Ray comes to Linford & Company after almost 20 years in the defense industry. He spent 6 years on active duty in the U.S. Air Force (USAF) as a Communications and Computer Systems Officer. After separating from the USAF, he worked for 2 years as a Systems Engineer on large scale defense information systems before transitioning into the information security field. For 8 of the following 12 years, Ray worked as the Lead Security Engineer on multiple highly complex programs supporting the acquisition, processing and reporting of satellite data for the Department of Defense. During this time, he managed the security engineering efforts to implement security controls from various control catalogs such as the Director of Central Intelligence Directive (DCID) 6/3 and the National Institute of Standards and Technology (NIST) 800-53. Ray is a CISSP and holds the GSEC and additional security certifications from the SANS Institute. Ray received his Bachelor of Science degree in Biology from the USAF Academy and his Master of Science degree in Telecommunications from Southern Methodist University.
As we discussed in our FedRAMP compliance article, there are two paths to obtain a FedRAMP Authorization to Operate (ATO). The first option is to obtain a FedRAMP ATO from a specific government agency, and the second option is to receive a FedRAMP Provisional Authorization to Operate (P-ATO) from the Joint Authorization Board (JAB). The […]
It is hard to read tech news today without coming across something regarding the cloud – and rightfully so. The cloud (or cloud computing) has become such an integral part of today’s technology world that it is hard to imagine where we would be without it. The ability to provision and promote to operations networks, […]
In the cyber-security industry, the only constant, it seems, is change. The threat landscape is always shifting as cyber criminals seek new ways to exploit individuals, corporations, and nations themselves. One significant shift in the threat landscape is with cryptojacking. While the impact to individuals and organizations is not maleficent like ransomware or theft or […]
Have you been receiving a number of privacy policy updates in your email from services you use? Did you wonder why all of a sudden you were getting these all at the same time? Well, it is all because of the General Data Protection Regulation (GDPR). On May 25th, the GDPR train arrived at the […]
In a previous blog post, I outlined how security procedures fit in your overall information security documentation library and how they provide the “how” when it comes to the consistent implementation of security controls in an organization. This blog post takes you back to the foundation of an organization’s security program – information security policies […]
Last month I wrote about the importance of security policies and provided some basic principles for developing solid security policies.
Whether for an agency assessment or a Joint Authorization Board (JAB) assessment, the FedRAMP System Security Plan (SSP) is the foundational document that supports a FedRAMP assessment. From it, the government agency representatives and the Third Party Assessment Organization (3PAO) are able to get an understanding of how the FedRAMP baseline security controls are implemented […]
The Federal Information Security Management Act (FISMA) was originally released in December 2002 and established the importance of information security principles and practices within the Federal Government, noting that information security was “critical to the economic and national security interests of the United States.
Today’s information environments are always changing, whether through the development of new capabilities, patching systems, responding to new threats and vulnerabilities, or fixing discrepancies within the system. Each change to the system carries with it an inherent security risk. Therefore, that security risk must be evaluated in the context of the security posture of the […]
Since November 2013 with the release of its initial rule on safeguarding covered defense information and cyber incident reporting, the Department of Defense (DOD) has been working to impose additional requirements on defense contractors that process, store, or transmit what is identified as covered defense information. The Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 […]
