Wayne Boone has over nineteen years experience in the provision of effective and appropriate Information System (IS) security, and over 20 years in the provision of Corporate Security, Critical Infrastructure Protection (CIP) and Business Continuity Planning (BCP) for sensitive private and government activities, in both static and deployed environments.

With an extensive knowledge of threats to, and vulnerabilities of, values assets, Boone has effectively “sold” security and protection to senior management through logic and a full appreciation of the business processes being supported. He has extensive operational experience in both physical and information system environments, often in austere conditions and in unusual risk areas. A major competence is his ability to analyze and communicate appropriate security requirements, both as a team member and as the leader of teams of various sizes.

Boone maintains several key professional certifications that attest to his expertise, experience, and ongoing quest for currency within his specialties. He also instructs extensively in all aspects of security and continuity. He is a graduate of the Canadian Strategic Leadership in Government Security Course and is currently pursuing Ph.D studies in Information Assurance through the University of Fairfax, Vienna, Virginia.

Boone has performed the following functions:

• The complete Risk Management process in a variety of environments, with an emphasis on IS
• IS Security Life Cycle Management
• The full Force Protection process for all assets including personnel, material, infrastructure, information and activities within operational and austere environments, and the implementation of appropriate controls and measures leading to mission success and Assessments for which he is certified by the Canadian Department of National Defence and the US Department of Defense Threat Reduction Agency
• Information Protection (IP) and Information Security (INFOSEC), including security of paper assets, sensitive discussion areas, Operations Security (OPSEC), telephone security, radio procedure, and sensitive SIGINT areas
• Critical Infrastructure Protection (CIP) including criticality assessments, all-hazards assessments, and determination of appropriate safeguards; conduct of multi-specialty and bi-national CIP assessments of large installations
• Canadian, NATO, and international IS Security Certification and Accreditation (C&A) Process
• Privacy Impact Assessments according to GoC guidelines
• Complete Disaster Recovery and Business Continuity Planning and Validation encompassing: contingency planning; disaster recovery planning; emergency response; investigation of incidents and recommended actions; production and implementation of policies, orders and standing operating procedures; and drafting and conducting exercises and evaluating results
• ­ Researching and drafting both Departmental and system-specific IS Security Policies and Directives based on a thorough understanding of: the Canadian Government Security Policy and supporting operational standards, National Security Policy, Criminal Code of Canada, the US and Canadian Trusted Computer Product Evaluation Criteria
• Personnel Security safeguards including background checks, clearances, formal access approvals, separation of duties, and the "need to know" principle in support of computer operations
• Physical Security safeguards for information systems including siting of computer and other sensitive/valued asset facilities, construction of secure rooms and sensitive discussion areas, and Perimeter Intrusion, Detection, and Surveillance (PIDAS) methods, including technical access control methods
• Technical Security safeguards for information systems including: computer security (Trusted Computing Bases, identification and authentication, auditing); emission security (TEMPEST, EMSEC zoning, shielded rooms, red/black separation); network security (network level security services and trusted computing bases, firewalls); transmission security (protected distribution systems, OPSEC); cryptographic security (Public Key Infrastructure, high and commercial grade cryptography)
• Procedural Security safeguards including IS security specialists Terms of Reference, IS security orientation and awareness programs, media handling, and investigations of IS security incidents
• Concepts, Procedures and Applications of offensive and defensive Information Operations
• Common Criteria Evaluation, for which he is certified at the EAL 4 level
• Security of Infrastructure Applications including the Departmental Electronic Mail System and Military Message Handling System
• Security of Infrastructure Networks including the Departmental Wide Area Network (DWAN)
• Training and Instruction on INFOSEC throughout the complete training lifecycle, including training requirements, training standards, training plans and lesson plans, conduct and validation
• Briefings and Presentations to senior management and other clients, including Business Cases
• Project Management including conceptualization, planning, options analysis, client management, team leadership, and project implementation to complete client satisfaction
• Business Process Re-engineering advice and guidance to optimize efforts
• Results-Oriented Team Leadership, Training, Education and Personnel Development