Information Security & Regulatory Compliance Services.

    learn more

Inquire About Our Penetration Test Services

World Class Cybersecurity

Agile Armory leverages risk management framework, industry proven enterprise security architecture and systems engineering principles to provide adaptable, holistic security and information assurance solutions specifically tailored to each client environment. We believe in building security in, from system inception to production deployment, rather than in response to changing, vectors of advanced persistent threats methodologies of sophisticated nation state cyber actors and unpredictable insider threats.

Information Assurance

We ensure your organization have the tools to leverage people, process and technology, to employ security measures designed to enhance the confidentiality, integrity, and availability of your information and information systems.

Risk Management

We enable your organization to forecast and evaluate security risks together with the identification of procedures to avoid or minimize their impact.


We ensure your information security program meets specific security standards as laid out by regulatory organizations.

Who we are

Agile Armory helps clients identify vulnerabilities and assess real business risks, meet FISMA, ISO 27002, PCI, HIPAA, GLBA and other security compliance mandates more effectively and efficiently.

Cybersecurity Risk Management and Information Assurance is what we do. Supporting government cybersecurity initiatives drive our business. Your organization’s governance, risk management compliance concerns is our top priority. We are an expert team of highly dedicated security specialists, supported by strategic and emerging technology partners, who are tightly focused on cybersecurity security assessment and authorization for our enterprise customers.

We Can Help

Partner with Agile Armory now for optimal protection of your clients valuable enterprise network, systems and data, through a solid risk management framework based security lifecycle assessments, ongoing security authorizations and effective implementation of secure continuous monitoring programs.

Our Clients

220px-US-SecuritiesAndExchangeCommission-Seal.svgSecurity and Exchange Commission OIG – FISMA Audit Project

IT security auditor for the Securities and Exchange Commission Office of the Inspector General (SEC OIG) with responsibility to audit the Commission’s information systems, programs, contracts operations and program participants. Responsible to review available information assurance guidelines, regulations, and directives from various sources and command levels, and recommend appropriate changes as needed. Develop recommendations for deploying information security program requirements, policies, and procedures to safeguard sensitive information processed within the SEC OIG information system accreditation environment. Perform surveys of organizational units to be audited. Review audit program for assigned area and proceed with examinations, tests and analysis. Survey technical, operational and management aspects of the OIG’s information systems in accordance with Office of Budget and Management (OMB) FISMA reporting requirements. Evaluate configuration of hardware and software platforms, remote access architecture, identity and access management, and security training and configuration compliance requirements. Prepare and maintain accurate work papers, document audit work performed and record collected audit data.

logoFFIEC Security Audit Project– Madison Bank of Maryland

Project Lead for security team responsible to complete the FY2012 Annual Assessment for Madison Bank of Maryland. The security audit consisted of developing a audit plan, manual evaluation and testing of all security control families from the FFIEC IT Examination Handbook. The testing included security assessment, vulnerability assessment using Nessus vulnerability scanner and running the MBSA tool to analyze security problems in Microsoft Windows servers and workstations. Responsible for developing a formal Risk Assessment and recommendation reports.

abcd1C&A Project –Corporation for National & Community Service (CNCS) OIG

Key member of a security team responsible to complete the FY2007 C&A for the CNCS Office of Inspector General (OIG) General support system. The C&A consisted of developing a System Security Plan, conducting Security Test and Evaluation, including vulnerability assessment using Nessus vulnerability scanner. Responsible to develop a formal Risk Assessment analysis and PO&AM reports.

fhfaFISMA IT Security Review – Federal Housing and Finance Agency (FHFA)

Key member of an IT security assessment team that was responsible to perform an independent evaluation of FHFA’s IT Security Program and perform security assessments on the information system in accordance with NIST SP800-53 guidelines. Responsible to independently review FHFA’s Information Systems Security Program to determine the effectiveness of implemented security controls in accordance with NIST standards. Responsible to perform vulnerability assessments to validate that FHFA has implemented the appropriate controls to mitigate risks. Evaluate and review FHFA’s network configuration settings and identify exposures in the network environment using both internal and external penetration testing. Conduct configuration testing on a representative sample of servers, firewalls and routers using the Center for Internet Security (CIS) Benchmark tool. Conduct Nessus vulnerability scans on all servers, routers, switches and firewalls, in addition to a representative sample of workstations. Responsible to prepare a comprehensive security assessment report


Network Engineer – Queens Surrogates Court, Jamaica

Network Engineer for the Surrogates Court, Queens County. Responsible to plan and supervise the installation of the network security architecture in accordance with standards established by Information Technology Services. Responsible to work with the local area network (LAN) administrators to develop and implement server hardening scheme for Windows and Netware servers. Installed networks utilizing standards of Windows using LAN and wide area network (WAN) technologies in a Novell, Windows and other network operating systems with intelligent hubs and switches. Performed continuous monitoring of firewalls and routers syslogs to identify security issues. Trained local area administrators on security and threat related issues. Reviewed logs and records of local area network administrators regarding security and performance issues.


Network Administrator – Office of Court Administration, New York

Network Administrator for the New York State Office of Court Administration (OCA). Responsible to install and configure local and wide area network architecture in accordance with the OCA IT standards. Monitor and maintain daily operation of computer systems and networks for testing, training, and production. Configure and install switches, bridges, and routers. Install and maintain networks utilizing Simple Network Management Protocol. Resolved and monitored cabling and network equipment hardware and software problems: contact vendors and visit remote locations to resolve such problems. Review and explain procedures to network users to resolve problems or to train new users. Responsible to install hardware and software. Deliver complete remote and on-site support for Windows XP/2000/NT network and desktop infrastructure servicing courts in 5 boroughs. Lead and coordinate hardware/software deployments with other network administrators.

logo (1)Technical Support Specialist – Hampton Industries, Inc., New York

Technical Support Specialist for the New York branch of Hampton Industries, Inc. Duties included providing Helpdesk, Novell Netware and Microsoft Office Suite support. Lead numerous process improvements and project deployments with little to no budget, including innovative printing distribution and standardized computer graphic design processes. Administer group policies and control network resource access.


Sample Complete Risk Management Framework (RMF) and Cybersecurity Lifecycle Protection in accordance with the Cybersecurity Framework developed by NIST:


Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.


Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.


Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.


Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.


Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

© 2019 Copyright Agile Armory - A Mike Carver Services LLC Company