Within CISA/CSD, I am serving as a Senior Advisor to the Threat Hunting Subdivision and leading several key initiatives that are critical for Threat Hunt, CSD, CISA and DHS’ mission success. For example, leading the effort to update the way that CISA scores the severity of a reported cyber incident (NCISS) and implementation of key aspects of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). Consulting on CISA’s development of Binding Operational Directives (BODs) and Emergency Directives (EDs), particularly as relates the Threat Hunting efforts. Co-leading the effort to improve the Threat Intelligence Platform (TIP) and launching Threat Intelligence as an Enterprise Service (TIES) to ensure that other parts of the federal government will have access to this critical information. I am also contributing on several initiatives within CISA and CSD to ensure that our agency is fully leveraging available and reported cyber data and presenting it in a manner that improves visibility to responders and operators, and other stakeholders and partners, where appropriate.On a daily basis, I am working across Threat Hunting and the Cybersecurity Division to support the mission; TH which serves as CISA’s lead on defensive cyber operations: discovering the presence of advanced or sophisticated cyber threats; leveraging intelligence and vulnerability information from a variety of sources in order to track and understand our nation’s adversaries; and coordinating federal response efforts with federal departments and agencies, state, local, tribal, private sector, academia and international organizations. Support the development of agency policy, advise on the cybersecurity practices and documentation affecting how the organization operates, and coordinating with other parts of the organization to provide complementary capabilities to advance the nation’s cyber defense.

Served as the Senior liaison officer on behalf of CISA and to the National Security Agency’s Cybersecurity Division (NSA/CSD) on range of high-priority cybersecurity matters related to threat information sharing, joint operational efforts, and planning for the protection and defense of critical infrastructure. In this position, leveraging the authorities and technical information of both agencies to prevent, detect and respond to cyber incidents of national importance. Identifying mutually beneficial goals and opportunities, expand operational visibility, and building the capacity in both entities to exchange and take action to reduce national security risk in cyberspace. And, wherever possible bringing in additional interagency partners to ensure a full complement of resources and capabilities are brought to bear on rapidly emerging or persistent issues and obstacles. In this role, working with and through the Department of Homeland Security’s Office of Intelligence and Analysis (DHS/I&A) to coordinate efficient exchange of information and response to cyber threats.

Served as the NIH Chief Information Security Officer from September 2019 - January 2021 and was responsible for advising the Chief Information Officer (CIO) and Deputy CIO on the direction and management of significant NIH cybersecurity program. Led development, implementation, management and oversight for the NIH cybersecurity activities related to cybersecurity legislation. Guided the agency on enhancing and strengthening their information systems, related infrastructure, including the network, data centers, and building security systems, and at NIH, the laboratories and hospital, Clinical Center. Identified and managed high-value asset systems and critical IT systems according to applicable federal requirements – FISMA, Department of Homeland Security (DHS) High-Value Asset specifications, and civilian contingency planning or COOP expectations and processes. Initiated strategic planning and prioritized efforts given a range of identified opportunity and challenges. Then, aligned fifteen federal employees’ performance expectations to achieve those defined strategic initiatives, as approved by the CIO and DCIO. Also, aligned contractor support to achieve these short and long-term strategic initiatives and priorities. Served as the COR for several contracts with an approximate contract budget for this office’s functions typically exceeds $50 million/year. During that time as CISO, I also simultaneously served as the NIH Deputy Chief Information Security Officer (DCISO) and remained the DCISO until May 2022.

Contributed to the formation of and pre-planning efforts prior to the official formation of this biosafety and cybersecurity for NIH labs until the formal group was created in June 2020.Executive oversight performing strategic planning and addressing issues escalated by the broader cybersecurity working group. Working directly and providing input to the co-chairs and ensuring agency-wide support for working group leadership decisions and outcomes. Overseeing the multi-tiered working group that is performing activities such as - ensuring collaboration and coordination of the forum consisting of senior federal staff from each contributing organization. - liaises with the other tiers on issues, concerns and required decisions related to network, device and information system security at the labs - verifies and directs the working group members to capture metrics and reports to stay abreast of BSL cybersecurity and IT operational issues and - ensure that working group members working directly with the devices, network and information systems identify key documents/records necessary to provide consistent oversight of BSL facilities' cybersecurity, and- encourages collaboration and information sharing among organizational contributors.

Served as founder and participated in the pre-planning prior to the official formation of this insider threat and counterintelligence until the formal group was created in October 2020.

Led oversight of cybersecurity audits at NIH, as well as guide internal assessments to evaluate cybersecurity compliance. Identify and manage cybersecurity risks at NIH, including reporting risk through required channels and initiating discussions of emerging risks, clarifying potential impacts and reaching out to key stakeholders to manage impact to the agency and component organizations. Coordinate with Department of Health and Human Services' Office of Chief Information Officer on High Value Assets (HVAs), significant cybersecurity audit outcomes, and relevant performance metrics and strategic goals. Ensure that the agency analyzes and designs corrective action plans that result from of the audits conducted by Department of Homeland Security (DHS), HHS Office of the Inspector General (OIG) and the U.S. Government Accountability Office (GAO) and track to closure. Oversee the cybersecurity assessments conducted for NIH's information systems and the issuance of authorizations to operate (ATOs).

Served as a detailee under the OCIO's Deupty Chief Information Security Officer (CISO) two days a week to support the agency's coordination with the annual financial audit, including the FISMA, FISCAM and SOC1 audits at NIH. Additionally, working HHS and OIG to provide updates and clarification regarding the implementation of identified control deficiencies and related reporting. Preparing and reviewing policy updates and briefing leadership on the progress of the audits, the results and efforts to remediate deficiencies.

Served as the agency-wide coordinator for NIH regarding reports and materials related to Federal Managers’ Financial Integrity Act (FMFIA), led corrective action planning for high-level management challenges and ensured the integrity of the financial system via Federal Financial Management Improvement Act (FFMIA) requirements. Coordinated with delegated representative for the NIH Chief Financial Officer (CFO) for gathering materials and data across the agency and assembling them into reports required by the Office of Management and Budget (OMB) and the Department of Health and Human Services’ Assistant Secretary for Financial Resources (ASFR). Ensured the reliability and accuracy of the materials prepared and provides explanation and justification to senior leadership at NIH and the Department for the agency reports provided. NIH is a role model for this program function as a result of adept management and leadership skills which Amber developed through the NIH Senior Leadership Program, for which she was nominated by SES-level leaders at NIH to participate in. Amber kept NIH senior leaders informed as well as her Departmental colleagues with regard to changes on the horizon at NIH and how those changes may affect future agency reporting. And, Amber is the focal point for her NIH colleagues regarding FMFIA; hosted monthly conference calls with NIH colleagues to ensure they understand the broader context that their materials are being reported. And due to her familiarity with a range of agency-level requirements and management challenges, Amber became involved in several related initiatives at NIH regarding risk management, budget and financial data reliability.

Managed several ongoing reviews initiated by the Government Accountability Office (GAO) and the Department of Health and Human Services’ (HHS) Office of Inspector General (OIG). Reviewed and drafted internal control policies for OMA's Division of Risk Management and Audit Liaison to ensure these policies are in alignment with HHS, NIH, Office of Management and Budget (OMB) and GAO guidance on management practices and audit procedures. Relied heavily upon my strong organizational and time management skills which are crucial to ensuring all projects meet important milestones, as established by audit teams, and ensuring quality of products developed to improve the processes within OMA. Worked closely with the Director of the Division of Risk Management and Audit Liaison to provide input on improving the audit processes, management reviews and policies to assist the Director in her NIH-wide management role. Acted as an advocate for NIH by working with the OIG/GAO to ensure that issues important to NIH are considered in the design methodology, actual review, and subsequent reports. Advised the Director to ensure that actions taken, following a published report, adequately addresses the finding and recommendation and, if not, recommend actions and appropriate measures to remedy the situation. Ensured that appropriate officials are contacted, in a timely manner, to provide follow-up on each of the findings, recommendations, and corrective actions promised. Arranged to hold OIG/GAO entrance and exit conferences and other meetings as necessary, ensuring that NIH provides concise, responsive comments on draft OIG/GAO reports and status reports in response to OIG/GAO final reports.

Serving as a member of the HHS IT MWWG, representing NIH, committed to resolving outstanding material weaknesses identified by the external auditors and listed in the HHS Agency Financial Report, particularly as related to NIH's financial systems.

Serve as the NIH Agency Representative on an HHS team piloting a new approach to collecting information about internal controls and Department-wide risk management, enterprise risk management (ERM). Expected to serve in this capacity until the pilot project results are completed and recommendations are made to the HHS ERM Council, until approximately June 2018. Active and committed member, participating in in-person and teleconference team meetings that are scheduled to occur two to three times a month, totaling about 15 hours per month until project completion.

The Office of the Assistant Secretary for Legislation serves the Secretary as the primary link between the Department of Health and Human Services (HHS) and Congress. The Division on Oversight and Investigations reports to the Assistant Secretary for Legislation and has responsibility for all matters related to Congressional oversight and investigations, including those performed by the Government Accountability Office (GAO), and assists in the legislative agenda and liaison for special projects.

Served as a dedicated, on-site Senior Management Analyst for the client which is an office within the National Institutes of Health (NIH). Coordinate incoming requests for documents, in-person meetings, and teleconferences with NIH’s Institutes and Centers that can respond to their specific requests. Review and draft internal control policies to ensure these policies are in alignment with HHS, NIH, Office of Management and Budget (OMB) and GAO guidance.