Agenda Announced for Northern Virginia and Metropolitan Maryland chapters of ARMA Spring Seminar 2020

Information Security In an Insecure World

Wednesday, April 22, 2020, 8:15-4:45

Grant Thornton LLP, 1000 Wilson Boulevard, 15th Floor, Arlington, VA 22209

Jointly presented by the Northern Virginia and Metropolitan Maryland chapters of ARMA

The importance of information security has been steadily rising and has caught the full attention of the C-suite. Data breaches, new privacy regulations, and reports of rogue actors hacking public and private networks fill the news, as anxiety about protecting our most sensitive information grows. At the same time, business and government leaders are increasingly interested in leveraging cloud-based collaboration tools, artificial intelligence, the Internet of Things, and other emerging technologies – all of which present significant security challenges.

7:45-8:20            Registration/Breakfast

8:20-8:30            Welcome/Introductions: Chapter presidents

8:30-10:00     Erik Winebrenner, VP, Chief Information Security Officer at Thermo Fisher Scientific

                           Building a Culture that Minimizes Risks

According to McKinsey & Company, a risk culture is defined as “the norms of behavior for individuals and groups within an organization that determine the collective ability to identify and understand, openly discuss and act on the organization’s current and future risks.” How does an organization overcome barriers to understanding and acting on risk? Once the Csuite buys into the need to develop a plan to address information security risks, how do we influence the thinking and behavior of our employees?

10:00-10:25  Break

10:25-11:55  Panel discussion: Angela Dingle, President & CEO, Ex Nihilo; Danyetta Magana, President, Covenant Security Solutions; E. Wayne Rose, PhD, IT Strategy, Security and Leadership Consultant

                           Balancing Security Compliance with the Need for Collaboration, Openness, and Transparency

It is often easier to develop a plan for addressing security compliance than it is to implement it – especially when there is a potential conflict between the goal of securing organizational data and embracing other organizational priorities such as encouraging collaboration and demonstrating openness and transparency. The panel will discuss how to strike the right balance in addressing these sometimes-competing demands.

11:55-1:10     Lunch and Optional Speed Networking

Representatives from our top-level sponsors will spend 10 minutes at each table in an interactive format to discuss topics of mutual interest

1:10-2:40       Mark Riddle, Principal for CUI Program Oversight, National Archives and Records Administration

                           CUI/NIST Compliance and Management

Agencies and government contractors are rising to the challenge of complying with the Federal government’s information security requirements. This presentation will provide an overview of requirements, including FedRAMP and NIST 800-171 compliance, protecting Controlled Unclassified Information, and navigating the new Cybersecurity Maturity Model Certification process, and will provide advice on how to get started, and what priorities are most important to address.

2:40-3:05       Break

3:05-4:35       Kevin A. McGrail, Director of Business Growth, InfraShield

The Future of Information Security and Privacy

This presentation will provide a practical take on data security and privacy in 2020.  Are data security and privacy a source of growth in business?  Can they be a competitive differentiator? Kevin (aka KAM) will address “Zero Trust” network models and review the Practical Vision for a Zero Trust Network Model Implementation he wrote for a US federal agency. Along with discussing Zero Trust, he’ll define “toxic data” and challenge you to ask hard questions such as, “Do we really need this data?” and “Can we dispose of this data?”  After all, it’s hard to have data compromised in a breach if you don’t have the data. Finally, he will discuss the impact of some of the legal requirements for data security and privacy including those embodied in CCPA, GDPR, COPPA & HIPAA.

4:35-4:45       Conclusion/Wrap-up: Chapter presidents

Speakers

ANGELA DINGLE, CMC, CGEIT

President & CEO, Ex Nihilo

Angela is a Certified Management Consultant (CMC) with more than 23 years of experience in the areas of management consulting, information technology, project management, training, services sales and sales support. She successfully launched and managed several professional services organizations, and is certified in the Governance of Enterprise Information Technology (CGEIT). Angela is an architect of high-performance software development and quality assurance teams, is experienced in a variety of management techniques and IT methodologies, and has strong international logistics engineering and system deployment experience.

DANYETTA FLEMING MAGANA, CISSP

President, Covenant Security Solutions

Danyetta is the Founder/President of Covenant Security Solutions Inc. Her goal is to push the envelope regarding how we think about our information and find new and innovative ways to secure our digital way of life. She is a Certified Information Systems Security Professional (CISSP), and serves on several advisory boards, including the Armed Forces Communications and Electronics Association (AFCEA), the International Technology Committee, the International Consortium of Minority Cyber Professionals (ICMCP) and the Science and Technology Policy Center for Development (STPCD). She has received numerous recognitions and awards, including being named Fellow with the Institute for Critical Infrastructure Technology (ICIT), and receiving the Army’s Achievement Medal for Civilian Service.

KEVIN A. McGRAIL

Director of Business Growth, Infrashield.com

In his role as Director of Business Growth @ InfraShield.com, Kevin A. McGrail, aka KAM, focuses on cyberphysical security for critical infrastructure. Kevin loves Open Source Software and is a member of the Apache Software Foundation. He is a cyber security and privacy expert, and his research protects millions of Internet users every day. He is an advisor for SecurityUniversity.edu & Virtru.com as well as a Director at the Dysautonomia Support Network and The McGrail Foundation. His latest honor is becoming a member of the U.S. Marine Corps Cyber Auxiliary.

MARK RIDDLE

Senior Program Analyst for the Information Security Oversight Office (ISOO) at the National Archives and Records Administration

Mark serves as Lead for implementation and oversight activities for the Controlled Unclassified Information (CUI) Program. He co-authored the National Institute for Standards and Technology Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (June 2015). This publication recommends standards for protecting CUI in nonfederal electronic environments that may be prescribed in agreements between Federal and non-Federal partners. He consults with executive branch departments and agencies, and with industry and other non-Federal organizations on the structure and implementation of the CUI program, and its impact on the protection of sensitive information within these entities..

E. WAYNE ROSE, PhD, CIO, CISO, ISSP, CFO, GSL, PCFM

IT Strategy, Security and Leadership Consultant

Wayne is an integrative information strategic thinker and technical leader with business acumen to analyze business needs, develop high-level overarching strategic leadership plans embedded via strategic goals and objectives, and operationalize via proven solutions to advance the organization. He is currently an independent consultant with more than 30 years’ experience in IT and security. He most recently served as Vice President for Information Technology & Chief Information Officer for Bowie State University. Before that he worked in leadership roles at SAIC, the Naval Criminal Investigative Service, and Swissotel Hotels & Resorts. He has numerous licenses and certifications, including Chief Information Officer, Chief Information Security Officer, Government Strategic Leader, and Information Systems Security Professional.

ERIK WINEBRENNER

VP, Chief Information Security Officer at Thermo Fisher Scientific

Erik has spent two decades leading strategic cyber programs. Within these programs, he has introduced new ideas and effective ways to strengthen the security capabilities of global multi-billion dollar companies by not only utilizing advanced tools and best practices, but also in developing efficient processes to support risk management and data protection. He is passionate about building teams and leading cybersecurity professionals that are focused on managing risk and combating advanced threats within large-scale global and complex environments. He loves to teach others and has spent close to a decade teaching cybersecurity for the Masters Program at Towson University.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.