Functional Skills
Compliance and risk
Cybersecurity
Data Governance
Information Security Management
Risk Management
Certifications
CISACertified Information Systems Auditor
CISSPCertified Information Systems Security Professional
Sector Experience
Technology
Languages
English
Experience
ENYAW Security Group, LLC
Information Technology
Cybersecurity Risk Management Consultant
4/2000 - Present
U.S. DoD & Civilian Agencies (Selected Engagements):
• Office of Naval Research: Drove successful RMF authorization submissions for 6+ core operational and numerous RDT&E systems; conducted comprehensive compliance assessments against DoD/Navy, NIST, FISMA, and FedRAMP.
• U.S. General Services Administration (GSA): Led risk analysis and authorization assessments for GSA systems in FedRAMP, AWS, and GovCloud, ensuring robust cloud security and compliance.
• U.S. House Of Representatives / Office of the CAO: Completed critical risk analysis and authorization assessments, ensuring FISMA and FISCAM compliance for key IT systems.
Private Sector (Healthcare):
• Emergent BioSolutions, MacroGenics, VenatoRx: Delivered critical healthcare system security and risk management, performing risk identification and assessments aligned with NIST, HIPAA, HITECH, and ISO. Developed monitoring practices to ensure the confidentiality, integrity, and availability of sensitive health and research information.
Private Sector (Financial):
• Navy Federal Credit Union: Conducted comprehensive risk analysis in accordance with NIST, SOC 1&2, SIG, SSAE, and ISO requirements, advising on security architecture and ensuring compliance.
Private Sector (General):
• Abt Associates: Completed NIST Assessment and Authorization (A&A) of systems, assessing compliance with Abt, NIST, FISMA, FedRAMP, and ISO, and conducting risk analysis for production and development environments.
• Office of Naval Research: Drove successful RMF authorization submissions for 6+ core operational and numerous RDT&E systems; conducted comprehensive compliance assessments against DoD/Navy, NIST, FISMA, and FedRAMP.
• U.S. General Services Administration (GSA): Led risk analysis and authorization assessments for GSA systems in FedRAMP, AWS, and GovCloud, ensuring robust cloud security and compliance.
• U.S. House Of Representatives / Office of the CAO: Completed critical risk analysis and authorization assessments, ensuring FISMA and FISCAM compliance for key IT systems.
Private Sector (Healthcare):
• Emergent BioSolutions, MacroGenics, VenatoRx: Delivered critical healthcare system security and risk management, performing risk identification and assessments aligned with NIST, HIPAA, HITECH, and ISO. Developed monitoring practices to ensure the confidentiality, integrity, and availability of sensitive health and research information.
Private Sector (Financial):
• Navy Federal Credit Union: Conducted comprehensive risk analysis in accordance with NIST, SOC 1&2, SIG, SSAE, and ISO requirements, advising on security architecture and ensuring compliance.
Private Sector (General):
• Abt Associates: Completed NIST Assessment and Authorization (A&A) of systems, assessing compliance with Abt, NIST, FISMA, FedRAMP, and ISO, and conducting risk analysis for production and development environments.