Chan Lee's Email Addresses & Phone Numbers

📖 Summary

Project Manager @ Panum Group, LLC Sr. Security Engineer @ TDI (Tetrad Digital Integrity) Federal Retirement Thrift Investment Board (October 2013 – Present)Perform the full cycle of assessment and authorization (A&A) activities for various major applications.• Serve as primary author on key deliverables such as the FIPS 199 Security Categorization, System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), Privacy Impact Assessments (PIA), e-Authentication, Continuous Monitoring Strategy, and Contingency Plan. • Perform security control assessments according to NIST 800-53A.• Scan for web and database vulnerabilities using Nessus, Accunetix, and Scuba. • Prepare project plans for all A&A efforts.• Documented agency-wide common controls that other systems and applications could leverage.F-35 Lightning II Joint Program Office (August 2012 – October 2013)Provided security management to the F-35 Joint Program Office of the CIO (OCIO).• Coordinated and performed certification and accreditation tasks for systems or networks. • Prepared for CCRI audits. Evaluated compliance with DISA STIGs on applicable platforms (HBSS, Blackberry, Windows servers and workstations, etc.). Ran DISA SCAP utility with STIG benchmarks.• Performed post-CCRI remediation activities. Worked collaboratively with engineering team to prioritize remediation efforts.• Ran weekly Retina scans on NIPR and SIPR environment, and developed vulnerability reports.• Conducted weekly briefings to the OCIO to communicate status on projects, and to inform them of issues that require their attention. Negotiated and prioritized deliverables and tasks with the client to ensure timely delivery of the most critical or urgent items.• Provided security impact analysis in the planning, testing, and implementation of complex IT projects that required thorough evaluation of security implications and concerns.• Refined vulnerability management policy and procedures to improve network security posture. From August 2012 to August 2018 (6 years 1 month) Washington D.C. Metro AreaSr. Security Engineer @ TDI (Tetrad Digital Integrity) Marine Corps Recruiting Command (February 2011 – August 2012)Led a team of 3 security engineers who maintained the accreditation of the Marine Corps Recruiting Command (MCRC) network.• Coordinated various compliance tasks to improve security posture throughout the enterprise: conducted biweekly Retina scans using Retina Enterprise Manager (REM), evaluated DISA STIG compliance on systems and networks, monitored web and mail traffic in Websense and FortiMail respectively for violations of policy, audited firewall logs using Cisco MARS, responded to security incidents reported by the MCNOSC, and reported IAVA compliance status.• Maintained accreditation documents in the Xacta repository.• Prepared security-specific portions of operations status briefings for senior management.• Negotiated and prioritized deliverables with the client on major projects.• Conducted weekly meetings with the security team to discuss project and task status and issues.Army Sustainment Command (September 2007 – February 2011)Managed the accreditation of a US Army system.• Produced required C&A documentation and performed vulnerability remediation in preparation for certification audits.• Authored the following C&A documents: System Identification Profile, Implementation Plan, System Security Plan, Scorecard, POA&M, COOP, Incident Handling and Response Plan, policies, etc. • Performed the following vulnerability assessment activities: manual STIG checks, Retina and Gold Disk scans, 8500.2 IA control compliance assessments, and AR25-2 compliance assessments.• Maintained the accreditation by tracking vulnerabilities in the POAM and Risk Registry, monitored and reported IAVA compliance, and performed annual security assessments and COOP drills as required by FISMA. From September 2007 to August 2012 (5 years) Sr. Security Engineer @ Apex Systems Security Engineer, Apex SystemsJuly 2007 – September 2007Performed certification and accreditation audits on various DoD systems.• Performed vulnerability assessments using various security scanning tools (DISA PGD, Retina Network Scanner, AppDetective Database Scanner, SRR Scripts, etc.) on servers, databases, and workstations.• Compiled vulnerability information in Risk Assessment Reports that described system vulnerabilities, their impacts, and remediation recommendations. From July 2007 to September 2007 (3 months) Falls Church, VASenior Consultant @ Booz Allen Hamilton Senior Consultant, Booz Allen HamiltonFebruary 2000 - July 2007Completed a wide range of IT and security projects for various government clients.• Researched intrusion detection topics and evaluated different IDS solutions. Installed and configured a test network for intrusion detection research with commercial and open source intrusion detection systems (IDS) - Cisco Secure IDS, ISS RealSecure, Network Flight Recorder, and Snort.• Created and meticulously catalogued 10 test disks in various file system formats (FAT, FAT32, and NTFS), and used them to benchmark forensic tools including EnCase, Forensic Toolkit, and other software.• Established and secured through access lists a private global ISDN network with Cisco routers allowing international organizations to access proprietary web applications. Documented technical and network descriptions for each site.• Configured router-to-router IPSec connections to connect 5 branch offices using an Entrust Certificate Authority.• Developed various Cold Fusion web applications with Oracle and SQL Server databases. Actively participated in every step of the software development lifecycle from requirements analysis to testing and maintenance. Designed, developed, and maintained Cold Fusion web applications that enhanced business operations and procedures.• Upgraded internal Windows NT network to a Windows 2000 Active Directory Domain which included separate DNS, DHCP, IIS, file, and backup servers. Troubleshot hardware, network, and software issues that arose. From February 2000 to July 2007 (7 years 6 months) McLean, VA