Loading Events

ATARC Zero Trust Virtual Summit

November 17-18, 2021
AgendaRegister

Agenda

NOVEMBER 17

}

10:00 AM

Introduction

}

10-10:15 AM

Visionary Keynote Briefing

Gerald Caron

Gerald Caron

Chief Information Officer (CIO) / Assistant Inspector General for Information Technology (AIG/IT) at U.S. Department of Health and Human Services (HHS), Office of the Inspector General (OIG)

}

10:15-10:30 AM

Technology Talk

The True Meaning of Zero Trust and How to Implement It Correctly: Context is the New Perimeter

Zero Trust is the hot new buzz word – but what does it mean and how can you actually implement it across your federal organization effectively? Being completely cut off is the only way to achieve 100% trust, but such a “Cone of Silence” approach didn’t work for Agent Smart and it won’t work for your federal agency if you need to collaborate with others.

In reality, every action does not require the same level of scrutiny or protection. Browsing LinkedIn, for example, should not carry the same level of protection as uploading a file. At Netskope, we believe that context is the new perimeter and Zero Trust (ZT) is an architectural principle with two main purposes:

Replacing implicit trust with explicit trust, continually assessed and adapted as necessary by evaluating not just identity but all of the context surrounding an interaction to determine what level of access is appropriate
Concealing resources from the public internet so that they remain undiscoverable (not just inaccessible) to anyone not specifically granted approval

Most security architectures in place across federal agencies today were engineered for a technology ecosystem that has significantly changed over the last two decades. And while the pandemic served as a forcing function, causing many federal organizations to come to terms with the shortcomings of their tooling, practices, and approach to security, the limitations of legacy (i.e., vulnerable) technology solutions were just as debilitating over the last 20+ years as the pandemic was disruptive over the last 18+ months. Traditional security practices and tools are ill-equipped to protect the onslaught of cloud applications and legacy tooling simply cannot meet the requirements of an effective ZT approach.

In this session, you’ll learn what Zero Trust really means, how to implement it quickly in the short-term and correctly over the long-term, and why context-aware security is critical to a successful Zero Trust implementation. Better security is rooted in the ability to make better business and mission decisions for your federal organization—and the ability to make better decisions relies on understanding the risk facing your organization, in real-time with telemetry-rich, data-driven context. Netskope’s approach to ZT empowers federal agencies with the ability to not just secure and protect agency data, but to confidently and continuously control access to and interaction with agency data as well.

Please join us to learn about the importance of a layered, context-centric approach, and how you can effectively implement the core tenets of ZT in your federal organization.

 
Steve Riley

Steve Riley

Field CTO, Netskope

}

10:30-11 AM

Visionary Panel: Using Emerging Technologies to Strengthen Zero Trust Security

Emerging Technologies are evolving at a faster pace than ever before, especially as agencies aim to implement Zero Trust Security. Throughout the adoption and integration of Zero Trust principles into any cybersecurity strategy comes with many challenges and questions, agencies must turn to emerging technologies to help with the adoption and integration process of Zero Trust.

Tune into this panel to hear from topic experts on the importance of emerging technologies while agencies are in the process of adopting and implementing Zero Trust Principles. In what ways do emerging technologies help this process? What best practices do these topic experts recommend when agencies are using emerging technologies to adopt and implement Zero Trust principles.

Ramesh Menon

Ramesh Menon

Chief Technology Officer, Defense Intelligence Agency, Office of the Under Secretary of Defense for Intelligence and Security, United States Department of Defense

André Mendes

André Mendes

Chief Information Officer, Office of the Chief Information Officer, Office of the Secretary, U.S. Department of Commerce

Michael Friedrich

Michael Friedrich

Vice President, Federal Technical Strategy and Innovation, Appgate

Moderator: Jory Heckman

Moderator: Jory Heckman

Reporter, Federal News Network

}

11-11:15 AM

Technology Talk

Implementing Zero Trust in Government Agencies: How to Think Beyond Identity

As enterprise networks change to support remote users and cloud-based assets that are not located within an enterprise-owned network boundary, security has forever changed. Zero trust focuses on protecting resources, not limited to network segments, as the network location is no longer seen as the prime component to the security posture of the resource. In 2020, the definitions and guidance for what zero trust is and how it should be implemented have been formally laid out in the NIST 800-207 publication and in 2021, Biden’s Cybersecurity executive order calls for agencies to use this guidance to advance towards a Zero Trust architecture. According to this guidance, users and their identities play a pivotal role in a zero trust framework, and organizations must ensure on a continuous basis that only authenticated and authorized users and devices can access applications and data. However, identity is just the beginning when designing a zero trust environment.

Attend this tech talk to learn about:

  • How we must evolve to achieve an optimal Zero Trust posture
  • Why we must expand upon ICAM analytics to ensure as you continually re-evaluate trust throughout the users interaction with your data
Nicholas Lessen

Nicholas Lessen

Principal Solutions Architect, Forcepoint

David White

David White

Solutions Specialist, Forcepoint

}

11:15-11:45 AM

Visionary Panel: The Future of Zero Trust Within the Federal Government

As the workforce has had to transition to teleworking, the importance of Zero Trust Security has skyrocketed. Zero Trust has become an enabler of the remote workforce and beyond. Zero Trust is better equipped to perform, and therefore better suited for aiding organizations maintaining a hybrid working model. This panel will focus on Zero Trust and how we need to be thinking differently about security, risk, & governance.

Listen in as topic experts explore the current status of Zero Trust, ways to strengthen Zero Trust, as well as what is in store for Zero Trust in the future. Where do these topic experts think Zero Trust can improve on? What best strategies will help improve on these issues?

Trafenia Salzman

Trafenia Salzman

Security Architect, Small Business Administration

Kelvin Brewer

Kelvin Brewer

Senior Manager for Sales Engineering, Public Sector, ForgeRock

Moderator: Kiersten Patton

Moderator: Kiersten Patton

Working Group Program Manager, ATARC

}

11:45-11:52 AM

Technology Talk

Software-Defined Zero Trust Data Management : Modernizing Mission & Enterprise Resiliency 

Public Sector Organizations are working diligently to reduce complexity in their environments, striving to avoid costs, do more with less, and take full advantage of hybrid cloud technologies and all of the business benefits associated with automation, machine learning, and Artificial Intelligence.  As teams begin their digital transformations, they have to take a holistic approach to their modernization strategies, looking across how Security, Data Management, Resiliency, and Data Harmonization across the enterprise occurs.  In this session we walk through a best practices approach of using  Software Defined Data Management to ensure mission resilience, data protection and data security, delivering on near instant recovery capabilities during disasters, and building meaningful remediation plans against ransomware and other malicious code attacks.

Jeffrey Phelan

Jeffrey Phelan

Public Sector CTO, Rubrik

}

11:53 AM-12 PM

Technology Talk

Securing the Hybrid Government Workforce

The global pandemic shifted the Federal government into a remote work environment overnight, while high-profile breaches resulted in the Biden Administration issuing an Executive Order focused on Zero Trust to improve the security of cloud workloads. Government leaders recognize the landscape of the federal workplace has forever changed and are faced with now securing a new, hybrid workforce environment.  Attend this session to hear how:

  • Secure Connectivity from iboss Provides the Foundational Capability Needed to Ensure Employees are Protected and Productive from wherever they work
  • iboss Enables Agencies to Implement a Zero Trust Architecture by Providing Key Capabilities Across Multiple ZTA Pillars
Paul Martini

Paul Martini

CEO, Co-founder and Chief Architect, iboss

}

12-12:30 PM

Visionary Panel: Understanding Cyber Threats Through the Use of Zero Trust

Zero Trust is a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries. The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information fed from multiple sources to determine access and other system responses. The Zero Trust security model assumes that a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity.

Tune into this panel to hear from topic experts on the best practices for understanding Cyber Threats through the use of Zero Trust. What best strategies do these topic experts have for eliminating cyber threats? How does the use of Zero Trust help in this process?

Andrea Simpson

Andrea Simpson

Chief Information Security Officer, Federal Communications Commission

Steven Hernandez

Steven Hernandez

Chief Information Security Officer, US Department of Education

Deidra Bass

Deidra Bass

DIA Deputy Chief Information Security Officer (D-CISO), DIA HQ Deputy Division Chief Cyber and Security, United States Department of Defense

Rob Rachwald

Rob Rachwald

Director of Zero Trust Strategy, Palo Alto Networks

Aaron Boyd

Aaron Boyd

Senior Editor for Technology and Events, NextGov

}

12:30-12:37 PM

Technology Talk

Zero Trust through Isolation

The concept of Zero Trust Architecture is absolutely valid, yet most “zerotrust” models don’t quite live up to the name, especially when the resource being accessed is online. Current zero trust implementations can only limitaccess to resources; there’s still a direct connection between user devices and online data that could be exploited.
Isolation, on the other hand, creates a virtual “air gap” between the network end user and the online world. Instead of opening a website directly in a laptop’s web browser, a virtual machine in the cloud fetches and executes all content served from the target website. A sanitized version of the website is then sent to the end user — fully functional, with all malicious code removed.
 
Attendees will learn about:
  • The rising threats of online attacks and security breaches.
  • How traditional detection-based solutions work and why they aren’t effective.
  • Why isolation-powered security solutions drastically reduce online security threats.
Ray Quintavell

Ray Quintavell

Federal Sales Engineer, Menlo Security

}

12:37-12:45 PM

Technology Talk

Zero Trust for Application Workloads

Erik Costlow is a software security expert with extensive Java experience. He manages developer relations for Contrast Security and public Community Edition. Contrast weaves sensors into applications, giving them the ability to detect security threats based on how the application uses its data.
Erik was the principal product manager in Oracle focused on security of Java 8, joining at the height of hacks and departing after a two-year absence of zero-day vulnerabilities. During that time, he learned the details of Java at both a corporate/commercial and community level. He also assisted Turbonomic’s product management team in the data center/cloud performance automation. Erik also lead product management for Fortify static code analyzer, a tool that helps developers find and fix vulnerabilities in custom source code.

Erik Costlow

Erik Costlow

Federal Field CTO, Contrast Security

}

12:45-1:15 PM

Visionary Panel: Securing the Cloud Through Zero Trust

As agencies look to replace legacy systems with the cloud, zero trust has risen as a best cybersecurity practice. Listen in as topic experts discuss the shift to a teleworking workforce and the importance behind Zero Trust Security. This shift has triggered new cybersecurity strategies within the Federal Government, especially as Government agencies make the migration to the cloud. 

In what ways has Zero Trust Security helped to secure the cloud? Why is it important to protect the data stored within the cloud? Federal IT leaders will discuss the process of securing the cloud through Zero Trust and explain the importance of doing so within the Federal Government. Tune-in as Panelists also discuss how federal agencies and cloud service providers can work together to enhance security, and why it’s important to focus on protecting data instead of the network.

Robert Wood

Robert Wood

Chief Information Security Officer and Director, The Centers for Medicare & Medicaid Services, Department of Health and Human Services

Eric Mill

Eric Mill

Senior Advisor to Federal CIO, Office of Management and Budget (pending agency approval)

Jeff Hudson

Jeff Hudson

CEO, Venafi

Moderator: Kiersten Patton

Moderator: Kiersten Patton

Working Group Program Manager, ATARC

}

1:15 PM

Closing Remarks

Watch on demand

November 18

}

10:00 AM

Introduction

}

10-10:15 AM

Visionary Keynote Briefing

Sean Connelly

Sean Connelly

TIC Program Manager & Senior Cybersecurity Architect, Cybersecurity and Infrastructure Security Agency

}

10:15-10:30 AM

Technology Talk

Zero Trust Network Access (ZTNA) secures and protects Work From Anywhere (WFA)

Organizations are moving applications to the cloud at the same time that users are leaving the office.   This is creating challenges for how to safely and efficiently offer remote access.  Zero-trust principles can bring order to remote access with a better solution than VPN for this new Work From Anywhere (WFA) scenario.  Zero Trust Network Access (ZTNA) provides for flexible, yet granular, access to applications.  Learn how Fortinet’s ZTNA provides for safe and secure access, no matter where the user is or where the application is hosted.  Fortinet’s ZTNA brings flexibility and control to this new WFA reality.

 

 

Peter Newton

Peter Newton

Senior Director, Products and Solutions, Fortinet

}

10:30-11 AM

Visionary Panel: Zero Trust and the Federal Identity-Centric Security Roadmap 

The seismic shift to distributed workforces has dissolved the Defense Department’s traditional network perimeter and put a focus on a new critical aspect of cybersecurity: identity management. With users and devices now accessing critical information, systems, and applications from anywhere, the mindset must be to never trust and always verify. In this new environment, a zero trust approach can help agencies minimize their attack surface and cyber risk.

Tune into this panel to hear from topic experts on how to build an effective zero trust approach with an emphasis on identity and privileged access management. How does identity and privileged access management align with and enable Zero Trust? How does Zero Trust help agencies achieve ICAM Cybersecurity goals?

Gerry Caron

Gerry Caron

Chief Information Officer (CIO) / Assistant Inspector General for Information Technology (AIG/IT) at U.S. Department of Health and Human Services (HHS), Office of the Inspector General (OIG)

Deidra Bass

Deidra Bass

DIA Deputy Chief Information Security Officer (D-CISO), DIA HQ Deputy Division Chief Cyber and Security, United States Department of Defense

Josh Brodbent

Josh Brodbent

Sr. Public Sector Security Director, BeyondTrust

Moderator: Kiersten Patton

Moderator: Kiersten Patton

Working Group Program Manager, ATARC

}

11-11:15 AM

Technology Talk

Advanced Threats and XDR: Getting the Entire Picture, Beyond the Endpoint

We have advanced past EDR into the land of XDR, but XDR can be both misunderstood and overused. How do we tell the story of a an advanced, targeted threat that goes beyond the endpoint? Join me in this session as we explore a threat lifecycle, and how we can visualize, correlate, and remediate based on the full and complete story that XDR unfolds before us.

Dave Abramowitz

Dave Abramowitz

Federal Technical Lead, Trend Micro

}

11:15-11:45 AM

Visionary Panel: Applying and Implementing Zero Trust Principles

Implementing Zero Trust takes time and effort: it cannot be implemented overnight. For many networks, existing infrastructure can be leveraged and integrated to incorporate Zero Trust concepts, but the transition to a mature Zero Trust architecture often requires additional capabilities to obtain the full benefits of a Zero Trust environment.

Tune into this panel to hear from topic experts on the best practices for implementing Zero Trust within a government agency. What best strategies do these topic experts have for implementing and applying Zero Trust principles within an agency? What challenges have these experts had while implementing and applying these principles within their agency? What solutions did they come up with to overcome these challenges?

Jonathan Feibus

Jonathan Feibus

Chief Information Security Officer and Deputy Director, Nuclear Regulatory Commission

Shane Barney

Shane Barney

Chief Information Security Officer, Office of Information Technology, U.S. Citizenship and Immigration Services, U.S. Department of Homeland Security

William (Bill) Harrod

William (Bill) Harrod

Public Sector CTO, Ivanti

Moderator: Kiersten Patton

Moderator: Kiersten Patton

Working Group Program Manager, ATARC

}

11:45-11:52 AM

Technology Talk

How Nutanix Accelerates alignment to Zero Trust Architecture

The recent Executive Order on Improving the Nation’s Cybersecurity mandates that government IT must move to a Zero Trust Architecture (ZTA). No small task as government IT is typically composed of a complex ecosystem of legacy technology and modern technologies like private and public cloud.  The distributed nature of data across dissimilar IT environments has created new security challenges for federal agencies. Separate silos of enterprise storage, networks, and servers mean more complexity and specialized staff to support, but also it means more vulnerability and possible attack points. 

Nutanix can accelerate government IT’s alignment to ZTA by providing the necessary foundation on which government agencies can build their IT environment, whether on-premises (private cloud), public cloud or hybrid multicloud.  In this session we will introduce you to how the Nutanix® Cloud Platform helps government agencies and the military build modern, software-defined data centers and speed their hybrid multicloud deployments.  The platform helps government IT get powerful built-in virtual networking, enhanced disaster recovery, and simplified zero-trust security that otherwise would require additional specialized hardware, software, and skills.

Neil Ashworth

Neil Ashworth

Principal Security Architect, Nutanix

}

11:52 AM-12 PM

Technology Talk

Dynamic Security Enables Zero Trust

The journey to Zero Trust Architecture requires a change in thinking from the “gatekeeper” mentality to a more dynamic defense that relies on continuous monitoring.  Securing your network environment, for example, requires a dynamic assessment of risk.  If you are relying on a static measure, such as CVSS, to prioritize vulnerabilities, you are thinking like a gatekeeper. Similarly, Active Directory, as its name implies, is an active, dynamic environment that requires real-time continuous monitoring to secure effectively. Securing your AD on a continuous basis is an essential step on the road to Zero Trust.

Chris Jensen

Chris Jensen

Public Sector Business Development Manager, Tenable

}

12-12:30 PM

Visionary Panel: Government Guidances on Zero Trust

To help federal agencies convert their networks, systems and devices to a zero-trust security architecture, the White House has issued three new draft guidance documents. The documents, including the federal zero trust strategy from the Office of Management and Budget and a Zero Trust Maturity Model and Cloud Security technical reference architecture from the Cybersecurity and Infrastructure Security Agency, are meant to provide agencies with the roadmap and resources required to sustain a multiyear push towards zero trust.

Listen in as Topic Experts dive into the Guidances, as well as the importance behind them. How will these guidances affect Zero Trust Security? Do these guidances bring any challenges? What benefits do these guidances bring?

John Simms

John Simms

Deputy Branch Chief, Cybersecurity Assurance Branch, Cybersecurity and Infrastructure Security Agency

Bill Wright

Bill Wright

Sr. Director, North America Government Affairs, Splunk

Jason Miller

Jason Miller

Executive Editor, Federal News Network

}

12:30-12:37 PM

Technology Talk

Verify Everything, Trust Nothing: Zero Trust Cyber Resiliency with Veeam

NIST defines Zero Trust as “an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.” In this session you’ll learn how Veeam extends Zero Trust Cyber Resiliency across your on-prem, cloud, and SaaS workloads. Options like true data immutability, granular role-based access controls, and broad platform support guarantee your mission-critical data will always be available.

Jeff Reichard

Jeff Reichard

Sr. Director, Enterprise Strategy Veeam Government Solutions

}

12:37-12:45 PM

Technology Talk

Strengthening Your Security Posture with Secrets Management in ZTA

A robust Zero Trust Architecture (ZTA) manages and secures secrets – passwords, certificates, encryption keys, tokens, and other sensitive and private data. Learn how ZTA strengthens your organization’s security posture by building upon a foundation of secrets management.

Tim Silk

Tim Silk

Regional Director, Solutions Engineering, HashiCorp.

}

12:45-1:15 PM

Visionary Panel: Adoption and Implementation of Zero Trust in Legacy Networks

The rise of digital transformation dictates that businesses move faster, innovate harder and adopt new technologies to remain competitive in their industries. Many times, it means implementation of systems using the latest IT innovation and methods. Moving to deploy a Zero Trust model is often triggered by digital transformation, understanding that the attack surface is increasing beyond what traditional security controls can maintain and secure.

Tune into this panel to hear topic experts discuss what it looks like to adopt and implement Zero Trust in Legacy Networks. How do you implement Zero Trust when you have an existing infrastructure? Where do you start? What are the best practices to do this?

Jeffrey Lush

Jeffrey Lush

Chief Information Officer, Air University, Air Education and Training Command, U.S Department of the Air Force

Chris Kubic

Chris Kubic

CISO, Fidelis Security

Dave Nyczepir

Dave Nyczepir

Tech Reporter, Fedscoop

}

1:15 PM

Closing Remarks

Watch on demand

Zoom for Government enables ATARC remote collaboration opportunities through its cloud platform for video and audio conferencing, chats and webinars across all devices. Allowing for individuals from all areas of government, industry and academia to communicate directly. 

*** ATARC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org. Program Level: Overview, no prerequisites required. Advance preparation: none. Delivery Method: Group Internet Based. Field of Study: Information Technology. Registration #140762. In accordance with the standards of the National Registry of CPE Sponsors, CPE credits have been granted based on a 50-minute hour. Refund, cancellation and complaint resolution policy.