UEI
DYN4RGH9D893
Senior, framework-driven security work for federal, healthcare, manufacturing, and professional services clients. Florida-based with established service presence in the Northeast and tri-state region.
NIST SP 800-30 methodology, asset and threat modeling, control evaluation, formal risk register and remediation roadmap.
Self-assessment against the 110 controls, System Security Plan (SSP) and POA&M development, SPRS scoring support for defense contractors.
Gap assessment, evidence collection, FCI scoping, and self-attestation preparation aligned with current CMMC program guidance.
Authoring and modernization of policies, standards, and procedures aligned to NIST CSF, HIPAA, CJIS, and customer-specific frameworks.
Custom scenario design, executive and technical facilitation, and after-action reporting tied to NIST SP 800-61 lifecycle.
Questionnaire design, risk scoring frameworks, and program documentation for organizations standing up TPRM functions.
Authenticated and unauthenticated scanning of external attack surface, validation of findings, and prioritized remediation reporting.
Curriculum design, simulated phishing campaigns, metrics dashboards, and program governance.
Recurring security advisory engagements supporting leadership, board, and audit committees on strategy, governance, and risk.
■ Engagements are led by senior subject matter experts (SMEs) with direct project lifecycle involvement.
■ Deep cross-sector experience spanning healthcare, manufacturing, professional services, and small business environments.
■ Established network of specialized subcontractors and delivery partners available to scale engagement teams to scope.
■ Low-overhead, high-impact delivery — agile engagement model with defined scope, timeline, and reporting cadence.
■ Framework-driven, deliverable-focused work product designed to satisfy both technical and audit / contracting officer review.
■ Florida-based with established service presence in the Northeast, including the New York City and tri-state region.
■ Engagements are staffed with appropriately qualified personnel, drawing on in-house resources, vetted subcontractors, and trusted delivery partners matched to the scope of work.
■ Quality assurance and project governance are maintained at the Principal level, with a single point of accountability for the contracting officer or prime.
Scope: Ongoing security operations and incident response support, HIPAA-aligned policy development, and infrastructure hardening across a regional acute care environment.
Outcome: Sustained security operations program over multiple years; delivered incident containment and after-action documentation across multiple events.
Scope: Security architecture review, infrastructure scoping across multiple sites, and design of a phased managed security service program covering endpoint, network, and identity controls.
Outcome: Delivered written program proposal and supported full security stack transition from incumbent provider across multiple facilities.
Scope: End-to-end security onboarding including identity and access management, MFA enforcement, endpoint protection, backup architecture, and email authentication (SPF, DKIM, DMARC).
Outcome: Established baseline security program from greenfield state; documented controls and policies aligned to a defined framework.