From the Cybersecurity and Infrastructure Security Agency (CISA)
“April was National Supply Chain Integrity Month. In partnership with the Office of the Director of National Intelligence (ODNI), the Department of Defense (DoD), and other government and industry partners, CISA is promoting a call to action for a unified effort by organizations across the country to strengthen global supply chains.”
Supporting this effort, Parava Security (“Parava”) and 327 Solutions Inc. (“327”) have signed a Memorandum of Understanding (“MoU”), announcing their collaboration on the creation, marketing, and delivery of awareness, training, and advisory services. Focusing on Supply Chain Risk Management (“SCRM”), Risk Management Framework Methodology (“RMF”), and cybersecurity standards (“NIST”).
The MoU brings together unique expertise to the offering. They are creating the benchmark training system incorporating SCRM, RMF, and NIST SP 800–171. The program’s objective is to deliver capability and improve the ability of both US domestic and international organizations to meet their compliance obligations to the US Department of Defence (DoD) and Federal agencies. The course will be released for evaluation in ‘beta’ at the end of Quarter 2, 2021.
The first offering will launch in Quarter 3 2021, focusing on the issues faced by the United States Department of Defense (“DoD”) in supporting both domestic and International Defense Industry Base (“DIB”) contractors to meet their regulatory requirements. As defined by Congress, the Federal Information Security Modernization Act (“FISMA”), parts of the National Defense Authorization Act (2021), NIST SP 800–37r2 (“Risk Management Framework”), and NIST SP 800–171r2 (“Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”) are included as a partial list of objectives.
#SupplyChainIntegrityMonth #SCRMTaskForce #RiskMGMT #SCRM #CSCRM
Parava Security Solutions is a boutique cybersecurity and cyber risk management advisory firm based in the UK. Specializing in cyber strategy, organizational design, cyber advisory, and expert witness services. Designing and delivering cybersecurity and cyber risk management NIST SP 800–171 and NIST SP 800 – 37 services for the International Defence Industry Base (“DIB”).
Andy Watkin-Child is the Founding Partner of Parava, and he is a 20-year veteran of cybersecurity, risk management, and technology. Holding global leadership positions in 1st and 2nd Lines of Defence (LoD) for cybersecurity (CISO), cyber risk management, operational risk, and technology. For companies across Engineering and Manufacturing, Financial Services and Publishing and Media.
- He has 20 years of executive experience in cybersecurity, risk management, and technology, working within Engineering & Manufacturing, Financial Services, Publishing & Media. He has held positions including CISO, Group VP of cyber risk, head of technology.
- He holds Royal Charters in Security (CSyP) and Engineering (CEng). A place on the UK Register of Chartered Security Professionals, he is a CSyP assessor and a member of the Worshipful Company of Security Professionals (WCoSP).
- He is a member of the Board of the Security Institute (MSyI), the largest UK members-only security trade association, a Freeman of the Worshipful Company of Security Professionals (WCoSP), and a Freeman of the City of London.
- He is a Counsel-appointed expert witness specializing in cyber and risk management and a Practicing Associate of the Academy of Experts (AMAE).
327 Solutions, Inc. operates in the United States, headquartered in the Greater Philadelphia area of Pennsylvania. Specializing in design, development, facilitation, and talent alignment to create and deliver novel and commercial off-the-shelf training programs, 327 helps organizations move the needle of human capital performance. 327 programs support cybersecurity, risk management, compliance, audit, and related technical training in the Fortune 1000 and DoD. 327 delivers programs supporting the DoD’s mandated training requirements under 8570.1-M and 8140, which are benchmarks in broad cybersecurity domains, including certifications such as CISSP, CCSP, CISA, CISM, PenTest+, C|ND, C|HFI, C|EH, S+, CyberSec First Responder, CySA+, CCNA, and others. From a ground-up training program build to facilitating complex commercial programs, 327 leverages three decades of expertise to accomplish mission objectives.
- 327 deploys learning talent globally (trainers, instructional-designers, eLearning developers, SMEs, and more)
- 327 created a custom Learning Management System (LMS). Every student has continued access to their virtual-live training event, recorded and turned into eLearning, along with a robust resource center, live exam mentoring, mock exams, and other support assets, where training is no longer a one-time event.
- Since 2014, 327 has delivered thousands of training programs and resources to the Army, Navy, Air Force, Marines, the DoD DIB, the Fortune 500, global governments, and Academic Institutions.
Brian McCarthy is the founder and President of 327 Solutions, Inc. Since the early 1990’s Brian has been in training design and delivery, having gained experience in the Pharmaceutical and Biotech, Manufacturing, Defense, Finance, Legal, and additional business verticals. With experience creating programs that enable competency and certification outcomes through traditional workshops and strategically blended learning systems delivering messaging over time, 327 maximizes competency transfer to the job. 327 focuses on the right solution to get everyone to their goal.
- He has experience at Sybex Publishing working on ISC2 Official Study Guides as a technical editor.
- Brian and his team deliver the highest caliper trainers globally, many of whom are contracted directly by leading non-profit and educational organizations such as ISACA, ISC2, EC-Council, and others.
- Brian is a former trainer (Windows NT/2000) and sees training delivery through the eyes of a trainer, focused on quality and student outcomes.
- He has deep expertise in developing blended learning systems leveraging pre-work, intensive workshops, eLearning development, gamification, microlearning, mobility of learning assets, and continuance of learning.
Ted Dziekanowski is a veteran of cybersecurity with over 40 years’ experience of the design, delivery, oversight and assurance of cybersecurity and risk management systems. Ted’s area of expertise is the management of risk in Information Technology developed over the years. He is an experienced systems Auditor and Integrator giving him a unique insight as to the challenges associated with developing an eGRC program that satisfies the compliance requirements faced by organizations of all types and sizes.
He is an internationally recognised cybersecurity, risk management and Information system auditor. A highly respected security trainer, authorized to train ISACA CISA, CISM, CRISC, ISC2 CAP, CCSP, and CISSP. He holds DoD secret clearance and has taught causes for a broad range of public and private sector organisations including:
United States Army, Navy, Air Force, Marine Corp, Defense Intelligence Agency, National Security Agency, Department of Homeland Security, Five Eyes, United States Treasury, Department of Agriculture, Department of Justice, Department of Labor, Federal Reserve Bank of the United States, National Guards, Aberdeen Proving Grounds, Patuxent Naval Air Station. City of New York, State of New York, State of Wyoming, State of New Jersey, NJ Transit. Boeing, Lockheed Martin, Northrop Grumman, General Dynamics, General Electric, RSA, Microsoft, Verizon, AT&T, IBM, PeopleSoft, HP, SAP, Palo Alto Networks, Cisco, Dell Computers, VMWare, Blackberry. Wells Fargo, Charles Schwab, PNC Bank, J P Morgan Chase, Goldman Sachs, Options Clearing Corporation, AIG, Bank of Canada, MasterCard, Bank of New York Mellon, Prudential Insurance Company, Bloomberg News, Blue Cross Blue Shield of NJ, Duke, Blue Cross Blue Shield of Idaho, CVS Health. PWC, EY, Booze Allen, Deloitte. Health Canada, Home Depot, Nestle, M&M Mars, MIT Lincoln Labs, Tiffany and Company, Johnson and Johnson, Merck, Novartis and Lowes to name a few.
Jason Spezzano is an experienced cybersecurity services delivery leader and consultant with over 25 years of experience. Specialties include risk management, compliance, and cybersecurity operations supporting DoD, Federal, and Intelligence Agencies. Jason is currently the Senior Director of Cybersecurity at Grammatech, a leading developer of software-assurance tools and advanced cybersecurity solutions, as well as a Senior cybersecurity consultant focused on Governance, Risk Management, and Compliance (GRC) using information security frameworks established by the National Institute of Standards and Technology (NIST) and the DoD Cybersecurity Maturity Model Certification (CMMC). Jason is also a Fellow with the Cybersecurity Forum Initiative (CSFI).
Jason is a former Major in the United States Marine Corps where he served as a Communications and Information Systems Officer. Before joining Grammatech, Jason was the Vice President of Federal Services with CyberDefenses, Inc. There he provided cyber operations, cybersecurity engineering, and integration services to the DoD community.