Gronce Fox Loto a fageng {0 Mheis 4 Nowban OM 92112 | enginering renptae xy Expert Opinion Letter (Confidential) ‘Analysis of Positional Requirements for Natlonal Interest Waiver Author: Dr, Brent D. Wilson Author Info: George Fox University, Newberg, Oregon Professor Computer Ssiunce, Information Systems, & Cyber Security Education 2006-2009 Colorado Technical University Doctorate Colorado Springs. Colbrado of Computer Science 1997-2000 Nova Southeastern University Fe. Lauderdale, Florida Master of Science Degree - Computer Science 1986-1989 Western Oregon University Master of Arts. Monmouth, Oregon Degree — Advanced Mathematles & Computer Science Education 1982-1986 Western Oregon University’ Monmouth, Oregon Bachelor of Scierice Degree - Computer Science 1982-1986 Wesiern Oregon University Monmouth, Oregon Bachelor of Seience Degrow - Muthernaties PROFESSIONAL HISTORY 1004. present George Fox University, Newberg. Oregon Professor Computer Seience, Information Systems, & Cyber Security 2002-2012 Chief Information Officer Portland, Oregon Ailan Corporation PROFESSIONAL AFFILIATIONS & BOARD MEMBERSHIPS 2014-present Advisory Board member, Oregon Computer Science Teachers Association ‘202-present Member of the National Band of Directors of the Consortium for Computing Setences in Colleges (CCSC),GroterFox Chg ce, su eeunaeet 414%. MepuladS,, Newer, O19TUAT |) anghanating 2002-present Member of the NW Regional Board of Directors of the Consortium for Computing Sciences in Colleges (CSC), 2006-2011 Technical Member of Advisory Board Oregon Aesthetic Technologies ~ Portland, Oregon 1996-present Member of IEEE Computer Society 1996-present Member af ACM (Association of Computing Machinery) Special Interest Group Membership: Computer Seience EducationGnocuaibor College of Fagiaverng UNIVERSITY Has Dear USCIS, “The foregoing Expert Opinion Letter has been prepared and eertifiad by me. The Expert Opinion Letter is strictly my opinion and is not the opinion of the university with which Iam affiliated, nor any of its departments or aMilites. The signature at the bottom is my signature, L write thie leter on behalf of Juan (il in support of pplication for a National Interest Waiver to advance his proposed endeavor as a professional expert in the fikd of cybersecurity. I strongly support his plans to provide his expertise within this field. My academic credentials include a Bachelor of Science Degree in Computer Ssiehce and a Bachelor of Seience Degree in Mathematics from Western Oregon University: a Master of Arts Degree in Advanced Mathematics and Computer Science Education also from Western Oregon University: Master of Seience Degiee in Computer Science from Nova Southeastem University; and a Doctorate of Computer Science Degree from Colorado Technical University Tam currently a Professor of Computer Science, Information Systems, & Cyber Security at George Fox. University, a university fully accredited by the Northwest Commission on Colleges and Universities. | have published several journal articles in different areas of computer science and computer programming ‘ud [rave given muicrous presentations on computer seicnes related topics ot professional and academic ‘conferences, having served as Chair of such conferences as well. | am a member of the NW Regional Board ‘of Directors of the Consortium for Computing Sciences in Colleges (CCSC), the National Board of Directors of the Consortium for Computing Sciences in Colleges (CCSC), and the IEEE Computer Society, ‘My professional opinions have been widely accepied in all areas of computer science, computer information ystems, Information Technology, and related areas. In addition to my career in academia, I have worked for over'a decade as a Chief Information Officer for a provider of web-based technical solutions, ‘As an evaluator, | am responsible for reviewing academic and experiential qualifications to form part of a candidate's credential evaluation report, providing a detailed analysis of the academic background and ‘occtipationall experience that @ person has received outside the United States. Through my academic and professional experience, | have developed an expert knowledge on how to ‘analyze, evaluate, and characterize job duties, responsibilities, qualifications, and expertise. Therefore, | am qualified to issue an opinion on the level and significance of Juan Gil’s ability as well as evaluate the ‘appropriateness of granting him a National Interest Waiver, Throughout the remainder of this letter, | will provide an analysis and advisory evaluation of his exceptional ability and eligibility for a National Interest Waiver. According to USCIS, The United States Citizenship and Immigration Services (USCIS) uses the following three prong system requirements for a National Interest Waiver.¢ konce Has {ep o Eryiorseng 410. Mead Sty Nrwhorgs OR STEED semper sooner UNIVERSITY + Requirement 1 - The foreign national’s proposed endeavor has both substantial merit ard national importance. + Requirement 2 - The foreign national is well-positioned 10 advance the proposed endeavor. + Requirement 3 - ft would be beneficial 10 the United Staws 1 waive the job offer and labor corrification requirements, REQUIREMENT 1 The foreign nationals proposed endeavor has both substantial merit and national importance. As discussed herein, | find that Juian Gil meets the three requirements set forth by the USCIS to evaluate national interest requests, In my opinion, iris clearly in the national interest of the Uinited States to grant hhim a National Interest Waiver, given his impressive record of achievements as an Cyberseourity Specialist, He has in-depth experience in leadership positions and has been accountable for leading projects related to the application of cybersecurity models for network assurance on critical infrastructures of oil and gas companies, whiely allows thet 4 ensuite security, continuity of operation aud cust reduction, He has experience working in large- and medium-sized companies and customers providing infrastructure support, IT/Date Center services, and dealing with logical and physical security issues, His innovative work has been widely: lauded in his field of endeavor. Through his exceptional track record of experience as Cybersectirity Specialist, he has demonstrated that he is fully capable and well-positioned to advance the proposed endeavor of applying his expertise and skills in his field to strengthen the Information Technology industry in the United States. His proposed endeavor to provide hiis services in the Information Technology industry in the U.S. is ta demand and of national importance. Generally, information security analysts assess their organizations’ information technology and computer systems. identifying strengths and weaknesses. They conduct penetration tests, risk analyses, and ethical hacks on local area.networks, wide area networks, and virtual private networks, They also assess routers, firewalls, and comparable systems to determine efficacy and efficteney. Ihese professionals often develop and implement entirely new security architectures. They blend knowledge of security hardware atid software, organizational needs, and cybersecurity risks. with organizational policies and industry standards. Upon being granted permanent residency, Juan Gil will create, develop, and implement innovative solutions to attend U.S. companies’ needs. He has ttie capacity to adapt a wide riage of methodologies to each business by implementing systems and processes and providing real-time integration to companies of different sizes and segments. Ultimately, he will offer intelligent and innovative solutions aiming, at supporting many businesses, by optimizing processes, reducing costs, increasing productivity, and helpingGrorcE Fox posite UNIVERSHTY ‘companies operate miore efficiently. He will develop secure new infrastructure for autonomous and robotic systems that will accelerate the economic and social progress in all areas of doing safe and secure business, Specifically, he will contribute to business performance, the implementation and compliance of ‘eybersecurity standards on critical infrastructure to strengthen the cybersecurity capabilities of the federal ‘government and private sector of the United States, He will provide the following services: Cyberscourity Diagnostic Tools - The application of eybersecutity diagnostic wols such as the "Gartner IT Score for Security & Risk Management” allows to measure the maturity of key security activities in a business model, prioritizes areas for improvement and charts the path of the function to improve: this diagnosis covers 30 activities in 7 functional safety objectives. Juan Gil has the expert knowledge of how to apply these types of tools to know the state of maturity at the level of cybersecurity ofa company with respect to the benchmark of the same economic scetor, knows: how to identify the priority: index of its activities and visualize those of greater significant opportunities for improvement within the security processes of the company. shows the business: its current state with respect to other companies in the same sector and what would be its final stare of success a the level of cybersecurity maturity NIST Cybersecurity Framework Application - The U.S. National Institute of Standards and ‘Tecnology (NIST) has created @ Cyber Security Framework, which sets voluntary standards ‘applicable to critieal infrastructure companies. tt incorporates many international benchmarks as ‘examples of best practices to help U.S, companies manoge and reduee eybersceurity, risks. This Framework for improving, cybersecurity in critical infrastructures has been in force in the United States since April 16, 2018. This particular set of standards, guidelines, and practices is considered ‘a gore element for any organization working to build or enhance its cybersecurity program, as well a its ability to detect. respond, prevent, and recover from cyberattacks, organizations can leverage NIST best practices to idemtify. opportunities to strengthen and communicate their cybersecurity risk management while aligning with industry practice. Juan Gil possesses the expert knowledge of implementing security strategies in accordance with the NIST Cybersecurity Framework, developing the profile for a company that deseribes the current state and desired by the company on its specific cybersecurity activities. Possess the expert knowledge of the application of this methodology that gives an epproach to reduce the risk linked fo eyber threats that may compromise information security and that is applicable (0 any type of companies. (Cybersecurity plan - A cybersecurity plan is a roadmap. in which a series of actions and projects are defined and planned with the aim of reducing the risks to which the company is exposed, in order to develop its operational activity safely. achieving the projection of initiatives, cost estimation, identification and generation of controls necessary to support compliance with cybersecurity standards in the industry. The cybersecurity plan includes the analysis of a possible economic impact of a cyber-attack, with the application of economic calculations based on qualitative premises obtained. The ranges of losses from a general visual to the particular. This analysis allows US companiesta make a decision on the execution of the proposed initiatives within¢ Gronne Ras allege of Repocee¥y See erhtal8, Riwoary OH ZTLAL | vebpnwerig gronghtonsede: UNIVERSITY the strategic cybersecurity plan with a lower degree of uncertainty, with the aim of reducing cyber tisk and obtaining a positive return on investment (RO!). Suan Gil possesses the knowledge of best practices, global cybersecurity standards and the epplication of economic models to estimate the potential impact of potential eyber-attacks, he is an expert with extraordinary skills to identify cybersecurity needs, estimate the economic impact, design customized cybersecurity strategic plans for different U.S, companies that would help to derive the value of the investment, ensuring that decisions are made on solid foundations: Network architecture in eritical infrastructure - A critical infrastructure network architecture is the design of & communications network, a fiamework for the specification of the physical components of a network and its fiunctional organization and configuration, its operational procedures and principles, as well as the communication protocols used in its operation, the interruption or destruction of which would have an impact. weakening in the security of the nation, rational economic security. health and publi¢ safety. or any combination thereof, Infrastructure architecture is a method for organizing all processes related to technologies in the enterprise, It contributes to improving the vistalization and definition of the steps to follow based on hardware and software, Becoming a useful corporate too! 1o carry out a project and make it really achievable. It demands the correct definition of the processes to structure the technological architecture on critical infrastructure networks, Juan Gil has the knowledge certified as an architect of teclnoligical solutions abich he has applied during bis years of experience, designing new solutions and implementing architectures in order to improve the security of information systems considered as critical or in critical operations networks such as SCADA systems(Supervisory ‘Control and Data Acquisition) widely used in companies in the Ojl & Gas sector. He is also well qualified to provide training on themes related to information security, as well as other subjects of great relevance within the information technology arena. He is skilled enough to promote events and train other U.S. professionals, thereby helping the nation enhance its IT workforce. Consequently, he. will build a network of qualified personnel to lead IT departments and to create solutions in order to advance ‘innovations to better serve the field. Additionally, he is well prepated to offer information security consulting services to a wide’ range of enterprises. He will work to develop and implement applications, as well es data migration and collaborate ‘with business professionals to implement end-to-end solutions. Given his vast experience, he is also well qualified (o tain other professionals in the field, thereby expanding the workforce in the Information ‘Technology industry, His endeavor has substantial benefits for the United States’ I sector. The United States information infrastructure, ranging from telecommunications to computter networks, is the foundation for much of the business, military and civilian activity that occurs daily throughout the country, Over the years, these systems have become increasingly complex and interconnected, and the tools and methods to attack our core information architecture—ineluding critical ational security systems—have multiplied as well, Hence, (T professionals, such as Juan Gil, are important to the nation overall,Caitegeo Feagrnering Grorce Fox UNIVERSITY AEN. Mita My New, GH-ITIIE elaworay guarg “The United States is the largest tech market in the world, representing 33 percent of the total, or approximately $1.6 tillion for 2021. Inthe U.5., a3 well a3 in many other countries, the tech sector acootints for a significant portion of economic activity, CompTIA’s Cyberstates report reveals that the economic impact of the U.S. tech sector, measured as-4 percentage of gross domestic product, exceeds that of most other industries, including notable sectors such as retail, construction and transportation. Furthermore, Information Technology impacts the U.S. economy in a number of ways. One of the most noticeable is electronic commerce, or e-commerce, in which the buying and selling of products over the Internet has contributed 10 the economic growth of the United States. Information Technology has also redefined orvanizational boundaries. Companies can now build client relationships online, keep inventory electronically, and exchange purchase orders through the Internet. It should be noted that hotiday shoppers spent $10.7 billion on Cyber Monday 2021, aevording to CNBC. Private and govemment Consumption will further support IT spending in the United States, Cloud computing, and the Internet of Things are vital for market expansion over the medium term, due to their immense potential for industrial growth. The industry's [T software and service segment experienced the fastest growth in the past decade, which has been sitengtivened by strong government support. Furthermore, swide usage of computers and growing access to the internet and rising internet penetration are driving the market demand im the Unived States (Murket Watch) ‘And in this day and age of technology, with the prevalent use of the Internet, we are also more prone to ‘eyber-attacks, New risks emerge every hour of every day. Connecting to the Intemet opens up the possibility ‘of 9 hacker targeting an organization or individual. Cybercrime is becoming big business and cyber risk is ‘8 focus of organizations and governments globally. Monetary and reputational risks are high if ‘organizations do noi have an appropriate cybersecurity plan. Business and government leaders can no longer solely rely on out-of-the-box eybersecurity solutions like antivirus software and firewalls, eybereriminals are geting smarter and their tacts are becoming more resilient to conventional cyber defenses. Cybercrime daily estimates nun as high as 4,000 ransomware aitacks, 33,000 phishing atiacks end 80 billion malicious scans. That equates to the potential to lose over 1,000,000 recards to malicious actions (CCB Technology, n.d.). A Mea fee report on the Economie Impact of Cybercrime, found that it costs the global economy around $600 billion a year. That ts up trom $500. billion, or around 0.8 per cent of global GDP. Although the total gost of malicious eyber activity direcied at U.S. entities is difficult to estimate due to the fact that many breaches go undetected or unreported, an attack still has a significant spillover effect to corporate pariners, customers, and suppliers. Malicious cyber activity imposes a drag on economic growth bby enabling new means for stealing IP, which can be considered u tax on innovation. The threats slow down the rate of development and adoption of new information and communications technologies and thereby lower the efficiency gains that cun be achieved with these new technologies. And Juan Gil's endeavor ‘will be valuable in this matter.Gia desta 5, ; Sl ching: OR=T182 1 iinenny. gong oko UNIVERSITY ( Gioves hoc allege of Tegeerg Cybersecurity is meking sure your organization's data is safe from attacks from both internal and external bad actors. If can encompass # body of technologies, processes, structures, and practices used to protect hetworks, compitters, programs, and data from unauthorized: access or damage. The goal of any cybersecurity strateuy is 10 ensure confidentiality, data integrity. and availability. ‘According to the Governmont Accountability Office, the number of eyher incidents reported by federal agencies rose substantially from 5,303 to 33,632 incidents. Due to the demand for eyber protection, employment in the Cyber Sscurity sector contributes significantly to economic growth. An Information ‘Security Architect Lead, such as Juan Gil, would bring innovative technology solutions, and a sophisticated information security sector could become @ reliable source of exports of both products and services in the fire. A secure government technology infrastructure helps support the delivery of essential services, These span local publie safety’ and national security to protect citizens; disease control and prevention to ensure health and well-being: and transportation to keep commerce moving. A strong cybersecurity strategy also helps protect citizens’ personal data and goyemment data and algorithms—an increasing concern as agencies deploy more Al models, ‘The lack of SuiTicient informationfeyber security skills in thee rmarket iy jot oly ait HR recruiting problem. thas real-world ramifications for any organization operating technology systems that run its business. The shoriage of highly-skilled resources requires existing staff to take on a heavier workload, As with any other job, not having enough time to perform every task accurately leads to human error, lower quality assurance, and eventually, employee bumout. To this end, the propased endeavor will broadly enhance societal ‘welfare or cultural enrichment. IBISWorld reports that The IT Security Consulting industry in the U.S. has experienced rapid growth in recent years due to general improvements in macroeconomic: conditions and favorable shifts in business needs, Over the five years to 2025, the revenue for the industry will inorease at an annualized rate of 4.0 percent to $18.5 billion. The proliferation of e-commerce. mabile computing and. internet access. has ‘contributed to the industry's rapid growth, Furthermore, several high-profile security attacks on businesses have brought online security of personal sensitive information to the forefront of both consumer and management concems. Individuals are becoming mereasingly coneemed with how their personal information is used and secured online, boosting financial institutions! and governments! investment in IT security products and consulting. Safety concems do not endl there, however. as the sensitive data has moved onto cloud servers. An increasing perventage of services are conducted online, and therefore, businesses ‘must take further precautions in guarding sensitive information from the prying eyes of eyber eriminals and other hackers. Industry operators are expected to continue to benefit from trends that have contributed to growth during the current period. These factors include the continued adoption of mobile and broadband intemet, coupled With the movement of more information into the cloud, Furthermore, fear caused by the recent spate ofGrorce Fox UNIVERSITY 4148 Meriai’St, Sewinse: ORTIZ | smpnnormg youre high-profile data breaches will encourage companies to invest proactively in IT security solutions, while solid growth in corporate profit levels will provide them with the funds, ‘The US, goverment is & prominent target for eybererime, According to J, Clement, the most common types of eyberattacks directed at the U.S. are email or phishing, improper usage, and loss of theft of equipment. The Department of Defense was the only department with significant incresse in cybersecurity spending for F¥2020, while most civilian aganeies experienced budget cuts Per Statista, lousy protection is one of the main reasons why a business could be hacked, itis very concerning that nearly 70 percent of all businesses do not even have a formal cyberattack response plan, In one of their surveys, 80 percent of hackers state: “humans are the most responsible for security breaches.” The United States is one of the countries with the highest commitment to cybersecurity, based on the Global ‘Cyber Security Index. In 2019, govemment IT expenditure amounted 10 88 billion US. dollars, and by 2021. this figure is expected to surpass 92 billion. In terms of budget allocation, the Department of Defense stands out as the primary recipient of federal cybersecurity spending, as the agency is responsible for protecting the United States from both offline and online attacks. According to the DoD’s latest cyber strategy doetring, its eyber goals include building and maintaining forces to conduct cyberspace operations, securing and defending DoD data, preparation for disruptive and destructive eyberattacks, and integrating ‘eyber options and alliances into plans. The U.S, government and industry response to the ever-growing SolarWinds intrusion needs to be vansformational, the cyber equivalent to the 9/11 terrorist attacks. Recognizing the magnitude of this incident, one of President Biden's earliest proposals, the American Rescue Plan, calls for $10.2 billion in investments designed to “modernize federal information technology to protect against future eyher- attacks.” If approved by the U.S. Congress —and well-managed within the executive branch—this would be one of the largest Single efforts the U.S. government has ever undertaken to fix tong-running problems with legacy IT and cyber vulnerabilities, and a significant first step in realigning U.S. cyber defenses while building Americans’ trust in their government's ability to deliver reliable and secure services. Smart investments built ona trusted supply chain and based on the U.S. Cyber and Infrastructure Security Ageney (CISA) guidance and standards can raise the barriers to intruders and better protect federal systems, Among those that deserve the attention of federal 1T leaders are modern network and identity technologies, including zero trust, next generation identity management, and secure workstations for those users that have administrator level access. Used correctly, these technologies mean that even if an intruder has gained access to a system, lateral movement and privilege escalation within it sre much harder to aecomplish, and easier (o observe (Forbes). To this end, the proposed endeavor impacts a subject of national initiatives, (On the other hand, IDC (a global market intelligence firm) projects that the technology industry is on pace to reach $5 trillion in 2021. If this number holds, it will represent 4.2 percent growth, signaling a return to the trend line that the industry was om prior to the pandemic, Looking even further into the future, IDC expects the patter to continue, estimating a $ percent compound annual prowih rate (CAGR) for the industry through 2024, In this context, the proposed endeavor has significant potential to employ U.S. workers and has other substantial positive economic effects.0) GronrcE Fox ese alee ys ier MINTYERS ITY “Therefore, Juan Gil, with extensive experience in the Information Technology sector, has the capability to render services to cumyanies in the United States. Iie has proven expertise in bringing new IT security solutions to support institutions’ activities, reducing costs, and streamlining processes and responses. Inthe context above, the United States would greatly benefit from the expertise and skills. of an experienced Information Security Architect Lead such as Ian Gil, who has extensive knowledge and expertise in all aspects of Information Technology, His work has both substantial merit and national importance for the United States. ‘REQUIREMENT 2 ‘The foreign national is well-positioned to advance the proposed endeavor. Juan Gil is a professional with approximately 14 years of experience in the Information Technology industry and specializes in information security. In 2010, he compleved a Bachelor's degree in Systems Engineering at Universidad Autnoma de Colombia. He went on and completed a Specialist degree in ‘Technology Management at the same university in 20/5, Then later in 2019, he graduated with a Master of Sviemve degree it Business Administration tt Atiantis University. From 2007 to 2008, he worked as a Support Technician at Informatica Data Point Lida., where he provided technical support to infrastructure components, help desk support, network administration and installation, inventory management, hardware analysis nd acquisition. He also gave on-site support fo users of the Finance Secretariat and the Council of Bogota. He executed programming and preventive and corrective maintenance of the techological infrastructure in the network of Supercade of the city of Bogota, From 2008 t0 2011, he served as.a Technical Support Coordinator / IT Director at D'vinni S.A... responsible for a team of mote than 15 people between direct employees and contractors. He handled the overall Technology process: strategy development; market research, business case creation, solution design and delivery support-to operations, He designed and implemented IT services for the commercial attention of 10 points of sale nationwide and also implemented « technology operating model under the ITIL. process framework for service in Hogota and 4 other cities: In 201 1, he performed as a Systems Analyst at Compafia General de Avetos S.A. 1n this role, he provided technological support for Bogota headquarters and 5 branches achieving compliance with customer service ‘times, He was responsible for the technological infrastructure; design, maintenance, and implementation of IT solutions and for the creation of backup policies with implementation of Symantec Backup Exec and technological renewal, He provided level | support (SAP R/3, antivirus console with Meafue, active directory, corporate intranet, Firewall) and conducted follow-up in structured cabling projects at national level. supplier management aa) Bisanu kos aiepe of Eeyinoorg 408 Nonna St, Newhorg, CHORD. | mye UNIVERSITY From 2011 to 2012, he operated as a Systems Engineer at the Colombian Red Cross. Here, he provided technological support for Bogota headquarters and 32 branches, achieving compliance with customer service times. He handled the teclmuloyical process; development of applications. business exes and technological infrastructure, and elaborated financial valuation models and reports. for acquisitions. He served as a functional and technical leader of ERP platform on Siigo.net, E-health and Synergy who managed sceurity processes, IT change management, identity access contro, ete. From 2012 to 2013, he worked as the Techinalogy Analyst III at BNP Cantif Colombia Seguiens Generales S.A,, where he provided technological support in more than 30 direct clients achieving the fulfilment of customer service times. He executed the functional, availability .and performance assurance of the ‘company’s information systems (IIS, Vocelcom, BES, SQL, Web Services, Sezya, Backups, Altiris, DNS, GCI. CLV). He analyzed and complied with information security standards, vulnerability management ‘and execution of action plans and was responsible for the overall technology process: solution design and delivery, operations suppor He coordinated and assured infrastructure changes in a secure, efficient and documented manner, ensuring the implementation and operation of applications in the BCP. He even designed and implemented backup policies guaranteeing the availability of information. From 2013 to 2015, he served as an IS Analyst Senior / Supervisor responsible for a team of more than 20 people between direct employees and contractors, He desizned and implemented IT services for the commercial attention of more than 1S points of sale nationwide, provided technological support in more than 20 public events achieving the fulliient of ie company’s commercial strategies, oversaw ihe overall technology process: so ution design and delivery, operations support and risk management, represented the technology inflastrnveture area in Colombia, for the escalation of technical cases to-headquarters, and provided technological support for Colombia, Peru, and Venezuela, Since 2015, he has been operating as the Senior Professional / Technology Director. As such, he was responsible for a tear of more than 20 people, divided into 4 service towers: Applications, Infrastructure, Security, and IT Services. He designed and implemented the eybersecurity model, with more than 15 implementation initiatives. He gave support in the definition and implementation of a strateaic technology plan with more than |0 digital transformation initiatives, led the execution of a portfolio of IT services, growth initiatives and [1° projects for more tha USS 10 million to ensure the technology operation and sustainable growth of the company, and was responsible for the overall technology process: strategy development; market research, business case creation, solution design and delivery, operations support and risk management. He established and led a dain analytics strategy in charge of the design and implemeniaiion of a BVBA software composed of more than 70 indicators. Other tasks include: developed and exeeuted a technology resource optimization program with a target of USS1 million per year; supported in the definition and implementation of the new technology operating model: and dofined short- and long term IT strategies, corporate culture, organizational structure, administrative and operational processes, and {echnology roadmap, ensuring compliance with SLAs. During his time, he was able to achieve annual objectives with an average execution rate of 110 percent with outstanding qualification, His experienes validates Juan. Gil’s extensive capabilities 10 render services within the Information ‘Technology sector in the United States.q ‘Guoncn Fox College Engineering 414 SMa St Newhnsg. OR NFVIE —senpmeoranygeorgeton cy MNIVERS TTY 4 % ‘Testimonials and documentary evidence provided demonstrate that he has a record of notable success, as he has had a leading role in defining projects, especially those related to the IT und eyber security sector. “The record shows that Juan Gil’s initiatives and unique approach have been essential for these projecis’ success and will beneficially service U.S, companies. Juan Dayid Micolta, Digital Transformation Leader at Transpartadaea de Gas Intermacional SA PSP. states: “Yhave known engineer Juan Gil since 2013 when he joined the same company. in the first years of the engineer's work L was assigned as part of the work team of the technology projects led by Eng. Juan Gil, one of the projects in which we worked together was the implementation of new information systems for the commercial gas transport system, where the company obiained many benefits not only economically: improving its revenues. but also the auiomation of internal “processes, un integraied management of various areds of the company andl am impraveiment in response times in attention 10 fis customers, The participation of Engineer Juan Gil was furdamental because the biggest challenge was (he integration of various information systems with @ cybersecurity component where Engineer Juan Gil designed, developed and implemented a technological, robust and secure architecture for the communications that were presented hetween the environments of ihe SCADA Network (Supervisory Control And Data Acquisition) of the different prints of the yas pipeline lines and information systems, the engineer achieved thal integration with all the controls that at the level of cybersecurity that should be contemplated. Thanks 10 the: support of the engineer Juan Gil Thave achieved professional growth and today | share with hin shot leadership of Technology project management where we scek from the IT/0T cybersecurity front aud the digital transformation front an assurance of the critical infrastructure inthe company obtaining betier performance indicators, the application of best practices ia the inctstry, that as the largest company in the cousury with a 53% share of the twansport market in the Oil & Gas sector, we guarantee with these practices a continuous, safe and efficient operation.” Juan Francisco Acevedo Maza, Professional [T Networks and Telecommunications at Transportadora de Gas Internacional SA ESP, states: “Dhaave known Engineer Juan Gil since 2015 when he Joined the samme company, 1 have been part of the work teant of the technology projects led by Eng. Juan Gil, ane of the prajects In which we have worked in the last 3 years has heen the design and implementation of a evberseeurity plan 10 guard all the critical infrastructive of the company, where the engineer Gil has demonsirated his high capacity and knowledge of the subject, and with his adequate franca mamogement has delivered io the company econamic benefits through initiatives and negotiations with providers of technological security ani eybersecurity solutions. The reseurch methods applied by--Engineer Juan Gil herve been really very good, beceause he applies an initial methadotogy of diagnosis of the current situation of the conipany, then validates the economic impact that the company could hisve on a day of shutdown of the operation of the transport of Gas and cantinues with the design of a epbersecurity plan that would be implemented in the short term, medium cind long term, this givesAUN, Mined St, Nom, ORIDTERL | bagawernigigvorgtinsede UNIVERSITY ? 0) Grorew Fae ologn of Fagrnveing “you a very complete picture ofthe level of protection shai the company can have inthe present ard the future for improve and secure the critical mfrasiruerure. ‘Zeus A, Leon P.. Latam IT Leader at Baker Hughes, states: — “Lhave known Engineer Juan de Jesus Gil since 2010 through a certified hat we studied together at the Autonomous Universit of Coloabia and Lconsider him as an expert von iil in issues of application of eybersecurity models and as.an economic analyst for decision making in technology, his consulting was vital to the successful preparation ancl implementation of the initiatives that 1 have implemented from my’ position at BAKER HUGHES. His experience in the development of cvbersecurity rmodels and economic tnalysis for the implementation of computer security initiatives will he of national inierest to the US in general because it improves the information security at the perimeter level of any type of companies. whether private or pubic, improving seeurity Indicators, ensuring. corporate information systenis of possible external cyber-attacks, and deploying a roadmap of riew initiatives on neeworks of eritical infrastructure that could be implemenied to ensure its operation andl continuity of business information systenis.” Andres Alonso Urrego Risto, Global Technology Manager of Marco Marketing Latam, states: “Fhaave known engineer Jute Gil ince 2013 when Ire jotned the company Merhatife Colombia, we worked together in several prajecis. such as Design and implementation of technology services for hee commercial atemion of more than 13 cities in Colombia, technological assistance end technical support in massive eveats held by Herbalife natianwide, the design aid implementation of a robust and stable architecture with computer security components to support the company's critical systems, where I kad the apportaaity 0 see their professionalism and competence. Lenjoyed working with Engineer Juan and discovered that he is a very valuable person cond then makes a difference for any tecan. He is ax honest, confident, and incredibly dedicated person in his work and passionate about continuous learaing, 1 acquire new knowledge that he could apply to his working life. Curremily 1 have closely followed the eybersecurity models in eritical systems: that engineer Juan Gil has been in progress, they are models with good technical foundation and correct analysis of each of the components that make it up, thanks 10 the information provided by the Engineer at the consiitation level I hae managed 10 ailopt some of his analysis methods for decision matking in my current rote, achieving recognition in my work for their applications.” ‘Through his world class education and hands-on work experience, he has demonstrated that he is fully capable and well-positioned to advance the proposed endeavor due 19 his record of achievements and expertise in his field, in addition to the various leading and critical roles for the companies in which he has worked. REQUIREMENT 3Grorce Fox UNIVERSITY 414 Nedved Sk dewey OILTTAR | apiesiing se I would be beneficial to the United States to waive the job offer and labor certification requirements. ‘The labor certification process is designea! 10 protect the national interests of the United States by ensuring that the wages and working conditions of U.S. workers employed in the beneficiary's field would not be aidversely impacted tn reality, Joan Git ic not Gompating against LLS. hosed 1T professionals since hit expertise i rare. and the United States is already experiencing a shortage in this field. The United States has the opportunity to direetly benefit from the intimate knowledge and extensive experienee that he has as an Cybersecurity Specialist Systems Engineer: Employment of information security analysts is projected to grow 33 percent from 2020 to 2030, much faster than the average for all occupations. About 16.300 openinuy for information security analysts are projected cach year, on average, over the decade, Many of those openings are expected to result from the need to replace workers who transfer to different occupations or exit the labor force, such'as to. retire ‘Demand for information security analysts is expected 10 be very high, Cyberattacks have grown in frequency, and analysts will be needed to come up with innovative solutions to prevent hackers from stealing critical information or creating problems for computer networks, The increasing adoption of cloud services by smell and medium-sized businesses and a rise in cybersecurity threats will ereate demand for information security analysts hronghoutake devade. Banks and financial institutions, ay well #s otler ty pes of corporations, will need to increase their information: security capabilities in the face of growing cybersecurity threats, [a addition, as the healthcare industry expands its use of electronic medical records, ensuring patients’ privacy and protecting personal data are essential, More information security analysts are likely to be needed to create the safeguards that will protect personal information and satisfy patients” concerns. (U.S. Bureau of Labor and Statistics, 2021) Companies are looking not only for individuals that passess hard technical skills, but also those who have training in business fundamentals such as project management, finance, and communication. Often this interdisciplinary training is attained through a combination of work experience and graduate-level education. A report from IT and networking company Ciseo and market intelligence firm IDC highlighted IT jobs that fare most highly demanded and most important to an organization's success. through a global survey. of hiring managers in Information Technology and analysis of nearly two million ( job postings. Recruiters said skills in Cyber Security, cloud, data analytics, Internet of Things, and converged infrastructure are the highest value. They also said there is skill shortage for many of these roles. According to Code.org, the latest cata show that there were fess than 50,000 Computer Science gradusites. However, there are over 500,000 open computing positions in the United States. This could mean that the ayailable seats for this position will exceed qualified applicants by « million which could widen the zap ‘even more. Based on the research done by ACT (The App Association), there are more than 220,000 job ‘openings in the US. They said that there are more job openings than there are qualified applicants.allege of apr cring 4H. Mevulie®,, Newby: OR TTLIE | ompiwering. oe Grorce Fox MNIVERSITY Companies might find it extremely chatlenging to find the right talent. An estimated | million computer progeammitig-related jobs in the US are expected to be unfilled, based on data statisties fiom Full Seale. Juan Gil's in-depth know ledge of Information Technology proves he is exceptionally qualified 10 hold a position in this field within the United States. Given his in-depth knowledge and approximately 14 years of ‘experience in the Information Technology industry, he is well-positioned 1o train other U.S. professionals in the related field, in addition to providing consulting services to LS. businesses ‘Therefore, Juan Gil’s experience in the field of Information Technology, in addition to his expertise in all aspects of information security, is essential in providing great support to the Information Technology sector, as well as U.S. companies. He will not be competing with other U.S. workers as he will be working with IT solutions according to idual needs of businesses, as well as implementing knowledge and skills to other U.S. professionals. His expertise and skills in the IT sector are unique and have the capacity to expand the IT workforce. ‘Therefore, he will not be displacing any American worker. Ae would be beneficial for the US. to waive the job offer and labor certification requirements because he is not competing against any American worker, He wil] provide tinique contributions as most companies ‘would benefit from his expertise in information security. By possessing a distinguishes ubility 10 aysess the needs of each company, Juan Gil can help companies decide what is the best methodology, while delivering technical presentations and training to other U.S. workers in the field, thereby expanling the workforce. Based upon his expertise and extensive experience in the field of Information Technology, he is uniquely qualified to help U.S. companies successfully seize market and investment opportunities and enhance their ‘management capabilities in the United States, Furthermnore. the implicit opportunity cost of nat allowing him to reside in the United States and in order to.allow U.S. companies to benefit from his skills and professional experience can be sizable in terms of foregone economic activity. national growth, tax revenue. and wellbeing of citizens. In summary, waiving the job ofTer and labor certification requirements for Juan Gil is in the national interest of the Uinited States. CONCLUSION vis my opinion that Juan Gil meets the Following three requirements set forth by the USCIS to evaluate requests for National Interest Waiver. The aforementioned requirements are:Gronve Fox Guilege Begerecin UNIVERSTTY 4/0. Abidin 8. Newburg Om 283 © Requirement 1 - The foreign national’s proposed endeavor has bath substeoutial meric card national importance. © Requirement 2- The foreign meuiunal is well-positioned to actvance the proposed endeavor, © Requirement 3 - It would be beneficial 10 the United States to waive the job offer and labor certification requirements. - Ye hes demonstrated a remarkable rugord of specific achievements 4s an Infismation Security. Architect Lead with an intimate and sophisticated knowledge in the field of information and cybersecurity. which is clearly indicative of future benefits to the national interest of the United States, There are substantial economic benefits for the United States associated with waiving the job offer and labor certification requireients for him, in terms of his activity and job creation that outweigh the national ‘interests in the labor centfieation process. ‘Taken together, the evidence demonstrates that it is beneficial to the United States to grant him a National Interest Waiver, given his professional experience in information technology as well as his intimate knowledge and experience in bringing new IT security solutions to support institutions’ activities, reducing costs, and stream ining processes and responses, “The foregoing is un analysis ancl-auivisory evaluation of Juan Gil’ request for a Nacional nterest Waiver ‘based on documents provided by him aswell as information based on my own research, The documents are represented to be authentic and true copies of the original documents. To the best of my knowledge, I have no reason fo doubt the authenticity and aceuraey of these documents. BAZAR Dr. Brent Wilbon, D.C.S, George Fox University Professor of Computer Science, Information Systems, & Cyber Security February 19, 2022aq) Guosee hot allege of Begining ELEN, Metis 4 Newberg, OF 714 ators MINIVERSITY oe References: 1, Employment-Dased Immigration: First Preference EB2NIW, huips://swww.useis gou/working- united- states‘permanent-workers/employment-based- immigration-second-preference-¢b-2 2. https:/Awww.ibisworld,com/united-states/market-research-reports/it-security-consulting-industry! 3, hitpsu/seeurityboulevard.com/20 19/04 /the-areat-eyber-security-talent-shortage-continixcs! 4, hiipswwnw comptia neg/contentinssenrchiit-industry-trends-analysis a 5. hips:/www.marketwatch.com/press-release/iited-states-information-technology-it-matkel- 2020-report-by-size-share-applications-types-zrowth-foreast-2026-2020-01-10, 6. hittps:!/www getelastic.com/black-friday-to-cyber-moinday-2019-statisties-infographie 7. https:l/www.cybentegrees.org/jobs/security-architect! 8. hmpsy/www.vistacollege.cdu/blog/careers/itvtop-growing-careers-in-information technology! 9. htips://www.businessinsider com/it-jobs-information-technology-2018-5 10. htrps:/syww.zdnet.com/articte/us-companies-facing-a-huge-tech-talent-deticit-in-2020 11. https: ww marketsandmarkets.com/Market-Reports/social-business-intelligence-bi-market- 1048.html 12. Intps:tiwww forhes. com/sites/gordonbitko/2020/12/22/what-public-and-private-sector-leaders- ean-do-to-stop-the-next-solarwindls-hack/’sh=467038638147 13. https://w ww forbes.com/sites/eordonbitke/2011/01/27¢how-bidens-102h-investment-can+ transform-federal-cybersceurity-post-solanwinds/2sh~dt7 742 76629 14, https://www. statista.com/topies/3387/us-government-and-cyber-crime/ddossierKeyfigures 1S. lhttps:/wwww.fac.ong/knowledae-uateway/preparing-future-ready~ professionals/discussion/eybersecurity-critical-all-organizations-lerge-and-small 16, https:/www.clinkedin.com/pulse/eyber-awareness-supply-chain-visibility-eloud-sandral 17, litips://wwws upguard.cony/log/cybersecurity-important 18, httpsi//wavw,bls.gov/ooh/computer-and-information-technology/information-seeurity= analysts himétab-6