Potomac Forum The Forum of Choice for Government & Industry Training Since 1982

The Forum of Choice for Government & Industry Training Since 1982

Managing and Implementing Cybersecurity in Government Training Workshop

What Government Executives, Managers, and Staff need to know about Cybersecurity in 2019 to conform with new Policies, Regulations, and Best Practices and Reduce Risk to the Organization

Tuesday, March 19, 2019

On Site Registration Will be available starting at 7:30am at the Willard. Online registration is currently closed.

Keynote Presentation:

Dr. Ron Ross


Leader, FISMA Implementation Team 

National Institute of Standards and Technology (NIST)

Leader, Joint Transformation Initiatives Interagency Working Group 

Author of the NIST Risk Management Framework, SP800-53 Rev 4 and numerous other publications


Max Everett 
Chief Information Officer 
Department of Energy 


Martin Stanley    
Senior Technical Advisor 

Office of the Chief Technology Officer 

Cyber and Infrastructure Security Agency (DHS/CISA)

Peter Gouldmann, PMP, CISSP, CISM

Enterprise Risk Officer for Cyber

U.S. Department of State


Jeffrey L. Harris II

Chief of Security Operations 
U.S. Small Business Administration



Veronica Cuello

Vice President

Cyber Solutions, eGlobalTech


Akil Crawford 


Cyber Solutions, eGlobalTech


Mark Riddle 

Principal for CUI Program Oversight 

Information Security Oversight Office

National Archives and Records Administration 

Elizabeth Voeller 

Director, Cyber Solutions, eGlobalTech

Tuesday, March 19, 2019

Meeting Location: 
Willard InterContinental Hotel

Willard Intercontinental Hotel
1401 Pennsylvania Avenue N.W.
Washington 20004
United States

Metro Center (Red, Orange, Blue Lines). Use the exit marked “12th & F Sts” to exit onto F St., then continue straight two blocks and cross 14th St.


The purpose of this workshop is to provide a better understanding of current Federal cybersecurity policies and regulations as well as provide best practices for implementation. Federal guidance on IT security tends to change due to advances in cybersecurity tools and technology, new administration priorities, evolving cyber threats to our natio13nal security, and other influencers. It can be overwhelming and hard to keep up with. This workshop will provide participants with the most up to date information so they can get ahead with activities that promote immediate cyber resilience.  


Hear from government officials and industry experts tasked with implementing robust security and risk management strategies. Listen to a mix of different government panelists presenting practical information from both a security and risk management prospective, led by an experienced moderator that will discuss lessons learned on key issues Federal organizations are facing and the risks that are being seen today throughout the government.  Learn about current NIST Standards and Guidelines from NIST Leader and what agencies should be prepared for in the future.


This workshop offers consolidated IT security fundamentals condensed into a 1-day program focused on the application of practical knowledge. It will provide participants with recommendations for small changes that, when implemented correctly, can improve cybersecurity scores and make reporting less painful. The goal of this workshop is to provide participants with some quick win strategies to make simple adjustments now in order to see improvements in the near term.  Resource materials and references will also be provided.

What You Will Learn: 

  • For managers new to cybersecurity, receive a foundational overview of the most current Federal policies and regulations and where to start
  • For experienced cybersecurity managers, receive a refresher and some new ways to prioritize and get quick wins when implementing the current regulations
  • Learn how small changes to cybersecurity governance and management can improve scores
  • Learn about current and future NIST Guidelines and Standards Requirements for All Federal Agencies
Why You Should Attend: 

  • Gain insight into new Federal cybersecurity regulations including FITARA, OMB, and Executive Orders on cybersecurity
  • Receive a refresher on implementing the NIST Risk Management Framework (RMF) and Cybersecurity Framework (CSF) in your organization
  • Obtain practical knowledge in implementing Federal requirements and regulations
  • Learn real world best practices that enable proactive risk management in resource-constrained environments
  • Learn how risk management and cybersecurity are essential for regulatory compliance
  • Discuss cybersecurity challenges with Federal, State and Local Governments colleagues
Who Should Attend: 

  • CISOs and Staff
  • CIOs and Staff
  • IT security and risk management practitioners
  • Program Managers responsible for risk management
  • Government Employees who want to better understand cybersecurity in their organization
  • Industry and Contractors who support cybersecurity programs for the government
  • All government and industry members who need to better understand Federal cybersecurity polices, regulations, and best practices 

Instructor Presentations, Classroom Discussions, Panel Discussion, and Guest Speakers


7:30 AM

Registration and Continental Breakfast


Art Chantker, President, Potomac Forum



Dr. Ron Ross
NIST Fellow and Author of the NIST Risk Management Framework and  numerous NIST Publications


Refreshment Break


Overview of the Cybersecurity Policy Landscape

·         OMB

·         NIST

·         DHS

·         Executive Orders (EOs) and Presidential Policy Directives (PPDs)

Ms. Veronica Cuello, Vice President, Cyber Solutions, eGlobalTech


Let’s Talk FISMA

·         Lessons Learned

·         New Initiatives

·         What Has Changed

Ms. Veronica Cuello, Vice President, Cyber Solutions, eGlobalTech


Integrating Security in the Mission -  an Enabler not an Inhibitor

·         Discussion on Cyber Hygiene

·         Simple Things to Improve Scores

·         Meeting Compliance Objectives thru FedRAMP – Current Thinking

Mr. Akil Crawford, Director, Cyber Solutions, eGlobalTech

12:15 PM

Hosted Working Luncheon
(Students will be presented with a discussion topic during lunch and a designated leader will report out after lunch)


Government Panel Discussion 

Lessons Learned Implementing Cybersecurity Mandates

Moderator: Ms. Elizabeth Voeller, Director, Cyber Solutions, eGlobalTech

- Martin Stanley, Senior Technical Advisor, Office of the Chief Technology Officer, Cyber and Infrastructure Security Agency (DHS/CISA)

- Mark Riddle, Principal for CUI Program Oversight, Information Security Oversight Office, NARA  
- Peter Gouldmann, Enterprise Risk Officer -Cyber, Department of State
-Jeff Harris, Chief of Security Operations, U.S. Small Business Administration




Refreshment Break


Cybersecurity Best Practices – Part I

·         High Level Road Map to IT Security Transformation

·         Concept of Compliance through Secure Operations

·         Case Study – Lessons Learned

Mr. Akil Crawford, Director, Cyber Solutions, eGlobalTech


Current Perspectives on Cybersecurity
Mr. Max Everett, Chief Information Officer, Department of Energy  


Cybersecurity Best Practices – Part II

·         Reducing Insider Threat at your Organization

·         If You Do Just One, Small Thing, Do This!

·         Importance of Cybersecurity Awareness – What you need to do and Why

Ms. Elizabeth Voeller, Director, Cyber Solutions, eGlobalTech


Wrap-up and Q&A


Workshop Adjourns/ Post Workshop Discussions with Instructors on Specific Individual Topics


Agenda Subject to Change

Registration Information: 

  Early Bird Registration Fee Registering after Feb. 28th
Government Employees:
(Federal, State or Local Government Issued ID)
Special Reduced Rates in Support of Government Budget Reductions
Team Rate for Government: Send a government team to learn together. Register two government employees from the same office at the same time and the third person registers at 50% of the current government rate.
Industry and Contractors:
(Including contractors on-site and in direct support of government agencies).

Registration Includes: Presentations, Workshop Notebook, Continental Breakfast, All Day Refreshments and Hosted Luncheon

Keynote Speaker: 

Dr. Ron Ross


Leader, FISMA Implementation Team

National Institute of Standards and Technology (NIST)

Leader, Joint Transformation Initiatives Interagency Working Group
Author of SP800-53 Rev 4


Ron Ross is a Fellow at the National Institute of Standards and Technology (NIST). His current areas of specialization include information security and risk management. Dr. Ross leads the Federal Information Security Management Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical information infrastructure. His recent publications include Federal Information Processing Standards (FIPS) Publication 199 (security categorization standard), FIPS Publication 200 (security requirements standard), NIST Special Publication (SP) 800-53 (security controls guideline), NIST SP 800-53A (security assessment guideline), NIST SP 800-37 (security authorization guideline), NIST SP 800-39 (risk management guideline), and NIST SP 800-30 (risk assessment guideline). Dr. Ross is the principal architect of the Risk Management Framework and multi-tiered approach that provides a disciplined and structured methodology for integrating the suite of FISMA standards and guidelines into a comprehensive enterprise-wide information security program. Dr. Ross also leads the Joint Task Force Transformation Initiative, a partnership with NIST, the Department of Defense, the Intelligence Community, the Office of the Director National Intelligence, and the Committee on National Security Systems to develop a unified information security framework for the federal government.

In addition to his responsibilities at NIST, Dr. Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. A graduate of the United States Military Academy at West Point, Dr. Ross served in a variety of leadership and technical positions during his over twenty-year career in the United States Army.

While assigned to the National Security Agency, he received the Scientific Achievement Award for his work on an inter-agency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. Dr. Ross is a three-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government and is a recipient of the Department of Commerce Gold and Silver Medal Awards. Dr. Ross has been inducted into the Information Systems Security Association (ISSA) Hall of Fame and given its highest honor of ISSA Distinguished Fellow.

Dr. Ross has also received several private sector cyber security awards and recognition including the Vanguard Chairman’s Award, the Symantec Cyber 7 Award, InformationWeek’s Government CIO 50 Award, Best of GTRA Award, and the ISACA National Capital Area Conyers Award. During his military career, Dr. Ross served as a White House aide and as a senior technical advisor to the Department of the Army. Dr. Ross is a graduate of the Defense Systems Management College and holds Masters and Ph.D. degrees in Computer Science from the U.S. Naval Postgraduate School specializing in artificial intelligence and robotics.


Max Everett

Chief Information Officer

Department of Energy

Max Everett was selected in July 2017 to serve as Chief Information Officer (CIO) for the Department of Energy. In this position, he oversees the Department’s information technology (IT) portfolio, serves as an advisor to the Deputy Secretary and Secretary, and leads and manages the various functions within the Office of the Chief Information Officer.
Mr. Everett has vast experience in managing and implementing information technology and cybersecurity for both public and private sector organizations.
Most recently, Mr. Everett served as Managing Director of Fortalice Solutions, leading cybersecurity risk assessments, advising clients on risk management, and developing secure infrastructure solutions.

He has previously worked as a consultant for public and private sector organizations, supporting development of network security services, cloud security policies, and cyber information sharing programs.

In 2008, Mr. Everett served as Chief Information Officer in the Office of Administration at the White House, managing the technology infrastructure for the Executive Office of the President, the technology requirements of the Presidential transition, and the Presidential records transfer to the National Archives and Records Administration (NARA). Mr. Everett has held additional technology leadership roles at the White House, the Department of Commerce, and on several National Special Security Events.

Mr. Everett received a B.A. degree from the University of Texas and a J.D. degree from the University of Houston Law Center, and is a member of the State Bar of Texas. He holds a number of professional certifications including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and Project Management Professional (PMP).

Peter Gouldmann, PMP, CISSP, CISM

Enterprise Risk Officer for Cyber

U. S. Department of State

Peter Gouldmann has extensive experience in cybersecurity with leadership roles encompassing business and organizational risk, system security management and regulatory compliance. Pete advises executive leadership on risk decisions while developing and directing the implementation of risk management strategies. Previously he directed staff responsible for IT security compliance and regulatory reporting, and managed a global, multi-agency network and support consolidation project.


Pete’s 30+ years of information technology and security experience includes positions in public, private, domestic and global organizations and the United States Air Force. In addition to industry certifications, he holds a Masters Degree in Information Management, a Bachelor of Science in Management, and is a distinguished graduate of the National Defense University’s Advanced Management Program.


Pete is an expert in, and often speaks and writes about information risk management. He has co-chaired the Committee on National Security Systems Permanent Subcommittee and the (ISC)2 Government Advisory Council. He was awarded the President’s Award for his contributions to (ISC)2. Pete is also attributed for his contributions to the National Institute of Standards and Technology SP800 series information security publications and is a past Assistant Adjunct Professor for the University of Maryland University College’s Cybersecurity Management and Policy Program.

Jeffrey L. Harris II

Chief Information Security Officer (Acting)

Information Security Division
Office of the Chief Information Officer
U.S. Small Business Administration 


Jeff Harris serves as the Chief Information Security Officer (Acting), for the United States Small Business Administration (SBA), where he provides executive leadership and oversight of daily operations related to enterprise-wide cybersecurity operations across the SBA. In doing so, Mr. Harris is responsible for the strategic direction of the SBA Security Operations Center (SOC) and cybersecurity architecture and engineering initiatives that securely and efficiently enable the SBA mission. Mr. Harris is also leading the development and implementation of the Integrated Cyber Center (ICC), which combines partners together under the same roof to better ssynchronize, coordinate and de-conflict NetOps and SecOps activities as well as the SBA Cybersecurity as a Service (CSaaS), which is an enterprise strategy to provide centralized management and delivery of key cybersecurity functions with 24/7 visibility of agency security posture. Prior to joining the SBA, Mr. Harris served as the Chief Information Security Officer and Designated Authorizing Official for the United States Navy Intelligence Community. There he was responsible for establishing, maintaining and enhancing the Navy Intelligence (NAVINTEL) information security program as well as advising senior officials on the implementation of the agency’s risk management approach and providing executive governance and oversight in the areas of policy, risk assessment/authorization, cyber incident management, regulatory compliance and portfolio management of the program’s cyber security initiatives. He also served as the founder and director of the NAVINTEL Cybersecurity Coordination Center (NIC3), the communities Computer Network Defense Service Provider (CNDSP). As an IT and cyber security professional since 2002, he has completed assignments of increasing complexity in an extensive range of domestic and international organizations. These have included serving as the Chief, Defensive Cyber Operations (DCO) and for the Office of Naval Intelligence – Hopper Information Service Center, Deputy Director, IT Applications for the Department of Homeland Security Science and Technology Directorate (DHS S&T) and Assistant CIO for Information Assurance at the Office of Naval Intelligence. Mr. Harris graduated from Barry University with a Bachelor of Science in Information Technology with a specialization in Network Engineering. He holds several certifications including the Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) and Information Technology Infrastructure Library (ITIL). He is a proud veteran of the United States Army.

Martin Stanley

Senior Technical Advisor 

Office of the Chief Technology Officer 

Cyber and Infrastructure Security Agency (DHS/CISA)

Martin Stanley leads cybersecurity design and engineering support for civilian federal agencies under FISMA.  While at DHS, Stanley has led the development of the High Value Asset (HVA) Program which identifies and manages protection of the federal civilian agencies most critical systems.  Stanley previously led the Information Security Program at the Food and Drug Administration where he oversaw world-wide enterprise information security for 300+ applications and 2 modern data centers serving 17000+ employees and contractors.  Prior to his federal service Stanley held executive leadership positions at Vonage and UUNET Technologies.

Akil Crawford

Akil Crawford is a Cyber Solutions Director at eGlobalTech, a management consulting and cybersecurity firm headquartered in Arlington, VA. Akil is responsible for the delivery of cyber services to the firm’s federal clients. He also leads the development of new capabilities and supports business development and capture efforts. Prior to joining eGlobalTech, Akil served as the Director of Data Security at Function1, a systems integrator, and Splunk’s first services partner. At Function1, Akil helped commercial customers to turn COTS products into complete cybersecurity solutions. In this role, Akil provided support to some of US’ largest credit card lenders, and one of the largest hedge funds in the world. In addition to this experience, Akil has supported several federal and state government clients in security operations and security compliance efforts. His technical background as a software engineer and product specialist have been invaluable to him as a security practitioner. Akil believes that security should be positioned as an enabler to an organization’s mission, rather than as an obstacle that must be overcome in order to serve the mission.

Veronica Cuello

Vice President, Information Assurance & Cybersecurity


Veronica Cuello is the vice president of information assurance and cybersecurity (IA&C) for eGlobalTech (eGT), a leading technology and cybersecurity consulting firm in the federal government sector. In this role, she is responsible for leading the entire IA&C practice - comprised of more than one hundred professionals - as well as expanding eGT’s cybersecurity arm into new markets. She has more than 17 years of experience in providing consulting and advisory services for federal government contracts within the information assurance field, as well as experience with the Federal Information Security Management Act (FISMA), cyber risk management and cryptography.

Prior to eGT, she was a senior associate at Booz Allen Hamilton and served as director of cybersecurity at Visual Soft, Inc. Cuello received her Bachelor of Arts degree from Vassar College and her Master of Science in technology management from the George Mason University School of Management. She currently holds various professional accreditations, including Project Management Professional (PMP), Certificate in Federal Executive Competencies, Certified Information Systems Security Professional (CISSP), International Information Systems Security Certification Consortium (ISC2), INFOSEC Assessment Methodology (IAM), Global Information Assurance Certification (GIAC), Security Essentials Certification (GSEC), Certified RSA Advanced PKI Engineer, A+/Network+ Certification and Computing Technology Industry Association (CompTIA).

Mark Riddle

Principal for CUI Program Oversight

Information Security Oversight Office

National Archives and Records Administration

Mark Riddle is the Principal for CUI Program Oversight for the Information Security Oversight Office (ISOO) at the National Archives and Records Administration. He serves as Lead for implementation and oversight activities for the Controlled Unclassified Information (CUI) Program.

Since joining ISOO in 2013, Mr. Riddle has developed a protocol for assessing existing Executive branch agency programs that prescribe protections for sensitive information and established inspection criteria for evaluating implementation and ongoing operational efforts related to the CUI program.

He co-authored the National Institute for Standards and Technology Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (June 2015). This publication recommends standards for protecting CUI in nonfederal electronic environments that may be prescribed in agreements between federal and nonfederal partners.

Throughout his career, Mr. Riddle has developed inspection and investigative criteria in support of numerous government programs to include Classified National Security Information, Personnel Security, Physical, and Sensitive but Unclassified Information Programs. Mr. Riddle has also served as a lead investigator and conducted formal and informal inquiries into incidents that involved classified and sensitive information and has also directed mitigation efforts for large scale information security incidents.

Mr. Riddle consults with Executive branch departments and agencies, and with industry and other nonfederal organizations on the structure and implementation of the CUI program, and its impact on the protection of sensitive information within these entities.

Elizabeth Voeller, PMP, ABCP

Incident Response, Emergency Management, Cyber Risk Management/Security Consultant

Director of Operations of the Mid Atlantic Disaster Recovery Association (MADRA)

Director,  eGlobalTech (eGT)


Elizabeth Voeller is a Director at eGlobalTech where she provides consulting support on cyber risk management, incident response, emergency management, and strategic communications to the Chief Information Security Officer (CISO) at the Department of Health and Human Services (HHS) Office of Information Security. Prior to that, Ms. Voeller spent 8 years at Booz Allen Hamilton as a Lead Associate supporting Federal business continuity/COOP, critical infrastructure analysis, strategic planning and communications, and emergency management programs. She has facilitated national level exercises and senior leadership meetings for the Department of Homeland Security (DHS), written Congressional briefings for the Federal Emergency Management Agency (FEMA), drafted and rolled out national-level plans for DHS, and developed pandemic response tools and emergency communications curriculum for the Department of Defense (DoD) PACOM and USAFRICOM. She has a Masters degree in International Affairs from American University and an Bachelors degree in Political Science and English from Hamline University in Saint Paul, MN. Ms. Voeller is currently the Director of Operations of the Mid Atlantic Disaster Recovery Association (MADRA), a certified Project Management Professional (PMP), a DRII-certified Associate Business Continuity Professional (ABCP), and CompTIA Security+ Certified.

Cancellation Policy: 

Confirmed registrations who cancel within 3 business days of the program will be subject to a $250 cancellation fee. Registrations cancelled after the program starts are subject to the full registration fee. Substitutions can be made at any time. In the event a particular training workshop is cancelled, the liability of Potomac Forum, Ltd is limited to refund of any prepaid registration fee.

  • © 2017-2018 Potomac Forum Ltd. All Rights Reserved
    Copyright also covers all workshop agendas and descriptions
  • 2800 Eisenhower Avenue, Suite 210, Alexandria, Virginia 22314