CyberScape: Insider Threats

CyberScape: Insider Threats

Cyberscape Insider Threats banner
mobile banner
Event builder display intro
Tysons Corner, VA

The rapid increase in cybercrime turned cyber leaders’ focus to beefing up cyber defenses and developing new cybersecurity strategies to resist hackers and ransomware. But as federal agencies shift IT operations to the cloud and develop new digital services for their employees and the general public, a new threat looms: unintentional insider threats. Poor user experience, technical debt and a weak cyber culture can all contribute to cyber incidents that start from inside an organization. 

Hear from civilian and defense agencies about how they’re working with vendors and industry partners to raise cybersecurity awareness, mitigate vulnerabilities unique to hybrid cloud, reduce technical debt to deploy better security systems, improve the user experience to fight shadow IT, and build scalable, interoperable cybersecurity solutions for the IT infrastructure of the future. 

Date
March 2, 2023
Time
8:00 AM - 12:00 PM
Where
Archer Hotel Tysons - 7599 Colshire Drive, Tysons, VA 22102

 
Panelists on stage

Agenda

 
-

Breakfast and Networking

-

Welcome Remarks

  • Amy Kluber, Editor-in-Chief, GovCIO Media & Research
-

Fireside Chat: A Cyber-Aware Culture

Proper cybersecurity training goes a long way in preventing breaches. Fostering the idea of cybersecurity as a “team sport” involving constant vigilance from all team members can be a big mindset shift for some organizations, but federal cyber leaders are working hard to educate, train and prepare employees for potential cyber incidents. 

-

Panel: Reducing Technical Debt for Stronger Cyber Defenses with Zero Trust

Aging IT infrastructure presents numerous cybersecurity risks to federal agencies and also prohibits them from deploying effective security strategies. Hear from defense, health and civilian cyber leaders about how they’re addressing technical debt by balancing targeted IT modernization with popular security approaches such as zero trust to secure data in declining systems. 

  • Aaron Bishop, Chief Information Security Officer, Department of the Air Force
  • Jason Burt, Cybersecurity Advisor, CISA
  • Rob Wood, CISO, CMS
  • Felipe Fernandez, Sr. Director, Systems Engineering, Fortinet Federal
-

Panel: The Threat of Shadow IT 

Poor user experience in cybersecurity leads to workarounds, weakened security controls and shadow IT (i.e., the use of IT services without departmental approval and without checking the proper security boxes, such as multi-factor authentication). Shadow IT opens up a broader attack surface to malicious cyber actors. In fast-paced work environments, federal employees need the right data at the right time to do their jobs without cybersecurity impeding the mission. This panel will explore the ways federal cyber leaders are working to improve the user experience with cybersecurity and reduce the threat of shadow IT. 

  • Korie Seville, Technical Director, Hosting and Compute Center, DISA
  • Kenneth D. Rogers, Office Director, Strategy, Planning and Budget, Department of State
  • Scott Davis, CISO, CBP
-

Coffee Break

-

Panel: Addressing Hybrid Cloud Security Risks 

More federal agencies are exploring hybrid cloud solutions to meet mission-specific needs. Balancing on-premise data centers and IT systems with commercial, software-defined cloud solutions can present tricky cybersecurity challenges and unique security risks. This panel will discuss how to balance cybersecurity responsibilities with vendors and cloud strategies such as environment-as-code and zero trust for mitigating hybrid cloud vulnerabilities effectively.

  • Stacy Bostjanick, Chief Defense Industrial Base Cybersecurity, OCIO, DOD
  • Joe Foster, Cloud Computing Program Manager, NASA
-

Awards Presentation

-

Fireside Chat: Evolving Cyber Priorities

The threat landscape is constantly changing along with the fast pace of technology, and federal agencies need to be primed and ready to respond to all threats, including those from within. The ongoing federal zero trust approach is one component to getting there.

  • Anjana Rajan, Assistant National Cyber Director for Technology Security, The White House

-

Closing Remarks

  • Amy Kluber, Editor-in-Chief, GovCIO Media & Research

Featuring

 

James “Aaron” Bishop, a member of the Senior Executive Service, is the Chief Information Security Officer (CISO) for the Department of the Air Force, comprised of the U.S. Air Force and the U.S. Space Force. As CISO, he is responsible for advising the Chief Information Officer and senior officials on cybersecurity policy, cybersecurity programs and cyber force development in the department. He leads a Directorate comprised of military, civilian and contractor personnel responsible for developing cybersecurity policy and strategy for over 5,000 Air Force information technology systems. He oversees risk management and cybersecurity accountability for information systems, weapon systems and operational technology supporting military cyberspace operations. His portfolio includes policy and governance of the defense industrial base, cyber supply chain risk management, compliance and cybersecurity capabilities. He has oversight for the Freedom of Information Act, Privacy Act laws and cryptographic modernization supporting cyber operations for the department.

Chief Information Security Officer, Department of the Air Force

Ms. Stacy Bostjanick is a member of the Senior Executive Service and serves as the Chief of Implementation and Policy, Deputy Chief Information Officer for Cybersecurity (DCIO(CS)), Office of the Chief Information Officer. In this position, she serves as the focal point within the DoD CIO to implement the Cybersecurity Maturity Model Certification (CMMC) program across the Defense Industrial Base(DIB). 

As the CMMC Director, Ms. Bostjanick is responsible for sheparding this critical program though the Code of Federal Regulation System rulemaking process for both the CFR 32 and 48 and ultimately implementing the program across the more than 220,000 companies that make up the DIB. This includes collaborating across the Federal Government with partners such as the Department of Homeland Security and the other members of the Federal Acquisition Security Council, to standardize this process and truly federalize it. In this role, she also directs the Department’s efforts to educate DIB partners on programmatic requirements and ensures that DoD implements risk information sharing though the program’s execution. Additionally, Ms. Bostjanick is responsible for ensuring the Defense Acquisition community is trained and capable of including these requirements in their Programs and Acquisitions.  

Prior to joining the CIO, Ms. Bostjanick served as the Director of SCRM for OCISO(A&S), where she was responsible for ensuring the incorporation of integrated supply chain efforts within USD(A&S). Ms. Bostjanick has an extensive career as an Acquisition Professional with roles that include the head of DIA’s Contracting Activity, and the Senior Contracting Officer for the Missile Defense Agency on the Standard Missile 3 Block IA and IB development and production program. She was responsible for cradle-to-grave execution of over $5 billion of highly-complex, cutting-edge contracts for our nation's missile defense systems. Ms. Bostjanick has also served as the Deputy Procurement Executive with the Office of the Director of National Intelligence where she had responsibility for establishing Intelligence Community Enterprise-wide Policy and submissions to the Program Management Plan on an annual basis.  

Ms. Bostjanick has had numerous awards and accomplishments throughout her career including the Naval Meritorious Civilian Service Award, David Packard Excellence in Acquisition Award, Office of the Secretary of Defense Certificate of Appreciation, the Director of National Intelligence Award for Collaboration Leadership, National Intelligence Meritorious Citation, and the Small Business Award. 

Chief Defense Industrial Base Cybersecurity, OCIO, DOD

Jason Burt is a Cyber Security Advisor (CSA) with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency(CISA) assigned to Federal Region IV. CISA is the Nation’s risk advisor. The Agency protects the Nation’s critical infrastructure from physical and cyber threats by working with partners to defend against today’s threats and collaborating to build a more secure and resilient infrastructure for the future. CSAs are the front-facing cyber experts supporting regional operations capabilities. Mr. Burt serves as the liaison and focal point for communications, coordination, and outreach. He promotes cyber preparedness and resiliency, incident response, risk mitigation and situational awareness, and manages major cyber engagements; championing cyber resilience to public and private sector partners. Region IV encompasses eight states, including Mississippi, Alabama, Florida, Georgia, North Carolina, South Carolina, Tennessee, and Kentucky. Mr. Burt has been with the Department for nine years. Prior to becoming a CSA, he held positions as a Senior Watch Officer for CISA’s National Cyber Protection System (NCPS) Network Operation Center (NOC), as well as serving as a Network and Systems Administrator for the Department of Veterans Affairs. Additionally, Mr. Burt is also a retired Air Force Cyber Intelligence Officer. In this role, he provided direct support to Air Force Cyber Protection Teams tasked with defending key Air Force assets and resources against cyber threats.

Cybersecurity Advisor, CISA
headshot of Scott Davis, CISO, CBP
Scott Davis
CISO, CBP

Felipe Fernandez is the Director of Systems Engineering at Fortinet Federal, a U.S. next-generation cyber security solution vendor that provides real-time threat detection and prevention. In addition to his role as a team manager, Felipe also oversees the US Federal product strategy and certification process at Fortinet Federal, such as the DoDIN APL and NSACSfC. Felipe has more than 21 years of experience in consulting, deploying, operating, and auditing security solutions in DoD and the private sector.

Sr. Director, Systems Engineering, Fortinet Federal
headshot of Joe Foster, Cloud Computing Program Manager, NASA
Joe Foster
Cloud Computing Program Manager, NASA

Anjana Rajan currently serves as the Assistant National Cyber Director for Technology Security at The White House. A renowned cryptographer, technology executive, and entrepreneur, Rajan has spent her career working at the nexus of national security and human rights. Prior to joining the White House, she was the first Chief Technology Officer of Polaris, the largest anti-human trafficking NGO in the United States. In this role, she architected Polaris’s web3 & human rights vision and built a proactive security strategy to defend the organization against foreign malign influence operations and violent extremist threats. 

Previously, Anjana was a Tech Policy Fellow at the Aspen Institute, was a former Y Combinator founder, led open-source development of advanced cryptographic libraries, and worked at Palantir Technologies. She was a Knight Scholar at Cornell University’s Engineering School and received her bachelor’s and master’s degrees in Operations Research Engineering. 

Assistant National Cyber Director for Technology Security, The White House

Ken Rogers is a member of the Senior Executive Service (SES) and provides executive leadership for IT strategic planning, policy, portfolio and performance management, and budget formulation and execution including the use of various working capital funds associated with the Department’s $2.97B global IT portfolio. This IT portfolio supports a 76K person workforce operating in over 300 locations around the world. 

Mr. Roger’s public sector career included serving as the State Department Chair at the Department of Defense, National Defense University, College of Information & Cyberspace. He also served as the Chief Information Officer at the Department of Homeland Security’s Science & Technology Directorate and has held leadership positions as the Chief Architect and Strategist at the U.S. Department of Commerce and the Export Import Bank.  

His private sector experience includes financial management, government relations, and information systems management in the banking and aerospace industries, and as an international economic and management consultant supporting USAID. 

Office Director, Strategy, Planning and Budget, Department of State
headshot of Korie Seville, Technical Director, Hosting and Compute Center, DISA
Korie Seville
Technical Director, Hosting and Compute Center, DISA
headshot of Rob Wood, CISO, CMS
Rob Wood
CISO, CMS
* pending confirmation

Agenda

 
-

Breakfast and Networking

-

Welcome Remarks

  • Amy Kluber, Editor-in-Chief, GovCIO Media & Research
-

Fireside Chat: A Cyber-Aware Culture

Proper cybersecurity training goes a long way in preventing breaches. Fostering the idea of cybersecurity as a “team sport” involving constant vigilance from all team members can be a big mindset shift for some organizations, but federal cyber leaders are working hard to educate, train and prepare employees for potential cyber incidents. 

-

Panel: Reducing Technical Debt for Stronger Cyber Defenses with Zero Trust

Aging IT infrastructure presents numerous cybersecurity risks to federal agencies and also prohibits them from deploying effective security strategies. Hear from defense, health and civilian cyber leaders about how they’re addressing technical debt by balancing targeted IT modernization with popular security approaches such as zero trust to secure data in declining systems. 

  • Aaron Bishop, Chief Information Security Officer, Department of the Air Force
  • Jason Burt, Cybersecurity Advisor, CISA
  • Rob Wood, CISO, CMS
  • Felipe Fernandez, Sr. Director, Systems Engineering, Fortinet Federal
-

Panel: The Threat of Shadow IT 

Poor user experience in cybersecurity leads to workarounds, weakened security controls and shadow IT (i.e., the use of IT services without departmental approval and without checking the proper security boxes, such as multi-factor authentication). Shadow IT opens up a broader attack surface to malicious cyber actors. In fast-paced work environments, federal employees need the right data at the right time to do their jobs without cybersecurity impeding the mission. This panel will explore the ways federal cyber leaders are working to improve the user experience with cybersecurity and reduce the threat of shadow IT. 

  • Korie Seville, Technical Director, Hosting and Compute Center, DISA
  • Kenneth D. Rogers, Office Director, Strategy, Planning and Budget, Department of State
  • Scott Davis, CISO, CBP
-

Coffee Break

-

Panel: Addressing Hybrid Cloud Security Risks 

More federal agencies are exploring hybrid cloud solutions to meet mission-specific needs. Balancing on-premise data centers and IT systems with commercial, software-defined cloud solutions can present tricky cybersecurity challenges and unique security risks. This panel will discuss how to balance cybersecurity responsibilities with vendors and cloud strategies such as environment-as-code and zero trust for mitigating hybrid cloud vulnerabilities effectively.

  • Stacy Bostjanick, Chief Defense Industrial Base Cybersecurity, OCIO, DOD
  • Joe Foster, Cloud Computing Program Manager, NASA
-

Fireside Chat: Evolving Cyber Priorities

The threat landscape is constantly changing along with the fast pace of technology, and federal agencies need to be primed and ready to respond to all threats, including those from within. The ongoing federal zero trust approach is one component to getting there.

  • Anjana Rajan, Assistant National Cyber Director for Technology Security, The White House

-

Awards Presentation

-

Closing Remarks

  • Amy Kluber, Editor-in-Chief, GovCIO Media & Research

Gold Sponsors

 
Fortinet Federal Logo
 
Red Hat logo
 
 

Green Room Sponsors

 
Presidio Federal Federal Logo
 
Paloalto Logo
 
ImmixGroup Logo