CSA Federal Summit 2015
CEO, Cloud Security Alliance
For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim's innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance.
Infrastructure and Security Architecture Lead, Monsanto
David is a member of both Monsanto IT’s Strategy and Architecture team and their Information Security Office. David’s team is responsible for infrastructure and security architecture strategies that Monsanto uses to deliver secure cloud-based platforms that help farmers produce more using fewer resources.
Prior to joining Monsanto in 2012, David spent almost twenty years at Anheuser-Busch, Inc. and Microsoft in a variety of roles including System Support, Client and Network Architecture, Information Security, and Application Architecture.
The Trippie Group, LLC
Keith Trippie is a former Government Senior Executive, change agent and innovative thought leader with over 20 years of experience driving revenue in the private sector and delivering innovative results for the federal government.
He is the founder and CEO of The Trippie Group LLC, which provides executive consulting and board services to help companies generate revenue in a number of innovative technology arenas including cloud computing, mobile, big data/analytics, cyber and product development, among others.
As part of The Trippie Group LLC., Mr. Trippie is developing a mobile app, urMuv, to address a gap in the consumer Real Estate marketplace. Mr. Trippie has also partnered with two other executives to pursue a cyber start up that will provide disruptive technology focusing on human vulnerability, cyber insurance and gamification.
Mr. Trippie currently serves as an advisor and board role with several organizations supporting investment decisions, due diligence and strategy.
He previously served as Senior Executive at the Department of Homeland Security (DHS) within the Office of the Chief Information Officer (OCIO), where he successfully led a new division from a start-up organization to a mature 150 person, $70M+ enterprise organization. In this role, Mr. Trippie led a Risk Management Division which oversaw the cyber posture of more than 20 enterprise class services. Before this position, Keith served as the Acting Executive Director for the Enterprise Business Management Office (EBMO) within DHS OCIO where he oversaw the department’s $6B IT portfolio. Keith started his DHS career at the Transportation Security Administration (TSA) where he designed, developed and deployed a secure information-sharing capability.
Keith holds numerous awards including the Fed 100 Award, Fierce Government 15, and FedScoop 50. Prior to serving the federal government, Mr. Trippie started two companies, with one delivering logistics brokerage services in the North American Southwest region. He is a graduate of the University of Arkansas and the Harvard Business School Executive Education Program for Leadership Development.
Program Director, Federal Risk and Authorization Management Program (FedRAMP), U.S. General Services Administration (GSA)
Matt Goodrich has served as the FedRAMP Program Director as part of the Federal Cloud Computing Initiative in the Office of Citizen Services and Innovative Technologies since August of 2009. In this role, he manages the day to day operations of FedRAMP and sets the overall direction of the program. Mr. Goodrich began his career in the Federal Government as a Presidential Management Fellow (PMF) for GSA. As a PMF, Matt worked on the Federal Cloud Computing Initiative as project manager for Apps.gov, helped in the creation of multiple cloud procurements. In 2011, Mr. Goodrich spent 6 months in the eGovernment office in the Office of Management and Budget (OMB) working under the former Federal CIO Vivek Kundra as well as the current Federal CIO Stephen VanRoekel. During his tenure at OMB, Mr. Goodrich focused his efforts on government-wide cloud computing policy issues, drafted a white paper providing guidance to agencies in how to procure cloud services, and helped oversee agency IT portfolios.
Mr. Goodrich has a BBA in Computer Information Systems from the University of Miami and a Juris Doctor from the University of Denver.
Dr. Michaela Iorga
Sr. Security Technical Lead for Cloud Computing, NIST
Dr. Iorga serves as the senior security technical lead for the NIST Cloud Computing. She joined NIST team in 2008, bringing a diverse background and deep understanding of information systems security, cybersecurity, identity and privacy issues, and strong knowledge in the development of complex security architectures, having served in a wide range of consulting positions with government and private industry. Dr. Iorga is also leading several other NIST efforts, among them are the development of the Federal Information Processing Standard 140‐3 , Security Requirements for Cryptographic Modules; and the implementation of a NIST public, secure randomness source. She also contributes to the NIST efforts of developing the security testing and certification requirements for electrical smat grids. Before joining NIST, Dr. Iorga was the president of the MiTech Consulting Inc., and subsequently held other private sector positions with VDG inc., Duke University, and Merchand Marine Institute of Constanta.
Dr. Iorga is a magna cum laude gradute of the University of Lower Danube from where she holds a B.S. and M.S. in naval architecture and maritime engineering, and a Ph.D. from Duke University, Pratt School of Engineering, in 1998.
Founder and CEO, Palerra
Rohit founded Palerra in 2013 with the vision of ushering in a new paradigm in security and devops; one that would enable enterprises to confidently embrace and accelerate the move to the cloud.
Rohit has spent his entire career in enterprise software. Most recently, he was Vice President and General Manager for the Remedy IT Service Management division at BMC Software, a product line producing over $500M in revenues. At BMC, Rohit helped build and grow their first two SaaS offerings including RemedyForce and RemedyOnDemand. Prior to BMC, Rohit was Vice President of Product Management for Identity and Access Management (IAM) at Oracle Corporation, with responsibility for product strategy, marketing, business development and alliances. Under his leadership, Oracle rapidly grew their IAM market presence from a nascent player to market leadership with revenues over $300M, in the first five years since inception. Rohit earned his Masters degree in Computer Science from Case Western Reserve University. He is a well-known speaker and thought leader in the industry on topics of application and data security, identity management and cloud computing.
VP IT Risk Management, McKesson Corporation
Vince has been with McKesson Corporation for over six years focusing on building the IT risk management and security capabilities within McKesson Corporation. Over the last two years, he has worked closely with the Cloud Security Alliance in building an IT vendor risk management program – with a specific focus on Cloud Computing Service providers.
Prior to joining McKesson, Vince held various leadership roles with major financial service firms within their Internal Audit and Risk Management functions. Vince’s career also included over 12 years as a partner in PriceWaterhouseCoopers specializing in Technology Risk advice and consulting. Vince is a graduate of Penn State University with a degree in Mechanical Engineering and the University of Maryland with an MBA in Operations Research. Vince is active with various risk management and security organizations, and is co-chair of the Healthcare Information Working Group of the Cloud Security Alliance.
Bob Gourley is the publisher of CTOvision.com and ThreatBrief.com and is a co-founder and partner of Cognitio. Bob’s first career was as a naval intelligence officer, which included operational tours in Europe and Asia. Bob was the first Director of Intelligence (J2) at DoD’s cyber defense organization JTF-CND. Following retirement from the Navy, Bob was an executive with TRW and Northrop Grumman, and then returned to government service as the CTO of the Defense Intelligence Agency (DIA). Bob was named one of the top 25 most influential CTOs in the globe by Infoworld. He was selected for AFCEAs award for meritorious service to the intelligence community, and was named by Washingtonian as one of DC’s “Tech Titans.” Bob was named one of the “Top 25 Most Fascinating Communicators in Government IT” by the Gov2.0 community GovFresh. Bob was noted as “Most Influential on Twitter for Big Data” by Forbes. The blog he founded and publishes, CTOvision, is now ranked among the top 50 federal technology blogs.
CEO, Security Growth Partners (SGP) | Chairman of KoolSpan
Elad serves as CEO of Security Growth Partners (SGP) and Chairman of KoolSpan. Elad drives cyber security companies to rapid growth and his experience includes roles as an entrepreneur, executive, consultant, investor and banker. Recently Elad served as CEO of Vaultive, a cloud encryption company. His entrepreneurial experience includes Riptech, a provider of managed security services to gov’ts and global corporations, acquired by Symantec; Sentrigo, a provider of Database security acquired by McAfee; and MediaSentry, a provider of anti-piracy solutions to the movie & music industries, acquired by SafeNet. Elad was a strategic investor and advisor to NetWitness (acquired by EMC/RSA), ThreatGrid (acquired by Cisco), and Insightix (acquired by McAfee). E&Y recognized Elad as “Entrepreneur of the Year”. Elad is a member of Boards, including KoolSpan, Red Owl Analytics, Mischel Kwon Associates, the Cloud Security Alliance New York Metro Chapter; and Trustee of the Jewish Chapel Fund at West Point. Previously he served on the FBI’s Information Technology Advisory Council. Elad co-authored the Internet Security Threat Report, cited to Congress. Elad served as an Army officer and is a veteran of Operation Restore Hope in Somalia. Elad holds an MBA from Wharton and a B.S. from the US Military Academy at West Point.
Federal Director, Cloud Security Alliance
William Corrington, Federal Director for the Cloud Security Alliance (CSA), has over 35 years of experience in the Information Technology industry. He has worked as a software engineer, systems architect, project manager, management consultant and entrepreneur in a variety of vertical and horizontal markets. A former Vice President with Gartner Consulting's Federal practice, Bill spent four years serving as the Chief Technology Officer for the U.S. Department of the Interior where he was the principal architect for Interior's cloud computing strategy and led the planning and implementation to securely move 80,000 users to a cloud-based email system. As the Federal Director for the Cloud Security Alliance (CSA), he is focused on extending the reach of CSA’s best practices, education and standards for secure cloud computing to support the needs of Federal government agencies.
Director of Information Security for Digital Marketing, Adobe
Mike Mellor is the Director of Information Security for Digital Marketing. He came to Adobe from the US Federal Government where he was the Deputy Chief Information Security Officer at the Centers for Medicare and Medicaid Services. The Centers for Medicare and Medicaid Services is the largest payer of healthcare services in the world with an information technology budget of over $ 3 billion per year. The information security programs that Mike has led have received industry awards and recognition to include a 2012 SANS Cybersecurity Innovation award for continuous monitoring. He holds a bachelors degree in information systems from Utah State University and a masters degree in business administration from Idaho State University. He holds numerous information security certifications.
CEO and Co-founder, Evident.io
Tim Prendergast is CEO and co-founder of Evident.io. Tim co-founded Evident.io with the goal of making cloud security approachable and repeatable for companies of all sizes and enabling them to avoid the pain he endured over 3 years of successfully defending the Adobe AWS infrastructure from inception to production. Tim is a security industry veteran with over 15 years of experience and is a recognized expert and frequent speaker on the subject of public cloud, AWS, and DevOps security. Tim has significant experience as both a security practitioner, leading security teams at companies such as Adobe, Ingenuity, and Ticketmaster, as well as helping develop commercial security solutions for vendors such as McAfee and Entercept.
Web Services Executive, NASA
Roopangi Kadakia is the Web Services Executive for NASA since 2011. She has been instrumental in bringing over 150 applications and websites into the cloud. Prior to her time at NASA, she was the CISO for the International Finance Corporation of the World Bank Group where she created a global security program. She was also the CISO and Deputy CIO for Science and Technology Directorate at the Department of Homeland Security. Roopangi was the Technical Director for the Presidential Initiative FirstGov at startup. This is now usa.gov. Roopangi has also been a Peace Corp Volunteer in Malawi and has worked for Peace Corps.
Chief Information Security Officer, Lancope
Andrew Wild is the Chief Information Security Officer at Lancope Inc., a leading provider of security intelligence and network visibility to defend agencies against today’s top threats. Wild is a long-time information security and risk management professional who has spent over 25 years developing effective, customer-driven information security, incident response, compliance and secure networking programs for IT and security organizations. Previously Wild was the CSO at Qualys, directed Information Security at EMC Corporation and spent nearly 10 years Transaction Network Services (TNS) in several roles including CSO. Wild’s earlier roles include network engineering positions with British Telecom and Sprint, as well as five years as an officer in the United States Army Signal Corps. Wild holds a bachelor’s and master’s degree in electrical engineering from the United States Military Academy at West Point and the George Washington University, respectively.
Mr. Weiler is the Co-Founder and Executive Director of the Interoperability Clearinghouse (ICHnet.org), a public-private partnership (501(c)(6)) formed to advance key elements of the Clinger Cohen Act by establishing collaborative mechanisms that tap commercial IT Acquisition best practices and implementation results. He has over 30 years of IT management experience in solution architectures, service level management, portfolio management, and risk management supporting fortune 100 companies and many of the federal agencies in civilian, defense and intelligence. His contribution to establishing innovative approaches in aligning business/infrastructure requirements with interoperable solutions has made a positive impact on numerous agencies seeking to improve the efficacy of agency IT Capability Planning and Investment Processes. His accomplishments include co-development of a DOD/GSA Certified Agile Acquisition Framework, architecting of FITARA with Chairman Lankford, development of DISA’s Cloud Assessment Framework, and supporting creation of FEA Models under the ACT/IAC Architecture SIG he co-chaired.
Senior Technical Advisor, Trend Micros
David has worked in the data security industry for 17 years. Most of those years have been spent at Trend Micro where he currently works as a Senior Technical Advisor for the company’s largest customers in the northeast region, focusing primarily on cloud and virtualization security. He received his bachelor’s degree in computer science from Brandeis University, and a master’s degree in computer science from George Washington University. When he is not playing drums/singing in a rock cover band called 45 RPM, playing ice hockey in a local adult league, or coaching his son’s baseball team, he is pursuing ordination in the ALEPH Cantorial program. If you're extra nice to him, he may tell you about the time his family auditioned for Family Feud.
The Cloud Security Alliance Federal Summit is a free for government, full-day event. For preliminary registration for the Cloud Security Alliance Federal Summit, please visit: http://www.fedsummits.com/csa/
The Cloud Computing Security Knowledge- Foundation class provides students a comprehensive review of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK v3.0 certificate exam. CCSK Training will be held after the summit on May 6 & 7, and includes two exam vouchers.
Cloud Security Alliance Federal Summit 2015
Tuesday, May 5th - 9:00am to 5:00pm
Ronald Reagan Building 1300 Pennsylvania Ave NW, Washington, DC 20004
Cloud computing is a fast growing segment of the Federal IT landscape and is destined to become our next data center. Cloud Security Alliance has put together a stellar program of thought leaders from government and the private sector to provide key insights into security compliance, architecture, technology and defending the latest threats.
The Cloud Security Alliance Federal Summit is a free for government event, comprised of information security professionals from civilian and defense agencies to share experiences and learn about the best practices for securing cloud computing and emerging security topics.
Take advantage of this rare opportunity to collaborate with peers, receive actionable best practices and learn about security trends at the CSA Federal Summit.
Partial List of Program Topics:
"CSA Software Defined Perimeter Initiative"
Presenting: Jim Reavis, CEO, Cloud Security Alliance
"Status of CSA and FedRAMP Collaboration Efforts"
Presenting: Matt Goodrich, FedRAMP Program Director
"NIST Cloud Security Overlay and CSA Enterprise Architecture"
Presenting: Dr. Michaela Iorga, Sr. Security Technical Lead for Cloud Computing, NIST
Panel Discussion: Cloud Implementation Lessons learned
|7:30AM – 8:00AM||
Registration, Breakfast, Exhibits
|8:00AM – 8:15AM||
Welcome and Opening Remarks
|8:15AM – 8:45AM||
|8:45AM – 9:30AM||
The Cyber Threat: Lessons learned from history and ongoing operations
Presenter: Bob Gourley, Partner, Cognito
This presentation by one of the pioneers in intelligence support to cyber security and author of the best selling book "The Cyber Threat" extracts real world lessons that should inform strategic, operational and tactical decisions in network defense.
|9:30AM – 10:00AM||
Industry Insights: Beyond Shadow IT — Turning Concern into Opportunity
Speaker: Kaushik Narayan, Co-Founder & CTO, Skyhigh Networks
Even before Hilary Clinton became the new face of shadow IT, government agencies struggled with the challenges and risks from technology that employees bring into the workplace (i.e. Shadow IT). In this session, we’ll look at cloud usage in the public sector to surface some startling statistics about shadow IT in government, including the prevalence of insider threats and compromised accounts putting government data at risk. We’ll share specific projects that IT and security teams have completed to flip shadow IT from a concern to an opportunity and secure their data in the cloud.
|10:00AM – 10:30AM||
|10:30AM – 11:15AM||
Panel: "Managing Cloud Security: Considerations and Best Practices"
Moderator: Bill Corrington, Federal Director, Cloud Security Alliance
|11:15AM – 12:00AM||
"Not all Clouds are equal — Can you Tell the Difference?
|12:00PM – 1:00PM||
|1:00PM – 1:30PM||
Industry Insights: Compliance is More than a “Documentation effort”
Speaker: Mike Mellor, Director of Information Security for Digital Marketing, Adobe
To be a world-class cloud services company not only requires being agile and innovative but also living up to the trust our customers put into the service. Major frameworks like FedRAMP and others often invoke fear that everyone is in for a grueling documentation and legal exercise that just slows everything down. However, we have found that in the cloud services world it is possible approach compliance as a possible competitive differentiator — and something that is of immense benefit to the business in terms of process, efficiency, and instilling a deeper culture of security.
This session will discuss the approach Adobe took to FedRAMP and our learnings from that, including the Adobe Common Controls Framework (CCF) — our approach to meeting the compliance challenge in a cloud services world that builds upon existing efforts like the CSA Cloud Controls Matrix. We hope at the end of this session you will have the tools you need to use compliance as a tool to gain your own competitive advantage.
|1:30PM – 2:15PM||
Panel Discussion — Cloud Implementation Lessons Learned
Moderator: Elad Yoran, CEO, Security Growth Partners (SGP) | Chairman, KoolSpan
|2:15PM – 2:45PM||
|2:45PM – 3:30PM||
Update on the FedRAMP 2-year Roadmap and Mapping to industry Standards
Presenting: Matt Goodrich, FedRAMP Program Director, GSA
The Federal Risk Assessment and Management Program (FedRAMP) provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by Federal government agencies. This presentation will provide an overview of the two-year FedRAMP roadmap and strategic goals. The presentation will also provide an update on the current status of mapping the FedRAMP security controls to other industry standards, including the CSA Cloud Controls Matrix (CCM).
|3:30PM – 4:00PM||
Industry Insights: Evolving Security in the Federal Cloud -
|4:00PM – 4:45PM||
Closing Keynote: The Business of Cloud
Presenting: Keith Trippie, The Trippie Group
Cloud is transforming businesses on a global level and the number of new cloud offerings and companies are growing annually. The reason for this growth is less about the technology and more about the economics of cloud. Time to market for new services, reducing capital expenditures and providing transparent operational expenses are just a few of the business reasons why commercial entities are adopting this new deployment model. This discussion and Q and A will include observations and lessons learned from a former SES who led the Cloud practice for the Department of Homeland Security as well has his experiences leveraging cloud in the commercial sector to build applications, including mobile.
|4:45PM – 6:00PM||
Federal Summit 2015 Presentations
|Cloudy with Showers of Business Opportunities
and a Good Chance of Security and Accountability
Dr. Michaela Iorga - Sr. Security Technical Lead for Cloud Computing, NIST
|FedRAMP and CSA Collaboration - Ensuring Secure Cloud Computing for the USG
Matt Goodrich - Program Director at FedRAMP,
U.S. General Services Administration (GSA)
|Cyber Threats - Insights from history and current operations
Bob Gourley - Partner, Cognitio
|Evolving Security in the Federal Cloud -
Lessons Learned from Private Sector DevSecOps
Tim Prendergast - CEO and Co-founder, Evident.io
|The Software Defined Perimeter Initiative
Jim Reavis - CEO & Founder Cloud Security Alliance
|Deploying IT for a Buck a Day: Cheaper than a Cup of Joe
Keith Trippie - Chief Executive Officer /The Trippie Group LLC