Gallery Information Technology Security Officer and ISSO
The National Gallery of Art collects, preserves and exhibits a large and varied collection of art works, and works to promote the understanding of art through various research and educational programs.
- Well-rounded IT security professional experienced in various facets of information assurance including Identity Management, Risk and Vulnerability Assessment, Security Assessment and Authorization, 3rd party risk management, Cloud Security, Business Continuity and DR planning, Mobile Security and Mobile Device Management. - Experienced in developing metrics, frameworks and roadmaps for consumption by C-suite, Executives and Board Members. - Supported the development of (including being a named author on) several NIST publications including FIPS 201, SP 800-79-2, SP 800-116, SP 800-166 and SP 800-85B. Extremely familiar with SP 800-18, SP 800-37, SP 800-30, SP 800-53, SP 800-53A and numerous other publications in the area of information security. - Supported the creation and management of the GSA FIPS 201 Evaluation Program (http://fips201ep.cio.gov) . Former "Gatekeeper" for the Approved Products List - known to be used by ~ 40 countries to identify validated products in the areas of PKI, biometrics, smart cards and card management systems. - Experienced in public key infrastructure (PKI), cryptography and their usage within secure applications and solutions. Developed several Certificate Policies (CP) and Certification Practice Statements (CPS) for Government and non-Government PKI Providers. - Skilled in developing security policies, technical guidance, analysis reports, and white papers in the areas of IT security. Specialties: Identity Management, Smart Cards, Biometrics, Risk Management, Certification & Accreditation (C&A), Information Assurance, Vulnerability Management, National Institute of Standards & Technology (NIST) Federal Information Processing Standards (FIPS) and SP-800 Series Guidance, Federal Information Security Management Act (FISMA) , Homeland Security Presidential Directive (HSPD-12), Public Key Infrastructure (PKI), Cryptography, Transportation Worker Identification Credential (TWIC),