FISMA and Risk Management Framework Panel Discussion

April 17

The conference will be held on April 17, 2025 from
2:45 pm to 5:00 pm.

Add this event to your calendar using the Add to Calendar link at the bottom of the page.

Virtual Event

The event will be held using Zoom.

Prior to the event, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.

GWDC Member Fee – $5

The fee for GWDC Members is $5 for the conference.
The fee for all other registrants is $15 for the conference.

To become a member and take advantage of the member rate for our events, among other benefits, join ISACA and select the Greater Washington D.C. Chapter as your local chapter.

Earn up to 2 CPEs

Attendees can earn up to 2 CPEs for this event.

Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls.

Opening Remarks and Housekeeping

2025 Panel Discussion on FISMA and Risk Management Framework

Moderator:

• Sarah Mirzakhani
  Principal @ Sikich

Panelists:

• Jennifer Franks
  Director, Center for Enhanced Cybersecurity @ US Government Accountability Office (GAO)
• Mark Canter
  Chief Information Security Officer (CISO) and Director of the Information Security Division at the U.S. Government Accountability Office (GAO)
• Dr. Ron Ross
  Chief Executive Officer @ RONROSSECURE, LLC
  Former Fellow @ the National Institute of Standards and Technology

Closing Remarks

Sarah Mirzakhani
Principal @ Sikich
CISA

Sarah Mirzakhani, CISA, is a principal with over 20 years of experience in information technology audit/information assurance and information security solutions. Sarah serves federal agencies with varied, complex IT systems and environments. Her experience includes leading information technology internal control reviews and security audits, such as the Federal Information Security Modernization Act (FISMA) and overseeing vulnerability assessments and penetration testing.

Sarah is also skilled in conducting and leading system and organization controls/SSAE18 audits and readiness assessments, regulatory compliance reviews, and system implementation reviews for not-for-profit, commercial, and governmental entities. She has extensive knowledge of the National Institute of Standards and Technology (NIST), Federal Information Processing Standards (FIPS), and Office of Management and Budget (OMB).

She provides services in areas, such as IT and Cybersecurity Audits, FISMA Audit Services, and Performance Audits/p>

Sarah holds a Bachelor of Science in Business Administration, Management Information Systems, West Virginia University, and is a Certified Information Systems Auditor (CISA). She is affiliated with the Information Systems Audit and Control Association (ISACA) and the Association of Government Accountants (AGA).

Jennifer Franks
Director, Center for Enhanced Cybersecurity
Acting Director, Analytics Foundry
US Government Accountability Office (GAO)

Jennifer Franks directs the Center for Enhanced Cybersecurity within GAO’s Information Technology and Cybersecurity team. She oversees reviews that primarily focus on emerging cybersecurity issues and assessing an agency’s ability to protect the confidentiality, integrity, and availability of its sensitive data and computing infrastructure. Her multi-disciplinary teams actively review agencies’ computer security vulnerabilities across their enterprise-wide computing environment by assessing program management compliance and technical controls recommended for the agencies to follow in accordance with federal guidance and leading practices. In addition, she leads reviews in the areas of IT management and operations, financial management, healthcare and public health IT, data protection, and privacy.

Further, Jennifer serves as the Acting Director of the Analytics Foundry; a dedicated cloud computing environment that manages GAO’s complex analytical functions.

Jennifer earned a master’s degree in information security policy and management from Carnegie Mellon University and earned a bachelor’s degree in computer information systems from Hampton University.

Mark Canter
Chief Information Security Officer (CISO) and Director of the Information Security Division at the U.S. Government Accountability Office (GAO)

Mark Canter is the CISO and Director of the Information Security Division at GAO. In his capacity, he oversees policy and governance, information assurance and compliance, and security operations. Prior to assuming this role, he served as Assistant Director in the Information Technology and Cybersecurity (ITC) team at GAO. His portfolio included a diverse set of engagements on topics of financial and information systems internal control auditing, cybersecurity, emerging technologies such as blockchains, AI, and safeguarding/privacy of information. In addition, he has authored various compliance and auditing tools and published several common vulnerabilities and exploits.

Dr. Ron Ross
Chief Executive Officer @ RONROSSECURE, LLC
Former Fellow @ the National Institute of Standards and Technology

Ron Ross the Chief Executive Officer at RONROSSECURE, LLC, a cybersecurity advisory company and a Fellow at Dartmouth College. His focus areas include computer and information security, systems security engineering, trustworthy computing, high assurance systems, and security risk management. Dr. Ross currently supports the Dartmouth Institute for Security, Technology, and Society conducting applied research in secure systems engineering. A former Fellow at the National Institute of Standards and Technology, Dr. Ross led the NIST Systems Security Engineering and FISMA Implementation Projects which included the development of cybersecurity standards and guidance for the federal government, contractors, and United States critical infrastructure. He also supported the State Department in its international outreach program for cybersecurity and critical infrastructure protection and led the Joint Task Force, an interagency group with members from the Department of Defense, Intelligence Community, and Civil agencies. Dr. Ross served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. During his twenty-year military career, Dr. Ross served as a White House aide and senior technical advisor to the United States Army. He has lectured at colleges and universities throughout the United States and delivered the Commencement address at The George Washington University (School of Engineering).

Dr. Ross has authored numerous publications on risk management, cybersecurity, systems security engineering, and system resiliency. These include: FIPS 199 (security categorization), FIPS 200 (security requirements), SP 800-30 (risk assessments),  SP 800-37 (risk management framework), SP 800-39 (enterprise risk management), SP 800-53 (security and privacy controls),  SP 800-53A (security and privacy control assessments), SP 800-53B (security and privacy control baselines), SP 800-128 (security configuration management), SP 800-160, Vol. 1 (systems security engineering), SP 800-160, Vol. 2 (cyber resiliency engineering), SP 800-171 (protection of controlled unclassified information), SP 800-171A (security assessments), SP 800-172 (enhanced security requirements), and SP 800-172A (enhanced security requirement assessments).

Dr. Ross has received many public and private sector awards including the Presidential Rank Award, Samuel J. Heyman Service to America Medal for Homeland Security and Law Enforcement, Michael V. Hayden Lifetime Achievement Award, Department of Defense Superior Service Medal, National Security Agency Scientific Achievement Award, Department of Commerce Gold and Silver Medal Awards, Applied Computer Security Distinguished Practitioner Award, GCN Government Executive of the Year Award, Vanguard Chairman’s Award, Institute for Critical Infrastructure Technology Pioneer Award, Information Week’s Government CIO 50 Award, Billington Cybersecurity Leadership Award, Office of Director National Intelligence Partnership Award, ISACA National Capital Area Conyers Award, ISACA Joseph J. Wasserman Award, AFFIRM President’s Award, Symantec Cyber 7 Award, Government Technology Research Alliance Award, SC Magazine’s Cyber Security Luminaries Award, (ISC)2 Lynn F. McNulty Tribute Award, American Bar Association Science and Technology Special Recognition Award, 1105 Media Gov30 Award, and CES Government Technology Leadership Award. He has also been recognized three-times as one of the Top 10 Influencers in Government IT Security and is a five-time recipient of the Federal 100 award for leadership and technical contributions to federal government cybersecurity projects. Dr. Ross has been inducted into the National Cyber Security Hall of Fame, selected as an (ISC)2 Fellow, and inducted into the Information Systems Security Association Hall of Fame receiving its highest honor of Distinguished Fellow.

Dr. Ross holds a Bachelor of Science degree in Engineering from the United States Military Academy at West Point. He also holds Masters and Ph.D. degrees in Computer Science from the United States Naval Postgraduate School with a concentration in artificial intelligence and robotics. He was commissioned as a Second Lieutenant in the United States Army, served as a Mechanized Infantry and Army Acquisition Corp officer, completed Airborne training, and retired with the rank of Lieutenant Colonel.