Profiles search
Sean Lang
CISSP | Chief, IT Security Group/CISO
Ellicott City, MD, United States
Details
Experience:
Recruited to modernize the IT Security program and remediate long standing security concerns and has since :
Advised senior leadership and members of Congress on IT security threats and mitigation strategies.
Developed and executed a plan that significantly increased the Library’s security posture and ability to resolve advanced threats, thereby improving its reputation with the Committee on House Administration.
Managed a budget of over $10M.
Managed the deployment of the Library's multifactor authentication (MFA) solution. This included implementing a privilege access manager (PAM) and single sign-on functionality.
Led an initiative to disseminate threat indicators to 35 partnering organizations to increase the Library’s situational awareness.
Led the planning, design, and implementation of the IT security enhancement project, which created a Focus Operations team to combat advanced persistent threats (APT), upgraded the Security Operations Centers’ visibility in the Library’s networks and helped it become a true 24/7/365 operation.
Reviewed existing initiatives and contracts to identify potential areas of improvement and cost savings. For example, competed for the Library's penetration testing contract to realize a 30% savings over the existing contract without impacting performance; this resulted in an increase in IT security support and a reduction of the cost by $5M over the life of the contract.
Designed and implemented a continuous monitoring strategy to replace the existing Certification and Accreditation (C&A) process.
Increased leadership satisfaction by replacing existing triennial reporting with a continuous monitoring strategy to provide real-time threat and vulnerability for the enterprise.
Developed security policies and guidance for mobile computing, smartphones, cloud, application development, APT, and computer forensics.
2010 : Present
Library of Congress
Chief, IT Security Group/Chief Information Security Officer
2015 : 2022
Black Maria Designs
Co-Owner
Served as the Chief Information Security Officer for the Science and Technology directorate.
Acted in accordance with federal laws and DHS regulations, such as Federal Information Security Management Act (FISMA), DHS Management Directive 4300, and Intelligence Community Directives.
Led an initiative that brought the directorate’s FISMA score from an “E” and a steady state of a “B-” to an “A” with a steady state of an “A-”.
Served as S&T’s member on the DHS Chief Information Security Officer Council, which was responsible for shaping department IT security policy while ensuring the unique research mission of S&T was taken into consideration.
Planned, developed, and implemented security, systems, and IT policy changes.
Acted as a subject matter expert for IT security within S&T.
Advised senior leadership on security issues and provide daily statistical data.
Served as S&T’s representative to the Intelligence Systems Board and Focus Operations working groups.
Developed and implemented a plan for securing S&T’s laptops and Blackberry mobile devices when staff needed to travel overseas.
Developed a mobile IT travel policy and served as the subject matter expert on the team to garner acceptance of the policy by the Secretary of Homeland Security, Undersecretary for Management, and the DHS Chief Information Security Officer.
Acted as the Certifying Official for 40 systems, including 2 large, geographically-dispersed general support systems.
Reviewed certification and accreditation packages for S&T to ensure adherence to all government requirements; provided guidance to accrediting official on acceptable and unacceptable risks, based on confidentiality, integrity, and availability requirements.
Served as the Contracting Officer’s Technical Representative (COTR) for hardware/software and IT services contracts (worth over $9M), monitoring vendor/contractor performance.
2009 : 2010
US Department of Homeland Security
Chief, Information Security
Led numerous high-level security projects for various federal government and commercial clients. Select activities included :
Conducted penetration tests and analyzed vulnerability and assessment data for Support Anti-terrorism by Fostering Effective Technologies (SAFETY) Act portal for future penetration tests.
Advised DHS management on intelligence systems projects and initiatives, including system changes for enhanced security of client’s systems and to mitigate system vulnerabilities.
Reviewed certification and accreditation packages for clients (including DHS, the Patent and Trademark Office, and the Federal Bureau of Investigation (FBI)) to ensure adherence to all government requirements.
Developed a remote access and collaboration solutions using Microsoft SharePoint, Microsoft Exchange 2003, Microsoft Terminal Service, and Cisco Virtual Private Network (VPN) solution.
Established security controls for the accreditation for the system supporting a multi-million dollar, multi-year, classified program housed in a top secret Sensitive Compartmented Information Facility (SCIF).
Evaluated intrusion detection systems, locking devices, physical construction of facilities, and security plans and procedures, as a physical security inspector and advisor for the FBI.
Documented and disseminated security status and daily statistical data to senior security staff.
Standardized operations security (OPSEC) and information security (INFOSEC) requirements for personnel at a site with several government classified programs.
2006 : 2009
Missing Link Security
Director of Testing and Technical Services
Conducted application assessments for commercial and government clients using penetration testing and code analysis techniques.
Worked with financial customers to assure compliance with the Payment Card Industry (PCI) Data Security Standard and government regulations.
Trained commercial, government, and university clients to use the “Developing Secure Web Application” (a product of Aspect Security).
2005 : 2006
Aspect Security
Security Engineer
Advised senior leadership and members of Congress on IT security threats and mitigation strategies.
Developed and executed a plan that significantly increased the Library’s security posture and ability to resolve advanced threats, thereby improving its reputation with the Committee on House Administration.
Managed a budget of over $10M.
Managed the deployment of the Library's multifactor authentication (MFA) solution. This included implementing a privilege access manager (PAM) and single sign-on functionality.
Led an initiative to disseminate threat indicators to 35 partnering organizations to increase the Library’s situational awareness.
Led the planning, design, and implementation of the IT security enhancement project, which created a Focus Operations team to combat advanced persistent threats (APT), upgraded the Security Operations Centers’ visibility in the Library’s networks and helped it become a true 24/7/365 operation.
Reviewed existing initiatives and contracts to identify potential areas of improvement and cost savings. For example, competed for the Library's penetration testing contract to realize a 30% savings over the existing contract without impacting performance; this resulted in an increase in IT security support and a reduction of the cost by $5M over the life of the contract.
Designed and implemented a continuous monitoring strategy to replace the existing Certification and Accreditation (C&A) process.
Increased leadership satisfaction by replacing existing triennial reporting with a continuous monitoring strategy to provide real-time threat and vulnerability for the enterprise.
Developed security policies and guidance for mobile computing, smartphones, cloud, application development, APT, and computer forensics.
2010 : Present
Library of Congress
Chief, IT Security Group/Chief Information Security Officer
2015 : 2022
Black Maria Designs
Co-Owner
Served as the Chief Information Security Officer for the Science and Technology directorate.
Acted in accordance with federal laws and DHS regulations, such as Federal Information Security Management Act (FISMA), DHS Management Directive 4300, and Intelligence Community Directives.
Led an initiative that brought the directorate’s FISMA score from an “E” and a steady state of a “B-” to an “A” with a steady state of an “A-”.
Served as S&T’s member on the DHS Chief Information Security Officer Council, which was responsible for shaping department IT security policy while ensuring the unique research mission of S&T was taken into consideration.
Planned, developed, and implemented security, systems, and IT policy changes.
Acted as a subject matter expert for IT security within S&T.
Advised senior leadership on security issues and provide daily statistical data.
Served as S&T’s representative to the Intelligence Systems Board and Focus Operations working groups.
Developed and implemented a plan for securing S&T’s laptops and Blackberry mobile devices when staff needed to travel overseas.
Developed a mobile IT travel policy and served as the subject matter expert on the team to garner acceptance of the policy by the Secretary of Homeland Security, Undersecretary for Management, and the DHS Chief Information Security Officer.
Acted as the Certifying Official for 40 systems, including 2 large, geographically-dispersed general support systems.
Reviewed certification and accreditation packages for S&T to ensure adherence to all government requirements; provided guidance to accrediting official on acceptable and unacceptable risks, based on confidentiality, integrity, and availability requirements.
Served as the Contracting Officer’s Technical Representative (COTR) for hardware/software and IT services contracts (worth over $9M), monitoring vendor/contractor performance.
2009 : 2010
US Department of Homeland Security
Chief, Information Security
Led numerous high-level security projects for various federal government and commercial clients. Select activities included :
Conducted penetration tests and analyzed vulnerability and assessment data for Support Anti-terrorism by Fostering Effective Technologies (SAFETY) Act portal for future penetration tests.
Advised DHS management on intelligence systems projects and initiatives, including system changes for enhanced security of client’s systems and to mitigate system vulnerabilities.
Reviewed certification and accreditation packages for clients (including DHS, the Patent and Trademark Office, and the Federal Bureau of Investigation (FBI)) to ensure adherence to all government requirements.
Developed a remote access and collaboration solutions using Microsoft SharePoint, Microsoft Exchange 2003, Microsoft Terminal Service, and Cisco Virtual Private Network (VPN) solution.
Established security controls for the accreditation for the system supporting a multi-million dollar, multi-year, classified program housed in a top secret Sensitive Compartmented Information Facility (SCIF).
Evaluated intrusion detection systems, locking devices, physical construction of facilities, and security plans and procedures, as a physical security inspector and advisor for the FBI.
Documented and disseminated security status and daily statistical data to senior security staff.
Standardized operations security (OPSEC) and information security (INFOSEC) requirements for personnel at a site with several government classified programs.
2006 : 2009
Missing Link Security
Director of Testing and Technical Services
Conducted application assessments for commercial and government clients using penetration testing and code analysis techniques.
Worked with financial customers to assure compliance with the Payment Card Industry (PCI) Data Security Standard and government regulations.
Trained commercial, government, and university clients to use the “Developing Secure Web Application” (a product of Aspect Security).
2005 : 2006
Aspect Security
Security Engineer
Company:
Library of Congress
About
As the Chief Information Security Officer (CISO) for the Library of Congress, Sean is responsible for the IT Security of the nation's oldest federal cultural institution and serves as the research arm of Congress.
Sean has more than 14 years experience in IT Security. He specializes in penetration testing, application security, IT Security compliance, security architecture, and IT Security program development. Sean has worked in both the commercial and federal government sectors and spent considerable amount of time within the financial industry and DHS.
Prior to working at the Library of Congress, Sean was the CISO for DHS Science and Technology directorate, Director of Testing and Support Services for Missing Link Security, and Security Engineer for Aspect Security.
Profile Photo
