CyberScape: Insider Threats

CyberScape: Insider Threats

 
Cyberscape Insider Threats banner
mobile banner
Event builder display intro
Tysons, VA

Meet and hear from the federal IT cybersecurity leaders shaping budget and policy priorities. Leaders from the White House, NASA and the Departments of Defense, State, Health and Human Services, Homeland Security and Veterans Affairs will all be in attendance. Our panel topics include Hybrid Cloud Security, Reducing Technical Debt for Stronger Defenses and Shadow IT. Grab breakfast with us and network with the federal cyber community.

Date
March 2, 2023
Time
8:00 AM - 12:00 PM
Where
Archer Hotel Tysons - 7599 Colshire Drive, Tysons, VA 22102
 
The Threat of Shadow IT Panel

Session Recordings

Aging IT infrastructure presents numerous cybersecurity risks to federal agencies and also prohibits them from deploying effective security strategies. Air Force CISO Aaron Bishop, CISA Cybersecurity Advisor Jason Burt and Fortinet Federal CTO Felipe Fernandez discuss how they’re addressing technical debt by balancing targeted IT modernization with popular security approaches such as zero trust to secure data in declining systems.

Poor user experience in cybersecurity leads to workarounds, weakened security controls and shadow IT and opens up a broader attack surface to malicious cyber actors. DISA Hosting and Compute Center Technical Director Korie Seville, State Department Office Director Kenneth Rogers and Customs and Border Protection Scott Davis discuss the ways federal cyber leaders are working to improve the user experience with cybersecurity and reduce the threat of shadow IT.

More federal agencies are exploring hybrid cloud solutions to meet mission-specific needs. Balancing on-premise data centers and IT systems with commercial, software-defined cloud solutions can present tricky cybersecurity challenges and unique security risks. Defense Department's Stacy Bostjanick, Red Hat's Michael Epley, Veterans Affairs' Joseph Fourcade and NASA's Joe Foster discuss how to balance cybersecurity responsibilities with vendors and cloud strategies such as environment-as-code and zero trust for mitigating hybrid cloud vulnerabilities effectively.

The threat landscape is constantly changing along with the fast pace of technology, and federal agencies need to be primed and ready to respond to all threats, including those from within. Assistant National Cyber Director for Technology Security Anjana Rajan previews the National Cyber Strategy that puts more onus on companies to own their strategies.

The flywheel — a critical component in a machine to increase its momentum — is also a critical symbol representing our publication’s goal to keep federal IT decision-makers informed on technology's impact on government. This momentum is what fuels the constant need for transformers to innovate in federal technology and communicate those strategies across the industry. 

Peter Romness, cybersecurity principal for CISO advisors at Cisco Systems, joins us to proudly honor our cybersecurity awardees.

Related Coverage

White House Assistant National Cyber Director Anjana Rajan discussed the cyber landscape and the new National Cybersecurity Strategy's priorities in a fireside chat with GovCIO Media & Research.
The use of unauthorized technology has become increasingly prevalent in the remote work environment, weakening cybersecurity.
Air Force and CISA programs are securing critical data and IT infrastructures.
The Defense Department’s CMMC program and NIST guidance are helping agencies reap the benefits of hybrid cloud without sacrificing security.
The strategy calls on software developers to assume more responsibility for cyberattacks due to poorly developed code, common to the open-source community.

Agenda

 
-

Breakfast and Networking

-

Welcome Remarks

  • Michael Hoffman, President, GovCIO Media & Research
-

Panel: Reducing Technical Debt for Stronger Cyber Defenses with Zero Trust

Aging IT infrastructure presents numerous cybersecurity risks to federal agencies and also prohibits them from deploying effective security strategies. Hear from defense, health and civilian cyber leaders about how they’re addressing technical debt by balancing targeted IT modernization with popular security approaches such as zero trust to secure data in declining systems. 

  • Aaron Bishop, CISO, Department of the Air Force
  • Jason Burt, Cybersecurity Advisor, CISA
  • Rob Wood, CISO, CMS
  • Felipe Fernandez, CTO, Fortinet Federal
  • Moderator: Sarah Sybert, Senior Researcher, GovCIO Media & Research
-

Panel: The Threat of Shadow IT 

Poor user experience in cybersecurity leads to workarounds, weakened security controls and shadow IT (i.e., the use of IT services without departmental approval and without checking the proper security boxes, such as multi-factor authentication). Shadow IT opens up a broader attack surface to malicious cyber actors. In fast-paced work environments, federal employees need the right data at the right time to do their jobs without cybersecurity impeding the mission. This panel will explore the ways federal cyber leaders are working to improve the user experience with cybersecurity and reduce the threat of shadow IT. 

  • Korie Seville, Technical Director, Hosting and Compute Center, DISA
  • Kenneth D. Rogers, Office Director, Strategy, Planning and Budget, Department of State
  • Scott Davis, CISO, CBP
  • Moderator: Anastasia Obis, Staff Writer/Researcher, GovCIO Media & Research
-

Coffee Break

-

Panel: Addressing Hybrid Cloud Security Risks 

More federal agencies are exploring hybrid cloud solutions to meet mission-specific needs. Balancing on-premise data centers and IT systems with commercial, software-defined cloud solutions can present tricky cybersecurity challenges and unique security risks. This panel will discuss how to balance cybersecurity responsibilities with vendors and cloud strategies such as environment-as-code and zero trust for mitigating hybrid cloud vulnerabilities effectively.

  • Stacy Bostjanick, Chief Defense Industrial Base Cybersecurity, OCIO, DOD
  • Michael Epley, Chief Architect and Security Strategist, Public Sector, Red Hat
  • Joseph Fourcade, Lead Cybersecurity Analyst ESCO, VA
  • Joe Foster, Cloud Computing Program Manager, NASA
  • Moderator: Amy Kluber, Editor-in-Chief, GovCIO Media & Research
-

Fireside Chat: Evolving Cyber Priorities

The threat landscape is constantly changing along with the fast pace of technology, and federal agencies need to be primed and ready to respond to all threats, including those from within. The ongoing federal zero trust approach is one component to getting there.

  • Anjana Rajan, Assistant National Cyber Director for Technology Security, The White House

  • Moderator: Kate Macri, Deputy Editor, GovCIO Media & Research
-

Flywheel Awards Presentation

Sponsored by: Cisco Secure

We'll present the Flywheel Awards to recognize leaders and their work in federal government.

The flywheel — a critical component in a machine to increase its momentum — is also a critical symbol representing our publication’s goal to keep federal IT decision-makers informed on technology's impact on government. This momentum is what fuels the constant need for transformers to innovate in federal technology and communicate those strategies across the industry. 

Peter Romness, Cybersecurity Principal for CISO Advisors at Cisco Systems, joins us to proudly honor the following transformers: 

Cyber Defender

  • Stacy Bostjanick, Chief Defense Industrial Base Cybersecurity, DOD
  • Lynette Sherrill, Deputy Assistant Secretary of Information Security & CISO, Department of Veterans Affairs

Cybersecurity Rising Star

  • Korie Seville, Technical Director, Hosting and Compute Center, DISA

Zero Trust Advocate

  • Gerald Caron, CIO/Assistant Inspector General for IT, HHS OIG
-

Closing Remarks

  • Michael Hoffman, President, GovCIO Media & Research

Featuring

 

James “Aaron” Bishop, a member of the Senior Executive Service, is the Chief Information Security Officer (CISO) for the Department of the Air Force, comprised of the U.S. Air Force and the U.S. Space Force. As CISO, he is responsible for advising the Chief Information Officer and senior officials on cybersecurity policy, cybersecurity programs and cyber force development in the department. He leads a Directorate comprised of military, civilian and contractor personnel responsible for developing cybersecurity policy and strategy for over 5,000 Air Force information technology systems. He oversees risk management and cybersecurity accountability for information systems, weapon systems and operational technology supporting military cyberspace operations. His portfolio includes policy and governance of the defense industrial base, cyber supply chain risk management, compliance and cybersecurity capabilities. He has oversight for the Freedom of Information Act, Privacy Act laws and cryptographic modernization supporting cyber operations for the department.

CISO, Department of the Air Force

Ms. Stacy Bostjanick is a member of the Senior Executive Service and serves as the Chief of Implementation and Policy, Deputy Chief Information Officer for Cybersecurity (DCIO(CS)), Office of the Chief Information Officer. In this position, she serves as the focal point within the DoD CIO to implement the Cybersecurity Maturity Model Certification (CMMC) program across the Defense Industrial Base(DIB). 

As the CMMC Director, Ms. Bostjanick is responsible for sheparding this critical program though the Code of Federal Regulation System rulemaking process for both the CFR 32 and 48 and ultimately implementing the program across the more than 220,000 companies that make up the DIB. This includes collaborating across the Federal Government with partners such as the Department of Homeland Security and the other members of the Federal Acquisition Security Council, to standardize this process and truly federalize it. In this role, she also directs the Department’s efforts to educate DIB partners on programmatic requirements and ensures that DoD implements risk information sharing though the program’s execution. Additionally, Ms. Bostjanick is responsible for ensuring the Defense Acquisition community is trained and capable of including these requirements in their Programs and Acquisitions.  

Prior to joining the CIO, Ms. Bostjanick served as the Director of SCRM for OCISO(A&S), where she was responsible for ensuring the incorporation of integrated supply chain efforts within USD(A&S). Ms. Bostjanick has an extensive career as an Acquisition Professional with roles that include the head of DIA’s Contracting Activity, and the Senior Contracting Officer for the Missile Defense Agency on the Standard Missile 3 Block IA and IB development and production program. She was responsible for cradle-to-grave execution of over $5 billion of highly-complex, cutting-edge contracts for our nation's missile defense systems. Ms. Bostjanick has also served as the Deputy Procurement Executive with the Office of the Director of National Intelligence where she had responsibility for establishing Intelligence Community Enterprise-wide Policy and submissions to the Program Management Plan on an annual basis.  

Ms. Bostjanick has had numerous awards and accomplishments throughout her career including the Naval Meritorious Civilian Service Award, David Packard Excellence in Acquisition Award, Office of the Secretary of Defense Certificate of Appreciation, the Director of National Intelligence Award for Collaboration Leadership, National Intelligence Meritorious Citation, and the Small Business Award. 

Chief Defense Industrial Base Cybersecurity, OCIO, DOD

Jason Burt is a Cyber Security Advisor (CSA) with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency(CISA) assigned to Federal Region IV. CISA is the Nation’s risk advisor. The Agency protects the Nation’s critical infrastructure from physical and cyber threats by working with partners to defend against today’s threats and collaborating to build a more secure and resilient infrastructure for the future. CSAs are the front-facing cyber experts supporting regional operations capabilities. Mr. Burt serves as the liaison and focal point for communications, coordination, and outreach. He promotes cyber preparedness and resiliency, incident response, risk mitigation and situational awareness, and manages major cyber engagements; championing cyber resilience to public and private sector partners. Region IV encompasses eight states, including Mississippi, Alabama, Florida, Georgia, North Carolina, South Carolina, Tennessee, and Kentucky. Mr. Burt has been with the Department for nine years. Prior to becoming a CSA, he held positions as a Senior Watch Officer for CISA’s National Cyber Protection System (NCPS) Network Operation Center (NOC), as well as serving as a Network and Systems Administrator for the Department of Veterans Affairs. Additionally, Mr. Burt is also a retired Air Force Cyber Intelligence Officer. In this role, he provided direct support to Air Force Cyber Protection Teams tasked with defending key Air Force assets and resources against cyber threats.

Cybersecurity Advisor, CISA

Scott Davis joined the U.S. Customs and Border Protection (CBP) Office of Information and Technology (OIT) as the Deputy Chief Information Security Officer (CISO) and Chief Security Architect in May 2020. Prior to joining CBP, Scott was the Deputy CISO for the Department of Labor from January 2018 May 2020. He has an extensive and diverse background in military, public, and private sectors with critical infrastructure security and information systems. Scott served for more than 20 years in the U.S. Air Force and has held roles in information systems security and systems engineering with the Department of Homeland Security (DHS) and as the Region Command Information Officer at the U.S. Department of the Navy. He has worked for the National Reconnaissance Office as a Flight Chief of Information Systems and Superintendent for the Communications Operations Squadron. He also worked for Booz Allen Hamilton as a Lead Project Manager and IT Lead.

As the Acting CISO at OIT, Scott provides cybersecurity expertise to ensure OIT technology services are provided in the most secure manner possible in support of the CBP mission. He recently developed the CBP FY22-24 Cybersecurity Strategy which will guide improvements to enhance the security of CBP information systems and the data processed, contained, and distributed by those systems.

Previously he managed and measured cybersecurity risks of the Department of Labor’s IT assets through the Identity and Access Management program by providing credentialed access to network accounts and supervising privileged user accounts. He integrated a Simplified Sign-on (SSO) system for 24 major applications, including three enterprise-wide solutions, reducing the need for multiple passwords, and fortified cybersecurity for the Department’s networks and systems through the use of the Continuous Diagnostics and Mitigation program, while overcoming a 38% Federal staffing shortage.

Scott earned a Bachelor of Science in Information Systems Management and Security Administration from Strayer University, and a Master of Business Administration from Liberty University.

CISO, CBP

Michael Epley has been helping the US defense and National Security communities use and adopt open source software over the last 2 decades with practical experience as a software developer and enterprise architect. During his tenure at Red Hat, Michael has passionately driven adoption of key technology: cloud and kubernetes, tactical edge/forward deployed systems, data analytics tools and platforms, and disconnected operations -- always in the context of security and compliance concerns unique to this sector. Michael has BS degrees in Mathematics and Mechanical Engineering from Virginia Tech and a JD from The University of Texas School of Law.

Chief Architect and Security Strategist, Public Sector, Red Hat

Felipe Fernandez is the CTO at Fortinet Federal, a U.S. next-generation cyber security solution vendor that provides real-time threat detection and prevention. In addition to his role as a team manager, Felipe also oversees the US Federal product strategy and certification process at Fortinet Federal, such as the DoDIN APL and NSACSfC. Felipe has more than 21 years of experience in consulting, deploying, operating, and auditing security solutions in DoD and the private sector.

CTO, Fortinet Federal

Joe Foster joined NASA in September 2018 to transform how NASA utilizes and adopts the cloud for mission. As a cloud computing subject matter expert with over 15 years of Government service, he provides GFSC with center-wide strategic and tactical advice and leads integration efforts across center to accelerate cloud adoption. He is also the primary interface to the Agency Computing Services Program Office, advocating center-wide cloud computing needs to the Agency. Joe previously served as an IT Program Manager with the National Geospatial-Intelligence Agency (NGA) from 2010–2018, where he was an early adopter of commercial cloud services starting in 2015. In this role he oversaw the migration of over 60 separate applications from on-premises data centers to the cloud; spearheaded adoption of the DevOps Pipeline; and conceptualized the system being used by NGA to plan and track the cloud migration of more than 650 applications Agency-wide. He served on NGA’s Cloud Leadership Team, Cloud Adoption Management Group, and DevOps Council, as well as advised leadership for input to 2 Intelligence Community-wide Cloud forums, the Intelligence Community IT Enterprise steering committee, and the ICITE Mission Users Group Forums. Prior to NGA, Joe also served in the U.S. Department of Homeland Security (DHS), the Nuclear Regulatory Commission (NRC), and as a private sector consultant. Joe is a U.S. Army Veteran (serving from 1998–2005 as a Chemical Weapons Analyst) with a Bachelor’s Degree in Business Management and a Master’s of Business Administration, with a concentration in Organizational Strategy and Finance, from the University of Maryland.

Cloud Computing Program Manager, NASA

Joseph Fourcade is a Lead Cybersecurity Analyst with the Enterprise Cloud Solutions Office, Department of Veterans Affairs. He received his Associates from United States Air Force, B.S from Nova Southeastern and his Masters from University of Phoenix. He has worked over 30 years of federal service with over 20 years working for VA and after being honorably discharged from the United States Air Force in 2001 after 10 years of service. Work History during his career listed the Miami VA Medical Center for 8 years In Office of Information Technology and the West Palm Beach VA Medical Center as an ISSO Information Security office.The time as an Information System Security Officer received awards for outstanding customer and college support multiple times for providing understanding of providing security is not a stopper but a path to work together attitude. The support of the enterprise through ECSO security consist of always working with clients to ensure the understanding of cloud adoption and what security cloud provides to the enterprise for applications through fedramp support. In his current position has been recognized for his knowledge and support with all efforts for Security of the cloud for VA.

Lead Cybersecurity Analyst, Enterprise Cloud Solutions Office, Office of Information and Technology, VA

Anjana Rajan currently serves as the Assistant National Cyber Director for Technology Security at The White House. A renowned cryptographer, technology executive, and entrepreneur, Rajan has spent her career working at the nexus of national security and human rights. Prior to joining the White House, she was the first Chief Technology Officer of Polaris, the largest anti-human trafficking NGO in the United States. In this role, she architected Polaris’s web3 & human rights vision and built a proactive security strategy to defend the organization against foreign malign influence operations and violent extremist threats. 

Previously, Anjana was a Tech Policy Fellow at the Aspen Institute, was a former Y Combinator founder, led open-source development of advanced cryptographic libraries, and worked at Palantir Technologies. She was a Knight Scholar at Cornell University’s Engineering School and received her bachelor’s and master’s degrees in Operations Research Engineering. 

Assistant National Cyber Director for Technology Security, The White House

Ken Rogers is a member of the Senior Executive Service (SES) and provides executive leadership for IT strategic planning, policy, portfolio and performance management, and budget formulation and execution including the use of various working capital funds associated with the Department’s $2.97B global IT portfolio. This IT portfolio supports a 76K person workforce operating in over 300 locations around the world. 

Mr. Roger’s public sector career included serving as the State Department Chair at the Department of Defense, National Defense University, College of Information & Cyberspace. He also served as the Chief Information Officer at the Department of Homeland Security’s Science & Technology Directorate and has held leadership positions as the Chief Architect and Strategist at the U.S. Department of Commerce and the Export Import Bank.  

His private sector experience includes financial management, government relations, and information systems management in the banking and aerospace industries, and as an international economic and management consultant supporting USAID. 

Office Director, Strategy, Planning and Budget, Department of State

Peter Romness is a Cybersecurity Principal for CISO Advisors at Cisco Systems. For over 30 years, he has been devoted to helping government and education organizations securely accomplish their goals. He is honored to be able to help leaders understand and implement the latest cyber strategies to defend against threats, maintain individuals’ privacy, protect sensitive information, and secure government intellectual property.

Peter brings Cisco’s advanced cybersecurity solutions to departments and agencies at Federal, State, and Local Governments, and Educational Institutions. He works with NIST and the National Cybersecurity Center of Excellence (NCCoE) and has contributed to their 1800-Series Special Publications. Peter helps the broader IT community
understand the very latest cyber capabilities and risk mitigation methods to effectively address cyber threats. His technical background and passion for clearly conveying high-tech topics allows him to explain advanced concepts to all audiences from engineer to business leader.


Prior to Cisco Systems, Peter held leadership positions at Hewlett-Packard, AT&T and Panasonic. He holds a degree in Mechanical Engineering from Duke University.

Cybersecurity Principal, CISO Advisor's Office, Cisco

Mr. Korie Seville serves as the Defense Information Systems Agency’s (DISA) Hosting and Compute Center (HaCC) Technical Director. In this role, Mr. Seville is responsible for the strategic technical direction of various DISA HaCC data center and cloud initiatives, including the Joint Warfighting Cloud Capability (JWCC) and Zero Trust.  
 
Prior to becoming the Technical Director, Mr. Seville was the HaCC’s cloud infrastructure architect. As a member of the HaCC, he was responsible for architecting and integrating commercial cloud hosted solutions into the DoD network infrastructure. 
 
Before joining the HaCC, Mr. Seville was an infrastructure architect for the Cloud Computing Program Office (CCPO) providing support to critical cloud enabling projects to include the Cloud Layered Obfuscation Application Kit, Global Directory, Azure Hosting Infrastructure, and the Commercial Virtual Remote (CVR) environment, which brought Microsoft 365 to over a million Department of Defense employees during the global pandemic. Also, Mr. Seville received a Bachelor of Computer Science from the Shippensburg University of Pennsylvania. 

Technical Director, Hosting and Compute Center, DISA

Agenda

-

Breakfast and Networking

-

Welcome Remarks

  • Michael Hoffman, President, GovCIO Media & Research
-

Panel: Reducing Technical Debt for Stronger Cyber Defenses with Zero Trust

Aging IT infrastructure presents numerous cybersecurity risks to federal agencies and also prohibits them from deploying effective security strategies. Hear from defense, health and civilian cyber leaders about how they’re addressing technical debt by balancing targeted IT modernization with popular security approaches such as zero trust to secure data in declining systems. 

  • Aaron Bishop, CISO, Department of the Air Force
  • Jason Burt, Cybersecurity Advisor, CISA
  • Rob Wood, CISO, CMS
  • Felipe Fernandez, CTO, Fortinet Federal
  • Moderator: Sarah Sybert, Senior Researcher, GovCIO Media & Research
-

Panel: The Threat of Shadow IT 

Poor user experience in cybersecurity leads to workarounds, weakened security controls and shadow IT (i.e., the use of IT services without departmental approval and without checking the proper security boxes, such as multi-factor authentication). Shadow IT opens up a broader attack surface to malicious cyber actors. In fast-paced work environments, federal employees need the right data at the right time to do their jobs without cybersecurity impeding the mission. This panel will explore the ways federal cyber leaders are working to improve the user experience with cybersecurity and reduce the threat of shadow IT. 

  • Korie Seville, Technical Director, Hosting and Compute Center, DISA
  • Kenneth D. Rogers, Office Director, Strategy, Planning and Budget, Department of State
  • Scott Davis, CISO, CBP
  • Moderator: Anastasia Obis, Staff Writer/Researcher, GovCIO Media & Research
-

Coffee Break

-

Panel: Addressing Hybrid Cloud Security Risks 

More federal agencies are exploring hybrid cloud solutions to meet mission-specific needs. Balancing on-premise data centers and IT systems with commercial, software-defined cloud solutions can present tricky cybersecurity challenges and unique security risks. This panel will discuss how to balance cybersecurity responsibilities with vendors and cloud strategies such as environment-as-code and zero trust for mitigating hybrid cloud vulnerabilities effectively.

  • Stacy Bostjanick, Chief Defense Industrial Base Cybersecurity, OCIO, DOD
  • Michael Epley, Chief Architect and Security Strategist, Public Sector, Red Hat
  • Joseph Fourcade, Lead Cybersecurity Analyst ESCO, VA
  • Joe Foster, Cloud Computing Program Manager, NASA
  • Moderator: Amy Kluber, Editor-in-Chief, GovCIO Media & Research
-

Fireside Chat: Evolving Cyber Priorities

The threat landscape is constantly changing along with the fast pace of technology, and federal agencies need to be primed and ready to respond to all threats, including those from within. The ongoing federal zero trust approach is one component to getting there.

  • Anjana Rajan, Assistant National Cyber Director for Technology Security, The White House

  • Moderator: Kate Macri, Deputy Editor, GovCIO Media & Research
-

Flywheel Awards Presentation

Sponsored by: Cisco Secure

We'll present the Flywheel Awards to recognize leaders and their work in federal government.

The flywheel — a critical component in a machine to increase its momentum — is also a critical symbol representing our publication’s goal to keep federal IT decision-makers informed on technology's impact on government. This momentum is what fuels the constant need for transformers to innovate in federal technology and communicate those strategies across the industry. 

Peter Romness, Cybersecurity Principal for CISO Advisors at Cisco Systems, joins us to proudly honor the following transformers: 

Cyber Defender

  • Stacy Bostjanick, Chief Defense Industrial Base Cybersecurity, DOD
  • Lynette Sherrill, Deputy Assistant Secretary of Information Security & CISO, Department of Veterans Affairs

Cybersecurity Rising Star

  • Korie Seville, Technical Director, Hosting and Compute Center, DISA

Zero Trust Advocate

  • Gerald Caron, CIO/Assistant Inspector General for IT, HHS OIG
-

Closing Remarks

  • Michael Hoffman, President, GovCIO Media & Research

Gold Sponsors

 
Fortinet Federal Logo
 
Red Hat logo
 
 
 

Awards Sponsor

 
Cisco Secure
 
 
 

Green Room Sponsors

 
Presidio Federal Federal Logo
 
Paloalto Logo
 
ImmixGroup Logo