Hi, I’m Amandeep Singh
I specialize in building secure, compliant, and resilient cybersecurity programs for federal agencies, critical infrastructure, and enterprise organizations. With deep expertise in Zero Trust Architecture, identity security, and NIST-based compliance, I help organizations align cybersecurity strategy with business and national security objectives.
About Me
I am a cybersecurity executive with extensive experience leading security strategy, risk management, and compliance programs across federal agencies, critical infrastructure, financial services, telecommunications, and healthcare. My core strength is enterprise risk management, quantifying, prioritizing, and reducing risk to align cybersecurity with business and mission objectives, complemented by deep expertise in Zero Trust Architecture, identity security, and NIST-based compliance within complex, highly regulated environments.
I have supported leading organizations, including:
- NASA
- GSA
- the Maryland Public Service Commission
- Temple Health
- Capital One
- Verizon
- US Army Regional Cybersecurity Center
Working closely with executive and technical teams, I translate cybersecurity into measurable business value, reducing risk, strengthening compliance, and building resilient, future-ready security programs.
Education
Master’s in Cybersecurity and Information Assurance
Master’s in Cybersecurity and Information Assurance
Currently pursuing Doctorate in Cybersecurity
Authored Book
Trust No Model:
An Executive Guide to Safe AI Strategy
Professional Executive Education
- CTO Program by The Wharton School
- Financial Planning and Analysis by The Wharton School
- Leading a Technology Driven Organization by The Wharton School
- Technology Acceleration Program by The Wharton School
- Risk Management for Corporate Leaders by Harvard Business School
- Financial Planning and Analysis by The Wharton School
- Professional Certificate in Artificial Intelligence and Machine Lear
- CISO Program by Carnegie Mellon
Certifications
Leadership & Management
- CISSP
- CISM
- SABSA
- PMP
- ITIL Foundation
- Disaster Recovery Management
- CCISO
- FAIR Risk Quantification
Compliance
- CMMC Certified Professiona
- ISO 27002
- CIPP/US
Technical
- Technical
- OSCP
- API Security Architect
- AWS Security Specialist and Architect Professional
- Dark Web Forensic
- Google Cloud Security Engineer Professional
- Computer Hacking and Forensic Investigator
- Incident Handler
- Encryption Specialist
- Cloud Security Engineer
Projects
Zero Trust Architecture Compliance & Incident Management
Cybersecurity Director – Maryland Public Service Commission
Led cybersecurity oversight for 70+ regulated utility companies, driving Zero Trust Architecture adoption and implementing standardized incident response practices. Integrated NERC audit
readiness and MITRE ATT&CK for threat-informed defense.
Key Contributions:
- Enforced Zero Trust Architecture compliance across critical infrastructure operators.
- Assessed utility programs using NIST Cybersecurity Framework, CISA Performance Goals, and NERC audit standards.
- Designed and deployed an Incident Management Program mapped to the MITRE ATT&CK framework.
- Provided strategic cybersecurity policy guidance to Maryland PSC leadership.
- Fostered collaboration among state agencies, utilities, and federal partners to align with national security objectives.
- Participated in state-level threat intelligence networks to enhance situational awareness and coordinated response.
Mobile Security & Secure Integration – Capital One
Product Security Manager– Capital One
Led security efforts for Capital One’s flagship mobile application and A/B testing platform by embedding security into the development lifecycle and aligning with business-driven
experimentation.
Key Contributions:
- Secured the mobile app architecture through proactive threat modeling, reducing risk exposure and aligning with agile business needs.
- Embedded security controls into the A/B testing platform, ensuring experimentation integrity without compromising customer data or regulatory compliance.
- Spearheaded secure backend integration between Capital One and Discover mobile platforms during M&A, effectively reducing the attack surface and ensuring secure data exchange
- Collaborated cross-functionally with engineering and product teams to ensure security-by-design principles across all mobile releases.
Enterprise Data Center Migration/Decommission – Verizon
Supported the secure migration of a large-scale data center environment hosting critical infrastructure for multiple Fortune 500 clients, ensuring continuity, compliance, and risk mitigation throughout the transition.
Identity Architecture for GSA 2024 Presidential Transition
Lead Security Officer – General Services Administration (GSA)
Designed and led the security architecture for the 2024 Presidential Transition, implementing a phishing-resistant, passwordless identity solution across multi-cloud environments, while ensuring regulatory compliance for moderate-impact federal systems.
Key Contributions:
- Architected FIDO2 passwordless authentication using Okta across Azure and GCP environments.
- Developed and led the security implementation of GSA’s moderate-impact System Security Plan (SSP) in alignment with NIST 800-53 controls.
- Integrated advanced anti-phishing mechanisms to meet OMB and CISA cybersecurity mandates.
- Ensured full compliance with Zero Trust Architecture principles for identity management.
NASA Risk Management & NIST 800-53 Rev. 5 Transition
Risk Information compliance manager – NASA (Contracted)
Oversaw the risk management transformation at NASA by migrating multiple systems to NIST 800-53 Revision 5 and achieving higher authorization scores through enhanced threat modeling and posture improvements.
Key Contributions:
- Successfully transitioned 5 SSPs (2 High, 1 Moderate, 2 Low), securing ATO for all systems.
- Managed a team of 5 Security Engineers and 3 ISSOs through the full Rev. 5 compliance lifecycle.
- Boosted ATO scoring from 72 to 85+, reinforcing NASA's cybersecurity posture.