Cybersecurity, privacy and identity theft prevention. Strategy, policy, procedure and security audits. GDPR (General Data Protection Regulation), Payment Services Directives 2 (PSD2), Privacy Shield Framework; data privacy, completeness, accuracy and reliability; consent, lawful collection and obligation; data integration, data sharing & communications and data governess; confidentiality, integrity and availability (CIA); lawful data processing & data management; privacy threshold analysis (PTA), personally identifiable information (PII), protected health information (PHI) and data minimization; data protection (by design & default through embedding safeguards in the early phase of the data management life cycle); privacy impact assessment (PIA), data protection impact assessment (DPIA), awareness & training, disciplined execution, dispute resolution, protection of natural person. IT and GDPR compliance. Working on Payment Card Industry Data Security Standard (PCI DSS), cryptocurrency, and blockchain security; ISO 26262 & automotive security; security Operation Center (SOC), Internet of Things (IoT), Web, and cloud security; SOX & FISMA internal & external audit, independent verification & validation (IV&V) and gap analysis, security testing & evaluation (ST&E), plan of action & milestones (POA&M), authorization to operate (ATO), certification & accreditation (C&A), assessment & authorization (A&A), IT risk management, and regulatory compliance. Protecting digital assets & corporate resources. Ensuring confidentiality, integrity, and availability (CIA). Leading projects on agile and secure software development life cycle (SSDLC). Working on pre-sales & post-sales services, revenue & market share enhancement, customer relationship management (CRM), critical infrastructure protection (CIP), and IT business development (BD).

Official liaison with the Casino Control Commission & Division of Gaming Enforcement of State of New Jersey. Member of Management Audit Committee of the company. Ensuring the confidentiality, integrity & availability of the information and information systems in the organization. Safeguarding personally identifiable information & protected health information. Implementation and oversight of IT regulatory compliances in information technology, information assurance, cybersecurity, information privacy, identity theft, security controls, continuous monitoring, PCI DSS, internal & external audits, surveillance, risk management, and CRM. Developed the PCI DSS implementation guidelines; strategies, standards, policies, and procedures on information security & privacy; GDPR & data security; secure application development life cycle; rules of behavior (ROB), privacy threshold analysis, privacy impact assessment, identity and access management, and security documents. Developed initial & refreshers training materials for information security and data privacy; configuration management plan, change management plan including the structure and process of Change Control Board, contingency plan (CP) and details on CP test & exercise, vulnerability scanning and penetration testing, incident response (IR) plan and IR test & drills, continuity of operation plan, disaster recovery plan & business impact assessment, and system security plan. Managed monitoring & inspection to ensure regulatory compliance to the HIPAA, HITECH, Privacy Act, GRPR, etc. in recruitment, training, medical & family leave, player’s database, and the jackpot distribution in Casino Cages. Implemented & ensured risk assessment, multi factor authentication, single sign on, customer interaction, IV&V, gap analysis, security testing & evaluation, plan of action & milestones, assessment & authorization and certification & accreditation of the Trump Taj Mahal Enterprise Information System & Surveillance System.

Teaching undergraduate class on Foundations of Cybersecurity. Taught classes on CISSP, Security+, Network+, MCSE, and enterprise security architecture since 2000. Served as a course chair for 3 years and academically supervised 12 faculty members. Served as the content expert of the online Network+ class. Guided students' projects in cyberspace, cyber threat, cyber weapon, cyber warfare, cyber attack, cybercrime, cybersecurity, privacy, personally identifiable information (PII), privacy impact assessment, cloud security; contingency plan (CP), CP testing, drills; disaster recovery (DR), continuity of operation (COOP); e-Authentication, secure access control, identity and access management (IAM), single-sign-on (SSO), public key infrastructure, digital signature; IPSec, DNS, and DHCP; virtual private networking (VPN), demilitarized zone (DMZ), intrusion detection system (IDS), intrusion prevention system (IPS), penetration testing; vulnerability scanning, analyzing, and reporting; threats and threat agents; trusted networking & communication; security categorization (SC), configuration management (CM), change control management, business impact analysis (BIA); system security plan (SSP); common, hybrid, and system specific security controls; audit, independent verification and validation (IV&V), gap analysis, risk assessment, security testing and evaluation (ST&E), plan of action and milestones (POA&M), certification and accreditation (C&A), continuous monitoring, patch management, hardening, defense-in-depth; cryptography and hashing; confidentiality, integrity, availability (CIA); incident response (IR), digital forensics, legal evidence, chain-of-custody, risk assessment report (RAR), and IT risk management. Evaluated US/International regulations and Acts on IT security & privacy including OMB, GAO, FISMA, SOX, GLBA, HITECH, & HIPAA mandates; ISO 27000 series, FIPS standards; industry best practices; COBIT and NIST-SP-800 guidelines.

Designed secure architecture; managed IT, information security, SOC, NOC, pre-sales, post-sales, secure software development life cycle (SSDLC), cybersecurity, cloud security, GDPR & data security, digital privacy, identity theft prevention, network & wireless security, e-Commerce, e-Governance; FTK, EnCase & TableAU imaging; ProDiscover, digital forensics, e-Discovery, chain-of-custody, penetration testing & ethical hacking, CSAM, internal & external audit, risk management, and regulatory compliance.Developed categorization plans, configuration management plans, system security plans (SSP), continuity of business operation plans, and contingency plans (CP). Conducted CP tests & drills, vulnerability scanning & reporting, identity & access management, privacy impact assessment; awareness & training, independent verification & validation (IV&V), gap analysis, security testing & evaluation (ST&E) plan & execution, plan of action & milestones with CSAM, business impact assessment (BIA), certification & accreditation (C&A), and assessment & authorization (A&A). Served Deutsche Bank from 02/09/2015 to 03/20/2015 as a consultant (Global Program Manager & Risk Controller) in IT risk management, security audit analysis, and regulatory compliance. Intensively worked on the evaluation & implementation of key risk indicators (KRI), effect of existing security & financial laws and regulations, security strategies, security policies & procedures, and industry best practices. Analyzed Securities Exchange Act of 1934, Gramm–Leach–Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), Federal Information System Controls Audit Manual (FISCAM), and Assessing Security & Privacy Controls in Federal Information Systems & Organizations: Building Effective Assessment Plans (NIST-SP-800-53A). Designed, developed, and documented a risk management & mitigation framework with recommendations on information assurance, cybersecurity, privacy, and continuity of business operations (COOP).

Was responsible for designing, developing, operating, and managing a brand new business discipline in the area of national and international consultancy services, healthcare information security, cloud security, information technology, cybersecurity, privacy, information assurance, e-Commerce, and IT risk management including workshops, conferences, incubators, education, training, testing, certification, and gas and petroleum industries in Nigeria. Conducted an independent verification and validation (IV&V), gap analysis, and security compliance testing of personally identifiable information (PII), protected health information (PHI), and completed a privacy impact assessment (PIA) for the Health Exchange Program of Hawaii State and its stake holders (including healthcare providers and insurance companies) using Center for Medicare and Medicaid Services (CMS) guidelines. Completed design, planning, and projection of two state-of-the-art facilities for research/training on investigative, defensive, and offensive cybersecurity.

Was responsible for security policy/procedures/architecture/identity & access management/cybersecurity/privacy/cloud security/e-Commerce/assessment & validation/plan of action & milestones (POA&M)/certification & accreditation (C&A)/continuous monitoring/hardening, patching/and regulatory compliance. Designed, tested, and documented C&A of four DOT/FAA IT systems (Information Security Business Portal, Logical Access and Authorization Control Service, Investment Management Tools, and System Architect) and seven DHS/FLETC systems (Financial Accounting & Budgeting System, Emergency Security Solution, Information Security Architecture, FLETC Collaboration System, Artesia Administrative Network, Internet System, and Environmental Data Integration System). Implemented federal regulations, FISMA, OMB circulars/memorandums; FAA, FLETC, DOT, and DHS orders/guidelines; FIPS standards, NIST guidelines (800-18, 800-30, 800-34, 800-37, 800-39, 800-47, 800-53 R4, 800-53A, 800-60, 800-83, 800-122, 800-137, 800-153, etc.); security requirements traceability matrix (SRTM), and industry best practices. Designed, developed, reviewed, examined, and tested security policies, procedures, system security plan (SSP), IAM plan, configuration management, IT change management process, disaster recovery plan (DRP), business impact analysis (BIA), security categorization, privacy threshold analysis, privacy impact assessment, contingency plan (CP); CP training, testing, and drills; security testing and evaluation (ST&E) plan, ST&E testing, and reporting; security posture, risk assessment, POA&M, security assessment report (SAR), executive summary, certification and authorization memorandums, and continuity of operations. Designed “Cybersecurity, Privacy, and Information Assurance” division for the company. Attended management retreat. Participated in the 5/15 years corporate strategic planning. Wrote technical contents for business development. Helped in customer satisfaction/retention process.

Subject matter expert (SME) in cybersecurity, information assurance; FISMA, FISCAM, and OMB compliances; certification and accreditation (C&A), IT governance, IT risk management framework, FIPS standard and NIST-SP-800 guidelines, cloud security, enterprise cyber security architecture, security program planning, policy, procedure, personally identifiable information (PII), privacy impact assessment, identity theft, data privacy, awareness and training, contingency plan (CP), disaster recovery plan (DRP), continuity of operations (COOP), incident response and exercise, and business impact assessment (BIA); was responsible for cybersecurity, information assurance, C&A program management, business process development, staff training, mentoring, technical guidance, & customer satisfaction. Lead cross functional teams. Facilitated, communicated, and reported activities. Conducted risk assessment, security testing & evaluation (ST&E), management assessment, continuous monitoring, independent verification & validation (IV&V), gap analysis. Developed computer based training on incident response (IR). Developed security categorization, systems security plan (SSP), configuration management plan, security assessment report, executive summary, and plan of action & milestones (POA&M). Was author of CSAM (Cyber Security Assessment and Management) tools for risk assessment and POA&M management; visited FAA facilities in Boston (MA) and Washington DC, and completed C&A and authorization of five systems of ARP & AST line-of-business. Analyzed RFP/RFI, mapped organizational resources to clients’ need, provided technical contents, and developed IT business.

Subject matter expert in C&A, information security, security architecture, and cybersecurity in NESDIS projects. Provided program management; FISMA, FISCAM, and OMB regulatory compliance; technical guidance, & customer satisfaction; guided & conducted FISMA audits, risk assessment, security categorization, vulnerability scanning, system security planning (SSP), privacy, IT contingency planning (CP), disaster recovery planning (DRP), continuity of operation (COOP) planning, contingency exercise, personally identifiable information, privacy impact assessment, access control, IV&V, gap analysis, security testing and evaluation (ST&E), plan of action & milestones (POA&M), certification & accreditation (C&A), and continuous monitoring for critical infrastructures, major application, general support system, and industrial control system (ICS); reviewed policy, procedures, SOP, SOW; was responsible to procure, recruit, train, assign, facilitate, mentor, monitor, deliver, and report on contractual tasks; provided consultancy service in building secure systems by incorporating security during SDLC.

Developed business. Served ATF and OAMFA (DOC) as a lead certification and accreditation (C&A) consultant and subject matter expert (SME) in information assurance, cybersecurity, security architecture, media protection, FISMA audit, and CSAM tools. Contributed in policies, procedures, security categorization, system security plan (SSP), access/audit controls, physical/environmental controls, personally identifiable information (PII), privacy impact assessment (PIA), contingency plan and exercise, disaster recovery plan, continuity of operations (COOP), incident response plan, security testing and evaluation (ST&E), plan of action and milestones (POA&M) management, security assessment report (SAR), certification and accreditation (C&A), awareness and training, independent verification and validation (IV&V), gap analysis, risk based decision (RBD), and continuous monitoring. Conducted IT risk assessment, IT vulnerability and threat analysis, waiver management, IT configuration management, and business impact assessment (BIA). Counseled system owners, designated security officers, and contingency coordinators on security governance, intrusion detection and prevention, e-authentication, secure communication, encryption, digital signatures, patch management, vulnerability scanning, incident reporting, IT forensic, chain-of-custody, and media sanitization. Implemented FISMA, FISCAM, OMB, SOX, GLBA and other regulatory compliance; FIPS standards, NIST-SP-800 guidelines, and industry best practices. Developed and validated service level agreements, memorandums of understanding, standard operating procedures (SOP), and interconnection security agreements (ISA). Analyzed concept of operations, security architectural design, and requirement traceability matrix, Assured separation of duty, least privilege, hardening, and defense-in-depth. Contributed to the architectural working group, change control board (CCB), integrated project team (IPT), and building secure IT systems.

Developed business. Established strategic planning and vision on cybersecurity and information assurance. Implemented FISMA regulatory compliance. Developed information technology policy, procedures, and guidelines. Performed independent verification and validation (IV&V) and gap analysis. Conducted certification and accreditation (C&A) of information system of Federal Law Enforcement Training Center (FLETC). Conducted contingency exercise. Served as the cybersecurity subject matter expert (SME) and information systems risk manager (ISRM).

Served as a subject matter expert (SME) in cyber security and data privacy at OPM and USDA; implemented FISMA, FISCAM, OMB, FIPS, NIST-SP-800, other regulatory compliance, security mandates, standards, guidelines; developed IT security policy, procedures, system security plan (SSP), contingency plan, disaster recovery plan; monitored security control, access control, awareness, training, personally identifiable information (PII); conducted excises, privacy impact assessment, IV&V, gap analysis, risk assessment, change management, business impact analysis, ST&E testing, certification & accreditation (C&A), and POA&M management.

Worked for the Department of Interior (DOI), distributed tasks and ensured quality of deliverables from subcontractors, kept security documents updated, performed risk assessment and gap analysis of governments systems, managed plan of action and milestones (POA&M), coordinated role-based training, developed contingency plan, incident response plan, and C&A guidelines. Contributed in FISMA, SOX, and HIPAA compliance; security plan, risk management, security control matrix, business development, security architecture, and privacy.

Implemented FISMA, FISCAM, OMB, and other information security (IS) regulatory compliances; conducted risk assessment, independent verification and validation (IV&V), and gap analysis of 200+ systems of United States Department of Agriculture (USDA) - evaluated system security plan (SSP), security self-assessment, incident response plan, security testing and evaluation (ST&E) results, plan of action and milestones (POA&M), trusted facility manual (TFM), IT security features user guide (SFUG), contingency plan (CP), systems control compliance matrix, and privacy impact assessment. Conducted an IV&V and gap analysis on the risk assessment documents of the State of Maryland Voting Systems. Conducted C&A of a NIH system. Evaluated and validated SSP, ST&E, action plans, and other C&A deliverables to NIH.

Conducted IT risk assessment. Analyzed privacy documents. Updated privacy impact assessment (PIA), system security categorization document, configuration management (CM) plan, information system security plan (ISSP), and contingency plan (CP). Conducted CP drills. Recommended role based training (RBT). Drafted Standard Operating Procedures (SOP).

Designed curriculum, selected text books, developed teaching and examination materials; taught classes on systems analysis, programming, networking infrastructure, database design, and information technology management; and evaluated skills for undergraduate degree.

Managed development of large scale financial system tools; coordinated with business managers; assessed risks; implemented GLBA & SOX regulations; analyzed, designed, coded, quality/user acceptance tested, integrated, implemented, and maintained; was responsible for budget, industry best practices, staff recruiting, training, awareness, change and configuration management, contingency planning, security, management reporting, and customer satisfaction.

Designed, developed, and coordinated certification curriculum in information systems networking; supervised and taught MCSE (Microsoft Certified System Engineering) classes at multiple centers; conducted examinations; and issued course completion certificates.

Performed risk analysis; initiated, analyzed, designed, programmed, QA tested, validated, integrated, deployed, managed, and maintained twelve database application systems in the Environmental Health and Occupational Safety division; analyzed, designed, developed, and deployed a Students Enrolment, Placement, and Training System for School of School of Social Work; designed and developed a Vaccination Monitoring System for Maryland State Police; was responsible for training, data privacy, database engineering, information assurance, configuration and change management; served as database administrator, Netware/NT Network Administrator.

Developed 3 interactive database application systems for vaccine trial, vaccine testing, and health care projects of Johns Hopkins Hospital, Johns Hopkins Travelers Clinic, and Navajo Vaccine Trial Projects; performed users’ requirements analysis, system design, coding, acceptance testing, integration, deployment, users’ training, and maintenance; developed user’s guide, IT contingency plan; managed vaccine trial databases, and generated management reports.

Designed, developed (SDLC), deployed, and managed 7 database applications for hospitals, diagnostic/research laboratories, and vaccine trial programs; archived hospital and laboratory data and live specimen; was responsible for strategic planning, business development, budget, interdepartmental liaison, business process reengineering, contingency planning, incident handling, emergency preparedness, disaster recovery, COOP, documentation, and reporting; and managed cost recovery, data collection, validation, privacy, integrity, processing, and helpdesk.

Directed IT programs; lead procurement and supply teams; was responsible for corporate vision, strategic planning, policy, standard, guideline, process, audit, liaison, budget, recruiting, training, team building, regulatory affairs, management reporting, & communications. Analyzed, designed, developed, and implemented applications on aviation governance, air traffic management, aircraft inspection, passenger movement, toll collection, HR/payroll management, accounts and assets management, stock control, procurement, supply management, & regulatory compliance; served as the counterpart to ICAO expert and in National Air Transport Committee.

Served as the Chair of the Department of Biology. Designed and developed course curriculum on Botany and Zoology. Scheduled class, delivered classroom lectures, and guided students’ hands-on laboratory exercises. Supervised/conducted semester-ending tests and annual examinations. Evaluated and graded students performance. Managed indoor and outdoor sports. Supervised student dormitories. Served in the Board of Directors and lead drives for fund.

Designed and developed course curriculum on Botany and Zoology. Delivered classroom lectures. Guided students’ hands-on laboratory exercises. Conducted semester-ending tests and annual examinations. Evaluated and graded students performance for class promotions.