
Agenda
NOVEMBER 17
10:00 AM
Introduction
10-10:15 AM
Visionary Keynote Briefing

Gerald Caron
Chief Information Officer (CIO) / Assistant Inspector General for Information Technology (AIG/IT) at U.S. Department of Health and Human Services (HHS), Office of the Inspector General (OIG)
10:15-10:30 AM
Technology Talk
The True Meaning of Zero Trust and How to Implement It Correctly: Context is the New Perimeter
Zero Trust is the hot new buzz word – but what does it mean and how can you actually implement it across your federal organization effectively? Being completely cut off is the only way to achieve 100% trust, but such a “Cone of Silence” approach didn’t work for Agent Smart and it won’t work for your federal agency if you need to collaborate with others.
In reality, every action does not require the same level of scrutiny or protection. Browsing LinkedIn, for example, should not carry the same level of protection as uploading a file. At Netskope, we believe that context is the new perimeter and Zero Trust (ZT) is an architectural principle with two main purposes:
Replacing implicit trust with explicit trust, continually assessed and adapted as necessary by evaluating not just identity but all of the context surrounding an interaction to determine what level of access is appropriate
Concealing resources from the public internet so that they remain undiscoverable (not just inaccessible) to anyone not specifically granted approval
Most security architectures in place across federal agencies today were engineered for a technology ecosystem that has significantly changed over the last two decades. And while the pandemic served as a forcing function, causing many federal organizations to come to terms with the shortcomings of their tooling, practices, and approach to security, the limitations of legacy (i.e., vulnerable) technology solutions were just as debilitating over the last 20+ years as the pandemic was disruptive over the last 18+ months. Traditional security practices and tools are ill-equipped to protect the onslaught of cloud applications and legacy tooling simply cannot meet the requirements of an effective ZT approach.
In this session, you’ll learn what Zero Trust really means, how to implement it quickly in the short-term and correctly over the long-term, and why context-aware security is critical to a successful Zero Trust implementation. Better security is rooted in the ability to make better business and mission decisions for your federal organization—and the ability to make better decisions relies on understanding the risk facing your organization, in real-time with telemetry-rich, data-driven context. Netskope’s approach to ZT empowers federal agencies with the ability to not just secure and protect agency data, but to confidently and continuously control access to and interaction with agency data as well.
Please join us to learn about the importance of a layered, context-centric approach, and how you can effectively implement the core tenets of ZT in your federal organization.

Steve Riley
Field CTO, Netskope

10:30-11 AM
Visionary Panel: Using Emerging Technologies to Strengthen Zero Trust Security
Tune into this panel to hear from topic experts on the importance of emerging technologies while agencies are in the process of adopting and implementing Zero Trust Principles. In what ways do emerging technologies help this process? What best practices do these topic experts recommend when agencies are using emerging technologies to adopt and implement Zero Trust principles.

Ramesh Menon
Chief Technology Officer, Defense Intelligence Agency, Office of the Under Secretary of Defense for Intelligence and Security, United States Department of Defense

André Mendes
Chief Information Officer, Office of the Chief Information Officer, Office of the Secretary, U.S. Department of Commerce

Michael Friedrich
Vice President, Federal Technical Strategy and Innovation, Appgate

Moderator: Jory Heckman
Reporter, Federal News Network
11-11:15 AM
Technology Talk
Implementing Zero Trust in Government Agencies: How to Think Beyond Identity
As enterprise networks change to support remote users and cloud-based assets that are not located within an enterprise-owned network boundary, security has forever changed. Zero trust focuses on protecting resources, not limited to network segments, as the network location is no longer seen as the prime component to the security posture of the resource. In 2020, the definitions and guidance for what zero trust is and how it should be implemented have been formally laid out in the NIST 800-207 publication and in 2021, Biden’s Cybersecurity executive order calls for agencies to use this guidance to advance towards a Zero Trust architecture. According to this guidance, users and their identities play a pivotal role in a zero trust framework, and organizations must ensure on a continuous basis that only authenticated and authorized users and devices can access applications and data. However, identity is just the beginning when designing a zero trust environment.
Attend this tech talk to learn about:
- How we must evolve to achieve an optimal Zero Trust posture
- Why we must expand upon ICAM analytics to ensure as you continually re-evaluate trust throughout the users interaction with your data

Nicholas Lessen
Principal Solutions Architect, Forcepoint

David White
Solutions Specialist, Forcepoint

11:15-11:45 AM
Visionary Panel: The Future of Zero Trust Within the Federal Government
Listen in as topic experts explore the current status of Zero Trust, ways to strengthen Zero Trust, as well as what is in store for Zero Trust in the future. Where do these topic experts think Zero Trust can improve on? What best strategies will help improve on these issues?

Trafenia Salzman
Security Architect, Small Business Administration

Kelvin Brewer
Senior Manager for Sales Engineering, Public Sector, ForgeRock

Moderator: Kiersten Patton
Working Group Program Manager, ATARC
11:45-11:52 AM
Technology Talk
Software-Defined Zero Trust Data Management : Modernizing Mission & Enterprise Resiliency
Public Sector Organizations are working diligently to reduce complexity in their environments, striving to avoid costs, do more with less, and take full advantage of hybrid cloud technologies and all of the business benefits associated with automation, machine learning, and Artificial Intelligence. As teams begin their digital transformations, they have to take a holistic approach to their modernization strategies, looking across how Security, Data Management, Resiliency, and Data Harmonization across the enterprise occurs. In this session we walk through a best practices approach of using Software Defined Data Management to ensure mission resilience, data protection and data security, delivering on near instant recovery capabilities during disasters, and building meaningful remediation plans against ransomware and other malicious code attacks.

Jeffrey Phelan
Public Sector CTO, Rubrik

11:53 AM-12 PM
Technology Talk
Securing the Hybrid Government Workforce
The global pandemic shifted the Federal government into a remote work environment overnight, while high-profile breaches resulted in the Biden Administration issuing an Executive Order focused on Zero Trust to improve the security of cloud workloads. Government leaders recognize the landscape of the federal workplace has forever changed and are faced with now securing a new, hybrid workforce environment. Attend this session to hear how:
- Secure Connectivity from iboss Provides the Foundational Capability Needed to Ensure Employees are Protected and Productive from wherever they work
- iboss Enables Agencies to Implement a Zero Trust Architecture by Providing Key Capabilities Across Multiple ZTA Pillars

Paul Martini
CEO, Co-founder and Chief Architect, iboss

12-12:30 PM
Visionary Panel: Understanding Cyber Threats Through the Use of Zero Trust
Tune into this panel to hear from topic experts on the best practices for understanding Cyber Threats through the use of Zero Trust. What best strategies do these topic experts have for eliminating cyber threats? How does the use of Zero Trust help in this process?

Andrea Simpson
Chief Information Security Officer, Federal Communications Commission

Steven Hernandez
Chief Information Security Officer, US Department of Education

Deidra Bass
DIA Deputy Chief Information Security Officer (D-CISO), DIA HQ Deputy Division Chief Cyber and Security, United States Department of Defense

Rob Rachwald
Director of Zero Trust Strategy, Palo Alto Networks

Aaron Boyd
Senior Editor for Technology and Events, NextGov
12:30-12:37 PM
Technology Talk
Zero Trust through Isolation
- The rising threats of online attacks and security breaches.
- How traditional detection-based solutions work and why they aren’t effective.
- Why isolation-powered security solutions drastically reduce online security threats.

Ray Quintavell
Federal Sales Engineer, Menlo Security

12:37-12:45 PM
Technology Talk
Zero Trust for Application Workloads
Erik Costlow is a software security expert with extensive Java experience. He manages developer relations for Contrast Security and public Community Edition. Contrast weaves sensors into applications, giving them the ability to detect security threats based on how the application uses its data.
Erik was the principal product manager in Oracle focused on security of Java 8, joining at the height of hacks and departing after a two-year absence of zero-day vulnerabilities. During that time, he learned the details of Java at both a corporate/commercial and community level. He also assisted Turbonomic’s product management team in the data center/cloud performance automation. Erik also lead product management for Fortify static code analyzer, a tool that helps developers find and fix vulnerabilities in custom source code.

Erik Costlow
Federal Field CTO, Contrast Security

12:45-1:15 PM
Visionary Panel: Securing the Cloud Through Zero Trust
In what ways has Zero Trust Security helped to secure the cloud? Why is it important to protect the data stored within the cloud? Federal IT leaders will discuss the process of securing the cloud through Zero Trust and explain the importance of doing so within the Federal Government. Tune-in as Panelists also discuss how federal agencies and cloud service providers can work together to enhance security, and why it’s important to focus on protecting data instead of the network.

Robert Wood
Chief Information Security Officer and Director, The Centers for Medicare & Medicaid Services, Department of Health and Human Services

Eric Mill
Senior Advisor to Federal CIO, Office of Management and Budget (pending agency approval)

Jeff Hudson
CEO, Venafi

Moderator: Kiersten Patton
Working Group Program Manager, ATARC
1:15 PM
Closing Remarks
Watch on demand
November 18
10:00 AM
Introduction
10-10:15 AM
Visionary Keynote Briefing

Sean Connelly
TIC Program Manager & Senior Cybersecurity Architect, Cybersecurity and Infrastructure Security Agency
10:15-10:30 AM
Technology Talk
Zero Trust Network Access (ZTNA) secures and protects Work From Anywhere (WFA)
Organizations are moving applications to the cloud at the same time that users are leaving the office. This is creating challenges for how to safely and efficiently offer remote access. Zero-trust principles can bring order to remote access with a better solution than VPN for this new Work From Anywhere (WFA) scenario. Zero Trust Network Access (ZTNA) provides for flexible, yet granular, access to applications. Learn how Fortinet’s ZTNA provides for safe and secure access, no matter where the user is or where the application is hosted. Fortinet’s ZTNA brings flexibility and control to this new WFA reality.

Peter Newton
Senior Director, Products and Solutions, Fortinet

10:30-11 AM
Visionary Panel: Zero Trust and the Federal Identity-Centric Security Roadmap
The seismic shift to distributed workforces has dissolved the Defense Department’s traditional network perimeter and put a focus on a new critical aspect of cybersecurity: identity management. With users and devices now accessing critical information, systems, and applications from anywhere, the mindset must be to never trust and always verify. In this new environment, a zero trust approach can help agencies minimize their attack surface and cyber risk.
Tune into this panel to hear from topic experts on how to build an effective zero trust approach with an emphasis on identity and privileged access management. How does identity and privileged access management align with and enable Zero Trust? How does Zero Trust help agencies achieve ICAM Cybersecurity goals?

Gerry Caron
Chief Information Officer (CIO) / Assistant Inspector General for Information Technology (AIG/IT) at U.S. Department of Health and Human Services (HHS), Office of the Inspector General (OIG)

Deidra Bass
DIA Deputy Chief Information Security Officer (D-CISO), DIA HQ Deputy Division Chief Cyber and Security, United States Department of Defense

Josh Brodbent
Sr. Public Sector Security Director, BeyondTrust

Moderator: Kiersten Patton
Working Group Program Manager, ATARC
11-11:15 AM
Technology Talk
Advanced Threats and XDR: Getting the Entire Picture, Beyond the Endpoint
We have advanced past EDR into the land of XDR, but XDR can be both misunderstood and overused. How do we tell the story of a an advanced, targeted threat that goes beyond the endpoint? Join me in this session as we explore a threat lifecycle, and how we can visualize, correlate, and remediate based on the full and complete story that XDR unfolds before us.

Dave Abramowitz
Federal Technical Lead, Trend Micro

11:15-11:45 AM
Visionary Panel: Applying and Implementing Zero Trust Principles
Implementing Zero Trust takes time and effort: it cannot be implemented overnight. For many networks, existing infrastructure can be leveraged and integrated to incorporate Zero Trust concepts, but the transition to a mature Zero Trust architecture often requires additional capabilities to obtain the full benefits of a Zero Trust environment.
Tune into this panel to hear from topic experts on the best practices for implementing Zero Trust within a government agency. What best strategies do these topic experts have for implementing and applying Zero Trust principles within an agency? What challenges have these experts had while implementing and applying these principles within their agency? What solutions did they come up with to overcome these challenges?

Jonathan Feibus
Chief Information Security Officer and Deputy Director, Nuclear Regulatory Commission

Shane Barney
Chief Information Security Officer, Office of Information Technology, U.S. Citizenship and Immigration Services, U.S. Department of Homeland Security

William (Bill) Harrod
Public Sector CTO, Ivanti

Moderator: Kiersten Patton
Working Group Program Manager, ATARC
11:45-11:52 AM
Technology Talk
How Nutanix Accelerates alignment to Zero Trust Architecture
The recent Executive Order on Improving the Nation’s Cybersecurity mandates that government IT must move to a Zero Trust Architecture (ZTA). No small task as government IT is typically composed of a complex ecosystem of legacy technology and modern technologies like private and public cloud. The distributed nature of data across dissimilar IT environments has created new security challenges for federal agencies. Separate silos of enterprise storage, networks, and servers mean more complexity and specialized staff to support, but also it means more vulnerability and possible attack points.
Nutanix can accelerate government IT’s alignment to ZTA by providing the necessary foundation on which government agencies can build their IT environment, whether on-premises (private cloud), public cloud or hybrid multicloud. In this session we will introduce you to how the Nutanix® Cloud Platform helps government agencies and the military build modern, software-defined data centers and speed their hybrid multicloud deployments. The platform helps government IT get powerful built-in virtual networking, enhanced disaster recovery, and simplified zero-trust security that otherwise would require additional specialized hardware, software, and skills.

Neil Ashworth
Principal Security Architect, Nutanix

11:52 AM-12 PM
Technology Talk
Dynamic Security Enables Zero Trust
The journey to Zero Trust Architecture requires a change in thinking from the “gatekeeper” mentality to a more dynamic defense that relies on continuous monitoring. Securing your network environment, for example, requires a dynamic assessment of risk. If you are relying on a static measure, such as CVSS, to prioritize vulnerabilities, you are thinking like a gatekeeper. Similarly, Active Directory, as its name implies, is an active, dynamic environment that requires real-time continuous monitoring to secure effectively. Securing your AD on a continuous basis is an essential step on the road to Zero Trust.

Chris Jensen
Public Sector Business Development Manager, Tenable

12-12:30 PM
Visionary Panel: Government Guidances on Zero Trust
Listen in as Topic Experts dive into the Guidances, as well as the importance behind them. How will these guidances affect Zero Trust Security? Do these guidances bring any challenges? What benefits do these guidances bring?

John Simms
Deputy Branch Chief, Cybersecurity Assurance Branch, Cybersecurity and Infrastructure Security Agency

Bill Wright
Sr. Director, North America Government Affairs, Splunk

Jason Miller
Executive Editor, Federal News Network
12:30-12:37 PM
Technology Talk
Verify Everything, Trust Nothing: Zero Trust Cyber Resiliency with Veeam
NIST defines Zero Trust as “an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.” In this session you’ll learn how Veeam extends Zero Trust Cyber Resiliency across your on-prem, cloud, and SaaS workloads. Options like true data immutability, granular role-based access controls, and broad platform support guarantee your mission-critical data will always be available.

Jeff Reichard
Sr. Director, Enterprise Strategy Veeam Government Solutions

12:37-12:45 PM
Technology Talk
Strengthening Your Security Posture with Secrets Management in ZTA
A robust Zero Trust Architecture (ZTA) manages and secures secrets – passwords, certificates, encryption keys, tokens, and other sensitive and private data. Learn how ZTA strengthens your organization’s security posture by building upon a foundation of secrets management.

Tim Silk
Regional Director, Solutions Engineering, HashiCorp.

12:45-1:15 PM
Visionary Panel: Adoption and Implementation of Zero Trust in Legacy Networks
Tune into this panel to hear topic experts discuss what it looks like to adopt and implement Zero Trust in Legacy Networks. How do you implement Zero Trust when you have an existing infrastructure? Where do you start? What are the best practices to do this?

Jeffrey Lush
Chief Information Officer, Air University, Air Education and Training Command, U.S Department of the Air Force

Chris Kubic
CISO, Fidelis Security

Dave Nyczepir
Tech Reporter, Fedscoop
1:15 PM
Closing Remarks
Watch on demand

Zoom for Government enables ATARC remote collaboration opportunities through its cloud platform for video and audio conferencing, chats and webinars across all devices. Allowing for individuals from all areas of government, industry and academia to communicate directly.

*** ATARC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org