9th Annual Cyber Resilience Summit

Cyber Resilience Summit

October 12th, 2021 - 8:30am – 3:00pm ET

The 9th annual Cyber Resilience Summit hosted by CISQ will take place on October 12th, 2021, virtually. We're proud to show our support for National Cyber Security Awareness month with our event.

Cybersecurity is a national security and economic security imperative for the Biden Administration. As the journey to secure our nation's IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing, and sustaining secure and reliable software-intensive systems. Defending the network is not enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.

 

Register Now!

Agenda

8:30-8:45am Welcome to the Cyber Resilience Summit

SPEAKERS:

Dr. Bill Curtis

Dr. Bill Curtis
Executive Director, Consortium for Information & Software Quality (CISQ)

 

Luke McCormack

Luke McCormack
Former CIO, Department of Homeland Security


8:45-9:15am Morning Keynote

Keynote announcement coming soon!


9:15-10:15: The Current State of Cybersecurity Maturity Model Certification (CMMC)

SPEAKERS:

Ron Zahavi

Ron Zahavi
Chief Strategist for IOT Standards, Microsoft

 

Matthew James Butkovic

Matthew James Butkovic
Technical Director, SEI

This panel will address the current state of the Cyber Security Model Certification (CMMC) and related standards.

  • What are the timelines for deploying CMMC and plans for supporting it?
  • How is the impact on small subcontractors being addressed?
  • How does the Security Maturity Model from the Industrial Internet of Things Consortium supplement CMMC and address a non-federally-related community?
  • Given the immediacy of the cybersecurity risk, what can be done to accelerate adoption of the minimally necessary practices?

10:15-10:30am: Program Break


10:30-11:00am: Testing for Privacy and Data Protection

SPEAKER:

Robert Metzger

Robert Metzger
– Invited

MODERATOR:

Joe Jarzombek

Joe Jarzombek
Director for Government & Critical Infrastructure Programs, Synopsys, Inc.

Data protection and privacy are at the top of many organizational priorities. The results of application software testing can provide the basis for defensible quality/security controls to protect sensitive data and confirm the effectiveness of relevant data protection controls.  Many organizations undergo process assessments in demonstrating compliance with laws and standards associated with protecting privacy and data, including the CMMC.  Scanning code that will run in enterprise network-connected assets that process or transmit data can determine if the systems or devices enable data leakage or lack adequate protections to mitigate unauthorized access to read or modify data. 


11:00-11:30am: DevOps Implementation

SPEAKER(S):

Hasan Yasar

Hasan Yasar
Technical Director, SEI

This panel will explore the challenges of implementing a DevOps toolchain. This panel will discuss:

  • What are the biggest obstacles to implementing an integrated toolchain? 
  • What policy, process, or product changes must be made to establish a continuous software flow down the pipeline? 
  • What cost, quality, or efficiency benefits have been achieved?  Has there been resistance? If so, how was it addressed?

11:30-12:00pm: Software Supply Chain Transparency

SPEAKERS:

Robert Martin

Robert Martin
Sr. Software and Supply Chain Assurance Principal Eng., MITRE

 

Cheri Caddy

Cheri Caddy
Senior Advisor for Cybersecurity, U.S. Department of Energy (DOE)

Software has become a key enabler for multiple aspects of our lives and our organizations. Visibility into our software, its composition, origin, and the information needed to determine whether it is trustworthy are new aspects of the software world. SBOM's are a part of an ecosystem that can answer these needs and offer a starting point on the path to software supply chain integrity. Supply chains for software need to become visible, and they need to convey more about the software they represent. This panel will discuss these needs, what is coming together to address them, and where we can collectively move the software ecosystem forward.


12:00-1:15pm: Lunch Keynote Address

SPEAKER(S):

Nicolas Chaillan

Nicolas Chaillan
U.S. Airforce Chief Software Officer


1:15-1:45pm: Regulators Roundtable: Ensuring Secure & Resilient Critical Application Infrastructure

SPEAKERS:

David Powner

David Powner
Executive Director, Center for Data-Driven Policy, MITRE

 

Dr. Seth Carmody

Dr. Seth Carmody
Cyber Security Program Manager, FDA

The panel will focus on key trends and approaches to how Federal regulators will collaborate with Critical Infrastructure Industry communities to monitor and improve security, resilience, and reliability of the software systems upon which commerce and infrastructure rely.


1:45-2:30pm: Ensuring Secure and Resilient IT Modernization Outcomes

SPEAKER(S):

David Powner

David Powner
Executive Director, Center for Data-Driven Policy, MITRE

The Biden Administration is proposing unprecedented investment in Federal IT modernization to ensure the cybersecurity, resiliency, and citizen/mission effectiveness of IT Infrastructure and critical systems. This panel will explore the challenges of modernizing a portfolio of mission-critical and citizen-facing applications. This panel will answer:

  • How to evaluate successful outcomes
  • What cost, quality, or efficiency benefits achieved by modernization
  • How do we ensure that modernized systems are more sustainable, changeable, and scalable than legacy systems?
  • Software supply chain risk management and modernization

2:30-3:00pm: Summary and Closing Remarks

SPEAKERS:

Dr. Bill Curtis

Dr. Bill Curtis
Executive Director, Consortium for Information & Software Quality (CISQ)

 

Luke McCormack

Luke McCormack
Former CIO, Department of Homeland Security


CISQ Founders and Corporate Sponsors

OMG

SEI

7N

CAST

CGI

Digital

ISHPI

Northrop Grumman

Software Improvement Group

Synopsys