Security Risk and the Software Supply Chain
Karen Mercedes Goertzel, CISSP, leads Booz Allen HamiltonÕs Security Research Service. As a subject matter expert in software safety and security assurance, information technology supply chain security risk management, cyber security, information assurance (IA), she has supported the Defense Technical Information Center (DTIC) Information Assurance Technology Analysis Center (IATAC), the Office of the Director of Defense Research and Engineering (DDR&E) Cyber Security and Systems Engineering divisions, the Department of Homeland Security (DHS) Software Assurance Program, Naval Sea Systems Command (NAVSEA) Naval Ordnance Safety and Security Activity (NOSSA), National Aeronautics & Space Administration (NASA) Goddard Space Flight Center, the National Security Agency (NSA) Center for Assured Software, the National Institute of Standards and Technology (NIST) Computer Security Resource Center (CSRC), and the Defense Information Systems Agency (DISA) IA Executive, Global Information Grid Enterprise Services Engineering Directorate, and Application Security Program, among other defense and civilian organizations. Ms. Goertzel has published, presented, and taught widely on software safety and security, the insider threat to information systems, malicious code, cross-domain information sharing, and security of Social Media, Web 1.0/Web 2.0/Web services and Cloud Computing applications, as well as on "emerging" technologies such as computer immunology and autonomic computing. She was a lead author and editor of several IATAC state-of-the-art reports (SOARs) and IA Tools Reports, including Security Risk Management for the Off-the-Shelf Information and Communications Technology Supply Chain, The Insider Threat to Information Systems, Software Security Assurance, and Malware, and contributing author the IATAC SOAR Cyber Security and Information Assurance Measurement and Metrics. She was also contributing author to several NIST Special Publications (SPs), and has written extensive software assurance and application security guidance for DHS, NASA, DISA, NSA, Dept. of State, and other departments and agencies. Her articles have appeared in CrossTalk: The Journal of Defense Software Engineering, The Journal of System Safety, the International Council on Systems EngineeringÕs (INCOSE) Insight, ExecutiveBrief, the IATACÕs IAnewsletter, and other publications. Before joining Booz Allen [as an employee of what is now British Aerospace Engineering (BAE) Systems], Ms. Goertzel was a pre-sales technical consultant specializing in high-assurance systems and cross-domain solutions, in which capacity she performed requirements analyses and architectural designs for defense and civilian government organizations in the U.S., North Atlantic Treaty Organization (NATO), Canada, and Australia.