Elvis Moreland – The Problem with Government IT Security

Bio

Mr. Moreland is a proven, innovative and adaptable Sr. IT Manager and Architect specializing in Enterprise Security Program Design, IT Governance, Risk Management, Audit, Compliance & Operations Programs using NSA IA CMM, ISO 20000, ISO 27001/2, 12207, ITIL, NIST, CERT/CC, IATF & IEEE standards in engineering efficient and cost saving IT policy, programs, process, CSIRTs, Network Ops and Security Centers (NOSCs). I have a broad business, management, operations and technical background in public and commercial sectors with over 20 years in aerospace and defense, including 4 years with the Department of Defense (U.S. Transportation Command) J6 – Global Command, Control, Communications, and Computer Systems (C4S) Coordination Center (GCCC) and J2. I previously developed a security oriented architectural process and a capability maturity model for Security Operations Centers (SOC-CMM) that combines an compliancy measurement with an assessment framework that can be used to meet regulatory requirements, cut costs and improve the Information Security (INFOSEC) operational capabilities of an existing NOSC or assist with the design, implementation and management of an emerging SOC or CSIRT. I also have in-depth experience in developing System Security Plans (SSP), Process, Procedures, Enterprise Security Architecture, and managing security Plan of Action & Milestones (POA&M).

Specialties: ISO 20000, 27001/2, 12207, ITIL, NIST, FIPS, OMB, Governance, Risk Management Frameworks, Audit & Compliance, DIACAP, FISMA, HSPD-7, Information Assurance Technical Framework (IATF), and the Information Systems Security Engineering (ISSE) Process based on ISO/IEC and IEEE standards of IT industry best practices.

Abstract

The problem with federal government IT Security is rooted in three areas: People, Process and Technology.