Program Manager, Continuous Diagnostics and Mitigation Program, United States Department of Homeland Security
Emerging Technolgy Talks
Addressing cybersecurity challenges with Identity-centric Security
Integrating identity and security technologies to address a specific requirement is just one piece of the modern cybersecurity puzzle. Broader initiatives, like Zero Trust and Insider Threat, also require an identity-centric approach to ensure security and an optimal user experience. The identity-centric security approach provides real time, intelligence-based access to data and applications by integrating IAM infrastructure with enterprise cyber security technologies. As Identity has finally transitioned from operational and user experience driven, to being recognized as the core of security. Organizations often struggle to make sense of complex security technologies and hunger for new approaches to solve complex identity security challenges, improve overall security and extract value out of existing investments. This quick introduction provides the framework and practical guidance that helps organizations put identity at the center of their security strategy, optimizing cyber security investments, while controlling risk as IT infrastructures converge.
Global Public Sector Strategist, SailPoint
Integrity: The True Measure of Security
You know it’s important to pass audits and prevent breaches, but how can you go beyond just checking the security box to feeling confident that your systems are in a trustworthy and reliable state? In this tech talk, former Special Ops Marine and Tripwire’s VP of Federal & Enterprise Maurice Uenuma will outline why system integrity is important and how to upgrade you can upgrade your standard periodic monitoring practice to one with continuous monitoring for real-time change detection and automated reconciliation.
Vice President, Federal & Enterprise, Tripwire
Protecting NPEs In a Perimeter-less World
Complex government IT environments balancing on-premise, mobile, IoT, virtual and cloud components have found a host of new cybersecurity challenges as the perimeter has dissolved leaving all matters of identity at the core of our network defense strategies.
The events of 2020 have accelerated the adoption of even more cloud-based services, IoT devices and remote connections, forcing the exponential growth of Non-Person Entities (NPEs) to include, devices, code, API’s, RPA and more.
Given this scale of machine adoption, government information security and operations teams are struggling with identity management for all of these NPE types, exposing them to adversaries who could exploit weak security practices to gain unauthorized access to mission critical systems.
In this talk, we’ll discuss identity management for these machines and recommendations for gaining
- Visibility into the machine identity estate
- Insight and intelligence into how they’re used and the risks they pose to the government
- How to automate machine identity lifecycles to secure, protect and manage NPEs at the speed & scale of modern enterprise architectures.
VP Federal, Venafi
Exploring Cyber Security in the Time of Covid-19
This year has proven the need to strengthenCyber Security capabilities, and a need to solve the Cyber Security challenges brought forth due to the pandemic. This panel will explore the current state of technology, use cases, and limitations of Cyber Security, in the Federal Government space. Listen in as subject matter experts share lessons learned and solutions to the challenges brought on to their agency’s as a result of COVID-19. What strategies have been put in place in order to strengthen Cybersecurity as the Federal Government is starting to embrace a “new normal”? Find out how these topic experts have pushed through the challenges brought forth through COVID-19.
Director, Health Sector Cybersecurity Coordination Center, U.S. Department of Health & Human Services
Security Architect, US Small Business Administration
Chief Information Security Officer Information Technology, Bonneville Power Administration, United States Department of Energy
Public Sector Chief Technology Officer, Micro Focus
Moderator: Isaac Constans
Staff Writer, GovLoop
Emerging Technology Talk
Shift Security Left. No, More Left Than That
The “shift left” approach is not a new concept within software testing and DevOps best practices and it is commonly thought of when discussing DevSecOps. This usually includes security testing earlier in the software development lifecycle with the goal of identifying security vulnerabilities and weaknesses prior to shipping code to operations. However, “shift security left” is commonly interpreted to be “get developers to run security tools”. This approach is fraught with issues as it requires developers to context switch out of their workflow, learn and use new tools, understand the output of these new tools, and file bugs to be remediated (in yet another tool). The “shift left” approach requires a harder shift left, bringing security testing as close as possible to the developer while not expecting them to learn new tools. Furthermore, security results need to be contextual and provide actionable next steps so they can be resolved as quickly as possible. Finally, security scans need to finish in minutes, not in hours or days. A harder shift left empowers you and your organization as it applies repeatable, defensible processes that automate security and compliance policies from the first line of code written.
In this session, we will discuss:
- Common pitfalls when implementing traditional “shift left” security
- How to best apply different security scanning techniques available
- Embedding security scanning into the developer workflow
- Automating secure development best practices
Senior Director, Product Management - Sec, GitLab
Strengthening The Future of Cyber Security Through Emerging Technology
Listen as CyberSecurity Experts explain the importance of CyberSecurity across the Federal Government. In this period of time of building the “new normal”, What emerging technology has led to strengthening Cybersecurity? This panel will set out to explain the emerging technology that has been used to help strengthen federal Cyber security, along with the future of Cyber Security in the Federal Government. What does it mean to strengthen your agency’s Cybersecurity? Where do these Federal Leaders see the future of Cybersecurity going, and what emerging technology will help it get there? Here topic experts will discuss the best practices to implement to strengthen federal cybersecurity, some lessons learned, as well as some challenges from along the way.
Cyber QSMO Section Chief, Cybersecurity and Infrastructure Security Agency
Chief Information Security Officer and Digital Solutions Vice President, US Postal Service
Electrical Engineer, Federal Aviation Administration
Global Public Sector Strategist, SailPoint
Moderator: Billy Mitchell
Editor-in-Chief, Scoop News Group (FedScoop)
*** ATARC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org