October 9-10, 2018 | The Hyatt Regency Baltimore Inner Harbor | Baltimore, MD

Download the App! Presentations Sponsor or Exhibit! View the Prospectus
  

Content Focus & Agenda



Day 1 Content Focus

NSA Cybersecurity Track
Education Track
Sponsored By:
UMUC
IoT / Innovation & Technology Track

Day 2 Content Focus

Cyber Risk / Election Security
US Cyber Command Technical Requirements and Acquisition Strategy
Sponsored By:
Dreamport
Workforce Development

Click a block to view session details

Print Agenda

Tuesday, October 9, 2018
TimeAgenda Item
7:30 AM -
9:00 AM
Registration

Atrium Lobby


8:00 AM -
4:00 PM
*Separate registration is required*
Maryland Cyber Challenge

Pisces Lounge


9:00 AM -
9:45 AM
Building a Diverse Cybersecurity Talent Ecosystem to Address National Security Needs
  • Moderator
  • Mr. J. Thomas Sadowski

    Vice Chancellor for Economic Development, University System of Maryland (USM)
  • Panel
  • Ms. Tina Williams-Koroma

    Cybersecurity Academic Innovation Officer, University System of Maryland
  • Samuel Visner

    Director, National Cybersecurity Federally Funded Research and Development Center (MITRE)
  • Martha Laughman

    Director, Workforce Channel Development & Veterans Programs, UMBC Training Centers
  • Isabel Cardenas-Navia

    Director, Emerging Workforce Programs, Business-Higher Education Forum

  • Abstract

    The University System of Maryland (USM) engaged the Business Higher Education Forum (BHEF) to perform a case study that "examines how USM collaborated with businesses and government agencies to develop cybersecurity pathways on multiple campuses to build a diverse regional cybersecurity talent ecosystem that can address national security needs."

    This panel will include a discussion about the case study, available at http://www.bhef.com/sites/default/files/bhef_2018_USM_0.pdf. The panel will also elaborate on a specific example of USM's work with MITRE who operates the National Cybersecurity Federally Funded Research and Development Center (FFRDC) (NCF). MITRE partnered with USM, and began implementing the nation's first FFRDC, in October 2014. As a part of this partnership, USM also engaged nine (9) other universities throughout the United States (the Academic Affiliates Council [AAC]) to facilitate the realization of the National Institute of Standards and Technology (NIST)'s national cybersecurity vision. The role of USM and the AAC in the NCF involves:

    • Forming a strong and collaborative national cybersecurity research and development community that encompasses government, academic, and private sector entities.

    • Creating and executing a national cybersecurity R&D strategy and an approach for a strong national cybersecurity workforce. Both strategies will include leadership from government, academia, and the broad private sector.

    • Identifying, validating, and initiating funded action on key cybersecurity challenges.

    • Shaping the NCF mission and broader cybersecurity initiatives as strategic partners to MITRE.

    This session will include a discussion of successes to date, lessons learned, and the strategy for USM's continued role with government and industry.


Constellation Ballroom A/B


9:45 AM -
10:15 AM
Break / Visit Exhibits

Atrium Lobby


10:15 AM -
10:45 AM

10:45 AM -
11:30 AM
Keynote Address
  • Keynote
  • Christopher Krebs

    Under Secretary, National Protection and Programs Directorate (NPPD), Department of Homeland Security (DHS)

Constellation Ballroom A/B


11:00 AM -
3:00 PM
*Separate registration is required*
The CyberMaryland Job Fair

Maryland Suites


11:30 AM -
11:45 AM
Break / Visit Exhibits

Atrium Lobby


11:45 AM -
12:30 PM
Truth, Lies and the Quest for Information Dominance
  • Tony Lawrence

    CEO, VOR Technology

  • Abstract

    This session will provide unique insight to the challenges we face in cyberspace and the need to develop a Quantum Collective - beyond the USG - to ensure our continued ability to secure our collective resources and treasure in cyberspace.


Constellation Ballroom A/B

  • 11:45 AM - 11:55 AM
    Opening Welcome and Introduction of Keynote Speaker
  • Dr. Gregory Von Lehman

    Special Assistant to the President, Cybersecurity, Office of the President, University of Maryland University College
  • Dr. Emma Garrison-Alexander

    Vice Dean, Cyber Security & Information Assurance Department, The Graduate School, UMUC
  • 11:55 AM - 12:30 PM
    Keynote Speaker - What CISOs Worry About and How They Have Prepared!
  • Marcus H. Sachs

    Chief Security Officer, Pattern Computer, North American Electric Reliability Corporation and Verizon’s Vice President for National Security Policy

Constellation Ballroom C/D

The Growth of Smart Cities: The Dead Bird on the Sidewalk is the Least of Your IoT Problems
  • Moderator
  • Aaron Gregg

    Reporter, Washington Post
  • Panel
  • Drew Cohen

    CEO, Zuul IoT
  • Gregg Smith

    CEO, Attila Security
  • Phil Silver

    Senior Director, Sales & Business Development for Public Sector Transportation, Conduent

  • Abstract

    Securing cities with a heavy reliance on IoT is challenging. As cities like Baltimore look to implement smart city initiatives to increase the quality of life for residents, such as connected security cameras, transportation, expanded WiFi services, 5G, etc. caution must be taken to protect these connected networks from hijacking. Hear from technologists and transit companies the risks posed by implementing IoT into cities and their strategies for minimizing risk.


Constellation Ballroom E/F


12:30 PM -
1:30 PM
Lunch on own
Lunch / Visit Exhibits

1:30 PM -
2:15 PM
Autonomous Decision Systems for Cyber Defense
  • Ahmad Ridley

    Adaptive Cyber-Defense Systems, National Security Agency

  • Abstract

    Our research goal is to build an autonomous cyber defense control system that will make an enterprise network and its associated missions and services, more resilient to cyber-attack. Such a cyber defense system should choose appropriate responses to help the enterprise network achieve its goals and simultaneously withstand, anticipate, recover, and/or evolve in the presence of cyber-attacks. Through automation, the system should make decisions and implement responses in real-time and at scale. Since methods of attack are constantly evolving, this autonomous cyber defense must also be adaptive. Therefore, in our research, we use apply reinforcement learning (RL) to train an agent to perform sequential decision-making under uncertainty to control and defend the network. We will present an overview of our research, and collection of experimental results.


Constellation Ballroom A/B

  • 1:30 PM - 1:40 PM
    Ponemon Inst Survey - About the Survey

  • Abstract

    Setting the Stage: CISOs wear many hats. At a high level, they're responsible for ensuring effective information security controls are in place and protocols are followed. As such, the Ponemon Institute's January 2018 survey, "What CISOs Worry About," is an important way to set the stage for the upcoming CISO discussions about their top concerns and descriptions of their jobs. At this session, you will learn about CISO concerns and whether or not they have changed in the first half of 2018.

  • Dov Goldman

    Vice President, Innovation and Alliances, Opus
  • 1:40 PM - 2:15 PM
    Addressing Threats

  • Abstract

    What are the significant factors in a CISO's career and educational background that help them deal with today's threats? In this session, we'll discuss areas such as forecasting, risk management, mobile computing, the Internet of Things, human factors, data privacy, critical infrastructure, and artificial intelligence. These areas are critical for CISOs in addressing data breaches, disruptive technologies, and other security threats.

  • Moderator
  • Chris Dorobek

    Editor, GovLoop
  • Panel
  • Emery Csulak

    Chief Information Security Officer (CISO)/ Senior Official for Privacy, Centers for Medicare and Medicaid Services (CMS)
  • Gayle B. Guilford

    Chief Information Security Officer, Baltimore City Office of Information & Technology (BCIT)
  • Stacy Dawn

    Chief Information Security Officer/Chief Privacy Officer, Export-Import Bank of the United States

Constellation Ballroom C/D

Architecting cybersecurity controls for secure implementation of Internet of Things (IoT)
  • Dr. Omondi Opala

    Director of Cyber Security Engineering and Operations, Sealed Air Corporation

  • Abstract

    The Internet as we know it was created by ARPANET in 1969 as switching and flexible distributed packet communication network nodes. The communication process depends on packet forwarding from source to destination through a next hop device also known as routing. The most widely used network transport protocol combination is TCP/IP manages sessions between two interconnected network nodes. The Internet of Things (IoT) is poised to revolutionize the IT industry by allowing connectivity to appliances, cameras, and dumb devices on manufacturing machines to gather pertinent data on utilization. The Internet of Things (IoT) is associated with connecting the sensors and actuators to the new Internet. These include remote home monitoring technologies, wearable computing, self-tracking tools, augmented reality, sensor-rich fabric, intelligent energy and power systems, autonomous vehicles, drones, retail tracking, automated inventory management systems, industrial connectivity and much more.

    The IoT phenomenon has been widely adopted by the relevant industries to show case the ubiquitous Internet's value proposition but it brings along a major security risk to the enterprise networks. This is due to the fact that IoT devices relies on some of the vulnerable wireless technologies such as Bluetooth, Wi-Fi, Zig-Bee, Cellular, RFID and many other forms of wireless access technologies. The majority of studies done Gartner and Forester on the Internet of Things estimate that over the next 20 years could add as much as $15 trillion to the global GDP. Others argue that the current over 10 billion wireless devices will increase to 30 billion by 2020 making it a compelling business decision to consider adopting the solution and planning on how to security use it to transact business. The success of the IoT adoption rate does not lie on smart-phones, tablets and laptops which are the current eco-system of IoE but on node or sensor type devices. In this paper we will explore the demand for IoT in different business sectors, highlight inherent risks and recommend security best practices for implementation.


Constellation Ballroom E/F


2:15 PM -
2:20 PM
Break / Transition

Atrium Lobby


2:20 PM -
3:05 PM
Best Practices from NSA's Cybersecurity Operations Center
  • Dave Hogue

    Technical Director, NSA Cybersecurity Threat Operations Center, National Security Agency

  • Abstract

    NSA's Cybersecurity Threat Operations Center (NCTOC) serves as the focal point for execution for the agency's 24/7/235 cybersecurity operations mission. NCTOC leverages unique insights into adversary intentions and tradecraft to develop and implement strategic defense measures for the nation's most critical networks. NCTOC resources fully equipped teams who partner with U.S. Cyber Command to serve as the 'front lines' in defending the unclassified Department of Defense Information Network (DoDIN), a global network encompassing three million global users everywhere from office threats on a daily basis.


Constellation Ballroom A/B

Career Pathways
  • Moderator
  • Dr. Emma Garrison-Alexander

    Vice Dean, Cyber Security & Information Assurance Department, The Graduate School, UMUC
  • Panel
  • Dr. Calvin Nobles

    Adjunct Faculty, University of Maryland University College
  • Paul Cunningham

    Chief Information Security Officer, Department of Energy

  • Abstract

    How does one become a CISO? This session focuses on how their background and educational experiences have prepared them for the daily stresses, budgeting for cybersecurity, future career, etc. We'll discuss the pipeline and whether IHEs are doing their part and offer advice on steps to becoming a CISO.


Constellation Ballroom C/D

Future Threats and Quantum Leaps in Encryption, Automation and Machine Learning
  • Moderator
  • Megan Gates

    Associate Editor, Security Management Magazine
  • Panel
  • John Prisco

    President and CEO, QuantumXchange
  • Chris Jacob

    Global Director, Threat Intelligence Engineers, ThreatQuotient
  • Danny Rogers

    CEO, Terbium Labs
  • Lily Chen

    mathematician and manager of Cryptographic Technology Group in the Computer Security Division, NIST

  • Abstract

    Until now, most have assumed encryption is enough to protect stolen data from compromise. Encryption standards have evolved over time as computing capabilities have advanced to crack older generations of code and we have always lived under the assurance that our latest encryption is strong enough to withstand the most formidable foe with almost unlimited resources. However, the newest quantum computer architectures have the future potential to break even the strongest encryption society relies on today. It is time to fight fire with fire and completely upgrade our approach considering quantum networks for encryption key exchange. Battelle, industry researchers and academics are identifying ways quantum networks can be used to protect future generations from having to worry about their encryption again. This panel will center around highlighting new threats that require advances in encryption, automation and machine learning.


Constellation Ballroom E/F


3:05 PM -
3:30 PM
Break / Visit Exhibits

Atrium Lobby


3:30 PM -
4:15 PM
The Cyber Generation:Top 5 Cyber Issues Facing Maryland Schools
  • Moderator
  • Armando Seay

    Vice President of Business Development and Cyber Security, SSI Guardian
  • Panel
  • Jennifer Havermann

    Client Relationship Executive, Deloitte, LLP
  • Steve Morrill

    Director of Information Technology, Loyola Blakefield High School
  • David Longe

    System Administrator, Baltimore City Public Schools
  • Kyle Haverman

    , Deloitte
  • Diane M. Janosek

    Deputy Commandant, National Cryptologic School, National Security Agency

  • Abstract

    It is widely acknowledged that cyber security is a strong career path and valid choice for any student. Are schools ready?


Constellation Ballroom A/B

Life of a CISO and Beyond

  • Abstract

    This session centers on how well prepared academically CISOs are to handle the responsibilities of the position and how often they rely on academic and non-academic skills related to risk analysis, revenue generation, employee productivity, ethics, strategic value of the cyber team, reporting structures, customer satisfaction, and cyber innovation. Senior level cyber professionals will also be on hand for a discussion of life after being a CISO.

  • Moderator
  • Jason Miller

    Executive Editor, Federal News Radio
  • Panel
  • Lisa Holman

    Deputy CISO, US Postal Service Corporate Information Security Office
  • Joseph Stenaka

    Chief Information Security Officer, U.S. Department of Agriculture
  • Jothi Dugar

    Chief Information Security Officer, National Institutes of Health Clinical Center

Constellation Ballroom C/D

Getting the Board’s Buy-In Through SOC Metrics
  • Mischel Kwon

    Founder & CEO, MKACyber

  • Abstract

    Have Board meetings felt career ending? Bring Board members into the fight. By using real stats and metrics with a solid understanding of the business you can clearly articulate risk, expenditures and protect the business. This session will use real examples of statistics, metrics and board level presentations to demonstrate how the Board can buy into the Cybersecurity program.


Constellation Ballroom E/F


4:15 PM -
5:15 PM
Closing Keynote / Awards - Cyber Challenge
  • Ms. Marianne Bailey

    Deputy National Manager (DNM) for National Security Systems (NSS) and Senior Cybersecurity Executive, National Security Agency

  • Abstract

    NSA's defensive mission has never been more paramount. Our cyber adversaries are relentless, increasingly sophisticated and strategic in their tactics and tradecraft. Our competitors conduct complex cyberspace operations to steal our technology, disrupt our government and commerce, challenge our democratic processes, and threaten our critical infrastructure. As such, the U.S. very recently launched both the National and Department of Defense cyber strategies that emphasize the need for stronger defense for our nation. Safeguarding our digital infrastructure requires an advanced understanding of the threat, predictive and preventative operations, and innovative research and development through technology partnerships.

    This session will discuss the NSA Deputy National Manager's perspective on the state of cybersecurity, NSA's outlook on emerging opportunities, and how cyber connects us all.


Constellation Ballroom A/B


Wednesday, October 10, 2018
TimeAgenda Item
7:30 AM -
9:00 AM
Registration

Atrium Lobby


9:00 AM -
9:45 AM
Lessons Learned from 2018 Security Incidents
  • Moderator
  • Mourad Yesayan

    Investment Lead, Paladin Capital Group
  • Panel
  • Hannah Clifford

    VP Corporate Development, Nehemiah Security
  • Todd Weller

    Chief Strategy Officer, Bandura Systems
  • Casey Corcoran

    CISO, OPAQ

  • Abstract

    While 2018 might have been "better" from a government leaks and global ransomware attack perspective, there is no denying that corporate security isn't improving with ample haste, critical infrastructure is easily targeted and nation states continue to grow bigger, faster, stronger. What can we learn about cybersecurity based on the incidents of 2018 and what can we do to prepare for 2019 and beyond? This panel will dissect three destructive cyber incidents of 2018 and discuss how organizations can prioritize their security controls, build a comprehensive response plan and respond to the increasing regulatory controls in order to enforce best practices for corrective action.

    1. Ransomware attack took down Baltimore's 911 dispatch system and forced the city to revert to manual dispatching of emergency services

    2. Exploited flaw in thousands of MikroTik routers that sent traffic to unknown, attacker controlled IP addresses and enabled eavesdropping

    3. Spear Phishing emails enabled Russia to access US electric utilities control rooms via networks that belonged to third-party vendors.


Constellation Ballroom A/B


9:45 AM -
10:15 AM
Break/Visit Exhibits

Atrium Lobby


10:15 AM -
11:00 AM
Overview of US Cyber Command
  • Captain Ed Devinney, US Navy

    Director, Corporate Partnerships and Technology Outreach, United States Cyber Command

  • Abstract

    As the nation's cyber warriors, US Cyber Command (USCYBERCOM) operates daily in cyberspace against capable adversaries, some of whom are now near-peer competitors in this domain. We have learned we must stop attacks before they penetrate our cyber defenses or impair our military forces; and through persistent, integrated operations, we can influence adversary behavior and introduce uncertainty into their calculations. Our forces must be agile, our partnerships operational, and our operations continuous. Policies, doctrine, and processes should keep pace with the speed of events in cyberspace to maintain decisive advantage. Superior strategic effects depend on the alignment of operations, capabilities, and processes, and the seamless integration of intelligence with operations. Now we must apply this experience by scaling to the magnitude of the threat, removing constraints on our speed and agility, and maneuvering to counter adversaries and enhance our national security.

    This session will provide an overview USCYBERCOM's updated mission and the primary objectives for the agency. We will also cover industry/academia/USG interaction and how the development of partnerships will be a primary objective to develop enhanced operational capabilities.


Constellation Ballroom A/B


11:00 AM -
11:15 AM
Break/Visit Exhibits

Atrium Lobby


11:15 AM -
12:00 PM
Something Old, Something New, Something Borrowed, Something You: Rise of Synthetic Identities
  • Emily Wilson

    Fraud Intelligence Manager, Terbium Labs

  • Abstract

    What do you get if you combine an abandoned row home, an out of service phone number, and the Social Security number of a newborn baby? A perfectly good line of credit.

    Even as the annual costs from identity theft continue to grow, this type of fraud is no longer limited to the compromise of real, tangible identities. Instead, a more insidious form of fraud is beginning to take shape: synthetic identities. Synthetic identities are pieced together from different personal data sources, creating new, largely undetectable personas that can be used to open accounts, take out loans, and run up huge debts. In many cases, synthetic identities exploit the fresh, untapped data of children and infants, creating bad credit that will go unnoticed for more than a decade.

    How are these synthetic identities created? Where are criminals getting this data? What can the security industry - and everyday consumers - do about it?

    This session investigates the development of synthetic identities, going beyond the surface-level introduction offered by other identity presentations. The session will examine how this new form of fraud is taking shape, and why these synthetic identities can so regularly go undetected. The session will include a deep dive into the thriving underground market for personal data on the dark web, including a survey of the criminal tradecraft that makes it easy for fraudsters to create and exploit these synthetic identities.

    Attendees will come away from this session with a framework for understanding how data is valued and traded on the dark web, how data breaches open up a lifetime of exposure, how synthetic identities are developed and exploited, and what security professionals - and parents - can do to protect against this new type of fraud.


Constellation Ballroom C/D

How Industry Can Engage with USCC
  • Moderator
  • Scott Dade, Ed. D.

    Tech Outreach/Military Engagements, USCYBERCOM, Capabilities Development Group
  • Panel
  • Captain Ed Devinney, US Navy

    Director, Corporate Partnerships and Technology Outreach, United States Cyber Command
  • Karl Gumtow

    Executive Director, Dreamport
  • Tim Teal

    Director, J6 & J8 - Cyber National Mission Force (CNMF), United States Cyber Command

  • Abstract

    Join us for a senior leadership panel who will discuss the best ways to engage with USCYBERCOM. Recent contracting authority allows USCYBERCOM to purchase capabilities in support of its mission. Engagement pathways, including the recently launched DreamPort program, will also be discussed. Learn how your organization can provide products and services to support the emerging technology needs of USCYBERCOM.


Constellation Ballroom A/B

Leveraging Innovative Public / Private Partnerships to Drive Cyber Workforce Development
  • Moderator
  • Max Shuftan

    Director, CyberTalent, SANS Institute
  • Panel
  • Michael Mourelatos

    Vice President and Chief Technology Officer (CTO), CACI
  • Mary Keller

    Program Administrator, State of Maryland Department of Labor, Licensing, and Regulation’s (DLLR) EARN Program
  • Jeffrey Smith

    Targeted Populations Grant Manager, State of Maryland DLLR
  • Bryan Inagaki

    Director, Cybersecurity Risk Management Corporate Information Security (CIS) Program, Thermo Fisher Scientific

  • Abstract

    Public/private collaboration is essential to fill the cyber talent pipeline and improve the safety of information networks that drive national security and economic stability. Collaboration among federal, state, local and private stakeholders, including industry, non-profits, and academia, is the foundation for new cybersecurity education, training and workforce development initiatives. These innovative partnerships are actively addressing the need for skilled and motivated workers to fill the pervasive cybersecurity talent shortage. According to a recent 2018 ISACA survey, 59% of enterprises report unfilled security positions, and 54% stated it takes over three months or longer on average to fill security positions.

    In an era marked by rising cyber threats, Maryland's standing as one of the nation's most advanced workforces and a leader in securing critical cyber infrastructure is a testimony to the power of the state's commitment to collaboration among stakeholders. Learn how innovative public/private partnerships are cultivating the skilled workforce needed to compete in today's competitive global environment and equipping industry and government for the challenges that lie ahead.

    At the end of this session, participants will be able to:

    • Look beyond traditional hiring models to find high-potential talent that can fill vacant positions

    • Introduction to various collaboration models that improve cyber workforce development

    • Identify existing partnership opportunities in MD


Constellation Ballroom E/F


12:00 PM -
1:00 PM
Lunch on own
Lunch/Visit Exhibits

Atrium Lobby


1:00 PM -
1:45 PM
Accelerating Business Growth in the Cyber Market
  • Gloria Larkin

    President & CEO, TargetGov

  • Abstract

    This advanced-level session focuses on driving aggressive growth and business development in the cyber market. Cybersecurity Ventures predicts global spending on cybersecurity will exceed $1 trillion between 2017 and 2021. Well-positioned contractors view the cyber market a growth market even amid federal budget uncertainties. Attendees to this session will learn how to fast-track cyber market growth in both defense and civilian agencies. If you are ready to add a zero onto your revenues, this practical, bottom-line, results oriented session will address:

    • Funding trends and using them to your advantage

    • Contract vehicles: go or no go

    • Positioning to win market share

    • The real decision makers and how/when to engage

    • Fast-track tools for success


Constellation Ballroom C/D

Forecasted Technical Requirements & Contracting with US Cyber Command
  • Steve Schanberger

    Acquisition Executive, United States Cyber Command

  • Abstract

    US Cyber Command was granted acquisition authority by the US Congress in October 2016. This session will provide an overview of upcoming technology requirements, along with the acquisition and contracting methodologies to be used by USCC for the purchase of products, services and knowhow required to support the updated mission.


Constellation Ballroom A/B

Transforming the Cybersecurity Workforce Via Government Collaborations
  • Chase Norlin

    CEO, Transmosis

  • Abstract

    According to a recent Cisco report, there are over 1 million cybersecurity jobs unfilled, which is projected to rise to 6 million by 2019. The problem is two-fold: filling the current gaps while preparing the next workforce generation. The solution requires that the public and private sectors work together to create clear career paths in cybersecurity. In order to recruit and retain skilled personnel, together they must incorporate a variety of employment tools and resources.

    In this session you will learn what the public sector is doing at the state and federal levels and how the private sector can become involved while aligning their own efforts, and, an analysis of the latest career education and training programs working to solve this massive problem.


Constellation Ballroom E/F


1:45 PM -
2:00 PM
Break/ Visit Exhibits

Atrium Lobby


2:00 PM -
2:45 PM
Securing "PACS" Through Collaboration
  • Andrea Arbelaez

    IT project manager, National Institute of Standards and Technology
  • Sue Wang

    Cybersecurity Engineer & Healthcare Sector Technical Lead, MITRE Corporation & National Cybersecurity Center of Excellence

  • Abstract

    When patients seek medical care, one of the first actions healthcare providers take is ordering imaging procedures such as X-Rays or MRIs to help diagnose issues and determine next steps. Like much of the healthcare industry, medical imaging has also rapidly moved toward the digital space. These images, stored within an online Picture Archiving and Communication System (PACS), are shared among medical staff and remotely accessible on mobile devices.

    While PACS allow for more efficient medical processing, the systems are often not developed with security in mind and expose the broader hospital system to cybersecurity risks. Malicious actors could leverage unsecured PACS to infiltrate hospital systems and access critical information and vital medical services, putting patients at risk.

    The National Cybersecurity Center of Excellence (NCCoE), working in partnership with healthcare delivery organizations (HDOs), cybersecurity vendors and academic partners, is developing guidance to help HDOs secure their PACS ecosystem, based on a comprehensive risk assessment.

    The Picture Archiving and Communications session will:

    • Outline the scope of PACS systems within hospitals and other healthcare delivery organizations

    • Detail the cybersecurity risks associated with PACS

    • Showcase the reference architecture developed by the NCCoE, using NIST cybersecurity standards, to secure the PACS ecosystem within an HDO.


Constellation Ballroom C/D

Next Generation National Cyber Protection Teams [CPT]
  • Panel
  • Joseph Loomis

    Founder & Chief Technology Officer, CyberSponse, Inc
  • COL Benjamin A. Ring, Ph.D.

    Director, USCC/CDG/ARD-NSA Fellow
  • Karl Gumtow

    Executive Director, Dreamport
  • Tim Teal

    Director, J6 & J8 - Cyber National Mission Force (CNMF), United States Cyber Command

  • Abstract

    The panel discussion hosts various experts providing an overview of the future of US Cybercommand's approach to Cyber Protection Teams, innovating incident response, team collaboration, selection of cyber tools, and their focus of building a stronger national force. The Panel will explain lessons learned over the years including training, skills development, moral management, capability testing and more.


Constellation Ballroom A/B

Alternative Pathways to Cyber
  • Kent Malwitz

    President, UMBC Training Centers

  • Abstract

    Due to the overwhelming demand for talent in cybersecurity in our region, new and non-traditional pathways to enter the field have emerged. Employers are seeking mission-ready candidates from higher education and new academic programs in cyber are appearing, but the number of qualified students coming out of these programs pales in comparison to the growing demand. Additionally, these graduates typically require on the job experience to be fully productive in their roles.

    While there is a negative unemployment rate in cyber, there are too many citizens in our state who are unemployed or underemployed. For the most part, the pool of qualified cyber talent is treated as a zero-sum game, leaving employers to fight over these scarce resources. While companies are drawn to Maryland for our highly educated and well-prepared workforce, they quickly realize that there is a war for that talent, and attracting and retaining it is expensive.

    Necessity is driving innovation. Employers are widening their apertures to find candidates from alternative sources with great success. New approaches are developing new talent in cyber, including vocational training programs and apprenticeships. Those with the aptitude and passion needed to be successful in a career in cyber but have not had the opportunity to obtain a cyber-related degree finally have the opportunity to break into the field. And they are bringing with them new experiences, perspectives and diversity to the cyber workforce.

    Our panel will include employers with experience hiring cyber talent from these non-traditional sources as well as the cyber professionals who have traveled alternative pathways to break into the field. Hear from them about their experiences and learn about opportunities to participate in the innovation that is happening in our state.


Constellation Ballroom E/F


2:45 PM -
3:15 PM
Break/ Visit Exhibits

Atrium Lobby


3:15 PM -
4:00 PM
Election Security
  • Can Our Election Systems Be Trusted?
  • Dr. Balakrishnan Dasarathy

    Professor & Chair for the Information Assurance program, University of Maryland University College

  • Abstract

    Answering this question rigorously is vital for keeping faith in our democracy!

    Our election systems consist of two major types of systems: ballot and registration systems. A close examination of these systems is necessary to get a complete picture of the prospect of a hack and its ramifications.

    Voting ballot machines, where votes are cast, are the most important ones from the election integrity perspective. These machines are not typically connected to the Internet, at least during voting, and that prevents them from being hacked. A thumb drive is used to extract data from a voting machine, and this thumb drive with cryptographically-protected data is then securely handed over to a central location for vote-tallying purposes. In some states, many direct-recording electronic voting machines that do not produce any paper record remain in use. This certainly puts such machines at risk for lost votes in case of machine failures.

    The voter-registration systems in many states allow eligible voters to register online, and, as such, are not cyber-attack proof. Hacking here could certainly lead to deletion or manipulation of voter rolls?thus disrupting elections and reducing faith in our electoral process. Fortunately, processes can be put in place to detect, on a daily basis, any alteration to the voter database.

    Trustworthiness: Before the 2016 general election, about 34% of likely voters believed that year election would be rigged, according to a New York Times report. The pressing issue is not just one of information security, but about assurance and the trustworthiness of all voting technology and processes. Trustworthiness demands that we maintain a paper trail, that officials and party representatives verify all voting systems are working just prior to voting, and that there is a review of tally results in each precinct?or at least randomly selected precincts?with ballots from the paper trails kept.

  • How Can we Hack-Proof Our Elections?
  • Dr. George Dimitoglou

    Associate Professor, Center for Computer Security & Information Assurance, Hood College, Frederick, Maryland

  • Abstract

    The work focuses on identifying the existing challenges and opportunities to make elections secure and reliable: ranging from the voter registration process and the actual voting to counting the results. The solutions require the a certain technology mix, the development of standards and policies along with the political will to fund and deploy a robust election process.

    The topic is both timely and relevant given the upcoming elections and will include information and experience related to the securing of the Frederick County Election Board systems and processes during the summer of 2018.


Constellation Ballroom C/D

Invited Speaker

Constellation Ballroom A/B

Growing Local Cyber Investments
  • Moderator
  • Robert Terry

    Senior Staff Reporter, Washington Business Journal
  • Panel
  • Thomas Weithman

    President and Chief Investment Officer, MACH37
  • Hank Thomas

    Co-Founder and CEO, Strategic Cyber Ventures
  • John Funge

    Chief Product Officer, DataTribe
  • Frank Glover

    Lead Director, TEDCO Seed Fund

  • Abstract

    Regional investors in cyber team up with institutional investors to grow local investments into national brands servicing the government and commercial enterprise. Learn what it takes to build credibility, establish partnerships, and raise the capital necessary to launch a cyber company and product in today's market.


Constellation Ballroom E/F


4:00 PM -
4:45 PM
End of Day Keynote

Constellation Ballroom A/B