User:Karen Mercedes Goertzel

Karen Mercedes Goertzel is a Certified Information Systems Security Professional and leads Booz Allen Hamilton’s Information Security Research and Technology Intelligence Service. An expert in software assurance, ICT supply chain risk management, assured information sharing, and the insider threat to information systems, she has performed in-depth research and analysis for customers in DoD, the Intelligence Community, NATO, DHS, Department of State, Department of Energy, FBI, IRS, Intel Corporation, and other public and private sector organizations in the U.S., U.K., Australia, and Canada. She has authored numerous peer-reviewed articles and conference papers on topics related to software assurance, supply chain risk management, the insider threat, and cross-domain information sharing, and was the lead author/editor of the DoD Information Assurance Technology Analysis Center's State-of- the-Art Reports on ICT Supply Chain Risk Management (2010), the Insider Threat to Information Systems (2008), and Software Security Assurance (2007), and Tools Reports on Vulnerability Assessment Tools (2011), Anti-Malware Tools (2009), and Firewalls (2011). She was also lead author/editor of Security in the Software Life Cycle (2006), and its revision Enhancing the Development Life Cycle to Produce Secure Software (2008), published by DHS and DoD's Data and Analysis Center for Software. For the Naval Ordnance Safety and Security Activity (NOSSA) she was co-author/editor of Safety and Security Considerations for Component-Based Engineering of Software-Intensive Systems (2010), and editor of the Software Security Assessment Tools Review (2009) that forms the basis for the OWASP Software Security Testing and Assessment Tools Review Project that she has initiated at the request of NOSSA, and with the support of the NIST Software Assurance Metrics and Tools Evaluation (SAMATE) program.