| Contact Information | |
| Name: | Mike Bendel |
| Email: | mailbendel (at) yahoo (dot) com [email concealed] |
| Location: | Centreville, Virginia, United States |
| Resume | |
| Position/Title: | Sr. Security Analyst |
| Resume: |
MICHAEL BENDEL, CISSP, MCSE 2003 6536 Skylemar Trail michael.bendel (at) yahoo (dot) com [email concealed] Centreville, VA 20121 Citizenship: USA (703) 203-9854 (Cellular) PROFESSIONAL SKILLS SUMMARY A Senior Information Security Analyst with nineteen years of general work experience, including five years in the following areas within the Information Technology industry: • Security control analysis and document production, review and update for all stages of the Certification and Accreditation (C&A) compliance review process for general support systems (GSS) and major applications (MA) based on NIST, FIPS, OMB and other federal standards and guidelines • Developing security policies, procedures, an information security awareness program and a C&A course • Developing Plan of Action and Milestones (POA&Ms) and tracking POA&M items • Network grooming, switch & router configuration, scope analysis and subnetting EDUCATION & IT PROFESSIONAL CERTIFICATIONS • Certified Information System Security Professional (CISSP): June 2007 • Microsoft Certified Systems Engineer (MCSE) 2003: February 2005 • Certified Internet Webmaster (CIW) Security Professional: November 2003 • CompTIA Security+: October 2003 • Bachelor of Arts (Political Science): University of New Hampshire, 1990 IT PROFESSIONAL EXPERIENCE 6/2007 – Present Advanced Resource Technology, Inc. – Washington, DC – Senior Security Analyst • Analyze security controls and develop, update and maintain C&A package documentation and C&A project schedule for the nationwide HHS/OIG General Support System (GSS) with 40+ subsystems based on NIST SP 800-37, NIST SP 800-53 and NIST SP 800-53A • Perform Privacy Impact Assessments (PIA) and FIPS 199 Assessments • Conduct annual updates for the Risk Assessment (NIST SP 800-30), System Security Plan (NIST SP 800-18), Business Impact Analysis (BIA), IT Contingency Plan (NIST SP 800-34) and POA&M for the GSS and its subsystems • Utilize a NIST SP 800-53/800-53A approach to gather information about configuration and security controls for annual security assessments and Security Testing and Evaluation (ST&E) 10/2005 – 5/2007 Lunarline, Inc. – Washington, DC – Senior InfoSec Analyst • Authored a two-day introductory C&A course based on NIST SP 800-37 • Crafted a configuration management plan for Federal Aviation Administration (FAA) financial systems • Conducted NIST 800-26/53 self-assessments at several Federal Motor Carrier Safety Administration (FMCSA) field offices • Developed a Security Requirements Traceability Matrix (SRTM) that included AR25-2, DITSCAP, and DIACAP references) • Helped produce security policies for the FAA and FMCSA (laptop, wireless, remote access, incident response, configuration management, and several others) • For several FAA and FMCSA systems, developed & updated documentation for all stages of the C&A process; including risk assessments, system security plans, ST&E and other documentation • Worked on the security controls assessment (SCA), the security assessment report (SAR), and the POA&M for the Office of Personnel Management (OPM) e-QIP system • For FMCSA, helped to create a Web-based security awareness program based on NIST SP 800-16 & 800-50. • Reviewed and improved contingency plans for FAA and FMCSA systems based on NIST SP 800-34, etc. • Conducted tabletop Continuity of Operations Plan (COOP) testing at two FMSCA southern border offices. • Made a FISCAM checklist for the Veterans Benefit Administration (VBA) • Participated in incident response testing and training • For VBA and for FMCSA, developed SCA test plans based on NIST SP 800-53 and SP 800-53A • Outlined the security controls assessment framework (SCAF) and the security controls assessment process (SCAP) for the VBA • Helped to develop a Business Impact Analysis (BIA) for several systems • Worked on a NIST SP 800-53 based Manual of Security Policies and Procedures for the Department of Housing and Urban Development Office of the Inspector General (HUD-OIG) and the Office of Personnel Management (OPM) • Wrote white papers on DIACAP and on how to save money by utilizing common security controls 9/2005-10/2005 Quasars, Inc – Washington, DC – Information Security Engineer • Developed an SSP, a contingency plan, and other C&A documents in accordance with federal standards • Provided policy guidance for the Department of Education’s systems and information security C&A support for applications and systems in accordance with appropriate customer policies and processes • Helped to develop their personnel security policy and procedures 3/2005 – 8/2005 DSA, Fairfax, VA – Security Analyst • Played an active role in the C&A process of 150 Veterans Health Administration (VHA) sites • Conducted security assessments (based on NIST SP 800-53) at 20 VHA medical centers • Analyzed data, produced reports, and made recommendations based on findings 2/2004 – 3/2005 Anteon Corporation, Fairfax, VA – Program Administrator III • Securely configured over 100 switches for the US Coast Guard’s (DHS) W2K3 enterprise network and troubleshot and re-configured switches by remote login • Contributed to the physical and environmental security of server rooms at 120+ US Coast Guard sites • Provided logistical support for the Coast Guard’s enterprise migration, gathering, categorizing, and compiling data on 120+ sites and over 580 servers • Directly involved in grooming and pre-site preparation for the 40,000 seat migration effort from Microsoft NT 4.0 server to Windows server 2003 & Exchange 2003: scope analysis, subnetting, server builds, scheduling equipment deployment, and resource management • Manned and maintained the help desk and built workstations for DC Fire & EMS 8/2003 –1/ 2004 Mainstay Enterprises, Inc. – Fairfax, VA - Junior Security Analyst • Assisted senior engineers in the C&A of the FAA’s NAIMES Master Network using a NIST SP 800-30 based methodology to calculate attack likelihood and CIA impact and risk level • Edited and wrote quantitative risk assessments that rated affected assets based on their strengths and weaknesses • Calculated a risk rating for each vulnerability in terms of CIA • Helped to prepare the SSP in accordance with NIST SP 800-18 OTHER PROFESSIONAL EXPERIENCE 1991 – 2003: Teacher/Self-Employed: Michael English School/EverGlory Publishing – Japan, Korea, Thailand, Taiwan, Guam & Florida • As a small businessman and teacher in Japan, Korea and Thailand, taught English as a second language, computers, and American culture at various schools, including Yonsei University in Seoul • Created hundreds of fun games for teaching English as a Second Language • Used my experience in teaching to write, and then publish through my own company, a set of books entitled “Can You Relate?” which enjoyed some success in the foreign market • Owned a successful English conversation school in Japan • Taught 4th grade in Guam and Junior High Science in Florida PUBLICATIONS Bendel, M. (2006), An Introduction to the Department of Defense IA Certification and Accreditation Process, Lunarline, Inc. Bendel, M. (1996), Can You Relate? Book One and Book Two, Everglory Publishing LANGUAGES: English & Japanese REFERENCES: Available upon request. |
