Stephen Mencik

1002 Red Harvest Road
Gambrills, MD 21054
410-672-5859 (home)
443-995-9823 (cell)
steve@mencik.com

Summary

Mr. Mencik has more than 40 years of experience in INFOSEC system design, development, implementation and evaluation and is a Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional (ISSAP), and Information Systems Security Engineering Professional (ISSEP)

Employment Experience

CyberCore Technologies
Sr. Information Systems Security Engineer

01/09/2012 – present. Mr. Mencik is one of the senior ISSE’s supporting the Certification and Accreditation (C&A) organization at the National Security Agency (NSA). He provides consulting support to numerous programs to help them develop and understand security requirements, design solutions to meet those requirements, and ensure that all paperwork is completed to make the C&A process as easy as possible.

Raytheon

Sr. Principal Systems Engineer

02/04/2004 – 01/06/2012. Mr. Mencik was the Security Team Lead of the Enterprise Data Center program at the NSA. He was the security architect for the program and also led a team of five other ISSE’s that assisted the other teams on the program, and the programs that were data center tenants.

In support of the Information Assurance Directorate (IAD) of NSA, Mr. Mencik completed a Risk Assessment of a classified DoD computer Network. This assessment also included a series of recommendations for improving the security of this network.

He provided computer security architecture consulting to the Technology Directorate of the NSA. A security architecture for one of NSA’s partner’s networks was developed. Earlier he was the Security Architect for a large classified program. He developed the I&A controls for a system built upon a service-oriented architecture. These used WS-Security standards to provide a user’s security attributes to the services that mediated access to data. He also led the team of engineers that implemented all of the security features in the system. He personally developed all of the C&A documentation that led to a successful accreditation.

ACS Defense, Inc.
Senior Information Security (INFOSEC) Engineer

12/10/2001 – 02/03/2004. Provided computer and network security consulting services. This work included system architecture definition, systems engineering, security evaluation, risk management, and the development of security plans, policies and procedures. He also provided assistance with the NSA C&A process. He was the Security Architect on a proposal for a large classified intelligence system.

He also supported the IA Focus Group (IAFG) of the NSA Enterprise Standards Program (NESP). He performed research into standards being developed and those recently issued by ANSI, OSI, or industry groups such as OASIS that are related to Information Assurance and brought them to the IAFG for consideration of posting to the NESP Registry of Approved Standards.

IIT Research Institute - Lanham, Maryland
Senior Science Advisor

03/15/1999 - 12/07/2001. Provided computer and network security consulting to both the U.S. Government and private industry. This included system architecture definition, systems engineering, security evaluation, risk management, and developed security plans, policies and procedures.

Was the technical lead for the Independent Review of the FBI Carnivore (Internet wiretap tool.) He analyzed the system architecture of Carnivore for security problems, and recommended improvements. He also conducted extensive hands-on laboratory testing.

Performed INFOSEC assessments of the US Census Bureau and the National Institute on Aging, using the NSA-developed and Critical Infrastructure Assurance Office endorsed INFOSEC Assessment Methodology. These assessments were requested by these organizations to comply with PDD-63.

Was lead security engineer for the Airborne Communications Node. He designed a system of multiple single-level channels through the communications node, which allowed the device to operate with multiple levels of classified data, without all of the resultant design, certification and accreditation problems associated with multi-level security. 

Provided security consulting to the IRS for the Tele-Center Workforce Management System (TCWMS). This system allowed the IRS to more efficiently schedule the workforce, which operate the many call centers for taxpayer help. His efforts resulted in a final security accreditation for TCWMS. 

National Security Agency (NSA) - Fort George G. Meade, Maryland
Senior Computer Scientist

09/21/1998 – 03/12/1999.  NSA INFOSEC Program Integration Manager (PIM) for the Defense Message System (DMS). As PIM, he facilitated and coordinated the entire spectrum of NSA INFOSEC support to the DMS Program Management Office. This included managing, through $4 million/year contracts, all of the commercial vendors building DMS products, along with DISA and other NSA offices building DMS security products, to ensure interoperable and secure products. 

09/16/1996 – 09/18/1998. NSA INFOSEC representative to the Office of the Manager for the National Communications System. Provided technical consulting to the President's National Security Telecommunications Advisory Committee on a variety of issues. Led a working group, which assessed the state of computer and network Intrusion Detection systems, and in conjunction with the President's Commission on Critical Infrastructure Protection (PCCIP), led a Risk Assessment of the Transportation Information Infrastructure. 

10/23/1995 – 09/13/1996. Lead evaluator for the Electronic Key Management System. Discovered vulnerabilities and designed fixes for this system, which is used to distribute encryption, key material to United States forces worldwide. Documented all findings with technical reports. Also directed the work of more junior analysts working on this evaluation. 

03/20/1995 – 10/20/1995. Senior INFOSEC evaluator for the RADIANT MERCURY system. Performed a system design analysis, code analysis, and hands on security and penetration testing for this U.S. Navy fixed format message sanitizer and classification down-grader. Discovered several vulnerabilities, which would allow "root" access, and developed fixes for them. 

06/13/1994 – 03/17/1995. Technical Director for Security for the system architecture branch of the Multilevel Information System Security Initiative (MISSI). Analyzed the system for vulnerabilities and worked with system to develop secure solutions for multi-level secure systems. 

04/13/1992 – 06/10/1994. Senior evaluator for a division of more than 30 more junior analysts. Trained these analysts in computer system and network security evaluation. Applications evaluated included secure telephone conferencing systems, network encryption systems, trusted guards and others.

04/18/1988 – 04/10/1992. Supervisor for a group of 6 analysts doing security evaluations and research. Provided technical direction, managed travel and award budgets, wrote performance appraisals, developed training plans, and other managerial functions. Tasks included computer virus research, computer network attacks, NATO messaging systems, and key management. Also served as the U.S. representative to the NATO subgroup, which developed the NATO OSI Security Architecture (NOSA). 

Computer Sciences Corporation - Hanover, Maryland
Senior Computer Scientist

07/11/1983 – 04/15/1988. Designed and developed parts of the prototype EKMS for NSA. Specifically, designed the software for a custom circuit board, which performed translation of key material from bulk encrypted form to singly super-encrypted form. Programming was done in both C and 68020 assembler, and tested and debugged using an HP-64000 emulation system. Code developed included interrupt handlers, classified encryption algorithms, and inter-process communications protocols. He was also System Administrator for 5 UNIX systems that were part of the CSC development laboratory.

National Security Agency - Fort George G. Meade, Maryland 
Computer Systems Analyst

07/05/1981 – 06/10/1983. Charter member of the DoD (later National) Computer Security Center. Provided computer and network security evaluations for various DoD and other Government Agencies. Systems evaluated included the Defense Data Network, and the U.S. Treasury Automated Communications System.

Professional Certification

Certified Information Systems Security Professional (CISSP) - 1999

Information Systems Security Architecture Professional (ISSAP) - 2005

Information Systems Security Engineering Professional (ISSEP) – 2009

ISC2 ID# 10288 All expire November 2023

Education

MS Computer Science 1984
Johns Hopkins University - Baltimore, Maryland

BSICS (Information and Computer Science) 1981
Georgia Institute of Technology - Atlanta, Georgia 

Security Clearance 

Top Secret with Extended Background Investigation and NSA polygraph.

Honors

Granted title of Senior Member in both the INFOSEC and Computer Science disciplines of the NSA Technical Track program. 

Received many cash awards and letters of appreciation over the years.

Published Works

 

Data Mining – Critical Review & Technology Assessment Report (co-author), Published by Information Assurance Technology Analysis Center, 3/15/2000

Independent Technical Review of the Carnivore System (co-author – technical lead), Published by the IIT Research Institute for the Department of Justice, 12/8/2000.