CNSS-4016 Risk Analyst

Information Assurance Associates (IA2) july 21-24


Ends February 1


Ends June 1


Ends July 20


July 21-24


This is a fully certified Committee on National System Security (CNSS)-4016 Risk Analyst course that provides four days of intense, highly concentrated, non-technical professional training necessary to achieve the fundamental knowledge, skills and abilities needed to analyze, assess, control, determine, mitigate and manage risk within a federal management and acquisition framework or within federal interest computer systems that store, process, display or transmit classified or sensitive information (e.g. Personally Identifiable Information (PII), and Electronically Protected Health Information (ePHI)/Individually Identifiable Health Information (IIHI) , etc).. This course addresses specific knowledge factors and functional requirements established for Entry and Intermediate Level Risk Analysts. Specific focus is directed on identifying, implementing and integrating management, acquisition and administrative risk methodologies for securing critical and sensitive information infrastructures and establishing standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of critical organizational computing resources.

Student Requirements, experience/expertise

Students should have an advanced understanding, practical knowledge and recent experience in enforcing federal requirements, applying risk methodologies and facilitating acquisition, program management or system accreditation activities. Students should also have extensive system administrator and/or Information Assurance Manager (IAM) experience, and be very familiar with the risk relevant responsibilities associated with system accreditations. Completion of CNSS-4012 Senior System Manager and CNSS-4015 System Certifier training is highly recommended. This is a "Certificate" earning course; accordingly, a comprehensive 50 question examination will be administered on the last day of training.

What you get

What to bring

All administrative and training supplies will be provided.


Norman Beebe has over 25 years of managing information security within federal interest computer systems and networks that store, process, transmit or display sensitive, classified or national intelligence information. Mr. Beebe's technical certifications include: Certified Information System Security Professional (CISSP), International Information Systems Security Certification Consortium (ISC2); Certified Information Security Manager (CISM), Information Systems Audit and Control Association; National Security Agency (NSA) Information System Security Assessment and Evaluation Methodologies (IAM/IEM); and he is endorsed as a "Fully Qualified" Certification Agent. He has extensive experience in defining and designing risk analysis methodologies within federal information infrastructures and served as an NSA Adjunct Faculty member and as an NSA Accreditation Action Officer (AAOs). Mr. Beebe is a recipient of the prestigious Copernicus Award for excellence and special achievement in Command, Control, Communication, Computer and Intelligence (C4I) and winner of the National Information Assurance Leadership Award for Security Education, Training and Awareness.

Gregory Welch has extensive experience in training, curriculum development, and Information Assurance (IA). Coming from a background of cryptology and signals analysis, he has used this capability to design, develop, and map multiple training courses to the Committee of National Security Systems (CNSS) requirements. He has developed and delivered numerous presentations at seminars and conferences. He has provided Certification and Accreditation (C&A) efforts and training to DoD and Federal agencies including: FBI, NSA, DHS, Coast Guard, NGA, DOI, DOJ, and all branches of the armed forces. Mr. Welch is a Certified Information System Security Professional (CISSP), and a "Fully Qualified Certification Agent". He is certified in National Security Agency (NSA) Information System Security Assessment and Evaluation Methodologies (IAM/IEM) and has received the "Advanced Signals Analyst" and "Master Training Specialist" designations.

Jeff Moulton In September 2008, Mr. Moulton joined Georgia Tech Research Institute (GTRI) as Lead, Information Operations. GTRI is a leading university-affiliated applied research and development center. In this key area, Mr. Moulton provides strategic direction and leadership and is responsible for focusing research, business development, building technical teams, and coordinating information operations across the university and institute. Mr. Moulton has in-depth experience within the intelligence communities assessing and defining corporate-level and globally deployable network security solutions. His technical certifications include: Certified Information Systems Security Professional (CISSP), International Information Systems Security Certification Consortium (ISC2), Project Management Professional (PMP), Project Management Institute, National Security Agency (NSA) Information Assurance Manager (IAM), National Security Agency (NSA) INFOSEC Evaluation Methodology (IEM), Open Source Professional Security Analyst (OPSA), and Malware Forensics Investigator (MFI), Wetstone. Before joining GTRI, Mr. Moulton served as the Information Assurance Assistant Program Manager at the Naval Surface Warfare Center. In this role he established an Information Assurance (IA) Division for the Deployable Joint Command and Control (DJC2) Joint Program Office. He provided leadership and direction for all information assurance facets of the $566M Joint Program of Record and managed the many facets of a major DoD acquisition program. He recruited and built the first joint integrated IA team across government and military service branches, with members from DIA, NSA, SPAWAR, NETWARCOM, OSD NII, JITC, USJFCOM, USPACOM, USEUCOM, USSOUTHCOM, and other Department of Defense (DoD) IA stakeholders. Mr. Moulton authored the DJC2 IA Strategy, Technology Readiness Assessments, Analysis of Alternatives, and other DoD acquisition documents required by public law. Mr. Moulton continues to represent the DJC2 Joint Program Office as the IA subject matter expert with DoD intelligence agencies (NSA, CIA, and DIA). In addition, Mr. Moulton serves on the Department of the Navy Network Warfare Command (NETWARCOM) IA Working Group.