AIMD: Leighton Johnson served as project study lead for First Responder RF Spectrum study activities, which include interfacing with both military and civilian first responder and HAZMAT organizations, data collection and evaluation, database table creation, coding and data loading, scenario development and simulation execution for study analyses and evaluations. Performed interfacing activities with federal, state, and local governmental organizations in first responder, homeland security, WMD and crisis management areas. In addition, Leighton provided support as the functional requirements project lead and support database administrator for the development and operation of the Spectrum Analysis and Modeling System (SAMS) modeling and simulation tool for the U.S. Army Spectrum Management Office. Leighton served as Branch Subject Matter Experts for all information Operations, Information Assurance, and Computer Security simulation-based activities. Leighton developed and presented office, OPNET model and system briefings, seminars and presentations to national and international technical, simulation and managerial conferences during the entire course of this contract from 1999 to 2004.

PENREN SWLAN: Leighton Johnson served as the lead wireless communication IA expert for the Secure Wireless LAN project for the Pentagon Renovation and Construction Office (PENREN) . The project includes installation, testing and spectrum analysis & evaluation for SWLAN connected wireless laptops for senior executive clients. All devices operate in the standard IEEE 802.11B frequency spectrum with some additional government-mandated security enhancements. Test and evaluation encompassed frequency spectrum analysis of radio baseband “footprint”, “war-driving” efforts, and other radio-based tests.. Leighton also provided user training on the SWLAN for users and support personnel.

WHS: Leighton Johnson oversaw the performance of security personnel updating and maintaining the security posture for all workstations and servers for the Information Assurance Officer, Information Technology Management Directorate. ISFMT supported the WHS Information Assurance Division (IAD), the Chief Information Officer (CIO) and the Designated Approving Authority (DAA), in the IA operations, assessment, documentation, development, technical review, and certification and accreditation for the Washington Headquarters Services 9 directorates, which serve as the main support elements for all support activities within the National Capital Region for the Department of Defense.

Updating and maintaining the security providing policy and procedural guidance and recommendations as needed or requested, updating the DISA based vulnerability Management System for all assigned equipments and systems with current status, patch levels, Plans of Actions & Milestones, and actual day to day security operations of the IASO cross-domain assigned staff, which number 11 and are from multiple staffing vendors and government personnel.

Created and implemented the following:

•  Operation (transition, implementation) plan for IAVA, VMS, INFOCON, SRR, Security Planning, Security Policy Development, and Security Engineering programs
•  Administer the IAVA, VMS, INFOCON, SRR, Security Planning, Security Policy Development, and Security Engineering programs
•  Draft, edit and staff Security Policies, Procedures and Supplemental Guidance
•  Distribute, schedule, coordinate, install, test, and verify all IAVA and SRR service pack updates, fixes and patches to ensure compliance with DISA requirements and recommendations do not infringe on the functionality of the infrastructure.
•  Track Directorates status of all IAVA alerts and SRR findings issued for adherence to recommended or required compliance
•  Serve as the Technical Point of Contact (POC) and provide guidance for queries, questions, and training in Windows, Unix Operating systems, Host, Client software, and Network security
•  Development and maintenance of Websites and databases supporting IA and security related issues.

Riverside : ISFMT preformed a Wireless Network Audit on the City of Riverside , State of California . Ascertain the performance of the mesh point wireless radio network for the city's pilot area to determine. The consultants presume the network is not loaded with users; consequently, the consultants propose to up-down load large files to and from one of the City's network servers to asses load and data transfer rates. A spectrum analyzer will be used to measure mesh point RF signal strength.

OALJ: ISFMT audited the entire infrastructure for the Office of Administration Law Judges, US Department of Labor by performing Information Security Certification and Accreditation FISMA review. The audit included the servers, workstations, network, policies, procedures, and user activities in accordance with DOL and NIST federal guidelines. 1 Major Application and 1 General Service System were reviewed. Systems Audit included user interviews, documentation review and modification, as well as vulnerability scanning, penetration testing and security controls assessments. Produce C&A documentation reports, ATO recommendations and supporting documentation. Provided ATO briefing to OALJ DAA and received successful ATO recommendations for both systems reviewed.

E-Judication: ISFMT audited the new system and supporting infrastructure for the E-Judication Program, US Department of Labor by performing Information Security Certification and Accreditation FISMA review. The audit included the servers, workstations, network, policies, procedures, and user activities in accordance with DOL and NIST federal guidelines. E-Judication is the combination Law Case tracking system for 5 agencies within the Department of Labor. System Audit included user interviews, documentation review and modification, as well as vulnerability scanning, specialized web application vulnerability scanning and security controls assessments. Produced C&A documentation reports, ATO recommendations and supporting documentation. Provided ATO briefing to E-Judication DAA and received successful ATO recommendations for system reviewed. Our staff also provided specialized web-based remediation recommendations.

TMI: ISFMT created and developed the Data Exchange System Security Plan (SSP) under a subcontract to Tec-Masters, Inc. for their NASA customer in Huntsville , AL. Performed gap analysis and developed SSP in accordance with NIST and NASA guidelines and procedures. Review of security controls, development of system security requirements, and documentation of actual security controls implementation were all conducted during this effort.

DCDS: ISFMT performed an Information Security C&A Development effort (DIACAP) Review of the new Apple-based Digital Content Delivery System (DCDS) and supporting infrastructure for the OCIO office of the US Army Signal Center at Ft. Gordon , GA. The DCDS C&A project included reviews of

12 servers, the Apple Leopard Server Operating System, the DCDS backbone network, three additional web-based applications for content delivery, the DCDS security policies, user and administrative procedures, and user activities in accordance with US Army, DOD, FISMA and NIST federal guidelines.

DCDS is a multimedia content recording and content delivery system designed to delivery podcasts, web blogging and streaming video training products to soldiers anywhere in the world, anytime the training content is requested,

System Review included
•  user interviews,
•  DIACAP (DOD Information Assurance Certification and Accreditation Program) documentation creation,
•  Certificate of Networthiness recommendations for approval of DCDS to reside on the US Army backbone network
•  System, application and server vulnerability scanning,
•  specialized web application vulnerability scanning
•  security controls assessments.

ISFMT produced DIACAP documentation (14 artifacts), specialized web-based remediation recommendations, IATO recommendations, the DCDS Risk Assessment and all supporting documentation.

Provided IATO briefing to US Army Signal Center DAA and received successful IATO recommendations for system reviewed.