Qualys | Public Sector Cyber Risk Conference - Agenda
Register    ➤

Agenda

Times are subject to change.

7:30 AM EDT Tuesday, May 21

8:30 AM EDT Tuesday, May 21

Welcome & Housekeeping

5 minutes
George Jackson
George Jackson
VP, Events
GovExec
George Jackson
George Jackson
VP, Events
GovExec
Read More
8:35 AM EDT Tuesday, May 21

Keynote

Redefining Governance: AI Integration in the Public Sector

25 minutes

A new era in AI for government agencies has emerged, ushering in a shift from basic operational support to full integration within organizational frameworks. Despite the undeniable value AI brings, many grapple with its inherent risks. In response, the Biden administration has issued Executive Order 14110 on Safe, Secure, and Trustworthy AI, establishing groundbreaking standards for U.S. government agencies. Forward-thinking leaders are now dedicated to evaluating enterprise-ready platforms, implementing comprehensive toolsets, and tailoring strategies to their unique organizational needs. This includes a keen focus on governance frameworks that emphasize ethics and transparency. As these leaders advance toward an AI-powered future, crucial questions emerge: How can they effectively navigate the complexities of AI deployment while upholding the highest standards of transparency and accountability?

In this conversation, esteemed public sector leaders will discuss an analysis of the recent executive order, offering insights into their current progress and successes. Through the exploration of compelling use cases, they will illustrate the benefits of a well-structured, efficient, and meticulously governed approach to AI deployment across diverse operational landscapes.

Read More
Monica Montgomery
Monica Montgomery
Deputy CISO for Management and Strategy & Deputy Director, Cybersecurity Office
National Geospatial Intelligence Agency (NGA)
Emily Wolfteich
Emily Wolfteich
Senior Industry Analyst
GovExec

A new era in AI for government agencies has emerged, ushering in a shift from basic operational support to full integration within organizational frameworks. Despite the undeniable value AI brings, many grapple with its inherent risks. In response, the Biden administration has issued Executive Order 14110 on Safe, Secure, and Trustworthy AI, establishing groundbreaking standards for U.S. government agencies. Forward-thinking leaders are now dedicated to evaluating enterprise-ready platforms, implementing comprehensive toolsets, and tailoring strategies to their unique organizational needs. This includes a keen focus on governance frameworks that emphasize ethics and transparency. As these leaders advance toward an AI-powered future, crucial questions emerge: How can they effectively navigate the complexities of AI deployment while upholding the highest standards of transparency and accountability?

In this conversation, esteemed public sector leaders will discuss an analysis of the recent executive order, offering insights into their current progress and successes. Through the exploration of compelling use cases, they will illustrate the benefits of a well-structured, efficient, and meticulously governed approach to AI deployment across diverse operational landscapes.

Monica Montgomery
Monica Montgomery
Deputy CISO for Management and Strategy & Deputy Director, Cybersecurity Office
National Geospatial Intelligence Agency (NGA)
Emily Wolfteich
Emily Wolfteich
Senior Industry Analyst
GovExec
Read More
9:00 AM EDT Tuesday, May 21

Main Stage

Welcome from Qualys CEO, Sumedh Thakar

30 minutes
Sumedh Thakar
Sumedh Thakar
Chief Executive Officer
Qualys
Sumedh Thakar
Sumedh Thakar
Chief Executive Officer
Qualys
Read More
9:30 AM EDT Tuesday, May 21

Panel

Strategies for Success: Federal Cloud Security in Action

40 minutes

Recognizing the pivotal role of cloud security in safeguarding our federal networks, as outlined in Executive Order 14028, 'Improving the Nation's Cybersecurity,' federal IT leaders are actively pursuing avenues to enhance the security posture of their cloud environments. Key organizations such as CISA and the GSA FedRAMP office serve as invaluable resources, offering essential guidance on crafting a robust federal cloud security strategy and establishing an effective cloud service governance framework. However, the challenge remains for leaders to ensure comprehensive integration of cybersecurity standards across all levels of an agency's operations. How can leaders ensure that cybersecurity remains a central consideration in every aspect of an agency's operations? Furthermore, how are these leaders utilizing the authority of the Executive Order to drive the adoption of enhanced standards, such as multi factor authentication and encryption for data protection?

During this session, public sector cloud leaders will delve into real-world case studies highlighting successful integration of cloud security into their planning processes. They will share best practices aimed at cultivating a pervasive culture of cybersecurity awareness across all government departments and levels. The objective is not simply to meet but to surpass the standards outlined in the Executive Order, fortifying the resilience of our federal cloud ecosystem for the future.

Read More
Paul Blahusch
Paul Blahusch
Chief Information Security Officer
Department of Labor
Keith Busby
Keith Busby
Acting Chief Information Security Officer
Centers for Medicare & Medicaid Services (CMS)
Matthew Gonzalez
Matthew Gonzalez
Security Operation Chief, NTIA
Department of Commerce
Nayeem Islam
Nayeem Islam
VP, Product Management for Cloud Security
Qualys
George Jackson
George Jackson
VP, Events
GovExec

Recognizing the pivotal role of cloud security in safeguarding our federal networks, as outlined in Executive Order 14028, 'Improving the Nation's Cybersecurity,' federal IT leaders are actively pursuing avenues to enhance the security posture of their cloud environments. Key organizations such as CISA and the GSA FedRAMP office serve as invaluable resources, offering essential guidance on crafting a robust federal cloud security strategy and establishing an effective cloud service governance framework. However, the challenge remains for leaders to ensure comprehensive integration of cybersecurity standards across all levels of an agency's operations. How can leaders ensure that cybersecurity remains a central consideration in every aspect of an agency's operations? Furthermore, how are these leaders utilizing the authority of the Executive Order to drive the adoption of enhanced standards, such as multi factor authentication and encryption for data protection?

During this session, public sector cloud leaders will delve into real-world case studies highlighting successful integration of cloud security into their planning processes. They will share best practices aimed at cultivating a pervasive culture of cybersecurity awareness across all government departments and levels. The objective is not simply to meet but to surpass the standards outlined in the Executive Order, fortifying the resilience of our federal cloud ecosystem for the future.

Paul Blahusch
Paul Blahusch
Chief Information Security Officer
Department of Labor
Keith Busby
Keith Busby
Acting Chief Information Security Officer
Centers for Medicare & Medicaid Services (CMS)
Matthew Gonzalez
Matthew Gonzalez
Security Operation Chief, NTIA
Department of Commerce
Nayeem Islam
Nayeem Islam
VP, Product Management for Cloud Security
Qualys
George Jackson
George Jackson
VP, Events
GovExec
Read More
10:10 AM EDT Tuesday, May 21

10:30 AM EDT Tuesday, May 21

Keynote

Enhancing Cyber Readiness Across the DIB

30 minutes

At the forefront of an ever-evolving cyber threat landscape, the Defense Industrial Base (DIB) confronts persistent attempts by adversaries to breach critical systems and compromise sensitive data. To counter this mounting risk, the Department of Defense (DoD) has launched CMMC 2.0, an ambitious framework crafted to bolster the DIB against the rising tide of sophisticated cyber threats. This proactive initiative serves as a shield for the DIB's sensitive, unclassified information, ensuring frontline warfighters have secure data crucial for effective mission execution.

In this discussion, defense leaders will explore this dynamic cybersecriity ecosystem. They will unveil pathways toward a more secure and resilient defense industrial ecosystem, offering valuable insights into how their organizations are actively integrating CMMC into DIB operations. With a keen eye on navigating intersections with ongoing cyber fortification efforts, these leaders will also delve into synergies and collaborative strategies across various initiatives. Together, they aim to elevate the collective cybersecurity readiness of the sector, ensuring a steadfast defense against emerging threats.

Read More
Bailey Bickley
Bailey Bickley
Chief DIB Defense, Cybersecurity Collaboration Center
National Security Agency
Emily Wolfteich
Emily Wolfteich
Senior Industry Analyst
GovExec

At the forefront of an ever-evolving cyber threat landscape, the Defense Industrial Base (DIB) confronts persistent attempts by adversaries to breach critical systems and compromise sensitive data. To counter this mounting risk, the Department of Defense (DoD) has launched CMMC 2.0, an ambitious framework crafted to bolster the DIB against the rising tide of sophisticated cyber threats. This proactive initiative serves as a shield for the DIB's sensitive, unclassified information, ensuring frontline warfighters have secure data crucial for effective mission execution.

In this discussion, defense leaders will explore this dynamic cybersecriity ecosystem. They will unveil pathways toward a more secure and resilient defense industrial ecosystem, offering valuable insights into how their organizations are actively integrating CMMC into DIB operations. With a keen eye on navigating intersections with ongoing cyber fortification efforts, these leaders will also delve into synergies and collaborative strategies across various initiatives. Together, they aim to elevate the collective cybersecurity readiness of the sector, ensuring a steadfast defense against emerging threats.

Bailey Bickley
Bailey Bickley
Chief DIB Defense, Cybersecurity Collaboration Center
National Security Agency
Emily Wolfteich
Emily Wolfteich
Senior Industry Analyst
GovExec
Read More
11:00 AM EDT Tuesday, May 21

Exclusive Interview

Dispelling the Myths of Immeasurability: Effective Cybersecurity Risk Management amidst Massive Scale, Complexity & Loss

25 minutes

In this fireside chat, we will discuss the necessity of measuring risk when the stakes are high as is the complexity. How do you consider what you stand to lose at Government Scale? For example, What is a Crown Jewel Asset in this context? How do you go about assessing, prioritizing & de-risking those assets with the right priorities? How might you get started?

Eric Mill
Eric Mill
Executive Director for Cloud Security
General Services Administration
Jonathan Trull
Jonathan Trull
CISO & SVP, Security Solution Architecture
Qualys
Richard Seiersen
Richard Seiersen
Chief Risk Technology Officer
Qualys

In this fireside chat, we will discuss the necessity of measuring risk when the stakes are high as is the complexity. How do you consider what you stand to lose at Government Scale? For example, What is a Crown Jewel Asset in this context? How do you go about assessing, prioritizing & de-risking those assets with the right priorities? How might you get started?

Eric Mill
Eric Mill
Executive Director for Cloud Security
General Services Administration
Jonathan Trull
Jonathan Trull
CISO & SVP, Security Solution Architecture
Qualys
Richard Seiersen
Richard Seiersen
Chief Risk Technology Officer
Qualys
Read More
11:25 AM EDT Tuesday, May 21

Panel

Zero Trust Evolution: Meeting Federal Cybersecurity Standards

40 minutes

Cybersecurity leaders across the public sector understand that implementing zero trust security mandates goes far beyond a mere checklist item. It necessitates a profound paradigm shift, where security becomes not just foundational but a guiding principle in strategic planning. The recent OMB memorandum 22-09 outlines a Federal zero trust architecture strategy, emphasizing the pressing need for agencies to meet stringent cybersecurity standards by Fiscal Year 2024. Central to this strategy are identity-driven security measures, such as multi-factor authentication, aimed at shielding personnel from sophisticated cyber threats. However, it is essential to recognize that this memorandum marks not the endpoint but a crucial step towards establishing a robust zero trust architecture.

In this enlightening session, zero trust leaders will explore the best practices designed to elevate cybersecurity within the public sector. They will explore the intricacies of zero trust implementation, showcasing how this approach has been instrumental in safeguarding their networks and data. Through their experiences, they will illuminate the strategic maneuvers undertaken to meet Zero Trust requirements, offering invaluable insights into their journey and outlining their trajectory leading into 2024.

Read More
Gerald Caron
Gerald Caron
Chief Information Officer
International Trade Administration
Amy S. Hamilton, PhD.
Amy S. Hamilton, PhD.
Visiting Faculty Chair, Department of Energy
National Defense University
Jonathan Trull
Jonathan Trull
CISO & SVP, Security Solution Architecture
Qualys
Rick Friend
Rick Friend
Senior Cybersecurity Solutions Architect
Merlin Cyber
George Jackson
George Jackson
VP, Events
GovExec

Cybersecurity leaders across the public sector understand that implementing zero trust security mandates goes far beyond a mere checklist item. It necessitates a profound paradigm shift, where security becomes not just foundational but a guiding principle in strategic planning. The recent OMB memorandum 22-09 outlines a Federal zero trust architecture strategy, emphasizing the pressing need for agencies to meet stringent cybersecurity standards by Fiscal Year 2024. Central to this strategy are identity-driven security measures, such as multi-factor authentication, aimed at shielding personnel from sophisticated cyber threats. However, it is essential to recognize that this memorandum marks not the endpoint but a crucial step towards establishing a robust zero trust architecture.

In this enlightening session, zero trust leaders will explore the best practices designed to elevate cybersecurity within the public sector. They will explore the intricacies of zero trust implementation, showcasing how this approach has been instrumental in safeguarding their networks and data. Through their experiences, they will illuminate the strategic maneuvers undertaken to meet Zero Trust requirements, offering invaluable insights into their journey and outlining their trajectory leading into 2024.

Gerald Caron
Gerald Caron
Chief Information Officer
International Trade Administration
Amy S. Hamilton, PhD.
Amy S. Hamilton, PhD.
Visiting Faculty Chair, Department of Energy
National Defense University
Jonathan Trull
Jonathan Trull
CISO & SVP, Security Solution Architecture
Qualys
Rick Friend
Rick Friend
Senior Cybersecurity Solutions Architect
Merlin Cyber
George Jackson
George Jackson
VP, Events
GovExec
Read More
12:05 PM EDT Tuesday, May 21

Main Stage

Lunch

1 hour
1:05 PM EDT Tuesday, May 21

Panel

Open-Source Solutions: Transforming Federal Supply Chain Security

40 minutes

The Federal Government relies heavily on a myriad of products and services for critical functions. However, the global supply chain for these technologies faces relentless threats from nation-state and criminal actors, who seek to steal sensitive information, intellectual property, and disrupt the Government’s ability to provide secure services to the public. In response, OMB and NIST have provided guidance, such as memo 22-18 titled 'Enhancing the Security of the Software Supply Chain through Secure Software Development Practices,' outlining steps to ensure software producers adhere to secure development practices. While this guidance primarily targets federal agencies and their software providers, widespread industry adoption could potentially prevent catastrophic cyberattacks on the global supply chain.

Join us for an enlightening session where we discuss open-source solutions designed to enhance first-party risk management in alignment with the principles of memo 22-18. Public sector leaders will engage in discussions regarding the challenges and opportunities inherent in safeguarding global supply chains from cyberattacks, natural disasters, and geopolitical uncertainties. Furthermore, they will explore the potential of blockchain, IoT, and AI-driven solutions for enhanced transparency and real-time risk management.

Read More
Jon Boyens
Jon Boyens
Deputy Chief of the Computer Security Division
NIST
Shon Lyublanovits
Shon Lyublanovits
C-SCRM PMO Lead
Cybersecurity & Infrastructure Security Agency
Jeanette McMillian
Jeanette McMillian
Assistant Director of Supply Chain and Cyber Directorate
National Counterintelligence and Security Center (ODNI)
Jonathan Trull
Jonathan Trull
CISO & SVP, Security Solution Architecture
Qualys
George Jackson
George Jackson
VP, Events
GovExec

The Federal Government relies heavily on a myriad of products and services for critical functions. However, the global supply chain for these technologies faces relentless threats from nation-state and criminal actors, who seek to steal sensitive information, intellectual property, and disrupt the Government’s ability to provide secure services to the public. In response, OMB and NIST have provided guidance, such as memo 22-18 titled 'Enhancing the Security of the Software Supply Chain through Secure Software Development Practices,' outlining steps to ensure software producers adhere to secure development practices. While this guidance primarily targets federal agencies and their software providers, widespread industry adoption could potentially prevent catastrophic cyberattacks on the global supply chain.

Join us for an enlightening session where we discuss open-source solutions designed to enhance first-party risk management in alignment with the principles of memo 22-18. Public sector leaders will engage in discussions regarding the challenges and opportunities inherent in safeguarding global supply chains from cyberattacks, natural disasters, and geopolitical uncertainties. Furthermore, they will explore the potential of blockchain, IoT, and AI-driven solutions for enhanced transparency and real-time risk management.

Jon Boyens
Jon Boyens
Deputy Chief of the Computer Security Division
NIST
Shon Lyublanovits
Shon Lyublanovits
C-SCRM PMO Lead
Cybersecurity & Infrastructure Security Agency
Jeanette McMillian
Jeanette McMillian
Assistant Director of Supply Chain and Cyber Directorate
National Counterintelligence and Security Center (ODNI)
Jonathan Trull
Jonathan Trull
CISO & SVP, Security Solution Architecture
Qualys
George Jackson
George Jackson
VP, Events
GovExec
Read More
1:45 PM EDT Tuesday, May 21

Exclusive Interview

Optimizing Cyber Defenses: Exploring CDM's Strategic Vision

30 minutes

The federal government's Continuous Diagnostics and Mitigation (CDM) program stands as a cornerstone in fortifying cybersecurity defenses, successfully thwarting significant cyberattacks and bolstering the resilience of government systems. Mandated by CISA's Binding Operational Directive 23-01, federal civilian executive branch agencies are required to elevate network asset visibility and vulnerability detection. These agencies must conduct automated asset discovery every seven days and vulnerability scanning every 14 days, with results uploaded to the CDM Dashboard. With the Biden administration's fiscal 2024 budget request earmarking over $400 million for the CDM program, what new horizons await? How can the program be strategically utilized to further enhance cyber operations?

Join us for an insightful session where leaders from the CDM office will navigate the program's future trajectory, uncovering pathways for optimization. Explore with us as we delve into crucial questions surrounding scope expansion, innovative strategy implementation, and the indispensable need for adaptability in the ever-evolving landscape of cyber risks.

Read More
Richard Grabowski
Richard Grabowski
Acting Program Manager, CDM
Cybersecurity & Infrastructure Security Agency
Mark Canter
Mark Canter
Chief Information Security Officer
Government Accountability Office
Shailesh Athalye
Shailesh Athalye
Senior Vice President, Product Management
Qualys
Emily Wolfteich
Emily Wolfteich
Senior Industry Analyst
GovExec

The federal government's Continuous Diagnostics and Mitigation (CDM) program stands as a cornerstone in fortifying cybersecurity defenses, successfully thwarting significant cyberattacks and bolstering the resilience of government systems. Mandated by CISA's Binding Operational Directive 23-01, federal civilian executive branch agencies are required to elevate network asset visibility and vulnerability detection. These agencies must conduct automated asset discovery every seven days and vulnerability scanning every 14 days, with results uploaded to the CDM Dashboard. With the Biden administration's fiscal 2024 budget request earmarking over $400 million for the CDM program, what new horizons await? How can the program be strategically utilized to further enhance cyber operations?

Join us for an insightful session where leaders from the CDM office will navigate the program's future trajectory, uncovering pathways for optimization. Explore with us as we delve into crucial questions surrounding scope expansion, innovative strategy implementation, and the indispensable need for adaptability in the ever-evolving landscape of cyber risks.

Richard Grabowski
Richard Grabowski
Acting Program Manager, CDM
Cybersecurity & Infrastructure Security Agency
Mark Canter
Mark Canter
Chief Information Security Officer
Government Accountability Office
Shailesh Athalye
Shailesh Athalye
Senior Vice President, Product Management
Qualys
Emily Wolfteich
Emily Wolfteich
Senior Industry Analyst
GovExec
Read More
2:15 PM EDT Tuesday, May 21

Keynote

Closing Keynote with DOE's Paul Selby

30 minutes

During this presentation, Paul Selby, CISO of the Department of Energy (DOE), will explore key aspects of government cybersecurity. In line with the theme "Shaping Government's Resilience Through Risk Management," he will delve into critical risks facing agencies today. Discover how the DOE proactively safeguards its data against evolving cyber threats and addresses emerging issues in the public sector.

Paul Selby
Paul Selby
Chief Information Security Officer
Department of Energy

During this presentation, Paul Selby, CISO of the Department of Energy (DOE), will explore key aspects of government cybersecurity. In line with the theme "Shaping Government's Resilience Through Risk Management," he will delve into critical risks facing agencies today. Discover how the DOE proactively safeguards its data against evolving cyber threats and addresses emerging issues in the public sector.

Paul Selby
Paul Selby
Chief Information Security Officer
Department of Energy
Read More
2:45 PM EDT Tuesday, May 21

Main Stage

Qualys Closing Remarks

15 minutes
Jonathan Trull
Jonathan Trull
CISO & SVP, Security Solution Architecture
Qualys
Jonathan Trull
Jonathan Trull
CISO & SVP, Security Solution Architecture
Qualys
Read More
3:00 PM EDT Tuesday, May 21

Promo Image