James BallDivision Manager
Mr. Ball has over 25 years of telecommunication, engineering, cybersecurity, and technical experience in the life cycle development of various electronic and cybersecurity systems. He is a Certified Information Systems Security Professional (CISSP), Fully Qualified Navy Validator, and manages multiple teams of specialized experts that handle complex cybersecurity projects for the Department of Defense and other U.S. Government agencies. He has collaborated with teams at the Defense Information Systems Agency (DISA), National Security Agency (NSA), and the Department of Defense (DoD) to engineer, develop, manage, and secure complex network architectures for worldwide encrypted communication links. He authored the U. S. Navy Defense Information Infrastructure (DII) Guard Migration Plan and managed the Navy’s process for transferring the worldwide Navy Defense Messaging System DII Guard assets and message traffic to the DISA DII Guard Enterprise Solution. He has a successful track record conducting the research and development for enterprise systems, and developing network and systems architectures and cybersecurity requirements for DoD communication sites. His leadership in cybersecurity and information assurance provided seamless integration of IT systems to the DoD, Department of Homeland Security (DHS), and DISA that fully comply with the DoD Risk Management Framework (NIST SP 800-37). He has an extensive background and experience developing and presenting system security requirements, designs, proposals, technical papers, and briefs for the DHS, U.S. Coast Guard, U. S. Navy, Marine Corps, and Joint Services. Mr. Ball manages the Cyber and IT divisions of MANDEX, Inc. and is currently pursuing his PhD in Management and Decision Sciences, with a thesis on “Using Data Analytics to Predict Intrusions.”
By identifying, quantifying and categorizing your risks, you are better able to mitigate those risks, while increasing your security posture and improving your ROI to stakeholders.
The implementation of a robust defense-in-depth methodology can reduce the risk of data/network compromise within a critical infrastructure (CI). Through the systematic identification, quantification , and categorization, you can determine effective mitigation strategies. This approach allows you to effectively allocate limited resources to critical, high-impact areas.
In this session:
2.Process: repeatable, institutionalized process, not an ad hoc solution or one-time fix.
a.Process aligns with federal framework
3.Pre-incident cost vs. Post-incident cost