Strengthening the Case for Collaboration in a Year of Transition
Amidst the transition of a new Congressional leadership, unprecedented fiscal restrictions and the uncertainties of what some are calling a global "cyber arms race", the US government's cyber fortitude is being tested at every turn. While past attempts at cyber legislation have failed, government leaders are still sought after to be a means of influence and enforcement of security standards and sound practices during this time of expanding perimeters, critical infrastructure vulnerability and a global race for cyber supremacy. What is becoming abundantly clear is that a challenge of this magnitude requires a greater reliance of government upon industry collaboration.
Join us for an exciting two days as we explore the prevailing factors working against US Government IT Security practitioners and managers, how existing technical and personnel resources are faring during this time of transition, what new resources are emerging -- from both industry and government -- that hold promise in helping to fulfill the mission of securing government systems and citizens, and more.
- Keynotes from leading government cyber security professionals
- Panels with industry leaders
- Two dedicated managerial and technical tracks
- Networking with experts and cyber security professional
- CISOs, CIOs, CTOs
- Chief Architects
- Security Managers
- Senior IT Program Management
- Cyber Professionals
Topics to be covered:
A Snapshot of the Top Issues Impacting Government's Human Assets (Based on newly released findings of 2013 (ISC)2 Global Workforce Study)
Roundtable discussion lead by (ISC)² Executive Director, Hord Tipton
Ernest McDuffie, PH. D.-Lead for the National Initiativefor Cybersecurity Education (NICE), United States Department of Commerce (DoC) and National Institute of Standards and Technology (NIST)
Craig M. McComb, DAF, GS15 Deputy CIO 88th CG/SC, US Air Force Life Cycle Management Center
Robin "Montana" Williams, Director of National CyberSecurity Education and Workforce Development Office
Critical Infrastructure Protection -Separating Fact from Fiction: Just how vulnerable is vulnerable?
With all the hype around cybersecurity, it's hard to tell what's true and what isn't. Understanding the real threats, vulnerabilities and impacts to Critical Infrastructure is a significant challenge. Discerning practical and cost-effective risk management strategies to mitigate the risk can be equally difficult. Hear the ground truth about what's happening in the cybersecurity trenches and what you should do about it.
Patrick Miller, Founder, Director and President Emeritus of EnergySec and the National Electric Sector Cybersecurity Organization (NESCO).
Realizing The Untapped Benefits of Security Automation
This panel discussion will feature industry and agency security experts sharing the out-of-the-box strategies and tactics they're taking with continuous monitoring practices and the impact it's having on their larger information security efforts.
Chris Runde-Vce President of Transportation & Government Solutions/AlterEnterprise
Leo Scanlon-CISO at NARA
Al Seifert-Chief Executive Officer, MSB Cybersecurity
Bill Jackson-Senior Correspondent, GCN Magazine
Managing the BYOD Revolution
This session will discuss the way forward for agencies that want to implement a Bring Your Own Device (BYOD) initiative, including providing an overview of how mobile devices are beginning to dominate existing government mandates and architectures, the security and management challenges and solutions involved and the best practices that are being shown to effectively manage this burgeoning type of program.
Darren Ash-CIO at (NRC)
Eugene Liderman- Director of Public Sector. Technology @ Good Technology
Aliya Sternstein-Government Executive Magazine
Employee and User Expectation of Privacy in Mobile Applications
In light of recent changes in technology and law, employers are increasingly shifting the burden of mobile device selection and utilization to an employee support model. What are the ramifications of this model on privacy rights, and what options do corporations have in assuring the security of their data?
Spencer Wilcox, Special Assistant to the VP and Lead Security Strategist at Exelon
Credentialing in the Cloud: Overcoming the next FedRAMP hurdles.
The Federal Risk and Authorization Management Program (FedRAMP), designed to reduce duplicative efforts, inconsistencies and cost inefficiencies associated with the current security authorization process, is finally getting underway, with two cloud service providers recently approved. But how much progress is really being made, what are the next set of security issues that must be overcome and what do information security professionals in both industry and government need to understand to effectively comply with and make the most of this initiative? This session will address these questions and more.
Maria Roat, Director of FedRamp
Zack Brown, CISO, CFPB
Dan Waddell, Senior Director, Information Assurance & Cybersecurity, eGlobalTech
Supply Chain Risk Management Practices for Federal Information Systems
Agencies are increasingly at risk of both intentional and unintentional supply chain compromise due to the growing sophistication of technologies and the growing speed and scale of a complex, distributed global supply chain. Agencies do not have a consistent or comprehensive way of understanding the processes and practices used to create and deliver the hardware and software products and services that they procure, making it increasingly difficult to understand their exposure and manage the associated supply chain risks. Managing supply chain risk is a strategic challenge that requires increased coordination among a multidisciplinary team of stakeholders representing information technology and security, acquisition, legal, engineering, integration, suppliers, and the mission. This session will describe NIST's work on supply chain risk management and offer an overview of NIST's approach to future guidance.
Jon Boyens-Senior Advisor for Information Security at NIST
Big Data and Automated Intelligence Sharing
Big Data, Continuous Monitoring and Automated Sharing: So What Will All The People Do? The promise of leveraging highly scalable analytic methods, continuous monitoring instruments, and automated information sharing protocols is that network defenders and security professionals will be able to marshal sophisticated automata to assist with ever greater volumes of the cybersecurity workload. If we assume that these types of initiatives are successful, what might the average cybersecurity "day in the life" start to look like? More importantly, as cybersecurity practitioners automate more and more of their efforts, how should we seek to maximize the value of the human contribution?
Tom Millar, DHS
Breaking the Barriers to Developing Skilled Cyber Leaders
This panel of former recipients of the prestigious (ISC)2 Government Information Security Leadership Award will discuss their career development, the innovative steps they took to increase their influence as an information security professional and their thoughts on what is necessary to attract and foster the information security leaders of the future.
Harold J. Arata III, PhD- Director, Airforce Cyberspace-Technical Center of Excellence
Joe Jarzombek-Director for Software Assurance Stakeholder Engagement & Cyber Infrastructure Resilience Cyber Security and Communications Department of Homeland Security
What's New in NIST SP 800-53 Revision 4
Kelley L. Dempsey, Senior Information Security Specialist at National Insitute of Standards and Technology Information Technology, Laboratory/Computer Division
Evolving DDos Attacks: TDos, Application/Layer 7, and DNS Amplification
Ms. Barron-DiCamillo Director, US-CERT; U.S. Department of Homeland Security
Validations, Certifications, Common Criteria and the Next Generation Stuff.." The TCSEC is obsolete and gone, yet the security community somehow missed the announcement. Now we are being deluged with validations, certifications, and something called the Common Criteria. This session will cover the difference between validations and certifications. The TCSEC replacement, 'Common Criteria' - including how it works, what it means to us as security professionals, and what we should look for when comparing common criteria certifications. In addition we will look at the next generation certification direction that will cover product components supply chains..
Michael F. Angelo, Chief Security Architect for NetIQ
Attendee Networking Reception
Tuesday, May 7th
Potomic View Reception Room
Doubletree Hilton-Crystal City
(RSVP when you Register for Conference below)
Early Bird Price-Available until May 5th!
U.S. Government Agencies only-$75
Register here: http://www.cvent.com/d/6cqdpp/4W
Corporate Sponsorship opportunities are still available! If you are interested, contact Lisa O'Connell at 781-460-2105 or email: firstname.lastname@example.org