Schedule of Day | June 6, 2018

7:30AM – 12:30PM

 

7:30AM – 8:30AM Networking/Registration/Exhibit Hall Opens


8:30AM – 9:30AM Welcome Remarks

  • Congressman Dutch Ruppersberger
  • Lt. Gov. Boyd Rutherford

9:30AM – 9:50AM Break


9:50AM – 10:50AM Concurrent Session 1

 

1A: Blockchain (Technical)

Speaker:

Matthew Johnson,  Guardtime

 

 

1B: Blockchain (Managerial)

Speaker:

Daniel Yim, Noblis

 


10:50AM – 11:10AM Break


11:10AM – 12:10PM Concurrent Session 2

 

2A: Security in an Open Source World (Technical) 

Balancing conflicting goals of security and timeliness to market

 

Growing citizen needs and demands are driving transformation & modernization efforts across public and private sector entities. The biggest hurdle in most traditional IT organizations is that development and operations teams haven’t always held shared priorities. Developers are the creative minds behind application development, while operations is focused on standardization and control. Unfortunately, both teams are often mired in the government-required security processes which can delay projects by weeks, months, and sometimes years, even as time to mission becomes more critical than ever.

 

Join this session to understand:

 

  • How do modern development (ie, Agile, Scrum) methodologies integrate with the NIST Risk Management Framework?
  • How do we simplify & modernize the Authority to Operate (ATO) process?
  • What automation technology exists that can be used today?
  • Lessons learned from those who are responsible for productizing and operationalizing digital services

 

What, if any, “shared cyber services” exist across government entities and how can they be used?

 

Speakers:

Shawn Wells, Red Hat

Josh Lospinoso, Ph.D., CAPT, U.S. Cyber Command

 

 2B: Security in an Open Source World (Managerial)

Upstream Innovation to Secure Implementation: Considerations for Open Source in your Enterprise

 

Requiring custom-developed software to be made available for sharing and re-use across government agencies, the Federal Source Code Policy requires agencies to release at least 20% of new source code to the public. The Federal Source Code Policy evolves the government from merely consuming open source software to collaborating and creating new open source communities.

 

With the introduction of agencies like 18F and the US Digital Service, and trailblazers like Netflix & Amazon, how are government agencies and commercial partners balancing innovation with security?

 

This panel will address common questions such as:

 

  • How do you find the right open source solutions and consume them in a secure manner?
  • How have agencies transitioned from consumer to collaborator with open source software?
  • How do agencies engage code.gov? What about non-federal repositories?

 


12:10PM – 12:30PM Break and Transition to other building

12:30PM – 1:50PM

 

12:30PM – 1:30PM Lunch

Where is the Workforce?

 

We continue to hear about a zero percent unemployment rate for the cyber workforce.  Worse yet, we hear reports of over one-million unfilled cyber jobs that is expected to grow to 1.5 million by 2019.  This problem is compounded when you consider many of these jobs require a security clearance.  This panel not only discusses the challenges with finding and retaining a skilled cyber workforce, but will also explores some potential solutions for closing the gap.
Specific topics discussed include:

•    Current cyber workforce trends and challenges in both the Federal and Commercial sectors
•     How academia is adapting curriculum to close the shortage of trained cyber professionals
•    The role of automation to alleviate the pressure on the cyber workforce
•    Why outsourcing cyber talent might be a successful strategy
•    Leveraging uncleared workers to achieve classified objectives
•    The pitfalls of relying on an untrained, nontechnical workforce

 

Exploring new career preparation models such as stackable credentials, consortium education institutions/business partnerships

 

How does the industry and educational institutions address expansion of the need for security professionals with varied skills to meet many different types of employment needs for healthcare, government, service contractors and businesses

 

Panel members:

Dr. Kate Hetherington, Howard Community College

Diane Burley, Ph.D., George Washington University

COL Matthew Dunlop, U.S. Cyber Command

Kelly Shultz,  Maryland Department of Labor, License, and Regulations

 


1:30PM – 1:50PM Break and Transition to other building

1:50PM – 4:00PM

 

1:50PM – 2:50PM Concurrent Session 3

 

3A: IT/Device Security (Technical)

Can Cyberattack Result in Physical Injury? The Key to Prevention is Secure Healthcare Technology Design.

 

The risk to the healthcare industry from cyberattack is often not given the attention that is warranted.  Stolen medical records are selling for more than 10 times as much as stolen credit card number on the dark web.  Stolen patient records can result in patient blackmail, false prescriptions, fraudulent insurance claims, etc.  Even more concerning is the risk of compromise to medical devices.  Compromise of a medical device could lead to serious injury or even death.  In this panel we discuss approaches and technologies for protecting healthcare data and devices.

 

Topics covered include:

  • Internet of Things security
  • Protection from ransomware
  • Implementation of blockchain
  • Risks associated with legacy devices

Speaker:
Jason Taule,  FEI Systems

Terry J. Dunlap, Jr., ReFirm Lans Inc.

 

3B: IT/Device Security (Managerial)

To Implement or Not to Implement?  Overcoming the Anxiety of Applying Technology to Healthcare.

 

The healthcare industry is taking advantage of technology advances that not only facilitate better management and sharing of healthcare data but also provide sensors and devices to patients for improved control over healthcare needs.  While these advances have done much to improve the care provided to patients, they have also introduced new potential attack vectors for adversaries to gain access to patient data or even to patient care.  In this track we discuss the emerging technology threats to the healthcare industry and the challenges management faces implementing new and existing technology.

 

Specifically, we will discuss:

  • How to better achieve data protection and guarantee data integrity
  • Measurement and assessment of the risk of implementing healthcare technology

 

Speakers:

Dr. Merlynn Carson, Myriddian

 

Henry Chao, Solutions Architect and Strategic Advisor

 

Bryson Bort, Founder of Grimm, Scythe, and ICS_Village

 


2:50AM – 3:10AM Break


3:10AM – 3:45PM Afternoon Keynote


3:45PM – 4:00PM Closing Remarks