CISQ IT Risk Management and Cybersecurity Summit

CISQ IT Risk Management & Cybersecurity Summit

CISQ IT Risk Management & Cybersecurity Summit 2015

Join us for the next CISQ Seminar at the OMG Technical Meeting on Tuesday, March 24, 2015 at the Hyatt Regency Hotel (1800 Presidents Street) in Reston, VA USA.

The CISQ IT Risk Management and Cybersecurity Summit will address issues impacting software quality in the Federal sector: Managing Risk in IT Acquisition, Targeting Security Weakness, Complying with Legislative Mandates, Using CISQ Standards to Measure Software Quality, and Agency Implementation Best Practices. The Summit will feature CISQ Director, Dr. Bill Curtis, and other national experts to share experiences and lessons learned.

This one day leadership forum will provide both IT practitioners and leaders insights into industry standards and case studies needed to mitigate vulnerabilities and risk from both a development and acquisition management perspective. Congress and the White House have voiced extreme interest and mandated action for software quality measures – Executive Order 13636, NDAA Sec. 933, FITARA, SEC Regulation SCI – and with credit given to CISQ, SEI, OMG, and MITRE, software quality metrics are ready now.

Joining CISQ in 2015: U.S. Department of Defense, U.S. Department of Homeland Security, Defense Intelligence Agency, Defense Information Systems Agency, General Services Administration, Internal Revenue Service, U.S. Army, U.S. Airforce, Lockheed Martin, MITRE, NIST, SEI, Booz Allen Hamilton, Northrop Grumman, Deloitte, and others.

This seminar is intended for IT executives, application managers, software measurement and improvement specialists, quality assurance professionals, and others interested in using automated software measures.

The event is held at the Hyatt Regency Hotel in Reston, VA.

PRESENTATIONS NOW AVAILABLE FOR DOWNLOAD! VISIT THE MEMBERS AREA OF THE CISQ WEBSITE UNDER “EVENT & SEMINAR PRESENTATIONS.” You must be a registered member of the Consortium for Information & Software Quality (CISQ) to access the Members Area. Membership is free. Sign up here.


Time Session

  8:00 – 9:00 am


9:00 – 9:15 am

Welcome from CISQ

Dr. Bill Curtis, Executive Director, Consortium for Information & Software Quality (CISQ)

CISQ Director, Dr. Bill Curtis, will give a brief introduction to the IT Risk Management & Cybersecurity Summit and introduce topics to be covered

9:15 – 10:15 am

Keynote: Lessons from Cyber Security Assessments in DOD

Dr. J. Michael Gilmore, Director of Operational Test and Evaluation (OT&E), Office of the Secretary of Defense, U.S. Department of Defense

Unclassified results of cyber security assessments conducted during major exercises and development of major acquisition programs indicate people and processes are equally as important as software code to achieving cyber security in weapons systems and business systems

10:15 – 10:30 am

Refreshment Break

10:30 – 11:00 am

Using CISQ Metrics to Automate Software Measurement

Dr. Bill Curtis, Executive Director, Consortium for Information & Software Quality (CISQ)

Review of CISQ quality measures to control the quality, cost, and risk of software that is provided internally or by third parties

11:00 am – 12:00 pm

Panel: Agency, Department, and Legislative Policies Impacting Software Risk

Lead: John Weiler, Vice Chair, IT-AAC

Panelists: Joe Jarzombek, Director, Software & Supply Chain Assurance, Department of Homeland Security; Bob Dix, VP Policy for Juniper, Former Staff Director, House Oversight Committee; Richard Beutel, Senior Advisor and Counsel for Acquisition Policy, House Oversight and Government Reform Committee; Julie Chua, Lead Information Security Specialist, Department of Health and Human Services, ONC

Discussion of strategic Federal initiatives to increase the resilience, reliability, and security of Software Intensive systems while supporting legislative mandates coming from Congress, the White House, and internal DOD & Civ Department level policies – Executive Order 13636, FITARA, NDAA Sec.933, SEC Regulation SCI

12:00 – 1:00 pm


1:00 – 2:00 pm Keynote: IT Risk Management
 John Hickey, CIO and Risk Management Executive, DISA

2:00 – 2:45 pm

Latest Advances in Cybersecurity and the NEW CISQ Security Standard

Robert Martin, Director, Common Weakness Enumeration Repository, MITRE Corp.; Carol Woody, Senior Technical Staff, Software Engineering Institute (SEI) at Carnegie Mellon University

How to leverage the CISQ security standard that draws from the Common Weakness Enumeration (CWE) repository of top security weaknesses 

2:45 – 3:00 pm


3:00 – 3:45 pm

Business Case & ROI

John Keane, The Software Angel of Death

Discussion of current laws regarding software assurance and its relationship to cybersecurity; the difference between price, cost and value; and how to manage IT risk as a means of obtaining value

3:45 – 4:30 pm

IT-AAC Leadership Panel: Acquisition Language and Metrics

Lead: John Weiler, Vice Chair, IT-AAC

Panelists: Don Johnson, Associate Director, Cyber Acquisition, Office of the Secretary of Defense; Don Davidson, ICT-SCRM Specialist for the GTF, Office of the Secretary of Defense; Honorable John G. Grimes, former Assistant Secretary of Defense for Networks and Information Integration (ASD NII) and Department of Defense Chief Information Officer (DoD CIO); Dr. Pres Winter, Former CTO, NSA; Greg Capella, Deputy Executive Director, DHS

Discussion about contract language and quality thresholds to manage IT acquisition and service level agreements

4:30 – 5:30 pm

CISQ Close + Cocktail Reception


Thank you CISQ Partner

Information Technology Acquisition Advisory Council (IT-AAC)


The Information Technology Acquisition Advisory Council (IT-AAC) is a public/private partnership of concerned citizens, public interest groups, private sector sponsors and government partners working together to serve as a catalyst for positive change and evolution in the Information Technology Acquisition System to meet the demands of the 21st century. IT-AAC’s mission is to provide the Obama-Biden Administration and National IT Leadership with a trusted collaborative structure and a 500 Day Transformation roadmap for Streamlining the IT Acquisition Process, assuring critical mission elements that are highly dependent on IT (Info Sharing, Cyber-Security, E-Health, E-Gov, E-Biz, and Green IT).