Founder of Aquila Business Services, LLC - James Synovec, CISSP, CAP, CEH, Security+

Home - Terms and Definitions - Briefings - Founder and History

James E. Synovec, CISSP, CAP, CEH, Security+

Business management professional with over 15 years of IT security and over 20 years of project management experience.

OBJECTIVE

Focus is to help businesses and individuals with over 20 years of working knowledge in IT security, development, and management experience. The company was reorganized to allow for minority woman owned management to allow for the empowerment of women owned business.

HISTORY

James Synove CIO and founder of Aquila Business Services LLC established the company in 1997 (formally Synovec and Associates - 1984) in the state of Colorado as a consulting company focused on helping small businesses be successful. James and current CEO, Dolores Synovec, felt that the US economy greatly depended of the success of small business. Creating a company that met the needs of affordable and professional services the company broadened it's services to help businesses get access to cash, which at the time was greatly needed to ensure success. Aquila launched their financial component of the business and helped many businesses get the financing that they needed through venture capital and creative financing.
Aquila decided to change their mission to not just making businesses successful but also protecting the company's informational assets and the American citizen's personal information.

SKILLS AND KNOWLEDGE

IT Security
Federal Government Guidelines: Subject Matter Expert (SME) for U.S. Department of Agriculture / US Forestry Service for Risk management Framework and Continuous Monitoring for High Impact Level information systems, U.S. Department of the Interior (DOI) Certification & Certification (C&A) program, National Institute of Standards and Technology (NIST) Special Publication (SP), 800 series guidance. Security Compliance Coordinator, USCert , CSAM, POA&M and provide security training for staff.
Security Audits and Assessments: Internal Control Reviews (ICR), Security Impact Assessments (SIA), Penetration Testing, Security Walkthroughs, FISCAM Audits, FISMA Audits, OIG Audits, A-123 Reviews, Gap Analysis, and Audit Log Review of SAP application.
Security Documentation: System Security Plan (SSP), Contingency Plan (CP), Interconnection Security Agreements (ISA), Risk Assessment (RA), Security Test Evaluation (ST&E) plans and reports, and Security Technical Implementation Guides (STIG)
IT Security Tools: Penetration Tools, Vulnerability Scans, Sniffers, Intrusion Detection Systems (IDS), Intrusion Prevention System (IPS Information Technology
Backtrack, Windows, Linux/Apache/MySQL/PHP (LAMP), Virtualization, Cloud, Software as a Service (SaaS), Networking, Bluetooth, Database, Open Source, Enterprise Resource Planning (ERP), SAP, Learning Management Systems (LMS), SugarCRM, vTiger CRM, Web 2.0, SEO, Web Design, AutoCAD, CSAM, Microsoft Office, OpenOffice, Google Docs, Change Management, CADDS 5x ComputerVision, CNC, Material Resource Planning (MRP), Moodle, Microsoft Project, Novell, and Microsoft Server 2003, Bluefish, Kompozer

Project Management
Create and maintain project plans and schedules, develop status reports, maintain project tracking spreadsheets, and supply chain management. Managed staff of 13 and projects of a $14M+ budget.

DoD Directive 8570.01-M
Based on current certifications
Information Assurance Technical (IAT) II and III
Information Assurance Management (IAM) I, II, and III
Information Assurance Systems Architect & Engineer (IASAE) I and II
Computer Network Defense Analyst (CND-A)
Computer Network Defense Infrastructure Support (CND-IS)
Computer Network Defense Incident Responder (CND-IR)
Computer Network Defense Auditor (CND-AU)

CLEARANCES

United States Office of Personnel Management
SF 85P, MBI Extra Coverage 3 / Advanced report of NAC
October 2008

EXPERIENCE

Rocky Mountain School of Ministry and Theology
Chief Information Security Officer (CISO)
January 2010 - Present
Report directly to the founder of the Rocky Mountain School of Ministry and Theology. Oversee and coordinate security efforts across the organization, including information technology, communications, legal, facilities management and other groups, and identifies security initiatives and standards. Oversee a network of security services and vendors who safeguard the company's assets, intellectual property and computer systems. Identify protection goals, objectives and metrics consistent with corporate strategic plan. Manage the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security. Information protection responsibilities will include network security architecture, network access and monitoring policies, employee education and awareness, and more. Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary. Work with outside consultants as appropriate for independent security audits.

SAIC
Senior IT Security Analyst
March 2011 - Present
Homeland and Civilian Solutions BU at SAIC for United States Department of the Agriculture (USDA), US Forestry Service, Task Lead: Governance and Policy
IT Security Analyst for Comprehensive Robust Information Security (CRIS) Project for USDA/Forestry Service. Subject Matter Expert (SME) for Risk Management Framework and Continuous Monitoring for High Impact Level information systems. SME for National Institute of Standards and Technology (NIST) guidance. Work with US Forestry Service management and staff to prepare information systems for the Certification & Authorization process. Perform gap analysis of the organizations policies and procedures and compliance to federal requirements and guidance.

Aquila Business Services, LLC
Chief Information Officer (CIO)
2009 - Present
Managed System Security Provider, IT Security, Learning Management Systems, Commercial Finance, E-Commerce, and Corporate Engineering. Business development and IT consulting services. Provide solutions for business automation, security, Learning Management Systems (LMS), and Enterprise Resource Planning (ERP). Services include engineering, systems and product analysis, software design, database development and audit reviews. Financial consulting providing services in venture capital, business financing and residential funding. Provided consulting of supply chain management services, procedures, and systems. Custom web based automation for businesses. Created automated processing of projects through Linux/Apache/MySQL/PHP (LAMP). Provided CRM services and support for SugarCRM and preferred partner for vTiger. Maintain clients web host accounts with remote administration. Provided shopping carts, SEO, Web 2.0, internet marketing, newsletter, email campaigns (with opt-in/out), web design and other ecommerce services. Open Source focus with working knowledge of many products including OpenOffice, Moodle and Joomla.

Provide vision and leadership for developing and implementing information technology initiatives. Directs the planning and implementation of enterprise IT systems in support of organization operations in order to improve cost effectiveness, service quality, and business development. Responsible for all aspects of the organization’s information technology and systems. Participate in strategic and operational governance processes of the business organization as a member of the senior management team. Lead IT strategic and operational planning to achieve business goals by fostering innovation, prioritizing IT initiatives, and coordinating the evaluation, deployment, and management of current and future IT systems across the organization. Develop and maintain an appropriate IT organizational structure that supports the needs of the organization. Establish IT departmental goals, objectives, and operating procedures. Act as an advocate for the organization’s IT vision via regular written and in-person communications with the organization’s executives, department heads, and end users. Identify opportunities for the appropriate and cost-effective investment of financial resources in IT systems and resources, including staffing, sourcing, purchasing, and in-house development. Assess and communicate risks associated with IT investments. Develop, track, and control the information technology annual operating and capital budgets. Develop business case justifications and cost/benefit analyses for IT spending and initiatives. Coordinate and facilitate consultation with stakeholders to define systems requirements for new technology implementations. Ensure continuous delivery of IT services through oversight of service level agreements with end users and monitoring of IT systems performance. Ensure IT system operation adheres to applicable laws and regulations. Establish lines of control for current and proposed information systems. Define and communicate organization plans, policies, and standards for the organization for acquiring, implementing, and operating IT systems. Direct development and execution of an enterprise-wide disaster recovery and continuity plan. Approve, prioritize, and control projects and the project portfolio as they relate to the selection, acquisition, development, and installation of major information systems. Review hardware and software acquisition and maintenance contracts and pursue master agreements to capitalize on economies of scale. Assess and make recommendations on the improvement or re-engineering of the IT organization. Keep current with trends and issues in the IT industry, including current technologies and prices. Advise, counsel, and educate executives and management on their competitive or financial impact. Promote and oversee strategic relationships between internal IT resources and external entities, including government, vendors, and partner organizations. Supervise recruitment, development, retention, and organization of all IT staff in accordance with corporate budgetary objectives and personnel policies.

Chief Executive Officer (CEO)
1997 - 2009
Commercial Finance, E-Commerce, IT Security, and Corporate Engineering

Founder (Synovec & Associates)
1984 - 1997

G&B Solutions, Inc
IT Security Analyst
July 2008 - March 2011
Information Technology Security Analyst for United States Department of the Interior (DOI), National Business Center (NBC)
Work within broad objectives to ensure the U.S. Department of the Interior (DOI) Certification & Certification (C&A) program is successful and in compliance with departmental standards and National Institute of Standards and Technology (NIST) Special Publication (SP), 800 series guidance. Assess and document the security posture of systems through interviews, document validation, and security control testing. Review and ensure that the system documents, System Security Plan (SSP), Contingency Plan (CP), Interconnection Security Agreements (ISA), Risk Assessment (RA), Security Test Evaluation (ST&E), are current and accurate. Interview system owners, developers, technical staff, to ensure their understanding of applicable IT standards and policies are correct. Create and maintain project plans and schedules, develop status reports, and maintain project tracking spreadsheets. Perform gap analysis of current policies, practices, procedures, Security Technical Implementation Guides (STIG) as they relate to federal standards and regulations. Provide recommendations and updates for improved security documentation on a regular basis. Perform annual Internal Control Reviews (ICR) and Security Impact Assessments (SIA). Manage Plan of Action & Milestones (POA&M). Perform penetration testing and security walk through assessments. Security Point of Contact (SPOC) for entire DOI/NBC Enterprise during United States Computer Emergency Readiness Team (USCert) briefings and change management meetings and brief system Points of Contacts (POC) on any vulnerability items, technical issues, and recommend mitigation. Provide security training to the information system team members. Identified as Security Compliance Coordinator and Audit Liaison during FISCAM audits, FISMA audits, Office of the Inspector General (OIG) and A-123 reviews. Maintain records and updated repositories within departmental guidelines and which utilized Cyber Security Assessment and Management (CSAM). Developed custom reporting with extracts from CSAM with custom spreadsheets.

Innovative Machining, Inc
Director of Engineering
2004 - 2005
Custom Manufacturing Company, Engineering, and Machine Shop
Design and supervise the fabrication of components and assemblies for external customers. Managed engineering staff and projects. Responsible for generating and closing sales. Projects included, DFM, design, composite molds, fixtures, tooling, prototype and various projects.
IT Responsibilities: Created process to receive clients design documents and to involve document control.

Mikron Assembly Technology
Project Manager / Application Engineer
2000 - 2004
Custom Automation Machinery and Equipment
International corporation, headquarters in Boudry Switzerland. Responsible for $14M+ projects from inception to completion. Engaged in all managerial aspects, including estimating, procurement for a team of approximately 13 engineers and man power hours. Controlled budget by procuring all material, parts, services and manpower. Accountable for program coordination through all phases of R&D, prototype, production, buy-off and customer installations and monthly reporting. Application engineering involved working with sales team to develop system design and estimate of project costs, including design, materials, man power and installation. Procurement Responsibilities: Procurement of company wide, international and domestic, and project specific purchases of materials, fabricated parts manpower. Personal target was to achieve 20% lower investment than budgeted costs. Created RFQ ‘s and negotiated discounts. Streamlined vendor base and supply chain process. Logistics scheduling of shipments worldwide.
IT Responsibilities: System administrator for multiple platforms and programs. MRP PRO:MAN (PIC), Novell, Microsoft Server. Created custom code to extract Bills of Material from MRP system and migrate it into AutoCAD. Automated routine procedures for engineers in design process and MRP system. Physical Security Point of Contact.

Picolight, Inc.
Automation Engineer
1999 - 2000
Fiber Optic Transducer Manufacturer
Design and estimating of automation equipment per product requirements as established by the application engineering department. Estimated costs and time to fabricate. Obtained quotations from internal and external suppliers. Procurement of of raw materials, fabricated parts, and man power. Responsible for quality during receipt and troubleshooting during production. Supervised the production of all product at manufacturing facility. Automated assembly equipment with an emphasis on laboratory environment. Involved DFM training to the application engineering team.
Procurement Responsibilities: Procurement of project specific purchases of materials and fabricated parts.

Rocky Mountain Insurance Replacement, Inc
Financial Controller
1999 - 2001
Insurance Replacement Company
Provided accounting services as financial controller for the company. Obtained quotations and involved procurement of material and products that had to be purchased and resold to the insurance customer. Involved with the web site design and automation of the ecommerce portion of the business. Included scheduling and shipping of material entire United States. Procurement Responsibilities: Procurement of product for replacement to insurance company’s client. Scheduled shipping and tracking of all logistics related issues.
IT Responsibilities: Provide database design and populate with LKQ information based on 5 years of historical data. Created web based interface with database. Provided automated order entry and quote submission system with HTML/PHP/MySQL.

Contract Engineering Services
Design Engineer
1999 - 1999
Contract Custom Engineering Design and estimating of automation equipment per product requirements as established by the sales team. Estimated costs and time to fabricate. Responsible for quality during receipt and troubleshooting during production. Automated assembly equipment with an emphasis on nonferrous materials.

CMED Automation
Project Engineer
1998 - 1999
Custom Automation Machinery
Design and estimating of automation equipment per product requirements as established by the sales team. Estimated costs and time to fabricate. Obtained quotations from internal and external suppliers. Procurement of raw materials, fabricated parts, and man power. Responsible for quality during receipt and troubleshooting during production. Supervised the production of all product at manufacturing facility. Automated assembly equipment with an emphasis on nonferrous materials. Provided technical support for customer troubleshooting in the field. Created operation and safety manuals for the customer. Provided training for the customer prior to installation.
Procurement Responsibilities: Created RFQ’s for fabricated parts and specialized materials to be used in the assembly of project specific assemblies or systems. Responsible for generating estimates and main decision maker on vendor selection.
IT Responsibilities: Provide network support and AutoCAD training for all staff. Created process for document control to fit within ISO requirements.

Mobile Tool International, Inc
Project Engineer
1996 - 1998
Aerial Lift Machinery and Equipment
Design and estimating of aerial lift machinery and equipment per product requirements as established by the sales team. Estimated costs and time to fabricate. Obtained quotations from internal and external suppliers. Procurement of of raw materials, fabricated parts, and man power. Responsible for quality during receipt and troubleshooting during production. Supervised the production of all product at manufacturing facility. Aerial lifts used in the service of high energy electrical power transmission lines was focus. Provided technical support for customer troubleshooting in the field. Provided custom design and technical guidance for nationwide installations. Procurement Responsibilities: Generate RFQ’s for individual project materials and parts. Logistics scheduling of shipments to other company locations.
IT Responsibilities: Created system for proper document control to work across multiple platforms, AutoCAD and SRDS systems. Database administration of all technical CAD drawings, safety manuals and other files.

Omaha Standard
Project Design Engineer
1995 - 1996
Heavy and Light Construction Equipment
Design and estimating of heavy and light construction equipment per product requirements as established by the sales team and directly with the customer. Estimated costs and time to fabricate. Obtained quotations from internal and external suppliers. Procurement of of raw materials, fabricated parts, and man power. Responsible for quality during receipt and troubleshooting during production. Supervised the production of all product at manufacturing facility. Hydraulics and dump body conversions were area of focus. Created all operators manuals and safety manuals for the end user. Provided technical support for customer troubleshooting in the field. Provided custom design and technical guidance for nationwide installations.
Procurement Responsibilities: Procurement of company wide and project specific purchases of materials, fabricated parts manpower.
IT Responsibilities: Custom design of database and spreadsheets for field engineer use. These databases calculated all requirements for the installation crews and provided specifications to fit with in proper industry and safety codes.

Omeco-Boss
Automation Engineer
1992 - 1995
Food Processing Machinery and Material Handling Equipment
Design and estimating of material handling equipment per product requirements as established directly by the customer. Estimated costs and time to fabricate. Obtained quotations from internal and external suppliers. Procurement of raw materials, fabricated parts, and man power. Responsible for quality during receipt and troubleshooting during production. Train staff to operate tools. Provided installation support at customer site.
IT Responsibilities: Database administration for AutoCAD system for document control.

Square D Company
Tool and Product Designer
1984 - 1990
Electrical Equipment and Controls Manufacturer
Design and estimating of manufacturing tool design per product requirements as established by the sales team. Estimated costs and time to fabricate. Obtained quotations from internal and external suppliers. Procurement of of raw materials, fabricated parts, and man power. Responsible for quality during receipt and troubleshooting during production. Train staff to operate tools. Trained all new staff MRP system and engineers on CAD systems.
Procurement Responsibilities: Procurement of company wide and project specific purchases of materials, fabricated parts manpower. Responsible for vendor approval.
IT Responsibilities: Lead project of migration from CADDS 5x ComputerVision mainframe to stand alone PC systems. Provided daily backups and hardware servicing of CAD equipment. Maintained and trained staff on IBM mainframe MRP system. Provided CNC programming and maintained archived database. Managed systems for various plant locations; Ireland, Columbia MO, Cedar Rapids IA, Lincoln NE and Mexico.

Integrated Design Services
Mechanical Design Engineer
1984 - 1984
Food Processing Machinery and Material Handling Equipment
Design and estimating of manufacturing tool design per product requirements as established by the sales team. Estimated costs and time to fabricate. Obtained quotations from internal and external suppliers. Procurement of of raw materials, fabricated parts, and man power. Responsible for quality during receipt and troubleshooting during production. Train staff to operate tools.
IT Responsibilities: Provided system and network administration work for AutoCAD based CAD system. Maintained electrostatic plotter.

VOLUNTEER AND COMMUNITY ACTIVITIES

Open Web Application Security Project (OWASP)
December 2011 - Present
Denver Chapter Board Member - Outreach, Awareness, and Education.

(ISC)2 Safe and Secure Online Program
July 2011 - Present
Volunteer instructor of Safe and Secure Online Program for children ages 7 -14, and parents, how to protect themselves online.

Hope for the City, Colorado
Vice President
2000 - 2001
Non-Profit
Primary focus was to raise man power support for volunteer projects. Some functions were food drives and immunization programs for at risk children. A success story is a food drive we organized in Longmont, CO that acquired a years supply of food in only a short period of one Saturday.

Divorce Care
Spetember 2011 - Present
Facilitator for divorce recovery classes as part of the In Motion Ministry program of the Denver Church of Christ.

ACHIEVEMENTS

Security Compliance Coordinator for federal government financial information system with over 8,000 users and 3 deployments.
Audit Liaison during FISCAM audits, FISMA audits, Office of the Inspector General (OIG) and A-123 reviews with 100% on time deliverables.
Managed Plan of Action and Milestone (POA&M) process and reduced identified security vulnerabilities by 85% within 6 months.
Security Point of Contact (SPOC) for entire DOI/NBC Enterprise during United States Computer Emergency Readiness Team (USCert) briefings for Microsoft vulnerabilities.
Managed projects of $14M+ projects from inception to completion and met goal of reducing investment by 20% of budgeted costs.
Created multiple tools for aid and automation in performing various tasks that are used by the organization. The tools were used for Nessus vulnerability scan reports, Cyber Security Assessment and Management (CSAM) report generation, and Internal Control Review (ICR) templates for automatic reporting of summaries.
Created training material and documents for information system users and the DOI/NBC implements for entire organization.
Organized a group of volunteers for a food drive in Longmont, CO that acquired a years supply of food in one Saturday.

COPYRIGHTS AND PUBLICATIONS

Commercial Financing Educational Publication, Registration Number TX-7-221-7189, 2005

AWARDS AND RECOGNITION

Department of Interior: Award fro Excellence 2010, Certificate of Appreciation 2008, Directors Award 2009
G&B Solutions, Inc.: Employee Achievement Award, 2009, Nominated for President's Award 2009.

Professional Certifications:
CompTIA - Security+
EC-Council - Certified Ethical Hacker (CEH)
(ISC)2 - Certified Information Systems Security Professional (CISSP)
(ISC)2 - Certified Authorization Professional (CAP)

Volunteer and Community Involvement:
OWASP Denver Chapter Board Member - Outreach and Education.
(ISC)2 Safe and Secure Online Volunteers

Contact Information:
Phone: 720-253-3854
VoIP/IP-Telephony/Video Conference: sip:aquilabusiness@ekiga.net
Email: Aquila Business Services, LLC
Office Address: 11292 E. Virginia Place, Aurora, CO 80012

Aquila In the News...

15Dec11
New Summary Briefing for NIST NICE Workforce Framework Publication.
Press Release: Online Here

28Nov11
Aquila releases IT Security Federal Guidance and Compliance Briefings.
Press Release: Online Here

27Nov11
Aquila provides Internet Safety Presentaions for your organization.
Press Release: Online Here

26Nov11
James Synovec - CIO, is speaking at the CISO Executive Summit 2011 in Las Vegas Dec 5-6.
Press Release: Online Here