Potomac Forum The Forum of Choice for Government & Industry Training Since 1982

The Forum of Choice for Government & Industry Training Since 1982

Happy Holidays!

 

Thank you for your continued support of Potomac Forum Educational Events.

During this holiday season, we reflect on the great work of government employees and their industry partners and the difference they make for our wonderful Country. 

 

THANK YOU!

 

We send our best holiday wishes and a very Happy New Year to all!

 

 

Cybersecurity in Government: Policies, Regulations, Guidance and Trends for New and Experienced Executives, Managers and Staff Training Workshop

Whether the student is new to cybersecurity or an experienced certified professional, this workshop will provide an understanding or a refresher of the cybersecurity landscape as it exists now and what staff should prepare for in the future.

Keynote Presentation:
 

Dr. Ron Ross

NIST FELLOW

Leader, FISMA Implementation Team 

National Institute of Standards and Technology (NIST)

Leader, Joint Transformation Initiatives Interagency Working Group 

Author of the NIST Risk Management Framework, SP800-53 Rev 4 and numerous other publications

 

Speakers: 

 

Martin Stanley    
Senior Technical Advisor 

Office of the Chief Technology Officer 

Cyber and Infrastructure Security Agency (DHS/CISA)

 

Paul Morris

Chief Information Security Officer

Executive Director, Information Assurance & Cybersecurity Division 

Office of Information Technology

Transportation Security Administration
 

Jeffrey L. Harris, II

Chief Information Security Officer (Acting)

Information Security Division
Office of the Chief Information Officer
U.S. Small Business Administration 

 

Mark Riddle
Principal for CUI Program Oversight

Information Security Oversight Office 

National Archives and Records Administration 
 

Veronica Cuello

Vice President

Cyber Solutions, eGlobalTech

 

Akil Crawford 

Director

Cyber Solutions, eGlobalTech

 

Elizabeth Voeller 

Director, Cyber Solutions, eGlobalTech

Meeting Location: 
Willard InterContinental Hotel

Willard Intercontinental Hotel
1401 Pennsylvania Avenue N.W.
Washington 20004
United States

Metro Center (Red, Orange, Blue Lines). Use the exit marked “12th & F Sts” to exit onto F St., then continue straight two blocks and cross 14th St.

Overview: 

The purpose of this workshop is to provide a better understanding of current Federal cybersecurity policies, regulations and trends as well as provide best practices for implementation. It is also important to understand and prepare for future trends in Cybersecurity Management. Federal guidance on IT security tends to change due to advances in cybersecurity tools and technology, new administration priorities, evolving cyber threats to our national security, and other influencers. It can be overwhelming and hard to keep up with. This workshop will provide participants with the most up to date information so they can get ahead with activities that promote immediate cyber resilience. 

 

Hear from government officials and industry experts tasked with implementing robust security and risk management strategies. Listen to a mix of different government panelists presenting practical information from both a security and risk management prospective, led by an experienced moderator that will discuss lessons learned on key issues Federal organizations are facing and the risks that are being seen today throughout the government.  Learn about current NIST Standards and Guidelines from NIST Leader and what agencies should be prepared for in the future.

 

This workshop offers consolidated IT security fundamentals condensed into a 1-day program focused on the application of practical knowledge. It will provide participants with recommendations for small changes that, when implemented correctly, can improve cybersecurity scores and make reporting less painful. The goal of this workshop is to provide participants with some quick win strategies to make simple adjustments now in order to see improvements in the near term.  Resource materials and references will also be provided.

 

Whether the student is new to cybersecurity or an experienced certified professional, this workshop will provide an understanding or a refresher of the cybersecurity landscape as it exists now and what staff should prepare for in the future.

What You Will Learn: 

  • For managers new to cybersecurity, receive a foundational overview of the most current Federal policies and regulations and where to start
  • For experienced cybersecurity managers, receive a refresher and some new ways to prioritize and get quick wins when implementing the current regulations
  • Learn how small changes to cybersecurity governance and management can improve scores
  • Learn about current and future NIST Guidelines and Standards Requirements for All Federal Agencies

 

Why You Should Attend: 

  • Gain insight into new Federal cybersecurity regulations including FITARA, OMB, and Executive Orders on cybersecurity
  • Receive a refresher on implementing the NIST Risk Management Framework (RMF) and Cybersecurity Framework (CSF) in your organization
  • Obtain practical knowledge in implementing Federal requirements and regulations
  • Learn real world best practices that enable proactive risk management in resource-constrained environments
  • Learn how risk management and cybersecurity are essential for regulatory compliance
  • Discuss cybersecurity challenges with Federal, State and Local Governments colleagues

 

Who Should Attend: 

  • CISOs and Staff
  • CIOs and Staff
  • IT security and risk management practitioners
  • Program Managers responsible for risk management
  • Government Employees who want to better understand cybersecurity in their organization
  • Industry and Contractors who support cybersecurity programs for the government
  • All government and industry members who need to better understand Federal cybersecurity polices, regulations, and best practices 

 

Format: 

Instructor Presentations, Classroom Discussions, Panel Discussion, and Guest Speakers

Agenda: 

7:30 AM

Registration and Continental Breakfast

8:30

Welcome
Art Chantker, President, Potomac Forum

8:45

Keynote: 
What is Important: The Current and Future Cybersecurity Landscape
 

Dr. Ron Ross
NIST Fellow and Author of the NIST Risk Management Framework and numerous NIST Publications

10:00

Refreshment Break

10:15

Overview of the Cybersecurity Policy Landscape

·         OMB

·         NIST

·         DHS

·         Executive Orders (EOs) and Presidential Policy

               Directives (PPDs)

Ms. Veronica Cuello, Vice President, Cyber Solutions, eGlobalTech

10:45

Let’s Talk FISMA

·         Lessons Learned

·         New Initiatives

·         What Has Changed

Ms. Veronica Cuello, Vice President, Cyber Solutions, eGlobalTech

11:30

Integrating Security in the Mission -  an Enabler not an Inhibitor

·         Discussion on Cyber Hygiene

·         Simple Things to Improve Scores

·         Meeting Compliance Objectives thru FedRAMP – Current Thinking

Mr. Akil Crawford, Director, Cyber Solutions, eGlobalTech

12:15 PM

Hosted Working Luncheon
(Students will be presented with a discussion topic during lunch and a designated leader will report out after lunch)

1:15

Government Panel Discussion 

Lessons Learned Implementing Cybersecurity Mandates
 

Moderator: Ms. Elizabeth Voeller, Director, Cyber Solutions, eGlobalTech
 

- Martin Stanley, Senior Technical Advisor, Office of the Chief Technology Officer, Cyber and Infrastructure Security Agency (DHS/CISA) (Awaiting agency approval)

 

-Mark Riddle, Principal for CUI Program Oversight, Information Security Oversight Office, NARA*

 

-Paul Morris, Chief Information Security Officer, Executive Director, Information Assurance & Cybersecurity Division, Office of Information Technology, Transportation Security Administration*

 

-Jeffrey L. Harris, II, Chief Information Security Officer (Acting), Information Security Division, Office of the Chief Information Officer, U.S. Small Business Administration* 

 

 

(*invited)

2:30

Refreshment Break

2:45

Cybersecurity Best Practices – Part I

·         High Level Road Map to IT Security Transformation

·         Concept of Compliance through Secure Operations

·         Case Study – Lessons Learned

Mr. Akil Crawford, Director, Cyber Solutions, eGlobalTech

3:45

Group Discussion on Current Trends

- AI in Cybersecurity

- Cloud Security

- Privacy

- Q&A

4:15

Cybersecurity Best Practices – Part II

·         Reducing Insider Threat at your Organization

·         If You Do Just One, Small Thing, Do This!

·         Importance of Cybersecurity Awareness – What you need to do and Why

Ms. Elizabeth Voeller, Director, Cyber Solutions, eGlobalTech

4:50

Wrap-up and Q&A

5:00

Workshop Adjourns/ Post Workshop Discussions with Instructors on Specific Individual Topics

 

Registration Information: 

 

 

 

Registration Information:

 

 

 

Early Bird Registration Fee

 

 

 

Registering after Nov 1.

Government Employees:
(Federal, State or Local Government Issued ID)
 $795 
Special Reduced Rates in Support of Government Budget Reductions
$895
Team Rate for Government: Send a government team to learn together. Register two government employees from the same office at the same time and the third person registers at at $200 reduction in fee
Industry and Contractors:
(Including contractors on-site and in direct support of government agencies).
$895
 
$995

Registration Includes: Presentations, Workshop Notebook, Continental Breakfast, All Day Refreshments and Hosted Luncheon

Keynote Speaker: 

Dr. Ron Ross

NIST FELLOW

Leader, FISMA Implementation Team

National Institute of Standards and Technology (NIST)

Leader, Joint Transformation Initiatives Interagency Working Group
Author of SP800-53 Rev 4

 

Ron Ross is a Fellow at the National Institute of Standards and Technology (NIST). His current areas of specialization include information security and risk management. Dr. Ross leads the Federal Information Security Management Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical information infrastructure. His recent publications include Federal Information Processing Standards (FIPS) Publication 199 (security categorization standard), FIPS Publication 200 (security requirements standard), NIST Special Publication (SP) 800-53 (security controls guideline), NIST SP 800-53A (security assessment guideline), NIST SP 800-37 (security authorization guideline), NIST SP 800-39 (risk management guideline), and NIST SP 800-30 (risk assessment guideline). Dr. Ross is the principal architect of the Risk Management Framework and multi-tiered approach that provides a disciplined and structured methodology for integrating the suite of FISMA standards and guidelines into a comprehensive enterprise-wide information security program. Dr. Ross also leads the Joint Task Force Transformation Initiative, a partnership with NIST, the Department of Defense, the Intelligence Community, the Office of the Director National Intelligence, and the Committee on National Security Systems to develop a unified information security framework for the federal government.

In addition to his responsibilities at NIST, Dr. Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. A graduate of the United States Military Academy at West Point, Dr. Ross served in a variety of leadership and technical positions during his over twenty-year career in the United States Army.

While assigned to the National Security Agency, he received the Scientific Achievement Award for his work on an inter-agency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. Dr. Ross is a three-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government and is a recipient of the Department of Commerce Gold and Silver Medal Awards. Dr. Ross has been inducted into the Information Systems Security Association (ISSA) Hall of Fame and given its highest honor of ISSA Distinguished Fellow.

Dr. Ross has also received several private sector cyber security awards and recognition including the Vanguard Chairman’s Award, the Symantec Cyber 7 Award, InformationWeek’s Government CIO 50 Award, Best of GTRA Award, and the ISACA National Capital Area Conyers Award. During his military career, Dr. Ross served as a White House aide and as a senior technical advisor to the Department of the Army. Dr. Ross is a graduate of the Defense Systems Management College and holds Masters and Ph.D. degrees in Computer Science from the U.S. Naval Postgraduate School specializing in artificial intelligence and robotics.

Instructors: 

Martin Stanley

Senior Technical Advisor 

Office of the Chief Technology Officer 

Cyber and Infrastructure Security Agency (DHS/CISA)

Martin Stanley leads cybersecurity design and engineering support for civilian federal agencies under FISMA.  While at DHS, Stanley has led the development of the High Value Asset (HVA) Program which identifies and manages protection of the federal civilian agencies most critical systems.  Stanley previously led the Information Security Program at the Food and Drug Administration where he oversaw world-wide enterprise information security for 300+ applications and 2 modern data centers serving 17000+ employees and contractors.  Prior to his federal service Stanley held executive leadership positions at Vonage and UUNET Technologies.

Veronica Cuello

Vice President, Information Assurance & Cybersecurity

eGlobalTech

Veronica Cuello is the vice president of information assurance and cybersecurity (IA&C) for eGlobalTech (eGT), a leading technology and cybersecurity consulting firm in the federal government sector. In this role, she is responsible for leading the entire IA&C practice - comprised of more than one hundred professionals - as well as expanding eGT’s cybersecurity arm into new markets. She has more than 17 years of experience in providing consulting and advisory services for federal government contracts within the information assurance field, as well as experience with the Federal Information Security Management Act (FISMA), cyber risk management and cryptography.

Prior to eGT, she was a senior associate at Booz Allen Hamilton and served as director of cybersecurity at Visual Soft, Inc. Cuello received her Bachelor of Arts degree from Vassar College and her Master of Science in technology management from the George Mason University School of Management. She currently holds various professional accreditations, including Project Management Professional (PMP), Certificate in Federal Executive Competencies, Certified Information Systems Security Professional (CISSP), International Information Systems Security Certification Consortium (ISC2), INFOSEC Assessment Methodology (IAM), Global Information Assurance Certification (GIAC), Security Essentials Certification (GSEC), Certified RSA Advanced PKI Engineer, A+/Network+ Certification and Computing Technology Industry Association (CompTIA).

Akil Crawford

Akil Crawford is a Cyber Solutions Director at eGlobalTech, a management consulting and cybersecurity firm headquartered in Arlington, VA. Akil is responsible for the delivery of cyber services to the firm’s federal clients. He also leads the development of new capabilities and supports business development and capture efforts. Prior to joining eGlobalTech, Akil served as the Director of Data Security at Function1, a systems integrator, and Splunk’s first services partner. At Function1, Akil helped commercial customers to turn COTS products into complete cybersecurity solutions. In this role, Akil provided support to some of US’ largest credit card lenders, and one of the largest hedge funds in the world. In addition to this experience, Akil has supported several federal and state government clients in security operations and security compliance efforts. His technical background as a software engineer and product specialist have been invaluable to him as a security practitioner. Akil believes that security should be positioned as an enabler to an organization’s mission, rather than as an obstacle that must be overcome in order to serve the mission.

Mark Riddle

Principal for CUI Program Oversight

Information Security Oversight Office

National Archives and Records Administration

Mark Riddle is the Principal for CUI Program Oversight for the Information Security Oversight Office (ISOO) at the National Archives and Records Administration. He serves as Lead for implementation and oversight activities for the Controlled Unclassified Information (CUI) Program.

Since joining ISOO in 2013, Mr. Riddle has developed a protocol for assessing existing Executive branch agency programs that prescribe protections for sensitive information and established inspection criteria for evaluating implementation and ongoing operational efforts related to the CUI program.

He co-authored the National Institute for Standards and Technology Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (June 2015). This publication recommends standards for protecting CUI in nonfederal electronic environments that may be prescribed in agreements between federal and nonfederal partners.

Throughout his career, Mr. Riddle has developed inspection and investigative criteria in support of numerous government programs to include Classified National Security Information, Personnel Security, Physical, and Sensitive but Unclassified Information Programs. Mr. Riddle has also served as a lead investigator and conducted formal and informal inquiries into incidents that involved classified and sensitive information and has also directed mitigation efforts for large scale information security incidents.

Mr. Riddle consults with Executive branch departments and agencies, and with industry and other nonfederal organizations on the structure and implementation of the CUI program, and its impact on the protection of sensitive information within these entities.

Jeffrey L. Harris II

Chief Information Security Officer (Acting)

Information Security Division
Office of the Chief Information Officer
U.S. Small Business Administration 

 

Jeff Harris serves as the Chief Information Security Officer (Acting), for the United States Small Business Administration (SBA), where he provides executive leadership and oversight of daily operations related to enterprise-wide cybersecurity operations across the SBA. In doing so, Mr. Harris is responsible for the strategic direction of the SBA Security Operations Center (SOC) and cybersecurity architecture and engineering initiatives that securely and efficiently enable the SBA mission. Mr. Harris is also leading the development and implementation of the Integrated Cyber Center (ICC), which combines partners together under the same roof to better ssynchronize, coordinate and de-conflict NetOps and SecOps activities as well as the SBA Cybersecurity as a Service (CSaaS), which is an enterprise strategy to provide centralized management and delivery of key cybersecurity functions with 24/7 visibility of agency security posture. Prior to joining the SBA, Mr. Harris served as the Chief Information Security Officer and Designated Authorizing Official for the United States Navy Intelligence Community. There he was responsible for establishing, maintaining and enhancing the Navy Intelligence (NAVINTEL) information security program as well as advising senior officials on the implementation of the agency’s risk management approach and providing executive governance and oversight in the areas of policy, risk assessment/authorization, cyber incident management, regulatory compliance and portfolio management of the program’s cyber security initiatives. He also served as the founder and director of the NAVINTEL Cybersecurity Coordination Center (NIC3), the communities Computer Network Defense Service Provider (CNDSP). As an IT and cyber security professional since 2002, he has completed assignments of increasing complexity in an extensive range of domestic and international organizations. These have included serving as the Chief, Defensive Cyber Operations (DCO) and for the Office of Naval Intelligence – Hopper Information Service Center, Deputy Director, IT Applications for the Department of Homeland Security Science and Technology Directorate (DHS S&T) and Assistant CIO for Information Assurance at the Office of Naval Intelligence. Mr. Harris graduated from Barry University with a Bachelor of Science in Information Technology with a specialization in Network Engineering. He holds several certifications including the Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) and Information Technology Infrastructure Library (ITIL). He is a proud veteran of the United States Army.

Elizabeth Voeller, PMP, ABCP

Incident Response, Emergency Management, Cyber Risk Management/Security Consultant

Director of Operations of the Mid Atlantic Disaster Recovery Association (MADRA)

Director,  eGlobalTech (eGT)

 

Elizabeth Voeller is a Director at eGlobalTech where she provides consulting support on cyber risk management, incident response, emergency management, and strategic communications to the Chief Information Security Officer (CISO) at the Department of Health and Human Services (HHS) Office of Information Security. Prior to that, Ms. Voeller spent 8 years at Booz Allen Hamilton as a Lead Associate supporting Federal business continuity/COOP, critical infrastructure analysis, strategic planning and communications, and emergency management programs. She has facilitated national level exercises and senior leadership meetings for the Department of Homeland Security (DHS), written Congressional briefings for the Federal Emergency Management Agency (FEMA), drafted and rolled out national-level plans for DHS, and developed pandemic response tools and emergency communications curriculum for the Department of Defense (DoD) PACOM and USAFRICOM. She has a Masters degree in International Affairs from American University and an Bachelors degree in Political Science and English from Hamline University in Saint Paul, MN. Ms. Voeller is currently the Director of Operations of the Mid Atlantic Disaster Recovery Association (MADRA), a certified Project Management Professional (PMP), a DRII-certified Associate Business Continuity Professional (ABCP), and CompTIA Security+ Certified.

Paul Morris

Chief Information Security Officer

Executive Director, Information Assurance & Cybersecurity Division 

Office of Information Technology

Transportation Security Administration

Mr. Morris is the Chief Information Security Officer within TSA’s Office of Information Technology. He provides leadership, management and operational direction for: Federal Information Security Modernization Act (FISMA) Governance, Compliance and Policy; Cybersecurity Awareness and Operational Support; Critical Infrastructure Protection; Secure Infrastructure and Vulnerability Management; Identity, Credential and Access Management (ICAM); e-Discovery, Insider Threat Program, Forensic Operations and a 24×7 Cyber Security Operations Center.

Previously, Mr. Morris was the Chief, Computer Network Dense team whose 24/7 mission was the prevention of cyber security incidents through proactive continuous cyber threat analysis, network and computer scanning for vulnerabilities and Incident Response. Joining the TSA team in November 2013 as the Acting Director for the Classified Technology Division within the Office of Intelligence & Analysis, his team enabled mission-critical 24/7 classified information technology voice, video and data products and services in support of TSA employees at airports and field locations around the world.

Mr. Morris joined TSA from the Office of Naval Intelligence (ONI) where he served as the senior intelligence executive responsible for capturing, integrating and articulating ONI’s often complex and unique collections requirements to the Intelligence Community, the Navy Fleets and Navy staff. Prior to this assignment Mr. Morris served as the ONI Assistant Director for Maritime Architecture where he oversaw the strategic planning, enterprise architecture, data integrity and governance for all aspects of a global Maritime Intelligence, Surveillance & Reconnaissance Enterprise

Cancellation Policy: 

Confirmed registrations who cancel within 3 business days of the program will be subject to a $250 cancellation fee. Registrations cancelled after the program starts are subject to the full registration fee. Substitutions can be made at any time. In the event a particular training workshop is cancelled, the liability of Potomac Forum, Ltd is limited to refund of any prepaid registration fee.

  • © 2017-2018 Potomac Forum Ltd. All Rights Reserved
    Copyright also covers all workshop agendas and descriptions
  • 2800 Eisenhower Avenue, Suite 210, Alexandria, Virginia 22314