2023 Annual FISMA and Risk Management Framework Panel Discussion

Opening Remarks

Panel Discussion: 2023 Annual FISMA and Risk Management Framework

Moderator:

• Yehuda Schmidt
  CPA, CISA, CRISC, CGEIT
  Sr. Manager, Cotton, A Sikich Company

Panelists:

• Melinda Rogers
  Deputy Assistant Attorney General Chief Information Officer, United States Department of Justice
• Victoria Yan Pillitteri
  CISSP
  Federal Information Security Modernization Act (FISMA) Implementation Project Lead
• Lisa N. Barr
  Director of Federal Cybersecurity, Office of the National Cyber Director

Closing Remarks

Yehuda Schmidt
Sr. Manager, Cotton, A Sikich Company
CPA, CISA, CRISC, CGEIT

Yehuda Schmidt joined Cotton, A Sikich Company in January 2015. Yehuda has 30 years’ experience in assisting federal government agencies with finance, accounting, business process improvement, information technology (IT) internal controls, and program management. He has extensive experience in managing reviews of internal controls over financial reporting, operational controls, and risk management in compliance with Office of Management and Budget (OMB) Circular A-123. Yehuda is leading client’s IT risk assessments in compliance with NIST SP 800-37, and IT assessment in compliance with NIST SP 800-53.

Yehuda holds an MBA in Finance and Entrepreneurship, and B.Sc. in Accounting and Economics from the Hebrew University of Jerusalem, Israel. He is a Certified Public Accountant (CPA), a Certified Information Systems Auditor (CISA), a Certified Risk and Information Systems (CRISC), and Certified Governance of Enterprise IT (CGEIT).

Melinda Rogers
Deputy Assistant Attorney General Chief Information Officer, United States Department of Justice

Melinda Rogers was designated as Deputy Assistant Attorney General for Information Resource Management in September 2020. Prior to her designation, she served as Deputy Chief Information Officer (CIO), and earlier she was the Department’s Chief Information Security Officer (CISO). In her role as CIO, Ms. Rogers is responsible for overseeing the Department’s $3.4 billion Information Technology (IT) investment portfolio, providing strategic direction to DOJ Components, and directly supporting mission operations through IT service delivery. Additionally, within Ms. Rogers’ purview is the Department’s Cybersecurity Program, which proactively monitors and mitigates risks associated with the management, security, and acquisition of DOJ technology assets. Ms. Rogers also has extensive experience in the banking and financial services sector in private industry, where she was most recently Equifax’s Assistant Vice President for Fraud Prevention and Identity Verification Solutions.

Ms. Rogers received her MBA from Emory University in Atlanta and is an alumna of George Mason University.

Victoria Yan Pillitteri
Federal Information Security Modernization Act (FISMA) Implementation Project Lead, National Institute of Standards and Technology
CISSP

Victoria Yan Pillitteri is a supervisory computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST). Ms. Pillitteri is the Acting Manager of the Security Engineering and Risk Management Group and also leads the Federal Information Security Modernization Act (FISMA) Implementation Project, supervising a team of technical and administrative staff that are responsible for conducting the research and development of the suite of risk management guidance used for managing cybersecurity risk in the federal government, and associated stakeholder outreach and public-private coordination/collaboration efforts. She serves as the lead of the Joint Task Force working group, a partnership with Department of Defense, the Intelligence Community and Civilian Agencies to develop a unified security framework to protect USG from cyberattacks and is co-chair of the Federal Cybersecurity and Privacy Professionals Forum hosted NIST.

She previously worked on development of the Cybersecurity Framework and Privacy Framework, led the NIST Smart Grid and Cyber Physical Systems Cybersecurity Research Programs, served on the board of directors of the Smart Grid Interoperability Panel, and completed a detail in the office of the NIST Director as an IT policy advisor. She has co-authored a number of NIST Special Publications (SPs) and Interagency Reports (IRs) on information security, including SP 800-12, 800-37, 800-53, 800-82, 800-171, 800-171A, 800-171B, 800-137A, 1108 and IR 7628.

Victoria holds a B.S. in Electrical Engineering from the University of Maryland, a M.S in Computer Science, with a concentration in Information Assurance, from the George Washington University, completed the Key Executive Leadership Program at American University, and is a Certified Information Systems Security Professional (CISSP). She has completed a Senior Executive Service Candidate Development Program (SES CDP) and is SES certified.

Lisa N. Barr
Director of Federal Cybersecurity, Office of the National Cyber Director

Lisa Barr has over 20 years’ experience in the public and private sector leading and directing projects in Cybersecurity, IT Strategic Planning and Risk Management. Lisa is the first Director for Federal Cybersecurity within the Office of National Cyber Director. She leads federal cybersecurity initiatives and efforts that focus on creating cohesion across the federal enterprise and reducing the burden on federal agencies. Within these 20 years, she spent 13 years with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA). She has held numerous trusted leadership positions covering cybersecurity policy, supply chain cybersecurity, federal cybersecurity governance, and critical infrastructure resilience. Lisa served a one-year rotational assignment to the OMB Office of the Federal CIO as a Senior Advisor and program lead for the Federal Acquisition Security Council. Previous to her federal service, Lisa spent several years in the private sector focusing on IT and cyber strategic planning and program management.

Lisa holds a Master’s degree in National Security and Resource Strategy; has received an Executive Chief Information Security Officer certification through Carnegie Mellon; and is a Certified Information Security Manager.