Carlos Sanchez, CISSP CEH

Cyber | Risk Management

Gaithersburg, Maryland, United States

About

As a seasoned cybersecurity professional with over 30 years of experience, I have a proven track record in facilitating operational and compliance-related cyber risk management activities for large organizations. I serve as the primary liaison for information assurance initiatives, providing strategic direction and policy guidance for the Office of Director (OD) and other NIH components. I oversee risk assessments for web-based applications, endpoints, and associated infrastructure, ensuring compliance with federal security standards. I also manage and optimize a comprehensive security tool portfolio, including Cloudflare WAF, Darktrace, Palo Alto Firewalls, SentinelOne EDR, and Splunk Logging. Additionally, I direct all FISMA assessment and authorization processes for several OD enterprise systems. I am passionate about sharing my knowledge and expertise with the next generation of cybersecurity professionals, and I have been an adjunct faculty member at the University of Maryland Global Campus for over 8 years, teaching undergraduate cybersecurity courses. I hold a Master of Science degree in Computer and Information Systems Security/Information Assurance from Capitol College. I am also a Certified Information Systems Security Professional (CISSP) and a Certified Ethical Hacker (CEH).

Experience

  • Sr Manager | Security Engineering & Architecture at Tenable
    Jun 2025 - Present · 1 yr 2 mos

  • Adjunct Faculty at University of Maryland Global Campus
    Feb 2015 - Present · 11 yrs 6 mos

    Adjunct Professor for Undergraduate Cybersecurity Program

  • Advisory Board Member at Capitol Technology University
    Jan 2017 - Present · 9 yrs 7 mos

  • Chief Infosec Officer-Executive Office at The National Institutes of Health
    Jan 2017 - Jul 2025 · 8 yrs 7 mos

  • Chief Information Security Officer at National Governors Association
    Dec 2015 - Jan 2017 · 1 yr 2 mos

    • Establish security, reliability, scalability, and availability across the enterprise for all technology initiatives. • Ensure operational integrity of all aspects of information technology. • Set priorities for technical operations across various functional units. ...and more.