ISSA

Speakers
Mr. Caron assumed the duties of Senior Executive as the Acting Director of Enterprise Network Management (ENM) within the Directorate of Operations in the Bureau of Information Resource Management (IRM) in June 2016.

Mr. Caron has over 23 years of information technology experience. He began his career in the US Army working in hands-on technical positions serving for 7 years as a Programmer and Administrator. Mr. Caron then spent 2 years as a contractor with the federal government, where he acquired more refined technical skills and a more detailed understanding of IT operations. He joined the federal government at the Department of State (DOS) in 2003 as a Systems Administrator. He has held five different positions at the Department, moving from managing small technical groups leading up to his current role as the ENM Director.

One of his most significant accomplishments was acting as the technical liaison during a major cyber security event at the Department. His leadership allowed the Department to resolve the incident as quickly and effectively as possible.

As the Director of ENM, Mr. Caron is personally responsible for the leadership of the largest office within the IRM bureau. He is responsible for establishing a strategy, managing the financial portfolio of over $200 million and prioritization of work across a wide range of disciplines. Since taking over this role he has lead the re-engineering of the Department's primary Identity and Access Management solutions. He has also formed teams from both government, contractor and vendor resources to address key security efforts needed to mitigate future potential cybersecurity attacks through collaborative efforts. He is primary in leading the Department's Active Directory infrastructure to become a state of the art technological solution significantly improving security, working with management and stakeholders with coalitions across department and bureau lines.
Mr. Caron received his Associate's Degree (Magna Cum Laude) in Computer Information Systems, Network Administration from the Northern Virginia Community College. At the Department of State he also has received training in Executive Potential Program from the USDA Graduate School in 2009 and Advanced Leadership Skills in 2014. He is a Certified Project Management Professional (PMP) since 2009, and received his Federal IT Security Manager Certification (FITSP-M) in 2017. Mr. Caron has received seven individual awards for his exceptional service since 2004.

Kevin Cox is the Program Manager for the Continuous Diagnostics and Mitigation (CDM) Program, within the Department of Homeland Security's Office of Cybersecurity and Communications. In this position, Mr. Cox leads the effort working collaboratively with federal agencies to deploy cybersecurity solutions to 1) identify agency networks and assets and 2) protect them and agency data in near real-time against the growing cybersecurity threats. Prior to joining DHS, Mr. Cox served as the Deputy Chief Information Security Officer (CISO) at the Department of Justice, where he oversaw the organization's cybersecurity continuous monitoring capabilities and the security posture dashboard. Mr. Cox holds M.A. degrees from West Virginia University and the University of Chicago.
Kelley Dempsey began her career in IT in 1986 as an electronics technician repairing com-puter hardware before moving on to system administration, network management, and information security. In 2001, Kelley joined the NIST operational Information Security team, managing the NIST information system assessment and authorization program, and then joined the NIST Computer Security Division FISMA team in October 2008. Kelley has co-authored a variety of NIST publications related to information security risk manage-ment (SPs 800-37, 800-53, 800-53A, 800-128, 800-137, 800-171, NISTIRs 8011 and 8023). Kelley holds a B.S. in Management of Technical Operations and an M.S. in Information Security and Assurance as well as CISSP, CAP, and Certified Ethical Hacker certifications.

Kelley Dempsey will be in the following session(s):

Keynote - Updates on 800-37 Rev2 and 800-53 Rev5
11/07/18: 11:10 AM - 11:55 AM

View the Agenda
Tyler Harding is a Principal with Kearney & Company with more than 20 years of professional experience. Mr. Harding's expertise is in information security with special emphasis on Federal information security and privacy requirements for financial systems. He has led engagement teams to perform Federal Information Security Modernization Act (FISMA) assessments, privacy reviews, general control reviews, application control reviews, Statement on Standards for Attestation Engagements No. 16 (SSAE-16), compliance evaluations of Public Key Infrastructure (PKI) implementations, and network security penetration tests (ethical hacking). Mr. Harding has also supported numerous federal financial statement audits and conducted IT controls testing in accordance with GAO's Federal Information System Audit Controls Manual (FISCAM). Prior to joining Kearney in 2012, Mr. Harding was a Director in KPMG's Federal IT Advisory practice for 6 years and conducted FISMA and FISCAM audits at the Federal Deposit Insurance Corporation (FDIC), US Department of Treasury and other federal entities. Prior to joining KPMG in October 2005 as a Senior Manager, Mr. Harding held Project Management positions at IBM, PwC Consulting, and Corio Inc. and led numerous PeopleSoft HR and PeopleSoft Financial implementations from 1999 to 2003.
Dr. Michaela Iorga serves as senior security technical lead for cloud computing with the National Institute of Standards and Technology (NIST), Computer Security division. She also chairs the NIST Cloud Computing Public Security Working Group and co-chairs the NIST Cloud Computing Public Forensic Science Working Group. Having previously served in a wide range of consulting positions in both government and private sector industries before joining NIST, Dr. Iorga, a recognized expert in information security, risk assessment, information assurance, and cloud computing security, has a deep understanding of cybersecurity, identity and credential management, and cyberspace privacy issues, as well as an extensive knowledge base in the development of complex security architectures. In her role as senior security technical lead at NIST and chair of the NIST Public Security and Forensics Working Groups, Dr. Iorga supports the development and dissemination of cybersecurity standards and guidelines that meet national priorities and promote American innovation and industrial competitiveness. Dr. Iorga is particularly focused on working with industrial, academic, and other government stakeholders to develop a high-level, vendor-neutral cloud computing security reference architecture under the NIST Strategy for Developing a US Government Cloud Computing Technology Roadmap. A proven leader and expert in problem-solving and analysis, Dr. Iorga is also managing several other NIST efforts that include the development of the Open Security Controls Assessment Language, Cognitive-based IoT fingerprinting, Risk Management for Cloud-based Systems and Fog Computing definition. Past projects focused on development of Security Requirements for Cryptographic Modules (Federal Information Processing Standard 140-3), implementation of a NIST public, secure randomness source; development of security testing requirements for electrical smart meters; ad-hoc network security and smartcards for personal identity verification (PIV). Dr. Iorga received her Ph.D. from Duke University in North Carolina, USA.
John worked 15 years for the Federal Government overseas and domestically teaching him the importance and impact of great government. Today John works with cBrain to bring digital service delivery that works to government, non-profit, and educational institutions in the United States. John has a Master of Science - MS, in Management and Leadership as well as a Bachelor of Science, in Information Technology - with a Security focus. He has the following cyber certifications: Certified Information System Security Professional (CISSP), Cyber Security Analyst (CSA+), Certified Authorization Professional (CAP) and Security+.
Leighton Johnson, the CTO and Founder of ISFMT (Information Security Forensics Management Team), a provider of computer security, forensics consulting & certification train-ing, has presented computer security, cyber security and forensics classes and seminars all across the United States and Europe. He has over 35 years experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, software system development life cycle focused on modeling & simulation systems, systems engineering and integration activities, database administration, business process & data modeling. He holds CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CIFI (Certified Information Forensics Investigator), CSSLP (Certified Se-cure Software Lifecycle Professional), CAP (Certified Authorization Professional), CRISC (Certified in Risk & Information Systems Control), CMAS (Certified Master Antiterrorism Specialist), ATOL2 (DOD Anti-Terrorism Officer Level 2), C|CISO (Certified Chief Information Security Officer) and MBCI (Certified Member Business Continuity Institute) credentials. He has taught CISSP, CISA, CRISC, CISM, Security +, CAP, DIACAP, Anti-Terrorism, Digital and Network Forensics, Security Engineering, Security Architecture and Risk Management courses around the US over the past 10 years.
Ann Marie Keim comes to you after recently retiring as an Assessment and Authorizing Official at NASA. She has held multiple positions in IT since 1985, starting out in the finance sector and then moving to the Dept of Defense during the 90s. She honed her security and auditing skills with the Dept of the Army. Ann Marie came to NASA from DISA in 2007, and while there, had been involved in a number of outreach efforts including filming IT Security videos on youtube. (Search for channel at `NASAITSecurityVideos'). She holds CISSP, CISA, FITSP-A, CRISC, CAP and Cloud certifications, and has a Masters degree in Cybersecurity. She teaches the FITSP-A (Federal Auditor certification) class as well as volunteers with the Safe and Secure program, helping to keep teens and tweens safe in cyberspace. Ann Marie lives in Richmond, Va area with her 2 rescue dogs.

Ann Marie Keim will be in the following session(s):

Management Track - Session 2 - Risk management and business impact - What could go wrong?
11/07/18: 10:20 AM - 11:05 AM

View the Agenda
Today Brad Nix is a Senior Advisor at the NCCIC within DHS. Additionally, Brad has been the Director of the Department of Homeland Defense (DHS) United States Computer Emergency Readiness Team (US-CERT). US-CERT is charged with leading DHS efforts to improve the nation's cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks. Arriving at DHS in May 2014, Mr. Nix is re-sponsible for ensuring day-to-day operations meet with the strategic focus for cybersecurity within the US Government. Prior to joining DHS, Mr. Nix served 6 years as the first Chief information Security Officer at USDA's Food & Nutrition Service. Mr. Nix has almost 20 years of IT experience, with extensive consulting experience with small and large enterprise security programs. During the past 15 years, he has specialized in enterprise information security with a focus on information security program assessments and development; governance, architecture, technical vulnerability assessments; and product assessments. In his current position, Mr. Nix directs and manages activities that focus on large-scale intrusion detection and prevention, advanced malware analysis and detection, cyber threat analysis, incident response, and exchanging critical cybersecurity information with trusted partners in Government, Industry, and International. Mr. Nix holds a Master's in Management In-formation Systems from the University of Virginia, and a Bachelor's in Business Administration from James Madison University. He is a Certified Information Systems Security Professional (CISSP) and an American Council for Technology / Industry Advisory Coun-cil (ACT-IAC) Fellow and Executive Council member.
Dave Otto, a Risk Management Subject Matter Expert with the U.S. Department of Homeland Security (DHS), CDM PMO, is working between stakeholder groups to evangelize dashboard development and adoption. The aim to provide situational awareness and providing to risk decision makers and stakeholders with information that enables them to identify and manage risks in near real time.

Dave Otto will be in the following session(s):

Management Track- Session 5 - Understanding the AWARE Algorithm
11/07/18: 3:30 PM - 4:30 PM

View the Agenda
Brian began his 30 year IT career as a programmer and network engineer. In the late 90's he was part of a core team applying cyber security to a (then) next generation air traffic control system. Since 2000, he has led efforts for government agencies, pharmaceutical companies, telecommunication providers, and financial institutions on topics involving the intersection of risk management, cyber security, system development lifecycle methodologies, and process re-engineering. Brian joined the FedRAMP PMO in July 2015, where he was instrumental in the success of FedRAMP Accelerated and related improvements. Brian represents FedRAMP on the OSCAL development team.

Brian J. Ruf will be in the following session(s):

Operational Track- Session 5 - OSCAL-Enabled FedRAMP Automation
11/07/18: 3:30 PM - 4:30 PM

View the Agenda
Mr. Stoner has over 18 years of experience in the national security and defense sector working a variety of roles, including most recently as a Cyber Threat Analyst, Cyber Counterintelligence Analyst and Cyber Instructor. His work experience includes IT, instruction and course design, cyber exercise and testing, penetration testing, intelligence collection, threat support, SIGINT (Signals Intelligence), and Cyber Operations. He holds A+, Net+, CEH, CHFI, CEI, CISD, CASP and CISSP certifications. He has an Associate's Degree in Computer Studies from UMUC.
Alissa Torres is a principal SANS instructor, specializing in advanced computer forensics and incident response. Her industry experience includes serving in the trenches as part of the Mandiant Computer Incident Response Team (MCIRT) as an incident handler and most recently, leading an incident response team for a global manufacturing company. She has extensive experience in information security, spanning government, academic and corporate environments and holds a Bachelors degree from University of Virginia and a Masters from University of Maryland in Information Technology. She has presented at various industry conferences and numerous B-Sides events. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GCIH, GCIA, GSEC, GPEN, GREM, CISSP, EnCE, CFCE, MCT and CTT+.
Brigadier General Gregory J. Touhill (ret.), CISSP, CISM, serves as President of Cyxtera Federal Group, which offers Cyxtera's market-leading data center services and cybersecurity capabilities to federal agencies and departments.

Under Touhill's leadership, Cyxtera Federal Group supports agencies across the federal government with a portfolio of secure infrastructure solutions delivered from a global footprint of world-class data centers, including six in the Washington, D.C. metropolitan area where the division is based.

Prior to joining Cyxtera, Touhill was appointed by President Barack Obama as the nation's first ever Federal Chief Information Security Officer in 2016, where he was responsible for ensuring that the proper set of digital security policies, strategies and practices were adopted across all government agencies.

Brigadier General Gregory J. Touhill is a retired U.S. Air Force officer and combat veteran who served in several commands around the world including U.S. Transportation, Central, and Strategic Commands, and led the creation of the Air Force's cyberspace operations training programs. He is a sought-after speaker and author within the information technology industry, where he is best-known for his "Cybersecurity for Executives: A Practical Guide," which is used widely at colleges and universities across the country. He is also a faculty member at Carnegie Mellon University's Heinz College, where he teaches Cyber Risk Management. Touhill is a recipient of numerous professional and education degrees from Harvard University's John F. Kennedy School of Government, the Air War College, the University of Southern California and Penn State University.

Ms. Alexis Wales is the Associate Deputy Director - Cyber Threat Detection & Analysis National Cybersecurity and Communications Integration Center (NCCIC) at the Department of Homeland Security with almost 15 years' experience in risk management, federal program management, and providing decision support to executive leadership in the public sector. As a cybersecurity policy subject matter expert, Alexis is at the forefront of enabling decision-makers throughout the federal space to make better risk-based decisions by arming them with appropriate security information, and by enhancing their ability to arm themselves. Alexis and her team directly support federal agency leadership as they manage cyber risk in the spotlight of high-priority, high-visibility efforts - e.g. the Cybersecurity Executive Order issued in May by President Trump and several well-known data breach events. Within the Federal Network Resilience Division, Ms. Wales and the broader team promote thought leadership on cybersecurity governance and risk management, and assists in the development of policy, doctrine, and guidance to advance risk-informed decision making within the federal cybersecurity space. Ms. Wales additionally develops and implements technical assistance and training programs on cybersecurity risk management tools, tech-niques, and processes for federal cyber professionals.
Ms. Wales has an M.A. in Security Policy Studies from the George Washington University, and a dual B.A. in History and Anthropology from Brandeis University.
Alexis likes to work on messy problems with lots of different kinds of information and stakeholders who speak entirely different languages.

Claude L. Williams is currently the Chief Executive Officer (CEO) and Chief Information Security Officer (CISO) of CyNtelligent Solutions, LLC (CyNtell). CyNtell is a world-class consulting and professional services company servicing the US DoD, US Civil Government agencies, and the private sector with cybersecurity and related IT governance, risk management, and compliance services. Complementary areas of expertise are in business continuity, privacy, and
cloud-based solutions. Previously, Mr. Williams was the Head of Business Development for the renowned, premier provider of professional cybersecurity education and certifications, (ISC)2. He has over 17 years of experience in information technology, cybersecurity, and certification education. Mr. Williams has a diverse management and information security background, and has worked primarily in the U.S. DoD environment as an integrator and executive consultant to various military and civilian agency CIOs. Mr. Williams has authored numerous white papers and case studies related to enterprise systems management and supporting business processes with information technology. He has authored curricula in collaboration with Microsoft, Novell, and numerous training organizations and academic institutions. He has successfully developed and administered customized cybersecurity programs for notable organizations in support of internal initiatives. Among those successes are the programs he managed for the American Red Cross, The U.S. Department of Veteran Affairs, and The U.S. Senate. Mr. Williams served on a working group for the development of the National Initiative of Cybersecurity Education (NICE) and significantly contributed to the development of an Insider Treat Methodology while working as a research scientist at Carnegie Mellon University SEI CERT.
Mr. Williams holds various technical and professional industry certifications including being Certified by the Business Continuity Institute (CBCI), and achieving the Certified Information Systems Security Professional (CISSP) and
Psalm 40:31 - .those who hope in the LORD will renew their strength.
CompTIA Advanced Security Practitioners (CASP) credentials. He holds degrees in Computer Information Systems and Information Security.
Mr. Williams was born and currently lives in the Washington Metropolitan Area with his wife and four (4) children. He is a minister in the church he attends, teaching Biblical Studies. He is Chairman of the Board for Understanding the Needs In Today's Youth (UNITY), Inc, a not-for-profit youth athletics and development organization. For health and fitness, Mr. Williams participates in martial arts and "combatives" with high levels (belts) of achievement.


Claude L. Williams will be in the following session(s):

Technical Track - Session 5 - Low Impact-High Yield Security Assessments
11/07/18: 3:30 PM - 4:30 PM

View the Agenda
Greg Witte, CISM, CISSP-ISSEP, is a Senior Security Engineer for G2 Inc. He supports public and private sector clients, including several NIST computer security divisions. He has been managing information technology for over thirty years, more than twenty of those in the information security arena. As part of his NIST support role, he was one of several primary authors of the NIST Cybersecurity Framework (CSF). Drawing on that experience and his many years with COBIT, he co-wrote ISACA's guide for Implementing the NIST Cybersecurity Framework and the associated training/certification. He also supports ISACA as a member of the Cybersecurity Task Force.