Over 25 years of experience in information security, Dave Sweigert has expertise in governance frameworks, regulatory compliance, security architecture, and infrastructure development. He has managed security operations for organizations with over 15,000 stakeholders and conducted audits and assessments to ensure compliance with standards like HIPAA, PCI, and NIST. Some of his projects include assisting a healthcare company with security strategies, supporting PCI and HIPAA compliance for a medical device, and developing assessment tools for a state agency to evaluate HIPAA compliance across 40 departments.
This infocast introduces four professional designations related to IT governance that are the most prevalent and recognized in today’s corporate world. Each of these certifications are discussed with respect to their disciplines of knowledge area and analyze the value created for their employers.
This infocast introduces four professional designations related to IT governance that are the most prevalent and recognized in today’s corporate world. Each of these certifications are discussed with respect to their disciplines of knowledge area and analyze the value created for their employers.
FOR MORE CLASSES VISIT
www.cst610rank.com
CST 610 Project 1 Information Systems and Identity Management CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux) CST 610 Project 3 Assessing Information System Vulnerabilities and Risk CST 610 Project 4 Threat Analysis and Exploitation CST 610 Project
PYA Principal Barry Mathis presented “The IT Analysis Paralysis,” in which attendees:
Received a compressive review of the many IT frameworks that can be used to develop effective internal audit programs.
Learned the differences between commercial, federal, and industry frameworks.
Received tips, tools, and techniques for creating an effective framework based on risk assessment and identified risks.
FOR MORE CLASSES VISIT
www.cst610rank.com
CST 610 Project 1 Information Systems and Identity Management CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux) CST 610 Project 3 Assessing Information System Vulnerabilities and Risk CST 610 Project 4 Threat Analysis and Exploitation CST 610 Project 5 Cryptography CST 610 Project 6 Digital Forensics Analysis
This infocast introduces four professional designations related to IT governance that are the most prevalent and recognized in today’s corporate world. Each of these certifications are discussed with respect to their disciplines of knowledge area and analyze the value created for their employers.
This infocast introduces four professional designations related to IT governance that are the most prevalent and recognized in today’s corporate world. Each of these certifications are discussed with respect to their disciplines of knowledge area and analyze the value created for their employers.
FOR MORE CLASSES VISIT
www.cst610rank.com
CST 610 Project 1 Information Systems and Identity Management CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux) CST 610 Project 3 Assessing Information System Vulnerabilities and Risk CST 610 Project 4 Threat Analysis and Exploitation CST 610 Project
PYA Principal Barry Mathis presented “The IT Analysis Paralysis,” in which attendees:
Received a compressive review of the many IT frameworks that can be used to develop effective internal audit programs.
Learned the differences between commercial, federal, and industry frameworks.
Received tips, tools, and techniques for creating an effective framework based on risk assessment and identified risks.
FOR MORE CLASSES VISIT
www.cst610rank.com
CST 610 Project 1 Information Systems and Identity Management CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux) CST 610 Project 3 Assessing Information System Vulnerabilities and Risk CST 610 Project 4 Threat Analysis and Exploitation CST 610 Project 5 Cryptography CST 610 Project 6 Digital Forensics Analysis
For more course tutorials visit
www.tutorialrank.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CSEC 610 Project 3 Assessing Information System Vulnerabilities and Risk
FOR MORE CLASSES VISIT
www.cst610rank.com
CST 610 Project 1 Information Systems and Identity Management CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux) CST 610 Project 3 Assessing Information System Vulnerabilities and Risk CST 610 Project 4 Threat Analysis and Exploitation CST 610 Project 5 Cryptography CST 610 Project 6 Digital Forensics Analysis
For more classes visit
www.snaptutorial.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CSEC 610 Project 3 Assessing Information System Vulnerabilities and Risk
CSEC 610 Project 4 Threat Analysis and Exploitation
CSEC 610 Project 5 Cryptography
For more course tutorials visit
www.tutorialrank.com
CST 610 Project 1 Information Systems and Identity Management
CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CST 610 Project 3 Assessing Information System Vulnerabilities and Risk
FOR MORE CLASSES VISIT
www.cst610rank.com
CST 610 Project 1 Information Systems and Identity Management
CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CST 610 Project 3 Assessing Information System Vulnerabilities and Risk
CST 610 Project 4 Threat Analysis and Exploitation
CST 610 Project 5 Cryptography
For more classes visit
www.snaptutorial.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CSEC 610 Effective Communication - snaptutorial.comdonaldzs7
For more classes visit
www.snaptutorial.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
For more classes visit
www.snaptutorial.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CSEC 610 Project 3 Assessing Information System Vulnerabilities and Risk
CSEC 610 Project 4 Threat Analysis and Exploitation
For more classes visit
www.snaptutorial.com
CST 610 Project 1 Information Systems and Identity Management
CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CST 610 Project 3 Assessing Information System Vulnerabilities and Risk
CST 610 Project 4 Threat Analysis and Exploitation
CST 610 Effective Communication - snaptutorial.comdonaldzs7
For more classes visit
www.snaptutorial.com
CST 610 Project 1 Information Systems and Identity Management
CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CST 610 Project 3 Assessing Information System Vulnerabilities and Risk
For more classes visit
www.snaptutorial.com
CST 610 Project 1 Information Systems and Identity Management
CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CST 610 Project 3 Assessing Information System Vulnerabilities and Risk
CST 610 Project 4 Threat Analysis and Exploitation
CYB 610 Effective Communication - snaptutorial.comdonaldzs9
For more classes visit
www.snaptutorial.com
CYB 610 Project 1 Information Systems and Identity Management
CYB 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
For more course tutorials visit
www.tutorialrank.com
CYB 610 Project 1 Information Systems and Identity Management
CYB 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CYB 610 Project 3 Assessing Information System Vulnerabilities and Risk
For more classes visit
www.snaptutorial.com
CYB 610 Project 1 Information Systems and Identity Management
CYB 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CYB 610 Project 3 Assessing Information System Vulnerabilities and Risk
CYB 610 Project 4 Threat Analysis and Exploitation
For more course tutorials visit
www.tutorialrank.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CSEC 610 Project 3 Assessing Information System Vulnerabilities and Risk
FOR MORE CLASSES VISIT
www.cst610rank.com
CST 610 Project 1 Information Systems and Identity Management CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux) CST 610 Project 3 Assessing Information System Vulnerabilities and Risk CST 610 Project 4 Threat Analysis and Exploitation CST 610 Project 5 Cryptography CST 610 Project 6 Digital Forensics Analysis
For more classes visit
www.snaptutorial.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CSEC 610 Project 3 Assessing Information System Vulnerabilities and Risk
CSEC 610 Project 4 Threat Analysis and Exploitation
CSEC 610 Project 5 Cryptography
For more course tutorials visit
www.tutorialrank.com
CST 610 Project 1 Information Systems and Identity Management
CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CST 610 Project 3 Assessing Information System Vulnerabilities and Risk
FOR MORE CLASSES VISIT
www.cst610rank.com
CST 610 Project 1 Information Systems and Identity Management
CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CST 610 Project 3 Assessing Information System Vulnerabilities and Risk
CST 610 Project 4 Threat Analysis and Exploitation
CST 610 Project 5 Cryptography
For more classes visit
www.snaptutorial.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CSEC 610 Effective Communication - snaptutorial.comdonaldzs7
For more classes visit
www.snaptutorial.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
For more classes visit
www.snaptutorial.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CSEC 610 Project 3 Assessing Information System Vulnerabilities and Risk
CSEC 610 Project 4 Threat Analysis and Exploitation
For more classes visit
www.snaptutorial.com
CST 610 Project 1 Information Systems and Identity Management
CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CST 610 Project 3 Assessing Information System Vulnerabilities and Risk
CST 610 Project 4 Threat Analysis and Exploitation
CST 610 Effective Communication - snaptutorial.comdonaldzs7
For more classes visit
www.snaptutorial.com
CST 610 Project 1 Information Systems and Identity Management
CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CST 610 Project 3 Assessing Information System Vulnerabilities and Risk
For more classes visit
www.snaptutorial.com
CST 610 Project 1 Information Systems and Identity Management
CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CST 610 Project 3 Assessing Information System Vulnerabilities and Risk
CST 610 Project 4 Threat Analysis and Exploitation
CYB 610 Effective Communication - snaptutorial.comdonaldzs9
For more classes visit
www.snaptutorial.com
CYB 610 Project 1 Information Systems and Identity Management
CYB 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
For more course tutorials visit
www.tutorialrank.com
CYB 610 Project 1 Information Systems and Identity Management
CYB 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CYB 610 Project 3 Assessing Information System Vulnerabilities and Risk
For more classes visit
www.snaptutorial.com
CYB 610 Project 1 Information Systems and Identity Management
CYB 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CYB 610 Project 3 Assessing Information System Vulnerabilities and Risk
CYB 610 Project 4 Threat Analysis and Exploitation
Many ways to support street children.pptxSERUDS INDIA
By raising awareness, providing support, advocating for change, and offering assistance to children in need, individuals can play a crucial role in improving the lives of street children and helping them realize their full potential
Donate Us
https://serudsindia.org/how-individuals-can-support-street-children-in-india/
#donatefororphan, #donateforhomelesschildren, #childeducation, #ngochildeducation, #donateforeducation, #donationforchildeducation, #sponsorforpoorchild, #sponsororphanage #sponsororphanchild, #donation, #education, #charity, #educationforchild, #seruds, #kurnool, #joyhome
Presentation by Jared Jageler, David Adler, Noelia Duchovny, and Evan Herrnstadt, analysts in CBO’s Microeconomic Studies and Health Analysis Divisions, at the Association of Environmental and Resource Economists Summer Conference.
Russian anarchist and anti-war movement in the third year of full-scale warAntti Rautiainen
Anarchist group ANA Regensburg hosted my online-presentation on 16th of May 2024, in which I discussed tactics of anti-war activism in Russia, and reasons why the anti-war movement has not been able to make an impact to change the course of events yet. Cases of anarchists repressed for anti-war activities are presented, as well as strategies of support for political prisoners, and modest successes in supporting their struggles.
Thumbnail picture is by MediaZona, you may read their report on anti-war arson attacks in Russia here: https://en.zona.media/article/2022/10/13/burn-map
Links:
Autonomous Action
http://Avtonom.org
Anarchist Black Cross Moscow
http://Avtonom.org/abc
Solidarity Zone
https://t.me/solidarity_zone
Memorial
https://memopzk.org/, https://t.me/pzk_memorial
OVD-Info
https://en.ovdinfo.org/antiwar-ovd-info-guide
RosUznik
https://rosuznik.org/
Uznik Online
http://uznikonline.tilda.ws/
Russian Reader
https://therussianreader.com/
ABC Irkutsk
https://abc38.noblogs.org/
Send mail to prisoners from abroad:
http://Prisonmail.online
YouTube: https://youtu.be/c5nSOdU48O8
Spotify: https://podcasters.spotify.com/pod/show/libertarianlifecoach/episodes/Russian-anarchist-and-anti-war-movement-in-the-third-year-of-full-scale-war-e2k8ai4
Understanding the Challenges of Street ChildrenSERUDS INDIA
By raising awareness, providing support, advocating for change, and offering assistance to children in need, individuals can play a crucial role in improving the lives of street children and helping them realize their full potential
Donate Us
https://serudsindia.org/how-individuals-can-support-street-children-in-india/
#donatefororphan, #donateforhomelesschildren, #childeducation, #ngochildeducation, #donateforeducation, #donationforchildeducation, #sponsorforpoorchild, #sponsororphanage #sponsororphanchild, #donation, #education, #charity, #educationforchild, #seruds, #kurnool, #joyhome
ZGB - The Role of Generative AI in Government transformation.pdfSaeed Al Dhaheri
This keynote was presented during the the 7th edition of the UAE Hackathon 2024. It highlights the role of AI and Generative AI in addressing government transformation to achieve zero government bureaucracy
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
2. INDEX
Contents
SUMMARY.......................................................................................................................................3
PARTIAL LIST OF INDUSTRY CERTIFICATIONS..........................................................................4
AREAS OF EXPERTISE....................................................................................................................4
EDUCATION & PARTIAL LISTING OF TRAINING.........................................................................4
PARTIAL LIST OF ARTICLES & PUBLICATIONS..........................................................................5
PARTIAL LIST OF RECENT PROJECTS..........................................................................................6
3. SUMMARY
Over twenty-five (25) years of experience in issues related to information security, governance, regulatory
oversight, project management and other areas in infrastructure development and operation. This includes
baseline design, implementation and operation of critical infrastructure (server hardening, security
appliances, monitoring, malware protection, etc.), sensitive classified systems, and regulated environments,
etc.
Private sector. Provide technical leadership and oversight in areas related to digital key management and
key issuance for Public Key Infrastructure (PKI) (Lawrence Livermore National Lab (LLN)); use of digital
certificates to authenticate high-value transactions with electronic signatures (EuroSignCard); developing
security architecture for multi-user web-based portals used in the auto financing industry (see Route One,
Chrysler, General Motors and Ford combined portals); provide assessment for healthcare entities (Kaiser-
Permanente) to comply with $800 Million grant funds under the HiTECH-ARRA program, perform,
analyze and certify audit results for federal government auditors; certify assessments for Payment Card
Industry (PCI) compliance of 800 server node network (J2 Global) processing more than $300 million in
subscriber fees authorized by Master Card/VISA/Discover to include infrastructure security,
administrative/operational and technical controls, intrusion monitoring, etc.; consultant to MERCK, LTD
to prototype a document authentication system relying on digital signatures to authenticate New Drug
Applications (NDAs) submitted to the food and drug administration.
Public sector. Served as cryptological technician to perform field-level and depot-level maintenance of
crypto equipment used to secure voice communications for the U.S. Air Force (assigned to A.F.
Cryptological Support Center (AFCSC)); designed secure electronic messaging system relying on the
CCITT (now International Telecommunications Union) X.400 standard to transport crypto keys to active
duty military forces over a SECRET-HIGH network on behalf of AFCSC (while consulting to Group
Technologies, Inc.); managed the commercialization of the U.S. National Security Agency’s (NSA)
Certificate Authority Workstation (CAW) (on behalf of General Dynamics); provided overall design of
directory schema and replication of CCITT (ITU) X.500 servers for the Kennedy Space Center (NASA)
prototype of a secure X.400 e-mail system for use by 15,000 NASA associates; designed, implemented and
operated a work flow system for the U.S. Special Operations Command (USSOCOM) consisting of 15
UNIX servers and 400 secure (classified) workstations to enable SECRET classified support traffic during
DESERT SHIELD and DESERT STORM; represented interests of the NSA National Information
Assurance Partnership (NIAP) at joint federal working committees developing the information security
administrative implementing regulations for the Health Insurance Portability and Accountability Act
(HIPAA) of 1996; served as the Statewide Information Security Policy Officer for the State of Ohio to
develop information security policies that had a direct impact on sixty (60) agencies serving a population
of 15 million citizens; consulted to the California Office of Health Information Integrity (CalOHII) to
develop a 251 question assessment matrix to appraise the HIPAA compliance for forty (40) state agencies
serving a population of 35 million citizens.
4. PARTIAL LIST OF INDUSTRY CERTIFICATIONS
Certified Ethical Hacker (CEH)
Payment Card Industry Professional (PCIP)
California Emergency Management Specialist (CEMS)
Certified Information Systems Auditor (CISA)
Certified Information Systems Security Professional (CISSP)
Health Care Information Security and Privacy Practitioner (HCISPP)
Project Management Professional (PMP)
CompTIA Security+ (SEC+)
AREAS OF EXPERTISE
Governance and compliance frameworks to reduce risk (HIPAA, PCI, FISMA, COBIT)
Regulatory certifications and audits to demonstrate compliance with frameworks
Developing administrative/operational/technical controls pursuant to Sarbanes-Oxley Act
HIPAA Privacy and Security Rule risk assessments, corrective action plans, etc.
PCI Data Security Standard (DSS) Reports of Compliance (RoC) for external auditors
PCI DSS enterprise vulnerability assessments, infrastructure scanning, risk prioritization
Business Continuity Planning Incident Command System (ICS) response, recovery, etc.
Continuity of Operations Planning (COOP) for business continued operations
Technical security: server hardening, administration, network weaknesses, etc.
Security management of the enterprise (ISO 27001)
Deployment of Certification Authorities with Public Key Infrastructure (PKI)
SAS-70 Type I and II and SSAE Type I and II reports and attestations of security controls
Policy, procedures and standards development to demonstrate compliance
Anti-phishing, anti-key-loggers, prevention of financial crimes directed at comptrollers
EDUCATION & PARTIAL LISTING OF TRAINING
51 hours technology, server, security courses, Las Positas College, 2012-2014
Incident Command System Instructor, Federal Emergency Management Agency, 2013
Incident Management Team certified, Federal Emergency Management Agency, 2013
Professional Development Series (PDC), Federal Emergency Management Agency, 2012
Masters of Science-Information Security, Capella University, 2004
Masters-Project Management, Florida Institute of Technology, 1992
Bachelor of Business Administration, Texas A&M University, 1985
Associate of Applied Science, State University of New York, 1983
5. PARTIAL LIST OF ARTICLES & PUBLICATIONS
Ethical Hacker: Field Operations Guide, 10/2015, ISBN: 978-1517763091, 360 pages
Surviving a HIPAA Audit: Jump Start Guide, 1/2015, ASIN: B00SOXZ5U0, 200 pages
Publicly available white papers by Dave Sweigert on SLIDESHARE.NET
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801
(“CADRA”), 8/15, 280 SlideShare.NET views
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter, 11/14, 1461
SlideShare.NET views
What every CEO needs to know about California's new data breach law, 10/14, 646
SlideShare.NET views
Is 2014 the year for Cyber Militias?, 1/14, SlideShare.NET 641 views
Are NIST standards clouding the implementation of HIPAA security risk assessments?
9/13, 546 views
Preparing for the Cyber Pearl Harbor with increased situational awareness, 9/13, 664
SlideShare.NET views
Introduction of project risk in an information assurance environment, 7/23, 1068
SlideShare.NET views
Building on incident management metrics to support Executive Order
13636, 7/23, SlideShare.NET 568 views
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity
Framework, 7/13, 489 SlideShare.NET views
Integration of cyber security incident response with IMS -- an approach for E.O. 13636,
6/23, 600 SlideShare.NET views
Cybersecurity Framework for Executive Order 13636 -- Incident Command System,
6/2013, 675 SlideShare.NET views
6. PARTIAL LIST OF RECENT PROJECTS
9/15 to present. Fortune 100 health care insurance company. Senior Information
Technology (I.T.) Security Strategist. Assist senior I.T. security staff with direction
and guidance to manage security operations impacting more than 15,000
stakeholders. Review enterprise vulnerability assessments to plan PCI/HIPAA/NIST
remediation efforts.
6/15 to 9/15. The MSA Card, LLC. Support PCI and HIPAA compliance efforts for
pre-market self-administration tool. Act as Internal Security Assessor to manage
dialogue with the Payment Card Industry (PCI). Collect operational and design
evidence to demonstrate compliance of MSA Card product for external auditors.
12/14 to 6/15. California Office of Health Information Integrity. Provide expert
guidance and consultant to the office with administrative responsibility for the
implementation of the HIPAA Privacy and Security Rules at a statewide level.
Conduct audit of CalPERS, state employee retirement fund, for HIPAA compliance.
Prepare audit report package. Develop HIPAA assessment tools to ascertain “audit
readiness” of over forty (40) state agencies.
3/14 to 12/14. Privately owned Pharmacy Benefit Management organization.
Manage the implementation of security administrative, operational and technical
controls for 150 employees that managed over three (3) million health records.
Work with I.T. technical staff to develop controls that would produce artifacts to
support the demonstration of compliance with HIPAA and PCI DSS.
9/12 to 3/14. Sabbatical at Los Positas College. Completed 51 hours of technical
training courses to refresh skills, knowledge and experience in the field of ethical
hacking, or white hat hacking. Coursework included penetration studies,
vulnerability scanning, preparation of technical audit material (for PCI type reports),
server administration, network protocol operation, etc.
9/12 to 3/14. Sabbatical with the Urban Area Security Initiative (UASI) for the Bay
Area. Funded by the U.S. Department of Homeland Security, UASI provides a wide
spectrum of counter-terrorism, disaster preparation, emergency operations
management, medical emergency coordination, etc. Obtain 1,000 of leadership
training in simulation and modeling workshops to include certifications as: Type 3
Incident Management Team qualified (FEMA), California Emergency Management
Specialist (Cal. Office of Emergency Services, Office of the Governor).
3/11 to 9/12. Kaiser-Permanente. Led audit team to evaluate HIPAA compliance
for three (3) regional data centers. Leverage PCI audit results and conduct new
assessment activities to collect artifacts that demonstrate compliance with the risk
assessment requirements promulgated by the HITECH-ARRA award of $800
million to the organization. Mange assessment team of 4-5 auditors that identified
880 issues requiring remediation. Manage the corrective action plan (CAP)
management for these findings.