Faisal M.

Rana
Burke, Virginia 22015-2557, USA (989) 278-8016-Work (703) 499-0376-Cellular Email: faisal@faisalrana.com Summary Strategy & Compliance Program management Systems Risks Knowledge Management Technology Operations CRM Linguistics Telecommunication Governance Identity Management Education 2004 2012 Ph.D., Information Systems, (All But Dissertation, Main course work completed) Concentration in Policy and Security Nova Southeastern University, Ft. Lauderdale, Florida Master of Science Certificate Course work in Information Architecture Capitol College, Laurel, Maryland Master of Science in Network Security (Information Assurance) Capitol College, Laurel, Maryland Master of Science in Business Management & Administration Boston University, Boston, Massachusetts Bachelor of Science in Aviation Management Southern Illinois University, Carbondale, Illinois Policy & Compliance Information Assurance Disaster Recovery Management OPSEC Management Project Management OPERATIONS Harbor Defense & Port Security E-GOVERNMENT DIGITAL MARKETING CONGRESSIONAL LIAISON Policy Management Operations Management Assessments Management (Risks) InfoSec Management ORGANIZATIONAL STRUCTURE OSINT Mitigation management VULNERABILITY MANAGEMENT DISASTER RECOVERY & COOP FACILITATOR

2004 2004 2002 2004 1992 1993 1989 1992

Certification & Training 2007 2008 2007 2008 2004 2005 2003 2003 NSA-IAM, NSA-IEM (NSA Certified) (INFOSEC Assessment Methodology (IAM), (INFOSEC Evaluation Methodology (IEM) CISSP, CISM & PMP course work completed System Administration in Information Security (NSTISSI 4001 and 4013) Certificate Nova Southeastern University, Ft. Lauderdale, Florida Unit Anti Terrorism Advisors Course United States Army Military Police School, Fort Leonard Wood, Missouri The OPSEC Fundamentals, Policy, Compliance & Governance, The OPSEC Program Managers Course, Threat Research for OPSEC, Web Vulnerabilities, OPSEC Practitioners Course and Public Safety Course , IOSS, Greenbelt, Maryland

2003 - 2004

Experience 2010 2013

Senior Consultant, Information Assurance and Information Operations Compliance and Governance Officer (USAFRICOM, C4S HOA (Horn of Africa), INUPIAQ

FAISAL M. RANA

Page 2
Responsible for development and implementation of a viable Information Assurance program throughout the Horn of Africa, to include all Forward Operating Bases (FOB's) throughout Ethiopia, Kenya, Somalia encompassing the USAFRICOM C4S HOA (Horn of Africa) Area of Responsibility (AOR) Conducted extensive vulnerability assessments of all C4S HOA assets, infrastructure, and associated Program of Records. Findings documentation incorporated into a viable IA program for the C4S HOA. Performed DIACAP Certification & Accreditation evaluations of the Djibouti Enterprise Area Network and all Program of Records throughout USAFRICOM Horn of Africa to include drafting for submittal to the DAA, all associated Memorandum of Records for connectivity. Addressed and documented all Cyber Command Readiness Inspection (CCRI) findings noted during inspection conduced in September 2010. Developed implementation plan for the DISA Vulnerability Management System (VMS) o Trained key IA personnel in deployment and maintenance of VMS o Provided way forward in utilizing VMS for mitigating & remediation of all outstanding Category I & II findings & briefed DAA on all current vulnerabilities & mitigation plan. Assisted DAA & Information Assurance Manager (IAM) in gathering DIACAP documentation for upcoming Approval to Operate (ATO) annual refresh. Performed assessment of current on site documentation & artifacts to meet DIACAP Controls Directed Retina & Gold Disk vulnerability assessments of current C4S HOA assets & conducted remediation/mitigation of findings resulting in improving HOA compliance from a previous compliance level of 30% to its current compliance level of 95%. Provided detailed IA training to DoD & Contractor staff throughout C4S HOA to include IA compliance, risks & risk mitigation. Assessed current tier 2/1 firewalls & conducted audit of all Access Control Rules

Environment: Sidewinder Firewalls, Windows Servers, Cisco Routers & Switches, Retina, VMS, HBSS, Taclanes, DIACAP 2007 2010 Managing Principal Consultant, Information Assurance and Information Operations, Dept. of Labor, INUPIAQ, Washington, DC Project Lead for TIC, MTIPS at US. Dept. of Labor, Provided Subject Matter Expertise (SME) support for various governments contracts in the Information Assurance area and successfully implemented information security policies and Procedures Lead a team of information Security professional that carried out the Certification & Accreditation functions Managed the data classification initiation and risk categorisation of information assets Directed the team efforts providing the identification and migration of risks in IT and business systems Provided subject matter expertise (SME) for Successful implementation and information security policies & procedures Lead the development of Security strategy in support of business strategy Oversaw the implementation of network security at the corporate level 2005 2007 Managing Consultant, Telecom, Security, Wireless, Privacy and Governance IBM, Fairfax, Virginia Managed various Security projects within the IBM Security practice (Risk Assessments, Policy and compliance (FISMA) and content analysis) Managed and Directed the Infrastructure group that performed network, system and firewall administration functions at the National Defense University (NDU) Served as a SME for National Defense University (NDU) IT team Lead the team drafting policies and procedures Managed a team of 48 personnel at NDU that provided complete IT support (Help Desk, Software Development, Infrastructure and Network Operations Centre) Lead Security for DOJ United Financial Management System (UFMS) (Requirements) Provided management support (SMEs) for wireless government contract Managed and implemented all web content and online initiatives for the

FAISAL M. RANA

Page 3
customer, in support of the vision and strategies of the enterprise Facilitated communication between divisional staff and the Web Content Coordinators Planned, directed, and coordinated project management aspects of all information security projects Liaised with project stakeholders on an ongoing basis Determined and assessed the need for additional staff and/or consultants and make the appropriate recruitments if necessary during project cycle Where required, negotiate with other department managers for the acquisition of required personnel from within the company Effectively communicated project expectations to team members and stakeholders in a timely and clear fashion Estimated the resources and participants needed to achieve project goals Set and continually managed project expectations with team members and other stakeholders Identified and managed project dependencies and critical path Planed and scheduled project timelines and milestones using appropriate tools Developed full-scale project plans and associated communications documents Defined project scope, goals and deliverables that supported business goals in collaboration with senior management and stakeholders Oversaw the implementation of network security at the corporate level

2004 2005

Information Systems Security Officer (ISSO) (Information Assurance) BAE Systems, FBI, Quantico, Virginia Managed the security teams conducting Vulnerabilities, Network Scans and Penetration testing of the networks, Data Centres, Risk Assessments, Penetration testing and Mitigation for various divisions within the agency Directed the security teams conducting Vulnerabilities, Network Scans and Penetration testing of the networks, Data Centres, Risk Assessments and Mitigation for various divisions within the agency Managed and coordinated the team that reviewed the C&A reports and checked for FISMA Compliance

2003 2004

Program Manager Level III (Information Assurance), ZH Tech, Government of the District of Columbia, Washington, DC Managed the translation of statutory and regulatory workforce requirements and policies into management information systems requirements and of evaluating impacts of new policies on source data systems (NISPOM) Managed and directed IDS monitoring teams Directed, managed and participated in the strategic planning and management associated with current, new and emerging Defense Acquisition Workforce Improvement Act (DAWIA) data requirements and to oversee and execute management information system projects and ongoing processes Oversaw the quality of final deliverables Lead the team drafting Security standards, processes, policies and procedures and implementation of methodology Managed and directed the Penetration testing teams Coordinated, managed and provided insight on vulnerability scans and Nessus Provided guidance on security testing techniques Managed Security testing and SDLC Managed and directed teams from IBM and BearingPoint conducting Vulnerabilities, Network Scans and Penetration testing of the networks, Data Centres, Risk Assessments and Mitigation for various agencies within the District of Columbia for compliance to NIACAP, OMB Circular 130-A, FIPS 199 and (HIPPA), STIG, NIST (800 standards (800-18, 800-53, 800-30) , FISMA. Also, managed, directed and coordinated the OPSEC, Public Safety/Anti Terrorism training for the all agencies within the District of Columbia government Anticipated the implications and consequences of situations and took appropriate action for possible contingencies

FAISAL M. RANA

Page 4
Assimilated the requirements, conceptualized an approach to meet the requirements and effectively communicated the concept and embedded details to the operational team Supported the managers in delivery, including the successful execution and implementation of contracted services Managed a team of security professionals conducting physical, parameter security and Security Test and Evaluation (ST&E)/IV&V activities that included: Assembled site C&A packages for the Departments within the District of Columbia Lead the site assessment teams Conducted in-briefs and out-briefs Conducted interviews of site personnel Conducted physical security inspections Completed security control validation checklists Reviewed and analyzed configuration audit and vulnerability scanner results Assimilated the requirements, conceptualized an approach to meet the requirements and effectively communicated the concept and embedded details to the operational team Supported the managers in delivery, including the successful execution and implementation of contracted services Oversaw the implementation of network security at the corporate level

2002 2004

Maryland Army National Guard (MDANG), Joint Web Risk Assessment Cell (JWRAC), DISA, Arlington, Virginia [Active Duty in 2003 (February to August)] Conducted threat and vulnerability assessments for the US infrastructure Taught system security management and vulnerability management Conducted vulnerabilities and risk assessments for the executive branch and various branches of the government Performed Security Test and Evaluation (ST&E)/IV&V activities

2002 2002

Director VERITECT, VERIDIAN Reston, Virginia Managed a team that managed the Network Security and monitored the Intrusion Detection Systems (IDSs) at the US Bureau of the Census Directed the clean-up efforts of the Cisco Security Policy Manager (CSPM) logs Advised the client on the security, intrusion and prevention, incident handling, policy & planning Directed the Implementation of the procedures for detecting, deterring, assessing, warning, responding and investigating unlawful acts of terrorism in the cyber space arena that posed a threat to the critical infrastructure within the Census Bureau (Census Data)

2001 2002

INSCOM, FT. Belvoir, VA Lead, Instructed and performed cross-cultural briefs and area sensitivities etc. Conducted threat and vulnerability assessments Involved in the assessment of Physical security parameter security and air surveillance with multi-national forces in OEF (US Embassy and Kabul Airport, Kabul, Afghanistan, Bagram Airbase, Afghanistan and Kandahar airport, Kandahar, Afghanistan)

1999 2001

Country Manager/COO (Operations), InfoGrid Systems International, Reston, Virginia Directed the business and communication services to various Middle East companies including Al Mirmah Trading Est., Soroof Networks (VOIP), and consulted with Saudi ARAMCOs remote monitoring pilot project of the oil wells in the Empty Quarter. Also, directed, managed and coordinated the creation of an intranet to connect services. Provided assistance to the American Consulate in Dhahran for satellite connectivity and surveillance of the Consulate parameters via remote monitoring

1998-1999

Chief Information Security Officer (CISO), E-Commerce Projects OneSoft Corporation, McLean, Virginia

FAISAL M. RANA

Page 5

Managed e-commerce sites using extensible commerce solution built on OneSofts Internet commerce software, One Commerce. Directed the project managers that provided the customers with a complete and comprehensive enterprise-level Internet customization Coordinated the extension of One Commerce to meet rapid changes in business, technology, and customer relationships Managed and directed the implementation of a system security and encryption system (e-mail and documentation) for the worldwide expatriate extranet. Facilitated the configuration and implementation of new client servers Managed and implemented all web content and online initiatives for the customer in support of the vision and strategies of the enterprise Facilitated communication between divisional staff and the Web Content Coordinators 1996 1998 Senior Program/Project Manager Consulted under various contracts for AT&T, Nextel, US Aid and US Postal Service, providing services ranging from full project management to implementing specific tasks Briefed & instructed the teams in the low Middle Market groups (AT&T) for the performance of the assigned tasks Managed all aspects of a project, ranging from establishing specific goals and roadmaps, to training people, to interfacing with customers Established project plans including requirement documentation, schedules, risk assessments, and resource allocation Provided business plans including financial management systems and E-Commerce management and support Coordinated various customers and departments to meet project objectives Developed and implemented information system standards, procedures, and guidelines including system security and encryption aspects Managed the installation of telecommunication systems including improved access to the Internet Managed and participated in the proposal writing efforts Managed and directed the development of Telecom solutions with high level of complexity and integration using the EAI to multiple back-end systems, network element and touch point Managed cross-functional teams across the country and cross-functional responsibilities Managed the complete SDLC and implementation/integration process following the business analysis and requirement management Lead the Telecom Technology management and operations for the low middle markets at AT&T 1993 1996 United States Coast Guard, Washington, DC Operations Officer

Served in various capacities including Operations Officer, Program Manager, Project Manager, Cultural Liaison Officer, Port Security Officer, Harbor Defense, HUMINT, CI Manager, System Administrator Manager, Financial Analyst, Contract & Procurement (COTR) Manager, Budget Manager, Leadership and Career Development program manager Briefed and instructed the teams forward deployed in SWA, CENTCOM AOR regarding the area, sensitivities and other security issues in the region Conducted HUMINT and CI mission throughout SWA against enemy threat from the sea in conjunction with Harbor Defense and Port Security Managed, supervised and conducted Harbor Defense and Port Security Operations in SWA to safeguard the naval assets Served as an international liaison for the multinational task force in South West Asia. Contracting officer (COTAR) for the office of Personnel Budget and Resource Manager for the division Oversaw and prepared the preparation of presentations, speeches, position papers and reports of studies that were conducted service wide Served as an international liaison for the multinational task force in South West Asia

FAISAL M. RANA

Page 6

Manager of International Services, encompassing media relations, business development, negotiations, contracting, leasing, contracting services for catering, transportation and general operations for the Allied forces Project Manager for the Coast Guard Assessment (for the entire service). Initiated and supervised preparation of purchase requests for major information technology systems, as well as office equipment and supplies Managed the System administrators for the Directorate of Human Resources Large Unit Fina ncial Systems (LUFS), which was utilized by more, then 200 personnel. Responsible for day-to-day management of the financial systems database and proper system operations Prepared budgets and supporting justification for the Office of Leadership and Career Development within the Human Resource Directorate, totalling over 1 billion dollars annually. Conducted comprehensive budget review of programs, and identified short and long issues and priorities 1989 1993 Craven Community College, New Burn, North Carolina, MCAS, Cherry Point, North Carolina, MCAS, Iwakuni, Japan and NAS, Cubi Point, Philippines Served as Language Instructor for Marines and Sailors deploying to the SWA region for Operation Desert Shield/Desert Storm Designed and developed the lesson plans and language training support packages for deployment to SWA Mentored and coached the Marines deploying to the SWA theatre within the 1st and 2nd Marine Air Wings who wanted to be well versed in the languages & dialects and cultures of SWA within the Arabian Peninsula. 1989 1996 Served as First Aid and CPR Instructor American Red Cross, MCAS, Cherry Point, NC, Iwakuni, Japan, NAS Cubi Point, Philippines, Washington Metro Area Designed and developed the lesson plans and training support packages Instructed fellow Marines who wanted to be certified ARC instructors for first aid and CPR Assisted the counterparts in the submission of all teaching materials 1988 1993 Aviation Systems Analyst (Information Assurance) U.S. Marine Corps Air station, Cherry Point, North Carolina Served as Aviation Logistics Systems Analyst, UNIX System Administrator, Configuration Management, System Security, Training, Information and Quality Assurance. Served as Information Assurance Analyst and QA/QC POC for the group that comprised of eight active fighter squadrons Served as a Military Police member and provided Physical and Parameter security for the Airfields at MCAS, Cherry Point, MCAS, Iwakuni, Japan, NAS, Cubi Point, Philippines and the Naval Magazine Cubi Point, Philippines. Used various surveillance techniques and procedures including dogs and electronics Provided airfield parameter and airport security at King Abdul Aziz Airbase, Dhahran, Saudi Arabia and Bahrain airbase, Manama, Bahrain, Jubail port facility terminal, Jubail, KSA and Dammam Port, Dammam, KSA Provided Infrastructure protection, Merchant Vessel Inspections, Video Vehicle surveillance, Personnel screen, Rail car Inspection Lead the Marine Security teams to protect the oilfield infrastructure and export port terminals Employed various surveillance techniques for the protection of the oilfields and the refineries Enhanced the existing DAR (Daily Audit Reports) analysis program for implementation throughout the Navy and the Marine Corps Completed security control validation, reviewed and analyzed configuration audit and vulnerabilities Prepared and presented oral and written briefings for Group war readiness to the Commanding Officer regarding the status of aircraft readiness

Professional Affiliations

IEEE, AFCEA, IATFF (Information Assurance Technical Framework Forum), ISACA (Information Assurance Audit and Control Association), AFCEA (Armed Forces Communications and Electronics Association), ASIS (American Society for information Science and Technology), ISSA

FAISAL M. RANA

Page 7
(Information Systems Security Association), CSI, (Computer Security Institute), OPS (OPSEC Professional Society), AOPA (Airplane Owners and Pilot Association), and Civil Air Patrol

Honours and Awards

Two Meritorious Unit Commendations, National Defense Medal, Three Meritorious Unit Citations, and Good Conduct Medal, Coast Guard Medal of Commendation

Languages

Moderate fluency in modern standard Arabic (Speak, read and some writing), Native fluency in Punjabi {all Dialects in Eastern Punjab (India) and Western Punjab (Pakistan)}, Kashmiri, Pothowhari, Saraiki, Sindhi, and Urdu. Fluent in conversational Hindi, Hindko (NWFP), also, rudimentary Dari (Afghanistan), Farsi and Pashto (NWFP, Afghanistan).