Karen Mercedes Goertzel, CISSP, is a subject-matter expert (SME) in software assurance, the insider threat to information systems, cross-domain information sharing, and information assurance and cyber security technologies and trends at Booz Allen Hamilton. She supports the DHS software assurance program, not least as lead author/editor of Enhancing the Development Life Cycle to Produce Secure Software. Ms. Goertzel coordinated the joint Information Assurance Technology Analysis Center (IATAC) and Data and Analysis Center for Software (DACS) state-of-the-art-report (SOAR) Software Security Assurance and the IATAC SOARs The Insider Threat to Information Systems and DoD Information Assurance (IA) and Computer Network Defense (CND) Strategies: A Comprehensive Review of Common Needs and Capability Gaps; she is currently a lead author of a new IATAC SOAR on security metrics. She was contributing author to the National Institute of Standards and Technology Special Publication 800-95, Guide to Secure Web Services,and editor and contributing author of the National Security Agency’s Guidance for Addressing Malicious Code Risk, and has been published several times in CrossTalk: The Journal of Defense Software Engineering and the IATAC IANewsletter.
As lead technologist for the Defense Information System Agency’s (DISA) Application Security Project from 2002-2004, she was the leading contributor to the DoD Application Security Developer’s Guides upon which the DISA’s Application and Development Security Technical Implementation Guide is largely based. As SME in IA and cyber security technology trends, she led the DoD’s IA Baseline, Architecture, and Roadmap effort in 2002-2005, and more recently contributed to the development the Deputy Undersecretary of Defense’s Defense Research and Engineering (DDR&E) Cyber Security and Information Assurance (CSIA) Roadmap. Ms. Goertzel also provides ongoing SME support to the INFOSEC Research Council.
Prior to joining Booz Allen Hamilton, Ms. Goertzel provided extensive support in the specification and evaluation of trusted systems and cross-domain information sharing architectures and solutions to defense, intelligence, and civil establishments in the United States, United Kingdom, Canada, Australia, and NATO.
Ms. Goertzel has written and presented on software assurance, insider threat, cross-domain solutions, and other security topics at numerous conferences and workshops.