New IT infrastructure modernization strategies and the COVID-19 pandemic cause new security challenges for federal agencies, and require new approaches to IT infrastructure security. This event will consider new security blueprints and the mindset shifts required to boost federal IT infrastructure security.
IT infrastructure security is the national security issue we sometimes forget about, but a slump in cybersecurity posture could have devastating consequences for a federal agency and ripple effects across the nation. Trey Herr, director of Atlantic Council's Cyber Statecraft Initiative explores the case for a National Cyber Director to unite cybersecurity and IT infrastructure security efforts across the .gov landscape.
As cloud adoption surges in federal agencies, continuously verifying cloud infrastructure becomes a hassle, while cyber criminals and nation-state actors become savvier at hacking into servers and data centers. Some federal agencies are exploring DevSecOps practices to automate their ATO process. Speakers include:
The COVID-19 pandemic pushed federal agencies into new cyber territory with mass telework, accelerating the trend toward mobile infrastructure and edge computing, which in turn triggered new security challenges. In the age of bring-your-own-device (BYOD), federal leaders are managing identities and using zero trust to protect an increasingly mobile, boundaryless IT infrastructure.
From cloud infrastructure to software applications to software updates, cyber criminals and nation-state actors are increasingly targeting cloud supply chains. IT leaders discuss the steps necessary to protect agencies and industry partners from cloud supply chain vulnerabilities — including using frameworks like zero trust and standards via NIST and CMMC.
Welcome Remarks
IT Infrastructure: A National Security Issue for a National Cyber Director
IT infrastructure security is the national security issue we sometimes forget about, but a slump in cybersecurity posture could have devastating consequences for a federal agency and ripple effects across the nation. This fireside chat will explore the case for a National Cyber Director to unite cybersecurity and IT infrastructure security efforts across the .gov landscape.
Innovating the ATO Process for Cloud Security
As cloud adoption surges in federal agencies, continuously verifying cloud infrastructure becomes a hassle, while cyber criminals and nation-state actors become savvier at hacking into servers and data centers. Some federal agencies are exploring DevSecOps practices to automate their ATO process -- hear from leaders about their innovative ATO strategies for better cloud security.
Protecting a Mobile, Boundaryless IT Infrastructure
The COVID-19 pandemic pushed federal agencies into new cyber territory with mass telework, accelerating the trend toward mobile infrastructure and edge computing, which in turn triggered new security challenges. In the age of bring-your-own-device (BYOD), hear from federal agencies about how they’re managing identities and using zero trust to protect an increasingly mobile, boundaryless IT infrastructure.
Cloud Supply Chain Security
From cloud infrastructure to software applications to software updates, cyber criminals and nation-state actors are increasingly targeting cloud supply chains. Hear from IT leaders about what steps they’re taking to protect themselves from cloud supply chain vulnerabilities.
Closing Remarks
Katherine “Katie” Arrington is a member of the Senior Executive Serves and serves as the Chief Information Security Officer for Acquisition and Sustainment (CISO(A&S)) within the office of the Under Secretary of Defense for Acquisition and Sustainment (USD(A&S)). In this position, she serves as the central hub and integrator within the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) to align acquisition and sustainment cyber strategy and efforts to enhance cyber security within the Defense Industrial Base.
As the CISO(A&S), Ms. Arrington is responsible to ensure the incorporation of integrated security/cyber efforts within USD(A&S) with the purpose of providing a focused and streamlined governance approach, provide a central coordination point and common compliance standard that serves to synchronize the various existing disparate cyber security efforts and standards across the Department and Industry as it relates to Department of Defense acquisition and sustainment efforts.
Ms. Arrington is leading efforts that help ensure a secure Defense Supply Chain through the implementation of Trusted Capital vendors and Supply Chain Risk Management principles, enhance Defense Industrial Base security and resilience, and establish a common cyber security standard within Departmental acquisition efforts. She also synchronizes these efforts across the Department, other federal agencies, and works with legislators to ensure Departmental authorities and actions align and support the nation’s security goals.
Before assuming her position as CISO(A&S), Ms. Arrington has an extensive career as a legislator and senior cyber executive in private industry. Ms. Arrington was a 2018 candidate for the US House of Representatives for South Carolina and served for 2 terms as a South Carolina State Representative. She has extensive experience in cyber strategy, policy, enablement and implementation across a wide range of business sectors and governmental levels. She has over 15 years of cyber experience acquired through positions at Booz Allen Hamilton, Centuria Corporation, and Dispersive Networks. These positions have given her a unique experience of supporting and work with the government at large, small, and non-traditional contracting firms.
Ms. Arrington is married to Robert and resides in Summerville, South Carolina and is a proud parent of three children and grandparent to four grandbabies.
Rob Brown is currently the Chief Technology Officer at USCIS and former Integration Architect/Cloud Solutions Developer and EID Division Chief with USCIS. Rob has 20 years of experience providing technical, managerial and business development solutions to the IT industry. Rob has a thorough understanding of IT and business, leading to successful experiences in completing large scale IT deployments from the initial corporate IT strategy and vision to design, build and maintenance. Rob has been focusing on Domain Driven design, Event driven architecture and reactive micro services for the past 4 years. Rob has also been working to provide BizDevSecOps technical standards and governance at USCIS. He also has expertise in auditing, directing and managing corporate IT strategies for small to large sized commercial businesses. Additionally, Rob has a strong background in software development, health care, scientific research and biomedical industries. Rob holds a MS in Bioinformatics from George Mason University and a BS in Microbio/BioChem from Virginia Tech. He holds certifications from (ISC)2, ICAgile, ITIL, Fonality and Juniper. Prior to joining USCIS, Robert worked for Booz Allen Hamilton, Information Innovators, QSSI, V2 Systems, Ronin Tech Solutions, and American Red Cross
Jennifer R. Franks is a Director in GAO’s Information Technology and Cybersecurity team. She oversees engagements that primarily focus on emerging cybersecurity issues and assessing an agency’s ability to protect the confidentiality, integrity, and availability of its sensitive data and computing infrastructure. Her multi-disciplinary teams actively review agencies’ computer security vulnerabilities across their enterprise-wide computing environment by assessing program management compliance and technical controls recommended for the agencies to follow in accordance with federal guidance and leading practices.
In addition, Ms. Franks leads reviews in the areas of IT management and operations, data protection, privacy, and cybersecurity issues related to the COVID-19 pandemic. Further, at GAO, she is a certified adjunct faculty member and facilitates agency new hire, and Diversity, Equity and Inclusion (DE&I) courses. Ms. Franks earned a master’s degree from Carnegie Mellon University in information security policy and management, and a bachelor’s degree from Hampton University in computer information systems.
Sean Frazier is Federal CSO at Okta. In his role, Sean acts as the voice of the CSO for Okta's federal business. Prior to joining Okta, Sean spent more than 25 years working in technology and public sector security for companies such as Duo Security, Netscape, LoudCloud/Opsware, Proofpoint, Cisco & MobileIron. Sean has helped lead numerous projects used by the Department of Defense and Intelligence Community, including the Fortezza Crypto Card, Defense Messaging System (DMS) and many others. He also has extensive experience in identity and public key infrastructure (PKI), network, applications, mobile and IoT. Sean has testified in front of the U.S. Senate Homeland Security and Government Affairs Committee on the importance of public/private partnership in protecting the nation’s digital infrastructure. Sean also advises public/private partnership working groups including ACT-IAC, ATARC and many others.
Trey Herr, PhD, is the director of the Cyber Statecraft Initiative at the Atlantic Council. His team works on cybersecurity and geopolitics including cloud computing policy, the security of the internet, supply chain risk, cyber effects on the battlefield, and growing a more capable cybersecurity policy workforce. Previously, he was a senior security strategist with Microsoft handling cloud computing and supply chain risk. During that time, he was also a visiting fellow with the Hoover Institution at Stanford University working on international cybersecurity and risk. Trey is co-editor of Cyber Insecurity — Navigating the Perils of the Next Information Age, a 2016 volume collecting key debates in cybersecurity policy from practitioners and scholars. He was previously a postdoctoral fellow with Harvard Kennedy School where his research focused on the role of non-state actors in cybersecurity governance, the proliferation of malware, and cyber insurance. Trey has written for a variety of media outlets including Lawfare, Foreign Policy, the Council on Foreign Relations, and Slate. He previously worked with the Department of Defense to develop a risk assessment methodology for critical infrastructure and holds a PhD in Political Science from George Washington University and a BS in Musical Theatre from Northwestern University.
William Loomis is an Assistant Director with the Atlantic Council’s Cyber Statecraft Initiative, within the Scowcroft Center for Strategy and Security. In this role, he manages a wide range of projects at the nexus of geopolitics and national security with cyberspace. Prior to joining the Atlantic Council, he worked on market research and strategy at an emerging technology start-up in Madrid, Spain. Originally from New York, he holds a BA in Political Science, with a focus on International Relations and Securities Studies from Colgate University. He is also a certified bourbon steward.
Josh O’Sullivan, Ardalyst’s Chief Technology Officer (CTO), has 20 years of technical innovation and leadership experience evolving Navy mission and capabilities to support core missions. As an industry leader, he brings vast knowledge across next generation technologies in cloud and cyber defense to solve mission challenges for the Navy.
His active duty service as a Naval Officer and FFRDC expertise as a cyber research engineer and FCC/C10F Technical Advisor for MITRE Corporation directly shaped future capabilities for Navy Networks, Cyberspace Operations and Resilient Command and Control. Mr. O'Sullivan has a bachelor’s degree from Rensselaer Polytechnic Institute, a master’s degree in systems engineering from the Naval Postgraduate School, and an executive Master of Business Administration from the Robert H. Smith School at the University of Maryland.
Welcome Remarks
IT Infrastructure: A National Security Issue for a National Cyber Director
IT infrastructure security is the national security issue we sometimes forget about, but a slump in cybersecurity posture could have devastating consequences for a federal agency and ripple effects across the nation. This fireside chat will explore the case for a National Cyber Director to unite cybersecurity and IT infrastructure security efforts across the .gov landscape.
Innovating the ATO Process for Cloud Security
As cloud adoption surges in federal agencies, continuously verifying cloud infrastructure becomes a hassle, while cyber criminals and nation-state actors become savvier at hacking into servers and data centers. Some federal agencies are exploring DevSecOps practices to automate their ATO process -- hear from leaders about their innovative ATO strategies for better cloud security.
Protecting a Mobile, Boundaryless IT Infrastructure
The COVID-19 pandemic pushed federal agencies into new cyber territory with mass telework, accelerating the trend toward mobile infrastructure and edge computing, which in turn triggered new security challenges. In the age of bring-your-own-device (BYOD), hear from federal agencies about how they’re managing identities and using zero trust to protect an increasingly mobile, boundaryless IT infrastructure.
Cloud Supply Chain Security
From cloud infrastructure to software applications to software updates, cyber criminals and nation-state actors are increasingly targeting cloud supply chains. Hear from IT leaders about what steps they’re taking to protect themselves from cloud supply chain vulnerabilities.
Closing Remarks
