I'm the Co-founder and Cybersecurity Lead at Totem.Tech, a minority veteran-owned DoD contractor. I have 15 years of experience securing classified, unclassified, and HIPAA-environment US Government IT systems, having worked with NASA, the Centers for Medicare and Medicaid Services (CMS), and all branches of the Department of Defense. I hold a Master's in Information Assurance from Capitol Technology University, and am an ISACA Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA). My goal is to leverage my experience and education to help small businesses in regulatory environments implement affordable, compliant, risk-based cybersecurity programs.
Haight Bey/H-Bar currently provides cybersecurity and systems integration services for a US Air Force weather information system, as well as several small-business clients in the defense industry. We created the concept of "Cybersecurity Empowerment" for small businesses, and we developed a light-weight GRC tool, Totemâ„¢, to assist with small-business cybersecurity assessments.
During my time in the Aerospace industry, I specialized in security and software integration in UAS and satellite ground control systems. I have expertise in Windows and Linux OS, and a variety of COTS and GOTS software products. I successfully led several multi-million dollar tactical systems through DIACAP/RMF certification and subsequent maintenance activities, having served as both an IASO (ISSO) and as technical lead. I completed my Master's of Science in Information Assurance in Spring 2012, from an NSA-CAE accredited institution.
I am interested in information system risk assessment, assessment and authorization (A&A), and developing risk mitigation strategies, security policies, and vulnerability remediation packages for networked systems, both military and commercial.
Specialties:
--ISACA CISM, CISA
--CompTIA Security+ Certified
--Core Impact Certified Professional (CICP)
--Windows and Linux scripting in a variety of languages to automate vulnerability mitigation
--Windows group policy object construction for securing domain members
--Information System Risk Management
--Information Assurance Certification and Accreditation
