SUMMARY:

• Has over 30 years of experience in cyber security analysis, security engineering, and systems integration in commercial, civil government, and DOD environments. He is NIST SP 800 series subject matter professional and directs a Federal Risk and Authorization Management Program (FedRAMP) Third Party Assessment Organization (3PAO). He has lead cyber security life cycle work programs that include developing security authorization artifacts, performing technical and analytical certification activities and supporting continuous monitoring. Has managed Inspector General FISMA compliance technical and analytical reviews. Has been recognized for developing and managing award - winning high performance project teams.

TECHNICAL SKILLS:

• Cyber Security
• FedRAMP and FISMA Security Authorization processes and documentation
• National Institutes of Standards and Technology (NIST) Special Publications in 800 Series, including 800-53 and 800-171
• Health Insurance Portability and Accountability Act (HIPAA)
• Systems and Cyber Security Engineering
• Project Management
• Requirements Analysis

PROFESSIONAL EXPERIENCE:

Confidential, McLean, VA

Director

• Director, FedRAMP 3PAO program. Leads KPMG’s FedRAMP-accredited 3PAO organization. Directs FedRAMP, FISMA, DFARS, and IRS Publication 1075 security readiness engagements including gap assessments, remediation recommendations, and system security plan development. Mr. Edelheit has directed FedRAMP Platform as a Service (PaaS) and Software as a Service (SaaS) readiness engagements for both large multinational cloud service providers and smaller start-ups. He has actively involved in the planning and execution of NIST SP 800-171 gap and remediation engagements for DoD contractors, including an aerospace and electronics corporation.

Confidential, Fairfax, VA

Principal

• Security Lead/Project Manager, California Health Benefit Exchange/Covered California. Lead a 4 FTE cyber security analyst team that is responsible for the FISMA compliance, security authorization and privacy of the California Healthcare Eligibility, Enrollment, and Retention System (CalHEERS). As required by the Affordable Care Act of 2010, CalHEERS implements the state’s health benefit exchange.
• Security Lead/Manager, Department of Homeland Security (DHS), US-VISIT project. Lead a 9+ FTE cyber security analyst and engineering team that is responsible for all aspects of US-VISIT’s Cyber Security program including FISMA compliance, security authorization, cyber security operations, incident response, and security engineering analysis, prototyping, and design for mission and non-mission systems. The team’s engineering efforts have included developing an enterprise-wide security infrastructure that includes centralized, PIV-based two-factor authentication, centralized access control enforcement, and security information and event management (SIEM).
• Project Manager, Department of the Treasury, Bureau of Printing and Engraving (BEP) Cyber Security project. Established and managed a 6.25 FTE cyber security analyst and engineering team that is responsible for all aspects of BEP’s cyber security program including developing security authorization artifacts (e.g., security plans, security test and evaluations, risk/security assessment reports, etc.), contingency plan testing, and policy assessment and development. The BEP IT environment includes general support systems (GSS), major applications (MA), and industrial control systems.
• Security Engineer, State of Georgia Department of Behavior Health and Developmental Disabilities (DBHDD) project. Provides security engineering and analysis support for the development of a data warehouse that contains DBHDD patient information. Given sensitive patient information and a federal funding source, the delivered system will be HIPAA and FISMA compliant.
• Project Manager, Department of Commerce, Office of Inspector General (OIG) FISMA Support project. Established and managed the team of cyber security analysts and engineers that performed OIG FISMA reviews on DOC operating units. The team’s activities included reviewing security authorization packages and performing technical examinations of DOC systems. Mr. Edelheit defined the technical testing approach used by DOC IG staff and SRA team members, performed FIPS 140-2 cryptographic module reviews, designed and built the OIG cyber security lab, and, as project manager, received five perfect customer satisfaction surveys over a 2.5 year period.
• Technical Leader, Environmental Protection Agency (EPA) Risk Assessments project. Established and managed the security analyst and engineering team that performed FIPS 140-2 cryptographic module reviews, technical vulnerability assessments and prepared the risk assessment reports for multiple EPA GSS and MA. As technical leader, Mr. Edelheit received three perfect customer satisfaction surveys over a two year period.
• Technical Leader, Department of Health and Human Services (HHS) Public Key Infrastructure (PKI) project. Established and managed the security analyst and engineering team that developed the system security plans, risk assessments, contingency plans, and self-assessments for the HHS PKI system. I also assisted in the development of the cyber security portions of OMB Exhibits. This project also examined the use of the PKI for protecting in-transit NIH Clinical Center information.

Confidential, Arlington, VA

Principal

• Project Manager, Department of Labor GovBenefits.gov Program. Managed the twelve-person team that performed cyber security, independent validation and verification, and transaction processing application development for the GovBenefits.gov program, one of the President’s 24 Quicksilver Management Initiatives. Was responsible for the certification and accreditation (security authorization) activities for GovBenefits.gov and the development of the GovBenefits.gov quarterly FISMA documents, self-assessment, and OMB 300 exhibits.

Confidential, Reston, VA

Principal Architect, eCommerce Products.

• Responsible for the security architecture and security authorization of two eCommerce services.
• Designed, engineered, developed, launched, and operated Concert’s prototype business-to-business auction service.
• Engineered and implemented secure integration solutions between the BT Ignite / Concert-hosted eCommerce systems and customer legacy ERP systems.
• Senior technical member of joint product development/product management/sales team that won and retained contracts.

Confidential, Fairfax, VA

Principal.

• Managed a 25-person team that was responsible for the pre-sales, systems engineering, and development activities of this B2B eCommerce integration services company.

Confidential, Vienna, VA

Director of Product Development.

• Managed a six-person team that was responsible for the product development and management for Cable and Wireless USA’s web hosting, security and electronic commerce offerings.

Confidential, Reston, VA

Systems Engineering Manager.

• In support of British Telecommunications (BT), established and managed the six person team that engineered, developed and operated BT’s first web-based, B2B eCommerce solution that provided secure, real-time customer ERP integration. This team was the only US-based project to ever win BT’s Systems Engineering Centre Director’s Award.
• Managed the complex migration of the system development and operation activities of Concert’s Global EDI product from MCI’s San Jose, CA location to BT’s Cardiff, Wales systems engineering centre.
• Was the global eCommerce standards Program Manager.

Confidential, McLean, VA

Lead Engineer

• Provided information security and systems engineering support to multiple projects. Specialization areas included security and system architecture and design, security policies, security test and evaluation, and certification and accreditation.
• Was senior information security advisor to the Joint Staff for three Command and Control (C2) systems and co-authored two Joint Staff security policies. Authored the security policies for three Joint Command C2 systems and an Army-wide strategic and theatre C2 system. Performed certification and accreditation activities for the US Transportation Command and US Army Pacific Command.
• Established the McLean information security laboratory, and led the prototyping of a number of multilevel secure solutions. Represented MITRE at several standards bodies and consortia, including the IETF and the Trusted Systems Interoperability Group.

Confidential, Alexandria, VA

MIS Manager.

• Was responsible for all corporate management information system functions including the development of an office automation network and the migration of the corporate MIS environment to a Unix-based system.

Confidential, Washington, DC

Senior Consultant.

• Performed system analyses, designed, programmed, and implemented systems for the Pension Benefit Guaranty Corporation. Developed an information requirements analysis for the Office of the Secretary, Department of Commerce.