CERT-SEI

Staff Profile

Jonathan Frederick

Key Responsibilities

Defense Information Systems Agency (DISA) IA Tools Training (PWS 5-425C) – Transition up to 5 (2013) IA Tools classroom courses a year to the CERT and Fed VTE platforms. Content includes over 150 demonstrations, labs, and lecture components each. Also responsible for providing training team support and supplemental content.

Significant contributions to CyberFlag FY 2012 and 2013 architecture and exercise support.  Responsible for being the subject matter expert for DOD IA tools including  HBSS, ACAS, and Arcsight  and used in multiple exercises throughout the year. 

Professional Background

DISA Field Security Operations Chambersburg, PA

June 2007 – Jan 2010

- Responsible for leading deployment teams tasked with installing, upgrading, consolidating and configuring McAfee security products, Host Based Security System (HBSS), throughout the Department of Defense. Products include ePolicy Orchestrator, Intrusion Prevention, VirusScan, Policy Auditor, Data Loss Prevention, and others.

- Engineered and implemented the consolidation of McAfee ePolicy Servers for thousands of Windows systems across six major Southern Command bases supporting all joint DOD assets throughout South and Central America. Developed procedures, custom policies and reports for each site, and roles and responsibilities necessary for an ongoing successful implementation. The consolidation will result in a cost savings of approximately five hundred thousand dollars annually.

- Assisted sites with evaluating specific security concerns and tuning policies to provide threat mitigation while ensuring no loss in information system functionality.

-  Provided hardening recommendations and policies to all agencies within the Department of Defense.

 - Vulnerability scanner and remediation software escalation team lead responsible for managing four team members tasked with resolving third tier security software issues experienced by customers throughout the entire Department of Defense.

- Evaluated and remediated the Federal Desktop Core Configuration Windows Vista image against security vulnerabilities.

- Researched current vulnerabilities applicable to the Department of Defense and worked with security software vendors to update audits.

 

Pennsylvania Air Force National Guard - Coraopolis, PA

May 2003 – June 2007

U.S. Government Civilian Technician; GS - 11 Pay Grade; 2210 IT Specialist Series

- Responsibilities included a mixed Windows 2003 and NT domain consisting of 20 servers and

over 700 Windows XP workstations.

- Created and updated Certification and Accreditation packages for unclassified and classified networks.

- Implemented and maintained Secure Computing's Sidewinder firewall at the network boundaries and Microsoft's Windows XP SP2 firewall for the enterprise.

- Maintained Internet Security Scanner and Retina Network Security Scanner Suite for vulnerability assessment monitoring and reporting.

- Created Microsoft Systems Management Server 2003, Windows Update Server, and Shavlik's HFNetchk Windows patch deployment processes and reporting procedures.

- Oversaw intrusion detection monitoring and reporting at the installation network boundaries.

- Established local Department of Defense Private Key Infrastructure to mandate smart card logon access and identity access management throughout the organization.

- Managed installation and configuration of three Cisco routers and over seventy Nortel switches.

Education

  • MS, Management Information Systems, Robert Morris University
  • Associates AA, Information Technology, Community College of the Air Force
  • BS, Information Technology, Penn State University

Certifications/Licenses

    Project Management Professional, PMI
    ,Certified Information Security Auditor, ISACA
    ,Certified Information Systems Security Professional, ISC2

Professional Memberships

  • Association for Computing Machinery

Professional Organization Contributions

 Founder and current vice-president of the ISC2 Pittsburgh Chapter established in 2012. (ISC)² is a global, not-for-profit leader in educating and certifying information security professionals throughout their careers.

LinkedIN profile: LinkedIN

 

SEI Blog