October 12th, 2021 - 8:30am – 3:00pm ET
The 9th annual Cyber Resilience Summit hosted by CISQ will take place on October 12th, 2021, virtually. We're proud to show our support for National Cyber Security Awareness month with our event.
Cybersecurity is a national security and economic security imperative for the Biden Administration. As the journey to secure our nation's IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing, and sustaining secure and reliable software-intensive systems. Defending the network is not enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.
8:30-8:45am Welcome to the Cyber Resilience Summit
8:45-9:15am Morning Keynote
Is Technology the Solution or Part of the Problem? Technical Decision Points on the Journey to Responsible Computing
IT and computing are critical to almost all aspects of daily life, and IT leaders play a vital role in ensuring responsible use. Our opening keynote address features Marc Peters, Distinguished Engineer and CTO for Energy, Environment & Utilities EMEA at IBM, who leads a global initiative launched after having conducted research among hundreds of his CTO peers. The CTOs reported significant challenges and anxieties related to environmental, social, and governance (ESG) concerns that signaled several seismic shifts in the industry. Join us to learn about the Responsible Computing Initiative, a new framework that provides a basis for how to think through your responsibilities as an IT leader. What part does technology play in all this? Is a fundamental re-architecting of IT infrastructure needed to create a more sustainable future while driving measurable growth today? Responsible computing may not yet be top-of-mind in all organizations, but leading companies show that sustainable innovation is a critical priority in their business models and priorities.
9:15-10:15: GAINING INSIGHT INTO CYBERSECURITY MATURITY
This panel will address the current state of the Cyber Security Model Certification (CMMC) and related standards.
- What are the timelines for deploying CMMC and plans for supporting it?
- How is the impact on small subcontractors being addressed?
- How does the Security Maturity Model from the Industrial Internet of Things Consortium supplement CMMC and address a non-federally-related community?
- Given the immediacy of the cybersecurity risk, what can be done to accelerate adoption of the minimally necessary practices?
10:15-10:30am: Program Break
10:30-11:30am: DevOps Implementation
This panel will explore the challenges of implementing a DevOps toolchain. This panel will discuss:
- What are the biggest obstacles to implementing an integrated toolchain?
- What policy, process, or product changes must be made to establish a continuous software flow down the pipeline?
- What cost, quality, or efficiency benefits have been achieved? Has there been resistance? If so, how was it addressed?
11:30-12:00pm: Software Supply Chain Transparency
Software has become a key enabler for multiple aspects of our lives and our organizations. Visibility into our software, its composition, origin, and the information needed to determine whether it is trustworthy are new aspects of the software world. SBOM's are a part of an ecosystem that can answer these needs and offer a starting point on the path to software supply chain integrity. Supply chains for software need to become visible, and they need to convey more about the software they represent. This panel will discuss these needs, what is coming together to address them, and where we can collectively move the software ecosystem forward.
12:00-1:15pm: Lunch Keynote Address: MODERNIZATION AND DEVOPS BEST PRACTICES AT AMAZON
In this lunch-time keynote address, you will learn how Amazon helps their customers modernize their applications and infrastructure, while also strengthening their security posture. We'll also explore DevOps practices that Amazon uses to maintain a culture of innovation.
1:15-1:45Pm: Testing for Privacy and Data Protection
Data protection and privacy are at the top of many organizational priorities. The results of application software testing can provide the basis for defensible quality/security controls to protect sensitive data and confirm the effectiveness of relevant data protection controls. Many organizations undergo process assessments in demonstrating compliance with laws and standards associated with protecting privacy and data, including the CMMC. Scanning code that will run in enterprise network-connected assets that process or transmit data can determine if the systems or devices enable data leakage or lack adequate protections to mitigate unauthorized access to read or modify data.
1:45-2:30pm: Ensuring Secure and Resilient IT Modernization Outcomes
The Biden Administration is proposing unprecedented investment in Federal IT modernization to ensure the cybersecurity, resiliency, and citizen/mission effectiveness of IT Infrastructure and critical systems. This panel will explore the challenges of modernizing a portfolio of mission-critical and citizen-facing applications. This panel will answer:
- How to evaluate successful outcomes
- What cost, quality, or efficiency benefits achieved by modernization
- How do we ensure that modernized systems are more sustainable, changeable, and scalable than legacy systems?
- Software supply chain risk management and modernization
2:30-3:00pm: Summary and Closing Remarks