The document provides details on Roberta Cohen's experience at The Boeing Company from 2006-2014. It describes 8 projects she led in information assurance and security engineering roles. The projects involved developing security architectures and policies, performing risk assessments, and integrating security into networks, programs and systems for projects involving missile defense, enterprise networks, and more.
William R. A. Ziegler has over 30 years of experience in program management, business development, and opto-mechanical engineering. He is currently a senior program manager at Aurotech Corporation leading an enterprise architecture modernization effort for the FDA. Prior to this role, he has held several program management positions at companies such as Fibertek, The Coddington Group, and Optelecom-NKF where he managed programs for NASA, DOD, and commercial clients.
Michael Doody has over 30 years of experience in information assurance, enterprise architecture, program management, systems engineering, and technical modeling. He has worked for Lockheed Martin and as an independent consultant. Some of his roles included senior program manager, technical lead, and capture manager on various defense projects. He has expertise in areas such as signal processing, command and control, critical infrastructure security, and information operations analysis.
La sicurezza della rete non significa solo impedire o bloccare gli attacchi. Attraverso il virtual patching e l'analisi di contenuti e contesti, un ' Next Generation Intrusion Prevention System' puo' fornire una nuova dimensione di Security Intelligence per proteggere il business
Stefano Di Capua, HP Enterprise Secuirity Presales Manager Southern Europe
In the past few years, cybersecurity has become more intertwined into each step of the automotive development process. In particular, fuzz testing has proven to be a powerful approach to detect unknown vulnerabilities in automotive systems. However, with limited instrumentation, especially on systems such as in-vehicle infotainment (IVI) system and telematics units, there are several types of issues that go undetected, such as memory leaks and cases where the application crashes but restarts quickly. For more information, please visit www.synopsys.com/auto
Why we decided on RSA Security Analytics for network visibilityRecruit Technologies
Yumiko Matsubara presented on why Recruit Technologies chose RSA Security Analytics for network visibility. They were facing challenges with slow investigation speeds and a lack of network context in their previous security tools. A proof of concept found RSA SA provided superior searchability, performance, and cost over other products. RSA SA has since helped accelerate incident response and investigations. While generally satisfied, Recruit Technologies hopes to see improvements in reliability, customization options, and the release of a cloud version of RSA SA.
The document provides an overview of BGA Bilgi Güvenliği A.Ş, a Turkish cybersecurity company that offers strategic security consulting and training. It then outlines BGA's mobile application penetration testing methodology, which involves information gathering, static analysis, dynamic analysis, and examining authentication, authorization, and session management. The methodology describes steps to analyze the mobile app's permissions, network usage, data storage, APIs, libraries, and more to identify potential vulnerabilities.
G.R.NARENDRA has over 7 years of experience in network management, IT project management, and service delivery. He currently works as an Associate Manager at HCL Technologies, where he manages a team that handles network incident calls. Prior to this, he held several roles in network engineering at companies like Hewlett Packard and Aircel Business Solutions, where he was responsible for tasks like troubleshooting connectivity issues, managing network changes, and monitoring networks. He has technical expertise in areas like routing, switching, firewalls, and network protocols.
William R. A. Ziegler has over 30 years of experience in program management, business development, and opto-mechanical engineering. He is currently a senior program manager at Aurotech Corporation leading an enterprise architecture modernization effort for the FDA. Prior to this role, he has held several program management positions at companies such as Fibertek, The Coddington Group, and Optelecom-NKF where he managed programs for NASA, DOD, and commercial clients.
Michael Doody has over 30 years of experience in information assurance, enterprise architecture, program management, systems engineering, and technical modeling. He has worked for Lockheed Martin and as an independent consultant. Some of his roles included senior program manager, technical lead, and capture manager on various defense projects. He has expertise in areas such as signal processing, command and control, critical infrastructure security, and information operations analysis.
La sicurezza della rete non significa solo impedire o bloccare gli attacchi. Attraverso il virtual patching e l'analisi di contenuti e contesti, un ' Next Generation Intrusion Prevention System' puo' fornire una nuova dimensione di Security Intelligence per proteggere il business
Stefano Di Capua, HP Enterprise Secuirity Presales Manager Southern Europe
In the past few years, cybersecurity has become more intertwined into each step of the automotive development process. In particular, fuzz testing has proven to be a powerful approach to detect unknown vulnerabilities in automotive systems. However, with limited instrumentation, especially on systems such as in-vehicle infotainment (IVI) system and telematics units, there are several types of issues that go undetected, such as memory leaks and cases where the application crashes but restarts quickly. For more information, please visit www.synopsys.com/auto
Why we decided on RSA Security Analytics for network visibilityRecruit Technologies
Yumiko Matsubara presented on why Recruit Technologies chose RSA Security Analytics for network visibility. They were facing challenges with slow investigation speeds and a lack of network context in their previous security tools. A proof of concept found RSA SA provided superior searchability, performance, and cost over other products. RSA SA has since helped accelerate incident response and investigations. While generally satisfied, Recruit Technologies hopes to see improvements in reliability, customization options, and the release of a cloud version of RSA SA.
The document provides an overview of BGA Bilgi Güvenliği A.Ş, a Turkish cybersecurity company that offers strategic security consulting and training. It then outlines BGA's mobile application penetration testing methodology, which involves information gathering, static analysis, dynamic analysis, and examining authentication, authorization, and session management. The methodology describes steps to analyze the mobile app's permissions, network usage, data storage, APIs, libraries, and more to identify potential vulnerabilities.
G.R.NARENDRA has over 7 years of experience in network management, IT project management, and service delivery. He currently works as an Associate Manager at HCL Technologies, where he manages a team that handles network incident calls. Prior to this, he held several roles in network engineering at companies like Hewlett Packard and Aircel Business Solutions, where he was responsible for tasks like troubleshooting connectivity issues, managing network changes, and monitoring networks. He has technical expertise in areas like routing, switching, firewalls, and network protocols.
Building a Product Security Practice in a DevOps WorldArun Prabhakar
This document discusses building a product security practice in a DevOps world. It outlines key product security capabilities that enterprises should establish throughout the product lifecycle, including threat modeling, secure coding, software composition analysis, penetration testing, and continuous monitoring. It also discusses the importance of establishing governance around product security through defining roles, processes, and controls for different functions like business, operations, and security. The goal is to integrate software and product lifecycles in a coherent manner so that final products are secure without slowing down development.
CI/CD pipelines help DevOps teams automate and drive scalability of mobile app releases. However, teams still experience friction from all kinds of testing. To speed the flow, organizations are now turning to automated continuous testing (CT) in the pipeline by engaging the test automation and security teams. The latest advancements in functional and performance testing enable organizations to run faster, friction-free pipelines with CI/CD/CT.
Join Perfecto by Perforce Chief Evangelist and author, Eran Kinsbruner, and NowSecure Chief Mobility Officer, Brian Reed, in this webinar. Understand how successful organizations optimize their CI/CD pipelines with automated CT tools for functional and security testing in their build process.
Watch this webinar to learn the following:
- Fundamentals of continuous testing (CT) strategy for CI/CD/CT pipelines.
- How to fit automated security and functional testing together inside a DevOps process.
- Common pitfalls in mobile app security and how to overcome them.
Appendix AOperating ScenarioGPSCDU Project for Wild B.docxlisandrai1k
Appendix A
Operating Scenario
GPS/CDU Project for Wild Blue Yonder Technologies
Wild Blue Yonder Technologies Inc (WYBT) is a general holding company whose line of business is tailored to high-tech holdings. Wild Blue Yonder Technologies various subsidiary companies are maintained as one coordinated business from offices in New York City. The centralization of policy and planning direction at one location has historically produced higher revenues, profit margins, and customer satisfaction. The necessary degree of coordination is enabled by a global, enterprise network that is managed from the New York location.
That network provides secure telecommunications capability with embedded firewall protection, multi-carrier cellular access options and automatic access point database updates for all connection types. It enables access to the enterprise’s applications from any location on an as-needed basis. The network also provides integrated, any distance, seamless connectivity to WBYT’s centralized information resources.
WBYT’s holdings are concentrated in
advanced technology products
and services. Two closely held subsidiaries deal exclusively with the Federal government. The line of business of one, which is based in Gaithersburg, Maryland, is R&D and manufacture for advanced capability components for the F 16 Fighting Falcon and F 18 Super Hornet. The other, based in Jacksonville deals in R&D in target acquisition and fire control systems for Army helicopters. There is also a manufacturing facility in Detroit. That facility builds Leopard tanks for the Canadian Army under license from the German government. Other close holdings in WBYT’s empire include a commercial electronics R&D facility in Corvallis. The Corvallis facility also does contract work for the Idaho National Laboratory. In addition to the closely held corporations, there are loosely held electronics manufacturing, or service holdings in Pittsburgh, Houston, Des Moines, Sioux Falls, Denver and Bozeman. These facilities serve the consumer high-tech industry.
Finally, there are a number of loosely held international corporations in India, Australia and across the Pacific Rim, all concentrated in advanced technology. All computer services for that region are provided over
a public/private VPN
, which is maintained for that area in Singapore. The Singapore data center is actually owned and operated by WBYT, as part of the company’s global VPN. The VPN itself is maintained out of the New York office.
According to WBYT’s charter, the primary business goal of the Company is to utilize the global marketplace to provide high quality technology components at the lowest price possible price.
Wild Blue Yonder Technologies entered the market knowing that the ability to closely monitor its operation and deliver competitive business information quickly was going to be a prerequisite to its success, particularly in the integration and reuse of COTS products. In essence, its entire.
Article in Defense ARJ on DARPA's Command Post of the Future and its successful transition to the Army. 1/1/10
Source: http://www.darpa.mil/Docs/Greene53.pdf
This document discusses democratizing security as the next frontier for DevSecOps adoption in enterprises. It covers evolving delivery practices like Agile, DevOps, and SRE. Democratizing involves making capabilities self-service, granting permission to act with guardrails, and building trust. This includes democratizing infrastructure, software delivery, data, and security by making them technology agnostic, self-service, and including them in the DevSecOps toolchain to improve applications, platforms, processes, and culture. Security chaos engineering and value stream mapping are also discussed as ways to identify vulnerabilities and inefficiencies to continuously improve operational readiness and adoption.
EuroPython 2019: Modern Continuous Delivery for Python DevelopersPeter Bittner
Deployment automation, cloud platforms, containerization, short iterations to develop and release software—we’ve progressed a lot. And finally it’s official: Kubernetes and OpenShift are the established platforms to help us do scaling and zero downtime deployments with just a few hundred lines of YAML. It’s a great time.
Can we finally put all our eggs into one basket? Identify the cloud platform that fits our needs, and jump on it? That could well backfire: Vendor lock-in is the new waterfall, it slows you down. In future you’ll want to jump over to the next better platform, in a matter of minutes. Not months.
This talk is about The Art of Writing deployment pipelines that will survive Kubernetes, OpenShift and the like. It’s for Python developers and Kubernetes enthusiasts of all levels – no domain specific knowledge required, all you need to understand will be explained. You’ll learn how to separate application-specific and deployment-specific configuration details, to maximize your freedom and avoid vendor lock-in.
Come see a demo of a Django project setup that covers everything from local development to automatic scaling, flexible enough to be deployed on any of your favorite container platforms. Take home a working, future-proof setup for your Python applications.
See the original presentation at https://slides.com/bittner/modern-continuous-delivery/
- Brian K. Voorhees has over 15 years of experience leading IT projects in both the public and private sectors, including experience as a project manager for government contracts.
- He has a proven track record of successfully completing projects on time and within budget, including developing and implementing solutions that meet various standards like ISO, NIST, and HIPAA.
- Voorhees has managed teams ranging from 6 to 120 staff and has experience across a variety of technologies, methodologies, and industries.
Heena Arora has over 11 years of experience in software testing. She currently works as a Senior Software Engineer - Testing at Aricent Group, where she is involved in testing projects like Cisco TelePresence Content Server and PGW. Previously, she has tested mobile applications like Cisco Jabber and worked on projects for NBCC and Ansal Housing. She has expertise in test automation, defect management, and agile methodologies.
Development and Third Party Maintenance for the IBM Mainframe (L. De Bruyn)NRB
This presentation describes the process leading to outsourcing and highlights not only the benefits of outsourcing application development & maintenance but also the pitfalls to avoid. It describes how we help our customers to innovate in the mainframe environment thanks to our competence, the tools we use and our experience.
The document outlines the Securprobe project which aims to develop a user-friendly web application for penetration testing. It will be developed by students Usama Ashraf, M Ahsan Arshad, and Aliyan Rehman under the supervision of Malik M Ali. Securprobe will integrate reconnaissance, vulnerability scanning, and manual testing within a single interface and leverage tools from Kali Linux. The project aims to address challenges around complex/disparate tools and make security testing more accessible and affordable.
This document summarizes two innovative approaches to enterprise security architecture: Google's BeyondCorp architecture and the Cloud Security Alliance's Software Defined Perimeters (SDP). BeyondCorp aims to remove network-based attacks by implementing zero-trust network access based on continuous device/user authentication and authorization. SDP uses cryptographic protocols and dynamic firewalls to create on-demand, air-gapped networks between initiating and accepting hosts. The document then discusses how organizations can implement these approaches using existing security tools and outlines steps to develop an enterprise security architecture.
This document provides a summary of Aiman Alhajjah's professional experience and qualifications. It outlines his experience as a Senior Cyber Security Engineer at Raytheon, an Information Technology Specialist in the US Navy and Army, an adjunct faculty member, and an instrument engineer. It also lists his areas of technical proficiency including certifications, platforms, networking, security, connectivity, software, and hardware skills.
Lunch and Learn, Pitfalls and Best Practic, Preses Around Outsourcing Softwar...aztechcouncil
The document discusses outsourcing the design and development of software products. It notes that while outsourcing provides financial benefits from offshore labor, there are also pitfalls to consider such as vendor failure or IP theft. The presentation recommends finding a single, established US-based vendor and treating the outsourced team as part of your internal team to avoid issues. It suggests outsourcing areas like prototyping, maintenance and testing while keeping critical IP development within countries that protect US IP.
Vinoth Babu has over 10 years of experience in IT infrastructure, network security consulting, and solution implementations. He has expertise in areas such as network and systems security, penetration testing, vulnerability management, auditing, and cloud technologies. Currently he works as a Senior Engineer of Corporate Information Security at Tata Communications, where his responsibilities include performing security reviews, vulnerability assessments, web application testing, and security compliance. He has technical proficiencies in platforms, networking, languages, and security tools.
Vinoth Babu has over 10 years of experience in IT infrastructure, network security consulting, and solution implementations. He has expertise in areas such as network and systems security, penetration testing, vulnerability management, auditing, and cloud technologies. Currently he works as a Senior Engineer of Corporate Information Security at Tata Communications, where his responsibilities include performing security reviews, vulnerability assessments, web application testing, and security compliance. He has technical proficiencies in platforms, networking, languages, and security tools.
Vinoth Babu has over 10 years of experience in IT infrastructure, network security consulting, and solution implementations. He has expertise in areas such as network and systems security, penetration testing, vulnerability management, auditing, and cloud technologies. Currently he works as a Senior Engineer of Corporate Information Security at Tata Communications, where his responsibilities include performing security reviews, vulnerability assessments, web application testing, and security compliance. He has technical proficiencies in platforms, networking, languages, and security tools.
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...Perforce
In Part 3, we will look at what the future might hold for embedded programming languages and development tools. And, we will look at the future for software safety and security standards.
Developers Driving DevOps at Scale: 5 Keys to SuccessDevOps.com
As DevOps adoption matures in organizations, DevOps teams are leading the charge for enabling enterprises to scale their DevOps efforts to support increasingly complex application delivery requirements.
Tooling and processes that might have worked for more simple use cases often fail when applied across large-scale software delivery -- needing to support ALL teams, GEOs, point-tools, applications, processes, regulatory requirements, environments, and more.
How do you improve developer productivity and release velocity, without sacrificing governance, security, and org efficiency?
How do you streamline your processes and organizational alignment, without sacrificing flexibility and freedom of choice?
How do you support thousands of developers, applications and pipelines - both legacy and cloud-native - without getting buried in plugins/tools/spaghetti-scripts hell?
Join guest speaker Charles Betz, lead DevOps analyst at Forrester Research, and Loreli Cadapan, Sr. Director Product Management at JFrog, as they share architectural patterns, best practices and proven tips for scaling DevOps in the enterprise.
William H. Linder has over 20 years of experience in IT security risk management, auditing, and compliance using frameworks such as COBIT and COSO. He has worked as an IT security risk manager and auditor for companies such as NBC Universal and Citigroup. Some of his responsibilities have included assessing risks, advising on control requirements, reviewing suppliers for compliance, and testing that controls are operating effectively. He also has experience in areas such as network security, disaster recovery, and application security assessments.
Building a Product Security Practice in a DevOps WorldArun Prabhakar
This document discusses building a product security practice in a DevOps world. It outlines key product security capabilities that enterprises should establish throughout the product lifecycle, including threat modeling, secure coding, software composition analysis, penetration testing, and continuous monitoring. It also discusses the importance of establishing governance around product security through defining roles, processes, and controls for different functions like business, operations, and security. The goal is to integrate software and product lifecycles in a coherent manner so that final products are secure without slowing down development.
CI/CD pipelines help DevOps teams automate and drive scalability of mobile app releases. However, teams still experience friction from all kinds of testing. To speed the flow, organizations are now turning to automated continuous testing (CT) in the pipeline by engaging the test automation and security teams. The latest advancements in functional and performance testing enable organizations to run faster, friction-free pipelines with CI/CD/CT.
Join Perfecto by Perforce Chief Evangelist and author, Eran Kinsbruner, and NowSecure Chief Mobility Officer, Brian Reed, in this webinar. Understand how successful organizations optimize their CI/CD pipelines with automated CT tools for functional and security testing in their build process.
Watch this webinar to learn the following:
- Fundamentals of continuous testing (CT) strategy for CI/CD/CT pipelines.
- How to fit automated security and functional testing together inside a DevOps process.
- Common pitfalls in mobile app security and how to overcome them.
Appendix AOperating ScenarioGPSCDU Project for Wild B.docxlisandrai1k
Appendix A
Operating Scenario
GPS/CDU Project for Wild Blue Yonder Technologies
Wild Blue Yonder Technologies Inc (WYBT) is a general holding company whose line of business is tailored to high-tech holdings. Wild Blue Yonder Technologies various subsidiary companies are maintained as one coordinated business from offices in New York City. The centralization of policy and planning direction at one location has historically produced higher revenues, profit margins, and customer satisfaction. The necessary degree of coordination is enabled by a global, enterprise network that is managed from the New York location.
That network provides secure telecommunications capability with embedded firewall protection, multi-carrier cellular access options and automatic access point database updates for all connection types. It enables access to the enterprise’s applications from any location on an as-needed basis. The network also provides integrated, any distance, seamless connectivity to WBYT’s centralized information resources.
WBYT’s holdings are concentrated in
advanced technology products
and services. Two closely held subsidiaries deal exclusively with the Federal government. The line of business of one, which is based in Gaithersburg, Maryland, is R&D and manufacture for advanced capability components for the F 16 Fighting Falcon and F 18 Super Hornet. The other, based in Jacksonville deals in R&D in target acquisition and fire control systems for Army helicopters. There is also a manufacturing facility in Detroit. That facility builds Leopard tanks for the Canadian Army under license from the German government. Other close holdings in WBYT’s empire include a commercial electronics R&D facility in Corvallis. The Corvallis facility also does contract work for the Idaho National Laboratory. In addition to the closely held corporations, there are loosely held electronics manufacturing, or service holdings in Pittsburgh, Houston, Des Moines, Sioux Falls, Denver and Bozeman. These facilities serve the consumer high-tech industry.
Finally, there are a number of loosely held international corporations in India, Australia and across the Pacific Rim, all concentrated in advanced technology. All computer services for that region are provided over
a public/private VPN
, which is maintained for that area in Singapore. The Singapore data center is actually owned and operated by WBYT, as part of the company’s global VPN. The VPN itself is maintained out of the New York office.
According to WBYT’s charter, the primary business goal of the Company is to utilize the global marketplace to provide high quality technology components at the lowest price possible price.
Wild Blue Yonder Technologies entered the market knowing that the ability to closely monitor its operation and deliver competitive business information quickly was going to be a prerequisite to its success, particularly in the integration and reuse of COTS products. In essence, its entire.
Article in Defense ARJ on DARPA's Command Post of the Future and its successful transition to the Army. 1/1/10
Source: http://www.darpa.mil/Docs/Greene53.pdf
This document discusses democratizing security as the next frontier for DevSecOps adoption in enterprises. It covers evolving delivery practices like Agile, DevOps, and SRE. Democratizing involves making capabilities self-service, granting permission to act with guardrails, and building trust. This includes democratizing infrastructure, software delivery, data, and security by making them technology agnostic, self-service, and including them in the DevSecOps toolchain to improve applications, platforms, processes, and culture. Security chaos engineering and value stream mapping are also discussed as ways to identify vulnerabilities and inefficiencies to continuously improve operational readiness and adoption.
EuroPython 2019: Modern Continuous Delivery for Python DevelopersPeter Bittner
Deployment automation, cloud platforms, containerization, short iterations to develop and release software—we’ve progressed a lot. And finally it’s official: Kubernetes and OpenShift are the established platforms to help us do scaling and zero downtime deployments with just a few hundred lines of YAML. It’s a great time.
Can we finally put all our eggs into one basket? Identify the cloud platform that fits our needs, and jump on it? That could well backfire: Vendor lock-in is the new waterfall, it slows you down. In future you’ll want to jump over to the next better platform, in a matter of minutes. Not months.
This talk is about The Art of Writing deployment pipelines that will survive Kubernetes, OpenShift and the like. It’s for Python developers and Kubernetes enthusiasts of all levels – no domain specific knowledge required, all you need to understand will be explained. You’ll learn how to separate application-specific and deployment-specific configuration details, to maximize your freedom and avoid vendor lock-in.
Come see a demo of a Django project setup that covers everything from local development to automatic scaling, flexible enough to be deployed on any of your favorite container platforms. Take home a working, future-proof setup for your Python applications.
See the original presentation at https://slides.com/bittner/modern-continuous-delivery/
- Brian K. Voorhees has over 15 years of experience leading IT projects in both the public and private sectors, including experience as a project manager for government contracts.
- He has a proven track record of successfully completing projects on time and within budget, including developing and implementing solutions that meet various standards like ISO, NIST, and HIPAA.
- Voorhees has managed teams ranging from 6 to 120 staff and has experience across a variety of technologies, methodologies, and industries.
Heena Arora has over 11 years of experience in software testing. She currently works as a Senior Software Engineer - Testing at Aricent Group, where she is involved in testing projects like Cisco TelePresence Content Server and PGW. Previously, she has tested mobile applications like Cisco Jabber and worked on projects for NBCC and Ansal Housing. She has expertise in test automation, defect management, and agile methodologies.
Development and Third Party Maintenance for the IBM Mainframe (L. De Bruyn)NRB
This presentation describes the process leading to outsourcing and highlights not only the benefits of outsourcing application development & maintenance but also the pitfalls to avoid. It describes how we help our customers to innovate in the mainframe environment thanks to our competence, the tools we use and our experience.
The document outlines the Securprobe project which aims to develop a user-friendly web application for penetration testing. It will be developed by students Usama Ashraf, M Ahsan Arshad, and Aliyan Rehman under the supervision of Malik M Ali. Securprobe will integrate reconnaissance, vulnerability scanning, and manual testing within a single interface and leverage tools from Kali Linux. The project aims to address challenges around complex/disparate tools and make security testing more accessible and affordable.
This document summarizes two innovative approaches to enterprise security architecture: Google's BeyondCorp architecture and the Cloud Security Alliance's Software Defined Perimeters (SDP). BeyondCorp aims to remove network-based attacks by implementing zero-trust network access based on continuous device/user authentication and authorization. SDP uses cryptographic protocols and dynamic firewalls to create on-demand, air-gapped networks between initiating and accepting hosts. The document then discusses how organizations can implement these approaches using existing security tools and outlines steps to develop an enterprise security architecture.
This document provides a summary of Aiman Alhajjah's professional experience and qualifications. It outlines his experience as a Senior Cyber Security Engineer at Raytheon, an Information Technology Specialist in the US Navy and Army, an adjunct faculty member, and an instrument engineer. It also lists his areas of technical proficiency including certifications, platforms, networking, security, connectivity, software, and hardware skills.
Lunch and Learn, Pitfalls and Best Practic, Preses Around Outsourcing Softwar...aztechcouncil
The document discusses outsourcing the design and development of software products. It notes that while outsourcing provides financial benefits from offshore labor, there are also pitfalls to consider such as vendor failure or IP theft. The presentation recommends finding a single, established US-based vendor and treating the outsourced team as part of your internal team to avoid issues. It suggests outsourcing areas like prototyping, maintenance and testing while keeping critical IP development within countries that protect US IP.
Vinoth Babu has over 10 years of experience in IT infrastructure, network security consulting, and solution implementations. He has expertise in areas such as network and systems security, penetration testing, vulnerability management, auditing, and cloud technologies. Currently he works as a Senior Engineer of Corporate Information Security at Tata Communications, where his responsibilities include performing security reviews, vulnerability assessments, web application testing, and security compliance. He has technical proficiencies in platforms, networking, languages, and security tools.
Vinoth Babu has over 10 years of experience in IT infrastructure, network security consulting, and solution implementations. He has expertise in areas such as network and systems security, penetration testing, vulnerability management, auditing, and cloud technologies. Currently he works as a Senior Engineer of Corporate Information Security at Tata Communications, where his responsibilities include performing security reviews, vulnerability assessments, web application testing, and security compliance. He has technical proficiencies in platforms, networking, languages, and security tools.
Vinoth Babu has over 10 years of experience in IT infrastructure, network security consulting, and solution implementations. He has expertise in areas such as network and systems security, penetration testing, vulnerability management, auditing, and cloud technologies. Currently he works as a Senior Engineer of Corporate Information Security at Tata Communications, where his responsibilities include performing security reviews, vulnerability assessments, web application testing, and security compliance. He has technical proficiencies in platforms, networking, languages, and security tools.
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...Perforce
In Part 3, we will look at what the future might hold for embedded programming languages and development tools. And, we will look at the future for software safety and security standards.
Developers Driving DevOps at Scale: 5 Keys to SuccessDevOps.com
As DevOps adoption matures in organizations, DevOps teams are leading the charge for enabling enterprises to scale their DevOps efforts to support increasingly complex application delivery requirements.
Tooling and processes that might have worked for more simple use cases often fail when applied across large-scale software delivery -- needing to support ALL teams, GEOs, point-tools, applications, processes, regulatory requirements, environments, and more.
How do you improve developer productivity and release velocity, without sacrificing governance, security, and org efficiency?
How do you streamline your processes and organizational alignment, without sacrificing flexibility and freedom of choice?
How do you support thousands of developers, applications and pipelines - both legacy and cloud-native - without getting buried in plugins/tools/spaghetti-scripts hell?
Join guest speaker Charles Betz, lead DevOps analyst at Forrester Research, and Loreli Cadapan, Sr. Director Product Management at JFrog, as they share architectural patterns, best practices and proven tips for scaling DevOps in the enterprise.
William H. Linder has over 20 years of experience in IT security risk management, auditing, and compliance using frameworks such as COBIT and COSO. He has worked as an IT security risk manager and auditor for companies such as NBC Universal and Citigroup. Some of his responsibilities have included assessing risks, advising on control requirements, reviewing suppliers for compliance, and testing that controls are operating effectively. He also has experience in areas such as network security, disaster recovery, and application security assessments.
1. Roberta Cohen, CISSPRoberta Cohen, CISSP
Supplemental Experience InformationSupplemental Experience Information
The Boeing CompanyThe Boeing Company
2006-20142006-2014
While at Boeing, she applied the breadth of her experience within theWhile at Boeing, she applied the breadth of her experience within the
information assurance (IA) field by leading certification and risk managementinformation assurance (IA) field by leading certification and risk management
programs (NIST, FISMA, DIACAP, NISPOM), cyber research andprograms (NIST, FISMA, DIACAP, NISPOM), cyber research and
development, strategic planning initiatives, and proposal developmentdevelopment, strategic planning initiatives, and proposal development
activities. Ms. Cohen has earned the position of Technical Lead Engineer byactivities. Ms. Cohen has earned the position of Technical Lead Engineer by
demonstrating her ability to incorporate systems engineering and projectdemonstrating her ability to incorporate systems engineering and project
management practices to effectively plan, execute, and control, cost and riskmanagement practices to effectively plan, execute, and control, cost and risk
within complex, high assurance environments such as: Global Missile Defense -within complex, high assurance environments such as: Global Missile Defense -
Global Communications Network, Joint Tactical Radio Systems, BoeingGlobal Communications Network, Joint Tactical Radio Systems, Boeing
Enterprise Networks, and Future Combat Systems.Enterprise Networks, and Future Combat Systems.
2. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 20142
Roberta Cohen, CISSPRoberta Cohen, CISSP
Positions HeldPositions Held
The Boeing CompanyThe Boeing Company
1.1. Operations & Security LeadOperations & Security Lead
PhantomNet ProgramPhantomNet Program
2.2. Security LeadSecurity Lead
Boeing Global Enterprise LabNet ProgramBoeing Global Enterprise LabNet Program
3.3. Lead Systems Security EngineerLead Systems Security Engineer
Command & Control Enterprise ServicesCommand & Control Enterprise Services
4.4. Project LeadProject Lead
Global Missile Defense Communications Network (GCN)Global Missile Defense Communications Network (GCN)
5.5. Information Assurance LeadInformation Assurance Lead
GCN Long Haul Communications Systems Manager (LSM)GCN Long Haul Communications Systems Manager (LSM)
6.6. Information Assurance Subject Matter ExpertInformation Assurance Subject Matter Expert
GCN Systems Engineering Integration & Test TeamGCN Systems Engineering Integration & Test Team
7.7. Lead IA Subject Matter ExpertLead IA Subject Matter Expert
Boeing Defense Systems, Data Center Design Reference Model ProgramBoeing Defense Systems, Data Center Design Reference Model Program
8.8. DIACAP C&A LeadDIACAP C&A Lead
Joint Tactical Radio Systems, Ground Mobile Radio ProgramJoint Tactical Radio Systems, Ground Mobile Radio Program
3. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 20143
Project 1 of 8Project 1 of 8
Operations & Security LeadOperations & Security Lead
October 2013 to December 2014October 2013 to December 2014
Phantom Works, PhantomNet ProgramPhantom Works, PhantomNet Program
Project DescriptionProject Description
PhantomNet was a diversified, multi-layer environment consisting of differingPhantomNet was a diversified, multi-layer environment consisting of differing
virtual systems representing various permeations of operating systems, andvirtual systems representing various permeations of operating systems, and
application configurations, to which Boeing participants from across theapplication configurations, to which Boeing participants from across the
enterprise could hone cyber security knowledge and capability. Theenterprise could hone cyber security knowledge and capability. The
environment was supported by a team of senior information assurance andenvironment was supported by a team of senior information assurance and
network engineering specialistsnetwork engineering specialists
Position SummaryPosition Summary
Led engineering team in support of network focused security monitoring andLed engineering team in support of network focused security monitoring and
cyber technology research and development program oriented toward increasingcyber technology research and development program oriented toward increasing
the Boeing competitive edge in cyber technologythe Boeing competitive edge in cyber technology
4. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 20144
Project 1 of 8Project 1 of 8
Operations & Security LeadOperations & Security Lead
October 2013 to December 2014October 2013 to December 2014
PhantomNet ProgramPhantomNet Program
MAJOR ACCOMPLISHMENTSMAJOR ACCOMPLISHMENTS
Coordinated and obtained Boeing enterprise IT and Legal approvalsCoordinated and obtained Boeing enterprise IT and Legal approvals
necessary to support unique security attributes of the PhantomNetnecessary to support unique security attributes of the PhantomNet
environment within the Boeing Enterpriseenvironment within the Boeing Enterprise
Created process and functionality to incorporate the ability to capture andCreated process and functionality to incorporate the ability to capture and
measure, knowledge gained within company to increase Boeingmeasure, knowledge gained within company to increase Boeing
competitive edge in cyber technologycompetitive edge in cyber technology
Provided monitoring and oversight of network security systems, siteProvided monitoring and oversight of network security systems, site
installation, and performanceinstallation, and performance
Assisted in the first round virtual environment build-out in support ofAssisted in the first round virtual environment build-out in support of
experimental penetration testingexperimental penetration testing
Mr. Kerry Hu, Sr. ManagerMr. Kerry Hu, Sr. Manager
206.544.0950206.544.0950
5. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 20145
Project 2 of 8Project 2 of 8
Security LeadSecurity Lead
December 2011 to October 2013December 2011 to October 2013
Boeing Enterprise LabNet ProgramBoeing Enterprise LabNet Program
Program DetailsProgram Details
The LabNet network is a specialized network designed to segregate BoeingThe LabNet network is a specialized network designed to segregate Boeing
proprietary research and development, and/or sensitive contract supportproprietary research and development, and/or sensitive contract support
environments which require robust security capability. The network isenvironments which require robust security capability. The network is
leveraged throughout the corporation, and is supported by a specialized seniorleveraged throughout the corporation, and is supported by a specialized senior
group of engineering staffgroup of engineering staff
Position SummaryPosition Summary
Provided comprehensive security oversight in support of the LabNet program,Provided comprehensive security oversight in support of the LabNet program,
to include: security architecture development, security policy and proceduresto include: security architecture development, security policy and procedures
development, network security monitoring and response management, firewalldevelopment, network security monitoring and response management, firewall
configuration management, vulnerability testing, and customer interactionconfiguration management, vulnerability testing, and customer interaction
6. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 20146
Project 2 of 8Project 2 of 8
Security LeadSecurity Lead
December 2011 to October 2013December 2011 to October 2013
Boeing Enterprise LabNet ProgramBoeing Enterprise LabNet Program
MAJOR ACCOMPLISHMENTSMAJOR ACCOMPLISHMENTS
Developed LabNet wireless policy and procedures for integration ofDeveloped LabNet wireless policy and procedures for integration of
proprietary wireless access points throughout Boeing LabNet un-trustedproprietary wireless access points throughout Boeing LabNet un-trusted
and trusted environmentsand trusted environments
Led research and development of proprietary monitoring capability basedLed research and development of proprietary monitoring capability based
upon specific LabNet architecture to assist in the identification of potentialupon specific LabNet architecture to assist in the identification of potential
insider threat behaviorinsider threat behavior
Designed and established cutting edge security operations center, toDesigned and established cutting edge security operations center, to
include tiered network lab environment in support of redundant monitoringinclude tiered network lab environment in support of redundant monitoring
capability for international locations, and operational research andcapability for international locations, and operational research and
development activitiesdevelopment activities
Mr. Kerry Hu, Sr. ManagerMr. Kerry Hu, Sr. Manager
206.544.0950206.544.0950
7. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 20147
Project 3 of 8Project 3 of 8
Lead Systems Security EngineerLead Systems Security Engineer
January 2011 to December 2011January 2011 to December 2011
Boeing Command and Control Enterprise Services (C2ES)Boeing Command and Control Enterprise Services (C2ES)
Program DescriptionProgram Description
C2ES was a research development program in support of defining the utilizationC2ES was a research development program in support of defining the utilization
of cloud technology in combination with Service Oriented Architecture (SOA)of cloud technology in combination with Service Oriented Architecture (SOA)
technologies as a means to provide the customer with a more efficient means oftechnologies as a means to provide the customer with a more efficient means of
processing and storing sensitive dataprocessing and storing sensitive data
Position SummaryPosition Summary
Led multi-faceted programs in the research, development, and integration ofLed multi-faceted programs in the research, development, and integration of
cutting edge information assurance, and risk mitigation technologies withincutting edge information assurance, and risk mitigation technologies within
service oriented, virtual, and multi-level Command and Control environmentsservice oriented, virtual, and multi-level Command and Control environments
8. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 20148
Project 3 of 8Project 3 of 8
Lead Systems Security EngineerLead Systems Security Engineer
January 2011 to December 2011January 2011 to December 2011
Boeing Command and Control Enterprise Services (C2ES)Boeing Command and Control Enterprise Services (C2ES)
MAJOR ACOMPLISHMENTSMAJOR ACOMPLISHMENTS
Conceptualized and initiated the use of Agile process and comprehensive engineeringConceptualized and initiated the use of Agile process and comprehensive engineering
tools to develop a “Just-in-Time Information Technologies Repository” for thetools to develop a “Just-in-Time Information Technologies Repository” for the
development and reuse of system engineered development and design packages,development and reuse of system engineered development and design packages,
significantly, reducing initial design costs and deployment time; thus creating a baselinesignificantly, reducing initial design costs and deployment time; thus creating a baseline
to support open architecture concepts of reuse, and modularityto support open architecture concepts of reuse, and modularity
Associate lead systems engineer for the C2ES Foundry program leveraging virtual cloudAssociate lead systems engineer for the C2ES Foundry program leveraging virtual cloud
computing environments to support One Boeing rapid prototyping deployment, andcomputing environments to support One Boeing rapid prototyping deployment, and
LEAN 10X initiativesLEAN 10X initiatives
Lead Royal Saudi Air Force IA architecture development and product selection forLead Royal Saudi Air Force IA architecture development and product selection for
ROM and proposal activities leveraging internationally recognized business driven riskROM and proposal activities leveraging internationally recognized business driven risk
management methodologies, and ITAR approved technologiesmanagement methodologies, and ITAR approved technologies
Implemented the actualization of comprehensive Agile process planning and initiationImplemented the actualization of comprehensive Agile process planning and initiation
through the development of program roadmaps, project, release, and iteration plansthrough the development of program roadmaps, project, release, and iteration plans
Completed Boeing Agile Software Process training as Scrum Master, and Project OwnerCompleted Boeing Agile Software Process training as Scrum Master, and Project Owner
Responsible for the planning, management, and daily operational activity associatedResponsible for the planning, management, and daily operational activity associated
with classified lab environments, and implementation of multi-level technologies e.g.,with classified lab environments, and implementation of multi-level technologies e.g.,
Data Diode, PAVENet, and eXMeritusData Diode, PAVENet, and eXMeritus
Mr. Roy T. Okuno, Sr. Manager 714.372.6996Mr. Roy T. Okuno, Sr. Manager 714.372.6996
9. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 20149
Project 4 of 8Project 4 of 8
Project LeadProject Lead
January 2011 to December 2011January 2011 to December 2011
Global Missile Defense – Global Communications NetworkGlobal Missile Defense – Global Communications Network
Security Operations Data Sharing InitiativeSecurity Operations Data Sharing Initiative
Project DetailsProject Details
This was a small program consisting of a team of about 15 engineers, tasked withThis was a small program consisting of a team of about 15 engineers, tasked with
the development, test, and deployment of a web interface to data collected fromthe development, test, and deployment of a web interface to data collected from
multiple network management systems, with the goal of providing the GMDmultiple network management systems, with the goal of providing the GMD
customer with a single point of reference to critical datacustomer with a single point of reference to critical data
Position SummaryPosition Summary
Responsible for the design concept, marketing, and development of a webResponsible for the design concept, marketing, and development of a web
services interface to receive, process, and display the Defense Informationservices interface to receive, process, and display the Defense Information
Systems Agency (DISA) Network Management System (DNMS) performanceSystems Agency (DISA) Network Management System (DNMS) performance
data to the GMD Network Operations Center war fighterdata to the GMD Network Operations Center war fighter
10. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 201410
Project 4 of 8Project 4 of 8
Project LeadProject Lead
January 2011 to December 2011January 2011 to December 2011
Global Missile Defense – Global Communications NetworkGlobal Missile Defense – Global Communications Network
Security Operations Data Sharing InitiativeSecurity Operations Data Sharing Initiative
MAJOR ACCOMPLISHMENTSMAJOR ACCOMPLISHMENTS
Created a user-friendly, modular approach for support team roles to easily access,Created a user-friendly, modular approach for support team roles to easily access,
interpret, implement, and document systems engineering tasks, significantly reducinginterpret, implement, and document systems engineering tasks, significantly reducing
overall production time, assuring design linkage to requirements, and enhancing a teamoverall production time, assuring design linkage to requirements, and enhancing a team
atmosphere by encouraging close interactions and timely responseatmosphere by encouraging close interactions and timely response
Developed a strategic phased approach to increase the usability, definition and role ofDeveloped a strategic phased approach to increase the usability, definition and role of
the DNMS within the GMD operational environmentthe DNMS within the GMD operational environment
Created an architecture which addressed and defined lower requirements, and designCreated an architecture which addressed and defined lower requirements, and design
details to assure requirement verification and customer satisfactiondetails to assure requirement verification and customer satisfaction
Leveraged experience with tools such as DOORS, MS SharePoint, and Rhapsody toLeveraged experience with tools such as DOORS, MS SharePoint, and Rhapsody to
establish a new generation of systems engineering methodology for future GCNestablish a new generation of systems engineering methodology for future GCN
programsprograms
Maintained balance and positive interactions within a multifaceted customer baseMaintained balance and positive interactions within a multifaceted customer base
whilst meeting the needs of Global Missile Defense operational objectiveswhilst meeting the needs of Global Missile Defense operational objectives
Mr. Phillip Thomaschima, Manager 314.563.5344Mr. Phillip Thomaschima, Manager 314.563.5344
11. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 201411
Project 6 of 8Project 6 of 8
Program IA LeadProgram IA Lead
August 2009 to December 2011August 2009 to December 2011
Global Missile Defense – Global Communications NetworkGlobal Missile Defense – Global Communications Network
Long Haul Communications Systems Manager (LSM)Long Haul Communications Systems Manager (LSM)
Program DescriptionProgram Description
The GCN LSM was a complex, multi-platform network management systemThe GCN LSM was a complex, multi-platform network management system
developed to meet the stringent security monitoring and response mechanismsdeveloped to meet the stringent security monitoring and response mechanisms
of Ground Missile Defense (GMD) Long Haul Communications Networkof Ground Missile Defense (GMD) Long Haul Communications Network
(GCN)(GCN)
Position SummaryPosition Summary
Led a diverse team of engineers (7) in the application and analysis of detailedLed a diverse team of engineers (7) in the application and analysis of detailed
risk assessments and design recommendations in accordance with evolvingrisk assessments and design recommendations in accordance with evolving
threat data, system design changes, POA&M, existing certificationthreat data, system design changes, POA&M, existing certification
requirements, and DISA Security Technical Implementation Guides (STIGs)requirements, and DISA Security Technical Implementation Guides (STIGs)
12. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 201412
Project 6 of 8Project 6 of 8
Program IA LeadProgram IA Lead
August 2009 to December 2011August 2009 to December 2011
Global Missile Defense – Global Communications NetworkGlobal Missile Defense – Global Communications Network
Long Haul Communications Systems Manager (LSM)Long Haul Communications Systems Manager (LSM)
MAJOR ACCOMPLISHMENTSMAJOR ACCOMPLISHMENTS
Developed a risk-based evaluation and deployment process for the detailedDeveloped a risk-based evaluation and deployment process for the detailed
implementation of DISA STIGs and mitigation activity associated withimplementation of DISA STIGs and mitigation activity associated with
various vulnerability scanning toolsvarious vulnerability scanning tools
Mentored engineering staff as to the use of DoD scanning tools, resultsMentored engineering staff as to the use of DoD scanning tools, results
evaluation, and STIG application within complex systems, resulting in aevaluation, and STIG application within complex systems, resulting in a
comprehensive understanding of IA compliance across teamcomprehensive understanding of IA compliance across team
Articulated detailed representation of LSM IA architecture as applied bothArticulated detailed representation of LSM IA architecture as applied both
internally and externally, as the primary management system for the GMDinternally and externally, as the primary management system for the GMD
LHC to program executivesLHC to program executives
Mr. Phillip Thomaschima, ManagerMr. Phillip Thomaschima, Manager
314.563.5344314.563.5344
13. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 201413
Project 7 of 8Project 7 of 8
IA Subject Matter ExpertIA Subject Matter Expert
March 2008 to August 2009March 2008 to August 2009
Global Missile Defense – Global Communications NetworkGlobal Missile Defense – Global Communications Network
Systems Engineering Integration & Test (SEIT)Systems Engineering Integration & Test (SEIT)
Program DescriptionProgram Description
The role of the GCN SEIT was to oversee the integration of technology,The role of the GCN SEIT was to oversee the integration of technology,
process, and risk mitigation capability within the GMD GCN environmentprocess, and risk mitigation capability within the GMD GCN environment
Position SummaryPosition Summary
Responsible for providing the customer and Integrated Product Teams withResponsible for providing the customer and Integrated Product Teams with
risk-based strategic approaches to addressing evolving threat, systemrisk-based strategic approaches to addressing evolving threat, system
vulnerabilities, and the attainment of certification and accreditation, productvulnerabilities, and the attainment of certification and accreditation, product
evaluations, requirements verification and technical supportevaluations, requirements verification and technical support
14. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 201414
Project 7 of 8Project 7 of 8
IA Subject Matter ExpertIA Subject Matter Expert
March 2008 to August 2009March 2008 to August 2009
Global Missile Defense – Global Communications NetworkGlobal Missile Defense – Global Communications Network
Systems Engineering Integration & Test (SEIT)Systems Engineering Integration & Test (SEIT)
MAJOR ACCOMPLISHMENTSMAJOR ACCOMPLISHMENTS
Developed the GCN Long Haul Communications (LHC) System Manager (LSM) IA architectureDeveloped the GCN Long Haul Communications (LHC) System Manager (LSM) IA architecture
construct and design strategy to include IA capability enhancements and business developmentconstruct and design strategy to include IA capability enhancements and business development
opportunitiesopportunities
Advised SEIT management as to the progress, efficiency, and customer satisfaction related to theAdvised SEIT management as to the progress, efficiency, and customer satisfaction related to the
planning, implementation, and management of the GCN IA programplanning, implementation, and management of the GCN IA program
Lead contractor System Security Engineering (SSE) for the MDA/DISA Transition IA WorkingLead contractor System Security Engineering (SSE) for the MDA/DISA Transition IA Working
Group, responsible for on time development of the IA strategic planning and transitionalGroup, responsible for on time development of the IA strategic planning and transitional
coordination activities in support of both GCN LHC Site Network (LHCSN), and DISA LHCcoordination activities in support of both GCN LHC Site Network (LHCSN), and DISA LHC
Transport DIACAP activitiesTransport DIACAP activities
Developed IA vulnerability management (IAVM) processes to cost effectively evaluate, design,Developed IA vulnerability management (IAVM) processes to cost effectively evaluate, design,
and develop mitigating solutions within complex integrated missile defense systemsand develop mitigating solutions within complex integrated missile defense systems
Conducted marketability study of business potential for Boeing within the health industry basedConducted marketability study of business potential for Boeing within the health industry based
upon the Health Insurance Portability and Accountability Act (HIPAA), Health Informationupon the Health Insurance Portability and Accountability Act (HIPAA), Health Information
Technology for Economic and Clinical Health (HITECH) Act, of 2009. Studied and providedTechnology for Economic and Clinical Health (HITECH) Act, of 2009. Studied and provided
comparative risk data based upon government regulatory environments under FISMA forcomparative risk data based upon government regulatory environments under FISMA for
marketability of information assurance technologies within the health industrymarketability of information assurance technologies within the health industry
Mr. Matthew Harleman, ManagerMr. Matthew Harleman, Manager
714-904-5367714-904-5367
15. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 201415
Project 8 of 8Project 8 of 8
C&A Team LeadC&A Team Lead
September 2006 to September 2009September 2006 to September 2009
Joint Tactical Radio Systems, Ground Mobile RadioJoint Tactical Radio Systems, Ground Mobile Radio
Program DescriptionProgram Description
The Army’s Joint Tactical Radio System, Ground Mobile Radio initiative wasThe Army’s Joint Tactical Radio System, Ground Mobile Radio initiative was
a multi-million dollar contract awarded to Boeing, BAE, and Raytheon. Thea multi-million dollar contract awarded to Boeing, BAE, and Raytheon. The
JTRS GMR leveraged cutting edge software waveform technology to supportJTRS GMR leveraged cutting edge software waveform technology to support
the immediate communications need of the fielded soldier.the immediate communications need of the fielded soldier.
Position SummaryPosition Summary
Lead the planning, design implementation, test, and certification activities inLead the planning, design implementation, test, and certification activities in
support of the JTRS GMR pursuant to the DoD Defense Informationsupport of the JTRS GMR pursuant to the DoD Defense Information
Assurance Certification and Accreditation Process (DIACAP).Assurance Certification and Accreditation Process (DIACAP).
16. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 201416
Project 8 of 8Project 8 of 8
C&A Team LeadC&A Team Lead
September 2006 to September 2009September 2006 to September 2009
Joint Tactical Radio Systems, Ground Mobile RadioJoint Tactical Radio Systems, Ground Mobile Radio
MAJOR ACCOMPLISHMENTSMAJOR ACCOMPLISHMENTS
Advised program management and customer in the roles andAdvised program management and customer in the roles and
responsibilities mandated by the DIACAP resulting in the clarification ofresponsibilities mandated by the DIACAP resulting in the clarification of
contractual boundaries thus reducing Boeing risk.contractual boundaries thus reducing Boeing risk.
Developed the C&A strategy for the JTRS GMR enterprise supportDeveloped the C&A strategy for the JTRS GMR enterprise support
network addressing the use of software waveforms, GMR networknetwork addressing the use of software waveforms, GMR network
management and monitoring, and GMR hardware used to create the virtualmanagement and monitoring, and GMR hardware used to create the virtual
layers of a GMR tactical networking infrastructure.layers of a GMR tactical networking infrastructure.
Supported the GMR Remote System Management design documentation inSupported the GMR Remote System Management design documentation in
accordance with the NSA Uniform INFOSEC Criteria (UIC) specification.accordance with the NSA Uniform INFOSEC Criteria (UIC) specification.
Mr. Vern Slonaker, Co-workerMr. Vern Slonaker, Co-worker
714-743-6937714-743-6937
17. Roberta Cohen, CISSP Supplemental Information The Boeing Company 2006 - 201417
Misc. Program InformationMisc. Program Information
GMDGMD - Boeing is the prime contractor for GMD, the United States' only- Boeing is the prime contractor for GMD, the United States' only
operational defense against long-range ballistic missiles, and holds theoperational defense against long-range ballistic missiles, and holds the
Development and Sustainment Contract for the system. Boeing overseesDevelopment and Sustainment Contract for the system. Boeing oversees
development, testing, deployment, operations and sustainment of the ground-baseddevelopment, testing, deployment, operations and sustainment of the ground-based
system to detect, track and destroy long-range ballistic missiles in their midcoursesystem to detect, track and destroy long-range ballistic missiles in their midcourse
phase of flight.phase of flight.
LabNetLabNet - Phantom Works' Strategic Development & Experimentation organization- Phantom Works' Strategic Development & Experimentation organization
provides the world's premier family-of-systems experimentation capability andprovides the world's premier family-of-systems experimentation capability and
performs customer-focused operator-in-the-loop experimentation. Utilizing live,performs customer-focused operator-in-the-loop experimentation. Utilizing live,
virtual or constructive assets, users assess future capabilities and better understandvirtual or constructive assets, users assess future capabilities and better understand
future defense and security needs. The SD&E organization also provides network-future defense and security needs. The SD&E organization also provides network-
enabling support to the enterprise and customers by coordinating and integratingenabling support to the enterprise and customers by coordinating and integrating
the company's worldwide array of modeling, simulation and analysis resources asthe company's worldwide array of modeling, simulation and analysis resources as
well as their related experimentation activities.well as their related experimentation activities. The Boeing Laboratory NetworkThe Boeing Laboratory Network
(LabNet) connects company labs with government, commercial and civilian labs(LabNet) connects company labs with government, commercial and civilian labs
domestically and internationally.domestically and internationally.