I am available for consulting to private and educational organizations, government contractors, and government agencies. Click here for contact information.
Here are examples of consulting activities I have performed over the years.
A law firm requires a technical expert in security technology. This most often occurs in patent cases. I help the attorneys understand the technical issues and develop explanations for the judge or jury. I also draw on my 30 years of experience in computing to locate documents addressing key elements of the dispute.
Security design, analysis, and related trade studies
The client has certain security and program requirements and must determine which alternative best meets those requirements. For example, the designers are using cryptographic mechanisms and need an independent review, or they need to incorporate cross-domain or multilevel features into a new system design. Or, an organization is building a device that requires a third-party security evaluation. I provide the needed analysis, recommendations, or tutorial. I will also draft evaluation documents if needed.
The client has a team that needs to be brought “up to speed” on a particular set of security concepts or technologies. Typically the result is a seminar based on PowerPoint slides, though this is not what I usually do in my undergraduate college classes.
A school, publisher, or other educational concern seeks certification under the NSA’s Information Awareness Courseware Evaluation (IACE) program. Having successfully completed such a certification, as well as having worked on other NSA-related certifications, I can provide help in understanding the process and in developing a submission for certification. If the institution’s existing courses don’t cover all required topics, I can help develop training materials to cover the missing topics.
Defense Related Work
I have extensive experience with multilevel security, cross domain systems, and cryptographic systems designed to US government specifications.
Here are typical outputs of my work:
Reports – I prefer to produce written reports, since it is the clearest way to present the conclusions and supporting data for a complex study.
Presentation Slides (PowerPoint) – When necessary or appropriate, I produce PowerPoint slides. This happens most often when developing training or proposal-related materials.
Document Archive – If the work involves extensive Internet research, I will usually try to save copies of significant source materials. These will be placed on a CD-ROM or DVD-ROM for the customer, if desired.
Workshops and Technical Meetings – Some people can absorb the information from a document, and some from a presentation, but others absorb it best when there’s a give-and-take between writer and reader. Technical meetings give the client’s technical experts a chance to talk over the concepts, evidence, and conclusions. This often gives them the most benefits from the work I have done.
I hold a CISSP: Certified Information System Security Professional.
I hold the companion certifications in Security Architecture and Security Engineering; the latter is the NSA-sponsored certification that reflects familiarity with defense-related information security concerns.
My textbook, Elementary Information Security, has been certified to comply fully with the U.S. government training standard for information security professionals (NSTISSI 4011) established by the Committee on National Security Systems.