Tony Buenger

Over 20 years experience as an information technology and cyber security leader with expertise in planning, developing, and guiding strategic IT and cyber security roadmaps to achieve maximum operational impacts with minimum resource expenditures. 

15+ years experience working FISMA compliance for federal agencies.  Extensive NIST experience, including NIST Cyber Security Framework (CSF) and NIST Risk Management Framework (RMF) with many U.S. federal agencies, to include the Department of Defense (DoD), Department of Agriculture (USDA), US Geological Survery (USGS), Railroad Retirement Board (RRB), to name a few.

As a Certifying Authority (CA) for the USAF (Logistics, Medical, and Finance) from 2009 to 2015, I developed and maintained cyber security metrics for and reported directly to Headquarters United States Air Force, Pentagon, IT, finance, and logistics agencies.  Led team of 15 security professionals to conduct testing, vulnerability analyses, and risk assessments in accordance with NIST risk management framework, HIPAA, and PCI DSS (payment card industry). Developed USAF level policies and procedures for web security, application security, and cloud security and provided thought leadership for designing, developing, testing, and implementing secure cloud services.

Key Achievements:
• Key team lead at the Pentagon in planning and implementation of NIST risk management framework Air Force-wide; US Air Force is now managing organizational risks from known security vulnerabilities and program weaknesses by maintaining static compliance.
• Performed risk-based security assessments, providing major Air Force IT systems with method to analyze and prioritize risks for making holistic business decisions on mitigating risks in disciplined, fiduciary responsible, and repeatable manner.


Specialties:  Cyber Security Governance, Strategies, Policies, Architecture;  Compliance (HIPAA, PCI DSS, PII), Security Threat Models, Vulnerability Analyses;  Risk Assessments and Risk Mitigation; Business Continuity/Disaster Recovery;  Security Awareness, & Training; Organizational Development; Capital / Operations Budgeting; Public Speaker