Join us on Sept 9th for the 2021 Cloud Conference! Cloud computing presents a tremendous opportunity with 94% of all enterprises currently using cloud services as organizations continue to migrate their data and operations to the cloud. By 2025, it is projected that the cloud computing market will exceed $800 billion with over 100 zettabytes of data being stored in the cloud. In a study by Cloud Security Alliance, around half of organizations are concerned about lack of cloud expertise and 79 percent of respondents report staff-related issues. The 2021 Cloud Conference will enable participants to learn what is new and innovative in cloud computing and to enhance their cloud strategy.
0830-0930: FedRAMP Strategic Initiatives
0930-1030: Lessons Learned on Cloud Security and Assessment
1030-1130: Automating Security Assessment with NIST’s Open Security Controls Assessment Language (OSCAL)
1130-1230: NIST OSCAL in Action: Tools to Deliver Continuous ATO Documentation
Who Should Attend? Cloud security and enablement professionals, IT advisory or audit professionals, Business executives, Cybersecurity professionals, students or professionals interested in learning more about cloud in the public sector space.
Check out our calendar of upcoming events for more ISACA GWDC and partner activities. Don't forget to follow ISACA GWDC on LinkedIn, Twitter, and Facebook for the latest news and information from ISACA GWDC, ISACA, and the audit, governance, and security profession.
TOPICS OF THE 2021 CLOUD CONFERENCE
FedRAMP Strategic Initiatives Presented by Brian Conrad (GSA FedRAMP)
FedRAMP has seen an incredible increase in the adoption of the program, which is marked by both an increase in agency participation and reuse of authorizations. Brian Conrad, FedRAMP's Acting Director, will highlight FedRAMP's growth and the program's FY21 focus on strategic initiatives - like automation and a threat based authorization approach - to transform FedRAMP, with a focus on continued partnerships with stakeholders. In addition, Brian will also touch on the high level updates that were made to the draft Authorization Boundary Guidance which is currently open for public comment.
Lessons Learned on Cloud Security and Assessment
This panel will include representatives from Amazon Web Services (AWS), Government Accountability Office (GAO), and TalaTek, which is a FedRAMP Third Party Assessment Organization (3PAO). This will be a Q&A panel format where we will discuss lessons learned from these three different perspectives on cloud security and compliance. Some of the topic that will be covered include what cloud providers and federal agencies are doing well with cloud compliance and future trends around cloud security and federal policy
Vijay D'Souza (United States Government Accountability Office)
Tyler Harding (Amazon Web Services Security Assurance)
Baan Alsinawi (TalaTek)
Phil Moore (Kearney & Company)
Automating Security Assessment with NIST’s Open Security Controls Assessment Language (OSCAL)
NIST’S Open Security Controls Assessment Language, developed as a partnership between NIST, industry and FedRAMP, serves as a standardized language to represent control catalogs, control baselines, systems security plans (SSPs), assessment plans and results in both human- and machine-readable formats. This session will dive into the language itself, showcasing how one can leverage this approach to automate resource-intensive tasks and deliver insightful information to auditors and decision makers in an agile manner. Attendees will be able to ask questions during a Q&A following the presentation.
Michaela Iorga (National Institute of Standards and Technology)
Chris Hughes (Cloud Security Alliance – Washington DC Metro Area)
NIST OSCAL in Action: Tools to Deliver Continuous Authorization to Operate (ATO) Documentation
Public/private partnerships are crucial to advancing the state of the art and bringing innovation to life. To that end, come learn how MITRE and a slew of innovative tools are putting NIST OSCAL to work, delivering great user experiences to accelerate and automate the ATO process, producing actionable documentation for both the auditor and the audited. Attendees will be able to engage with presenters in the Chat throughout the session.
Aaron Lippold (MITRE)
Greg Elin (GovReady PBC)
Travis Howerton (C2 Labs)
Jasson Walker (cFocus Software)
Dr. Mari Spina (Cloud Security Alliance - Washington DC Metro Area)
MEET THE PRESENTERS
Brian Conrad Acting FedRAMP Director and Program Manager for Cybersecurity
Brian Conrad joined the FedRAMP team in December 2018, bringing with him a wealth of technical knowledge and leadership experience. Prior to joining GSA, Brian served for 21 years in the United States Marine Corps, gaining experience in leadership, telecommunications/IT, government acquisition, and project management. At GSA, Brian leads efforts associated with formulating and facilitating FedRAMP’s overall strategic initiatives and future goals. Additionally, Brian works hand-in-hand with government and industry, developing an understanding of emerging technology and innovation. Finally, in the short term, Brian will be supporting Joint Authorization Board efforts by leading on-going assessment and authorization activities. Brian holds an M.S. in Information Technology Management from the U.S. Naval Postgraduate School, a B.A. in History with a minor in Economics from the University of Memphis, and various industry certifications.
Dr. Michaela Iorga Senior Security Technical Lead for Cloud Computing, NIST
Dr. Michaela Iorga is the Senior Security Technical Lead for Cloud Computing with the National Institute of Standards and Technology (NIST) and the Co-chair of NIST Cloud Computing Security and Cloud Computing Forensic Science Working Groups. Michaela is a recognized expert in cloud computing, information security risk assessment, information assurance and ad-hoc mobile networks. In her role at NIST, she works with industry, academia, and other government stakeholders to develop and disseminate vendor-neutral cybersecurity standards and guidelines that meet national priorities. Dr. Iorga’s current work includes the development of security, privacy and forensic specifications and guidelines that support the widespread adoption of cloud and IoT technology.
Phil Moore Partner, Kearney & Company
Phil Moore is a Partner and the IT Assurance Practice leader at Kearney & Company. Mr. Moore has over 20 years of professional Information Technology (IT) assurance, financial, and consulting experience, including work in both civilian and defense federal agencies. He currently serves as the Kearney Health and Human Services (HHS) IT Consulting lead, as well as the lead partner on a number of FISMA- and FISCAM-based audits. Mr. Moore is a Certified Public Accountant (CPA), a Certified Information Systems Auditor (CISA), and Project Management Professional (PMP). Mr. Moore attended Virginia Tech where he received both his Bachelor’s and Master’s in Accounting and Information Systems.
Director, Information Technology and Cybersecurity; United States Government Accountability Office
Vijay D’Souza a Director of Information Technology and Cybersecurity at the US Government Accountability Office (GAO) where he leads a diverse set of evaluations of government cybersecurity and IT issues. Current areas of work include ransomware, the SolarWinds breach, use of the NIST Cybersecurity Framework and IT modernization efforts at USDA. Vijay also leads GAO’s Center for Enhanced Cybersecurity, which provides advanced technical support for GAO’s cybersecurity audits. He previously led GAO’s data analytics activities and worked for GAO’s Health Care Team. Vijay has been at GAO since 2001. Prior to GAO, he worked in the international development area, and before that as a developer of technology training. Mr. D’Souza has an M.B.A from the University of California Berkeley and a B.S. in Engineering from the University of Maryland, College Park.
Baan Alsinawi Managing Director, TalaTek
Baan Alsinawi is the Founder and Managing Director of TalaTek, a Cerberus Sentinel company, and is also Chief Compliance Officer for Cerberus Sentinel. Ms Alsinawi’s vision for TalaTek was the need for an integrated platform that could both control security and minimize risk, and which could be implemented to ensure managed risk and compliance by agencies and organizations alike. With the advent of cloud computing, TalaTek became a Technology Partner to AWS Cloud and is certified to provide Cloud-based Security Gap Analysis; Third-Party Cloud-based Security Assessment and Cloud-based Architecture Review, along with the award-winning TalaTek intelligent Governance and Risk Integrated Solution (TiGRIS), a FedRAMP accredited managed service that is preconfigured with a variety of frameworks to meet business needs, predefined workflows, risk metrics, dashboards and reports. Ms Alsinawi has more than two decades of experience in information technology (IT), and has served in various capacities from managing networks and software sales to directing security operations.
Tyler Harding DoD Compliance Program Manager, Amazon Web Services Security Assurance
Tyler Harding is the DoD Compliance Program Manager within AWS Security Assurance. He has over 20 years’ of experience providing information security solutions to federal civilian, DoD, and intelligence agencies. Prior to AWS, Tyler held leadership roles at Kearney & Company, KPMG, IBM, and PWC.
Chris Hughes Co-Founder and CISO, Aquia
Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry Working Groups such as the Cloud Security Alliances Incident Response Working Group and serves as the Membership Chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. Chris holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and Cybersecurity leaders from various industries to assist their organizations with their Cloud migration journeys while keeping Security a core component of that transformation.
Principal Cyber Security Engineer, MITRE
Aaron Lippold is a Principal Cyber Security Engineer at The MITRE Corporation and the Inventor and Chief Engineer for the MITRE Security Automation Framework. This high-impact cross-sponsor joint work program focuses on bringing DevOps, SecDevOps and Security Automation to bear across Goverment, Intelligence, Commercial and the Open Source communities. Mr. Lippold is also one of the Capability Engagement Leads for DevOps and SecDevOps at MITRE. Mr. Lippold has been with MITRE since 2014. For more than five years, Mr. Lippold and his team have been supporting the shape, direction and technology of SecDevOps initiatives for an ever-growing corporative of Sponsors, including NGA, NRO, USSTRATCOM, DISA RME, DISA GCCS-JE, DISA NBIS, Army Intelligence (G2), Navy, Air Force, and HHS/CMS. Mr. Lippold worked with each of the Sponsors to open-source all of the innovations and technologies of the cross-sponsor collective thereby increasing MITRE’s profile, bringing MITRE into the forefront of this exploding revolution and maximizing the impact and value to the customer.
Jasson Walker, Jr.
President and CEO of cFocus Software
Jasson Walker, Jr. CISSP, CEH, CPT, PMP, MCSD, MCSE is the President and CEO of cFocus Software Incorporated. Since 2006, cFocus Software has delivered cutting edge cybersecurity, cloud, automation, and IT services and products to the federal government. Jasson is the lead architect for cFocus’ Authority To Operate (ATO) as a Service offering that implement NIST OSCAL standard. Jasson is a decorated cyber security and Microsoft technology evangelist, specializing in Microsoft Azure, Office 365 security, and custom SharePoint solutions. Mr. Walker has a BA in Mathematics from Dartmouth College, and has been honored as one of Prince George’s County Maryland Top 40 Under 40.
Co-Founder and Chief Technology Officer, C2 Labs
As co-founder and chief technology officer of C2 Labs, Travis Howerton is responsible for the R&D division that develops innovative products and services that solve our customers’ most difficult challenges at the extreme ends of complexity and scale. C2 Labs serves as a security-focused and agile digital transformation partner that blends Art and Science to enable its customers to expand their vision, drive cultural change and avoid being left behind. Prior to joining C2 Labs, Howerton served as the global director for strategic programs within Bechtel Corporation and was the Bechtel lead for the merger, cost savings and transformation programs at Consolidated Nuclear Security. Prior to joining Bechtel, Howerton had a long and diverse career consisting of senior executive assignments throughout the U.S. Department of Energy. He served as the deputy director for the IT Services Division at Oak Ridge National Laboratory, chief technology officer for the National Nuclear Security Administration and as chief information officer for Y-12 Site Office. Howerton holds a bachelor’s degree in organizational management from Tusculum College and a master’s degree in computer information systems from Boston University. He holds multiple certifications, including the CISSP, ITIL, PMP, Scrum Master, Harvard Credential of Readiness and AWS Certified Developer. He is an accomplished public speaker, has authored or been cited in over 50 publications and supports multiple nonprofit associations and educational institutions by serving as a board member.
Dr. Mari J. Spina
Principal Cybersecurity Engineer, MITRE Corp.
Dr. Mari J. Spina is the Cloud Security Alliance-DC Chapter Research Committee Chair. In this capacity, she has been leading the charge to develop critical research to advance the state of practice in cloud security for highly regulated industries represented by the CSA-DC Chapter membership. Dr. Spina is also a Principal Cybersecurity Engineer at the MITRE Corp. supporting a multitude of MITRE Federal sponsors including DoD and the IC in the area of Cloud Security. At MITRE, she leads the Cloud Security Capability Area, and teaches Cloud Security for the MITRE Institute. She has taught many Information Technology courses for the George Washington University schools of engineering and business. Before joining MITRE, she worked for government engineering firms including Hughes Aircraft, SAIC, ManTech, NJVC, and DMI since 1988 where she provided IT systems engineering to a variety of Federal agency missions including those of the Intelligence Community and the DoD. Mari holds a D.Sc. in Engineering Management from the George Washington University, a MSEE from the University of Southern California, and a BSME from California State University Northridge. She is also PMI PMP and ISC2 CISSP, ISSEP, CCSP certified.
Group Internet-Based. Zoom link delivered with registration.
Prior to the event, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.
Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.
ISACA Greater Washington, D.C. will not be responsible for the participant’s inability to respond to the polls.
Conference presentations are posted to the Presentations Library if permission is received from the presenter and their organization. In some cases, permission is not received.
Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details.
If ISACA GWDC cancels the event, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided.
Earn up to four Continuing Professional Education (CPE) credits in the area of Information Technology. The ISACA® Greater Washington, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org.
CPE Distribution and Evaluation Survey:
CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit.
Prerequisites and Advance Preparation: None
Program Knowledge Level: Basic
Delivery Method: Group Internet based
Field of Study: Information Technology - Technical
The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at email@example.com.