Ulmar Security Consulting

Ulmar Security Consulting is about helping organizations to be successful by improving their security, focusing on two key areas.

The first is helping you define your security strategy. Security as it has been done in the past is not working, if it were, the number of security incidents would be decreasing instead of becoming a daily occurrence. It is time that businesses realize that security is not just about protecting the servers but is all-encompassing. You need to develop a strategy that can grow with the business and address the cyber risk across the organization, not just within IT. Ulmar Security Consulting strategy service is designed to help you transform your current security processes and strategy to one designed to meet future needs.

The second area is making sure that security projects (process or tools) are fully implemented. We have seen numerous examples where a company started out with good intention and drive on a project, only to have it never reach fruition. Some examples that we have personally have witnessed:

• A log management program that two years later is still considered to be in the experimental stage
• A suite of tools that were purchased but never deployed
• Tools or process that are only be used at 10% of their potential capacity
• Clients that want to get FedRAMP certification but a year later they are still discussing it (losing out on a potential new revenue stream)

The issue is project management. Not just someone keeping tabs on percentage of completion, but someone able to overcome the obstacles that invariably happen when implement technology in a network. At Ulmar Security we have the project management skills to manage the project, bring more than two decades of performing security project management engagements, along with the technical skills and expertise to devise solutions to complex technical problems.

Also we can help with obtaining the ATO for those interested in obtaining FISMA or FedRAMP certification for their cloud offering. We have been the engagement manager performing the assessment, for clients who successfully obtained their ATO for their cloud offering, and we have been the co-program manager for a FedRAMP 3PAO. We know what is needed to get the ATO. Not just from a documentation standpoint. We can help you design the security architecture for your cloud offering.

Ulmar Security Consulting is focused on making you succeed and we are looking for clients that need expertise to help their projects succeed. Our passion is to take a raw thought/idea and turn them into a tangible operational asset for our clients.

Joseph “Dan” Waggoner
President & Owner

Joseph “Dan” Waggoner has been involved with IT since 1986, first starting out as a bank's nighttime computer operator. Dan has since been a Chief Accounting Officer, VP Director of Technology, and consultant.

Relevant experience includes managing the penetration testing team for the first cloud provider to receive FISMA certification as well as assisting cloud providers obtain their ATO from the OPM.

Dan performed and managed penetration testing engagements from 1998 through 2014, then shifting his professional focus to helping clients with their security projects and issues. He has managed numerous projects of varying size and complexity. Responsibilities included interfacing with a variety of stakeholders (employees, consultants, and C-Suite), keeping the project on budget, manage changes, and providing project-level financial analyses.

Certifications:

• 1993 to present – CISA
• 2001 to present – CISSP
• 2005 to present – ISSAP
• 2018 to present - PMP

Speaking Appearances and Articles:

• "An Ounce of Prevention" (Threats to Computer systems and solutions)- Louisiana-Texas Credit Union League Supervisory Conference, New Orleans (1998)
• "Computer Security" Texas Credit Union League Supervisory Conference, San Antonio (1998)
• "Year 2000 Panel Discussion" Texas Credit Union League Annual Meeting, Panel Moderator Houston (1999)
• "Black Belt Techniques for Securing your Computer Systems" 66th Texas Credit Union League Annual meeting, April 28 2000, and Supervisory Conference, (2000)
• “12 CFR 748 Information Security PROGRAM” Texas Credit Union League Compliance Conference, (2001)
• “Introduction to Penetration Testing”, Grant Thornton, UK - United Kingdom (2008)
• “Performing a Business-Related Information Security Risk Assessment”, Rocky Mountain Information Security Conference (2009)
• “Hacker Evolution” (Quoted) Insight Magazine – Illinois CPA Society (August 2009)
• “Cloud computing security concerns” - Financial Executives Institute – IT committee (March 2014)
• “Panel Discussion – Mock Breach and Reaction to Breach” - Kansas City February 2016
• “RansomWare” - Great Western Bank – May 2016
• Core Advisory Training – Grant Thornton 2016 (2x) (3 day training for staff, Developed the Time Management module)
• “Panel Discussion – Social Engineering” & “Privacy Concerns” - TribalNet San Diego – October 2016
• “RansomWare” - ESC6 Huntsville TX – September 2016
• “CyberSecurity Program” - Dallas IIA Super Conference – October 2016
• "Cyber Bytes" New York State Bar Association - Monthly Column June 2018 to Present