Hema Vyas Email and Phone Number

The KyberNet LLC specializes in consultative services provided by Hema Dixit. After serving 20 plus years the in government and corporate, Hema decided to alter direction. Hema’s expertise lies in Information Technology (IT), including security program management, audit and compliance, project and program oversight, management consulting, and training in support of our partners in Private Industry, Non‐Profit, Healthcare, and State and Federal government.

The principal point of contact for information assurance activities at the IT system level. Responsible for securing National Security Systems or SBU level IT Systems. Ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle. • Ensure compliance with organizational security policies and standards• Provide strategic and tactical security guidance for IT projects, including the evaluation and recommendation of technical controls• Perform technical assessments, testing, and evaluation on information security technology products • Ensure activities are progressing and on target for C&A and related security operations documentation, procedures, and plans• Supporting ongoing ISSO operations for security event analysis and incident response (maintains the SSP, Security CONOPS, ST&E reports, etc.) • Participate in ISSO forums, working groups and trainings • Collaborate with other ISSOs nationwide in support of centralized approach for managing operational security for Field Offices• Initiate protective and corrective measures when a security incident or vulnerability is discovered• Development of Security Documentation such as Policies, Standards and procedures; methodology, templates and plans for Risk Assessments; System Security Plans and IT contingency plans. • Conducting Information System Security (ISS) reviews (Compliance assessments) on Information Systems.  Reviewing and analyzing security authorization package documentation. Performing an audit of the security artifacts (ISSP, CP, RA, POA&M etc.) that are used to determine the Authority to Operate (ATO) for the systems. Reviewing system configurations for compliance with DHS policies and NIST security controls.

Served a project lead for DOL OFCCP managing the Certification & Accreditation for their major application. Some of the tasks include:Responding to Audit findingsPreparing management response for the audit findingsPreparing a strategic approach for achieving and maintaining FISMA complianceDeveloping and/or updating security policy, procedures and guidelines based on NIST and department guidanceUpdating CSAM with current documentationDeveloping Role-base security training plan

Delivered Enterprise Risk Assessment measuring maturity compared to ISO 27002 against the business scope or regulatory/contractual requirements. Executed Vulnerability Assessments using Nessus scanning tools, configuration review of key systems and network design, Information Security Policy and Procedure Development, Security Education. Engaged as Project Lead for security remediation resulting from audit (PCI, HIPAA). Delivered regulatory compliance engagements across GLBA, FFIEC, SOX (CobIT), NIST-800, PCI, and HIPAA environments.Lead Enterprise Information Security Assessments (Assessments include Program, Technology & Posture, and are based on PCI, GLBA, ISO27002, HIPAA, FFIEC, and other industry specific regulations & standards)Led PCI compliance efforts and prepared organizations for PCI certification.Developed custom ITIL (ITSM) aligned IT and business processes including change management, incident management, patch management, etc.Developed impact assessment models and threat profiles to use as part of risk assessment and risk management.Contributed to assessment framework and tool development.Provided liaison function for senior management and business leaders to address business implications of IT and Information Security strategy choices.Developed new products in Policy Assessment and Development, Procedure Development, SAS 70 Gap Analysis-Readiness, Computer Security Incident Response Procedures.Developed Security Awareness and Training material for various clients.Conducted public speaking events and presented security engagement results to executive officers.Managed teams, defined team roles and maximized team results to meet client goals and objectives through innovation, attention to detail, effective delivery and follow-through. Set direction and provided guidance to team on deliverable content.Prepared status reports and conducted client status meetings.

Served as a project lead for Center for Medicare and Medicaid Services (CMS