Cloud Safe Task Force: Measurement, Metrics and Monitoring

April 8, 2024, 11:30 AM - 4:30 PM ET | MITRE Campus, McLean, VA

Event Overview

Join the Cloud Safe Task Force (CSTF) to develop Whole-of-Government approaches to improve US cloud security.

At its April 8, 2024 meeting, the Task Force will take up Cloud Safe initiatives in measures, metrics, and monitoring for cloud security.

The Task Force is looking for demonstrations and innovations in cloud security focused metrics and real-time monitoring. During this session, we’ll facilitate an open discussion of top metrics for measuring cloud security. We welcome you to come prepared with your top 3 measurement priorities and add your voice to the conversation.

The Task Force seeks to develop a security focused government scorecard that addresses all segments of the shared-responsibility model including systems operated by providers and government consumers. In addition, the Task Force will address questions related to measuring the security posture of public and government clouds, real-time reporting of threat activity and vulnerabilities, transparency in monitoring and information sharing, and the role of active routine testing for vulnerability discovery.

This event is open to anyone who wants to contribute their ideas or has an interest in learning more about government cloud security.

Cloud Safe Task Force: Recommendation Roadmap

Agenda

}

11:30 AM

Registration & Networking Lunch

}

12:30 PM

Opening Remarks, Logistics, and Agenda

Deborah Youmans

Deborah Youmans

Vice President & Chief Information Officer, MITRE

David Powner

David Powner

Executive Director, Center for Data-Driven Policy, MITRE

}

12:40 PM

Lessons Learned

Chris Poulin

Chris Poulin

Field CISO, Bitsight

}

1:10 PM

Break

}

1:15 PM

Fireside Chat

David Powner

David Powner

Executive Director, Center for Data-Driven Policy, MITRE

John Weiler

John Weiler

Chief Executive Officer, IT-AAC

Dr. Mari Spina

Dr. Mari Spina

Senior Principle Cyber Security Engineer, MITRE

John Yeoh

John Yeoh

Global Vice President of Research, Cloud Security Alliance

}

1:40 PM

Break

}

1:45 PM

Panel Discussion 1: Measures & Metrics

Measure what matters most.  What are the most important metrics and how do we prioritize when making decisions?  Federal IT has a history of compliance and needs to shift more towards outcomes. The panel will discuss current metric deficiencies and propose specific “Whole-of-Government” suggestions for measuring outcomes to drive performance.

 

Joe Daw

Joe Daw

Principle Security Architect, IBM

Steve Pitcher

Steve Pitcher

Senior Cyber Survivability Analyst, Joint Staff - J6

Chris Poulin

Chris Poulin

Field CISO, Bitsight

Co-Moderator: John Weiler

Co-Moderator: John Weiler

Chief Executive Officer, IT-AAC

Co-Moderator: John Yeoh

Co-Moderator: John Yeoh

Global Vice President of Research, Cloud Security Alliance

}

2:50 PM

Break

}

2:55 PM

Panel Discussion 2: Continuous Monitoring

Clearly, our adversaries are constantly changing their attack strategies with sophisticated AI enabled tools.  How can the Government respond by embracing advanced monitoring tools and techniques for measuring real-time cybersecurity.  CISA created JCDC and NSA has established its Cyber Collaboration center.  CMMC also may need a more dynamic approach for its DIB contractors while FedRAMP programs could improve transparency and information sharing.  The panel will discuss current deficiencies for cloud security monitoring and information sharing and propose specific “Whole-of-Government” suggestions for improvement.

 

Ross Foard

Ross Foard

Senior Engineer and ICAM Subject Matter Expert, Cybersecurity and Infrastructure Security Agency, U.S. Department of Homeland Security (Pending Agency Approval)

Steve Derr

Steve Derr

Vice President, Cloud Operations & Engineering, Oracle Government Defense & Intelligence

John Bergin

John Bergin

Director of Federal, Microsoft Digital Security and Risk, Microsoft Corporation

Co-Moderator: Dr. Mari Spina

Co-Moderator: Dr. Mari Spina

Senior Principle Cyber Security Engineer, MITRE

Co-Moderator: Katy Warren

Co-Moderator: Katy Warren

Senior Principal and Department Manager, MITRE

}

4:15 PM

Closing Remarks

David Powner

David Powner

Executive Director, Center for Data-Driven Policy, MITRE

Dr. Mari Spina

Dr. Mari Spina

Senior Principle Cyber Security Engineer, MITRE

John Weiler

John Weiler

Chief Executive Officer, IT-AAC

John Yeoh

John Yeoh

Global Vice President of Research, Cloud Security Alliance

Cloud Safe Task Force Technical Advisory Corps

Katy Warren

Katy Warren

Senior Principal and Department Manager, MITRE

Anil Karmel

Anil Karmel

President, Washington Chapter, Cloud Security Alliance

Dr. Mari Spina

Dr. Mari Spina

Senior Principle Cyber Security Engineer, MITRE

Register now! 

Zoom for Government enables ATARC remote collaboration opportunities through its cloud platform for video and audio conferencing, chats and webinars across all devices. Allowing for individuals from all areas of government, industry and academia to communicate directly. 
*** ATARC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org. Program Level: Overview, no prerequisites required. Advance preparation: none. Delivery Method: Group Live. Field of Study: Information Technology. Registration #140762. In accordance with the standards of the National Registry of CPE Sponsors, CPE credits have been granted based on a 50-minute hour. Refund, cancellation and complaint resolution policy.