The Crossroads of IT Modernization and Cybersecurity

Hosted by: Consortium for Information & Software Quality™ (CISQ™) in cooperation with the Object Management Group (OMG) and IT Acquisition Advisory Council (IT-AAC)

Cyber Resilience Summit: The Crossroads of IT Modernization and Cybersecurity

DATE: October 16, 2018
TIME: 8:00am – 3:30pm
TOPIC: Reducing Modernization Risk through Compliance to Software and Risk Management Standards
PLACE: Army Navy Country Club, 1700 Army Navy Drive, Arlington, VA
PHONE: +1 703-521-6800

The 6th semiannual Cyber Resilience Summit: The Crossroads of Modernization and Cybersecurity returns to Arlington, VA in October. The program focuses on standards and best practices for measuring risk and quality in IT-intensive programs from the standpoint of productivity, software assurance, overall quality and system/mission risk. Discussions expose proven methods and tools of incorporating such standard quality metrics into the IT software development, sustainment and acquisition processes. Given the government's commitment to IT modernization and cybersecurity, this is a unique opportunity to get this right for the next twenty years. You are deploying the “legacy systems of tomorrow” and need sustainable outcomes.


To access presentations, visit You're also encouraged to sign CISQ’s Trustworthy Systems Manifesto!


Time Session
8:00 Welcome to the Cyber Resilience Summit

Dr. Bill Curtis, Executive Director, Consortium for Information & Software Quality (CISQ)
John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)

8:15 Titans of Cyber: Critical Success Factors for Modernizing and Securing Government IT

Lead: John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)

Federal IT leaders brief on priorities, policy and plans for modernizing and securing government IT, building momentum from the “forcing functions” of the Federal IT Acquisition Reform Act (FITARA), Executive Order 13800 for Cybersecurity, Modernizing Government Technology (MGT) Act, and the President’s Management Agenda.

Titans of Cyber speakers:

  • Mark Hakun, Deputy Chief Information Officer, National Security Agency
  • Scott Tousley, Deputy Director, Cyber Security Division, U.S. Department of Homeland Security Science and Technology Directorate
  • Scott Tousley, Deputy Director, Cyber Security Division, U.S. Department of Homeland Security Science and Technology Directorate
  • Susan Dorr, Intelligence Community, Chief Information Security Officer (IC CISO) and Director, Intelligence Community, Chief Information Officer, Cybersecurity Division (IC CIO CSD)
  • Mark Kneidinger, Deputy Director, National Risk Management Center, U.S. Department of Homeland Security
9:30 Trustworthy Systems Manifesto from CISQ

Dr. Bill Curtis, Executive Director, Consortium for Information & Software Quality (CISQ)

As businesses and governments automate more of their business and mission processes, the risk to which Information Technology (IT) exposes the organization grows dramatically. In an era of 9-digit defects (IT incidents with damages over $100,000,000), senior executives outside IT are held accountable and some have lost their jobs.

CISQ will brief on cyber risk measurement standards and then introduce a Trustworthy Systems Manifesto. The Manifesto contains a set of principles that senior business and public executives should hold IT accountable for implementing to ensure the systems to which they have entrusted the business or mission are trustworthy. A trustworthy system is one that is secure from unauthorized users and actions, reliable in its performance, resilient to unexpected conditions, and accurate in its computations.

10:15 Break & Networking
10:30 Supply Chain Risk Management (SCRM) Gets Legislative Attention

Lead: Joe Jarzombek, Director for Government, Defense and Aerospace Programs, Synopsys and Governing Board Member, Consortium for Information & Software Quality (CISQ)

Software supply chain assurance is finally en vogue. The Pentagon is evaluating how to insert security metrics into the acquisition process to measure cyber risk on the same scale as cost, schedule, and performance. The phrase “shift left” from software development circles applies here, referring to the practice of mitigating risk earlier in the system lifecycle to avoid costly, compounded technical debt and unacceptable levels of risk from vulnerabilities and compromise. This panel will discuss the latest developments, best practices, and standards of practice for SCRM.


  • William Stephens, Director of Counterintelligence, Defense Security Service
  • Don Davidson, Deputy Director, Cybersecurity Risk Management (+ Chief of SCRM Division), Office of the Deputy DoD-CIO for Cybersecurity
  • Shon Lyublanovits, Senior Advisor for Cybersecurity, GSA
  • Dr. Allan Friedman, Director, Cybersecurity Initiatives, National Telecommunications and Information Administration, U.S. Department of Commerce
11:30 Continuous Diagnostics and Mitigation (CDM) Moves to Phase 4

Betsy Kulick, CDM Program Deputy Director, U.S. Department of Homeland Security

One of the biggest cybersecurity programs in the U.S. Federal Government is Continuous Diagnostics and Mitigation (CDM) at the Department of Homeland Security. This session will discuss the CDM roadmap and phase 4 of the program which targets protection of data and the application stack.

12:15 Lunch and networking
1:15 Regulators Roundtable: Best Practices in Cyber Policy for Industry

Lead: Dr. Bill Curtis, Executive Director, Consortium for Information & Software Quality (CISQ)

This cross-agency panel will discuss how cyber risk is measured and how cyber policy is set and implemented in the industries they regulate. What can agencies learn from each other in addressing the challenges of regulating industries?  How do agencies strike the right balance in protecting citizens without stifling the pace of industry and innovation? What can industry learn from the government’s cyber practices?


  • Chris Hetner, Senior Cybersecurity Advisor to the Chairman, U.S. Securities and Exchange Commission
  • Bethany Dugan, Deputy Comptroller for Operational Risk, Office of the Comptroller of the Currency
  • Dr. Seth Carmody, Cybersecurity Program Manager, U.S. Food and Drug Administration  (FDA Cybersecurity Resource)
  • Donald Saxinger, Chief, IT Supervision, Division of Risk Management Supervision, FDIC
 2:15 Innovative Methods for Producing Cybersecure Software

Lead: Girish Seshagiri, EVP and CTO, ISHPI Information Technologies and Board Member, Consortium for Information & Software Quality (CISQ)

The IT standards community is driving initiatives to automate cyber risk measurement and cyber threat modeling. In tandem, workforce development is critical to meeting the government’s cyber challenges and our nation’s IT skills gap. This panel of subject matter experts will brief the audience on methods for producing cybersecure, resilient and sustainable software systems through practice and education.


  • Robert Martin, Senior Principal Engineer, MITRE
  • Rodney Petersen, Director, National Initiative for Cybersecurity Education (NICE), NIST
  • Paul Seay, Northrop Grumman Fellow, Engineering Center of Excellence, NGMS Engineering, Sciences, and Technology, Northrop Grumman Corporation
3:15 Closing Remarks


Thank You CISQ Sponsors






John-Weiler-Bill-Curtis Bill-Curtis
Titans-of-Cyber CRS-Oct-2016-Army-Navy
Joe-Jarzombek-SCRM Weiler, Kulick CDM
Regulators-Roundtable-Hetner-Saxinger-Dugan-Carmody Bob-Martin-SACM