Mimi Herrmann

Engineer, implement, monitor and document security controls for the protection of computer systems, networks and information assets; conduct internal security compliance audit, and assist/support external audits; participate in the development and maintenance of key security artifacts/documents supporting a formal security certification and accreditation process; support security remediation efforts with other IT teams; develop security policies, standards and procedures in response to compliance requirements; conduct system, network and datacenter security architecture reviews; propose new security solutions to address future security challenges, conduct proof of concept; configure and troubleshoot security infrastructure system and devices; develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks; maintain and operate security solutions to ensure optimal operating state; ensure that the company knows as much as possible, as quickly as possible about security incidents. Isphi Information Systems d/b/a ISHPI

Juneau, AK, and Washington, DC United StatesJuly Network Security Analyst: Provide analytic and technical expertise to Cyber Security teams using vulnerability management, endpoint protection, and analytical auditing software. Create custom queries and reports to provide requested data to teams. Assist in creating database with analytical data to assist with correlation of risks and threats. Assist with implementation and installation of vulnerability management hardware and software as requested. Maintain and administer the Enterprise computing systems to meet the DoD mandated security requirements and directives. As an adjunct, assist ISSO on systems in D17 and HQ and work with the technical staff and program managers to draft, review, approve and disseminate C&A documents for all programs and systems. Continuously review, analyze and update USCG system security policies, risk assessments, vulnerability assessments and other documents to ensure that the development of C&A documentation is in compliance with the most recent, appropriate regulations and standards.

Pre-sales support of Tenable product line, including Nessus, Security Center, Passive Vulnerability Scanner, and Log Correlation Engine. Assist in evaluations; write proposals and white papers; respond to RFPs; write and deliver presentations online and in person. Install, maintain, and use products in a virtual lab setting, using VMWare and other tools. Perform installs, walk-throughs, and training on-site and through desktop sharing application. Attend and present at conferences, shows, and quarterly roundtables. Advise on government and industry standards such as SOX, FISMA, PCI, etc.

DoD Contractor in the Information Assurance division within the 93d Signal Brigade(NETCOM). Advise and assist installations in the 93d's AOR(Area of Responsibility) on DoD/Army regulation, policy and best practices to assure information security. Travel within AOR to assist with hands-on issues relating to IA inspections. Respond to RFIs about Army regulation and policy relating to IA. Provide weekly briefings on IA posture to 93d IAPM(IA Program Manager). Provide technical assistance regarding IA tools such as vulnerability scanners, IPS/IDS, and patching utilities to AOR as needed. Respond to customer questions and issues. Maintain relationships with McAfee Sales and Support personnel. Products used include ePO, Retina, Snort, Bluecoat, Websense, Bitlocker. 

Pre-and post-sales support of entire McAfee product line, especially Risk Analysis and Compliance products and IDS products. Assist in evaluations; write proposals and white papers; respond to RFPs; write and deliver presentations. Meet with product management and development staff to help drive product direction. Install, maintain, and use products in a virtual lab setting, using VMWare. Write and test SQL queries to massage and report data. Edit or create scanner checks using Jscript/ECMAScript. Perform installs, walk-throughs, and training on-site and through desktop sharing application. Write and test comparative analyses of McAfee products versus other companies' offerings(Awareness of and consultation on governmental and DoD regulations such as FISMA, AR 25-1, 25-2, and PCI regulations. Served by request as company technical contact for large(200, 000 node) named account. Previously, serve as team lead of the post sales team for risk analysis software and appliances. Support pre-and post-sales customers via phone, email, and desktop sharing in configuration and administration of network scanning engines, web management systems, and databases. Perform installs, walk-throughs, and training on-site and through desktop sharing application. Screen Actors Guild-Producers Pension and Health Plans

Principal member of the IT services team, directing network admins in attaining department goals. Responsible for overseeing and administrating all perimeter and internal security procedures of the company. Set security policies for and administered company firewalls and perimeter routers. Designed and architected security systems and networks to protect server farms, including assessing different vendors and penetration testers. Set up user internet access policies and accounts. Drafted company security policy. Monitored and reported on system logs relating to internet access. Set up and maintained VPN between company and various vendors and users. Assisted and consulted in setup and maintenance of ftp, web, and webmail servers for the company. Assisted with preparation of disaster recovery site. Presented proposal(later implemented) for reorganization and renumbering of company's network. Products used include Gauntlet, Cyberguard, Cisco VPN, Outlook Web Access/Exchange, PGP, MS Certificate server, sendmail, netcat, Nmap.

Went on sales calls, met with prospective customers to discuss network needs. In response to RFPs, architected and implemented solutions to customer network security problems. Wrote proposals for engineered network security solutions. Performed demos of CyberGuard' sproducts at trade shows and customer sites. Performed installations of CyberGuard products at customer sites and integrated CyberGuard's products with the rest of the customer's network, including DNS, email, and load balancing. Provided training for customers/resellers in network security and CyberGuard's products. Provided pre-sales and post-sales support to users on both UNIXWare and NT platforms of CyberGuard's products, and associated OS-related problems, DNS, mail, routing, and other protocols. Managed a test/lab network of machines to simulate customer problems and situations. Acted as second-level backup to Technical Support team. Wrote white papers, articles, and technical support documents as needed.