Provide guidance to CISOs and ISSOs in analysis of organizational and Agency-based security requirements and risk mitigation strategies.
Support the development of security artifacts (PIAs, BCCPs, SSPs) and the management of security activities (assessments and audits)

• Secure architecture design
• Secure system configuration
• Penetration Testing
• Vulnerability assistance
• Continuous monitoring
• Risk Management Frameworks
• SOC Operations
• Agile team support
• Cloud Security
• Ecosystem Security
• Policy and planning

• Privacy Impact Assessment (PIA) development
• Support development of security and privacy aspects of agreements, such as MOUs, DUAs, and contracts

• Develop and deliver security training and guidance for general security awareness
• Organizational and system-specific security procedures
• Security role-based training for ISSOs, developers, managers and system maintainers

• Support incident management from identification to resolution
• Establish and documents incident response and disaster recovery procedures

• Dark Web Analysis and Reconnaissance
• Dark Web Data Marking and Tracking
• Dark Web Training and Senior Briefings

• Secure System Design Life Cycle (SDLC)
• HHS Enterprise Performance Life Cycle (EPLC)
• CMS Expedited Life Cycle (XLC)
• SecOps
• Advanced Threat Protection
• Continuous Monitoring/CDM
• Continuous Validation
• Cloud security and containers