Jon Boyens
Deputy Chief, Computer Security Division, Information Technology Laboratory
National Institute of Standards and Technology
Read MoreJon Boyens
Deputy Chief, Computer Security Division, Information Technology Laboratory
National Institute of Standards and Technology
Jon Boyens is the Deputy Chief of the Computer Security Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). His responsibilities include Cybersecurity Research and Development at NIST and Cybersecurity Standards and Guidelines for Federal Agency Security Programs. He also leads NIST’s Cyber Supply Chain Risk Management (C-SCRM) Program, helps develop and coordinate the Department of Commerce's cybersecurity policy among the Department’s bureaus, and represents the Department in the Administration’s interagency cybersecurity policy process.
Boyens has worked on various White House-led initiatives, including those on trusted identities, botnets, the Cybersecurity Framework and Roadmap, telecommunications supply chain and, more recently, government-wide implementation of the Federal Acquisition Supply Chain Security Act.
Since 2010, Boyens has conducted research to identify, evaluate and develop technologies, tools, techniques, practices, and standards needed to enable organizations to manage supply chain risk. Building on this research, he led a team to develop and issue a set of foundational, standardized, repeatable, and feasible practices to help organizations manage cyber supply chain risks to their organizations and systems. These practices were released in 2015 as NIST Special Publication 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations. Continuing on this line, Boyens has since released research and findings on criticality analysis, industry key practices for Cyber SCRM, supplier interdependency and impact analysis, and is currently in the process of updating SP 800-161.
Jon Boyens is the Deputy Chief of the Computer Security Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). His responsibilities include Cybersecurity Research and Development at NIST and Cybersecurity Standards and Guidelines for Federal Agency Security Programs. He also leads NIST’s Cyber Supply Chain Risk Management (C-SCRM) Program, helps develop and coordinate the Department of Commerce's cybersecurity policy among the Department’s bureaus, and represents the Department in the Administration’s interagency cybersecurity policy process. Boyens has worked on various White House-led initiatives, including those on trusted identities, botnets, the Cybersecurity Framework and Roadmap, telecommunications supply chain and, more recently, government-wide implementation of the Federal Acquisition Supply Chain Security Act.
Since 2010, Boyens has conducted research to identify, evaluate and develop technologies, tools, techniques, practices, and standards needed to enable organizations to manage supply chain risk. Building on this research, he led a team to develop and issue a set of foundational, standardized, repeatable, and feasible practices to help organizations manage cyber supply chain risks to their organizations and systems. These practices were released in 2015 as NIST Special Publication 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations. Continuing on this line, Boyens has since released research and findings on criticality analysis, industry key practices for Cyber SCRM, supplier interdependency and impact analysis, and is currently in the process of updating SP 800-161.
Camille Stewart Gloster
Deputy National Cyber Director for Technology and Ecosystem Security
The Office of the National Cyber Director
Read MoreCamille Stewart Gloster
Deputy National Cyber Director for Technology and Ecosystem Security
The Office of the National Cyber Director
Camille Stewart Gloster, Esq. is the Deputy National Cyber Director for Technology & Ecosystem for The White House. In her role, Camille leads technology, supply chain, data security, and cyber workforce and education efforts for the Office of the National Cyber Director. Camille is a cyber, technology, and national security strategist and policy leader whose career has spanned the private, public, and non-profit sectors. She joined ONCD from Google, where she most recently served as Global Head of Product Security Strategy, and before that as Head of Security Policy and Election Integrity for Google Play and Android.
Prior to working at Google, Camille led cyber diplomacy, technology policy, privacy, and technical policy areas like encryption and PNT as the Senior Policy Advisor for Cyber, Infrastructure & Resilience at the U.S. Department of Homeland Security. During her time at DHS, Camille led campaigns, international engagements, and policy development that bolstered national and international cyber resilience. Those policies include Presidential Policy Directive 41 (PPD – 41) on federal cyber incident coordination, supporting Privacy Shield negotiations, and the 2016 Cybersecurity National Action Plan (CNAP) which outlined 75 tasks to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security. Camille has also held leadership roles focused on cyber and technology on Capitol Hill, at Deloitte, and Cyveillance, an open-source threat intelligence company.
Throughout her career, Camille has held cybersecurity fellowships at the Harvard Belfer Center, New America, Atlantic Council, and the Foundation for Defense of Democracies. Camille also served on the American Bar Association’s Standing Committee on Law and National Security during the 2021-2022 Bar Year and the Criminal Divisions Cybersecurity Committee during the 2020-2021 Bar Year.
Camille has contributed to advancing the field through technical research and writing, including a groundbreaking paper, and subsequent training for federal judges, on the exfiltration of national security-related technology and intellectual property through the courts. Most recently, she authored a paper on the need for and principles to support designing user-centric security programs.
Camille is passionate about expanding the cyber, technology, and national security workforces and co-founded the #ShareTheMicInCyber movement and the NextGen NatSec initiative to support investment in a highly skilled and diverse workforce. Both efforts serve to highlight the need for increased diversity in the cyber and national security fields respectively.
Camille’s professional achievements have earned her recognition from a multitude of entities throughout her career including her being selected as a 2021 SANS Difference Maker Honoree, 2021 Root100 Honoree, 2021 Microsoft Security Changemaker of the Year, and a 2021 CyberScoop50 Cyber Industry Leadership Honoree.
Camille holds a B.S. from Miami University, a J.D. from American University Washington College of Law, and a CISO certificate from Carnegie Mellon University.
Dr. Andrea Little Limbago
VP of Research and Analytics
Interos
Dr. Andrea Little Limbago is a computational social scientist specializing in the intersection of emerging technology, national security, and information security. As the Vice President of Research and Analysis at Interos, Andrea leads the company’s computational modeling and methodology regarding global supply chain risk. Andrea is also a Co-Program Director for the Emerging Tech and Cybersecurity Program at the National Security Institute at George Mason, an industry advisory board member for the data science program at George Washington University, a non-resident fellow at the Atlantic Council’s GeoTech Center, and a board member for the Washington, DC chapter of Women in Security and Privacy (WISP). She has presented extensively at a range of academic, government, and industry conferences such as Black Hat, RSA, SXSW, SOCOM’s Global Synch, BSidesLV, and Enigma. Her writing has been featured in numerous outlets, including Politico, the Hill, Business Insider, War on the Rocks, and Forbes. Prior to Interos, Andrea was the Chief Social Scientist at Virtru, Endgame, and Berico Technologies. She also taught in academia and was a technical lead at the Joint Warfare Analysis Center, where she earned the Command’s top award for technical excellence. Andrea earned a Ph.D. in Political Science from the University of Colorado at Boulder and a BA from Bowdoin College.
Brian Paap
Standards Area Lead, Cyber-Supply Chain Risk Management
Department of Homeland Security
Read MoreBrian Paap
Standards Area Lead, Cyber-Supply Chain Risk Management
Department of Homeland Security
Brian Paap serves as the Standards area lead for Cyber-Supply Chain Risk Management (C-SCRM) at the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Previously, Mr. Paap served as a Cybersecurity architect in the IC developing cybersecurity capabilities for satellites systems with the National Reconnaissance Office (NRO).
Prior, Mr. Paap was the Cybersecurity International and DHS Liaison Chief for US-CERT under the National Cybersecurity and Communications Integration Center (NCCIC). In Mr. Paap’s current role, he brought 200 government C-SCRM subject matter experts together to illuminate supply chain shortcomings and used the community experts to carve a collective path towards sharing information, strategic vision, as well as breaking down barriers between Acquisitions, Cybersecurity, and Risk for C-SCRM.
Mr. Paap has served in many roles over 27 years including SOC Operations Manager for the State Department and Federal Aviation Administration, Cybersecurity architect with the Department of Defense, and Intelligence analysis with the FBI National Cyber Investigative Joint Task Force while a federal employee with DHS.
Liji Samuel
Chief, Standards and Certifications, Cybersecurity Collaboration Center
National Security Agency
Read MoreLiji Samuel
Chief, Standards and Certifications, Cybersecurity Collaboration Center
National Security Agency
Ms. Samuel is the Chief of Standards & Certifications at NSA’s Cyber Collaboration Center within the Cyber Security Directorate, incorporating cyber security best practices for emerging commercial technologies.
She holds a Bachelor’s degree in Electrical Engineering and has two Masters –Electrical and Telecommunications Engineering, the latter one locally from UMD College Park. Before coming to NSA, Ms. Samuel worked with industry developing and deploying Telematics and Internet Solutions over satellites.
She started her Federal career with NSA in January 2013, as an Engineer in High Performance Computing (HPC) and has held technical leadership and management positions during that time. She did a Joint Duty Assignment with U.S. Cyber Command in 2019, as an NSA’s Cyber Command Representative leading the Architecture & Engineering Division, which delivers services to the Headquarters and to the Department of Defense on support of global US military Cyberspace operations.
Her leadership and technical accomplishments have been recognized though numerous awards.
Kanitra Tyler
Supply Chain Risk Management (SCRM) Service Element Lead
National Aeronautics and Space Administration
Read MoreKanitra Tyler
Supply Chain Risk Management (SCRM) Service Element Lead
National Aeronautics and Space Administration
Kanitra Tyler walked through NASA’s doors nearly three decades ago as a young student, and since then has become one of the most highly regarded leaders at the Agency. An expert in network security and cybersecurity policy, she is highly sought after for her expansive depth of knowledge. She is an informed voice and valued contributor at any table at which she takes a seat. With an unmatched reputation for transforming organizations through process and people, Kanitra is a passionate advocate for collaboration, and, in every role she assumes, proves that partnerships are what move missions forward.
In 2018, Kanitra was tapped to lead the Agency’s Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Service. She has bought her full breadth of experience to the position, including a proven track record for successfully leading dynamic teams. Kanitra has set out to mature the Agency’s capability to make near, real-time, risk-based decisions, and to create a culture of collaboration, efficiency and compliance. Kanitra holds a Masters in Information Architecture, a Masters in Network Security, and several industry certifications, including a CISSP, CAP and ITIL v3.
Alex Whitworth
Sales Director
Carahsoft
Alex Whitworth is an IT executive with more than 13 years of experience in all aspects of public sector sales, marketing and channel development. As Director at Carahsoft Technology Corp., he manages several sales teams, providing leadership and insight into the Public Sector IT marketplace. His teams play a major role in supporting the government’s evolving cybersecurity demands, with a deep focus towards supporting agencies with successful zero trust adoption. In addition, he leads Carahsoft Technology Corp.’s corporate strategic efforts in helping organizations meet compliance with the DoD’s CMMC initiative.
Chris Riotta
Staff Writer
FCW
Chris Riotta is a staff writer at FCW covering government procurement and technology policy. Chris joined FCW after covering U.S. politics for three years at The Independent. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president.
Brian Myers
Solution Sales Executive - Risk Products
ServiceNow
Brian Myers is a former Coast Guard Officer bringing decades of experience to the growing Risk Management practice within ServiceNow. He has been leading that expansion in federal for two and a half years. Prior to this role, Brian worked with Federal clients across DHS, Energy and other agencies, bringing them telecommunications and cybersecurity solutions to enable mission success.
Brian is a 1986 graduate of the U.S. Coast Guard Academy and holds a Master’s degree in Cybersecurity Management and Policy from the University of Maryland.
Narjinder Pathania
Director, Cloud Supply Chain Solutions
SAP NS2
Narjinder Pathania, Director, Cloud Supply Chain Solutions, SAP NS2
Thank You for Joining Us
In a digital world where almost everything is connected, protecting the supply chain of products becomes even more critical to protecting the security of the data, the networks, and the people using those products. Several high-profile breaches have been linked to supply chain issues, and agencies have received multiple policy directives and guidance as they work to secure their large attack surfaces.
A number of tools are now available to help agencies: NIST has a self-scoring tool in its Cybersecurity Framework (NIST 800-161rev 1), CISA has been developing road maps to help agencies on their journey, and GSA kicked off its Supply Chain Risk Management Community of Practice to share examples of what has been working for agencies.
At this workshop government and industry executives will share examples of what agencies are doing to comply with the new requirements, what has been most effective and what should be addressed first.
Attendees will come away from this workshop with a better understanding of:
- How shared services can help address the issues of talent and workforce
- What tools are available to help agencies assess their current risk
- Where information on C-SCRM is being shared
- How the GSA’s Community of Practice can simplify the journey
- What is critical software?
- How to access information that industry is already sharing about materials and components in hardware and software
EVENT COST
Free for Government/Military*
Industry/Contractor: $199
Washington Technology Insider: $165
*must provide valid .gov/.mil email address for government registration. Embedded contractors are subject to Industry price
Attend
IN-PERSON · VIRTUAL
Free for Government/Military*
Sponsors
SPONSORED BY:
Agenda
Wednesday, September 21
Welcome
Welcome and Opening Remarks by Troy Schneider, President, GovExec 360
On DemandWednesday, September 21
Opening Keynote Conversation
Session Opening Remarks: Alex Whitworth, Sales Director, Carahsoft
Camille Stewart Gloster, Deputy National Cyber Director for Technology and Ecosystem Security, The Office of the National Cyber Director
Chris Riotta, Staff Writer, FCW
Hear Camille Stewart Gloster provide an Update on Policy, Governance and Progress at the Supply Chain Workshop
On DemandWednesday, September 21
Advantages of a secure cloud for supply chain organizations
Narjinder Pathania, Director, Cloud Supply Chain Solutions, SAP NS2
Underwritten by: SAP NS2
Hear from SAP NS2 at the Supply Chain Workshop
On DemandWednesday, September 21
Cybersecurity Supply Chain Risk Management Guidelines
Jon Boyens, Deputy Chief, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology
Mr. Boyens will discuss NIST SP 161 Revision 1, released May 2022 as well as NIST guidance under Executive Order 14028 on software supply chain security
On DemandWednesday, September 21
Supply Chain Resilience in a Time of Techtonic Geopolitical Shifts
Dr. Andrea Little Limbago, VP of Research and Analytics, Interos
For decades, the confluence of globalization and digitization drove supply chains toward increasing complexity, optimization, opaqueness, and insecurity. These physical and digital ties are fracturing at a rapid pace along geopolitical fault lines, powered by growing interstate hostilities, global trade wars, the Splinternet and emerging technologies, and an unprecedented pace of regulatory change. This session will detail the challenges and opportunities associated with these ‘techtonic’ shifts and how organizations can take steps toward greater resilience during significant geopolitical uncertainty.
On DemandWednesday, September 21
Coffee Break
A chance to stretch your legs and refill your coffee!
Wednesday, September 21
Introduction to NASA’s Information & Communications Technology Supply Chain Risk Management (ICT SCRM) Processes
Kanitra Tyler, Supply Chain Risk Management (SCRM) Service Element Lead, National Aeronautics and Space Administration
Hear from Kanitra Tyler, NASA at the Supply Chain Workshop
On DemandWednesday, September 21
Technology Insights
Brian Myers, Solution Sales Executive - Risk Products, ServiceNow
Underwritten by: ServiceNow
Hear from ServiceNow at the Supply Chain Workshop
On DemandWednesday, September 21
Standards & Certifications - Enabling SCRM for COTS
Liji Samuel, Chief, Standards and Certifications, Cybersecurity Collaboration Center, National Security Agency
Supply Chain Risk Management is an important aspect of the National Security Agency’s policies and processes. The Department of Defense is increasingly dependent on commercial products that provide elements of our cybersecurity. As part of the agency’s Cybersecurity Collaboration Center, the Standards and Certifications Team plays a significant role in shaping the marketplace for these products across the lifecycle of development. Through its leadership in standards bodies (ensuring that critical security requirement are built into the standards that commercial products implement) and its leadership of the National Information Assurance Partnership (which sets the testing requirements for commercial products that protect classified information and systems,) the agency team establishes a baseline that products will be built to and tested against.
This presentation will provide an overview of NSA’s standards and certifications programs and highlight a few of the initiatives within the directorate for SCRM, and how the programs raise the level of security in commercial products that protect national security systems and the defense industrial base.
On DemandWednesday, September 21
Tackling the Complexities of Cyber-Supply Chain Risk Management
Brian Paap, Standards Area Lead, Cyber-Supply Chain Risk Management, Department of Homeland Security
Hear from a Brian Paap, DHS at the Supply Chain Workshop
On DemandWednesday, September 21
Thank you
Thanks for joining us!
On DemandCPE
Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: Advocate of quality CPE .