Federal Cloud Computing

Matthew Metheny, PMP, CISSP, CAP, CISA, CSSLP, CRISC, CCSK, is an Information Security Executive and Professional with twenty years of experience in the areas of finance management, information technology, information security, risk management, compliance programs, security operations and capabilities, secure software development, security assessment and auditing, security architectures, information security policies/processes, incident response and forensics, and application security and penetration testing. Mr. Metheny is the Chief Information Security Officer and Director of Cyber Security Operations at the Court Services and Offender Supervision Agency (CSOSA), and is responsible for managing CSOSA’s enterprise-wide information security and risk management program, and cyber security operations. Prior to joining CSOSA, Mr. Metheny was employed at the US Government Publishing Office (GPO), where he led the Agency Governance, Risk Management, and Compliance (GRC) Program and served as the Agency subject matter expert for cloud security, responsible for evaluating service provider solutions against federal and industry security standards and integrating Agency and service provider security services. Mr. Metheny was the founder and instructor at CloudSecurityTraining.com, a business unit of One Enterprise Consulting Group, LLC, which was an approved training partner with the Cloud Security Alliance (CSA). He was also the Co-Chair for the CSA CloudTrust Protocol (CTP) Working Group, a Founding Member and Member of the Board of Director for the CSA-DC Chapter which was CSA’s Federal Cloud Center of Excellence, and a Founding Member of the OpenStack DC user group focused on expanding the knowledge of OpenStack within the Washington, DC metro area. Mr. Metheny received a Bachelor’s degree in Computer and Information Science from the University of Maryland University College and a Master's degree in Information Assurance from University of Maryland University College. He also holds the Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Controls (CRISC), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Auditor (CISA), Certified Authorization Professional (CAP), Project Management Professional (PMP) and Certificate in Cloud Security Knowledge (CCSK) Certifications.

Chapter 1 - Introduction to the Federal Cloud Computing Strategy

Chapter 2 - Cloud Computing Standards

Chapter 3 – A Case for Open Source

Chapter 4 – Security and Privacy in Public Cloud Computing

Chapter 5 – Applying the NIST Risk Management Framework

Chapter 6 – Risk Management

Chapter 7 – Comparison of FISMA with Other Security Compliance Standards

Chapter 8 – FedRAMP Primer

Chapter 9 – The FedRAMP Cloud Computing Security Requirements

Chapter 10 – Security Assessment and Authorization: Governance, Preparation, and Execution

Chapter 11 – Strategies for Continuous Monitoring

Chapter 12 – Cost-Effective Compliance using Security Automation

Chapter 13 – A Case Study for Cloud Service Providers