Charles Sherupski

Mr. Sherupski is a senior systems security specialist with twenty-plus years as a technology leader in Information Assurance. Mr. Sherupski is multi-disciplined in the areas of personnel, physical, technical and industrial security. Mr. Sherupski runs a nationally recognized practice in computer systems security and is widely recognized as a leader in this area.

Professional and
Business Experience

BPM Associate; Practice Lead Security Consulting               2003-present
Leads BPM’s security consulting services practice. Conducts security reviews and manages security vulnerability testing engagements. Examples of recent experience includes a) orchestrating an ICSA security certification and network security vulnerability test for a major department within the CIA, b) managing the security requirements and development program for a security test lab for Booz Allen & Hamilton, c) developing security vulnerability analysis criteria for JP Morgan, d) supporting SAIC in the program management of NetEraser, an advanced security technology for IP-based firewall and VPN configurations, and e) implementing LDAP authentication and authorization systems.

In-Q-Tel, Acting Director Security Technology                       1999-2003 
Responsible for evaluation of new technology security products for a venture capital company specializing in knowledge management and information security. Managed the firm’s commercialization programs relating to security technology. Also conducted security assessment and security infrastructure architecture reviews on behalf of EDS for the Hong Kong government.

CIA Deputy for Information Assurance, CIO                          1998-1999  
Created and led the IC (Intelligence Community) Information Assurance Board for the development of security policies, standards and architectures. Developed the Intelligence Community’s Public Key Architecture for thirteen agencies and the Intelligence organizations of Department of Defense. Led Intelligence Community’s contingency planning, continuity of government and critical infrastructure protection efforts. Provided Information Assurance guidance to Intelligence Community’s Chief Information Officers, Community Management and Central Intelligence Agency Senior Officers.

CIA, Information Assurance Architect                                     1994-1998 
Created CIA’s Information Security Office in CIA’s Center for Security. Led CIA’s Information Security Policy Board for creation of IA policies, standards and architectures. Developed CIA’s first comprehensive Program Plan for Information Security. Successfully steered Information Security budgets and programs through CIA’s Senior Executive Committee.

CIA, Chief, Investigations, Office of Security                         1993-1994 
Managed the workforce for CIA’s personnel and technology security.
Implemented cost saving initiatives to centralize and automate all field support activities for field investigators.

CIA, Deputy, Information Security Group                               1990-1993 
Managed daily operations for CIA’s Information Security Group of 100 Info System Security Officers. Led the creation of CIA-wide network security program. Guided staff in creating manuals, awareness and training courses and publications for system security requirements for government and contractor information systems. Developed first certification program for information security

CIA Chief, Regional Security Office                                       1985-1990  
Directed CIA security activities for a large overseas region. Conducted sensitive investigations, counter-terrorist briefings, and personal security awareness and training for U.S. personnel overseas. Provided advanced security support for visiting U.S. Executive, Congressional and Agency personnel. Managed and supervised a staff of physical, technical, information and polygraph officers. Performed extensive liaison with U.S. Military, State Department and foreign government officers for security, terrorism, and counter intelligence matters.

CIA, Information Systems Security Group                              1978-1985  
Provided guidance and technical information assurance assistance to CIA’s information technical managers. Developed long-term system security certification and accreditation program based on standardized risk assessment methodologies. Led the development of CIA Information Assurance policies, standards and architectures. As Branch manager, supervised a staff of professional information security officers.


BA, Economics, University of Virginia
Harvard Program for Senior Executives

Other Affiliations

 Board of Directors, Sher Associates