Ken M. Email and Phone Number

Governance• Establish and maintain a framework for Security Policies, Standards, and Job Aid management includingo Annual Review Cycle Ensure Governance Documentation are tracked, reviewed and updated regularlyo New document process Verify that new processes have appropriate documentation created in a timely fashion.o Ensure alignment with regulatory requirements and industry standards Identify regulatory changes that will affect IS Governance Documentation and recommend appropriate technical changes to maintain security protection events.o Verify strategic alignment to business goals Review Governance Documentation for possible security gaps, work with applicable teams to close the gaps• Assists with incident response by assessing degree to which controls and Governance Documentation may have contributed to the incident, and modify as needed to prevent future incidents.• Stay current with IT security and compliance industry requirements and technologies.• Provide policy guidance to information technology (IT) management, staff, and users • Participate in Work Review Board (WRB) meetings to identify processes that could have the potential to violate governance and therefore require exceptions• Develop/enhance Governance Metrics (KPI’s, KRI’s), and analyze exception data to determine if modifications to documentation is required.Risk Management• Developing a quantitative Security Risk Assessment program • Initiate post incident risk assessments to identify potential security gaps.

- Supports assigned classified information technology (IT) systems; - Provides security assistance in the stand-up, review, audit, certification and accreditation, and wind-down of classified IT systems; - Leads individual and team self-inspections of assigned IT systems; - Supports external inspections and reviews of various classified and unclassified IT systems and processes; - Assesses, develops and executes pro-active IT security policies in partnership with end-users and system administrators, and Corporate IT department to improve the overall security environment of classified computing; - Designs, develops and implements end-user and information assurance officer security related training; - Leads CIRT processes in response to contamination events on assigned systems; - Researches and analyzes applicable U.S. Government IT security policies and procedures and industry standard IT products, services, and technologies to ensure the company is responsive to internal customer requirements while in compliance with U.S. Government security regulations; - Research and analyze external and internal cybersecurity threats to the company.

Ensure all systems and users comply with Federal information security guidelines, policies and procedures.Examines and performs comprehensive technical analyses of computer-related evidence in MS Windows environments.

Developed and delivered Graduate level course CJ600 – Computer Crime: Legal Issues and Investigative Techniques for the Fall 2007 semester.

Corporate Investigator

COBOL programmerNetwork AdministratorIT Auditor