Professional Documents
Culture Documents
Charles S. Kirkpatrick
Charles S. Kirkpatrick
EDUCATION:
West Virginia State University, Institute, WV; Bachelors of Science in Communications. Graduated:
December 2009.
CERTIFICATES:
CASP CompTIA Advanced Security Practioner CE certified
CompTIA Security+ ce certified
CompTIA A+ certified
CISSP IN PROGRESSPROFESSIONAL EXPERIENCE
TRAINING:
Cyberspace and Cybersecurity course at University of Maryland University College for the Cyber Security
Master’s Program (6 Hours completed). December 2011
Department of the Army Certificate of Training for Information Assurance Fundamentals (40 Hours). May
28, 2013
Risk Management Framework experience 2014 to present day.
EXPERIENCE:
Responsible for providing policy compliance measuring NIST 800-53 Controls, and FRTIB system boundaries. My
duties consist of analyzing risk (likelihood, and impact) for various FRTIB systems and policy. Providing support to the
Responsible for providing ACT Adaptable Capability Test risk assessments to the CMS customer. Primary
responsibilities are perform risk assessments using the ACT structure starting with a prelim meeting presentation,
next an assessment test plan meeting/report, then we conduct the risk assessment questionnaire / document review
along with the security technical testing. Finally we provide the customer with results of the assessment with a
technical CAAT file and Security Assessment Report with all the details outlined in the assessment. Once the
assessment evaluations has been taken care of we provide the customer with the security package with test results,
reports, findings, remediation strategies, email correspondence, artifacts, and system documentation.
Responsible for providing governance and compliance classified systems for all Two Six Labs accreditation systems.
Monitoring all systems Two Six Labs and prepping information security package in OBMS and EMASS. With the
guidance of Risk Management Framework and NIST. My duties consist of combining scorecard findings and brief
senior staff, providing an overview of the vulnerabilities of military networks, mission systems, and Harding systems
to reach system accreditation.
Lead Cyber Defense Risk Analyst (Connection Approval) Booz Allen Hamilton
02/2018 – 10/2018 Arlington, VA
Responsible for providing leadership supporting Joint Service Provider (JSP) applying Risk Management Framework
to their Connection Approval team for all external systems. Also, support Assess Only systems. Duties consist of
combining scorecard findings and brief senior staff, providing an overview of the vulnerabilities of military networks,
weapon systems, and installation using (DCS) Defense Cyber Scope. Also, other duties consist of system portfolio
management, reviewing & approval of (SCA) Security Control Assessments, and Certification & Accreditation
assessment packages. During assessments I review ACAS/ Nessus scans & DISA STIG findings and create an analyst of
the likelihood and impact of each vulnerability. Utilizing Splunk to pull system statistics and audit logs. Reviewing
remediation plan of systems vulnerabilities so they can gain an "ATO". Experience in reviewing system
implementation of FedRamp policies. I also provided oversite and compliance of Amazon AWS system. We assess
CCRI and Splunk risk scores to gage the system posture. Working with a cohesive team in Joint Staff CIO team to
develop a common control catalog & cyber manual to help bolster Joint Staff's cyber policy. Also providing (CMRS)
Continuous Monitoring with status updates and leveraging the repository tool EMASS.
Responsible for providing risk assessment for the Department of Interior Client. I provide Security Authorization
Assessments (SA&A), Security Control Assessments (SCA), Privacy Threshold Assessments (PTA), Privacy Impact
Assessments (PIA), 1/3 security control assessing, and Compliance of system reviews. Also, my experience in this role
includes analyzing Security Assessment Reports (SAR), Security Assessment Plan (SAP), reviewing Nessus Database
and web application scans, Remediation of findings (POA&M report), guidance of security control inheritance,
guiding & training new staff on processes of our assessment procedure, reviewing FedRAMP packages, and
conducting meetings with system stakeholders on the current activities or the final assessment findings. Periodically
travelling to Denver to assess different systems while keeping a professional rapport with the DOI client.
Responsible for providing supporting collaborative efforts for National Guard Bureau on updating there cyber policy
from DIACAP to (SP 800-37) Risk Management Framework. Duties consist of combining scorecard findings and brief
senior staff, providing an overview of the vulnerabilities of military networks, weapon systems, and installation using
(DCS) Defense Cyber Scope. Also other duties consist of system portfolio management, reviewing & approval of
(SCA) Security Control Assessments, and Certification & Accreditation assessment packages. During assessments I
review ACAS/ Nessus scans & DISA STIG findings and create an analyst of the likelihood and impact of each
vulnerability. Reviewing remediation plan of systems vulnerabilities so they can gain an "ATO". Experience in
reviewing system implementation of FedRamp policies. I also provided oversite and compliance of Amazon AWS.
Working with a cohesive team in NGB J6/CIO team to develop a common control catalog & cyber manual to help
bolster NGB's cyber policy. Also providing (CMRS) Continuous Monitoring with status updates and leveraging the
repository tool EMASS.
Measure NIST 800-53 Controls, and DHS 4300 Controls to various DHS systems. Analysis risk (likelihood, and impact)
for various ICE systems and policy. Experience in Ongoing Assessments, SCA’s, POA&M remediation, conducting
assessments, analysis waivers. Analysis scans: Nessus, DB protect, and Webinspect. Maintaining FISMA guidelines,
making sure all systems are up to (ATO) authority to operate by DHS standards, reviewing (CIA) of the contingency
plans and security system plans. Quantitative analysis of RMF and all DHS/ICE systems. Security servers, mobile
applications, patching, exchange, and remote access. Preparing monthly reports, and quarterly reports. Over seeing
ISSO’s artifacts, POA&M status, document review, rev.3 or rev.4 compliant, and creating waivers. Experience in
reviewing system implementation of FedRamp policies. I also provided oversite and compliance of Amazon AWS &
Microsoft AZURE. While holding a steading rapport with the government client.
Provided information technology support services for the Navy & Marines system and network assistance on
classified and unclassified networks. Provided experience and sound judgment as well as being able to follow pre-
established procedures and instructions to identify issues like 802.1x, port security, secure classified MAC address
locked floors, and resolve technical problems including classified mobile devices, and used Kerberos protocol for
scan to file. Documented, tracked, and monitored problems to ensure timely resolution of each assigned ticket
through the Remedy and HP Service (SM7) ticket systems to ensure timely resolution.
L-3 Stratis
Tier II / Tier III IT Specialist
09/12 – 07/13 Pentagon, Washington DC Hoffman Building, VA
Configured workstations to meet security requirements, Active Directory & Active Client, Conducting CAC
PIV’s, install/remove computer units.
Reimaged computers using Sympantics /Altiris, prepping hard drives, configure local and network printers,
mapping printers, replaced parts in computers and printers.
Migrated Domains, Operation Systems (Upgrade), Backup data to shared drive,
Provided Blackberry support.
Configured Outlook Enterprise Emailing system, VPN SSL Pentagon and Juniper set up, using remote system
Dameware.
Conducted EFS provision and re-provisioning of CAC Cards and set up user accounts.
Handled password resets, activate Microsoft Windows, Warranty Checks, Lifecycle replacements.
Troubleshot and resolved trouble tickets related to technical difficulties with hardware, software, and the
network.
Resolve network switch and connectivity issues.
Collaborated with Tier I and Tier IV. Validated issue resolution on the customers’ behalf. Verified, with the
customer, that the issue was resolved and updated the ticket system.
Trained newly hired Tier I, Tier II, and Tier III technicians.
Award:
Fort George G. Meade Commander’s Certificate of Excellence. April 15, 2013