About Us

Our mission

Elfsec was founded to help executives and decision makers proactively manage information technology concerns at the enterprise level. We believe security cannot be boxed away; it is integral to the ecosystem of every organization and must be managed as any other enterprise business risk. Although most organizations rely on technology to achieve their goals, not all organizations have the competencies needed to implement, oversee, and manage the technologies that support them. We bring the knowledge and experience to help organizations manage inherent technology risks and realize the full potential of their technology investments.   

Support for your business goals

Even if your business is cyber security,  value generation is your first priority and that leaves little bandwidth and resources to manage internal risks. The dynamic nature of the risk environment can present significant distractions from core mission and specialized skills that may not be available in-house. Elfsec can help design and implement sustainable policies and procedures, grounded on best-in-class methodologies and guidance, to address both cyber security threats and business risks. Whether you need assistance with limited scope issues or the complete implementation of your security program, we keep our focus on your overall operational environment to understand how our services fit into your full risk profile. Elfsec can assist with all your information security needs throughout your systems life cycle, including security risks inherent to your industry and regulatory requirements, selected technology solutions, supply chain, and external third-party ecosystem. 

At Elfsec, we are passionate about applying new perspectives to your technical challenges. We leverage the latest information security thought leadership to address your security program and IT risk management needs. Our solid technical foundation and broad experience also give us the ability to engage a variety of stakeholders to achieve mission success. We bring:  

  • 12 years in cyber security research and standards development 
  • 16 years of Big Four experience
  • Vast experience providing cyber security services to all branches of the U.S. Federal Government and companies supporting Federal clients. 

Our leadership

Through Elfsec, we can help executives understand and weigh the benefits of technology solutions against realistic risk profiles, identify effective risk mitigation strategies, and factor technology risk in enterprise risk management decisions. Leveraging my past experience, we are also focusing on companies that provide services to the Federal Government, but that need assistance with their own security and that of the systems and data they use to serve their clients. I have provided these services to companies before and feel there still are many unmet needs.” – Noel A Nazario, President at Elfsec Llc  

Noel A. Nazario, President


  • Federal Information System Controls Audit Manual (FISCAM)
  • Federal Information Security Management Act (FISMA) Audits
  • Federal Risk and Authorization Management Program (FedRAMP)
  • Federal IT Risk Management Framework (RMF)
  • Continuity of Operations and Contingency Planning
  • Protection of Controlled Unclassified Information (CUI)
  • Public Key Infrastructure (PKI)
  • Cross functional communications
  • Technology assessments
  • Strategic planning
  • Technology policy
  • Technical training
  • Technical writing
  • Coaching/mentoring

Professional Experience

Elfsec, Washington, DC 6/2017 - Present 


Grant Thornton LLP, Alexandria, VA 2/2016 - 6/2017 


Member of the executive team leading market facing and service delivery efforts for civilian, defense, intelligence, and commercial sectors. Focused on FISMA related advisory and assessment services for Federal civilian agencies and helping commercial clients comply with Federal cyber security requirements and manage risks related to audits, assessments, and regulatory inspections.

Ernst & Young LLP, McLean, VA 5/2012 - 11/2015 

Senior Manager

Lead Cyber Security Program Management competency for the Federal Civilian Market Segment. Strengthen EY’s brand as a cyber security company in the Federal marketplace. Develop teams with cyber security skills to better serve Federal agencies and industry clients that offer products and services to Federal agencies. Advise clients on the implementation of the Federal IT Risk Management Framework (RMF) and lead personnel documenting security controls, tracking remediation activities, and supporting system stakeholders throughout continuous security monitoring activities. Develop FedRAMP Third Party Assessment Organization (3PAO) services. Manage, train, evaluate, and mentor personnel, organize professional conferences, and present on cyber security and related topics 

KPMG LLP, McLean, VA  07/1999 - 04/2012 

Manager (9/2004 – 4/2012)

Lead IT controls assessments and support financial audits for various federal Agencies and Departments. Conduct IT controls and security assessment training. Support initial deployment of the Federal Public Key Infrastructure (PKI) Bridge Certification Authority (CA) (FBCA) and enabled its cross certification with the first three Federal CAs. Represent KPMG on the Board of Directors of ISACA National Capital Area Chapter (NCAC) and lead the Certified Information Systems Auditor (CISA) Training program. Hold leadership roles within the KPMG Hispanic-Latino Network and the Association of Latino Professionals for America (ALPFA). 

Senior Associate (7/1999 – 8/2004)

Conduct IT assessments supporting financial audits and internal controls assessments for the Department of Housing and Urban Development (HUD), AmeriCorps and others. PKI consulting services for the State of Pennsylvania Justice Network to facilitate access to shared law enforcement data, startup companies offering electronic payments, and the Self-Administered Region (SAR) of Hong Kong regarding its Electronics Transactions Ordinance (law), which provided legal standing to digital signatures. Co-authored and published a PKI implementation and evaluation paper in the International Compact Journal in The Netherlands.

National Institute of Standards and Technology (NIST), Gaithersburg, MD  8/1986 – 6/1999 

Electronics Engineer    

Conduct protocol analyses and interoperability demonstrations for secure network communications protocols (SP3 and SP4). Coordinate technology consensus and interoperability agreements and established a security objects registration process to spur the adoption of secure communication protocols and related technologies. Develop early PKI management approaches that evolved into the Internet Engineering Task Force (IETF) Request for Comments (RFC) 2527 for PKI components and Certification Practices Statements (CPS). Co-developed the Minimum Interoperability Specification for PKI Components (MISPC). Lead the development of the Federal Information Processing Standard (FIPS) 188 – Standard Security Label for Information Transfer and Institute of Electrical and Electronic Engineers (IEEE) Standard Interoperable LAN/MAN Security (SILS) 802.10 g (Security Label).  Represent NIST in multiple technical conferences through numerous presentations and technical demonstrations.      


    MS, Computer Science  

The Johns Hopkins University, Baltimore, MD

    BS, Computer Engineering  

The University of Puerto Rico School of Engineering, Mayaguez, PR

Certifications         Certified Information Security Manager (CISM) 

  • Previously held Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Controls (CRISC), Certified Information Systems Auditor (CISA), and ISO 27001 Lead Auditor designations.

Additional Training 

  • Mobile Technology Security
  • Cloud Systems Security and Audit
  • SAP Security Audit
  • Certified Government Financial Management (CGFM)
  • Program Management Body of Knowledge (PMBOK)

Professional Affiliations 

  • ISACA Greater Washington DC (GWDC) Area Chapter
  • Association of Government Accountants (AGA)
  • International Information Systems Security Certification Consortium (ISC2)
  • Institute of Electrical and Electronic Engineers (IEEE)
  • The Armed Forces Communications and Electronics Association (AFCEA)