CSA Federal Summit 2015

Jim Reavis

Jim Reavis

CEO, Cloud Security Alliance

For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim's innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance.

David England

David England

Infrastructure and Security Architecture Lead, Monsanto

David is a member of both Monsanto IT’s Strategy and Architecture team and their Information Security Office. David’s team is responsible for infrastructure and security architecture strategies that Monsanto uses to deliver secure cloud-based platforms that help farmers produce more using fewer resources. 

Prior to joining Monsanto in 2012, David spent almost twenty years at Anheuser-Busch, Inc. and Microsoft in a variety of roles including System Support, Client and Network Architecture, Information Security, and Application Architecture.

Keith Trippie

Keith Trippie

The Trippie Group, LLC

Keith Trippie is a former Government Senior Executive, change agent and innovative thought leader with over 20 years of experience driving revenue in the private sector and delivering innovative results for the federal government.  

He is the founder and CEO of The Trippie Group LLC, which provides executive consulting and board services to help companies generate revenue in a number of innovative technology arenas including cloud computing, mobile, big data/analytics, cyber and product development, among others.  

As part of The Trippie Group LLC., Mr. Trippie is developing a mobile app, urMuv, to address a gap in the consumer Real Estate marketplace.  Mr. Trippie has also partnered with two other executives to pursue a cyber start up that will provide disruptive technology focusing on human vulnerability, cyber insurance and gamification.   

Mr. Trippie currently serves as an advisor and board role with several organizations supporting investment decisions, due diligence and strategy.  

He previously served as Senior Executive at the Department of Homeland Security (DHS) within the Office of the Chief Information Officer (OCIO), where he successfully led a new division from a start-up organization to a mature 150 person, $70M+ enterprise organization. In this role, Mr. Trippie led a Risk Management Division which oversaw the cyber posture of more than 20 enterprise class services. Before this position, Keith served as the Acting Executive Director for the Enterprise Business Management Office (EBMO) within DHS OCIO where he oversaw the department’s $6B IT portfolio.  Keith started his DHS career at the Transportation Security Administration (TSA) where he designed, developed and deployed a secure information-sharing capability.   

Keith holds numerous awards including the Fed 100 Award, Fierce Government 15, and FedScoop 50. Prior to serving the federal government, Mr. Trippie started two companies, with one delivering logistics brokerage services in the North American Southwest region. He is a graduate of the University of Arkansas and the Harvard Business School Executive Education Program for Leadership Development.

Matt Goodrich

Matt Goodrich

Program Director, Federal Risk and Authorization Management Program (FedRAMP), U.S. General Services Administration (GSA)

Matt Goodrich has served as the FedRAMP Program Director as part of the Federal Cloud Computing Initiative in the Office of Citizen Services and Innovative Technologies since August of 2009. In this role, he manages the day to day operations of FedRAMP and sets the overall direction of the program. Mr. Goodrich began his career in the Federal Government as a Presidential Management Fellow (PMF) for GSA. As a PMF, Matt worked on the Federal Cloud Computing Initiative as project manager for Apps.gov, helped in the creation of multiple cloud procurements. In 2011, Mr. Goodrich spent 6 months in the eGovernment office in the Office of Management and Budget (OMB) working under the former Federal CIO Vivek Kundra as well as the current Federal CIO Stephen VanRoekel. During his tenure at OMB, Mr. Goodrich focused his efforts on government-wide cloud computing policy issues, drafted a white paper providing guidance to agencies in how to procure cloud services, and helped oversee agency IT portfolios.

Mr. Goodrich has a BBA in Computer Information Systems from the University of Miami and a Juris Doctor from the University of Denver.

Michaela Iorga

Dr. Michaela Iorga

Sr. Security Technical Lead for Cloud Computing, NIST

Dr. Iorga serves as the senior security technical lead for the NIST Cloud Computing. She joined NIST team in 2008, bringing a diverse background and deep understanding of information systems security, cybersecurity, identity and privacy issues, and strong knowledge in the development of complex security architectures, having served in a wide range of consulting positions with government and private industry. Dr. Iorga is also leading several other NIST efforts, among them are the development of the Federal Information Processing Standard 140‐3 , Security Requirements for Cryptographic Modules; and the implementation of a NIST public, secure randomness source. She also contributes to the NIST efforts of developing the security testing and certification requirements for electrical smat grids. Before joining NIST, Dr. Iorga was the president of the MiTech Consulting Inc., and subsequently held other private sector positions with VDG inc., Duke University, and Merchand Marine Institute of Constanta.

Dr. Iorga is a magna cum laude gradute of the University of Lower Danube from where she holds a B.S. and M.S. in naval architecture and maritime engineering, and a Ph.D. from Duke University, Pratt School of Engineering, in 1998.

Rohit Gupta

Rohit Gupta

Founder and CEO, Palerra 

Rohit founded Palerra in 2013 with the vision of ushering in a new paradigm in security and devops; one that would enable enterprises to confidently embrace and accelerate the move to the cloud. 

Rohit has spent his entire career in enterprise software. Most recently, he was Vice President and General Manager for the Remedy IT Service Management division at BMC Software, a product line producing over $500M in revenues. At BMC, Rohit helped build and grow their first two SaaS offerings including RemedyForce and RemedyOnDemand. Prior to BMC, Rohit was Vice President of Product Management for Identity and Access Management (IAM) at Oracle Corporation, with responsibility for product strategy, marketing, business development and alliances. Under his leadership, Oracle rapidly grew their IAM market presence from a nascent player to market leadership with revenues over $300M, in the first five years since inception. Rohit earned his Masters degree in Computer Science from Case Western Reserve University. He is a well-known speaker and thought leader in the industry on topics of application and data security, identity management and cloud computing. 

Vincent Campitelli

Vincent Campitelli

VP IT Risk Management, McKesson Corporation

Vince has been with McKesson Corporation for over six years focusing on building the IT risk management and security capabilities within McKesson Corporation. Over the last two years, he has worked closely with the Cloud Security Alliance in building an IT vendor risk management program – with a specific focus on Cloud Computing Service providers. 

Prior to joining McKesson, Vince held various leadership roles with major financial service firms within their Internal Audit and Risk Management functions. Vince’s career also included over 12 years as a partner in PriceWaterhouseCoopers specializing in Technology Risk advice and consulting. Vince is a graduate of Penn State University with a degree in Mechanical Engineering and the University of Maryland with an MBA in Operations Research. Vince is active with various risk management and security organizations, and is co-chair of the Healthcare Information Working Group of the Cloud Security Alliance. 

Bob Gourley

Bob Gourley

Partner, Cognitio

Bob Gourley is the publisher of CTOvision.com and ThreatBrief.com and is a co-founder and partner of Cognitio. Bob’s first career was as a naval intelligence officer, which included operational tours in Europe and Asia. Bob was the first Director of Intelligence (J2) at DoD’s cyber defense organization JTF-CND. Following retirement from the Navy, Bob was an executive with TRW and Northrop Grumman, and then returned to government service as the CTO of the Defense Intelligence Agency (DIA). Bob was named one of the top 25 most influential CTOs in the globe by Infoworld. He was selected for AFCEAs award for meritorious service to the intelligence community, and was named by Washingtonian as one of DC’s “Tech Titans.” Bob was named one of the “Top 25 Most Fascinating Communicators in Government IT” by the Gov2.0 community GovFresh. Bob was noted as “Most Influential on Twitter for Big Data” by Forbes. The blog he founded and publishes, CTOvision, is now ranked among the top 50 federal technology blogs.

Elad Yoran

Elad Yoran

CEO, Security Growth Partners (SGP) | Chairman of KoolSpan

Elad serves as CEO of Security Growth Partners (SGP) and Chairman of KoolSpan. Elad drives cyber security companies to rapid growth and his experience includes roles as an entrepreneur, executive, consultant, investor and banker. Recently Elad served as CEO of Vaultive, a cloud encryption company. His entrepreneurial experience includes Riptech, a provider of managed security services to gov’ts and global corporations, acquired by Symantec; Sentrigo, a provider of Database security acquired by McAfee; and MediaSentry, a provider of anti-piracy solutions to the movie & music industries, acquired by SafeNet. Elad was a strategic investor and advisor to NetWitness (acquired by EMC/RSA), ThreatGrid (acquired by Cisco), and Insightix (acquired by McAfee). E&Y recognized Elad as “Entrepreneur of the Year”. Elad is a member of Boards, including KoolSpan, Red Owl Analytics, Mischel Kwon Associates, the Cloud Security Alliance New York Metro Chapter; and Trustee of the Jewish Chapel Fund at West Point. Previously he served on the FBI’s Information Technology Advisory Council. Elad co-authored the Internet Security Threat Report, cited to Congress. Elad served as an Army officer and is a veteran of Operation Restore Hope in Somalia. Elad holds an MBA from Wharton and a B.S. from the US Military Academy at West Point.

William Corrington

William Corrington

Federal Director, Cloud Security Alliance

William Corrington, Federal Director for the Cloud Security Alliance (CSA), has over 35 years of experience in the Information Technology industry. He has worked as a software engineer, systems architect, project manager, management consultant and entrepreneur in a variety of vertical and horizontal markets. A former Vice President with Gartner Consulting's Federal practice, Bill spent four years serving as the Chief Technology Officer for the U.S. Department of the Interior where he was the principal architect for Interior's cloud computing strategy and led the planning and implementation to securely move 80,000 users to a cloud-based email system. As the Federal Director for the Cloud Security Alliance (CSA), he is focused on extending the reach of CSA’s best practices, education and standards for secure cloud computing to support the needs of Federal government agencies.

Mike Mellor

Mike Mellor

Director of Information Security for Digital Marketing, Adobe

Mike Mellor is the Director of Information Security for Digital Marketing.  He came to Adobe from the US Federal Government where he was the Deputy Chief Information Security Officer at the Centers for Medicare and Medicaid Services.  The Centers for Medicare and Medicaid Services is the largest payer of healthcare services in the world with an information technology budget of over $ 3 billion per year.  The information security programs that Mike has led have received industry awards and recognition to include a 2012 SANS Cybersecurity Innovation award for continuous monitoring.  He holds a bachelors degree in information systems from Utah State University and a masters degree in business administration from Idaho State University.  He holds numerous information security certifications.

Tim Prendergast

Tim Prendergast

CEO and Co-founder, Evident.io

Tim Prendergast is CEO and co-founder of Evident.io. Tim co-founded Evident.io with the goal of making cloud security approachable and repeatable for companies of all sizes and enabling them to avoid the pain he endured over 3 years of successfully defending the Adobe AWS infrastructure from inception to production. Tim is a security industry veteran with over 15 years of experience and is a recognized expert and frequent speaker on the subject of public cloud, AWS, and DevOps security.  Tim has significant experience as both a security practitioner, leading security teams at companies such as Adobe, Ingenuity, and Ticketmaster, as well as helping develop commercial security solutions for vendors such as McAfee and Entercept.

Roopangi Kadaki

Roopangi Kadaki

Web Services Executive, NASA

Roopangi Kadakia is the Web Services Executive for NASA since 2011. She has been instrumental in bringing over 150 applications and websites into the cloud. Prior to her time at NASA, she was the CISO for the International Finance Corporation of the World Bank Group where she created a global security program. She was also the CISO and Deputy CIO for Science and Technology Directorate at the Department of Homeland Security. Roopangi was the Technical Director for the Presidential Initiative FirstGov at startup. This is now usa.gov. Roopangi has also been a Peace Corp Volunteer in Malawi and has worked for Peace Corps.

Andrew Wild

Andrew Wild

Chief Information Security Officer, Lancope

Andrew Wild is the Chief Information Security Officer at Lancope Inc., a leading provider of security intelligence and network visibility to defend agencies against today’s top threats.  Wild is a long-time information security and risk management professional who has spent over 25 years developing effective, customer-driven information security, incident response, compliance and secure networking programs for IT and security organizations. Previously Wild was the CSO at Qualys, directed Information Security at EMC Corporation and spent nearly 10 years Transaction Network Services (TNS) in several roles including CSO. Wild’s earlier roles include network engineering positions with British Telecom and Sprint, as well as five years as an officer in the United States Army Signal Corps. Wild holds a bachelor’s and master’s degree in electrical engineering from the United States Military Academy at West Point and the George Washington University, respectively.

John Weiler

John Weiler

Executive Director, Interoperability Clearing House (www.ICHnet.org) & Co-Founder IT Acquisition Advisory Council (www.IT-AAC.org)

Mr. Weiler is the Co-Founder and Executive Director of the Interoperability Clearinghouse (ICHnet.org), a public-private partnership (501(c)(6)) formed to advance key elements of the Clinger Cohen Act by establishing collaborative mechanisms that tap commercial IT Acquisition best practices and implementation results. He has over 30 years of IT management experience in solution architectures, service level management, portfolio management, and risk management supporting fortune 100 companies and many of the federal agencies in civilian, defense and intelligence. His contribution to establishing innovative approaches in aligning business/infrastructure requirements with interoperable solutions has made a positive impact on numerous agencies seeking to improve the efficacy of agency IT Capability Planning and Investment Processes. His accomplishments include co-development of a DOD/GSA Certified Agile Acquisition Framework, architecting of FITARA with Chairman Lankford, development of DISA’s Cloud Assessment Framework, and supporting creation of FEA Models under the ACT/IAC Architecture SIG he co-chaired.

Dave Abramowitz

Dave Abramowitz

Senior Technical Advisor, Trend Micros

David has worked in the data security industry for 17 years. Most of those years have been spent at Trend Micro where he currently works as a Senior Technical Advisor for the company’s largest customers in the northeast region, focusing primarily on cloud and virtualization security. He received his bachelor’s degree in computer science from Brandeis University, and a master’s degree in computer science from George Washington University. When he is not playing drums/singing in a rock cover band called 45 RPM, playing ice hockey in a local adult league, or coaching his son’s baseball team, he is pursuing ordination in the ALEPH Cantorial program. If you're extra nice to him, he may tell you about the time his family auditioned for Family Feud.

Registration

The Cloud Security Alliance Federal Summit is a free for government, full-day event. For preliminary registration for the Cloud Security Alliance Federal Summit, please visit: http://www.fedsummits.com/csa/

Register for Summit May 5

The Cloud Computing Security Knowledge- Foundation class provides students a comprehensive review of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK v3.0 certificate exam. CCSK Training will be held after the summit on May 6 & 7, and includes two exam vouchers.

Register for CCSK Training May 6 & 7

Cloud Security Alliance Federal Summit 2015

Tuesday, May 5th - 9:00am to 5:00pm
Ronald Reagan Building 1300 Pennsylvania Ave NW, Washington, DC 20004

Cloud computing is a fast growing segment of the Federal IT landscape and is destined to become our next data center.  Cloud Security Alliance has put together a stellar program of thought leaders from government and the private sector to provide key insights into security compliance, architecture, technology and defending the latest threats. 

The Cloud Security Alliance Federal Summit is a free for government event, comprised of information security professionals from civilian and defense agencies to share experiences and learn about the best practices for securing cloud computing and emerging security topics. 

Take advantage of this rare opportunity to collaborate with peers, receive actionable best practices and learn about security trends at the CSA Federal Summit.

Partial List of Program Topics:

"CSA Software Defined Perimeter Initiative"
Presenting: Jim Reavis, CEO, Cloud Security Alliance

"Status of CSA and FedRAMP Collaboration Efforts"
Presenting: Matt Goodrich, FedRAMP Program Director

"NIST Cloud Security Overlay and CSA Enterprise Architecture"
Presenting: Dr. Michaela Iorga, Sr. Security Technical Lead for Cloud Computing, NIST

Panel Discussion: Cloud Implementation Lessons learned

Agenda:

Time Session Information
7:30AM – 8:00AM

Registration, Breakfast, Exhibits

8:00AM – 8:15AM

Welcome and Opening Remarks

8:15AM – 8:45AM

Opening Keynote:
An Overview of the CSA Software Defined Perimeter (SDP) Initiative

Presenter: Jim Reavis, CEO, Cloud Security Alliance

CSA's Software Defined Perimeter (SDP), a next generation security architecture for virtual private clouds, hardened SaaS, BYOD and Internet of Things, is explained. The SDP incorporates security standards from organizations such as the National Institute of Standards and Technology (NIST) as well as security concepts from organizations such as the U.S. Department of Defense (DoD) into an integrated framework.  The Cloud Security Alliance (CSA) intends to create a public SDP standard that is freely available for use without license fees or restrictions.

8:45AM – 9:30AM

The Cyber Threat: Lessons learned from history and ongoing operations

Presenter: Bob Gourley, Partner, Cognito

This presentation by one of the pioneers in intelligence support to cyber security and author of the best selling book "The Cyber Threat" extracts real world lessons that should inform strategic, operational and tactical decisions in network defense.

9:30AM – 10:00AM

Industry Insights: Beyond Shadow IT — Turning Concern into Opportunity

Speaker: Kaushik Narayan, Co-Founder & CTO, Skyhigh Networks

Even before Hilary Clinton became the new face of shadow IT, government agencies struggled with the challenges and risks from technology that employees bring into the workplace (i.e. Shadow IT). In this session, we’ll look at cloud usage in the public sector to surface some startling statistics about shadow IT in government, including the prevalence of insider threats and compromised accounts putting government data at risk. We’ll share specific projects that IT and security teams have completed to flip shadow IT from a concern to an opportunity and secure their data in the cloud.

10:00AM – 10:30AM

Break

10:30AM – 11:15AM

Panel: "Managing Cloud Security: Considerations and Best Practices"

Moderator: Bill Corrington, Federal Director, Cloud Security Alliance

Panelists:

  • Rohit Gupta, Founder and CEO, Palerra
  • Andrew Wild, Lancope
  • Dave Abramowitz, Trend Micro
  • John Weiler, IT Acquisition Advisory Council
11:15AM – 12:00AM

"Not all Clouds are equal — Can you Tell the Difference?
Security and Privacy Controls for Federal Cloud Based Information Systems"

Presenting: Dr. Michaela Iorga, Senior Security Technical Lead for Cloud Computing, NIST

Security and privacy controls in a cloud ecosystem are unknowns of a complex risk assessment equation difficult to resolve for cloud consumers that do not have sufficient visibility into the cloud offerings. NIST introduces a cloud-based risk management process and develops in-scope implementation and assessment guidance for the security and privacy controls applicable to cloud-based information systems. The proposed approach also provides cloud consumers and cloud assessors with means of comparing services offered by different cloud providers.

12:00PM – 1:00PM

Lunch

1:00PM – 1:30PM

Industry Insights: Compliance is More than a “Documentation effort”

Speaker: Mike Mellor, Director of Information Security for Digital Marketing, Adobe

To be a world-class cloud services company not only requires being agile and innovative but also living up to the trust our customers put into the service. Major frameworks like FedRAMP and others often invoke fear that everyone is in for a grueling documentation and legal exercise that just slows everything down. However, we have found that in the cloud services world it is possible approach compliance as a possible competitive differentiator — and something that is of immense benefit to the business in terms of process, efficiency, and instilling a deeper culture of security.

This session will discuss the approach Adobe took to FedRAMP and our learnings from that, including the Adobe Common Controls Framework (CCF) — our approach to meeting the compliance challenge in a cloud services world that builds upon existing efforts like the CSA Cloud Controls Matrix. We hope at the end of this session you will have the tools you need to use compliance as a tool to gain your own competitive advantage.

1:30PM – 2:15PM

Panel Discussion — Cloud Implementation Lessons Learned

Moderator: Elad Yoran, CEO, Security Growth Partners (SGP) | Chairman, KoolSpan

Panelists:

  • David England, Infrastructure and Security Architecture Lead, Monsanto
  • Vincent Campitelli, VP IT Risk Management, McKesson Corporation
  • Roopangi Kadakia, NASA
2:15PM – 2:45PM

Break

2:45PM – 3:30PM

Update on the FedRAMP 2-year Roadmap and Mapping to industry Standards

Presenting: Matt Goodrich, FedRAMP Program Director, GSA

The Federal Risk Assessment and Management Program (FedRAMP) provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by Federal government agencies. This presentation will provide an overview of the two-year FedRAMP roadmap and strategic goals. The presentation will also provide an update on the current status of mapping the FedRAMP security controls to other industry standards, including the CSA Cloud Controls Matrix (CCM).

3:30PM – 4:00PM

Industry Insights: Evolving Security in the Federal Cloud -
Lessons Learned from Private Sector DevSecOps

Presenting: Tim Prendergast, CEO and Co-Founder, Evident.io

As public sector adoption of cloud reaches new highs, there are organizational and practical adjustments necessary to maximize new technology capabilities. Removing the barriers left by legacy security and operations solutions is now necessary for public sector organizations to keep pace with the rapidly evolving infrastructure powering today's innovative products and services. As evidenced by the rise of DevOps in the private sector — while things are moving faster than ever before, organizations must now also develop the skills and organizational knowledge and experience to cope with the diversity of today's infrastructure and security challenges. This session will plant the seed to help you start growing an agile, cloud-centric DevSecOps practice to drive your organization forward successfully in an ever-evolving threat landscape.

4:00PM – 4:45PM

Closing Keynote: The Business of Cloud

Presenting: Keith Trippie, The Trippie Group

Cloud is transforming businesses on a global level and the number of new cloud offerings and companies are growing annually. The reason for this growth is less about the technology and more about the economics of cloud. Time to market for new services, reducing capital expenditures and providing transparent operational expenses are just a few of the business reasons why commercial entities are adopting this new deployment model. This discussion and Q and A will include observations and lessons learned from a former SES who led the Cloud practice for the Department of Homeland Security as well has his experiences leveraging cloud in the commercial sector to build applications, including mobile.

4:45PM – 6:00PM

Reception

Federal Summit 2015 Presentations

Document Download
Cloudy with Showers of Business Opportunities
and a Good Chance of Security and Accountability

Dr. Michaela Iorga - Sr. Security Technical Lead for Cloud Computing, NIST
Download PDF
FedRAMP and CSA Collaboration - Ensuring Secure Cloud Computing for the USG
Matt Goodrich - Program Director at FedRAMP,
U.S. General Services Administration (GSA)
Download PDF
Cyber Threats - Insights from history and current operations
Bob Gourley - Partner, Cognitio
Download PDF
Evolving Security in the Federal Cloud -
Lessons Learned from 
Private Sector DevSecOps

Tim Prendergast - CEO and Co-founder, Evident.io
Download PDF
The Software Defined Perimeter Initiative
Jim Reavis - CEO & Founder Cloud Security Alliance
Download PDF
Deploying IT for a Buck a Day: Cheaper than a Cup of Joe
Keith Trippie - Chief Executive Officer /The Trippie Group LLC
Download PDF

Summit Sponsors

Adobe Evident.IO Skyhigh Networks Palerra Lancope Trend Micro IT-AAC: Information Technology - Acquisition Advisory Council