MARK WILLIS, CSSLP
Email: [Send email using form at bottom]   
Cell: (540)-270-4778

SECURITY CLEARANCE
		
		Top Secret/SCI (Granted 2007) – Still active	
	
EXPERIENCE  

	August 2008 to May 2009  SpearTip Technologies - Senior Security Consultant

•	Work consisted of writing information security reports (10 to 60 pages in
length) for various organizations.  These reports contained high level executive
summaries as well as detailed technical findings.  The reports focused on Web
Applications, External and Internal Networks and Application Source Code.
•	Wrote essays that were accepted by the International Security Consortium in
order to develop the test bank for the upcoming Certified Secure Software
Lifecycle Professional (CSSLP) exam.  These essays were later developed into a
whitepaper that was published by SpearTip Technologies on their website.
•	Performed Secure Code Reviews for various organizations to include manual
review and static code analysis using Fortify Source Code Analyzer (SCA). 
Successfully completed the Fortify (SCA) Professional Training and Final Exam.
•	Performed External and Internal Network Security Testing for various
organizations using tools such as NMAP and Nessus.
•	Performed Web Application Penetration (Ethical Hacking) Testing for various
organizations using manual review and tools. 
•	Received the Secure Software Lifecycle Professional (CSSLP) Certification


1998-2008   Northrop Grumman 

Senior Software Engineer/Technical Lead

•	Designed and developed the Serious Incident Report (SIR) module for US ARMY
INSCOM.  Work consisted of designing all database tables, views, stored
procedures, and DTS packages within MS SQL Server 2000/2005 as well as all source
code and GUI in Visual Studio 2005 using ASP.Net/VB.Net.
•	Managed the Analysis, Design, Development, Implementation, and Support of
Visual Studio.Net web project tasked to develop a Personnel Management
Application that populated the INSCOM Core Database.     
•	Managed the Analysis, Design, Development, Implementation, and Support of
Visual Studio.Net web project tasked with converting a legacy PowerBuilder
client/server application to a web based application.  
•	Managed the day to day operations and personnel assigned to both above named
projects (3 personnel).
•	Built and implemented the following tools:  .Net custom control object for
Crystal Reports that developers could drag and drop with embedded object oriented
code for complete reusability, datagrids with template columns that allow users
to perform mass updates, custom connection classes, advanced password encryption
techniques, search tools, integration of online web help, Crystal Reports with
export capabilities, dynamic reporting capabilities, automatic email of
information to new and existing users.  Programming languages used were VB.Net,
ASP.Net and HTML.    
•	Responsible for building and deploying all .Net applications to development
and production web servers.   
•	Analyzed, Designed and Implemented the technical framework and policy within
both .Net applications that standardized all Crystal Report development.
•	Configured Microsoft Internet Information Server (IIS) 5.0 virtual directories
that allowed local users to login to a Visual Studio.Net web application without
using a password.  
•	Wrote and tested stored procedures that allowed INSCOM users to add, delete or
modify NSA personnel as well as run critical de-confliction reports as requested
by NSA General Officers.   
•	From 2000 to 2005, represented INSCOM as the IT liaison to NSA in order to
facilitate the integration of INSCOM and NSA systems that house critical DOD
personnel information of over 4,000 personnel.  This included building an NSA
Center within the .Net application that housed all INSCOM/NSA related reports.  

•	Directed the efforts of 2 contractors to provide personnel data to NSA. 
Briefed senior INSCOM and NSA personnel on the status of work completed. 
Attended meetings at NSA regarding IT policy, coordination and implementation. 
Managed the overall IT policy of data exchange between INSCOM and NSA.  Built
entire NSA Center that housed reports to ensure NSA data integrity.   
•	Wrote Microsoft Data Transformation Services (DTS) packages that loaded
personnel data from staging databases to production databases. 
•	Briefed INSCOM Senior leadership on the status of all projects and projected
endeavors on a regular basis. 
•	Designed and developed software based training program for over 300 INSCOM end
users.  This included the software selection, development, test planning and
deployment of these tutorials.  The overall efficiency and success on this
project saved our contract at least $100,000 and six months of manpower labor.
•	Designed and developed client/server financial application used by all INSCOM
Major Subordinate Commands and 300 personnel around the world.  The strategic
vision and overall leadership involved in this project encompassed the entire
Systems Development Life Cycle (SDLC) and led to current management position.

1996-1998 	Counterintelligence Agent 	U.S. Army	V Corps  

•	Managed the intelligence activities, reports and ad hoc support to 15
counterintelligence teams (50 personnel) during Operational Joint Guard,
Bosnia-Herzegovina.  Reported counterintelligence status directly to General
Ellis and his staff on a daily basis. (1998).
•	Commanded the counterintelligence OPFOR force (10 personnel) that penetrated V
Corps counter terrorism and subsequently led 3 counterintelligence agents to
receive the Army Achievement Medal.  
•	Managed the successful completion of more Personnel Security Clearance Cases
than any other agent in V Corps.  (1997).
•	Conducted Security/Vulnerability Assessments of all major installations and
choke points in the Northern Bosnia Theater. (1996). 
•	Developed US Army information security program currently being taught at the
U.S. Army Intelligence School, Ft. Huachuca, Arizona (1996).

1994-1995 	Counterintelligence Agent 	U.S. Army 	Fort Monmouth, New Jersey

•	Co-led over 160 counterintelligence missions in Haiti.  These missions
gathered critical and sensitive information significantly contributing to a zero
casualty rate of U.S. soldiers from May-November 1995.
•	Supported the U.S. Communications and Security Command, Fort Monmouth, New
Jersey by providing information warfare and counterintelligence support to all
subordinate programs such as J-STARS and Night Vision.

EDUCATION
•	Juris Doctor, George Mason University School of Law (May 2004) 
•	Masters of Science, Management Information Systems, University of Maryland
(1998)
•	Bachelors of Arts, International Relations, California State University, Chico
(1991)

	
CERTIFICATIONS

•	Secure Software Lifecycle Professional (CSSLP) - 2009
	
	TECHNICAL EXPERIENCE
	
•	Computer Programming: VB.Net, HTML, SQL, XML, PowerBuilder
•	Database: MS SQL Server (2000/2005), MS Access, Sybase SQL Anywhere
•	Security Software: Fortify SCA, Nessus, NMap, Paros
•	Management Tools: Excel, PowerPoint, Project, Word, Visio   
•	Operating Systems:  Windows NT, Windows 2000, XP
•	Web:  IIS 5.0/6.0, .Net Framework 1.0, 1.1, 2.0
•	Data modeling: Erwin, BP Win    
•	Online Tutorials: Camtasia, Lotus ScreenCam


FOREIGN LANGUAGES
		DOD tested and certified: French, German, Spanish