ATARC 2022 Zero Trust Summit
August 9, 2022, 7:30 AM - 3:00 PM ET | Marriott Marquis, Washington DC6.0 CPE Credits Available for this Event***
7:30 AM
Registration | Breakfast
8:30 AM
Welcome and Opening Remarks
Gerald Caron
Assistant Inspector General/Chief Information Officer, Office of Management and Policy, Office of Inspector General, United States Department of Health and Human Services and ATARC Zero Trust Summit Chair
Tom Suder
Founder / CEO, ATARC
8:30 AM
Visionary Keynote Briefing
John Kindervag
Creator of Zero Trust, Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow at ON2IT Cybersecurity, Zero Trust Executive Steering Committee, Cloud Security Alliance
9:00 AM
Visionary Panel: Using Emerging Technologies to Strengthen Zero Trust Security
Emerging Technologies are evolving at a faster pace than ever before, especially as agencies aim to implement Zero Trust Security. Throughout the adoption and integration of Zero Trust principles into any cybersecurity strategy comes with many challenges and questions. Agencies must turn to emerging technologies to help with the adoption and integration process of Zero Trust.
Tune into this panel to hear from topic experts on the importance of emerging technologies while agencies are in the process of adopting and implementing Zero Trust Principles. In what ways do emerging technologies help this process? What best practices do these topic experts recommend when agencies are using emerging technologies to adopt and implement Zero Trust principles.
Tom Harrell
Trusted Advisor and Sr IT Policy Analyst, Consultant to NIH/NCATS CIO, Office of Administrative Management, Program Management, Policy Analysis, and Governance
Joseph Ronzio
Deputy Chief Technology Officer, Office of Health Information, Veterans Health Administration, United States Department of Veterans Affairs
Loren Smith
Director, Solutions Development Branch of the Office of Enterprise Technology Solutions, Information Technology Category, Federal Acquisition Service, General Services Administration
Chris Riotta
Reporter, Government Executive Media Group
9:45 AM
Emerging Technology Technology Talk
Zero Trust Strategy for Zero Compromise
Government guidance on Zero Trust Security Architecture is gaining momentum, but changes in how we work (remote teleworking) and evolving cyber threats HEATing up will continue to impact Zero Trust guidance. Today’s threat landscape means that private and public sector organizations can no longer rely on their users or on detection-based security tools to protect their users, critical data, and systems from attacks.
Security teams need greater visibility and control to enable a Zero Trust approach to protect against web & email-borne threats. To capitalize on the growing threat landscape, threat actors are targeting web browsers with Highly Evasive Adaptive Threats (HEAT). These HEAT attacks bypass traditional security defenses and leverage the standard capabilities of modern web browsers to deliver things like ransomware, compromised credentials and various malware. Rather than trying to identify threats as malware after they’ve breached the perimeter, web isolation works by routing all web traffic through a cloud based remote browser before delivering only safe content to the endpoint. It doesn’t matter if the web content is good or bad, categorized or uncategorized—Web Isolation Platforms should adopt Zero Trust principles by assuming that all content is malicious and treating it accordingly. This guarantees that no web-borne threat ever reaches the end user, enabling them to navigate the web more freely, securely, and seamlessly.
Mike Rider
Senior Federal Systems Engineer, Menlo Security
9:52 AM
Emerging Technology Technology Talk
Jason Addis
Public Sector Client Director, Venafi
10:00 AM
Visionary Panel: Government Guidance on Zero Trust
To help Federal agencies convert their networks, systems and devices to a Zero Trust Security architecture, the White House has issued three new draft guidance documents. The documents, including the Federal Zero Trust Strategy from the Office of Management and Budget, and the Zero Trust Maturity Model and Cloud Security Technical Reference Architecture from the Cybersecurity and Infrastructure Security Agency, are meant to provide agencies with a roadmap and resources required to sustain a multiyear push towards Zero Trust.
Listen in as topic experts dive into the Guidance, as well as the importance behind them. How will these guidance documents affect Zero Trust Security? Do these roadmaps present any challenges? How can agencies best leverage the guidance documents for successful security architecture implementation?
Karim Said
Chief Information Security Officer, Office of Headquarters Services, Office of Strategic Infrastructure, National Aeronautics and Space Administration
Stephen Haselhorst
Zero Trust Program Manager/Lead, Office of the Chief Information Officer and Chief Privacy Officer, Federal Deposit Insurance Corporation
Conrad Bovell
Director, Division of Information System Security, Centers for Medicare and Medicaid Services, United States Department of Health and Human Services
Shawn Wells
Managing Director for Cybersecurity Strategy and Technology at Accenture Federal Services
Moderator: Tom Suder
Founder/CEO, ATARC
11:00 AM
Visionary Panel: The Future of Zero Trust in the Federal Government
As the workforce has had to transition to teleworking, the importance of Zero Trust Security has skyrocketed. Zero Trust has become an enabler of the remote workforce and beyond. Zero Trust is better equipped to perform, and therefore better suited for aiding organizations maintaining a hybrid working model. This panel will focus on Zero Trust and how we need to be thinking differently about security, risk, and governance.
Listen in as topic experts explore the current status of Zero Trust, ways to strengthen Zero Trust, as well as what is in store for Zero Trust in the future. Where do these topic experts think Zero Trust can improve on? What best strategies will help improve on these issues?
Togai Andrews
Chief Information Security Officer, Chief Information Officer Directorate, Bureau of Engraving and Printing, United States Department of the Treasury
Donald L. Coulter
Senior Science Advisor, Cybersecurity, Office of the Under Secretary, Science and Technology Directorate, United States Department of Homeland Security
Alyssa Feola
Cybersecurity Advisor, Technology Transformation Services, Federal Acquisition Service, United States General Services Administration
Angel Phaneuf
Chief Information Security Officer, U.S. Army Software Factory, U.S. Army Futures Command, United States Department of the Army
Fatoma Kallon
Cyber Security Evangelist, Public Sector, Akamai
Jason Miller
Executive Editor, Federal News Network
11:45 AM
Lunch | Emerging Technology Showcase
12:45 PM
Fireside Chat
Sean Connelly
TIC Program Manager and Senior Cybersecurity Architect, Cybersecurity Division, Cybersecurity and Infrastructure Security Agency, United States Department of Homeland Security
1 PM
Emerging Technology Technology Talk
How reliable is the 4th pillar in your Zero Trust strategy?
CISA’s Zero Trust Maturity Model and OMB Memo M-22-09 prescribes addressing the 5 pillars of Zero Trust: Identity, Device, Network/Environment, Application Workload and Data. Yet many federal agencies don’t meet the ‘Advanced’ and ‘Optimal’ maturity stages as outlined in the model. During this Tech Talk, you’ll learn how what a comprehensive approach to addressing application workload entails, and why Application Security is essential to addressing the mandates outlined in the Cybersecurity Executive Order and OMB Memo M-22-09.
Neal Byrd
VP of Public Sector, Veracode
1:08 PM
Emerging Technology Technology Talk
Securing Federal Software Supply Chains is Critical to Zero Trust
To condense zero trust down to one simple statement: it means not assuming any part of your IT infrastructure is secure. In-depth protection from sophisticated attacks against your systems is the primary aim. Attacks that cannot be prevented will at least have their impact minimized. If you are not securing your Software Supply Chain in addition to your perimeter, then you can not realize a complete Zero Trust environment. As we have seen particularly over the past few years, even with best practices governing the security of the perimeter, if an open source library is opening a backdoor into your production environments, your efforts towards a Zero Trust environment have been thwarted.
Listen to this topic and learn how protecting your open source software supply chain fits within your Zero Trust maturity plans, as well as advances in protections that can help block known and suspicious open source code from entering your environment, adding to your perimeter defenses.
Mike Donovan
Technical Director, Federal, Sonatype
1:15 PM
Visionary Panel: Zero Trust and the Federal Identity-Centric Security Roadmap
In today’s digital world, identity is the new perimeter. To meet the access and usability demands of modern users, agencies are moving towards a more robust and comprehensive security posture that’s centered around the Zero Trust principle of “never trust, always verify.” This requires agencies to ensure the RIGHT people have access to the RIGHT data, at the RIGHT time, only when needed or contextual parameters are met.
Tune into this panel to hear from topic experts as they explore how the Federal Identity-Centric Security Roadmap fits in with the advancement of Zero Trust Security. What does the concept of never trust, always verify mean? What are some best practices for verifying users in your network? What challenges have these topic experts experienced as they incorporate Zero Trust within their Federal Identity-Centric Security Roadmap? What solutions have these topic experts come up with?
Raghav Vajjhala
Chief Information Officer and Chief Data Officer, Office of the Chief Information Officer, Office of the Executive Director, Federal Trade Commission
Shane Barney
Chief Information Security Officer, Office of Information Technology, United States Citizenship and Immigration Services, United States Department of Homeland Security
Gurinder Bhatti
Principal Global Security Strategist, Okta.
Jason Miller
Executive Editor, Federal News Network
2 PM
Emerging Technology Technology Talk
Zero Trust Segmentation – How can we stop the insanity?
Doing the same thing over and over again and expecting a different result is the definition of insanity. Yet, agencies continue to attempt zero trust segmentation via traditional network segmentation methodologies. Network segmentation is overly complex and simply can’t keep pace with the rapidly changing landscape which represents today’s world. In the face of SecDevOps, cloud, and containers, it is time for a new approach. Label based macro and micro segmentation is a new approach to an age-old problem. Let’s talk about how label-based segmentation can help agencies rapidly achieve the goals of Zero Trust Segmentation.
Gary Barlet
Federal Field CTO, Illumio
2:07 PM
Emerging Technology Technology Talk
Meeting Critical Requirements from the Federal Zero Trust Architecture Strategy
On January 26, the White House issued the federal Zero Trust architecture strategy (M-22-09), a continuation of the May 2021 Executive Order on Improving the Nation’s Cybersecurity. The federal Zero Trust architecture strategy details a series of specific actions all U.S. federal agencies must take to advance toward adopting a Zero Trust approach, with aggressive implementation deadlines over the next two-and-a-half years. Though the strategy’s directives are aimed at the U.S. Government, non-federal government entities may find the strategy as helpful guidance to begin or advance their own Zero Trust journeys. Learn how your organization can align with the latest federal requirements through a comprehensive set of Zero Trust capabilities and expertise.
Wayne LeRiche
Solution Architect, Palo Alto Networks Federal
2:15 PM
Panel: ATARC Zero Trust Lab Experience
Through a unique collaboration between government and industry, since October of 2021 the ATARC Zero Trust Lab has operated as a showcase of technical architectures and hardware and software solutions to address the Zero Trust use cases as defined by CISA. This hardware and software evaluation environment aimed to create a unique space for Federal agencies to better assess software products. This automated, flexible demonstration platform aimed to enhance the ability to evaluate true cost of ownership by providing transparency into the products deployment process and multi-cloud capabilities.
Hear from the Lab participants and Federal agencies representatives about their experience in presenting or viewing available Zero Trust architecture solutions.
Gerald Caron
Assistant Inspector General/Chief Information Officer, Office of Management and Policy, Office of Inspector General, United States Department of Health and Human Services and ATARC Zero Trust Summit Chair
Amy Hamilton
Senior Cybersecurity Advisor Policy and Programs, Office of Cybersecurity and CISO, Office of the Chief Information Officer, United States Department of Energy
William Lemons
Architect, Federal Systems Engineering Fortinet Federal, Inc.
David Abramowitz
Regional Technical Lead, Trend Micro
Moderator: Tom Suder
Founder/CEO, ATARC
3:00 PM
Reception
Watch on demand:
Zoom for Government enables ATARC remote collaboration opportunities through its cloud platform for video and audio conferencing, chats and webinars across all devices. Allowing for individuals from all areas of government, industry and academia to communicate directly.
*** ATARC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org