|
Professional and
Business Experience
|
BPM Associate; Practice Lead Security Consulting
2003-present
Leads BPM’s security consulting services practice. Conducts security
reviews and manages security vulnerability testing engagements. Examples of
recent experience includes a) orchestrating an
ICSA security certification and network security vulnerability test for a
major department within the CIA, b) managing the security requirements and
development program for a security test lab for Booz Allen & Hamilton,
c) developing security vulnerability analysis criteria for JP Morgan, d)
supporting SAIC in the program management of NetEraser, an advanced
security technology for IP-based firewall and VPN configurations, and e)
implementing LDAP authentication and authorization systems.
In-Q-Tel, Acting Director Security Technology
1999-2003
Responsible for evaluation of new technology security products for
a venture capital company specializing in knowledge management and
information security. Managed the firm’s commercialization programs
relating to security technology. Also conducted security assessment and
security infrastructure architecture reviews on behalf of EDS for the Hong
Kong government.
CIA Deputy for Information Assurance, CIO
1998-1999
Created and led the IC (Intelligence Community) Information Assurance
Board for the development of security policies, standards and
architectures. Developed the Intelligence Community’s Public Key
Architecture for thirteen agencies and the Intelligence organizations of
Department of Defense. Led Intelligence Community’s contingency
planning, continuity of government and critical infrastructure protection
efforts. Provided Information Assurance guidance to Intelligence Community’s
Chief Information Officers, Community Management and Central Intelligence
Agency Senior Officers.
CIA, Information Assurance Architect
1994-1998
Created CIA’s Information Security Office in CIA’s Center for
Security. Led CIA’s Information Security Policy Board for creation of IA
policies, standards and architectures. Developed CIA’s first
comprehensive Program Plan for Information Security. Successfully steered
Information Security budgets and programs through CIA’s Senior Executive
Committee.
CIA, Chief, Investigations, Office of Security
1993-1994
Managed the workforce for CIA’s personnel and technology security.
Implemented cost saving initiatives to centralize and automate all
field support activities for field investigators.
CIA, Deputy, Information Security Group
1990-1993
Managed daily operations for CIA’s Information Security Group of 100
Info System Security Officers. Led the creation of CIA-wide network
security program. Guided staff in creating manuals, awareness and training
courses and publications for system security requirements for government
and contractor information systems. Developed first certification program
for information security
CIA Chief, Regional Security Office
1985-1990
Directed CIA security activities for a large overseas region. Conducted
sensitive investigations, counter-terrorist briefings, and personal
security awareness and training for U.S. personnel overseas. Provided
advanced security support for visiting U.S. Executive, Congressional and
Agency personnel. Managed and supervised a staff of physical, technical,
information and polygraph officers. Performed extensive liaison with U.S.
Military, State Department and foreign government officers for security,
terrorism, and counter intelligence matters.
CIA, Information Systems Security Group
1978-1985
Provided guidance and technical information assurance assistance to CIA’s
information technical managers. Developed long-term system security
certification and accreditation program based on standardized risk
assessment methodologies. Led the development of CIA Information Assurance
policies, standards and architectures. As Branch manager, supervised a
staff of professional information security officers.
|