Information Security In an Insecure World
Wednesday, April 22, 2020, 8:15-4:45
Grant Thornton LLP, 1000 Wilson Boulevard, 15th Floor, Arlington, VA 22209
Jointly presented by the Northern Virginia and Metropolitan Maryland chapters of ARMA
The importance of information security has been steadily rising and has caught the full attention of the C-suite. Data breaches, new privacy regulations, and reports of rogue actors hacking public and private networks fill the news, as anxiety about protecting our most sensitive information grows. At the same time, business and government leaders are increasingly interested in leveraging cloud-based collaboration tools, artificial intelligence, the Internet of Things, and other emerging technologies – all of which present significant security challenges.
8:20-8:30 Welcome/Introductions: Chapter presidents
8:30-10:00 Erik Winebrenner, VP, Chief Information Security Officer at Thermo Fisher Scientific
Building a Culture that Minimizes Risks
According to McKinsey & Company, a risk culture is defined as “the norms of behavior for individuals and groups within an organization that determine the collective ability to identify and understand, openly discuss and act on the organization’s current and future risks.” How does an organization overcome barriers to understanding and acting on risk? Once the Csuite buys into the need to develop a plan to address information security risks, how do we influence the thinking and behavior of our employees?
10:25-11:55 Panel discussion: Angela Dingle, President & CEO, Ex Nihilo; Danyetta Magana, President, Covenant Security Solutions; E. Wayne Rose, PhD, IT Strategy, Security and Leadership Consultant
Balancing Security Compliance with the Need for Collaboration, Openness, and Transparency
It is often easier to develop a plan for addressing security compliance than it is to implement it – especially when there is a potential conflict between the goal of securing organizational data and embracing other organizational priorities such as encouraging collaboration and demonstrating openness and transparency. The panel will discuss how to strike the right balance in addressing these sometimes-competing demands.
11:55-1:10 Lunch and Optional Speed Networking
Representatives from our top-level sponsors will spend 10 minutes at each table in an interactive format to discuss topics of mutual interest
1:10-2:40 Mark Riddle, Principal for CUI Program Oversight, National Archives and Records Administration
CUI/NIST Compliance and Management
Agencies and government contractors are rising to the challenge of complying with the Federal government’s information security requirements. This presentation will provide an overview of requirements, including FedRAMP and NIST 800-171 compliance, protecting Controlled Unclassified Information, and navigating the new Cybersecurity Maturity Model Certification process, and will provide advice on how to get started, and what priorities are most important to address.
3:05-4:35 Kevin A. McGrail, Director of Business Growth, InfraShield
The Future of Information Security and Privacy
This presentation will provide a practical take on data security and privacy in 2020. Are data security and privacy a source of growth in business? Can they be a competitive differentiator? Kevin (aka KAM) will address “Zero Trust” network models and review the Practical Vision for a Zero Trust Network Model Implementation he wrote for a US federal agency. Along with discussing Zero Trust, he’ll define “toxic data” and challenge you to ask hard questions such as, “Do we really need this data?” and “Can we dispose of this data?” After all, it’s hard to have data compromised in a breach if you don’t have the data. Finally, he will discuss the impact of some of the legal requirements for data security and privacy including those embodied in CCPA, GDPR, COPPA & HIPAA.
4:35-4:45 Conclusion/Wrap-up: Chapter presidents
ANGELA DINGLE, CMC, CGEIT
President & CEO, Ex Nihilo
Angela is a Certified Management Consultant (CMC) with more than 23 years of experience in the areas of management consulting, information technology, project management, training, services sales and sales support. She successfully launched and managed several professional services organizations, and is certified in the Governance of Enterprise Information Technology (CGEIT). Angela is an architect of high-performance software development and quality assurance teams, is experienced in a variety of management techniques and IT methodologies, and has strong international logistics engineering and system deployment experience.
DANYETTA FLEMING MAGANA, CISSP
President, Covenant Security Solutions
Danyetta is the Founder/President of Covenant Security Solutions Inc. Her goal is to push the envelope regarding how we think about our information and find new and innovative ways to secure our digital way of life. She is a Certified Information Systems Security Professional (CISSP), and serves on several advisory boards, including the Armed Forces Communications and Electronics Association (AFCEA), the International Technology Committee, the International Consortium of Minority Cyber Professionals (ICMCP) and the Science and Technology Policy Center for Development (STPCD). She has received numerous recognitions and awards, including being named Fellow with the Institute for Critical Infrastructure Technology (ICIT), and receiving the Army’s Achievement Medal for Civilian Service.
KEVIN A. McGRAIL
Director of Business Growth, Infrashield.com
In his role as Director of Business Growth @ InfraShield.com, Kevin A. McGrail, aka KAM, focuses on cyberphysical security for critical infrastructure. Kevin loves Open Source Software and is a member of the Apache Software Foundation. He is a cyber security and privacy expert, and his research protects millions of Internet users every day. He is an advisor for SecurityUniversity.edu & Virtru.com as well as a Director at the Dysautonomia Support Network and The McGrail Foundation. His latest honor is becoming a member of the U.S. Marine Corps Cyber Auxiliary.
Senior Program Analyst for the Information Security Oversight Office (ISOO) at the National Archives and Records Administration
Mark serves as Lead for implementation and
oversight activities for the Controlled Unclassified Information (CUI) Program.
He co-authored the National Institute for Standards and Technology Special
Publication 800-171, Protecting Controlled Unclassified Information in
Nonfederal Systems and Organizations (June 2015). This publication recommends
standards for protecting CUI in nonfederal electronic environments that may be
prescribed in agreements between Federal and non-Federal partners. He consults
with executive branch departments and agencies, and with industry and other
non-Federal organizations on the structure and implementation of the CUI
program, and its impact on the protection of sensitive information within these
E. WAYNE ROSE, PhD, CIO, CISO, ISSP, CFO, GSL, PCFM
IT Strategy, Security and Leadership Consultant
Wayne is an integrative information strategic thinker and technical leader with business acumen to analyze business needs, develop high-level overarching strategic leadership plans embedded via strategic goals and objectives, and operationalize via proven solutions to advance the organization. He is currently an independent consultant with more than 30 years’ experience in IT and security. He most recently served as Vice President for Information Technology & Chief Information Officer for Bowie State University. Before that he worked in leadership roles at SAIC, the Naval Criminal Investigative Service, and Swissotel Hotels & Resorts. He has numerous licenses and certifications, including Chief Information Officer, Chief Information Security Officer, Government Strategic Leader, and Information Systems Security Professional.
VP, Chief Information Security Officer at Thermo Fisher Scientific
Erik has spent two decades leading strategic cyber programs. Within these programs, he has introduced new ideas and effective ways to strengthen the security capabilities of global multi-billion dollar companies by not only utilizing advanced tools and best practices, but also in developing efficient processes to support risk management and data protection. He is passionate about building teams and leading cybersecurity professionals that are focused on managing risk and combating advanced threats within large-scale global and complex environments. He loves to teach others and has spent close to a decade teaching cybersecurity for the Masters Program at Towson University.