Joseph S R de Saram has significant expertise in the fields of Information Security Architecture, Intelligence Analysis and Digital Forensics. Areas of specialisation include the conceptualisation and design of wide area distributed systems, advanced neural networks, and strong cryptographics. Proven thought leadership, business development and technical mindset have evolved over thirty years.
Proficient, hardworking and focussed, Joseph is able to optimise and greatly enhance existing methodologies by extremely rapid assimilation of new material and modification of structured procedures. He achieves organisational competency through enforcing tough deadlines and rationalisation, and motivating co-workers to optimum efficiency.
Furthermore Joseph’s successful management of clandestine operations from design to delivery in terms of confidentiality, integrity and availability have led to significant improvements in the quality and performance of Intelligence, Surveillance, and Reconnaissance (C4ISR) aspects.
To provide robust intellect to Aerospace & Defense contracting organisations (including under limited access authorizations) within extremely challenging environments, which demand neoteric solutions. Strong engineering acumen must be a prerequisite, with few limits to remuneration.
The directive is specific to those individuals or agencies who have privileged access to DoD systems.
Persons who come under the directive include contractors and consultants as well as part-time or full-time military personnel who perform Information Assurance roles and functions. Personnel affected by DoD 8570 have to be trained according to the directive and also certified against specific skills sets and roles. The types of roles that DoD 8570 describes are those responsible for the protection of vital information that is in the nation’s interests.
NOTE: DoD 8570 will eventually be replaced by DoD 8140. However, at the time of writing the manual for DoD 8140 is yet to be published. Creation of manuals for DoD directives often take several years, and until such a time as the directive is documented, DoD 8570 will remain the key directive for the Information Assurance workforce at the DoD.
What is the DoD IAT?
The DoD is a highly structured organization with a distinct hierarchy. The overarching structure for IA at the DoD is called the “Information Assurance Workforce, Workforce Improvement Program” (IA WIP). Within this workforce umbrella are two separate categories called Information Assurance Technical (IAT) and Information Assurance Management (IAM).
What is the DoD IAT Levels?
Within the IAT category are three category levels:
Level 1: Computing environment information assurance.
Level 2: Network environment information assurance.
Level 3: Enclave, advanced network and computer information assurance.
The category levels reflect the system architecture and not the grade of the individual working in that area. Within each level are sublevels that represent the attainment grade of the individual. These attainment levels are:
Each level has a set of functions within it. For example:
Level 1 has functions such as install and operate IT systems, apply security procedures, and enter assets into a vulnerability management system.
Level 2 has functions such as provide end user support, manage user accounts and analyze system performance.
Level 3 has functions such as lead teams and support actions to mitigate problems and direct operational structures and processes.
Any persons wishing to work within these IAT levels must be certified to the correct level for the function they perform within a category. The IAT categories are cumulative, if you want to work at a Level 2 you need to have mastered Level 1.
How Can I Identify Who’s in the IAT Workforce?
Workers in an IAT role have privileged access to one or more category levels in a DoD environment. They also possess the right level of certification and functional requirements of the position. To identify a member of the IAT workforce, the individual needs to have:
Privileged access to a Level 1-3 system – this is achieved by meeting certain requirements, including having the proper certification for that level. A position that practices some of the functions required for the level.
Typical entities covered by the IA WIP include:
The United States Department of Defense (DoD) hosts a number of directives that set out the requirements of their workforce. DoD 8570, which is titled “Information Assurance Workforce Improvement Program,” describes the expectations of the DoD in terms of required training, certification and management of DoD workforce members carrying out Information Assurance (IA) duties.
Higher level CSSP and IASAE certifications do not satisfy lower level requirements:
The DoD IASAE covers the requirements for the Information Assurance architecture and engineering areas (IA System Architects and Engineers) as stated by DoD 8570.01-M (manual), which defines the certification paths for Information Assurance (IA) professionals. Due to these requirements, personnel must acquire and maintain certifications within their professional track in order to sustain their positions.
IA architects and engineers are responsible for designing and securing information systems architectures. These individuals are expected to know the best way to protect networks through the implementation of firewalls, virtual private networks (VPNs), antivirus software, intrusion detection/prevention systems (IDS/IPS), border gateways, switches, routers and more. They are also expected to understand the best way to secure interfaces, applications, servers, databases and other system components.
Some job titles for IASAE professionals include:
Joseph S R de Saram CISSP FBCS MIEEE MIScT MINCOSE MACS Snr CP