ATARC Federal CISO Summit

The ATARC Federal CISO Summit will be held on January 25, 2018 at the Marriott at Metro Center in Washington, D.C.

–>Free Government Registration


This educational, one-day symposium will discuss the security challenges faced by Federal Chief Information Security Officers and examine the lessons learned and best practices used to secure the information technology resources of government agencies.


The morning session features speakers and panels with government thought leaders, while the afternoon includes the MITRE-ATARC Cyber Collaboration Symposium, where government, academic and industry subject matter experts brainstorm and whiteboard Security challenge areas.


All ATARC events are free to government and full-time academics, and participants are eligible for CPE credits from (ISC)², the World’s largest IT security organization.

Government Chair

Mittal Desai, Chief Information Security Officer, Federal Energy Regulatory Commission (pending agency approval)

MITRE Chair

Mari Spina, Principal Cyber Security Engineer

THURSDAY, JANUARY 25
7:30 a.m. 

Registration and Opening of ATARC Cyber Technology Showcase

–>Free Government Registration
–>Participants in ATARC Cyber Technology Showcase

8:00 a.m.
Welcome Remarks in ATARC Cyber Technology Showcase

Mittal Desai, Chief Information Security Officer, Federal Energy Regulatory Commission (pending agency approval)

suder_100
Tom Suder, President, Advanced Technology Academic Research Center (ATARC)

8:30 a.m.
Keynote Introduction
suder_100
Tom Suder, President, Advanced Technology Academic Research Center (ATARC)

8:35 a.m. – 9:00 a.m.
Visionary Keynote Briefing

Kevin Cox, Program Manager, Continuous Diagnostics and Mitigation (CDM) Program, Office of Cybersecurity and Communications, U.S. Department of Homeland Security (pending agency approval)

9:00 a.m. – 10:00 a.m.
Visionary Panel – State of Cybersecurity in the Federal Government

As the Federal government faces a daily increase in the number of Cyber threats, how are agencies dealing with these mounting security challenges? How can agencies reduce the attack surface and improve network visibility? This panel will examine the current and future state of cybersecurity within the Federal government.

Moderator

Jason Miller, Executive Editor, Federal News Radio

Panelists

Mittal Desai, Chief Information Security Officer, Federal Energy Regulatory Commission (pending agency approval)


Bobbie Stempfley, Director, CERT Division, Carnegie Mellon University/Former Deputy Assistant Secretary, Office of Cybersecurity and Communications, U.S. Department of Homeland Security


Rod Turk, Acting Chief Information Officer/Chief Information Security Officer, U.S. Department of Commerce


Christopher Wlaschin, Chief Information Security Officer, U.S. Department of Health and Human Services (pending agency approval)

10:00 a.m. – 10:30 a.m. 
Break in ATARC Cyber Technology Showcase

–>Participants in ATARC Cyber Technology Showcase

10:30 a.m. – 11:30 a.m.
Visionary Panel – Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure: What’s Next?

Presidential Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, and the subsequent Report to the President on Federal IT Modernization, outline a vision for the Federal Government to build a more modern and secure architecture for Federal IT Systems. How are Federal agencies planning to strengthen their networks and infrastructure, and what are the next steps in doing so?

Moderator

Tom Suder, Founder, Advanced Technology Academic Research Center (ATARC)

Panelists

Beau Houser, Chief Information Security Officer, U.S. Small Business Agency (pending agency approval)


Melinda Rogers
, Chief Information Security Officer, U.S. Department of Justice (pending agency approval)


Howard Whyte, Chief Information Officer, Federal Deposit Insurance Corporation (pending agency approval)

11:30 a.m. – 12:00 p.m.
Visionary Keynote Briefing

Dr. Barry West, Senior Advisor and Senior Accountable Official for Risk Management, U.S. Department of Homeland Security (pending agency approval)

12:00 p.m. – 1:15 p.m.
ATARC Cyber Technology Showcase

–>Participants in ATARC CISO Technology Showcase

1:15 p.m. – 1:45 p.m.
Visionary Keynote Briefing

Therese Firmin
, Principal Director, DCIO (CS) and Deputy Chief Information Security Officer, U.S. Department of Defense (pending agency approval)

1:45 p.m. – 4:45 p.m.
MITRE-ATARC Cyber Collaboration Symposium

MITRE-ATARC Cyber Collaboration Symposium

The MITRE-ATARC Cyber Collaboration Symposium features discussion and white-boarding between government and industry subject matter experts in a small-group setting. The outcomes of these sessions will be compiled in a White Paper with recommendations to the government.

SESSION TOPICS

1. Impact of Presidential Executive Order on Cybersecurity
With the new administration came a renewed push for employment of shared services and common cyber security solutions. This session will discuss the recent guidance coming from the executive branch including the Presidential Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, the Report to the President on Federal IT Modernization, and Secretary of Defense memo on Accelerating Enterprise Cloud Adoption. The session will also assess the impacts upon federal agencies and discuss possibilities and options for achieving associated objectives.

MITRE Lead

Michael Aisenberg, Principal Cyber Policy Analyst/Counsel, MITRE

MITRE Lead

David Weitzel, Compliance Officer, Policy & Standards Lead, MITRE

2. Quantifying Security Metrics
With the focus on recent Executive Orders, CISOs across government will be asked for more metrics and improved measures of success. CISOs are expected to report their status and demonstrate their achievements yet little guidance or common practices exist to support the CISO in this task. At the same time, today’s security products are generating greater and greater amounts of cyber related data.  This session will focus upon measures of cyber effectiveness and various means for reporting.  It will also discuss common metrics used by CISOs and the role of Security Information and Event Management (SIEM) systems, cyber analytics, and the use of big data systems in tracking and measuring cyber security effectiveness.

MITRE Lead

Scott Paul, Network Security Engineer, MITRE

3. Challenges for Ever-Changing and Expanding Threat Surface
Cyber attack sophistication is increasing, e.g., autonomous machine hacking, ransomware, and the cloud is morphing the boundary and extending the cyber threat surface. Long term approaches and strategies for governing in this ever-changing and mostly indeterminate environment are vital to a CISO’s success. This session will address proactive and reactive approaches to managing in this environment.  Organization governance approaches will also be shared and examined.

MITRE Lead

Bill Hill, Director, Corporate Information Security

4. Addressing the Cybersecurity Skills Gap
The demand for cyber security skills in government is unlikely to be met by industry supply for the foreseeable planning horizon. And today’s emerging workforce is potentially less security conscious than those of the past making the insider threat ever more insidious. Approaches to finding talent and handling the insider threat in today’s budget constrained business environment will be shared and examined in this session.

Academic Lead

Dr. Jonathan Katz, Professor, Computer Science/Director, Maryland Cybersecurity Center, University of Maryland Institute for Advanced Computer Studies

Academic Lead

Dr. Scott White, Associate Professor & Director of Cybersecurity, The George Washington University

MITRE Lead

Nickyra Jackson, Senior Cyber Security Engineer, MITRE

5. Security Challenges with IoT and Other Emerging Technologies
On the forefront: IoT and other emerging technologies touting greater connectivity, increased functionality, and broader resource sharing. It’s what keeps government CISOs up at night. If managing systems is difficult today, wait until the coffee maker becomes an attacker. Strategies for defining policy and technical solutions to IoT device management will be identified and discussed in this session along. Also, governance models for addressing the changing technology and security landscape will be shared and examined.

MITRE Lead

Brian McKenney, Senior Principal Security Engineer, MITRE

Industry Lead

Adewale Omoniyi, 
Senior Manager, IBM Global Business Services

 

RULES OF ENGAGEMENT

1.   Participants should come prepared to:

  • Contribute and participate from specific domain/experience
  • Share ideas and build off each other’s contributions
  • Support the session facilitators and other team members
  • Write down ideas on whiteboard
  • Create best practices to support the event’s objectives and goals
  • Refrain from sales or business development conversations

2.   All discussed material must be publicly releasable

  • No Classified discussions
  • No proprietary discussions

3.   None of the discussions or artifacts constitute Government direction, nor should be interpreted as official Government position

1:30 p.m. – 1:45 p.m.
Logistics for MITRE-ATARC Cyber Collaboration Symposium


Mari Spina, Principal Cyber Security Engineer

1:45 p.m. – 3:45 p.m.
Collaboration Sessions

3:45 p.m. – 4:00 p.m.
Break for Out Brief Preparation

4:00 p.m. – 4:30 p.m.
Session Out Briefs

ATARC Cyber Technology Showcase | January 2018

ATARC Media & Strategic Partners