May 5th, 2023

ACS: Driving Cybersecurity Excellence at DHS CISA Through PMO Leadership

Cybersecurity at the national level demands more than compliance—it requires vision, precision, and the ability to lead from the front. From August 2019 to May 2023, Assured Cyber Solutions, Inc. (ACS) served as a Program Management Office (PMO) contract industry partner, stakeholder, and cybersecurity subject matter expert leader, in support of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). Our role was more than fulfilling contractual obligations—we became a trusted partner, guiding national-level security initiatives, streamlining security assessment workflows, and raising the bar for federal, state, and commercial security standards.

Strategic Leadership at the Core

In our capacity roles as Blue Team Security Control Assessor Lead, Deputy Lead, and Security Solutions Architect, ACS not only managed highly skilled Security Control Assessor (SCA) teams but also shaped the strategic direction of CISA’s Specialized Security Service (SSS) Blue Team contract mission. We aligned PMO objectives with NIST, DHS, DISA, and federal policies, ensuring that assessment processes were efficient, repeatable, and tailored to the unique needs of each system owner. This leadership extended to executive stakeholder engagement across federal, state, local, and tribal entities, bringing diverse requirements into a unified, actionable security strategy.

Innovation in Continuous Monitoring

ACS designed and implemented NIST SP 800-137–compliant continuous monitoring frameworks that transformed the way CISA tracked security posture. Our approach:

• Integrated FISMA-compliant risk tracking throughout the system lifecycle.

• Delivered quarterly authorization package updates and ongoing authorizations.

• Validated controls across cloud and on-premise environments, ensuring security measures were effective in real-world conditions.

These innovations reduced the time-to-detect vulnerabilities, improved compliance readiness, and enabled leaders to make data-driven, risk-informed decisions.

Building Lasting Capabilities

Our work went beyond the scope of security assessments—we built standardized and lasting capabilities for CISA’s mission:

• Authored security test plans, SOPs, and assessment checklists for consistent evaluations.

• Developed Bill of Materials (BOMs) and Rough Orders of Magnitude (ROMs) to accelerate procurement.

• Enhanced contract Blue/Red Team collaboration through advanced security tools like Splunk, Tenable, Qualys, Tripwire, Kali Linux, Metasploit and many other best-of-breed solutions.

Results That Matter

During this engagement, ACS:

• Delivered Security Assessment Reports (SARs) and Risk Assessment Reports (RARs) that translated technical risk into clear executive action.

• Reduced assessment timelines by streamlining SCA workflows.

• Strengthened the security posture of multiple federal systems through targeted, actionable recommendations.

At ACS, we don’t just assess—we lead, innovate, and deliver lasting impact. Our time supporting DHS CISA is a testament to how strategic PMO engagement combined with technical excellence can elevate cybersecurity programs to the next level.