9th Annual Cyber Resilience Summit

Cyber Resilience Summit

October 12th, 2021 - 8:30am – 3:00pm ET

The 9th annual Cyber Resilience Summit hosted by CISQ will take place on October 12th, 2021, virtually. We're proud to show our support for National Cyber Security Awareness month with our event.

Cybersecurity is a national security and economic security imperative for the Biden Administration. As the journey to secure our nation's IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing, and sustaining secure and reliable software-intensive systems. Defending the network is not enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.

Presentations

Agenda

8:30-8:45am Welcome to the Cyber Resilience Summit

SPEAKERS:

Dr. Bill Curtis

Dr. Bill Curtis
Executive Director, Consortium for Information & Software Quality (CISQ)

 

Luke McCormack

Luke McCormack
Former CIO, Department of Homeland Security


8:45-9:15am Morning Keynote

Is Technology the Solution or Part of the Problem? Technical Decision Points on the Journey to Responsible Computing

SPEAKER:

Marc Peters

Marc Peters
Distinguished Engineer, CTO for Energy, Environment & Utilities EMEA, IBM

 

IT and computing are critical to almost all aspects of daily life, and IT leaders play a vital role in ensuring responsible use. Our opening keynote address features Marc Peters, Distinguished Engineer and CTO for Energy, Environment & Utilities EMEA at IBM, who leads a global initiative launched after having conducted research among hundreds of his CTO peers. The CTOs reported significant challenges and anxieties related to environmental, social, and governance (ESG) concerns that signaled several seismic shifts in the industry. Join us to learn about the Responsible Computing Initiative, a new framework that provides a basis for how to think through your responsibilities as an IT leader. What part does technology play in all this? Is a fundamental re-architecting of IT infrastructure needed to create a more sustainable future while driving measurable growth today? Responsible computing may not yet be top-of-mind in all organizations, but leading companies show that sustainable innovation is a critical priority in their business models and priorities.


9:15-10:15: GAINING INSIGHT INTO CYBERSECURITY MATURITY

SPEAKERS:

Ron Zahavi

Ron Zahavi
Chief Strategist for IOT Standards, Microsoft

 

Matthew James Butkovic

Matthew James Butkovic
Technical Director, SEI

 

Sammy Migues

Sammy Migues
Principal Scientist, the Synopsys Software Integrity Group

This panel will address the current state of the Cyber Security Model Certification (CMMC) and related standards.

  • What are the timelines for deploying CMMC and plans for supporting it?
  • How is the impact on small subcontractors being addressed?
  • How does the Security Maturity Model from the Industrial Internet of Things Consortium supplement CMMC and address a non-federally-related community?
  • Given the immediacy of the cybersecurity risk, what can be done to accelerate adoption of the minimally necessary practices?

10:15-10:30am: Program Break


10:30-11:30am: DevOps Implementation

SPEAKER(S):

Hasan Yasar

Hasan Yasar
Technical Director, SEI

 

Richard Knaster

Richard Knaster
Vice President and Chief Scientist for Value Stream Management at Digital.ai

 

Robert Aiello

Robert Aiello
CTO, Principle Consultant at Aiello Consulting

 

Ruth Lennon

Ruth Lennon
Director, Craobh Technology Consulting

This panel will explore the challenges of implementing a DevOps toolchain. This panel will discuss:

  • What are the biggest obstacles to implementing an integrated toolchain? 
  • What policy, process, or product changes must be made to establish a continuous software flow down the pipeline? 
  • What cost, quality, or efficiency benefits have been achieved?  Has there been resistance? If so, how was it addressed?

11:30-12:00pm: Software Supply Chain Transparency

SPEAKER:

Robert Martin

Robert Martin
Sr. Software and Supply Chain Assurance Principal Eng., MITRE

 

Allan Friedman

Allan Friedman
Senior Advisor & Strategist, CISA

Software has become a key enabler for multiple aspects of our lives and our organizations. Visibility into our software, its composition, origin, and the information needed to determine whether it is trustworthy are new aspects of the software world. SBOM's are a part of an ecosystem that can answer these needs and offer a starting point on the path to software supply chain integrity. Supply chains for software need to become visible, and they need to convey more about the software they represent. This panel will discuss these needs, what is coming together to address them, and where we can collectively move the software ecosystem forward.


12:00-1:15pm: Lunch Keynote Address: MODERNIZATION AND DEVOPS BEST PRACTICES AT AMAZON

SPEAKER:

Leo Zhadanovsky

Leo Zhadanovsky
Chief Technologist for Education Public Sector, Amazon Web Services

In this lunch-time keynote address, you will learn how Amazon helps their customers modernize their applications and infrastructure, while also strengthening their security posture. We'll also explore DevOps practices that Amazon uses to maintain a culture of innovation.


1:15-1:45Pm: Testing for Privacy and Data Protection

SPEAKERS:

Robert Metzger

Robert Metzger
Rogers Joseph O'Donnell, PC. (RJO)

 

Joe Jarzombek

Joe Jarzombek
Director for Government & Critical Infrastructure Programs, Synopsys, Inc.

Data protection and privacy are at the top of many organizational priorities. The results of application software testing can provide the basis for defensible quality/security controls to protect sensitive data and confirm the effectiveness of relevant data protection controls.  Many organizations undergo process assessments in demonstrating compliance with laws and standards associated with protecting privacy and data, including the CMMC.  Scanning code that will run in enterprise network-connected assets that process or transmit data can determine if the systems or devices enable data leakage or lack adequate protections to mitigate unauthorized access to read or modify data. 


1:45-2:30pm: Ensuring Secure and Resilient IT Modernization Outcomes

SPEAKER(S):

David Powner

David Powner
Executive Director, Center for Data-Driven Policy, MITRE

SPEAKER:

Dr. Seth Carmody

Dr. Seth Carmody
Cyber Security Program Manager, FDA

The Biden Administration is proposing unprecedented investment in Federal IT modernization to ensure the cybersecurity, resiliency, and citizen/mission effectiveness of IT Infrastructure and critical systems. This panel will explore the challenges of modernizing a portfolio of mission-critical and citizen-facing applications. This panel will answer:

  • How to evaluate successful outcomes
  • What cost, quality, or efficiency benefits achieved by modernization
  • How do we ensure that modernized systems are more sustainable, changeable, and scalable than legacy systems?
  • Software supply chain risk management and modernization

2:30-3:00pm: Summary and Closing Remarks

SPEAKERS:

Dr. Bill Curtis

Dr. Bill Curtis
Executive Director, Consortium for Information & Software Quality (CISQ)

 

Luke McCormack

Luke McCormack
Former CIO, Department of Homeland Security

CRS
Panel: norton, noben, berendsen, vaneeden, curtis
harold van heeringen metri

CISQ Founders and Corporate Sponsors

OMG

SEI

7N

CAST

CGI

Digital

ISHPI

Northrop Grumman

Software Improvement Group

Synopsys