Press Release

CISQ to Host 8th Annual Cyber Resilience Summit for Government IT Leaders


BOSTON, MA – SEPTEMBER 28, 2020 – The Consortium for Information & Software Quality™ (CISQ™), an IT industry leadership group that develops standards for automating software quality measurement, today announced its 8th annual Cyber Resilience Summit, From Securing the Supply Chain to Enterprise DevSecOps.

The virtual summit will be held on October 13, 2020 from 8:00am – 4:00pm, bringing defense, government, and industry leaders together to discuss policy, standards and best practices for IT modernization, cybersecurity, cyber resilience, and supply chain risk management.  

Dr. Bill Curtis, Executive Director, CISQ, and Luke McCormack, retired, former CIO, U.S. Department of Homeland Security will provide welcome remarks and emcee the event. The Cyber Resilience Summit opens with a keynote from the U.S. Department of Homeland Security on the 2020 election and the nation’s efforts to secure its critical infrastructure.

“The Cyber Resilience Summit is a premier event bringing together federal and industry IT leaders to discuss critical issues affecting the nation’s cyber infrastructure,” said Dr. Curtis. “CISQ will introduce two new proposed standards for managing software risk: a Data Protection Measure and a Software Bill of Materials standard.”

“This summit will help people better leverage CISQ-sponsored efforts to support enterprise and supply chain needs for software transparency and protecting data, confidential information, IP, and Privacy. In particular, the new Data Protection Measure, based on relevant CWEs, is highly relevant to those seeking to comply with protection measures in regulatory guidance associated with GDPR, CCPA, HIPAA, and CMMC,” said Joe Jarzombek, Director for Government & Critical Infrastructure Programs at Synopsys and Governing Board Member of CISQ.

Confirmed speakers and panelists from Federal agencies and the private sector include:

  • Keynote Address: Election Security and #Protect2020: Robert Kolasky, Director, National Risk Management Center, Cybersecurity and Infrastructure Agency, U.S. Department of Homeland Security
  • Cybersecurity Maturity Model Certification:
    • Katie Arrington, Chief Information Security Officer, Office of the Undersecretary of Defense for Acquisition, U.S. Department of Defense
    • Phyllis Schneck, Vice President and Chief Information Security Officer, Northrop Grumman
    • John Weiler, Managing Director, IT Acquisition Advisory Council (IT-AAC) and Chairman of the Board, CMMC Center of Excellence
  • Automated Source Code Data Protection Measure:
    • Dr. Bill Curtis, Executive Director, Consortium for Information & Software Quality (CISQ)
    • Joe Jarzombek, Director for Government & Critical Infrastructure Programs, Synopsys and Board Member, CISQ
  • Securing 5G and the Supply Chain: Grant Schneider, former Federal CISO and Senior Director for Cybersecurity Policy at the White House, now at law firm Venable
  • What’s in My Software? Introducing the Software Bill of Materials Specification
    • Robert Martin, Senior Principal Engineer, MITRE
    • Dr. Allan Friedman, Director of Cybersecurity Initiatives, Department of Commerce, NTIA
  • DevSecOps: Department of Defense Use Cases and Plans for a New NIST Framework
    • Dr. Ron Ross, Fellow, National Institute of Standards and Technology
    • Nicolas Chaillan, Chief Software Officer, U.S. Air Force
  • Estimating the Cost of Cybersecurity Effort in Development Projects
    • Dr. Barry Boehm, Distinguished Professor of Computer Science, Industrial and Systems Engineering and Astronautics, University of Southern California
    • Elaine Venson, PhD Student, University of Southern California
  • Continuous Diagnostics and Mitigation: The Next Frontier: Kevin Cox, CDM Program Manager, Cybersecurity and Infrastructure Security Agency, U.S. Department of Homeland Security
  • Cyber Resilience Summit Highlights: Managing in Lean Times:
    • Tony Scott, Chairman, The TonyScottGroup
    • Karen Evans, CIO, U.S. Department of Homeland Security

Registration is complimentary. This Cyber Resilience Summit is supported by CISQ sponsors: CAST, CGI, Cognizant, ISHPI, Northrop Grumman, Synopsys

About CISQ

The Consortium for Information and Software Quality™ (CISQ™) is an industry leadership group that develops international standards for automating the measurement of software size and structural quality from the source code. The standards, written by CISQ, enable organizations developing or acquiring software-intensive systems to measure the operational risk software poses to the business, as well as estimate the cost of ownership. CISQ was co-founded by the Object Management Group® (OMG®) and Software Engineering Institute (SEI) at Carnegie Mellon University. For more information, visit


+1-781-444 0404
[email protected]


Note to editors: CISQ is an Object Management Group program. Object Management Group and OMG are registered trademarks of the Object Management Group. For a listing of all OMG trademarks, visit All other trademarks are the property of their respective owners.