Join Us At

CISQ's 10th Annual Cyber Resilience Summit

Register Today! View Agenda
05 Weeks
04 Days
05 Hours
37 Minutes
59 Seconds

For the 10th Annual Cyber Resilience Summit, we will return to the Army Navy Club with a program of senior government and industry speakers and panelists focusing on cybersecurity, modernization, and flow measures for continuous delivery environments. Designed to brief Federal and State IT leaders and policymakers on standards for measuring risk and quality in software, the Summit focuses on:

  • Standards and best practices for measuring risk and quality in IT-intensive programs from productivity, software assurance, overall quality, and system/mission risk.
  • Discussions highlight proven methods and tools for incorporating standard quality metrics into the IT software development, sustainment, and acquisition processes.


DATE: October 20, 2022 from 8:30am – 3:45pm
VENUE: Army Navy Country Club, 1700 Army Navy Drive, Arlington, VA. (Parking is complimentary).
REGISTRATION: The registration fee is $250.00 and includes lunch and refreshments. Government employees, not-for-profit organizations, and universities may receive a complimentary pass by applying the code CISQG22 at registration.
CONTACT: [email protected]

Register Today

Topics covered at CISQ's 10th Annual Cyber Resilience Summit

The latest developments in cybersecurity process and technology
Lessons learned from modernization projects
Recent advances in CISQ/OMG and ISO software measurement standards
How to void pitfalls in software measurement programs
Best practices in software quality assurance
The Cyber Resilience Summit first started in 2013 and has grown into a sellout annual summit. Previous summits have been held across the globe. View previous CRS agenda's and presentations.

Keynote speakers and panelists are public and private IT executives and senior technical experts

Summit Agenda

Time Session
8:30 - 9:00 Welcome Hosts: Dr. Bill Curtis, Executive Director, CISQ; David Powner, Executive Director, Center for Data-Driven Policy, MITRE
9:00 - 9:45 Keynote Speaker Presentation
9:45 - 10:30 Adoption & the Use of Software Bill of Materials (SBOM) Panel Leaders of software efforts in industry will discuss the challenges the movement to SBOMs for all software will enable and how to leverage the opportunities it can bring. This panel will discuss:
  • What can you do with a full SBOM? What is a full SBOM?
  • How do you get the SBOM you need?
  • How to protect SBOMs and when is that needed?
  • Why will SBOMs change your organization's enterprise management tools?
Moderator: David Powner, Executive Director, Center for Data-Driven Policy, MITRE Panel: Steve Springett, Chair of CycloneDX Core Working Group, OWASP; Dr. Allan Friedman, Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency ; Tim Mackey, Principal Security Strategist, Synopsys
10:30 - 10:45 Program Break
10:45 - 11: 30 Software Supply Chain Risk Management Moderator: Joe Jarzombek, CISQ Advisor Panel: Luc Brandts, CEO, Software Improvement Group; Steve Lipner, Executive Director, SAFECode; John A. Weiler Managing Director/CIO, Interoperability Clearinghouse (ICH) Co-Founder/Chief Executive Officer, IT Acquisition Advisory Council (IT-AAC); Jon Boyens, Deputy Chief of the Computer Security Division in the Information Technology Laboratory, NIST
11:30 - 12:30 Lunch Keynote: Gardy Rosius, Acting Deputy CIO of Architecture, Engineering, Technology, & Innovation (AETI) for the U.S. Department of Energy (DOE), Office of the Chief Information Officer (CIO) [Pending Agency Approval]
12:30 - 1:15 Supply Chain Security System of Trust The trust and trustworthiness of supply chains is at the center of many of today's global security challenges. This presentation explores the details of System of Trust, a community effort to develop and validate a process for integrating evidence of the organizational, technical, and transactional trustworthiness of supply chain elements for decision makers dealing with supply chain security. Speaker: Bob Martin, Sr. Software and Supply Chain Assurance Principal Eng., MITRE
1:15 - 2:00 Trustworthy Supply Chains Leaders from industry will discuss the challenges and opportunities in addressing the need for more than trustworthy software, the hardware and services, also need to be trustworthy as they are carried through our supply chains.
  • How can we address supply chain assurance needs?
  • What are key factors to consider in gaining assurance about trustworthiness of supplies and services?
  • What standards and practices can be put into contracts to address supply chain risks to trustworthiness?
Moderator: Bob Martin, Sr. Software and Supply Chain Assurance Principal Eng., MITRE Panel: Dr.-Ing. Dietmar Rosenthal, TUV Nord Group; Mike Regan, VP, Business Performance, TIA QuEST Forum; Donald Davidson, Director, Cyber-SCRM Programs, Synopsys Invitations pending!
2:00 - 2:15 Program Break
2:15 - 3:00 Lessons Learned in Modernization Projects Senior IT leaders will discuss what works and fails in modernization efforts.
  • What range of activities are included in modernization?
  • What are key factors that lead to successful modernizations?
  • What factors predict that a modernization project is going off the rails?
  • What should have been done differently even if the project was successful?
Moderator: Dr. Bill Curtis, Executive Director, CISQ Speaker: Gundeep Ahluwalia, Chief Information Officer, U.S. Department of Labor
3:00 - 3:45 Measures for Improving Modern Software Environments Measurement experts will discuss the strengths and weaknesses of applying flow measures from lean environments such as cycle time, throughput, and efficiency for evaluating and improving iterative and continuous software environments, especially those implementing a version of DevOps.
  • What are the challenges in applying flow measures to iterative and continuous delivery environments?
  • How can defect measures (containment, escapes, life spans, MTTR, etc,) be integrated with flow measures?
  • Are DORA measures enough, and if not what else is needed?
  • How should flow measures be integrated into and derived from DevOps tool chains?
  • What is the best way to analyze and interpret flow measures?
Moderator: Dr. Bill Curtis, Executive Director, CISQ Speakers: Richard Knaster, Principal Consultant, Agile Big Picture; Paul Janusz, Senior Software Quality Engineer, US Army Development Command
3:45 Closing Hosts: Dr. Bill Curtis, Executive Director, CISQ; David Powner, Executive Director, Center for Data-Driven Policy, MITRE


Founders & Sponsors

OMG SEI 7N CAST CGI ISHPI Northrop Grumman Software Improvement Group Synopsys



Become a Sponsor

The Consortium for Information & Software Quality™ (CISQ™), managed by OMG®, offers this event sponsorship opportunity which includes these benefits and branding as a sponsor of the CISQ 10th Annual Cyber Resilience Summit.

Learn More
$5,000 Event Sponsorship Includes:
  • 5 conference registrations
  • Your company featured on the event website & registration as the event sponsor
  • Company logo on the event program guide
  • 5-minute welcome remarks at lunch ahead of keynote speaker
  • Breakfast sponsor (1)
  • Lunch sponsor (1)
  • Company logo placement during presentation & event
  • A brochure, flyer, or similar piece of literature distributed to attendees