Nicole Conill

  Supported the release of the BIFROST Portal through the development, security, operations (DevSecOps) process.

  Developed and used Moderator’s Guide to conduct user interviews with the minimum viable capability release (MVCR). Researched weather personas in the Air Force and Army and applied them to respective tasks within the BIFROST portal MVCR.

  Developed a continuity binder for the incoming lead BIFROST Portal Engineer and any other future incoming BIFROST team members. Involved documenting an overview of BIFROST and its history, and the Lead Engineer’s role and responsibilities.

  Shadowed the Dark Wolf Solutions cyber team to review the security issues in the BIFROST Portal discovered through Hack the Weather. Attended weekly backlogs and syncs to learn the process of how security issues are assigned to team members through Jira. Helped track down hardware and software lists used in the Air Force Weather Virtual Private Cloud (AFW VPC) in the pursuit of continuous authority to operate (ATO).

  Worked with Microsoft Power BI software to create a consolidated visualization of cyber security data for various HBA (Air Force division) programs. Cyber data included Authorization to Operate (ATO) data, Department of Defense Chief Information Officer (DoD CIO) Scorecards, Cyber Hygiene reports, and signed cyber compliances.

  Completed numerous Air Force training courses as seen in the CROWS staff training. Courses were completed through Defense Acquisition University (DAU), Air University (AU) and other Air Force orientations.

  Courses completed included: Avionics Cyber Vulnerability Assessment, Mitigation, and Protection (ACVAMP), Cyber Training Range, Cybersecurity Throughout DoD Acquisition, Data Markings, Fundamentals of Systems Acquisition Management, Introduction to Trusted Systems and Networks, and Introduction to Systems Engineering.

  Created an ACARS emulator to simulate the connection between a plane’s Very-High-Frequency Data Radio (VDR) and the plane’s Communication Management Unit (CMU) in order to analyze potential security risks. Work utilized the ARINC 429 technical standard.

  Served on a team of three as the Elasticsearch and Kibana software expert. Work included ingesting and analyzing data from emulator operation in order to assess functionality and utilizing data to determine security risks. Information reported from Kibana was essential to developing the emulator and understanding risks and defense solutions.

  Contributed to the creation of a program used to automatically crawl through all menu pages of a plane’s MCDU, while tracking any pages that may require future maintenance. Also supported assessing the security vulnerabilities of the MCDU hardware including labels used to describe an aircraft in hidden menu pages. Simulated button presses on the MCDU, and mapped pages traveled to which involved heavy use of the Python language. Work also utilized knowledge of the ARINC 429 technical standard, Elasticsearch, Kibana, Bitbucket, Linux / Ubuntu and company- exercised programs.

  Worked to update the existing provisioning code used in the process of running WinKIM (comparing a target Windows kernel to the binary code of an existing valid kernel state, in order to identify any malicious underlying operating systems code / malware). Worked with a team of other engineers to analyze new threat mitigation scripts and combine them into the existing five-step measurement code to utilize WinKIM.

  Individually created new provisioning scripts to analyze kernel modules, which involved heavy use of the Python language and GitLab, as well as an understanding of databases as used in PostgreSQL.