Speakers

Luc Brandts

Luc Brandts, Chief Executive Officer at Software Improvement Group
Luc Brandts is Chief Executive Officer at Software Improvement Group. He joined the company in 2018 as Chief Technology Officer to help drive international growth and technological leadership. Luc has worked in the information technology industry since 1994 when he founded his company, BWise. He served as the company's Chief Technology Officer, and together with Robert Pijselman, grew it to become a recognized global market leader in the risk management and compliance space. Following the acquisition of BWise by Nasdaq, Luc assumed the role of Chief Strategy Officer for the company's risk management practice. Throughout his career, he has also held various board member and investor roles. Luc holds a Ph.D. in mechanical engineering from the University of Eindhoven.


David Powner

David Powner, Executive Director for MITRE's Center for Data-Driven Policy
Dave is the Executive Director for MITRE's Center for Data-Driven Policy. He helps to connect MITRE's deep expertise on topics like engineering, acquisition, and cybersecurity to policymakers in both the legislative and executive branches. He also enhances MITRE's strategic corporate partnership interactions and the development of new opportunities with the federal government, states, the private sector, and academia. Dave is a Fellow at the National Academy of Public Administration and a Strategic Advisor to Government Executives (SAGE), Chief Information Officer at the Partnership for Public Service.

Dave has more than 30 years of experience in both the public and private sectors. Prior to joining MITRE, he served as a Director at the U.S. Government Accountability Office (GAO) where he led numerous reviews of federal information technology that resulted in Dave testifying before Congress more than 100 times. He received Federal Computer Week's Federal 100 award in 2008, 2012, and 2017. In 2017, he was the federal government's top awardee receiving the Eagle award for his contributions to the federal information technology community. In the private sector, Dave led software development teams in the telecommunications industry.

Dave holds a bachelor's degree in business administration from the University of Denver and attended the Senior Executive Fellows Program at the John F. Kennedy School of Government at Harvard University.


Bill Curtis

Dr. Bill Curtis is CISQ's Executive Director
Dr. Curtis led the development of the Capability Maturity Model (CMM) at the Software Engineering Institute at Carnegie Mellon University. Dr. Curtis is an active participant in ISO JTC1 SC7 WG6 for Software and System Product Measures. In 2007, he was elected a Fellow of the IEEE for his career contributions to software process improvement and measurement.


Robert Martin

Robert "Bob" Martin is a Senior Principal Engineer in Cyber Security Partnerships at MITRE
He is an active contributor to the ITU-T, ETSI, OMG, Open Group, and ISO on various aspects of cybersecurity and assurance and is a Steering Committee member of the Industrial Internet Consortium. Over the past 27 years, Mr. Martin has utilized his expertise and experience in software quality and cybersecurity to help sponsors as well as to create and promote public international community initiatives such as SACM, SQAE, CVE, CAPEC, and CWE, which include large active vendor and research communities.


Joe Jarzombek

Joe Jarzombek is Director for Government and Critical Infrastructure Programs at Synopsys
For 10+ years, Mr. Jarzombek was Director for Software and Supply Chain Assurance at the U.S. Department of Homeland Security. He is an expert in software assurance and supply chain risk management.


Jon Boyens

Jon Boyens is the Deputy Chief of the Computer Security Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST)
His responsibilities include Cybersecurity Research and Development at NIST and Cybersecurity Standards and Guidelines for Federal Agency Security Programs. He also leads NIST's Cyber Supply Chain Risk Management (C-SCRM) Program, helps develop and coordinate the Department of Commerce's cybersecurity policy among the Department's bureaus, and represents the Department in the Administration's interagency cybersecurity policy process. Boyens has worked on various White House-led initiatives, including those on trusted identities, botnets, the Cybersecurity Framework and Roadmap, telecommunications supply chain, software supply chain, and government-wide implementation of the Federal Acquisition Supply Chain Security Act, serving as NIST's principal to the Federal Acquisition Security Council.

Since 2010, Boyens has conducted research to identify, evaluate and develop technologies, tools, techniques, practices, and standards needed to enable organizations to manage supply chain risk. Building on this research, he led a team to develop and issue a set of foundational, standardized, repeatable, and feasible practices to help organizations manage cyber supply chain risks to their organizations and systems. These practices were released in 2015 as NIST Special Publication 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations. Continuing this line, Boyens has since released research and findings on criticality analysis and industry key practices for Cybersecurity SCRM. He is currently in the process of updating SP 800-161, working on software supply chain aspects of EO 14028, and leading the recently announced public-private partnership, the National Initiative for Improving Cybersecurity in Supply Chains.


Steve Springett

Steve Springett is a Chair of CycloneDX Core Working Group, OWASP
Steve educates teams on the strategy and specifics of developing secure software.

He practices security at every stage of the development lifecycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive programming techniques.

Steve's passionate about helping organizations identify and reduce risk from the use of third-party and open source components. He is an open-source advocate and leads the OWASP Dependency-Track project, OWASP Software Component Verification Standard (SCVS), and is the Chair of the OWASP CycloneDX Core Working Group, a cybersecurity focused Software Bill of Materials (SBOM) Standard.


Steve Lipner

Steve Lipner, Executive Director, SAFECode

Steve Lipner is the executive director of SAFECode, an industry nonprofit focused on software security assurance. Before SAFECode, he was partner director of software security at Microsoft where he was the creator and long-time leader of the Security Development Lifecycle (SDL) and was responsible for software integrity policies and for government security evaluations. Steve also serves as the chair of the U.S. Government's Information Security and Privacy Advisory Board. Steve has more than a half century of experience in cybersecurity as a researcher, engineer, and development manager and is named as coinventor on twelve U.S. patents. He is a member of the National Academy of Engineering and the National Cybersecurity Hall of Fame. Steve's full CV is available at www.stevelipner.org.


John Weiler

John A. Weiler, Managing Director/CIO, Interoperability Clearinghouse (ICH), Co-Founder/Chief Executive Officer, IT Acquisition Advisory Council (IT-AAC)

Education: Senatorial Scholar, University of Maryland, Smith School of Business
Degrees in Information System Management and Marketing 1978

John A. Weiler is a recognized IT Management leader, with four decades of senior IT experience in commercial and defense positions. He also has guided major IT projects with nearly half of the federal agencies and been instrumental in the drafting of FITARA and several NDAA legislative directives. He has been leading champion of Federal IT/Cyber Reforms as Managing Director and CIO at the Interoperability Clearinghouse, a DoD chartered non-profit research institute, and Co-Founder of the IT Acquisition Advisory Council, a public/private "do tank" dedicated to effecting the transformation of Federal IT Management, Acquisition and Governance.  

Mr. Weiler has played a leading role in the transformation of Federal IT planning, governance and acquisition, supporting leaders within the White House, Congress, Department of Homeland Security, USAF and Secretary of Defense. Mr. Weiler is the co-author of a leading Agile Acquisition Maturity Model (AAM), established a virtual Solution Architecture Innovation Lab (SAIL) and helped congress draft key IT Reforms including FITARA, '10 NDAA Sec 804, and EO13636.  To stay abreast of emerging technologies and their applications, Mr. Weiler is actively involved in over 22 leading industry groups and international standards activities including; IT Acquisition Advisory Council, Object Management Group, NDIA, AFCEA, BENS, and American Council for Technology/Industry Advisory Council (ACT/IAC).  

Since 1995, Mr. Weiler dedicated himself to advancing core IT Reforms contained in Clinger Cohen Act, FITARA and Defense IT Acquisition Reforms.  Since 2008 when he and Honorable Mike Wynne launched the IT-AAC, he has garnered the support of leading Defense Experts and world renown Silicon Valley leaders to help advance long sought IT/Cyber Acquisition and Management Reforms.  It is this cause he is passionate about and hoping to make a difference inside the Pentagon.

Mr. Weiler will present the findings of the IT-AAC's 8 year investigation into challenges and emerging standards of practice associated with Defense IT Acquisition Management that includes;

  • Over 50 leadership orkshops with over 2,500 sr. leaders attending
  • A summary analysis of over 40 major IT Reform Studies and Assessments prepared since 2000
  • Facilitated implementation of an Agile Acquisition Framework validated by DOD CIO, AF CIO, Navy ONI, GPO, DHS, GAO, OMB, ANSER and SEI
  • Orchestrated the development of hard hitting white papers requested by the SASC, HASC, White House, AF, and multiple industry groups
  • Forged a partnership with over 20 leading standards bodies, NGOs and industry CIOs

Mike Regan

Mike Regan, VP, Business Performance

Mike Regan leads the activities of the Telecommunication Industry Association's (TIA) QuEST Forum with a focus on business performance improvement standards and associated activities. Prior to joining TIA, Mike completed a successful 30+ year career as a senior engineering leader responsible for the delivery of complex communications and networking products deployed in the business-critical production networks of premier public service providers, global cloud platforms, large enterprises and customer engagement centers.

Mike leverages his personal experiences in progressing the initiatives of the TIA QuEST Forum by working with Forum participants, network operators, government agencies and industry peers towards the development and adoption of new standards for the ICT industry with an emphasis on product quality, secure software development, and supply chain security.


Richard Knaster

Richard Knaster, Principal Consultant, Agile Big Picture

Richard has more than 30 years' experience in software and systems development in roles ranging from developer to executive and has been leading large-scale Agile transformations for well over 20 years. Richard actively works on advancing SAFe's Lean-Agile methods as a SAFe® Fellow and Methodologist. As a principal consultant, he is passionate about helping organizations create a better environment to deliver value, improve quality and flow, and be more engaging and fun. Richard currently works at Agile Big Picture where he does training, consulting and helps organization transform to achieve Business Agility. He is also a Bain & Company Advisor in their Agile Practice. Richard has written five books on Lean-Agile Software Development with deep experience in Lean Portfolio Management, Value Stream Management and Agile Product Delivery.


Paul Janusz

Paul Janusz, Senior Software Quality Engineer, US Army Development Command

Paul Janusz is a senior software quality engineer at the US Army Development Command – Armament Center at Picatinny Arsenal, NJ. He is responsible for implementing software measurement and quality assurance for a variety of armament software intensive systems. He is an editor for the Practical Software and Systems Measurement (PSM) project, adapting the measurement framework to account for the unique issues faced by continuous iterative development projects and digital engineering. Mr. Janusz is supporting the Army Software Sustainment Cost Estimation initiative, developing estimation approaches to accurately estimate, budget, allocate, and justify software sustainment resources.


Dr. Allan Friedman

Dr. Allan Friedman, Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency

Dr. Allan Friedman is Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency. He coordinates the global cross-sector community efforts around software bill of materials (SBOM) and related vulnerability initiatives, and works to advance their adoption inside the US government. He was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics. Prior to joining the Federal government, Friedman spent over a decade as a noted information security and technology policy scholar at Harvard's Computer Science department, the Brookings Institution, and George Washington University's Engineering School. He is the co-author of the popular text "Cybersecurity and Cyberwar: What Everyone Needs to Know," has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University. He is quite friendly for a failed-professor-turned-technocrat.


Don Davidson

Donald R Davidson Jr., Director, Cyber-SCRM Programs, Synopsys

Don Davidson is Director, Cyber-SCRM Programs at Synopsys, where he supports the Chief Security Office (CSO) in the Office of the President. He is focused on hardware assurance (HwA) and software assurance (SwA) to enable trusted/assured technology components and capabilities. In January 2019, he retired from the US Department of Defense (DoD) with over 44+ years of Federal Service, with his last 15 specialized in Supply Chain Risk Management (SCRM) on OSD-staff. He was a participant (and is "quoted") in the 2019 National Security Telecommunications Advisory Committee (NSTAC) Report to the President on "Advancing Resiliency and Fostering Innovation in the Information and Communications Technology Ecosystem". He is an active participant in the ongoing DHS/CISA-led public-private ICT-SCRM Task Force. He participates in the SAE/G32 initiative on Cyber Physical Systems Security (CPSS) and GSA-(Trusted IoT Ecosystem Security) -TIES initiative. He serves as a Cyber-SCRM Fellow at the Institute for Critical Infrastructure Technology.

He is active in the International Information Systems Security Association's (ISSA) Cyber Executive Forum, and often speaks on Cyber-SCRM. He is a voting member of CS1/ANSI for SC27/ISO, (and co-editor of ISO/IEC 27036 — Information technology - Security techniques - Information security for supplier relationships, in four parts). In 2021, he was selected as a member of the DOC/BIS Information Systems Technical Advisory Committee (ISTAC).


Gardy Rosius

Gardy Rosius, Acting Deputy CIO of Architecture, Engineering, Technology, & Innovation (AETI) for the U.S. Department of Energy (DOE), Office of the Chief Information Officer (CIO) [Pending Agency Approval]

Gardy Rosius is the Acting Deputy CIO of Architecture, Engineering, Technology, & Innovation (AETI) for the U.S. Department of Energy (DOE), Office of the Chief Information Officer (CIO). In this capacity, he works closely with OCIO leadership and other stakeholders to help the agency evolve and maintain a resilient and innovative IT culture. He provides expert advice on Departmental IT architecture policy and guidelines, and collaboration and solution integration for OCIO, field sites, and laboratories. With 2 decades of experience in both the private and public sector, Mr. Rosius leads with an emphasis on transformative innovation and holds a strong interest and broad awareness of technological advances that achieve value-based outcomes and enable enterprise-wide synergy through common IT products, services, and solutions.

Through the DOE Innovation Community Center (ICC), a centralized portal and collaborative hub for leading edge research and technology adoption, Mr. Rosius leads the implementation of alternative and transformation solutions through build factory capabilities for repeatable, agile deployments, including applied AI and data science, for advancing missions areas.

Previously, Mr. Rosius served as the Deputy Director for Application Engineering and Development at the U.S. Department of Commerce, U.S. Patent and Trademark Office, helping the agency to stay at the 'cutting edge of the nation's technological progress and achievement'. Mr. Rosius also spent several years at the U.S. Department of Treasury, Internal Revenue Service, in various IT leadership roles.


Gundeep Ahluwalia

Gundeep Ahluwalia, Chief Information Officer, U.S. Department of Labor

Gundeep Ahluwalia is a tech leader with a unique vision for innovation and strategy. Since assuming the role of Chief Information Officer (CIO) in October 2016, Ahluwalia has led Information Technology growth and transformation at the U.S. Department of Labor (DOL). He provides strategic leadership for IT capital planning, project initiatives, talent acquisition and enterprise-wide services—ultimately advancing the Department's mission-critical work. Prior to serving as the CIO, Ahluwalia served as DOL's Deputy CIO.

Under his leadership, Ahluwalia directs IT modernization projects, reinforces cybersecurity, promotes accessibility, and fosters information exchange between DOL's 27 agencies. He collaborates with Department leadership, the Office of Management and Budget, and other key stakeholders to formulate governance policy, budgets, and other strategic investment processes. His flagship program, the award-winning DOL IT Platform, integrates mission critical applications and brings together a variety of services and management into a single, cloud-based environment, including case management, content management, enterprise scanning, service management, and data analytics. His crusade to reduce legacy debt and increase data-based decision making involved securing two Technology Modernization Fund (TMF) awards for the Department - $3.5 million to empower a transformation of the temporary work visa certification system and $9.6 million to modernize enterprise-wide data infrastructure. The digitized certification system process enables employers to hire workers faster, and DOL to realize cost savings from eliminating the use of costly security paper and overnight mail, as well as to create near-real time data sharing between DOL, Department of State, and Homeland Security. The enterprise-wide data infrastructure project will help unlock data resources to better serve agency stakeholders, the Department's workforce and the American public. It will also help deliver more timely information to the right user at the right time in a secure fashion.

The annual DOL Tech Day expo and showcase, spanning across DOL's 27 agencies and several federal and private partners, originated under his direction. He also advanced the Congressional Oversight and Government Reform Committee's Federal Information Technology Acquisition Reform Act (FITARA) scorecard for DOL, achieving six "A" ratings out of seven categories scored – one of only two federal agencies to achieve more than four "A" ratings. The Department's Unified Communications enterprise solutions efforts are also steered by Ahluwalia, supplying innovative and collaborative technology across DOL's 386 geographically dispersed offices.

Ahluwalia has more than 20 years of experience in building and implementing enterprise-wide IT capabilities from the public and private sectors. He has developed global coalitions to identify customer-focused technology solutions across Europe, Asia, and the United States. While serving as Deputy Director at the U. S. Food and Drug Administration, he led negotiations with the European Union, Japan, and other countries to build and adopt the next generation of standards for exchanging data on adverse drug reactions.

As Director for IT & Application Support for a worldwide, supply chain management company Ahluwalia implemented solutions for a geographically dispersed customer base and drove innovative solutions that enabled industry standards for item synchronization.

Gundeep Ahluwalia holds a Master of Business Administration from the Amity Business School in India and a Bachelor of Engineering from the Manipal Institute of Technology. He is a recipient of an FDA Honors Award for leading Human Drugs Informatics Platform transformation. He is fluent in English, Hindi, and Punjabi.


Tim Mackey

Tim Mackey, Principal Security Strategist, Synopsys

Tim Mackey is a principal security strategist within the Synopsys CyRC (Cybersecurity Research Center). He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms. As a security strategist, Tim applies his skills in distributed systems engineering, mission critical engineering, performance monitoring, large-scale data center operations, and global data privacy regulations to customer problems. Tim currently leads the SBOM and SCRM strategy for Synopsys and is actively engaged with efforts within NIST, CISA and the CSRB. Tim is also an O'Reilly Media published author and has been covered in publications around the globe including USA Today, Fortune, NBC News, CNN, Forbes, Dark Reading, TEISS, InfoSecurity Magazine, and The Straits Times. Follow Tim at @TimInTech on Twitter and at mackeytim on LinkedIn.