Workshop Description

Special Guest Speakers:
Learn about C&A from the Government-wide Leadership Perspectives

Liz Chew
Group Leader, Security Management and Asistance Group
NIST 

Tim Ruland
Chief Security Information Security Officer
U.S. Census Bureau

Patrick D. Howard
Chief Information Security Officer
Department of Housing and Urban Development

Mr. Howard provided the executive leadership to the HUD Security Organization  to receive the grade of "A+" on their recent FISMA Report Card

 

Please join your government colleagues for an educational event that will explore Certification and Accreditation from current best practices through integration into the overall Security Program. Whether you are required to certify and accredit your systems under FISMA or DITSCAP, the information you will learn can be immediately applied within your environment.

You will hear from government and industry leaders who are involved in the Certification and Accreditation process and who will share with you the lessons they have learned along the way. These interactive sessions will also review some of the emerging implications and considerations in the field of Enterprise Wide Information Security.

Hear directly from the National Institute for Standards and Technology about FISMA and the Certification and Accreditation process; where it began and where we are going. Pose your questions directly to those involved in writing the guidelines mandated by FISMA.

Special Bonus Program for C&A Workshop Attendees
ALL Workshop Attendees will be automatically registered for the
Executive Breakfast at the Willard (same location as the Workshop)
A Security Standard Desktop Configuration for Government - Meeting the Mandate
The C&A Workshop Program will integrate the Breakfast into the Program
Workshop Attendees will Receive FRONT ROW TABLES at the Executive Breakfast

What You Will Learn

• Certification & Accreditation guidance, methodology and requirements
  
• Scope of verification and validation testing, evaluations, and analysis
  
• How to develop a FISMA-compliant Security Plan
• The essential roles and responsibilities for the Certification & Accreditation life-cycle
  
• How to form teams to guide and perform Certification & Accreditation
• Risk management concepts
• The essentials of developing comprehensive security policies, standards, & procedures and other fundamentals of Enterprise Security

Who Should Attend

• CIOs, CISOs, CTOs, Deputies, Associates and Staff
  
• Compliance and Enforcement Officers
  
• Security Managers and Staff
• C&A Managers and Staff
  
• Executives, Managers, and Staff Responsible for FISMA Compliance
  
• CFO and Staff who are focusing on Certification and Accreditation Issues
  
• IGs and Auditors
  
• Program Managers Developing or Maintaining IT Systems
• IT Professionals Interesting in Improving IT Security

Workshop Format

• Presentations by professional C & A consultants
• Panel discussions led by experienced government and industry experts
  
• A hands-on workshop about developing the security plan
  

Agenda

Day One:

7:30 AM	Registration and Continental Breakfast - Willard InterContinental Hotel
8:30	Welcome Remarks Art Chantker - President, Potomac Forum, Ltd.
8:45	Keynote Address: NIST Security Guidlines and Standards - Current and Future Activities  Liz Chew - NIST
9:45	Introduction to Certification & Accreditation: How we got here
10:30	Break
10:45	Systems Security Categorization: Why it is important and how to determine it
12:15 PM	Hosted  Luncheon
1:15	C&A Phase 1: Initiation Phase / System Security Plan Exercise
1:45	C&A:  Phase 2: Certification
2:45	Break
3:00	Forgotten Aspects of FISMA: Information Technolog Contingency Planning
3:45	Security Test and Evaluation/Risk Assessment Methodologies
4:30-5:00	Wrap-up and Consulting Period Opportunity to discuss specific Agency C&A Challenges with the Instructors

Day Two:

7:30 AM	Priority Check-in at the Potomac Forum Executive Breakfast at the Willard (same venue as the C&A Workshop):  A Secure Standard Desktop Configuration  for Government - Meeting the OMB Mandate C&A Workshop Attendees will have front row tables for the event Presentations from OMB, NIST, Microsoft and Agencies
8:30	Executive Breakfast Presentations and Program - Seated Breakfast Attendees are automatically registered for the event. Note: The agenda for the C&A Workshop has been modified to accomodate the Executive Breakfast - the full technical program is presented by expanding the length of the workshop day.  All C&A items are fully covered.
11:00	Break and Reconvene for the C&A Workshop
11:15	Determing the Minimum Baseline Security Conorls and their Application within the Environment
11:30	Government Panel:  Lessons Learned and Best Practices: Government CIOs and CIOSs  Pat Howard, Chief Information Security Officer, HUD Tim Ruland, Chief Information Security Officeer, U.S. Census Bureau
12:30	Hosted Luncheon
1:30	Breakouts:  Civilian Government and DOD DoD:  DICAP and C&A - What you need to know Civilian Government:  Class Exercise and Report Out
2:15	Certification and Acreditation Tips and Best Practices
2:45	Q&As
3:00	Break
3:15	C & A Phase 3: Accreditation
3:45	C & A Phase 4: Post-Accreditation
4:30 - 5:00	Wrap-up and Consulting Period

(Agenda subject to change)

Guest Keynote Speaker:

Liz Chew
Group Leader, Security Management and Assistance Group
Computer Security Division
National Institute for Standards and Technology (NIST)   

Instructors

Potomac Forum has selected an “All Star” instructional Team who have been teaching the C&A and FISMA Fellow Training Workshops for four years and have been rated as “Excellent” by hundreds of previous Potomac Forum students:

The “All Star” instructor team includes Graydon McKee, Fishnet Security, Mike Smith, Unisys Corporation, Jon Damratoski, SecureForce, Robert Littlejohn, Aptis Corporation, and Joe Faraone. They are recognized leaders in the field having successfully assisted numerous DoD and Civilian Government Agencies in developing and implementing C&A and IT Security Programs. The previous students have rated them as “Excellent” in their course evaluations. You will too.

Joe Farone and Robert Littlejohn will be the instructors for the May 23-24 Workshop.

 

Joe Farone, Senior Information Security Architect, GCI Corporation
Joe Faraone is a Senior Information Security Architect with GCI Corporation, based in Reston, Virginia with over 20 years’ experience in Information Security.  Joe has delivered services for numerous Federal customers including Certification and Accreditation support,  Security Governance Gap Analysis and Independent Validation and Verification (IV&V).  Over his career, he has served as Lead Independent Security Engineer, Manager and Architect of a managed security center for an Intelligence Community Agency, and has performed Certification and Accreditation services for several high-assurance systems.  He has served customers including the Central Intelligence Agency; National Security Agency; other U.S. Intelligence agencies, Department of Justice, Department of Energy, Federal Trade Commission, United States Navy; United States Army; United States Marine Corps; and United States Air Force.  He has also served  customers in State and Local Government, Education, and  Law Enforcement as well as private-sector customers in the Financial Services, Entertainment, Food Services and Technology industries. Joe’s unique technical background and experience allows him to provide insights to the C&A process across multiple agencies and compliance frameworks.  This makes him equally able to converse with highly technical staff of a data center or executives in the boardroom.   He is often called upon to rapidly solve solutions issues to meet project deadlines. 

Graydon McKee - CISSP, GSEC Fishnet Security

Graydon McKee is currently the Strategic Solutions Executive for FishNet Security, Inc. He is responsible for developing complex enterprise-wide information security solutions in both the public and private sectors.

Graydon was formerly a Senior Information Security Architect with the Unisys Federal Information Security Practice, based in Reston, Virginia. Graydon preformed work on several contracts that range from Security Gap Analysis to Information Systems Security Design. He has served as the Information Systems Security Officer on a government-wide contract and has performed the full spectrum of Certification and Accreditation Services for various other contracts (DOD/Intel/Federal Civilian).

Prior to joining Unisys, Graydon worked in the private sector for a medium sized company located in the Maryland Suburbs of Washington D.C., where he was responsible for Information Assurance and Information Security Activities. His responsibilities involved implementing a security program; crafting, designing, and serving as chief author of the Information Systems Disaster Recovery Plan. This plan encompassed three geographically diverse sites located on the East Coast. Graydon initiated, designed and delivered a series of Security Awareness sessions for network users and provided security orientations for new employees.

Graydon is currently working toward his Masters of Science in Information Assurance through Norwich University. He is also the author of “Installing, Configuring, and Administering the Borderware Firewall Server and its role in Defense in Depth” (available on the Global Information Assurance Certification web site) and co-author of “The Problem with Compliance” recently published (with Joseph Faraone) by Network World. Graydon has also been published in Government Computer News as well as CSO Magazine.

These and other articles are available on his website: www.GraydonMcKee.com

Michael Smith - CISSP - Unisys Corporation

Michael Smith is an Information Security Architect with the Unisys Federal Information Security Practice based in Reston, Virginia. He has performed numerous tasks throughout the Certification and Accreditation (C&A) process for clients in the Federal Civilian and Department of Defense environments. He has designed and performed security testing and evaluation engagements against national level systems in both the Federal Civilian and Department of Defense environments.

Mr. Smith assisted with development of a DITSCAP methodology and Standard Operating Procedures for the Department of Defense's Tricare Management Activity (TMA) as well as performed many of the tasks associated with that methodology. Throughout the time Michael spent working with the TMA, he was responsible for development of documentation, performing security testing and evaluation, evaluating and conducting assessments of physical security, and the development and performance of risk assessments for remote sites throughout the continental United States.

Michael recently returned from a deployment to Afghanistan with the Virginia National Guard, where he conducted numerous combat patrols as an infantry squad leader.

Michael’s current engagement has him developing C&A documentation for numerous systems and sites throughout the Transportation Security Administration.

 

Robert E. “Bob” Littlejohn - CAP APPTIS Incorporated

Bob Littlejohn is a Senior IT Security Analyst with APPTIS Incorporated. He is currently under contract to provide Information System Security for the Transportation Security Operations Center in Herndon Virginia. 

Bob has over 15 years experience in information system security and accreditation with a variety of agencies. Initially beginning as a system security analyst with McDonnell Douglas Corporation, he has worked in information security with Johnson Controls World Services Incorporated, NCI Information Systems Inc., Unisys Corporation, and now APPTIS Inc. While with Unisys Corporation he was responsible for certification and accreditation of systems for PEOSTRI in Orlando Florida, the Air Force Weather Agency in Omaha Nebraska, US Transportation Command in southern Illinois, Sandia National Laboratory in Albuquerque New Mexico, the Air Force Flight Test Center at Edwards AFB California and assisted with development of the US Coast Guard certification and accreditation strategy for Telecommunication and Information Systems Command in Alexandria Virginia. He is familiar with the latest government standards for certification and accreditation of information systems having been involved with development of certification and accreditation doctrine. He has published and maintained Information Assurance and Information Protect Security Architecture and worked with the Joint Staff, National Command Authority and DoD Staff on issues regarding Information Security.

Bob holds an AAS – Weather Technology; BS – Management, Human Resources; MA – Computer Resource and Information Management as well as the Certification and Accreditation Professional certification. 

Bob (along with Joe Faraone) is one of the originators of certification and accreditation seminars with Potomac Forum and has been an instructor and course developer since 2003.

Special Guest Speaker

Patrick D. Howard
CISSP, CISM, Chief Information Security Officer, Department of Housing and Urban Development

Patrick has over twenty years of experience in information security. A former Military Police Officer, Patrick successfully served in military positions in law enforcement, operations, physical security, information security, and security management, retiring from the U.S. Army in 1992.

Since then he has served as an information security consultant with several government contracting firms in the Washington, D.C. area including Comsis Corp., PRC, and Troy Systems, supporting the Nuclear Regulatory Commission, US Coast Guard, Bureau of the Census, Bureau of the Public Debt, Securities and Exchange Commission, and Departments of Agriculture, Labor and Defense among others. Patrick was formerly employed as a Senior Manager for Ernst & Young (E&Y), LLC where he developed security consulting methodologies for E&Y's national IT security practice and created policies and standards for a variety of commercial clients. He has also performed consulting services for Netigy and Quinetiq Trusted Information Management, where he was charged with developing a consultant certification program, development and delivery of CISSP preparatory training, creation of corporate security consulting methodologies, and delivery of consulting services to commercial and government organizations.

Patrick has also served as an instructor for the Computer Security Institute, has written articles on security policy development, is co-author of Total CISSP Exam Prep Book, and is author of Building and Implementing a Security Certification and Accreditation Program. Most recently Patrick was employed by the Titan Corporation and was assigned full-time to the Department of Transportation Office of the Chief Information Officer, where he served as the DOT Certification and Accreditation Program Manager.

Patrick is the recipient of the prestigious 2007 FED 100 Award for his outstanding leadership in improving IT security for the government.

Patrick has a B.A. degree from the University of Oklahoma, and a M.A. from Boston University.

Registration Information

Government Employees: $1,295

(Federal, State or Local Government Issued ID)
Includes instruction, presentations, Training Workshop Notebook, and continental breakfasts, morning and afternoon refreshments, and lunch

Industry and Contractors: $1,495

(Including contractors on-site and in direct support of government agencies)
Includes instruction, presentations, Training Workshop Notebook, and continental breakfasts, morning and afternoon refreshments, and lunch

To register for this event, click below or call 703-683-1613.

Registration fees include Includes Continental Breakfast, Refreshment Breaks, Seated Luncheon, and Conference Notebook.

* Government Registrations are given First Preference!

Send a Government Team Rate: To Encourage Your Government Team to Learn Together.
Register two persons from the same government office at the same time and the third registers at 50% of the registration fee.

Money Back Guarantee for Government
At the end of the C&A Training Workshop, if you are not satisfied with the quality of instruction provided, your fee will be refunded or a credit given for another Potomac Forum, Ltd. Training Workshop (your choice). We feel confident that you will find the workshop a valuable learning experience. Previous attendees have found the workshop of great value in helping them meet their Agency C&A requirements. You will too! (This offer applies to government employees only).

Cancellation Policy

Confirmed registrations who cancel within 3 business days of the program will be subject to a $250 cancellation fee. Registrations cancelled after the program starts are subject to the full registration fee. Substitutions can be made at any time. In the event a particular training workshop is cancelled, the liability of Potomac Forum, Ltd is limited to refund of any prepaid registration fee.

Meeting Location

Willard InterContinental Hotel
1401 Pennsylvania Avenue N.W.
Washington D.C. 20004
202-628-9100

Testimonials from Previous C&A Workshops

All instructors were Top Notch!
IT Specialist, AMCOM CIO/G6 Redstone Arsenal

I loved the workshop, good information.
Telecommunications Specialist, GSA

The whole workshop was a great learning experience…
J6, Army

Presenters knowledgeable of FISMA, DIACAP, etc.
INFOO Security Specialist, Pension Benefit Guarantee Corporation

A recipe for success in C&A development! Speaks to the business manager without confusing techn-no-speak.
Public Health Analyst, CDC

Great dialogue & participant involvement. Brought a variety of issues and real life “security” challenges to a dry subject. Panelists and special presenters, as well as exercises, particularly strong.
CIO Staff, Department of Transportation

Very informative – workshop presenters and panel speakers were extremely knowledgeable on the C&A process as well as agency “best practices”.
Information Technology Specialist - IT Security Office, U.S. Census Bureau

Everything was great! Instructors were knowledgeable friendly, and professional
IT Specialist, International Boundary and Water Commission, Department of State

Informative. Good handouts can be used on the job.
Auditor, Treasury IG for Tax Administration, Department of the Treasury

The exercises and samples of documents were very helpful.
Supervisory Systems Accountant, Animal and Plant Heath Inspection Service, USDA

I’ve already sent a note to other IT people to recommend this course
Director, Budget and Resource Management, Department of Energy