Karen Friend

Current Role

As the lead of CBIIT’s Security Compliance Team, my teams and I are dedicated to information technology and cybersecurity. A layered approach is applied to security framework services, including application of protocols, policies, and implementation of compliance procedures throughout governance and assessments. I’m also an information security officer (ISO) alternate, so my responsibilities include information assurance for enterprise systems (under the Federal Information Security Management Act, or FISMA), security assessment and authorization, policy, compliance, and oversight of testing protocols, continuous monitoring, and quality assurance. I hold a ISC2 Certified Secure Software Lifecycle Professional (CSSLP) certification, as well as a SANS Institute’s Global Information Assurance Certification (GIAC) Security Essentials (GSEC) Gold certification. I am also a certified Contracting Officer’s Representative level two (COR II) and Federal Acquisition Certification Program level two (FAC II).