Imagine telling an entire U.S. Agency to reorganize across 2 of their largest divisions to be more effective & secure. TDI did! For the DEA.

TDI provided the DEA with support at multiple levels of the organization, to include the CTO and Information Security Office. Our primary function was in a consulting role, helping the DEA in a proactive effort to mitigate many of the potential risks in cybersecurity business processes and procedures to which they could be vulnerable. TDI conducted a Security Assessment to ascertain the most likely areas for improvement within the DEA; targeting DEA’s Information Security Section (ISI) and Office of Information Systems (SI). The goal of the assessment was to recommend a solution for the DEA to fulfill its cybersecurity responsibilities mandated by Congress, the President, DOJ, OMB and NIST.

In addition, it was our responsibility to analyze the current operations/security environment of ISI and SI, and to assess risks in their cybersecurity practices. This resulted in TDI developing a recommended set of security processes/procedures/policies, providing associated budgetary recommendations and estimations, and suggesting organizational restructuring to demonstrate how ISI and SI should optimally conduct operations.

TDI performed a thorough review and dissection of the 17 DOJ security standards, and all DEA policies, procedures, and processes that relate to security. To supplement the documentation, TDI conducted multiple rounds of interviews with dozens of DEA staff at virtually all levels. The assessment was unbiased, with no existing budgetary data provided prior to making budget recommendations, and no DEA influence on the findings or recommendations.

For the assessment final report, findings, recommendations, and any additional costs associated with each recommendation were incorporated into a budget spanning nearly ten years. In general, the most pressing findings related to the structural organization of the DEA and the relationship between ISI and SI. Closely linked to this are sharply defined roles and responsibilities inside each of ISI and SI independently and between ISI and SI.

As a follow-up to our organizational cybersecurity assessment, TDI delivered strategic executive-level advice to the DEA’s Chief Technology Officer and provided recommendations for DEA enterprise IT and cybersecurity expenditures. We conducted product evaluation, ROI analyses, proof-of-concept, and executed pilot programs on new and emerging technologies. Our role allowed us to provide daily advice for decisions affecting a 15,000-user community. We consulted on matters relating to IT security federal regulatory compliance such as FISMA, HSPD-12, and DOJ directives. On behalf of the DEA, we provided input to DOJ Information Assurance policy, when secure standards for new technologies emerged. TDI executed projects under federal guidelines and standards such as NIST and FIPS and provided a best practices cybersecurity perspective to the organization in their pursuit of a sound Federal Enterprise Technical Architecture model. Our accomplishments included:

  • TDI provided an end-to-end recommendation and proof-of-concept evaluation for securing enterprise email communications
  • Acted as a liaison for the Office of Information Systems to the Office of Security Programs for issues pertaining to IA such as vulnerability assessment analysis
  • Evaluated FIPS 140-2 protection mechanisms for wireless networks
  • Drafted response to DOJ wireless policy on behalf of the DEA
  • Interfaced and elicited requirements consensus among a varying number of stakeholders within the DEA
  • Worked with the organization to help develop a Patch and Vulnerability Group (PVG) capability for the entire DEA enterprise
  • Provided strategic plan, end-to-end recommendation and proof-of-concept for server virtualization technology using VMWare as part of the DEA’s Disaster Recovery initiative
  • Developed and implemented in-house processes for evaluation of emerging technologies
  • Researched and evaluated Biometric storage drives and smart-card technologies
  • Evaluated protection mechanisms for wireless networks
  • Provided guidance and recommendations on decision support tools to the DEA source selection process
  • Interfaced and elicited requirements consensus among a varying number of stakeholders within the DEA
  • Consulted and negotiated with large and small hardware/software vendors

Testimonials

Don’t take it from us, hear what our clients have to say about TDI

“TDI’s approach to Managed Cybersecurity Performance (MCP) has been a game changer for us. We now have added visibility and insight to better understand risk and the ROI (return on investment) we’re receiving from our other security provider. Our security program continues to mature and we’re able to maintain continuous compliance. MCP gives me one less thing to worry about and frankly makes my job easier.””
Johnny Yang
Director Information Security & Compliance
“TDI always provides top notch personnel that meet or exceed the requirements of the contract. Their deliverables, reports, and technical aptitude are bar none. We will continue to hire TDI … they always come through for us and our end customers.”
Emilio Gonzalez
Joint Strike Fighter Program Manager
“[TDI Employee] You are the Man !! Thanks so much for the quick turn around.”
W.A. Harrison
USAJOBS Program Office Deputy Program Director
“The most appealing part of the engagement was the development of the 10-year strategic security plan for our mutual client. The quality of the thinking and input into the deliverables was exceptional.”
Bruce Gnatowski
Director Verizon Global Services
“On behalf of MCSC, PdM TFITS, Manpower Team, I would like to express our appreciation for the excellence in leadership & teamwork demonstrated by [TDI Staff] over the past 18 months. Her role as a lead IA professional was carried out in a manner above and beyond expectations.”
Beverly Walker
USMC Manpower Branch Manager
“Highly skilled and knows their work. . . exceptional at task preparation & reduced time to perform tasks by 90%. TDI brings quality & care to the table. Lots of companies have good people, but TDI employees really care about the work they do & the collective customers we support.”
Deron Burba
Smithsonian CIO
“TDI and its staff provided high quality testing engagements followed up by concise easy to understand reports. They clearly showed adherence to tasks schedule and offer adequate frequency of client/customer interaction resulting in a very satisfied customer.”
Carla Little-Kopach
Chief, DARPA SSO BPA
“TDI has proven an invaluable asset to the mission of the CTO…have strengthened the overall IA posture of the DEA Enterprise…and continues to further innovate and provide solutions that help sharpen the overriding information technology goals and mission of the Office of the CTO.”
Mark Shafernich
CTO, DEA

Related Case Studies

All Case Studies
Monster calls on TDI to support its cyber requirements and scare away risk

As Monster’s cybersecurity partner for over a decade, TDI helped Monster navigate the difficult waters of Federal compliance by conducting A&A & other cyber efforts delivering roadmaps to protection
TDI brings risk expertise to bear at USDA in RMF & supporting tasks

Across multiple tasks at the USDA TDI provides Risk Management Framework, A&A, continuous monitoring, risk visualization, compliance, and risk and project management.
TDI made it smooth sailing for MSC on the sea of cybersecurity

MSC brought TDI in as its partner in cybersecurity, charged with designing, implementing, & operating a cybersecurity framework to continuously identify & manage vulnerabilities across its vast fleet.

nSights Report


X