Summary
Overview
Work History
Education
Skills
Certification
Technical Highlights - Cybersecurity
Timeline
Generic

Brian Baker

Cheverly

Summary

With over twenty-five years of experience in the Information Technology field as a professional intelligence information technology support officer, within the IC. I have acquired a diversified set of skills working various roles, starting out as an entry level helpdesk / desktop support, advancing to roles in senior system administration, systems engineering, cyber security engineering in multiple positions, such as cyber security analysis, information system security officer (ISSO) and currently as a security control assessor (SCA). I am always open for hearing from and bout industry tech companies that are focus driven and committed to improving the technical security landscape posture, of which I have currently built my professional lively hood around. Since completing an advance degree in. Cybersecurity” (Aug 2018), I have been afforded an opportunity to learn and grow with a security minded posture that has been very rewarding professionally. Motto: “Securing Data One Bit At A Time”

Overview

22
22
years of professional experience
1
1
Certification

Work History

Security Control Assessor (Private Cloud)

BAE
10.2023 - Current
  • Assisted clients in achieving regulatory compliance through proper implementation of required security controls.
  • Evaluated the effectiveness of system hardening measures, providing actionable feedback for continuous improvement efforts.
  • Identified potential attack vectors by simulating real-world threat scenarios during assessments.
  • Increased organizational compliance with industry standards such as NIST and ISO, by performing regular audits and reviews.
  • Advised organizations on selecting suitable automated tools for monitoring network activity and detecting potential intrusions, contributing to a more robust security posture.
  • Provided guidance on implementing data encryption techniques to protect sensitive information from unauthorized access or disclosure during transmission/storage processes.
  • Actively participated in cross-functional meetings to discuss issues related to information assurance and risk management processes.
  • Reduced cybersecurity vulnerabilities through the development of tailored mitigation strategies.
  • Collaborated with IT teams to address identified security weaknesses, fostering a proactive approach to risk management.
  • Evaluated and improved security controls by conducting thorough risk assessments.
  • Applied a holistic approach when assessing systems, considering both technical aspects as well as human factors influencing overall risk posture.
  • Enhanced security control assessments by implementing a comprehensive evaluation process.
  • Performed gap analyses on existing security controls, identifying areas requiring improvement or additional measures.
  • Conducted security audits to identify vulnerabilities.
  • Supported incident response efforts by analyzing security breaches and recommending appropriate corrective actions.

Security Control Assessor (Private Cloud)

BAE
10.2023 - Current
  • Assisted clients in achieving regulatory compliance through proper implementation of required security controls.
  • Evaluated the effectiveness of system hardening measures, providing actionable feedback for continuous improvement efforts.
  • Identified potential attack vectors by simulating real-world threat scenarios during assessments.
  • Increased organizational compliance with industry standards such as NIST and ISO, by performing regular audits and reviews.
  • Advised organizations on selecting suitable automated tools for monitoring network activity and detecting potential intrusions, contributing to a more robust security posture.
  • Provided guidance on implementing data encryption techniques to protect sensitive information from unauthorized access or disclosure during transmission/storage processes.
  • Actively participated in cross-functional meetings to discuss issues related to information assurance and risk management processes.
  • Reduced cybersecurity vulnerabilities through the development of tailored mitigation strategies.
  • Collaborated with IT teams to address identified security weaknesses, fostering a proactive approach to risk management.
  • Evaluated and improved security controls by conducting thorough risk assessments.
  • Applied a holistic approach when assessing systems, considering both technical aspects as well as human factors influencing overall risk posture.
  • Enhanced security control assessments by implementing a comprehensive evaluation process.
  • Performed gap analyses on existing security controls, identifying areas requiring improvement or additional measures.
  • Conducted security audits to identify vulnerabilities.
  • Supported incident response efforts by analyzing security breaches and recommending appropriate corrective actions.

Info. System Security Officer- (Private Cloud)

Jacobs
04.2023 - 10.2023
  • Conducted security assessment in support of accreditation and or authorization (A&A) decisions.
  • Leverage familiarity with National Institute of Standards and Technology (NIST) Cybersecurity Framework and National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) requirements.
  • Leverage my familiarity with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and or 800-53A Revision 4 as well as 800-30, 37 and 39.
  • Leverage familiarity with the Committee on National Security Systems (CNSS) Instruction No. 1253.
  • Knowledge of policies, and ethics as they relate to cybersecurity.
  • Knowledge of cyber defense and vulnerability assessment tools, including open source tools, and their capabilities.
  • Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • Ensures the development and implementation of information security policy, requirements, and procedures within an organization’s business processes.
  • Reviews documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework).
  • Provides assessment and authorization (A&A) management support by guiding the development of all documentation necessary to complete the A&A process to include system security plans, contingency plans, and other associated documentation.
  • Conducts complex vulnerability assessments to include adjudicating based on assessing the vulnerabilities, threats, and risk associated with assessment.
  • Reviews system configurations and scan tool results in order to determine system compliance and report results.

Info. System Security Officer- (Private Cloud)

Jacobs
04.2023 - 10.2023
  • Conducted security assessment in support of accreditation and or authorization (A&A) decisions.
  • Leverage familiarity with National Institute of Standards and Technology (NIST) Cybersecurity Framework and National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) requirements.
  • Leverage my familiarity with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and or 800-53A Revision 4 as well as 800-30, 37 and 39.
  • Leverage familiarity with the Committee on National Security Systems (CNSS) Instruction No. 1253.
  • Knowledge of policies, and ethics as they relate to cybersecurity.
  • Knowledge of cyber defense and vulnerability assessment tools, including open source tools, and their capabilities.
  • Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • Ensures the development and implementation of information security policy, requirements, and procedures within an organization’s business processes.
  • Reviews documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework).
  • Provides assessment and authorization (A&A) management support by guiding the development of all documentation necessary to complete the A&A process to include system security plans, contingency plans, and other associated documentation.
  • Conducts complex vulnerability assessments to include adjudicating based on assessing the vulnerabilities, threats, and risk associated with assessment.
  • Reviews system configurations and scan tool results in order to determine system compliance and report results.

Info System Security Officer-Cyber Security Anal

Sphinx Solutions
08.2022 - 04.2023
  • Provide support industry partners (twenty-two) and maintain their to system portfolio to ATD and ATO.
  • Request 120 day Rapid 7 scans report from industry partners and upload into Roadrunner database.
  • Assist industry partners with BoE packages handling, providing requirements, reviewing and liaison feedback between industry partners and information system security management (ISSM).
  • Investigate cyber security incident matters.
  • Provide guidance to industry partners’ concerns with regards to their best interest surrounding cyber security hardware, software, and physical security related matters.
  • Perform site surveys of industry partners location CONUS.
  • Attend biweekly meetings with stakeholders, industry partners and other security groups.
  • Conduct / hold twice a month meeting with A & A team to go over pertinent projects concerns and issues.

Info System Security Officer-Cyber Security Anal

Sphinx Solutions
08.2022 - 04.2023
  • Provide support industry partners (twenty-two) and maintain their to system portfolio to ATD and ATO.
  • Request 120 day Rapid 7 scans report from industry partners and upload into Roadrunner database.
  • Assist industry partners with BoE packages handling, providing requirements, reviewing and liaison feedback between industry partners and information system security management (ISSM).
  • Investigate cyber security incident matters.
  • Provide guidance to industry partners’ concerns with regards to their best interest surrounding cyber security hardware, software, and physical security related matters.
  • Perform site surveys of industry partners location CONUS.
  • Attend biweekly meetings with stakeholders, industry partners and other security groups.
  • Conduct / hold twice a month meeting with A & A team to go over pertinent projects concerns and issues.

Security Monitor

PAE / USIS
01.2008 - 01.2023
  • Job duties are providing physical security by escorting and monitoring of unclear contractors within cleared spaces.

Security Monitor

PAE / USIS
01.2008 - 01.2023
  • Job duties are providing physical security by escorting and monitoring of unclear contractors within cleared spaces.

Info Systems Security Engineer- (Private Cloud)

QVine Inc.
11.2020 - 01.2022
  • Familiar with vulnerability and risk assessment (Audit Logs and Scanning tools Rapid 7) process built out a test environment within AWS.
  • Assist with ATO process by guiding through the Risk Management Framework and workflow.
  • Attend daily and or weekly Technical Exchange Meetings with stakeholders (ISSM, SCA, System Owner(s)).
  • Export and Import security control csv files, for editing and updating as needed for documentations.
  • Assist with the NIST 800-137 ongoing authorization through information security continuous monitoring for Federal Information Systems and Organizations.
  • Ingest of ATO documentations into XACTA for step processing (SSP, CP, Artifacts, Vulnerability Reports, SOP and Customer Test Plan) and their approval status.

Info Systems Security Engineer- (Private Cloud)

QVine Inc.
11.2020 - 01.2022
  • Familiar with vulnerability and risk assessment (Audit Logs and Scanning tools Rapid 7) process built out a test environment within AWS.
  • Assist with ATO process by guiding through the Risk Management Framework and workflow.
  • Attend daily and or weekly Technical Exchange Meetings with stakeholders (ISSM, SCA, System Owner(s)).
  • Export and Import security control csv files, for editing and updating as needed for documentations.
  • Assist with the NIST 800-137 ongoing authorization through information security continuous monitoring for Federal Information Systems and Organizations.
  • Ingest of ATO documentations into XACTA for step processing (SSP, CP, Artifacts, Vulnerability Reports, SOP and Customer Test Plan) and their approval status.

Network Engineer Ops (Private Cloud)

TEKsystems -Sub to / AWS
12.2019 - 11.2020
  • Supported back-end network operations within C2S / Gov Cloud environment; monitored incoming ticket ques for both environments.
  • Provided weekly reports regarding various networking metric based on ticket count, ticket type, ticket anomaly, ticket type persistence and all other generated tickets.
  • Assisted with troubleshooting issues regarding with hardware and or software based issues by logging into device Juniper and Commodity switches to determine and or triangulate possible root of issues.
  • As team we met with management weekly to discuss tickets, issues, concerns regarding, network and none network related topics.

Network Engineer Ops (Private Cloud)

TEKsystems -Sub to / AWS
12.2019 - 11.2020
  • Supported back-end network operations within C2S / Gov Cloud environment; monitored incoming ticket ques for both environments.
  • Provided weekly reports regarding various networking metric based on ticket count, ticket type, ticket anomaly, ticket type persistence and all other generated tickets.
  • Assisted with troubleshooting issues regarding with hardware and or software based issues by logging into device Juniper and Commodity switches to determine and or triangulate possible root of issues.
  • As team we met with management weekly to discuss tickets, issues, concerns regarding, network and none network related topics.

Infrastructure / System Admin

CACI
09.2017 - 12.2019
  • Provides operations and maintenance support within a large Development and Production Windows Enterprise server environment.
  • Operating systems include MS Server 2008/2012/2016. Specific Duties and RESPONSIBILITIES include, respond to change requests and incident reports, troubleshooting and maintenance of servers.
  • Managing server infrastructure and any processes related to these systems, providing support to servers including day-to-day maintenance, monitoring and problem resolution for all of the related problems.
  • Provide second level problem identification, diagnosis and resolution of problems, escalating and communicating status to Sponsor’s management and internal customers of priority and high-visibility issues.

Infrastructure / System Admin

CACI
09.2017 - 12.2019
  • Provides operations and maintenance support within a large Development and Production Windows Enterprise server environment.
  • Operating systems include MS Server 2008/2012/2016. Specific Duties and RESPONSIBILITIES include, respond to change requests and incident reports, troubleshooting and maintenance of servers.
  • Managing server infrastructure and any processes related to these systems, providing support to servers including day-to-day maintenance, monitoring and problem resolution for all of the related problems.
  • Provide second level problem identification, diagnosis and resolution of problems, escalating and communicating status to Sponsor’s management and internal customers of priority and high-visibility issues.

System Administration III / Role Deployment Technician IV

ComTech
08.2016 - 08.2017
  • Phase II (March 2017 –August 2017): Worked on a support team environment deploying upgraded operating systems to customer client off sites locally and throughout CONUS, traveling approximately 35 percent.
  • Phase I (Aug-2016-Mar-2017): Worked as a system administrator onsite on high visibility project work within a team-oriented environment consisting of two groups, sys admins and infrastructure admins. Primary duty is adding admin users to a password database vault, by ingesting user accounts and roles semi manually executing a batch file.

System Administration III / Role Deployment Technician IV

ComTech
08.2016 - 08.2017
  • Phase II (March 2017 –August 2017): Worked on a support team environment deploying upgraded operating systems to customer client off sites locally and throughout CONUS, traveling approximately 35 percent.
  • Phase I (Aug-2016-Mar-2017): Worked as a system administrator onsite on high visibility project work within a team-oriented environment consisting of two groups, sys admins and infrastructure admins. Primary duty is adding admin users to a password database vault, by ingesting user accounts and roles semi manually executing a batch file.

Sr. Level Systems Admin / Engineering

General Dynamics Network Systems
10.2005 - 08.2012
  • Administration, maintaining server hardware and software.
  • Administer maintain and support the following Enterprise Servers; Application, File and Print Server, Windows Update Server, Backup Storage Solution Sever, Domino Sever, Windows Deployment Server, Windows DHCP Server, Windows DNS Server, Internet Acceleration firewall Server, ePolicy Orchestrator Enterprise Server, Windows Small Business Server and AutoCAD File Server.
  • Provide O&M upgrades hardware and software, Push Windows Updates Patches to servers and clients, Push McAfee DAT files to servers and clients, maintain user accounts, roaming profiles and user share drives and folders.
  • Provide daily and weekly status reports and project updates, Provide daily, weekly and monthly backups and restores as needed, Administer and monitor Internet security logs activity daily, download and maintain a repository of the latest virus definitions, engines and patches as well as monitor McAfee website periodically for latest virus alerts.

Sr. Level Systems Admin / Engineering

General Dynamics Network Systems
10.2005 - 08.2012
  • Administration, maintaining server hardware and software.
  • Administer maintain and support the following Enterprise Servers; Application, File and Print Server, Windows Update Server, Backup Storage Solution Sever, Domino Sever, Windows Deployment Server, Windows DHCP Server, Windows DNS Server, Internet Acceleration firewall Server, ePolicy Orchestrator Enterprise Server, Windows Small Business Server and AutoCAD File Server.
  • Provide O&M upgrades hardware and software, Push Windows Updates Patches to servers and clients, Push McAfee DAT files to servers and clients, maintain user accounts, roaming profiles and user share drives and folders.
  • Provide daily and weekly status reports and project updates, Provide daily, weekly and monthly backups and restores as needed, Administer and monitor Internet security logs activity daily, download and maintain a repository of the latest virus definitions, engines and patches as well as monitor McAfee website periodically for latest virus alerts.

Desktop System Administrator

McClendon Corp.
11.2003 - 09.2005
  • Provide desktop / close support as part of a team to support several hundred users on a Windows NT 4.0 base environment.
  • Perform duties included locale NT administration for Win-install of software and drivers, printer and peripheral device installation and troubleshoot, support of new IT requirement analysis and implementation, troubleshoot lotus notes databases and e-mail issues, perform data transfers uploads and downloads…also required to carry a duty weekend pager once a month.

Desktop System Administrator

McClendon Corp.
11.2003 - 09.2005
  • Provide desktop / close support as part of a team to support several hundred users on a Windows NT 4.0 base environment.
  • Perform duties included locale NT administration for Win-install of software and drivers, printer and peripheral device installation and troubleshoot, support of new IT requirement analysis and implementation, troubleshoot lotus notes databases and e-mail issues, perform data transfers uploads and downloads…also required to carry a duty weekend pager once a month.

Education

Master of Science Degree - Cybersecurity

University of Maryland University College
08.2018

Bachelor of Science Degree - Computer Networks and Security

University of Maryland University College
12-2015

Associates of Applied Science Degree - Information Systems

Montgomery College
01.2000

Skills

  • Threat intelligence analysis
  • Access control management
  • Physical security measures
  • Data loss prevention
  • Two-factor authentication
  • Security policy development
  • Encryption technologies
  • Vulnerability analysis

Certification

  • Security + Certification (ce), CompTIA, 2022-01-01
  • Network + Certification (ce), CompTIA, 2022-01-01
  • Certified “C Tech” Networking cabling specialist physical layer (Fiber Optics and Copper), Montgomery College, 2000-01-01
  • Certified Microcomputer Repair Technician, Montgomery College, 2000-01-01

Technical Highlights - Cybersecurity

2006-01-01, 2012-01-01, 2020-01-01, Current, Security Control Assessor, 2023-01-01, Information System Security Officer, 2022-01-01, Cyber Security Analyst, 2022-01-01, Information System Security Engineer, 2020-01-01, ePolicy Orchestrator Administrator / Engineer, 2006-01-01, 2012-01-01, Windows Update Security Patch Server Administrator, 2006-01-01, 2012-01-01

Timeline

Security Control Assessor (Private Cloud)

BAE
10.2023 - Current

Security Control Assessor (Private Cloud)

BAE
10.2023 - Current

Info. System Security Officer- (Private Cloud)

Jacobs
04.2023 - 10.2023

Info. System Security Officer- (Private Cloud)

Jacobs
04.2023 - 10.2023

Info System Security Officer-Cyber Security Anal

Sphinx Solutions
08.2022 - 04.2023

Info System Security Officer-Cyber Security Anal

Sphinx Solutions
08.2022 - 04.2023

Info Systems Security Engineer- (Private Cloud)

QVine Inc.
11.2020 - 01.2022

Info Systems Security Engineer- (Private Cloud)

QVine Inc.
11.2020 - 01.2022

Network Engineer Ops (Private Cloud)

TEKsystems -Sub to / AWS
12.2019 - 11.2020

Network Engineer Ops (Private Cloud)

TEKsystems -Sub to / AWS
12.2019 - 11.2020

Infrastructure / System Admin

CACI
09.2017 - 12.2019

Infrastructure / System Admin

CACI
09.2017 - 12.2019

System Administration III / Role Deployment Technician IV

ComTech
08.2016 - 08.2017

System Administration III / Role Deployment Technician IV

ComTech
08.2016 - 08.2017

Security Monitor

PAE / USIS
01.2008 - 01.2023

Security Monitor

PAE / USIS
01.2008 - 01.2023

Sr. Level Systems Admin / Engineering

General Dynamics Network Systems
10.2005 - 08.2012

Sr. Level Systems Admin / Engineering

General Dynamics Network Systems
10.2005 - 08.2012

Desktop System Administrator

McClendon Corp.
11.2003 - 09.2005

Desktop System Administrator

McClendon Corp.
11.2003 - 09.2005

Associates of Applied Science Degree - Information Systems

Montgomery College

Master of Science Degree - Cybersecurity

University of Maryland University College

Bachelor of Science Degree - Computer Networks and Security

University of Maryland University College

Similar Profiles

CREATE PROFILE
Brian Baker