Speakers

Luc Brandts

Luc Brandts, Chief Executive Officer at Software Improvement Group
Luc Brandts is Chief Executive Officer at Software Improvement Group. He joined the company in 2018 as Chief Technology Officer to help drive international growth and technological leadership. Luc has worked in the information technology industry since 1994 when he founded his company, BWise. He served as the company's Chief Technology Officer, and together with Robert Pijselman, grew it to become a recognized global market leader in the risk management and compliance space. Following the acquisition of BWise by Nasdaq, Luc assumed the role of Chief Strategy Officer for the company's risk management practice. Throughout his career, he has also held various board member and investor roles. Luc holds a Ph.D. in mechanical engineering from the University of Eindhoven.


David Powner

David Powner, Executive Director for MITRE's Center for Data-Driven Policy
Dave is the Executive Director for MITRE's Center for Data-Driven Policy. He helps to connect MITRE's deep expertise on topics like engineering, acquisition, and cybersecurity to policymakers in both the legislative and executive branches. He also enhances MITRE's strategic corporate partnership interactions and the development of new opportunities with the federal government, states, the private sector, and academia. Dave is a Fellow at the National Academy of Public Administration and a Strategic Advisor to Government Executives (SAGE), Chief Information Officer at the Partnership for Public Service.

Dave has more than 30 years of experience in both the public and private sectors. Prior to joining MITRE, he served as a Director at the U.S. Government Accountability Office (GAO) where he led numerous reviews of federal information technology that resulted in Dave testifying before Congress more than 100 times. He received Federal Computer Week's Federal 100 award in 2008, 2012, and 2017. In 2017, he was the federal government's top awardee receiving the Eagle award for his contributions to the federal information technology community. In the private sector, Dave led software development teams in the telecommunications industry.

Dave holds a bachelor's degree in business administration from the University of Denver and attended the Senior Executive Fellows Program at the John F. Kennedy School of Government at Harvard University.


Bill Curtis

Dr. Bill Curtis is CISQ's Executive Director
Dr. Curtis led the development of the Capability Maturity Model (CMM) at the Software Engineering Institute at Carnegie Mellon University. Dr. Curtis is an active participant in ISO JTC1 SC7 WG6 for Software and System Product Measures. In 2007, he was elected a Fellow of the IEEE for his career contributions to software process improvement and measurement.


Robert Martin

Robert "Bob" Martin is a Senior Principal Engineer in Cyber Security Partnerships at MITRE
He is an active contributor to the ITU-T, ETSI, OMG, Open Group, and ISO on various aspects of cybersecurity and assurance and is a Steering Committee member of the Industrial Internet Consortium. Over the past 27 years, Mr. Martin has utilized his expertise and experience in software quality and cybersecurity to help sponsors as well as to create and promote public international community initiatives such as SACM, SQAE, CVE, CAPEC, and CWE, which include large active vendor and research communities.


Joe Jarzombek

Joe Jarzombek is Director for Government and Critical Infrastructure Programs at Synopsys
For 10+ years, Mr. Jarzombek was Director for Software and Supply Chain Assurance at the U.S. Department of Homeland Security. He is an expert in software assurance and supply chain risk management.


Jon Boyens

Jon Boyens is the Deputy Chief of the Computer Security Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST)
His responsibilities include Cybersecurity Research and Development at NIST and Cybersecurity Standards and Guidelines for Federal Agency Security Programs. He also leads NIST's Cyber Supply Chain Risk Management (C-SCRM) Program, helps develop and coordinate the Department of Commerce's cybersecurity policy among the Department's bureaus, and represents the Department in the Administration's interagency cybersecurity policy process. Boyens has worked on various White House-led initiatives, including those on trusted identities, botnets, the Cybersecurity Framework and Roadmap, telecommunications supply chain, software supply chain, and government-wide implementation of the Federal Acquisition Supply Chain Security Act, serving as NIST's principal to the Federal Acquisition Security Council.

Since 2010, Boyens has conducted research to identify, evaluate and develop technologies, tools, techniques, practices, and standards needed to enable organizations to manage supply chain risk. Building on this research, he led a team to develop and issue a set of foundational, standardized, repeatable, and feasible practices to help organizations manage cyber supply chain risks to their organizations and systems. These practices were released in 2015 as NIST Special Publication 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations. Continuing this line, Boyens has since released research and findings on criticality analysis and industry key practices for Cybersecurity SCRM. He is currently in the process of updating SP 800-161, working on software supply chain aspects of EO 14028, and leading the recently announced public-private partnership, the National Initiative for Improving Cybersecurity in Supply Chains.


Steve Springett

Steve Springett is a Chair of CycloneDX Core Working Group, OWASP
Steve educates teams on the strategy and specifics of developing secure software.

He practices security at every stage of the development lifecycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive programming techniques.

Steve's passionate about helping organizations identify and reduce risk from the use of third-party and open source components. He is an open-source advocate and leads the OWASP Dependency-Track project, OWASP Software Component Verification Standard (SCVS), and is the Chair of the OWASP CycloneDX Core Working Group, a cybersecurity focused Software Bill of Materials (SBOM) Standard.


Steve Lipner

Steve Lipner, Executive Director, SAFECode

Steve Lipner is the executive director of SAFECode, an industry nonprofit focused on software security assurance. Before SAFECode, he was partner director of software security at Microsoft where he was the creator and long-time leader of the Security Development Lifecycle (SDL) and was responsible for software integrity policies and for government security evaluations. Steve also serves as the chair of the U.S. Government's Information Security and Privacy Advisory Board. Steve has more than a half century of experience in cybersecurity as a researcher, engineer, and development manager and is named as coinventor on twelve U.S. patents. He is a member of the National Academy of Engineering and the National Cybersecurity Hall of Fame. Steve's full CV is available at www.stevelipner.org.


John Weiler

John A. Weiler, Managing Director/CIO, Interoperability Clearinghouse (ICH), Co-Founder/Chief Executive Officer, IT Acquisition Advisory Council (IT-AAC)

Education: Senatorial Scholar, University of Maryland, Smith School of Business
Degrees in Information System Management and Marketing 1978

John A. Weiler is a recognized IT Management leader, with four decades of senior IT experience in commercial and defense positions. He also has guided major IT projects with nearly half of the federal agencies and been instrumental in the drafting of FITARA and several NDAA legislative directives. He has been leading champion of Federal IT/Cyber Reforms as Managing Director and CIO at the Interoperability Clearinghouse, a DoD chartered non-profit research institute, and Co-Founder of the IT Acquisition Advisory Council, a public/private "do tank" dedicated to effecting the transformation of Federal IT Management, Acquisition and Governance.  

Mr. Weiler has played a leading role in the transformation of Federal IT planning, governance and acquisition, supporting leaders within the White House, Congress, Department of Homeland Security, USAF and Secretary of Defense. Mr. Weiler is the co-author of a leading Agile Acquisition Maturity Model (AAM), established a virtual Solution Architecture Innovation Lab (SAIL) and helped congress draft key IT Reforms including FITARA, '10 NDAA Sec 804, and EO13636.  To stay abreast of emerging technologies and their applications, Mr. Weiler is actively involved in over 22 leading industry groups and international standards activities including; IT Acquisition Advisory Council, Object Management Group, NDIA, AFCEA, BENS, and American Council for Technology/Industry Advisory Council (ACT/IAC).  

Since 1995, Mr. Weiler dedicated himself to advancing core IT Reforms contained in Clinger Cohen Act, FITARA and Defense IT Acquisition Reforms.  Since 2008 when he and Honorable Mike Wynne launched the IT-AAC, he has garnered the support of leading Defense Experts and world renown Silicon Valley leaders to help advance long sought IT/Cyber Acquisition and Management Reforms.  It is this cause he is passionate about and hoping to make a difference inside the Pentagon.

Mr. Weiler will present the findings of the IT-AAC's 8 year investigation into challenges and emerging standards of practice associated with Defense IT Acquisition Management that includes;

  • Over 50 leadership orkshops with over 2,500 sr. leaders attending
  • A summary analysis of over 40 major IT Reform Studies and Assessments prepared since 2000
  • Facilitated implementation of an Agile Acquisition Framework validated by DOD CIO, AF CIO, Navy ONI, GPO, DHS, GAO, OMB, ANSER and SEI
  • Orchestrated the development of hard hitting white papers requested by the SASC, HASC, White House, AF, and multiple industry groups
  • Forged a partnership with over 20 leading standards bodies, NGOs and industry CIOs