LARRY CHMIEL, CISSP

29708 WEYBRIDGE WAY

WESLEY CHAPEL, FLORIDA 33545
813-994-1983
813-838-2689 (CELL)
lcdd1b40@westpost.net

PROFILE
Before founding Security and Privacy Consulting, Mr. Chmiel most recently was a
Senior Manager in the Security & Privacy Services group of Deloitte & Touche's T
ampa, Florida office with responsibility for delivering security consulting, sys
tems design and integration services with a current Top Secret, SCI access eligi
bility security clearance. Mr. Chmiel has more than 30 years of accomplished le
adership, intelligence, and information security experience, including positions
of increased leadership and technical responsibility within the United States A
rmy's counterintelligence community. Mr. Chmiel specializes in Government Infor
mation Assurance practices including privacy, Federal Information Security Manag
ement Act (FISMA) requirements, the Certification and Accreditation (C&A) proces
s using NIACAP, DITSCAP, and NIST processes. He designs and develops related req
uired security documents including, but not limited to risk assessment reports,
system security plans, security self-assessments. Larry was also instrumental i
n developing Deloitte's Identity Theft Risk Assessment Methodology and implement
ing it in the Internal Revenue Service. Mr. Chmiel has performed numerous secur
ity policy reviews and developed security policies for federal agencies. Larry
served as Information System Security Manager for several major Government contr
acts including contracts for the Veteran's Administration, the Federal Aviation
Authority, and the Federal Bureau of Investigation. In addition, he has provide
d security consulting for other Federal Government agencies such as the Departme
nt of Justice and the Social Security Administration
PROFESSIONAL EXPERIENCE
Security and Privacy Consulting, LLC, Tampa, Florida
January 2009 - Present
Mr. Chmiel formed Security and Privacy Consulting, LLC in January 2009. My curre
nt contract is providing Certification and Accreditation support to the Internal
Revenue Service where he is responsible for the providing all the required C&A
documentation for multiple applications in support of the IRS FY 2009 and 2010 F
ISMA efforts.
Internal Revenue Service (IRS)-FISMA Compliance
*Served as a lead in producing all IRS required C&A artifacts for multiple major
applications in support of the IRS FISMA 2009 and 2010 reporting year.
*Developed C&A SOP for in the Certification and Accreditation Office.
*Developed SAR SOP.
*Developed desk side user guide for selected NIST SP 800-53 security controls to
provide users a better understanding of the control requirements when building
C&A security artifacts.
Department of the Treasury
*Conducted a NIST based Security Test and Evaluation assessments on multiple tec
hnologies for the Treasury TNet, a GSS consisting of 44 separate technologies.
Premiere Credit of North America, ConServe Collection Management System, Financi
al Asset Management Systems
*Conducted a NIST based Security Test and Evaluation assessment on the Premiere
Credit, ConServe Collection Management System, and Financial Asset Management Sy
stems, Department of Education computing environments. Produced and executed th
e assessment plan, developed the Security Assessment Report, and assisted each a
gency in developing appropriate Plan of Action and Milestones for identified vul
nerabilities.
Deloitte & Touche, LLP, Tampa, FL
May 2004 - December 2008, Senior Manager
Responsible for delivering security consulting systems design and integration se
rvices and specialize in Government information assurance practices including pr
ivacy, Federal Information Security Management Act (FISMA) requirements, the Cer
tification and Accreditation process using NIACAP, DITSCAP, and NIST processes.
He designs and develops related required security documents including, but not l
imited to risk assessment reports, system security plans, security self-assessme
nts.
Internal Revenue Service (IRS)-FISMA Compliance
*Served as the senior security representative and team lead for the Certificatio
n and Accreditation (C&A) and Application Categorization Teams.
*Lead team in completing required C&A documentation for 20 Wage & Investment (W&
I)Major Applications.
*Lead team in conducting analysis on 88 applications on compliance with NIST and
OMB system and classification guidance.
*Provided FISMA and general C&A advice and assistance.
*Designed, developed, and presented FISMA and C&A ten 16-hour training sessions
for over 200 W&I stakeholders and application owners.
*Designed and developed role-based FISMA intermediate level training for key W&I
staff.
*Designed and developed FISMA and C&A training for the W&I Designated Approving
Authorities.
*Developed specific training for Security Test and Evaluation processes for key
W&I stakeholders
Internal Revenue Service (IRS)-Identity Theft Risk Assessment
*Served as the senior security representative and team lead for the Assessment T
eam.
*Conducted multiple interviews and workshops in support of the Data Collection T
eam.
*Primary author for the assessment methodology. Supported development of data g
athering tools and templates.
Internal Revenue Service (IRS)-NIST Training
*Conducted multiple security training sessions for selected IRS personnel with v
arious Certification and Accreditation (C&A) responsibilities. The training inc
luded a detailed review of the National Institute of Standards and Technology's
C&A process and methodology. The training included a detailed review of the fol
lowing selected NIST standards and special publications.
Federal Information Processing Standards (FIPS) 199, Standards for the Security
Categorization of Federal Information Systems
FIPS 200 (Draft), Minimum Security Requirements for Federal Information Technolo
gy Systems
NIST Special Publication (SP) 800-15, Information Technology Security Training R
equirements
NIST SP 800-18, Guide for Developing Security Plans for Information Technology S
ystems
NIST SP 800-26, Security Self-Assessment Guide for Information Technology System
s
NIST SP 800-30, Risk Management Guide for Information Technology Systems
NIST SP 800-34, Contingency Planning Guide for Information Technology Systems
NIST SP 800-37, Guide for the Security Certification and Accreditation of Inform
ation Technology Systems
NIST SP 800-53, Recommended Security Controls for Federal Information Systems
NIST SP 800-53A (Draft), Guide for Assessing the Security Controls in Federal In
formation Systems
Social Security Administration (SSA)-Certification and Accreditation and FISMA R
eporting
*Developed and presented 2 16-hour training sessions for application owners, C&A
managers, and other key SSA stakeholders
*Developed and presented 2 2-hour executive level C&A requirements and responsib
ilities for senor SSA managers and directors.
*Conducted multiple Certification and Accreditation efforts on the behalf of the
Social Security Administration for 20 general support systems and major applica
tions for Fiscal Years 2004-2005.
*Prepared the Social Security Administration FISMA Report to the Office of Manag
ement and Budget on the behalf of the SSA Chief Information Officer for Fiscal Y
ears 2004 and 2005.
*Assisted SSA staff in completing annual Security Self Assessments in accordance
NIST guidance in support of mandatory annual FISMA requirements.
*Lead team in developing a standard process for the conduct of Security Test and
Evaluations for Social Security General Support Systems and Major Applications
Arrow Electronics-Security Framework
*Lead team in building an appropriate security framework for a Arrow Electronics
including their global security policy and standards for information security.
United States Department of Treasury-Operations Support
*Led team in building process flow documents for nine security provisioning tool
s used by the Department of Treasury, Financial Management Systems.
*Served as the project manager for operations support team responsible for provi
sioning internal and external resources requiring access to Department of Treasu
ry information resources.
Department of Homeland Security-Information Systems Security Officer
*Developed SSP and Risk Traceability Matrix for the DHS OneNetwork backbone that
led to the timely accreditation of the environment providing for a saving of $1
67,000 per week in associated circuit costs.
*Served as the Information System Security Officer for the Department of Homelan
d Security OneNetwork backbone
*Senior Information Assurance representative on the Deloitte & Touche team for t
he Department of Homeland Security Information Transformation Program providing
subject matter consulting to both the Deloitte & Touche project team and the Dep
artment
Lockheed Martin, Elkridge, MD
2003-2004, Manager/Senior Information Assurance Consultant
*Provided program management, oversight, subject matter expertise, and senior le
vel consulting to Lockheed Martin Information Assurance Operations and Programs.

Sprint, Herndon VA
2001-2003, Group Manager -Data Security Operations
*Provided all aspects of security support throughout the lifecycle of Sprint's G
overnment Systems Division and Sprint's Federal Solutions Team, including networ
k security consulting, sales support, contract and proposal review, risk analysi
s, security requirement development, security engineering review, and interfacin
g with other corporate security groups. Served as a program manager for numerou
s classified programs with multiple government agencies. Delivered specific gov
ernment INFOSEC instruction to all Sprint associates. Directs the design and im
plementation of security network infrastructure in support of either DITSCAP or
NIACAP certification and accreditation requirements.
Network Security Technology (NETSEC), Herndon, VA
2000-2001 - Director-Emergency Response & Attack Laboratory
*Responsible for defining the business requirements, the design, and constructio
n of the NETSEC Emergency Response and Attack Laboratory in support of NETSEC se
curity services offerings. Controlled the laboratory budget and supervised labo
ratory personnel in daily operations.
ACS Defense, Inc, Elkridge, MD
1999-2000 Program Manager-Network Risk Assessments
*Oversaw the design, development, and implementation of a corporate risk assessm
ent program that supported commercial and government clients. Designed the infr
astructure and procured all resources required to build and staff the attack/def
end laboratory, which supported risk assessments and penetration testing. Super
vised 14 network security engineers and research analysts. Provided costing inf
ormation and directed all network security assessment and training efforts. Com
posed the key technical portions of various government and commercial proposals.
United States Government, Fort Meade, MD
1997-1999, Director, Army Information Warfare Branch
*Served as the director and senior technical advisor for the Army's only counter
intelligence investigative information warfare activity; supervised 40 counterin
telligence agents. Planned, coordinated, and executed investigations involving
security compromises of Army information systems worldwide and supervised forens
ic analyses of computer media.
ManTech Systems Engineering Company, Alexandria, VA
1996-1997, Senior Project Manager
*Promoted to Senior Project Manager to assume responsibility for a faltering pro
gram; within just six months, designed, implemented, and managed a development p
rogram that ensured all multimedia training courseware for the United States Arm
y was developed and delivered on time and under budget.
United States Army, Various Locations 1975-1996
1994-1996, Senior Enlisted Advisor
*Functioned as the principal advisor to the commander of a 620-person unit with
elements located in 29 detachments located throughout the continental United Sta
tes and Puerto Rico.
1993-1994, Group Operations Sergeant
*Served as senior technical advisor to the group operation's officer. Monitored
the daily operational and administrative activities of a 57-person section and
managed personnel within four divisions.
1988-1992, Technical Surveillance Countermeasures (TSCM) Special Agent
*Detected and neutralized technical listening devices in sensitive DoD and contr
actor facilities in the United States and Central and South America. Offered re
commendations for improving the technical, personnel, and physical security of s
ensitive facilities, and provided pre-construction advice and assistance to ensu
re that new facilities met physical and technical security standards.
1985-1988, Instructor/Writer
*Served as the chief instructor of various intelligence courses; developed count
erintelligence doctrine and instruction on the intelligence aspects of terrorism
counteraction operations.
1981-1985, Senior Counterintelligence Agent
*Conducted a variety of counterintelligence and counterespionage investigations.
Offered security advice and assistance to supported commands. Conducted inter
views and inquiries into reported Subversion and Espionage Directed Against the
US Army (SAEDA) incidents and submitted intelligence reports. Screened prospect
ive counterintelligence agents.
EDUCATION
Strayer University
BS in Computer Networks, Summa Cum Laude, June 2005
University of the State of New York
BS in Political Science, Cum Laude, November 1996
Defense Intelligence College,
Diploma in Strategic Intelligence, 1993
Defense Language Institute, July 1983
Diploma in Spanish
Saint Leo College
Associate of Arts in Criminal Justice, 1984
Certified Technical Surveillance Countermeasures Technician
Certified Information Security System Professional (CISSP)
Certified in the National Security Agency Information Assessment Methodology (IA
M)
Qualified BS 1799 Auditor
Certified Instructor, Department of the Army
ASSOCIATIONS
Information System Audit and Control Association Member
Computer Security Institute Member

CLEARANCE
TOP SECRET