Summer Seminar – Hardening IT Security Posture

  

Organizations face complex security challenges and need to prepare in addressing current and future technology risks, protect their operations and sensitive data, and comply with regulatory requirements. Join ISACA Greater Washington DC and Guidehouse for its summer seminar on Hardening IT Security Posture. 

IT program managers, cybersecurity professionals, IT audit professionals, business executives, students or professionals interested in learning about enhancing IT security posture of organizations should attend this event.

Registration closed on July 20th @ 5PM. Participants can use the link below to access CPE Certificates, feedback survey, and presentations (if available). Instructions on how to access these resources are located on the Access Your CPE Certificate page.

View Registration Site

 

Conference Details

Sessions

Adopting Zero Trust to Align with Cybersecurity Executive Order

Presenters: Amanda Kane and Christine Owen (Guidehouse)

Recent cybersecurity breaches are evidence of the need for contextual authentication and authorization to protect mission-critical technology components. Zero Trust Architecture (ZTA) meets this need by unifying security tools from multiple security domains to create an active security posture within a network’s perimeter.

The integration of strong identity and access management (IAM) principles is the underlying foundation that must be present for a well-built ZTA. Agencies are in different stages of migrating to ZTA-from researching to preparing their systems to remove the traditional perimeter. However, agencies have found difficulty with procurement and deployment of the right tools due to a variety of issues, including lack of funding, reliance on legacy systems, or even inability to properly staff migration projects. These setbacks are slowing the necessary preparation for emerging cyber threats and accruing technical debt in the process.

 

FedRAMP Strategic Initiatives

Presenter:  Brian Conrad (GSA FedRAMP)

FedRAMP has seen an incredible increase in the adoption of the program, which is marked by both an increase in agency participation and reuse of authorizations. Brian Conrad, FedRAMP’s Acting Director, will highlight FedRAMP’s growth and the program’s FY21 focus on strategic initiatives – like automation and a threat-based authorization approach – to transform FedRAMP, with a focus on continued partnerships with stakeholders.   In addition, Brian will also touch on the high-level updates that were made to the draft Authorization Boundary Guidance which is currently open for public comment.

 

Cybersecurity Maturity Model Certification (CMMC) Updates

Presenter:  Stacy Bostjanick (Department of Defense)

The Department of Defense migrated to its new Cybersecurity Maturity Model Certification (CMMC) framework to assess and enhance the cybersecurity posture of the Defense Industrial Base. The CMMC will encompass multiple maturity levels that ranges from “Basic Cybersecurity Hygiene” to Advanced/Progressive”. The intent is to incorporate CMMC into Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for contract award. Ms. Stacy Bostjanick of Under Secretary of Defense (OUSD) for Acquisition and Sustainment (A&S) will provide greater insights on CMMC and how it furthers secure the DoD Supply Chain.

 

Ransomware in Healthcare

Presenter:  Phil Boone (Guidehouse)

Data has shown ransomware attacks targeting healthcare organizations have skyrocketed amid the pandemic and will only increase due to a myriad of factors. Guidehouse has delivered cybersecurity solutions to federal agencies including CMS, NIH, and CDC to proactively mitigate risks that could be exploited to install ransomware. This session will provide examples of how healthcare organizations have implemented cybersecurity measures to decrease the likelihood of becoming a ransomware victim.

 

Securing Healthcare Data in the Cloud

Presenter:  Sarah Groves (Guidehouse)

As more and more healthcare organizations transition to the cloud, attackers are finding it increasingly valuable to target and exploit Cloud Service Providers (CSPs) to access sensitive information, such as Protected Health Information (PHI) . Organizations may think most of their security responsibility is transferred to the CSP once they have transitioned to the cloud, but their work is just beginning.  This session will provide examples of how organizations can help prevent an attack and remain compliant once they have migrated their healthcare systems to the cloud and how Guidehouse has delivered solutions to clients that have helped defend them from cloud attacks.

 

Presenters

Amanda Kane
Cybersecurity Director, Guidehouse

Amanda Kane leads the Identity and Access Management (IAM) offering within the Advanced Solutions Cybersecurity Solutions Team. Amanda works with clients so that the right people, have the right access, to the right resources, for the right reasons. By taking an identity-centric approach, Amanda works supports clients in establishing IAM strategies, creating IAM solution roadmaps, and implementing IAM technical solutions in the areas of: identity governance, credentialing solutions, privileged access management, logical access control systems, and physical access control systems.

 

Christine Owen
Cybersecurity Director, Guidehouse

Christine is a recovering attorney who found solace in identity and access management (IAM) consulting. She is interested in securing people, things, applications, devices, and the cloud using IAM principles. Christine is one of the leaders of the Identity and Access Management Team within the Cybersecurity Team at Guidehouse. She currently oversees and manages a substantial (20+) team comprised of multiple companies and contracts to provide enterprise IAM solutions to a large Federal agency.

 

Brian Conrad
Acting Director and Program Manager for Cybersecurity, GSA FedRAMP

Brian Conrad joined the FedRAMP team in December 2018, bringing with him a wealth of technical knowledge and leadership experience. Prior to joining GSA, Brian served for 21 years in the United States Marine Corps, gaining experience in leadership, telecommunications/IT, government acquisition, and project management. At GSA, Brian leads efforts associated with formulating and facilitating FedRAMP’s overall strategic initiatives and future goals. Additionally, Brian works hand-in-hand with government and industry, developing an understanding of emerging technology and innovation. Finally, in the short term, Brian will be supporting Joint Authorization Board efforts by leading on-going assessment and authorization activities. Brian holds an M.S. in Information Technology Management from the U.S. Naval Postgraduate School, a B.A. in History with a minor in Economics from the University of Memphis, and various industry certifications.

 

Stacy Bostjanick
Director of Cybersecurity Maturity Model Certification Policy, DoD OUSD A&S

Stacy Bostjanick is currently serving as the OUSD A&S, Director of Cybersecurity Maturity Model Certification (CMMC) Policy. In this role, she is responsible for managing the initiation of the CMMC program and is responsible for establishing all Policy and Procedures regarding the CMMC. Previously, she served as the DIA, Head of Contracting Activity in which she was responsible for planning, managing, directing, and accomplishing the total DIA procurement program. Ms. Bostjanick has also worked as a Senior Contracting Officer for the Missile Defense Agency on the Standard Missile 3 Block IA and IB development and production program. She was responsible for cradle-to-grave execution of over $5 billion of highly-complex, cutting-edge contracts for our nation’s missile defense systems.

 

Phil Boone
Managing Consultant, Guidehouse

Phil Boone is a Managing Consultant at Guidehouse and has more than twelve years of experience providing cybersecurity and risk management consulting services to Federal government, healthcare, and state and local government clients. His areas of expertise include security assessments, technical assurance, and security program development. Prior to joining Guidehouse, Phil provided M&A cyber due diligence services to large health systems in the U.S. He holds a Bachelor of Science degree in Business Information Technology from the Virginia Polytechnic Institute and State University – Pamplin College of Business and is a Certified Information Systems Auditor (CISA).

 

Sarah Groves
Associate Director, Guidehouse

Sarah Groves is an Associate Director at Guidehouse with more than ten years of experience providing cybersecurity consulting services to both public and private sector clients. Her range of experience includes advising clients on cyber audit preparation and remediation, cybersecurity strategy, and cloud security. Ms. Groves has led and managed teams providing large-scale security control reviews and remediation advisory support. She holds her Masters in Information Management Systems from Harvard University Extension School and her Bachelors in Computer Information Systems from James Madison University.

 

Additional Details

Virtual Event Information

• This event will be presented through Zoom.  Each registrant will receive a personalized Zoom link by email prior to the event.
• Prior to the event, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.
• Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.
• The ISACA Greater Washington, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.

 

Registration Questions

If you have any registration questions about this event, please contact the chapter using the Registration Contact Form.

If you have CPE questions after the event has concluded, please contact the chapter using the CPE Contact Form.

 

Cancellation and Refund Policy

Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details.

If ISACA GWDC cancels the event, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided.

 

Complaint Policy

The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form.

 

CPE Information

Earn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org

 

CPE Distribution and Evaluation Survey

CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit.

 

CPE-Related Details

• Learning Objective: After completing this event, students will have a better understanding of the latest risks and current topics on hardening an organization’s IT security posture.
• Prerequisites:  None
• Advance Preparation: None
• Program Knowledge Level: Basic
• Delivery Method:  Group-Internet Based
• Field of Study:  Information Technology – Technical