Agenda

Please enjoy breakfast and network with your peers!

Faced with challenges in everything from automation and modernization to the hybrid work environment, today’s IT leaders mitigate risk by adopting the latest zero trust security solutions to secure their endpoints and protect their systems. While recent guidance from the cyber executive order, NIST’s updated security risk framework, and CISA's Zero Trust Maturity Model offer a clear and strategic playbook for leaders, challenges remain for leaders embattled by shifting threats, complex emerging technologies, and a competitive labor market.

As agencies look to 2023 and beyond, zero trust remains a powerful tool in the arsenal for identifying, mitigating, and responding to cyber threats. Building the right workforce, partnerships, and processes will also be key.

During this workshop, government and industry leaders will dive into these best practices around strengthening this cybersecurity practice, and share key lessons garnered from their experience leading essential federal security programs.  

Attendees will leave the workshop with a better understanding of: 
- How to leverage guidance from the latest federal programs and models
- The virtues of a strong zero trust framework
- How to prepare for the next wave of emerging technologies
- Best practices for considering security during procurement
- New federal tools for hiring cyber talent
- The role endpoint protection plays in cybersecurity

As threats to the warfighter grow and complicate, so too must the tools and technologies agencies use in their defense against the latest IT threats. In this session, join DISA Deputy Director Christopher Barnhurst as he discusses DISA's operational approach, the organization's Thunderdome project, and its latest work on developing Zero Trust systems.

Zero Trust is not just another buzzword in a never-ending list of tech trends. The principles of Zero Trust eliminates the binary trust approach applied to users and assets in yesterday's on-premises, perimeter-centric environments. According to a recent survey, 100% of U.S. Federal Government agencies are storing sensitive data in third-party cloud, mobile, social, big data and IoT platforms, which inherently makes data vulnerable. Traditional perimeter protection does not protect off-premise data, which speaks to the need to take a Zero Trust approach to data security. In fact, the White House has even issued guidance including the Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems and Executive Order 14028 which require agencies to develop a plan to implement a Zero Trust Architecture.

Attend this session discussion to learn about the best practices for implementing a Zero Trust architecture to protect your most sensitive data. The speaker will discuss the top 5 things you need to know about Zero Trust:
- The basics. What is Zero Trust and how does it apply to data security?
- Setting the stage. How digital transformation can make data vulnerable but also more secure.
- Getting to work. Tips for putting Zero Trust architecture into action.
- What about the cloud? How does cloud make implementing Zero Trust faster but more complicated.
- Pulling it all together. How to develop a long term strategy to protect data throughout its lifecycle that maps to guidance such as CISA Zero Trust Maturity Model, OMB Zero Trust Strategy, DoD Zero Trust Reference Architecture, and NIST Zero Trust Architecture.

As IT leaders adopt new Zero Trust security solutions to secure their endpoints and protect their systems, questions remain on how and where to implement these new tools in their systems. This talk will explore the role endpoint protection and the technologies like it play in cybersecurity, and what steps lie ahead on this complex issue.

NIST defines Zero Trust as “an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.” This session will focus on a key mission resource -- data -- and on the role of secure data protection in a Zero Trust security framework. We'll review:
- Current research findings on malware adversary behavior and causes of data loss
- Vendor-agnostic solutions to ensure mission data remains available
- Best practices to guarantee mission continuity within a zero-trust framework

The session will draw on research findings from two large data protection research projects, Veeam's annual Data Protection Trends and Ransomware surveys. These large studies contain particularly relevant insights for US public sector organizations.

With agencies increasingly relying on connected, complex systems, ensuring continued operational security is vital to their success and to the success of those they serve. In this session, join West Coile, Assistant Director of the Center for Enhanced Cybersecurity at the United States Government Accountability Office (GAO) for a closer look at how his organization supports Congress in its oversight authority by evaluating agencies’ cybersecurity.

IT technology and other digital innovations proved critical for enabling US Government agencies - both civilian and defense - to adapt to unprecedented environmental conditions while ensuring employees remained connected to the data and systems they required to perform their duties. The rapid shift to accommodating remote and hybrid workforces has permanently changed how and where government work gets done. More people working remotely - from home or in the field, on a variety of new devices. Federal workers need to create or access sensitive and critical data, potentially anywhere in the world. All of this compute, focused far beyond the traditional perimeter to a focus on securing data where it’s produced, challenges the notion of Trust while vastly expanding an already extensive attack surface. As such, widespread adoption of a Zero Trust architecture has never been more critical to ensuring the security of Federal IT systems and data while supporting even the most stringent mission demands. Join this session to learn strategies your agency or department can leverage to get to Zero Trust

Join Department of Education Zero Trust lead Wayne Rodgers as he breaks down his agency's approach to the technology, as well as previews what progress still remains in its adoption across the organization's IT systems.

Zero Trust has moved from pilot to deployment, and multiple agencies are facing the real challenge of making this practical in real world, complex environments.  Zero Trust architects are facing a bewildering mix of infrastructure, services and providers, and need to deploy ZTA pervasively.  Complexity is the enemy of security, but isn’t complexity a given for these projects?  In this presentation, we will look at how deep observability of network traffic, as required by NIST SP 800-207, delivers quick time to value while providing an extremely resilient capability to detect threats and deliver results

Thank you for coming!