State of Florida Department of Management Services

Transcription

1 September 3, 2015 State of Florida Attn: Joel Atkinson Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services 350 Seventh Avenue 10th Floor New York, New York P: Toll Free: 877.QED.NATL F:

2

3 Table of Contents 1. Introduction Background... 1 Overview... 1 Summary of Relevant Experience... 1 Management Team... 1 Awards... 3 Certifications Contact Information... 4 Key Contacts Service Offerings (as per section IV of Cyber-Security RFI) Conclusion /3/2015

4 1. Introduction The State of Florida - Department of Managed Services is seeking to identify vendors that are able to provide assessment and remediation services in the event of a Cyber-Security incident and provide identity protection, identity monitoring and identity restoration services. The following provides information necessary for QED National to be listed as a vendor capable of providing such services to the State of Florida under GSA Schedule Background Overview is a privately held New York corporation that provides IT Consulting, Solutions and Staffing Services to the public and private sectors. Founded in 1993 by President, Colleen Molter, holds a GSA Schedule 70 contract (#GS-35-F378AA), is registered with the State of Florida, and is highly experienced in Cyber- Security Assessment and Remediation Services. The superior quality of s services and staff has been recognized by clients and the industry over the years. Inc. Magazine named one of Inc s Fastest Growing Private Companies for seven consecutive years ( ); The Competitive Edge awarded the 2014 Women Business Enterprise (WBE) Award of Excellence; and CIO Review named one of the Top 20 Most Promising Government Technology Consulting Companies in the US. Summary of Relevant Experience has over 22 years experience as a provider of IT consulting services and solutions. Our reputation for integrity, high-quality and overall value has earned us contracts with Fortune 500 companies such as Financial Services, Audit, Engineering, Energy, Technology firms and numerous State and Local government entities (e.g., Transportation, Health and Human Services, Education, Construction, Criminal Justice, and Environmental Protection agencies). With extensive expertise in all aspects of Information Technology, Information & Cyber-Security, Governance, Risk & Compliance, Project & Program Management, and Enterprise Architecture, has been awarded over 70 contracts totaling in excess of $27 Million over the last three years. For these contracts, over 180 consultants have been deployed, with approximately 80% for State and Local government entities. Specific Cyber and Information Security Services recently provided by include: Information Security Risk Assessments Vulnerability Assessments Application Security Assessments Incident Response Investigations for Malware and Advanced Persistent Threats Implementation of Data Loss Prevention Solutions Monitoring Networks for Security Anomalies Implementation Encryption Solutions Management Team The Management Team will diligently apply its experience and expertise in Information Technology and Information Security to ensure successful delivery of Cyber-Security assessment and remediation services to the State of Florida. Professional biographies of the Management Team are provided below. -1-9/3/2015

5 Colleen Molter President & Founder Ms. Molter, an NYU Polytechnic Electrical Engineering graduate, has been providing technology solutions to government agencies and Fortune 500 firms for more than 25 years as a Technology Manager and Entrepreneur. Colleen s work history, prior to starting in 1993, includes nine years of Information Technology management consulting, seven years experience teaching computer science and electrical engineering in the university system at both the graduate and undergraduate levels and eight years experience working for IBM as a systems engineer, data systems specialist and manager. Her industry experience includes servicing large financial and governmental institutions with centralized and distributed IT installations and her skills in strong facilitation, project management, development and execution of technology systems design have provided the base for the growth and success of. Colleen has always been at the forefront of providing sound technology solutions and professionals to her clients and, as a result, has been recognized by such organizations as Inc. Magazine and CIO Review among others for business and technology leadership. Colleen s broad experience as a C-Level Strategist, Executive Manager and Entrepreneur provide her team, clients and community the leadership to consistently deliver with the highest level of quality and integrity. She has received numerous awards for her accomplishments as a businesswoman and advocate for women in business, including recognition for her achievements by the US Small Business Administration, the Women s Presidents Organization, and Women in Technology International. Fred Seim Account Executive Fred is the Account Executive and Engagement Manager for State and Local Government as well as Education (SLED) business activities in which is engaged in the State of Florida. Fred has 29 plus years combined experience in Program and Engagement Management in support of large clients with the US Treasury, US Secret Service (now DHS), US Customs Service, (now DHS ICE), Bureau of the Public Debt, the Federal Aviation Administration (FAA) and most recently the City of New York. It is s position that the importance of this engagement, as well as, the critical importance of Cyber-Security to the State of Florida government operations and public infrastructure warrants this level of management experience and commitment. Fred s security experience includes design and implementation of a security and access control system for the US Treasury for a special national security campus. Following that project, Fred was the PM for the design and implementation of the FAA s FAR compliant anti-terrorist and intrusion detection system for the International Arrivals Terminal (T5) at ORD and was a member of the security design and oversight team for three of the other eleven FAA-designated Class X US airports. Additionally, Fred led the consulting team responsible for developing and executing annual pre-audit activities at USCS (now, DHS ICE) for compliance of the agency to OMB circulars A-123 and A-130. More recently, Fred led the PM/QA consulting team responsible for the security assessment and accreditation for numerous NYC enterprise-wide systems implementations (e.g., NYC.gov, Customer Service, NYCServ, and NYCAPS). Anthony Concolino Managing Director Anthony (Tony) leads the company's Solution-based Consulting Practice areas which include Information/Cyber- Security, Data Center Solutions, Information Technology Management, and GRC (Governance, Risk and Compliance). As a senior Information Technology professional with over 30 years of experience, Tony s innovative style helped advance the use of enterprise technology in the banking and brokerage industry and most recently in the public sector. Prior to joining, Tony managed large organizations at Citigroup, where, as COO for Capital Markets and Corporate Infrastructure Services, he led efforts to improve security, service and business continuity in IT Operations, Risk Management and Application Development while driving down costs as part of a multiyear, multi-billion dollar transformation program. Earlier in his career, Tony delivered world-class brokerage and trading technology products serving large global Wall Street firms. Tony has also advised several startup companies building Cloud, Virtualization, Big Data, DevOps, Cyber-Security and Digital Marketing technologies. -2-9/3/2015

6 Russell Kiernan Director of Management Consulting and Cyber / Information Security Services Mr. Kiernan oversees the delivery of IT Management Consulting and Information Security Services at QED National. With over 20 years of IT experience, Russell understands the business needs of s client base and transposes them into capabilities. He is highly skilled in a number of management and technology disciplines including Cyber / Information Security, GRC (Governance, Risk and Compliance), Program and Project Management, and Enterprise Architecture. Russell has extensive experience in global financial institutions such as Citigroup, Bank of America Merrill Lynch, Marsh & McLennan, Smith Barney and Broadridge where he managed Risk & Control Management, Information Security, Application Development, Program and Project Management, Enterprise Architecture, Process Engineering, and Financial Management functions. Russell s accomplishments include: authoring of Software Development Process Standards for organizations with up to a $1B annual application development and implementation budget; authoring of various Information Security Standards and Processes, implementation of Enterprise Software Solutions; definition and rollout of comprehensive project and SDLC processes (which addressed both functional and non-functional requirements such as Security and Enterprise Architecture reviews) and supporting Project Management Information System; definition and ongoing management of global Project Portfolios and associated budgets; definition of project performance and quality review processes; initial implementation and ongoing management of global Risk and Compliance Self Assessments (including Application and Security Assessments); and successful management of all Federal Regulatory, External Audit, and Independent Audit inspections for auditable entities. Barry Pardee Industry Expert Barry is a Senior Information Technology professional with over 30 years of expertise in IT Sales, Project Management, IT consulting and management. He has a broad background in successfully working with various commercial organizations, as well as federal and non-federal government agencies. As a civilian Senior Field Engineer, he worked on key Air Force R&D systems including early Arpanet security development, starting in 1976, distributed computing (cloud) the first Intrusion Detection System and many more leading edge security systems throughout his career. In the past 23 years as a senior Project and Program Manager, Barry has successfully managed multi-million dollar IT projects/programs for Kodak, General Electric and what is now NYS Information Technology Services. He has been a trusted security partner to large commercial and government clients including Global Foundries, Pitney Bowes, GE Global Research, GE Energy, NYS agencies, NYS Governor s Office (through several administrations) and the NYS Division of Homeland Security and Emergency Services. More recently, Barry has helped, alongside a top security consultant hired from the White House, to design and manage the delivery of many IT security assessments for large New York government agencies including the State Police, Criminal Justice Services, Integrated Justice Advisory Board agencies, Department of Transportation, Division of the Budget and the Energy Research and Development Authority. Barry has also been active in the Cloud Security Alliance and is acknowledged for contributions in the Cloud Standards Customer Council publication, Security for Cloud Computing. Awards As a result of our excellent service, professionalism, and leadership, consistently garners the highest accolades and awards. Such awards include: Awards Seven Consecutive Years: Inc Fastest Growing Private Companies, Women Business Enterprise (WBE) Award of Excellence, Competitive Edge, 2014 Top 20 Most Promising Government Technology Consulting Companies in the US, CIO Review, 2013 Top 50 Women Owned Business in New York, DiversityBusiness.com, 2013 Enterprising Women of the Year Award, Enterprising Women Magazine, /3/2015

7 Certifications is a Small, Disadvantaged and Women-Owned Business Enterprise certified and accredited by various esteemed organizations. These certifications allow to obtain and perform business within organizations that require such credentials. These certifications include: Certifications Women's Business Enterprise National Council (for US Small Business Administration) - Woman Owned Small Business (WOSB) US Department of Transportation - DBE Women's Business Enterprise National Council - WBE 3. Contact Information The address of s headquarters is as follows: Corporate Headquarters 350 Seventh Ave, 10 th Floor New York, NY Key Contacts Fred Seim, s Account Executive for the State of Florida, will coordinate s efforts to ensure the highest quality services. Russell Kiernan, s Director of Management Consulting and Information Security Services, will coordinate Cyber / Information Security resources to ensure the success of all Cyber-Security engagements for the State of Florida. Contact information is included below. Key Contacts Primary Contact Fred Seim Account Executive (347) [email protected] Secondary Contact Russell Kiernan Director, Management Consulting and Information Security Services x111 [email protected] -4-9/3/2015

8 4. Service Offerings (as per section IV of Cyber-Security RFI) The table below lists all services identified in the RFI and indicates s capability to provide these services. 1) Pre-Incident Services: Cyber-Security Service a) Incident Response Agreements Terms and conditions in place ahead of time to allow for quicker response in the event of a cyber-security incident. b) Assessments Evaluate a State Agency s current state of information security and cybersecurity incident response capability. Capability c) Preparation Provide guidance on requirements and best practices. d) Developing Cyber-Security Incident Response Plans Develop or assist in development of written State Agency plans for incident response in the event of a cyber-security incident. e) Training Provide training for State Agency staff from basic user awareness to technical education. 2) Post-Incident Services: a) Breach Services Toll-free Hotline Provide a scalable, resilient call center for incident response information to State Agencies. b) Investigation/Clean-up Conduct rapid evaluation of incidents, lead investigations and provide remediation services to restore State Agency operations to pre-incident levels. c) Incident response Provide guidance or technical staff to assist State Agencies in response to an incident. d) Mitigation Plans Assist State Agency staff in development of mitigation plans based on investigation and incident response. Assist State Agency staff with incident mitigation activities. e) Identity Monitoring, Protection, and Restoration Provide identity monitoring, protection, and restoration services to any individuals potentially affected by a cyber-security incident. * will utilize the services of our pre-qualified partners in these areas. 5. Conclusion, via partner companies*, via partner companies*, via partner companies* With the increasing volume and complexity of cyber threats, understands the importance of having robust comprehensive Cyber-Security and Cyber Risk Management programs that are up to the challenge. We are grateful for the opportunity to be considered for inclusion on the list of vendors capable of providing these critical Cyber-Security services to the State of Florida. Please contact Fred Seim or Russell Kiernan directly should any additional information be required. Thank you for your kind consideration. -5-9/3/2015