Information Assurance Opportunities and Requirements Doug Jimenez, IA Division Director Mary Mayonado, CISSP, IA Program Manager Marla Shipley, CND/aXiom

Information AssuranceInformation AssuranceOpportunities and Requirements

Doug Jimenez, IA Division Director

Mary Mayonado, CISSP, IA Program Manager

Marla Shipley, CND/aXiom Program Manager

January 8, 2010

© 2009 Science Applications International Corporation. All rights reserved. SAIC and the SAIC logo are registered trademarks of Science Applications International Corporation in the United States and/or other countries.

Energy | Environment | National Security | Health | Critical Infrastructure2

SAIC James Business Unit Information Assurance OverviewSAIC James Business Unit Information Assurance Overview

• Information Assurance (IA Division)– Doug Jimenez, Division Director– 200+ employees supporting SPAWAR Systems Center Atlantic, NAVAIR, and

their sponsors– 42m annually– DOD 8570 Compliant Workforce

• Certified Information Systems Security Professionals (CISSP)

• CISSP/Information System Security Engineering Professional (CISSP-ISSEP)

• Security Plus

• Vendor Certifications

– Fully Qualified Navy Certification Agents



CustomersCustomers



General Programming/Network Support SPAWAR Atlantic and SponsorsGeneral Programming/Network Support SPAWAR Atlantic and Sponsors

• Core Routing and Switching _ vendor independent

• Integration Support– Routers/Switches– IDS/IPS– Application Proxy Firewalls– Remote access solutions

• Secure Wireless (Survey, Design, and Integration)

• LAN Infrastructure

• Service Oriented Architectures (SOA)/Cloud Computing

• Virtualization/Data Centers• Application

Development/Programming (JAVA, Pearl)

• UNIX Services• Sharepoint/Web hosting• IPv6 readiness and implementation



Why Are We Here?Why Are We Here?

• High Demand for IA savvy employees

• Relocation Costs

• High Training Costs

• Lost Revenue

• We Could Do So Much More if Education/Academia and Industry were better aligned

– Capture more of those high school students who want IT/IA careers– Create more jobs for the State of SC

• Less Relocation/Bringing in talent from outside

– Chance for Recognition as a center of excellence for IA



What do we need from Academia(Education/Skill sets needed)What do we need from Academia(Education/Skill sets needed)

• Graduates who understand and are able to develop a secure IT solution, a comprehensive understanding of underlying principles is the foundation

– Networking, TCP/IP fundamentals– Programming, secure coding techniques– System Engineering – for the entire lifecycle– Configuration Management processes and techniques

• Legal Issues in Information Assurance– Forensics– HIPAA– Privacy Act

• Compliance issues – vary by customer



Shortfall Areas/Potential Research AreasShortfall Areas/Potential Research Areas

• Cross Domain/Multilevel Security– We have to share data across organizations, this is still a major area of challenge

• Active Network Defense – Within ethical and legal guidelines

• Event Correlation – Gathering attack data across diverse networks to develop comprehensive threat/risk

picture

• Anti-Tamper– Need to develop additional techniques to guard against reverse engineering hardware and

software

• Improved IA techniques for Weapons Systems– Confidentiality – generally o.k.– Integrity – area of improvement– Availability – area of improvement



SAIC

5617 North Rhett Avenue

North Charleston, SC 29406

843.740.4600

843.308.0466 – fax

[email protected]

[email protected]

[email protected]

www.saic.com

For More InformationFor More Information

Documents

Information Assurance Opportunities and Requirements Doug Jimenez, IA Division Director Mary Mayonado, CISSP, IA Program Manager Marla Shipley, CND/aXiom