ATARC Cybersecurity Executive Order Breakfast Summit
November 8, 2022, 7:30 AM - 12:00 PM ET | Marriott Metro Center, Washington DC4.0 CPE Credits Available for this Event***
7:30 AM
8:00 AM
Registration
Welcome | Opening Remarks
Tom Suder
Founder / CEO, ATARC
8:05 AM
Visionary Keynote Briefing
Bob Costello
Chief Information Officer, Office of the Chief Information Officer, Office of the Director, Cybersecurity & Infrastructure Security Agency, United States Department of Homeland Security
8:20 AM
Emerging Technology Talk
Securing NPEs in the Supply Chain
NIST defines a Non Person Entity (NPE) as any entity with a digital identity that acts in cyberspace, but is not a human actor. The information age has created countless new types of NPEs from virtual machines and services to information artifacts, applications, containers, and the code itself which has been the target of many recent high-impact cyber-attacks. In this session, we’ll cover:
- Executive Order and NIST response regarding secure software supply chains
- Best practices for securing CI/CD software delivery
- Practical resources to help your agency assess your risk in these areas and prioritize your action plan
Steve Briley
Senior Solution Architect, Public Sector, Venafi
8:30 AM
Visionary Panel: Past, Present, and Future: Unpacking the Executive Order
Cyber threats are evolving at such rates that Federal training of cybersecurity practitioners are struggling to keep up. The continued cybersecurity push across government and industry, it is increasingly important for organizations to have proactive cyber plans in place. As the nation looks to recover from a once-in-a-century pandemic and increasingly more sophisticated cyberattacks, the U.S. government must ensure that it can secure its networks and data against evolving threats and provide resilient services to Americans during this new normal.
Tune into this panel to hear as topic experts discuss the importance of how organizations should be proceeding with the requirements of the Cybersecurity Executive Order and how the workforce has been affected by it. What best practices do these topic experts recommend to help best protect security? What are some key tools and procedures that can be implemented? What legislation and funding are currently in place within the government? And where is the cybersecurity workforce headed?
Drew Malloy
Technical Director, Cyber Development Directorate, Defense Information Systems Agency
Amy Hamilton
Senior Cybersecurity Advisor Policy and Programs, Office of Cybersecurity and CISO, Office of the Chief Information Officer, United States Department of Energy (Pending Agency Approval)
Kimberly Gajewski
Deputy Director for Cyber Policy and Strategy, U.S. Department of Homeland Security
Lisa Barr
Director of Federal Cybersecurity, Office of the National Cyber Director, Executive Office of the President
Jamie Holcombe
Chief Information Officer, Office of the Chief Information Officer, U.S. Patent and Trademark Office, United States Department of Commerce
Ryan Gillis
Vice President, Cybersecurity Strategy and Global Policy, Palo Alto
Moderator: Chris Riotta
Staff Writer, GovExec
9:15 AM
Emerging Technology Talk
Rising to Software Regulation: Section 4 Executive Order Compliance
On May 13th, 2021, President Biden released the Cybersecurity Executive Order. For the first time in history, cybersecurity hygiene and software supply chain security has been under the microscope of the federal government. Over the last year, methods for compliance with the Executive Order have been developed, including new federally mandated secure development requirements, and certification requirements that will become mandatory in 2023.
Join the discussion and learn more about:
● The changes to software supply chain security management that we’ve
seen since the 2021 Executive Order
● Why a software bill of materials is so vital in establishing more secure
development
● Software security best practices you can start implementing immediately
Mike Donovan
Technical Director, Federal, Sonatype
9:45 AM
Panel: Untrusted until Trust is Established: The Components of Zero-Trust
While traditional network security models have assumed endpoints and users within organization networks can be implicitly trusted, the zero-trust approach takes into account scenarios like threat actors that have stolen legitimate account credentials as well as insider threats. This type of model encourages continual monitoring and authentication of each endpoint under the premise that no actor, system, network or service within the “security perimeter” can be trusted.
Zero-trust cybersecurity may eventually lead to superior security, but along the way, it can put companies at greater risk. One frequently overlooked obstacle to switching to a zero-trust cybersecurity model is the need for ongoing administration. Zero-trust models rely on a vast network of strictly defined permissions, but companies are always evolving. People move into new roles and change locations. Access controls must be updated each time to ensure the correct people have access to specific information. Keeping the permissions accurate and up to date requires ongoing input.
Tune into this panel to hear Federal topic experts discuss how they are moving to implement zero-trust architecture and the challenges that agencies can face while keeping pace with the ongoing federal requirements.
Shane Barney
Chief Information Security Officer, Office of Information Technology, United States Citizenship and Immigration Services, United States Department of Homeland Security
Miguel Adams
Chief Information Security Officer Office of the Chief Information Officer, Department of Administration and Finance, Millennium Challenge Corporation
Alyssa Feola
Cybersecurity Advisor, Technology Transformation Services, Federal Acquisition Service, United States General Services Administration
Ben Boykin
VP Public Sector, Venafi
Moderator: Jason Miller
Executive Editor/Reporter, Federal News Network, WTOP-FM
10:30 AM
Emerging Technology Talk
Zero Trust & Varonis: The Data Pillar
As cyber threats targeting our federal resources become more advanced, agencies must adopt a zero-trust security stack that protects critical agency data stores. According to EO 14028 and OMB 22-09 agencies need to stop relying on legacy perimeter bases strategies, and inventory all sensitive data, enforce least privilege and explicit verification on all access. With Varonis, agencies can get ahead of the mandates and satisfy the data based Zero Trust requirements.
This presentation will cover how agencies can address current Zero Trust data requirements and modernize agencies’ data strategies to move from a legacy architecture to an advanced zero trust.
Trevor Brenn
Senior Federal Sales Engineer, Varonis
11:00 AM
Panel: Prioritizing Improvements to Your Software Supply Chain Security
Traditional security efforts have centered around securing the perimeter, and the responsibility for security is increasingly falling to developers. Specifically, a key element of the Executive Order is focused on making sure federal agencies are NIST 800-53 compliant within their software supply chain security.
In order to secure the software supply chain, that entails knowing exactly what components are being used in your software products—everything that impacts your code as it goes from development to production.
Tune into this panel to hear as topic experts discuss how they are enforcing their supply chain security and what risks/benefits come along with that. What are these agencies doing to make sure they are NIST 800-53 compliant? What are the biggest threats to supply chain security? How does the vendor assess the security of its software?
Paul Blahusch
Chief Information Security Officer Cybersecurity Directorate, Office of the Chief Information Officer, United States Department of Labor
Stacy Bostjanick
Director, Cybersecurity Maturity Model Certification Program, Office of the Chief Information Officer, United States Department of Defense
Cathy Amores
Cyber Security Program Management Manager, Office of Chief Information Officer, National Marine Fisheries Service, National Oceanic and Atmospheric Administration, United States Department of Commerce
Russell Ramos
Chief Information Security Officer (Acting), Chief Information Security Officer Staff, Office of the Chief Information Officer, United States Department of Housing and Urban Development (Pending Agency Approval)
Nita Jones-Coleman
Program Analyst, Enterprise Risk Compliance, Supply Chain Risk Management, United States Department of Veteran Affairs (Pending Agency Approval)
Brian Reed
Chief Mobility Officer, NowSecure
Moderator: Derek Johnson
Senior Reporter, SC Media
ATARC Industry Partners
Register
MeriTalk is a public-private partnership that leverages an award-winning editorial team and world-class events staff to produce unmatched news, analysis, and insight that improves the outcomes of government information technology.
Zoom for Government enables ATARC remote collaboration opportunities through its cloud platform for video and audio conferencing, chats and webinars across all devices. Allowing for individuals from all areas of government, industry and academia to communicate directly.
*** ATARC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org