Profiles search
Tammy Easterling
Information Security Consultant at TEKsystems
Virginia Beach, VA, United States
Details
Education:
Bachelor's degree
Computer Science
Bluefield State College
Computer and Information Systems Security/Information Assurance
SANS
Computer and Information Systems Security/Information Assurance
SANS Institute
Tidewater Community College
Computer Science
Bluefield State College
Computer and Information Systems Security/Information Assurance
SANS
Computer and Information Systems Security/Information Assurance
SANS Institute
Tidewater Community College
Experience:
TEKsystems Information Security Consultant for Wells Fargo. Evaluate and determine risks associated with software security plans. This includes Foundation Plans and Annual re-certifications.
2016 : Present
TEKsystems
Information Security Consultant
Contractor with Northrup Grumman to support the Air and Space Operations Center (AOC) Weapon System (WS) testing and fielding efforts for Certification and Accreditation.
Metadata custodian for in-house tool providing data integrity of reports from fielding.
Provided vulnerability reports for Certification and Accreditation.
2015 : 2016
Insight Global
Information Assurance Contractor
·Monitored the security of critical systems.
·Performed reviews of existing procedures, updated and developed internal IS policies/procedures.
·Re-wrote the System and Information Integrity Procedures (SI-2, SI-3). Wrote the SI-4 module in compliance with NIST.SP.800-53r4. Created the Patch Now procedure and work instruction.
·Assisted in the development of Systems Security Plans (SSP) and Risk Assessments to assure compliance with Federal Information System Management Act (FISMA) requirements.
·Collaborated with operations, network teams, business partners and stake holders to develop mitigation strategies to prevent information system risks and vulnerabilities.
·Performed Information Assurance assessments (STIGS), mitigation controls and remediation.
·Tracked mitigation/patch status and worked with system engineers to ensure compliance.
·Utilizing Nessus Scanners, conducted vulnerability scans, identified and tracked issues.
·Identified and prioritized system vulnerabilities and submitted to Management for remediation.
·Worked with 3rd party vendor (Tenable) to improve vulnerability scanning capabilities.
·Conducted war dialing utilizing PhoneSweep to identify security risks of unauthorized and rogue modems on the network.
·Monitored privilege use of computer systems utilizing syslog-ng for live alerts, ensuring authorized access, reporting violations, and monitoring privilege escalation requests.
·Researched claims to vulnerability False Positives. Coordinated vulnerability review meetings and made recommendations to Management. Worked with Vendor when true false positives were determined to change monitoring scripts.
·Managed reviews of submitted vulnerability waivers, researched requests and served as an advisor to Security Management, ensuring that issues were mitigated or accepted.
·Maintained Red Hat vulnerability scanners including deploying, patching, and upgrading.
·Member of Engagement Committee.
2012 : 2015
Newport News Shipbuilding
Computer Security Analyst, Newport News Shipbuilding
·Recognized by the Department of the Navy for support excellence for (NEXCOM) Payment Card Industry (PCI) Compliance project by receiving the Department of the Navy (DON) Information Management/Information Technology (IM/IT) Excellence Award.
·Tier III support for Navy Lodge Property Management Systems and Central Reservation systems, vending electronic solutions, and store inventory management systems
·Assistant Contracting Officer (ACOR) for the Navy Lodge program
·Updated and collaborated with stakeholders in the creation and management of mitigation Plan of Action and Milestones (POA&Ms) and associated deliverables
·Provided technical information for DIACAP and PCI auditors
·Performed Information Assurance assessments (STIGS), mitigation controls and remediation
·Coordinated project teams consisting of DBAs, vendors and customers, ensuring project objectives were completed, implemented and in compliance with customer objectives, policies and standards.
·Project Lead for Navy Lodge upgrade, which included acquisition planning, developing, implementing and monitoring systems to meet security objectives. Planned and directed project activities for multiple phases of project implementation, ensuring DOD, PCI and PII compliancy.
·Centralized world-wide distributed vending system. Project was under budget and on time
·Customer Service - Provided remote and on-site support for domestic and international associates. ·Planned, monitored, coordinated, installed and tested vendor provided applications, software patches, cyclical releases and major upgrades
·Oral Communication - Provided written and oral reports to management and customers, taking into account the audience and nature of the information
·Provided troubleshooting documentation to Customer Support and Field Engineers world-wide on new applications
·Provided End User documentation
·Familiar with IAVA alerts, bulletins, and technical advisories
·Member of the Information Security Workforce (IAW)
2012 : 2012
Navy Exchange Service Command
Application Administrator
·Ran SRRs on Unix systems.
·Installed and configured UNIX server hardware and peripherals.
·Managed UNIX volume groups, file systems and hardware.
·Performed regular system maintenance and performance tuning.
·Provided installation support for new applications and software releases.
·Troubleshoot UNIX related issues.
·Applied recommended and security patches.
·Managed user access to Unix systems.
·Monitored and managed server operations and performance interfacing with platform vendors and maintenance scheduling.
·Performed O/S upgrades.
·Experience with IBM's AIX, HP's HP-UX, Sun's Solaris, Veritas Volume Manager and ESS storage.
1999 : 2005
Navy Exchange Service Command
Unix Systems Administrator
2016 : Present
TEKsystems
Information Security Consultant
Contractor with Northrup Grumman to support the Air and Space Operations Center (AOC) Weapon System (WS) testing and fielding efforts for Certification and Accreditation.
Metadata custodian for in-house tool providing data integrity of reports from fielding.
Provided vulnerability reports for Certification and Accreditation.
2015 : 2016
Insight Global
Information Assurance Contractor
·Monitored the security of critical systems.
·Performed reviews of existing procedures, updated and developed internal IS policies/procedures.
·Re-wrote the System and Information Integrity Procedures (SI-2, SI-3). Wrote the SI-4 module in compliance with NIST.SP.800-53r4. Created the Patch Now procedure and work instruction.
·Assisted in the development of Systems Security Plans (SSP) and Risk Assessments to assure compliance with Federal Information System Management Act (FISMA) requirements.
·Collaborated with operations, network teams, business partners and stake holders to develop mitigation strategies to prevent information system risks and vulnerabilities.
·Performed Information Assurance assessments (STIGS), mitigation controls and remediation.
·Tracked mitigation/patch status and worked with system engineers to ensure compliance.
·Utilizing Nessus Scanners, conducted vulnerability scans, identified and tracked issues.
·Identified and prioritized system vulnerabilities and submitted to Management for remediation.
·Worked with 3rd party vendor (Tenable) to improve vulnerability scanning capabilities.
·Conducted war dialing utilizing PhoneSweep to identify security risks of unauthorized and rogue modems on the network.
·Monitored privilege use of computer systems utilizing syslog-ng for live alerts, ensuring authorized access, reporting violations, and monitoring privilege escalation requests.
·Researched claims to vulnerability False Positives. Coordinated vulnerability review meetings and made recommendations to Management. Worked with Vendor when true false positives were determined to change monitoring scripts.
·Managed reviews of submitted vulnerability waivers, researched requests and served as an advisor to Security Management, ensuring that issues were mitigated or accepted.
·Maintained Red Hat vulnerability scanners including deploying, patching, and upgrading.
·Member of Engagement Committee.
2012 : 2015
Newport News Shipbuilding
Computer Security Analyst, Newport News Shipbuilding
·Recognized by the Department of the Navy for support excellence for (NEXCOM) Payment Card Industry (PCI) Compliance project by receiving the Department of the Navy (DON) Information Management/Information Technology (IM/IT) Excellence Award.
·Tier III support for Navy Lodge Property Management Systems and Central Reservation systems, vending electronic solutions, and store inventory management systems
·Assistant Contracting Officer (ACOR) for the Navy Lodge program
·Updated and collaborated with stakeholders in the creation and management of mitigation Plan of Action and Milestones (POA&Ms) and associated deliverables
·Provided technical information for DIACAP and PCI auditors
·Performed Information Assurance assessments (STIGS), mitigation controls and remediation
·Coordinated project teams consisting of DBAs, vendors and customers, ensuring project objectives were completed, implemented and in compliance with customer objectives, policies and standards.
·Project Lead for Navy Lodge upgrade, which included acquisition planning, developing, implementing and monitoring systems to meet security objectives. Planned and directed project activities for multiple phases of project implementation, ensuring DOD, PCI and PII compliancy.
·Centralized world-wide distributed vending system. Project was under budget and on time
·Customer Service - Provided remote and on-site support for domestic and international associates. ·Planned, monitored, coordinated, installed and tested vendor provided applications, software patches, cyclical releases and major upgrades
·Oral Communication - Provided written and oral reports to management and customers, taking into account the audience and nature of the information
·Provided troubleshooting documentation to Customer Support and Field Engineers world-wide on new applications
·Provided End User documentation
·Familiar with IAVA alerts, bulletins, and technical advisories
·Member of the Information Security Workforce (IAW)
2012 : 2012
Navy Exchange Service Command
Application Administrator
·Ran SRRs on Unix systems.
·Installed and configured UNIX server hardware and peripherals.
·Managed UNIX volume groups, file systems and hardware.
·Performed regular system maintenance and performance tuning.
·Provided installation support for new applications and software releases.
·Troubleshoot UNIX related issues.
·Applied recommended and security patches.
·Managed user access to Unix systems.
·Monitored and managed server operations and performance interfacing with platform vendors and maintenance scheduling.
·Performed O/S upgrades.
·Experience with IBM's AIX, HP's HP-UX, Sun's Solaris, Veritas Volume Manager and ESS storage.
1999 : 2005
Navy Exchange Service Command
Unix Systems Administrator
Company:
TEKsystems
Years of Experience:
22
Skills
Computer Security, Hardware, Information Assurance, Information Risk Consultant, Information Security, Information Security Analyst, Networking, Project Management, Security, System Administration, Technical Support, Troubleshooting, Unix, Windows
About
Certified GIAC Security Leadership (GSLC) with ten years of Information Assurance experience in evaluating system vulnerabilities in order to recommend security improvements and ensure implementation of Information Security (IS) requirements in complex projects. Experience working with various levels of associates, customers, and third party vendors from Admiral’s staff and top-level vendor management, to world-wide field technical support and end-users.
• DOD Level III Compliant
• Secret Clearance
• Knowledge of Information Technology concepts, standards and methods.
• Knowledge of information technology security principles, methods and security products and services.
• Ability to lead and provide guidance and leadership to other professional and Information Technology staff in the conduct of complex projects and to develop and maintain effective relationships with colleagues and clients.
• Attention to Detail - thorough when performing work and conscientious about attending to detail.
Profile Photo
