We place customers at the heart of everything we do. Customer satisfaction is a key driver for our business we believe that delivering what our customers want is the best way to grow our company. Customers talk to each other and businesses grow more when satisfied customers trust you enough to create an ongoing partnership. We aim to build these partnerships through the way we deal with customers and by living our values every day. With a philosophy built around focus and simplicity, we have established a clear strategy that puts customers at the center of all our activities.
DLA Defense Logistics Agency
For over a decade CyberAssure has demonstrated expertise in performing preventative and analytical information assurance and cybersecurity activities for DoD and civilian information systems of every scale and sensitivity including recently providing support to the DLA Enterprise Certification and Accreditation Branch. This contract enabled CyberAssure to become thoroughly familiar with TFS systems as we conducted an end-to-end assessment of the DAAS and IOE D systems for the first RMF authorization at DLA. The CyberAssure Team supported this contract (SP4701-15-C-0051) with the DLA J64 Enterprise Certification and Accreditation Branch to provide comprehensive information assurance/cybersecurity services. This includes IA Certification and Accreditation (C&A) Services, IA Policy Services, IA Plan of Action and Milestones (POA&M) Services, IA Workforce Management, Federal Information Security Management Act (FISMA) Tracking and Reporting, Enterprise Architecture Support and Compliance Support, and IA Engineering Support. To that end, CyberAssure provided expert support to senior-level leaders as they establish direction, organizational structure with well-defined accountability for decisions that impact on the successful achievement of strategic objectives, and the institutionalization of best practices through organizing activities in processes with clearly defined process outcomes that can be linked to the DLA cybersecurity strategic objectives. DLA and all other DoD organizations are currently undergoing a transition in the manner in which certification and accreditation is performed and CyberAssure has significant experience with the implementation of the Defense Information Assurance Certification and Accreditation Process (DIACAP) as well as the newly adopted Risk Management Framework (RMF). CyberAssure distinguished itself by providing support to the DLA J64 AAA with Cybersecurity/Information Assurance (IA) subject matter expertise in support of various projects and daily tasks. Our team supported the Enterprise Discipline of Certification and Accreditation (C&A) with security log review and expertise for the transition from DIACAP to RMF, as the standard for information system authorization to operate (ATO). A concentrated effort was made to continue the RMF Pilot Assessment and Authorization Effort support, which included developing the strategy for re-alignment of ISSO to J64 Security Integration Operations. This support will assist the Enterprise Development Program Manager (PM) with IA/Cybersecurity Governance and Security Integration within that Program’s development lifecycle. The CyberAssure PM conducted a DCS lecture session for J64 leadership (Brad Lantz and team), the RMF Cyber Leadership Training, which took place on February 5, 2016. Particularly notable was our continued success in maintaining the DSS, VSM, EAGLE, FMD and Privileged User audit log monitoring compliance. The audit log teams’ support is enhancing the standardized approach to audit log monitoring across the DLA enterprise. CyberAssure was busy refining how the anomaly information is extracted from the audit logs. This is due to the CyberAssure Team research efforts to compile a list of event IDs to be used during log reviews. This information will be added to the Quick Reference Guide as a job aide reference tool for the ISSOs to use during audit log monitoring tasks. The event IDs will help the ISSOs search for a broader range of information to capture log anomalies for escalation. This will be of critical use in the optimization of TFS databases as well as securing the systems. CyberAssure is uniquely poised to effectively manage the continuous development and improvement of information assurance/cybersecurity to enhance the overall IA posture of DLA networks (both unclassified and classified), information systems, and applications in accordance with the DLA direction, DoD 8500.01, DoDI 8510.01, RMF, any other applicable policy and procedures, and emerging standards. DoDI 8510.01 defines the DoD requirements for security assessment authorization policy and procedures. In addition, CyberAssure is experienced with implementation of the National Institute of Standards and Technology (NIST) guidance for Federal information systems. Our team will continue to provide DLA Information Assurance (IA)/ Cybersecurity (CS) SMEs that fully meet DoD 8570.01 and any specific IA certification identified by an individual TO PWS. The CyberAssure Team has dedicated personnel to track and manage DoD 8570.01 certification requirements. We developed the first RMF cybersecurity strategy and security plan for a high integrity national security information system widely used by the intelligence community (IC). This includes IA workforce management support in accordance with DoD Directive 8570.1 and the corresponding manual 8570.01-M. The IA workforce consist of personnel with Information System privilege access (admin or root) and/or working IA functions in technical, management, Computer Network Defense Service Provider (CNDSP) and Architect and Engineer positions. IA functions are described in DoDD 8570.01-M. The DoDD 8570.1 establishes baseline technical and management IA skills among personnel performing IA functions across the DoD enterprise and our team has provided support to various DoD entities since this directive was first issued. This experience qualifies CyberAssure with practical knowledge of the DLA Transaction Services mission, the technical specifications of existing TFS databases and applications supported, database anomaly detection, and the ability to give technical support to application developers and stakeholders.
Army PEO EIS PMO for DoD BiometricsOur proven success includes the development of the first RMF System Security Plan and authorization package for a U.S. Army major application supporting the enterprise information system Approval to Operate (ATO). CyberAssure supported the Army PEO EIS PMO for DoD Biometrics (W15QKN-13-C0063) to integrate cybersecurity into the full software development life cycle (SDLC) of the information system that includes the authoritative biometric repository of known and suspected terrorists used by the entire Intelligence Community, both military and civilian. CyberAssure supported PM Biometrics (PM BIO) by providing Cybersecurity/Information Assurance subject matter expertise and support to both of its product divisions PdM JPI and PdM BEC, including the management of several projects and daily Information Assurance tasks. Key focus areas included the transition from DIACAP to DoD RMF and cybersecurity support for the final deployment decision (FDD) for DoD ABIS 1.2. This project included more than information assurance as CyberAssure advised the PM engineers on technical matters to modernize the DoD ABIS system, particularly with respect to Java, RHEL, and JBOSS. These priority projects included the tasks of establishing an Information Assurance Vulnerability Alert (IAVA) mitigation strategy for deployed JPI and BEC assets, developing comprehensive system security plans (SSPs) for DoD ABIS and BAT HH, and consulting PM leadership acquisition strategy and the draft Memorandum of Agreements between PdM BIO and external entities utilizing PM BIO assets. CyberAssure supported the DoD ABIS 1.2 FDD effort and was also involved in the planning for the transition from BAT-A-Base and DoD ABIS 1.0, which both were properly decommissioned with our support. The team supported the objective of PM BIO to deactivate these systems in within the Army Portfolio Management System (APMS) and the US Army Information Assurance Certification and Accreditation Tracking Database (C&A TdB). CyberAssure provided briefing materials, daily updates to leadership, and expert guidance on the many IA/cybersecurity implications of the DoD ABIS Operational Testing for deployment. After completing the C&A re-accreditation of the BAT-A 4.1 unclassified and classified systems, CyberAssure took a pilot role as early adopters in the enterprise-wide transition from DIACAP to Risk Management Framework (RMF) cybersecurity. CyberAssure worked with various stakeholders to develop comprehensive system security plans (SSP) for DoD ABIS and BAT Hand-Held systems. These documents cover all aspects of system engineering, development, and security. CyberAssure worked with other contractors serving as system integrators, including ManTech, Leidos and Northrop Grumman, to improve security engineering and Information Assurance compliance reporting and vulnerability mitigation efforts, ensuring that all program information systems were functional and secure and implementing information security standards and procedures through the certification and accreditation process. CyberAssure continued to refine and adapt the IAVM compliance reporting to meet all government requirements, particularly optimizing the new functional organizational structure. Additionally, our team implemented the local IA workforce management program to ensure compliance as prescribed in Defense Federal Acquisition Register 252.239-7001 Information Assurance Contractor Training and Certification, and in full accordance with DoD 8570.01-M, Information Assurance Workforce Improvement Program. We monitor the compliance status of all IAT and IAM personnel on a continuous basis. CyberAssure ensured IAT Levels I – III, IAM Levels I and II, and anyone with privileged access performing IA functions receive the necessary initial and sustaining IA training and certification(s) to carry out their IA duties.
DISA Defense Information System AgencyCYBERASSURE recently contracted with Defense Information Systems Agency (DISA) to develop and implement the GIG engineers Technical Workforce Development Program that included extensive systems engineering, modeling and simulation, and information assurance. CYBERASSURE am recognized internationally as an expert on the full range of IT disciplines because CYBERASSURE am the rare combination of programmer, data architect, network engineer, systems analyst, and teacher. Because CYBERASSURE have spent a substantial percentage of my career teaching and consulting others CYBERASSURE have had to develop a broader comprehension of the integration of technologies than most IT specialists and my certifications attest to this. CYBERASSURE have CISSP, CEH, MCITP, CIW CI, MCSE, CCNA+V, CompTIA A+, Network+, Security+, PMP, CTT certifications. Also, in the interest of pursuing certain opportunities CYBERASSURE two new degrees to my education focused on the Cybersecurity issues of the 21st century-BS Computer Networking and Security from Maryland University.
Department of Education
From 1994 to 1995, at the Department of Education CYBERASSURE led a modernization program to transition for DOS to Windows involving the upgrade of nearly a thousand users. CYBERASSURE also wrote the training manuals to introduce the Education Department employees to the new office productivity environment. My manual was required reading.
PTO Patent and Trade MarkCYBERASSURE have served as a senior expert conducting vulnerability assessments for a high-risk organization, which included all of the processes noted above. This organization had complex, interrelated networks with links to external or dispersed organizations. Examples include conducting analysis of IT systems to determine current Information Assurance (IA) posture, providing in-depth technical support on analysis and evaluation of security requirements, leading system security Certification and Accreditation (C&A) activities to include threat assessments, vulnerability assessments, security plan development, security assessments, risk analyses, and certification reports, experience with OMB, FISMA and NIST information security policies and procedures or experience implementing continuous monitoring of required security controls.
NavyCYBERASSURE served as an subject matter expert (SME) for the cryptographic key material management command for a executive directed cybersecurity improvement project. CYBERASSURE directed the analysis of processes including applications and data architecture, access control, telecommunications/network engineering and security, information security governance and risk management, security architecture and design, operations security, business continuity and disaster recovery planning, legal, regulations, investigations and compliance, and physical (environmental) security. CYBERASSURE also trained all key IT officers to meet the information assurance certification standards required by the Pentagon.