Bud M. Nesrallah
President, ITNESCO Inc.
Mr. Nesrallah is the President of ITNESCO Inc, an IT Security company. He has a degree in Computer Science from Ottawa University and over 35 years of IT experience, working for over 23 Government of Canada departments and agencies, including the RCMP, Ontario Power Generation (Nuclear), CSE, DFAIT, TBS, Shared Services Canada (SSC), PWGSC, Transport Canada, Health Canada, Justice, and
many more. He has Top Secret/Special Access Security Clearance and is certified to handle Controlled Goods.
He is a recognized leader in the field of IT Security and has been certified by the Treasury Board Secretariat (TBS) to conduct independent reviews of major government projects to provide his Project Management expertise in how well they are doing.
Since 2006, his main focus has been on providing leadership to Government of Canada departments and agencies in the field of IT Security. He has held Senior IT Security and Senior Project Management
positions in all his portfolios.
In the last few years, he has noticed that most IT consultants and Federal Government departments lack a consistent approach to security assessments and authorization. He made it his mission to come up with a solution. He came up with a Security Assessment and Authorization (SA&A) course. This course is the culmination of over 35 years of IT experience. It will revolutionize how federal, provincial, municipal, and private organizations protect their IT Security and related assets.
In the last 11 years, he has performed or managed the performance of hundreds of security assessments on critical IT systems, services, and programs for the Federal Government of Canada. He has trained consultants and federal employees on how to conduct security assessments.
In his Health Canada and Statistics Canada portfolio assignments, he held a leadership role in preparing the strategies for timely Risk Management and providing staff and consultants with templates and training for the Security Assessment & Authorization (SA&A). He has completed the Enterprise Network TRA for Health Canada and the Department of Justice. He has completed numerous architecture diagrams/designs for the Secure Channel at HRSDC (now ESDC), Management Restricted Zone (MRZ)
at SSC, etc.
At Statistics Canada, Mr. Nesrallah introduced Statistics Canada to the new Security Assessment & Authorization (SA&A) Process and the ITSG-33 Security Control Profiles, implemented an IT Security Framework (including Policy Framework, Governance Gates, strategies for migration to SSC Enterprise Data Centres, and IT Security Awareness – complete with all SA&A Templates.
He is an expert in the Government of Canada IT Security Directives, Standards, and Guidelines, including zoning of networks, Privacy, the Harmonized Threat & Risk Assessment Methodology, and ITSG-33 Security Control Profile.