration and security posture of several classified enclave LAN networks. Planned and implemented a continuous monitoring and reporting system using Elastic search Logstach Kabana (ELK) platform. Developed security requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices. Verified security systems and developed and implementing test scripts. Maintained security program and system security posture compliance to NIST and CNSSI-1253 standards, policies, and procedures. Planned upgrades to security event and audit monitoring systems to identify security gaps. Evaluated and implemented security enhancements to include Splunk. Prepared system security reports by collecting, analyzing, and summarizing data and trends Enhanced department and organization reputation by exploring opportunities to add value to job accomplishments.
Senior Cyber Information Assurance Analyst June 2014 - Current Northrop Grumman Mclean, VA
Implemented an information security continuous monitoring (ISCM) platform using Splunk and Solr (ELK) analytics tools to create security reports for DHS classified HSDN network. Integrated new data source inputs into Splunk including data feeds from Remedy, Trip Certifications: CISSP, CFCP, MCSE, Novell CNE wire, MS Exchange, Spectre360, Tenable, BigFix, Active Directory, and Cisco SourceFire. Created Splunk dashboards and correlated report outputs across multiple data feeds. Created metrics and reports to use different data source inputs to validate each other increase integrity level of management level security reporting. Configured Splunk to meet Whitehouse mandated ICS 500-27 Insider Threat monitoring requirements. Documented and streamlined all C&A Security processes at AOC, and created a decision based flowchart to diagram them. This action directly resulted in over a million dollar cost savings and 35% reduction in man hours to the program with regard to applying STIG settings to environment. Created a process to track, triage and prioritize security findings within the AOC WS system. Instrumental in developing and maintaining metrics used for progress reporting to management. Key contributor to the selection of software that provided a database solution to storing, analyzing and reporting vulnerability data and was the only technician experienced in installing, configuring and maintaining the software after purchase. Participated in the conversion of the Information Assurance data from the old manual process to the new database.
Senior Cyber Information Assurance Analyst Nov 2012 – June 2014 Northrop Grumman Mclean, VA
Serves as a supervisor and Subject Matter Expert for Information Assurance Engineers on the Bureau of Engraving and Printing project. Coordinates with Systems Developers, Administrators, and Program, and Project Managers to compile and document all required FISMA C&A documents required for system authorization (ATO). Provides security expertise on customized BEP business systems, to include customized printing and manufacturing systems and associated SCADA devices. Provides security related subject matter input to System Administrators to correct or mitigate vulnerability findings. Provides SME guidance and advice on UNIX and Windows hosts in order to improve security posture. Implemented company policies, technical procedures and standards for preserving the integrity and security of data, reports and access. Architected, designed and implemented CAESARS based Security Continuous Monitoring solution in order to meet NIST FISMA requirements. Recommended network security standards to management. Implemented the ComplyVision, automated C&A tool for the BEP. The ComplyVision tool is a core element of the BEP Continuous Monitoring solution mandated by OMB. Configured security application platforms such as QRadar, SolarWinds, Nessus, Microsoft SCCM to feed data into ComplyVision in order to create security dashboard, and holistic security reporting foundation to support migration from client-server product lines to enterprise architectures and services and Continuous Monitoring. Managed several projects from concept to completion while managing outside vendors. Developed work-flow charts and diagrams to ensure production team compliance with client security deadlines. Supervised and provided direction for six technical direct reports regarding network activities.
Security Team Lead Jan 2009 - Nov 2012
Northrop Grumman
Served as a supervisor for Information Assurance Engineers on the Dept. of State Bureau of Consular Affairs project. Coordinated with Systems Developers, Administrators, and Program, and Project Managers to compile and document all required FISMA C&A documents required for system authorization (ATO). Provided security expertise on customized CA business systems, to include customized systems associated with productions and maintenance of passport and VISA information. Provided security related subject matter input to System Administrators to correct or mitigate vulnerability findings. Provided SME guidance and advice on UNIX and Windows hosts in order to improve security posture. Implemented company policies, technical procedures and standards for preserving the integrity and security of data, reports and access. Recommended network security standards to management. Implemented the ComplyVision, automated C&A tool for Consular Affairs Bureau. The ComplyVision tool is a core element of the Consular Affairs Continuous Monitoring solution mandated by OMB. Configured security application platforms such as IPost, SolarWinds, Nessus, Microsoft SCCM to feed data into ComplyVision in order to create security dashboard, and holistic security reporting foundation.to foundation to support migration from client-server product lines to enterprise architectures and services. Managed several projects from concept to completion while managing outside vendors. Developed work-flow charts and diagrams to ensure production team compliance with client security deadlines. Supervised and provided direction for six technical direct reports regarding network activities.
Senior Security Analyst Apr 2008 - Jan 2009
Northrop Grumman Mclean, VA
Performed initial C&A activities including security related deliverable documents for Virginia Information Technologies Agency (VITA) Enterprise Security Operations Center (ESOC).
These duties included the creation of System Security Plan (SSP), Plan of Action and Milestones (POA&Ms), Process and Procedure documents. Assisted VITA in implementing industry best practices such as SANS, ITIL, and vendor guidance, as well as federal standards such as NIST in the newly formed Virginia Enterprise IT Infrastructure. Assisted with the McAfee ePolicy Orchestrator project, and wrote the process guides and operation procedure documents, and assisted with the installation and configuration of McAfee EPO at VITA. Technical Lead for a Security Dashboard project to provide situational security awareness for VITA Security Directorate and enterprise-level agencies.
Senior Security Analyst Nov 2007 - Apr 2008
Northrop Grumman Mclean, VA
Assisted in the security assessment and FISMA compliance of multiple systems at the FEMA Mt Weather facility. Created security related C&A documents using the requirements specified in the National Institute of Standards and Technology (NIST) guidelines and FEMA / DHS Policies and Procedures. Assisted with an effort to update and standardize SSP information using an automated security tool (RSA). Established and documented a baseline of security controls shared by all elements of FEMA.
Senior Security Analyst Jun 2007 - Nov 2007
Northrop Grumman Mclean, VA
Assisted in the security assessment and compliance of the Messaging Center Officers (MSO) portion of the Department of State (DoS) OpenNet Plus and DoS classified network (ClassNet).
These duties included the creation of General Support Systems (GSS) documents, System Security Plan (SSP), Plan of Action and Milestones (POA&Ms), Compliance and Vulnerability Scan Reports, and Certification and Accreditation Recommendations for the (DoS) using the requirements specified in the NIST Special Publications DoS Policies and Procedures Foreign Affairs Manual (FAM). Assisted with an effort to update and combine several system SSPs into one OpenNet GSS SSP.
Information Assurance Engineer/Analyst Aug 2005 - Jun 2007
SAIC Falls Church, VA
Served as a member of the System Security Engineering team to provide life-cycle information assurance (IA) engineering support for DOD's C2 system GCCS-J. Aided the customer in applying IT and security engineering expertise into the software development phase of the project, rather than at the C&A phase.
This effort gave the developers a chance to recognize and correct security flaws before seeking a certification. Assisted customer with security guidance, including the Common Criteria, DITSCAP, as well as DOD and NSA technical configuration guides. Helped integrate security practices into the early stages of the Systems Design Lifecycle (SDLC) process. Developed security test plans and assisted in the integration of security testing software to evaluate system assets.
Senior Security Analyst Feb 2005 - Aug 2005
Aquent Reston, VA
Performed Certification and Accreditation activities (C&A) for multiple VHA hospitals to include both generic (type) and site accreditations in accordance with the (NIST), (HIPPA), and (SOX) standards along with VHA policy and procedures. Wrote critical project security documents at both the site level, as well as the enterprise level.
Provided mentoring and guidance to junior INFOSEC personnel to relay knowledge of INFOSEC, LAN, WAN, and operating system security principles, as well as lessons learned during site surveys.
Provided security and OS hardening expertise to VHA personnel.
Senior Security Engineer Jul 2004 - Feb 2005
Northrop Grumman Mclean, VA
Served as Senior Security Engineer for multiple DHS clients while on the HSDN (Homeland Security Data Network) project. This effort included both generic (type) and site accreditations in accordance with the DoD Information Technology Security Certification and Accreditation Process (DITSCAP). Deliverable documents included SSAs (Site Specific Addendums), RRAs (Residual Risk Assessments), STEs (Site Technical Evaluations) and CTE (Compliance Test Evaluation) for the Datacenter, NOC and SOC environment. Provided mentoring and guidance to junior INFOSEC personnel to relay knowledge of INFOSEC, LAN, WAN, and operating system security principles, as well as lessons learned during site surveys. Assisted in the development of security policies, plans and architecture, and provided expertise and knowledge of DCID 6/3 as well as practical experience with Intelligence Community (IC) customers.
Senior Network Security Analyst May 2003 - Jul 2004
Northrop Grumman
Served as a Senior Security Engineer while tasked to the Department of State (DoS) Diplomatic Security Services Bureau (DSS). Provided security engineering and integration services to customers at foreign embassies worldwide in a team lead capacity. Instrumental to the department in meeting FISMA, and HIPAA certification at the embassies. Resolved security issues including architectures, electronic data traffic, and network access. Coordinated with vendors in the design and evaluation of secure operating systems, network tools, and database products. Used Encase forensic tools, and other tools to gather information for the enforcement of computer policy violations. Performed penetration and vulnerability analysis and information technology security research. Configured and maintained the customer's operational and lab equipment in compliance with established DoS security standards. Reviewed customer's audit checklists and processes for relevance and applicability. Served on review boards and panels to ensure procedures and equipment met the evolving federal government security requirements. Prepared formal security reports for submission to government CIO.
System Administrator Oct 2002 - May 2003
Northrop Grumman Mclean, VA
Served as System Administrator supporting the PSRCP Network Management Component (NMC) development effort. Responsibilities included the daily monitoring, performance and maintenance of the NMC release systems under a strict configuration control environment. Responsible for systems backup and recovery, security, installation and upgrade, disaster recovery, vendor coordination and project personnel support. Designed and implemented a VERITAS Netbackup Data recovery system to incorporate 25 UNIX servers with a SAN attached robotic tape library.
Wrote extensive scripts and utilities for this backup and recovery system to enhance the performance, and security of the system.
Troubleshot all maintenance problems and recommended courses of action.
Enterprise Network Implementation Engineer Jan 2002 - Oct 2002
Wheeler Network Design Washington, DC
Functioned as Technical Team Lead for group of technicians on the OpenNet Plus Enterprise Network implementation project. Traveled to foreign and domestic embassies to perform security C&A and remediation tasks in preparation to migrate to the new enterprise infrastructure. Oversaw and coordinated planning efforts of Embassies and Consulate offices overseas and domestic posts. Resolved team issues as well as post issues during visits. Ensured that all systems at posts visited conformed to security settings policy issued by DS Security Configuration Guidelines. Submission of daily status reports to project management in Washington DC along with status reports to post management. Provided documentation on problems found, resolutions applied, and recommendations for the future health of the network. Provided operational guidance for current and proposed projects. Acted as a SME in initial pilot for the migration to Win 2K from NT 4.0 to include design of Active Directory, GPO, and Win 2K Security.
Defense Messaging System (DMS) Lead Product Tester Apr 2000 - Jan 2002
Geologics Manassas, VA
Worked onsite at Lockheed Martin on the Defense Messaging System project. DMS is a suite of products integrated by Lockheed Martin, to provide secure E-mail and directory services for the Department of Defense. Served as lead tester for Microsoft products within the DMS suite. Worked with Microsoft Exchange 5.5, Exchange 2000, and Outlook to ensure secure encrypted E-mail message flow between Microsoft and Lotus Domino servers. Troubleshot X.400 message flow between Microsoft Exchange, and Lotus Domino servers, as well as X.500 directory services. Instrumental in troubleshooting Fortezza and PKI certificate problems within the DMS system in the lab environment. Worked with several DMS specialty products, including MFI Multifunction Gateway, MLA X.500 mail list agent, MWS management station, and PUA Profile User Agent.
Network Manager Feb 1998 - Apr 2000
Logicon Syscon, Inc.
Functioned as Helpdesk manager/Network manager on a project for DOJ. Project included the integration and migration of an existing predominately UNIX systems to a true enterprise network using Microsoft Windows NT as the NOS platform. Responsibilities included managing resources in order to maintain proper phone coverage at the call center. Acted as buffer between level 1 support group and the level 2 and 3 support groups. Responsible for scheduling all down time for network and server outages, to include backups, and downtime needed for upgrades. Performed regular security compliance tests of servers, and integrity checks of backup tapes Implemented Microsoft SMS and SMS remote control tools at helpdesk, which resulted in a 25% reduction in call resolution time.
Senior Network Engineer Jun 1996 - Feb 1998
Raytheon Systems Lexington Park, MD
Functioned as a LAN Network Engineer for Hughes Aircraft, which later became Raytheon Systems. Responsible for maintaining a 17 server LAN network which included a mix of Novell 3.x, 4.x, Windows NT, and SUN UNIX platforms. Responsible for maintaining and troubleshooting all core LAN/WAN network equipment including Wellfleet router, several Cisco routers and 3Com Ethernet switches. Implemented a NetWare Multiprotocol Router, to perform TCP/IP tunneling to provide connectivity to remote servers across the Internet. Functioned as lead engineer on a project to convert 16MB Token Ring LAN environment to a switched Ethernet platform. This effort included the design implementation of LAN/WAN assets to facilitate the migration project. Planned and implemented migration from cc:Mail to Exchange 5.5. Implemented and configured DHCP and WINS on newly migrated network Designed and implemented a network wide backup scheme.
Network Engineer Jan 1996 - Jun 1996
GE Capitol Fairfax, VA
Served as a Network Administrator while contracted to the National Rifle Association as lead engineer/ administrator, to provide network and help desk support for an 18 server Novell PC/LAN. Responsible for general PC support and help desk support. Implemented TCP/IP protocol at workstations and configured DNS server. Responsible for administering cc: Mail E-mail system as well as ensure connectivity to the NRA's IBM mainframe and IBM AS400 via a Netware SAA Gateway.
Network Administrator Mar 1995 - Jan 1996
I-Net Washington, DC
Network Administrator at the Department of Justice, Antitrust Division for the management of a 37 server Novell PC/LAN. Responsible for administering the PC/LAN network, GroupWise E-mail system, and Soft Solutions Document Management system. Assisted with revision of security policies with regards to Soft Solutions security settings, and GroupWise shared mailboxes, as well as mailbox proxy rights. Served as an escalation point, providing second level support to the Help Desk analysts. Daily duties included monitoring GroupWise message servers as well as a X.400 link used to communicate with other Department of Justice agencies. Setup and administered 3 optical disk library servers so that users could access WORM disks via the network Provided tier 2 and 3 support for the service center.
Computer Equipment Specialist Dec 1994 - Mar 1995
I-Net Washington, DC
Functioned as the LAN / hardware technician on a contract with the Department of Defense at the Pentagon. Duties included repair and installation of all Personal Computer and LAN hardware within the Office of the Under Secretary of Defense Personnel and Readiness (OUSD-PR) group. Diagnosed complex network problems on the OUSD-PR LAN, which consisted of 12 Windows NT servers, as well as a Microsoft Mail E-mail server in three different buildings. Assisted in the administration of the network and E-Mail services, and provided support at the (OUSD-PR) help desk. Worked with junior members of the network team to aid in diagnosing of network problems as well as offered suggestions as to how network performance.
Computer Equipment Specialist Feb 1991 - Dec 1994
PRC Inc
Network technician in the Personal Computer Support Group at the Executive Office of the President (EOP) and White House Complex. Lead technician in troubleshooting and maintaining Novell, Ethernet and IBM Token-Ring LAN networks as well as networked mainframe and fax connections. Performed regular reviews of security, and other audit logs on networked fax server to look for suspicious user activity, and system related problems, and prepared routine reports on same. Responsible for software installation and implementation in a variety of configurations.
Recommended standards for workstations and server configurations as well as assisted in the testing and evaluation of hardware and software for integration into the EOP LAN / WAN environment. Assisted in the design and installation of a remote login system for home use. Performed administrative duties on the White House Novell LAN network which consisted of 4 domains and 36 NetWare servers.
Computer Equipment Specialist Apr 1989 - Feb 1991
EDS Inc
Lead technician in installing and troubleshooting cabling systems for Novell, Ethernet and IBM Token-Ring LAN networks as well as networked mainframe and fax connections. Responsible for software installation and implementation in a variety of configurations. Recommended standards for workstations and server configurations as well as assisted in the testing and evaluation of hardware and software for integration into the Pentagon LAN / WAN environment. Implemented a training program to teach other technicians how to terminate, splice, and certify fiber optic cables.
Computer Equipment Specialist Jan 1988 - Apr 1989
Federal Bureau of Prisons Washington, DC
Served as a Lead Technician while at Federal Bureau of Prisons (BOP). Responsibilities included troubleshooting and maintaining all desktop equipment at the Bureau of Prisons headquarters building.
Acted as Systems Administrator for Bureau of Prisons electronic BBS system. BOP BBS system was a Mustang/DOORS dialup electronic bulletin board used to transmit prison population information, as well as other vital communications between prison facilities.
Responsible for management, operation and maintenance of servers, as well as account management, and folder permissions, also monitored chat room logs for suspicious activity, and possible BOP information being posted in public forums.
Front Desk Manager Aug 1986 - Jan 1988
Sheraton Hotels Arlington, VA
Night Front Desk Manager at Sheraton Hotel in Arlington VA. Supervised other desk clerks on night shift, and performed night auditing duties, and reviewed desk clerk console transactions reports on an as needed basis. Responsible for check-in and checkout of guests, and resolving problems related to guest, and other convention related issues. This was a full time night shift position that was concurrent with daytime school activities at Computer Learning Center.