Keypoint Intelligence and Agile Cybersecurity Solutions (ACS)

BC Eydt is an attorney and cybersecurity expert with over 25 years of experience in all aspects of cybersecurity, including risk assessment, compliance, requirements development, architecture, training, operations, audit, application security, and incident response. He has over 6 years of experience in PCI DSS compliance validation and has established PCI compliance programs for organizations taking credit card payments in person, online, and through call centers.Eydt developed US Department of Defense (DoD) security requirements for application security, mobile operating systems, biometrics, and the domain name system. He also made significant contributions to DoD's network ports and protocols guidance. Eydt has co-authored publications on robust security networks and radio frequency identification (RFID) security that were downloaded over a million times worldwide. Eydt holds a bachelor’s degree in Computer Science from Columbia University, master's degrees in Statistics from Yale University and in Economics and Public Policy from Princeton University, and a juris doctor (Law) degree from Concord Law School at Purdue University.Eydt is a Certificated Information Systems Security Professional.

Carlos Fernandes serves as Founder and CEO at Agile Cybersecurity Solutions (ACS), a veteran-owned company, providing Cybersecurity consulting services to state, local, Department of Defense (DoD), Intelligence Community (IC) and commercial client relationships. Fernandes leads a team of elite cybersecurity professionals (ACS Cyber SEALs) in support of government and commercial clients. Carlos is a results-oriented, hands-on leader with over 30 years of experience in Cybersecurity, recognized for setting the highest standards of performance for himself and his team. Fernandes brings over two decades of experience in international project management supporting U.S. Government customers including CIA, ODNI, NRO, NSA, DISA, DIA, and DHS. He has led vulnerability assessment and penetration testing activities at some of the largest and most secure global organizations, both government and commercial, on four continents. Carlos is a proven, visionary leader who builds strong leadership teams and motivates others to deliver outstanding results. Industry expert consultant in all aspects of Cybersecurity. Prepares in-depth studies and analyses. Manages major information security efforts. Maintains affiliation with national/ international organizations. Functions on broad scope programs of national/international basis. Performs independent work or manages a team in support of a customer either on-site or off-site. Serves as Cybersecurity Trusted Advisor, tasked with the development of Security and Risk Assessment Strategies for State, Local, DoD, IC and Commercial client relationships. Scope of tasks include assessing current IT security postures and developing a framework, based on ISO, SANS, NIST and other relevant best practices, for performing both baseline and on-going security assessments, to include full scale vulnerability assessments, targeted vulnerability scans and penetrating testing. Deliverables include comprehensive Security and Risk Assessment Strategies, laser focused on Predicting, Preventing and Persisting against cyber incidents, anytime and from anywhere. Prior to his role in Cybersecurity, Fernandes served in the United States Air Force, as an Intelligence Officer with a tactical mission. Carlos Fernandes holds a bachelor’s degree in Electrical Engineering from Virginia Military Institute and participated in the maturing of the James Madison University INFOSEC MBA Program, in the early 2000's, one of the first NSA INFOSEC MBA Centers of Excellence.

Juan Lopez is a Project Manager and Senior Systems Engineer with over fifteen years progressive experience as a computer science professional serving both the Department of Defense (DoD), Administrative Offices of the U.S. Courts, Department of Homeland Security (DHS), and Commercial Companies. In the area of penetration testing and vulnerability assessments, he has over 10 years’ experience performing vulnerability assessments, risk assessments, and penetration testing activities involving large- and small-scale networks, databases, infrastructure devices, cloud environments, and transportation security equipment in support of federal and state government entities. He is experienced with discovery, enumeration, vulnerability, and exploitation frameworks and toolsets including Metasploit, Cobalt Strike, Nessus, Kali Linux, AppDetective, Wireshark, and NMAP. He has also performed and led cyber hunt assessments on critical, high-value, and mission essential systems, devices, and network to identify potential incidents of compromise, exploitation, and malicious activity. He supported over 100 assessment and authorization engagements within the DoD and DHS in several capacities including technical security testing, security control assessments, and remediation management. He performed Risk Management Framework and cyber based assessments on systems, web applications and web services designated for deployment at various stages of the development lifecycle such as test, development, production, or authority to operate. He has performed manual and automated web application penetration testing on systems using OWASP testing methodologies and toolset including AppScan, WebInspect, Burp Suite Pro, SoapUI, and Postman to actively identify vulnerabilities within network and application business and functional logic. Over the last decade, Juan has performed cyber testing on airport screening and non-screening systems at federal and airport locations across the country. He tested and assessed new Advanced Image Technology (AIT) iterations, Explosive Trace Detector (ETD), Credential Authentication Technology (CAT), Explosive Detection Systems (EDS), Smiths Baggage Screening, Scarabee Smart Lanes, Checked Bag - Computer Tomography X-ray (CTX), and Advanced Technology X-Ray (AT2) systems in support of increased cyber implementations for public safety. In addition, he has experience and expertise in onsite security assessments at federalized airports, cyber resilience assessments, and insider threat methodology and procedure development with a focus on the cyber kill chain in support of government acquisition, management, operational and evaluation programs. He was involved in the development and implementation of independent verification & validation, audit, and insider threat programs within DHS components as well as managing and implementing the successful Defense Security Service accreditation of high classification systems and networks for military research and development companies in support of the DoD. Juan Lopez holds a BS degree in Computer Science from Frostburg State University.

Rick Perri is an information security and networking professional with over 25 years of experience in the areas of computer network defense, communications systems, mission assurance and cyber vulnerability assessments. In the area of vulnerability analysis, he has over 15 years’ experience performing assessments to include the cybersecurity posture, network architecture, and risk management with remediation recommendations. He regularly assesses the cybersecurity posture and network architectures of global and mission specific networks in support of US government for the DoD and other federal agencies. These diverse networks use multiple operating systems and a wide variety of networking equipment. He is experienced with network vulnerability scanners such as Tenable Nessus Pro and Network Mapper. He is experienced with network modeling analysis and collection software including ITPie, SkyBox Security, and Grass Marlin. Additionally, he is experienced with full packet capture tools suites such as Niksun NetDetector and various open-source tools. He has performed network traffic analysis to find indicators of compromise, to declare a network has been compromised, to characterize the extent of the compromise, to determine possible root causes of the compromise, and to find misconfigured hosts and network devices. He has implemented network TAP plans on sensitive zero down-time critical networks to include nuclear command and control networks, weapons system networks, and communications networks. He is experienced with TAP equipment from Gigamon, Garland, and NetworkTAPs used for an enterprise grade capture plan. He supported a Department of Homeland Security program office as cyber test engineer drafting and executing cyber test plans during the procurement and development phases of the systems development lifecycle according to the Risk Management Framework as implemented by DHS. He tested for cyber compliance, resiliency, and performance by implementing industry best practices and DHS security policies. He is an alumnus of the Defense Advance Research Project Agency service chiefs program exposing him to both technology innovation and programmatics. Rick Perri holds an MS degree in Computer Science with a specialty in computer networks from the Naval Post Graduate School, Monterey CA. He holds a BS degree in Computer Science/Mathematics from SUNY Maritime College.

Chris Perry is a Senior Cybersecurity Subject Matter expert with more than 25 years of experience guiding and supporting the Chief Information Security Officers (CISOs) and other senior IT and cybersecurity managers at multiple large and highly complex Defense, Federal Government, and Intelligence Community Departments and Agencies. Chris was assigned as the Lead Technical Advisor for Cybersecurity to the Office of the Department of the Navy’s CIO. In this position, he served as the Office's designated representative to several DoD-level technical working groups and committees, establishing the strategy, policies, and practices implemented across the DoN and DoD. Likewise, as a Senior Technical Lead, Chris has led and managed multiple large teams of expert security engineers that developed a first-of-a-kind cross domain database for the Army, two major enterprise cybersecurity solutions at Federal agencies, and maintained and operated the global Cyber Operations network for an Intelligence Agency. Chris served as Lead Cybersecurity Enterprise Architect for both the Department of Energy (DOE) and the Department of Veterans Affairs VA), where he played a instrumental role in the complete redesign and migration of the department’s wide area networks, data centers and Internet gateways. He ensured the latest cybersecurity solutions and practices were implemented and adopted throughout the multi-year project. A industry leading cybersecurity compliance expert, while supporting the Navy and two National Intelligence Agencies, Chris led the development, establishment and implementation of the NIST Cybersecurity Standards and Frameworks, including personally developing two extensive and detailed CNSSI Cybersecurity overlays for Insider Threat and Industrial Control Systems. Most recently, based on the extensive experience supporting the Public Sector, Chris has been providing virtual Chief Information Security Officer support to multiple small and medium size businesses who do not have the resident cybersecurity expertise they need to protect their critical and sensitive data and systems. Chris holds a bachelor’s degree in Aerospace Engineering from United States Naval Academy and a master’s degree in Systems Engineering from Naval Postgraduate School, and is a Certified Information System Security Professional (CISSP).

Sushant Sen is an information security professional with over 10 years of experience in information technology and systems configuration, including information systems and network security. Sushant also has extensive knowledge in computer network defense, vulnerability assessments, cyber threat analysis, and i ncident response. Sushant provides Cybersecurity consulting services for cyber, delivery experience and commercial technology lines of business. Sushant has experience providing cybersecurity services to protect financial institutions across the countr y, specifically focusing in providing ransomware readiness solutions, phishing campaigns, Security insurance, and most recently, upgrading infrastructure to be PCI 4.0 compliant. Sushant ensures that appropriate and measured levels of risk are taken in t he daily course of business while monitoring security best practices. Some of his responsibilities include conducting security assessments on technologies that support software development as well as reporting vulnerability metrics to senior leadership to include the Board of Directors. Sushant has spent most of his professional life assisting financial institutions with the development and implementation of Cybersecurity policies and risk frameworks. He has led vulnerability management programs and Deliv ery experience programs, to drive down overall risk exposure and increase security best practices.

Mr. Stange is a Principal Cyber Threat Forensic Investigator that oversees all source cyber threat forensic and intelligence analysis of Law Enforcement, Counterintelligence, Intelligence Community, Department of Def ense, US Government, Industry data sets. Detailed to the Federal Bureau of Investigations - led National Cyber Investigative Joint Task Force (NCIJTF), he identifies cyber threats reconnoitering, targeting, intruding, implanting and ex - filtrating activities involving the acquisition system, supply chain, defense industrial base affecting the Department of Defense’s most critical technologies and weapon systems and vital mission - essential support functions. Mr. Stange’s threat reports were cited in over 100 Presidential Daily Briefings. Mr. Stange has briefed the President’s National Security Advisor for Cyber, Under Secretary of Defense for Acquisition, Secretary of Defense, Members of the Joint Chiefs of Staff and the Secretaries of the Air Force and Na vy, Director of Space Force, Deputy Director of STRATCOM, Deputy Directors of NSA, CIA, FBI, and Department of State. Mr. Stange contributes to National Level Threat assessments and recommends feasibility and advisability of applying new, innovative met hodologies or engineering approaches. Mr. Stange makes recommendations to the Director of the NCIJTF and Office of Cyber Analytics regarding lessons learned, countermeasures, and identifies potential opportunities to interdict and disrupt adversarial cyber operations.

Nazar is a seasoned Cybersecurity veteran with diverse experience in security covering everything from red teaming (penetration testing) to threat hunting, security engineering, blue teaming and Security automation. He is well versed in both attack and def ense and is extremely interested in anomaly detection. Nazar leads an elite threat detection and incident response team. He has also led teams in the development of SIEMs, Vulnerability Programs, and has served as a Senior Security Engineer in the deplo yment of a wide range of security technologies. Nazar’s Security Certifications include Certified Ethical Hacker (EC - Council), HP Fortify Security Technical Specialist, Cisco SMB Security Specialist, CIW Web Security Specialist, Zyxel Security Specialist . He also holds numerous IT Certifications, such as Amazon SysOps, MCTS, Certified Linux Engineer, Certified Linux Professional, DCTS, DCATS, NAI, NLTS, CNA, NCLA. Nazar also evangelized and set up the Security Assurance (SDLC) programs and processes in top US based healthcare and finance companies using Microsoft SDLC and OWASP SAMM methodology. He and his team helped the biggest German automotive company to identify and mitigate critical security defects in IoT connected - car ecosystems and has been cred ited with saving car owners from remote attacks similar to the high - profile attacks seen in Jeep attack case. Nazar is passionate about Cloud, Web 2.0, Application and IoT Security, Honeypots, Virtual Machine Introspection (his PhD topic) and exploit an alysis. Nazar specializes in many security disciplines including IT Management, Penetration Testing, computer and network Forensics, Malware analysis, intrusion detection/prevention, and mobile application security. Nazar holds a PhD degree in Cybersecu rity from the Polytechnic University in Lviv and worked there as associate professor teaching Network Security and exploitation for over 2 years.

John Welby is a cloud/infrastructure chief architect and cybersecurity expert who assists enterprises with incident response planning and digital investigations. He has over 25 years of experience in all aspects of cybersecurity and networking. He has over 10 years of experience and expert level expertise in regulatory compliance validation and has established regulatory compliance automation platforms using automation tools such as Red Hat Ansible Automation Platform. John has 10+ years designing software - defined network architecture that includes programmab le network fabric, workload automation, virtualization, & containerization, which includes security automation platforms for faster incident detection and remediation. John has implemented infrastructure, security, and compliance as code with the outcome being consistent and automated patch and configuration management. Additionally, John has used Red Hat Satellite, OpenSCAP, Red Hat CloudForms, and Red Hat Ansible Automation Platform to automatically apply and enforce security policies and Red Hat Insight s and Red Hat Ansible Automation to proactively identify and remediate security threats at scale with automated risk management. Implement automated web application hardening. DevSecOps at scale using Red Hat OpenShift Container Platform and tools such as OWASP ZAP, SonarQube, Clair, and more to build a secure CI/CD application pipeline. John Welby h olds a bachelor’s degree in Electrical Engineering from DeVry Institute of Technology, master’s degrees in Global Management from the University of Phoenix, a nd an Executive J.D. Law degree from Concord Law School at Purdue University.