About Us
Our mission
Elfsec was founded to help executives and decision makers proactively manage information technology concerns at the enterprise level. We believe security cannot be boxed away; it is integral to the ecosystem of every organization and must be managed as any other enterprise business risk. Although most organizations rely on technology to achieve their goals, not all organizations have the competencies needed to implement, oversee, and manage the technologies that support them. We bring the knowledge and experience to help organizations manage inherent technology risks and realize the full potential of their technology investments.
Support for your business goals
Even if your business is cyber security, value generation is your first priority and that leaves little bandwidth and resources to manage internal risks. The dynamic nature of the risk environment can present significant distractions from core mission and specialized skills that may not be available in-house. Elfsec can help design and implement sustainable policies and procedures, grounded on best-in-class methodologies and guidance, to address both cyber security threats and business risks. Whether you need assistance with limited scope issues or the complete implementation of your security program, we keep our focus on your overall operational environment to understand how our services fit into your full risk profile. Elfsec can assist with all your information security needs throughout your systems life cycle, including security risks inherent to your industry and regulatory requirements, selected technology solutions, supply chain, and external third-party ecosystem.
At Elfsec, we are passionate about applying new perspectives to your technical challenges. We leverage the latest information security thought leadership to address your security program and IT risk management needs. Our solid technical foundation and broad experience also give us the ability to engage a variety of stakeholders to achieve mission success. We bring:
- 12 years in cyber security research and standards development
- 16 years of Big Four experience
- Vast experience providing cyber security services to all branches of the U.S. Federal Government and companies supporting Federal clients.
Our leadership
“Through Elfsec, we help customers implement and maintain technology solutions that align with business strategy while adequately managing risk. Our customer-centric approach balances business objectives, risk tolerance, regulatory compliance, and resource availability to chart a realistic technology roadmap.
Leveraging our extensive knowledge and experience, we enable technology governance, risk , management, compliance, cybersecurity and privacy awareness, IT asset management, incident response, and continuous improvement. – Noel A. Nazario, Principal Advisor
Highlights
- IT Cybersecurity Program Development and Management. Research, development, and standardization of security technologies, including Public Key Infrastructure (PKI), Security Labels, and Secure Networking Protocols.
- Over 10 years developing security policies and supporting CIOs and CISOs in Government, Mass Transit, and Technology Services industries.
- Over 10 years auditing IT and Cybersecurity controls and assessing security compliance in accordance with Federal and Industry standards.
- Accredited Certified Information Security Manager (CISM) trainer since 2/2021.
- Enterprise IT Architecture. Led WMATA’s IT Architecture Review Board Lead for four years.
- Received Department of Commerce Bronze Medal for research and development work leading to the release of a Minimal Interoperability Specification for PKI Components.
- Worked for over 20 years with NIST IT Security Standards, Federal regulation compliance, IT audit, cybersecurity frameworks, secure data communications protocols, security labels, PKI, identity and access management, and privacy protection.
- Worked for over 20 years in roles of increased scope and responsibility in technology consulting and auditing as Manager, Senior Manager, and Director at KPMG, EY, and Grant Thornton.
- Professional credentials include: CISM and CDPSE. Previously held CISA (5/2002 - 12/2012), CISSP (5/2006 - 12/2012), ISO 27001 Lead Auditor (8/2007 - 12/2012), and CRISC (6/2011 - 12/2012).