| Tel: 202-997-0148
Exam Advisory Board
The FISMA Book
Code of Ethics
CPE Credit Requirements
FISMAtraq Discussion List
| Password Retrieval:
Exam Advisory Board
The CFCP Exam Advisory Board develops the CFCP test questions and painstakingly reviews each question for appropriateness. As FISMA evolves and changes, the exam evolves and changes. Some questions will be retired, and new questions will replace old questions over time. The CFCP Exam Advisory Board ensures that each question on the CFCP Exam serves as a measure of FISMA Certification and Accreditation knowledge. Board members include:
Ms. Taylor is a Certified FISMA Compliance Practitioner (CFCP) - #112243
Laura Taylor is the Chair of the CFCP Exam Advisory Board. She has been working on FISMA compliance projects since 2003 and to date has helped her clients achieve a 100% accreditation. She currently serves as the Development Lead for FedRAMP which is the U.S. government's program for applying FISMA to cloud computing systems. Her research has been used by the FDIC, the FBI, the IRS, various U.S. Federal Reserve Banks, U.S. Customs, the U.S. Treasury, the White House, and many publicly held Fortune 500 companies. Ms. Taylor specializes in FISMA compliance and security audits of financial institutions. She has provided information security consulting services to some of the largest financial institutions in the world including the U.S. Internal Revenue Service, the U.S. Treasury, the U.S. Governmentwide Accounting System, and National Westminster Bank (a division of the Royal Bank of Scotland).
Ms. Taylor founded Relevant Technologies, a security research and advisory firm in 1997. Ms. Taylor has also served as Director of Security Research at TEC, CIO of Schafer Corporation, Director of Information Security at Navisite, and Director of Certification & Accreditation at COACT, and Lead Security Engineer at MITRE. Earlier in her career, Ms. Taylor held various positions at Sun Microsystems where she was awarded several 'Outstanding Performance' awards, and a CIS Security Award. In 2004 Ms. Taylor received an award from the U.S. Financial Management Services Commissioner for her assistance with FISMA compliant Security Certification & Accreditation of highly sensitive systems. In 2005, she received an Eagle Award of Excellence from MITRE for her C&A work on the U.S. Governmentwide Accounting System. In 2006 she was selected by the Office of the Director of National Intelligence CIO to be part of the security Certification and Accreditation (C&A) Requirements and Standards Revitalization Tiger Team. Ms. Taylor is a Certified Information Security Manager (CISM) and is on the board of IntrusionWorld.
Ms. Taylor has been featured in many media forums including ABC-TV Business Now, CNET Radio, Boston Business Journal, Computer World, and The Montreal Gazette. Her research has been published on numerous web portals and magazines including Business Security Advisor, Forbes, SecurityWatch, eSecurityOnline, SecurityFocus, NetworkStorageForum, ZDNet, Datamation, MidRangeComputing, and Securify. Ms. Taylor has authored over 500 research articles and papers on information security topics and has contributed to multiple books. A graduate of Skidmore College, Ms. Taylor is a member of the Society of Professional Journalists, the IEEE, and the National Security Agency’s IATFF Forum.
Mr. Brody is a Certified FISMA Compliance Practitioner (CFCP) - #112268
Bruce A. Brody is a highly experienced, executive-level Chief Information Security Officer and subject matter expert on information security technical implementations, architecture, operations, resilience, risk management and compliance. He has served as the Chief Information Security Officer (CISO) at the Department of Veterans Affairs, the Department of Energy and DRS Technologies; a member of the Federal Senior Executive Service; a distinguished manager in the national security community; and a decorated officer in the U.S. Air Force.
Mr. Brody served as the Chief Information Security Officer for the Department of Veterans Affairs from 2001 to 2004. In this position, he was responsible for directing and overseeing all cyber and information security activities of the second-largest cabinet-level department in the federal government. Mr. Brody directed the Office of Cyber and Information Security through a major expansion in size and scope, incorporating such new missions as critical infrastructure protection, privacy, active incident management and response operations, public key infrastructure and information security officer professionalization and certification. He is widely credited with defining the Federal CISO role, and he received the Federal 100 award in 2004.
Mr. Brody was appointed Chief Information Security Officer for the Department of Energy in 2004, where he led the enterprise cyber security program and implemented successful configuration management and identity management programs. He has since served in a variety of executive positions in private industry, including Vice President for Information Assurance at CACI, Chief Cyber Security Strategist at Paradigm Solutions, and Vice President and Chief Information Security Officer at DRS Technologies (www.drs.com). Currently, Bruce serves as the Chief Cyber Security Strategist at Cubic Defense.
Mr. Brody has demonstrated expertise and success in all aspects of implementing, operating, managing and continuously improving security in complex enterprises. His risk management accomplishments include implementing enterprise security architectures, vulnerability reduction programs, security operations centers, identity management systems, infrastructure resilience capabilities, configuration management programs, and workforce professionalization programs. He is a frequent speaker on cyber security and risk management at professional conferences, and he has published numerous articles on various issues relating to information security.
Mr. Brody holds a master’s degree with an emphasis on information security from Eastern Michigan University. He is also a Certified Information Systems Security Professional (CISSP), and a Certified Authorization Professional (CAP), both of which are granted by (ISC)2; and a Certified Information Security Manager (CISM), which is granted by the Information Systems Audit and Control Association. He also holds a Level III Program Management certification from the Defense Systems Management College, exceeding the requirements of the PMP.
His career includes 10 years at the Defense Intelligence Agency, where he distinguished himself as the Chief of the Counterterrorism Section, and an additional seven years with the Defense Information Systems Agency, where he directed the Defense Multilevel Security Program. An Air Force veteran, Mr. Brody was commissioned in 1978 and served with distinction until he separated in 1983. He received the Air Force Commendation Medal and the Defense Meritorious Service Medal during his service.
Mr. Galligan is a Certified FISMA Compliance Practitioner (CFCP) - #112293
Mr. Galligan is currently assigned as a Assistant Special Agent in Charge in the Secret Service’s Information Resource Management Division as a Branch Chief in Applications Architecture responsible for quality assurance engineering. Previously he served in the Office of the Chief Information Officer (CIO) and as such acted as the Secret Service’s representative to the Department of Homeland in the Chief Information Security Officer (CISO) role.
Mr. Galligan has in the past worked on the Presidential and Vice Presidential details, protecting the life of the President of the United States and his family, and numerous heads of State to including the Pope, Kings, Queens, and Prime Ministers. Mr. Galligan has led teams responsible for providing critical systems support and integrated security to the U.S. Secret Service and Department of Homeland Security at the Salt Lake City Winter Olympics, the 2001 Super Bowl, the World Bank/International Monetary Fund Annual Meetings, and a variety of other missions.
With expert knowledge of financial crime prevention, detection, and investigation, Mr. Galligan in the past has worked to position the Secret Service as the premiere US government agency in combating global Electronic crime. He has supervised and trained 130 electronic crime special agents and technical personnel charged with the collection, analysis and preservation of electronic evidence.
Mr. Galligan’s security management competencies include executive and operational experience at the highest levels of the US government. He has managed executive protection, foreign dignitary protection, technical and environmental security operations, countermeasures, intelligence analysis, threat assessment, and criminal investigations.
Mr. Galligan was responsible for the executive management supervision of over 130 US Secret Service field and Headquarter office locations, relocations, information assurance, security engineering, vulnerability assessments, ensuring essential functions, occupant emergency planning, operational security, succession planning, restoration of operations, and threat reduction programs. He was responsible for the management of professional and technical personnel including special agents, engineers, information systems security offices, physical security specialist, and technology experts. His Branch budgeted over six million dollars for FISMA annual testing, POA&Ms, Certification and Accreditation, security configuration, incident response and security training. Additionally, Mr. Galligan had Strategic Emergency Planning and Risk Management responsibilities acting as the Critical Infrastructure Protection Officer (CIPO) for Secret Service in the Emergency Preparedness Program.
Mr. Galligan was appointed to a US Secret Service Congressional Fellowship, in 1999-2001. He was commended for work on the Computer Crime Enforcement Act of 2000 and acted as security liaison for the Republican and Democratic National Conventions. Mr. Galligan served as subject matter expert and advocate for Computer crime issues to the Senate Judiciary Committee, Subcommittee on Technology, Terrorism and Government Information – Chairperson Senator Diane Feinstein –California and Senator Jon Kyl – Arizona.
Mr. Galligan is a Certified Information Systems Security Professional (CISSP), Certified FISMA Compliance Practitioner (CFCP), Certified Information Security Manager (CISM), Contracting Officer’s Technical Representative (COTR), and is a member of the National Information Security Group (NAISG) `and the Federal Computer Security Program Managers Forum (FCSPM). Mr. Galligan holds a Masters of Arts Degree from Anna Maria College, a Bachelor of Science degree from Westfield University of the Commonwealth of Massachusetts, and has attended leadership courses at Johns Hopkins University and Carnegie Mellon University.
Mr. Doherty is a Certified FISMA Compliance Practitioner (CFCP) - #112303
Mr. Jaren Doherty was appointed as the Associate Deputy Assistant Secretary for Cyber Security at the Department of Veterans Affairs (VA) on February 3, 2008. In this role, he is responsible for providing leadership for the Department’s centralized cyber security program, working to make FISMA requirements operational, and improving VA’s overall security posture.
Prior to joining VA, Mr. Doherty served as the Chief Information Security Officer (CISO) at the Department of Health and Human Services (HHS). At HHS, Mr. Doherty was responsible for the development and implementation of their enterprise-wide information security standards and procedures. He worked to ensure that all HHS information systems were functional and secure. In addition, he lead the HHS CISO Working Group, which was designed to improve Departmental and Operating Division (OPDIV) Information Technology (IT) security policies, practices, and procedures.
Before his work at HHS, Mr. Doherty held the position of Director of the Information Security and Awareness Office (ISAO) in the Center for Information Technology (CIT) at the National Institutes of Health (NIH). He was ultimately responsible for assuring the integrity, confidentiality, authenticity, and availability of NIH information resources. In a dual role as NIH CISO, Mr. Doherty also controlled the security of the NIH IT Management Security and Privacy Committee and the NIH Information Systems Security Officers (ISSO) in each of the 28 NIH Institutes and Centers.
In addition, Mr. Doherty has also held positions in the Administration for Children and Families, the Health Care Financing Administration, and the Social Security Administration. Mr. Doherty boasts combined Federal Government experience at HHS including, the management of complex systems integration issues involving IT management, wireless and wired networks, privacy, data integrity, information systems security, personnel, and payroll systems.
Mr. Doherty earned a Bachelor of Science degree from the University of Idaho and a Masters degree from George Washington University. He is also a Certified Information Systems Security Professional (CISSP). He brings more than 30 years of experience to VA, with extensive knowledge in information protection, risk management, vulnerability analysis, and FISMA implementation. Mr. Doherty was recently recognized as a Federal 100 winner for his vision and pioneering spirit in the federal IT community.
Mr. Sanchez-Cherry is a Certified FISMA Compliance Practitioner (CFCP) - #112298
Kevin Sanchez-Cherry has been an Information Technology Security Specialist for the Department of Education’s (ED) Information Assurance Services’ (IAS) for 3 ½ years, currently serving as the IAS Governance Program Manager. He is leading the development and maintenance of Department’s cybersecurity policies, standards and governance. He also serves as the Acting Policy and Planning Branch Chief and IAS Records Officer. Previously, he provided oversight and compliance for the ED Certification and Accreditation (C&A) Program for six ED Principal Offices (POs). He is the Founder and Co-Chair of the ISIMC Security Program Management Subcommittee's Information Assurance Policy Working Group (IAPWG). The Working Group provides interagency coordination and cooperation in the development and maintenance of cybersecurity policies, standards and governance, as well as discusses current policy issues, shares experiences and information, and reviews federal cybersecurity laws, requirements, directives, and governance.
Prior to joining ED, Mr. Sanchez-Cherry served four years as an Information Technology Security Specialist for the United States Secret Service, and as the C&A Program Manager, was responsible for leading the Secret Service’s C&A Program and ISSO Program. He also served two years as Principal Security Specialist with the Department of Commerce’s (DOC) Office of IT Security, Infrastructure and Technology (ITSIT), and was responsible for monitoring DOC operating units’ compliance with Federal and Department IT security requirements, laws and guidance. Additionally, he monitored and evaluated new and emerging security technologies, and advised the CIO and Director of ITSIT on the implementation of effective IT security strategies and practices.
Prior to the DOC, Mr. Sanchez-Cherry served over six years in a variety of information assurance and IT security positions reviewing and/or developing C&A documentation and policies for the National Archives and Records Administration (NARA), Department of Justice Antitrust Division, Department of Veterans Affairs, Veterans Health Administration Office, the Department of Defense’s Military Health System (MHS), and in the private sector for the National Association of Securities Dealers (NASD) Corporate Information Security (CIS). He has over three years of physical security experience with Wells Fargo Guard Service, Magnum Security Inc., International Security Corporation, and Security Services of Connecticut Inc., and two years of IT Computer Operations and supervisory experience for NASD.
Mr. Sanchez-Cherry is a Certified Information Systems Security Professional (CISSP), Certified FISMA Compliance Practitioner (CFCP), Contracting Officer’s Technical Representative (COTR), and is a member of the Information Assurance Policy Working Group (IAPWG), National Information Security Group (NAISG), the Federal Partners Control System Security Working Group, the Federal Information System Security Educators Association (FISSEA), the Federal Computer Security Program Managers Forum, and the Office of the Director of National Intelligence’s Information Systems Security Line of Business (ISS LoB) Certification and Accreditation (C&A) Working Group. He has held a Top Secret security clearance with the Federal government since 2004.
Mr. Shapherd is a Certified FISMA Compliance Practitioner (CFCP) - #112308
Matt Shepherd is the Vice President of the Information Security & Privacy division at MindPoint Group, LLC. He holds numerous information technology certifications: CISSP, CEH, GCFW, MCSE, and MCDBA. MindPoint Group specializes in protecting the data of its Federal civilian, intelligence agency, and defense department clients by providing a wide range of security services throughout the System Development Life Cycle. Mr. Shepherd’s areas of expertise include secure system design and architecture, network security, technical security assessments, security awareness and training, security documentation development, and FISMA compliance.
Mr. Shepherd is currently working at the Department of Transportation (DOT) to address deficiencies identified in the Department’s security program. In this role, Mr. Shepherd has been instrumental in improving tracking and reporting of completion of DOT’s security awareness course, and is developing a process to improve the deployment of the course in subsequent years. He has also been instrumental in developing an Independent Verification & Validation process which the OCIO will use to fulfill its oversight role for the Department security program. Prior to working with DOT, Mr. Shepherd supported the Chief Information Security Officer (CISO) at the Department of Homeland Security (DHS) National Protection & Programs Directorate (NPPD) in executing FISMA compliance activities relating to several information systems that are key to the protection of the nation’s critical infrastructure. Previously, he supported the CISO at the United States Patent and Trademark Office (USPTO) in successfully developing an effective FISMA compliance program, and helped to have two mission critical systems removed from the Office of Management and Budget’s watch list.
Mr. Shepherd holds a bachelor’s degree from St. Mary's College of Maryland, and is currently working on his Masters of Science in Information Assurance. He is the Technical Editor of the
FISMA Certification and Accreditation Handbook
, and has been a contributing author for
Windows Vista for IT Security Professionals
How to Cheat at Securing SQL Server
Microsoft Forefront Security Administration Guide
Mr. Jacobson is a Certified FISMA Compliance Practitioner (CFCP) - #112283
Glenn Jacobson is an INFOSEC Analyst with a major Aerospace Engineering and Manufacturing company. Mr. Jacobson is a seasoned C&A expert and Security/Networking Engineer.
Mr. Jacobson is a seasoned FISMA compliance expert and has worked on FISMA compliance projects for a variety of U.S. federal agencies: the Federal Highways Administration (FHWA), General Services Administration (GSA), United States Department of Agriculture (USDA), and the U.S. Department of Treasury (Treasury), Federal Aviation Administration (FAA) and is currently assigned to a DoD project for the US Navy. Mr. Jacobson's work has included the development and instruction of training courses that support NIST standards, C&A processes, security testing, and security awareness. Mr. Jacobson’s C&A and engineering areas of expertise include security testing and evaluation, vulnerability analysis, remediation identification, risk management, product evaluation, architecture design, and security operations management. Earlier in his career, Mr. Jacobson worked as a consultant for various government and civilian organizations, specializing in network and security solution development and implementation. Mr. Jacobson made valuable contributions to the
FISMA Certification and Accreditation Handbook
Ms. Bauer is a Certified FISMA Compliance Practitioner (CFCP) - #112273
Janet Bauer has worked in the Department of Defense Information Technology arena for the past 24 years with the past 15 years in support of various IT and cyber security initiatives. Ms. Bauer currently works at the National Security Agency (NSA) for the Chief Information Office (CIO) / FISMA & Compliance Department and is a FISMA intelligence community subject matter expert.
At NSA, Ms. Bauer has responsibilities for the following programs: Computer Network Defense (CNDSP), Federal Information Security Management Act (FISMA), Privacy Impact Assessment (PIA), Cyber Command Readiness Inspection (CCRI), Management Internal Control (MIC), Plan of Actions and Milestones (POA&M), Section 508. Working with senior management, Ms. Bauer gather metrics and provides guidance necessary for congressional reports on compliance for ODNI, OMB, DISA, and DIA.
In her current role, Ms. Bauer advises on NSAM 130-1, and various other government security Policies, Guidelines, and Directives; participate on various IT process improvement boards to ensure security compliance continues to be met; Continuous Monitoring lifecycle security; assists in setting process up, training all ISSM’s and ISSO’s, and working with IT customers to follow and maintain system accreditation; and works on FISMA IC community submitting annual intelligence community FISMA reports for federal agencies.
Over the duration of her career, Ms. Bauer has worked as an Information System Security Officer (ISSO), Information System Security Trainer, and as an Information System Security Manager (ISSM), FISMA/Security Subject Matter Expert (SME), Program Manager/IT Portfolio Service Analyst (PSA), Risk Management Framework Mission Advocate (RMF-MA). Throughout these roles she has been responsible for establishing and maintaining hundreds of individual System IT Security Programs for both civilian and contracting systems.
Ms. Bauer oversees over 50 ISSO’s to ensure they understand and follow all established IT Security Policies and procedures. She has an in-depth knowledge and guidance of Policies such as; ICD 503, and DCID 6/3. She is responsible for creating and reviewing and providing guidance for all IT System Security Packages – System Security Plans, Security CONOP, IT Architecture and Dataflow Diagrams, Security Requirements Traceability Matrix, Privileged User Guides, Business Continuity Plans, Disaster Recovery Plans, Certification Test & Evaluation Plans, Configuration Management Plans, Standard Operating Procedures. She ensures the development of IT System Certification documentation by reviewing and endorsing the documentation by recommendation of C&A action by the Designated Approving Officer.
Ms. Bauer coordinates all IT System Security Inspections, Audits, Tests and Reviews to maintain all Phases of C&A from initial concept, creation, development, testing, implementation, and eventual operations and maintenance in lifecycle support for a leading intelligence agency. Her responsibilities include ensuring that corrective and protective measures are carried out in response to all Information Assurance Vulnerability Assessments and ensure all IT systems receive the necessary virus updates and patches to ensure compliance with the Federal Information Systems Management Act (FISMA).
In her former positions, Ms. Bauser developed procedures in response to IT Security Incidents by investigating, counseling and reporting to the Incident Response Team and Inspector General. She has created and taught IT Information System Security Education Course to ISSO’s, SA’s, and Network Admins. Ms. Bauser has also taught FISMA 101 course to security individuals.
Ms. Bauer has worked as both a civilian employee and contractor for the NSA. She has worked for the following contracting companies: CSC, ACI, and currently TASC, Inc. She has been a member of the FISMA Center Executive Board since the center opened and provides guidance and input on all topics related to FISMA and Information / Cyber Security.
Ms. Bauer holds the following additional certifications:
Certified ITIL v3, September 2011
Certified Federal IT Security Professional-Manager (FITSP-M), December 2010 # 00254
Certified in the Governance of Enterprise IT (CGEIT), Dec. 2008 # 450859
Justin T. Matteo
Mr. Matteo is a Certified FISMA Compliance Practitioner (CFCP) - #112278
Justin Matteo is currently a Practice Manager for the Civil Government Programs at SecureInfo Corporation. He is responsible for providing Information Assurance solutions to multiple government agencies with a strong focus on FISMA compliance. Mr. Matteo has an extensive knowledge of the NIST computer security Special Publications, most notably NIST 800-53 and 800-53A and his work in the security field largely emphasizes Federal Information Security Management Act (FISMA) guidance, IT security risk management, and Certification and Accreditation (C&A).
He has developed a wide array of training materials and conducted courses in the areas of security awareness and training, FISMA guidance, NIST 800 series publications, Plans of Action and Milestones (POA&M), and development and training in the use of the ProSight and Trusted Agent FISMA tools.
Mr. Matteo is a CISM and CFCP. Prior to SecureInfo, Mr. Matteo was a Lead Security Engineer with Missing Link Security and supporting the security C&A efforts at the United States Patent and Trademark Office (USPTO). He focused on the overall development of the USPTO security program and successfully established an effective continuous monitoring program for USPTO.
Previously, Mr. Matteo worked for Booz Allen Hamilton where he assisted key customers including the Internal Revenue Service and the U.S. Department of Education with various FISMA, privacy, and cyber-security initiatives. Earlier in his career he was an application developer and worked for IBM. Mr. Matteo has a Bachelor's of Business Administration from James Madison University.
Mr. Friedman is a Certified FISMA Compliance Practitioner (CFCP) - #113423
Mr. Friedman possesses more than 20 years of information systems security and Information Assurance (IA) experience including design, development, test and evaluation of information systems, as well as Commercial Off-The-Shelf (COTS) and Government Off-The-Shelf (GOTS) products. Specific experience includes Certification and Accreditation (C&A) using the NIST Risk Management Framework (RMF), information systems security vulnerability assessments, Information Systems Security Engineering (ISSE), cryptographic testing, validation and evaluation including Fail Safe Design Assurance (FSDA); in addition to Key Management Infrastructure (KMI) and Public Key Infrastructure (PKI).
Mr. Friedman currently works for Independent Software as as a Delegated Authorizing Official (DAO) in support of the Federal Government. As a DAO, he performs risk assessments of information systems encompassing client/server architectures, peer-to-peer architectures, controlled interface devices (e.g., firewalls) and Cross Domain Solutions (e.g., guard devices). As part of his duties, Mr. Friedman assesses mission essential and mission systems for subsequent risk recommendations to the Agency Authorizing Official (AO). Prior to his current employment, Mr. Friedman held various positions at companies including SAIC, TASC and ACS Defense relating to design, development, assessment and continuous monitoring of security architectures. Throughout much of this time frame, he provided technical leadership in support of numerous system security efforts. In one such endeavor, Mr. Friedman served as the technical leader for assessors tasked to conduct technical risk assessments of Internal Revenue Service networks, systems, and applications that stored, transmitted and/or processed Sensitive But Unclassified (SBU) data including taxpayer information and IRS employee data. Prior to employment as a Government contractor, Mr. Friedman worked 11 years as a civilian employee for the Department of Defense.
Mr. Friedman possesses a Master of Science in Electrical Engineering (MSEE) from George Washington University. His undergraduate degrees, Bachelor of Science in Electrical Engineering (BSEE) and Bachelor of Science in Mathematics, were both earned at the University of Maryland College Park. In addition to CFCP, Mr. Friedman possesses approximately a dozen certifications including Certified Information Systems Security Professional (CISSP), Information Systems Security Engineering Professional (ISSEP), Information Systems Security Architecture Professional (ISSAP), Systems Security Certified Practitioner (SSCP), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (C|EH), and Global Information Assurance Certification (GIAC) Security Essentials Certification (GSEC).
Copyright 2009-2019, FISMA Center | 8115 Maple Lawn Blvd., Suite 350, Fulton, MD | Tel: 202-997-0148 | Fax: 410-290-6914 |