| Full Schedule | ||||||||||||||
| Date/Time | Session | Room | ||||||||||||
| 10/22/2020 11:00 AM -to- 11:10 AM | Welcome & Kickoff: Advance. Protect. Lead Rock Booze - Event Co-Chair, Colonel (ret.) U.S. Army We’ve heard it before and will probably continue to hear the same theme in every DoD circle, conference, or conversation where technology is involved, “we need to close the gap between the speed to need.” Technological advances are happening at an exponential rate and often outpacing its usefulness once implemented in the DoD spaces. That’s why it’s important for government and industry to have continuous conversations and tight-knit partnerships to close that gap. As we team together to work through cutting edge solutions, we must ensure they are secure, functional, and most importantly satisfy the requirement. We are an intricately, technologically connected world and our ability to meet today’s challenges on the world stage is not a matter of technology for technology’s sake but another cog in the wheel of our National Security. |
Executive | ||||||||||||
| 10/22/2020 11:10 AM -to- 11:20 AM | Opening Keynote: CECOM and the APL Major General Mitchell Kilgo - Commanding General, US Army CECOM "CECOM and the APL" will introduce the basics of what the APL is and why it is important. It will also explain the critical role that the U.S. Army Communications-Electronics Command and its subordinate U.S. Army Information Systems Engineering Command have in ensuring Army program managers have access to cyber-secure and interoperable components for network infrastructure. |
Executive | ||||||||||||
| 10/22/2020 11:20 AM -to- 11:30 AM | Rethinking the APL in the COVID Environment Greg Touhill - Brigadier General (ret.), USAF Nine years after it’s inception, the DODIN Approved Products List only has about 80 vendors whose products have been certified. In this short discussion, retired Brigadier General Greg Touhill, the former US CISO, challenges the DoD to rethink how it manages the DODIN APL. Recommendations include rethinking reciprocity, measuring process performance and eliminating processes that don’t add value, and confederate to expand capacity and throughput. |
Executive | ||||||||||||
| 10/22/2020 11:30 AM -to- 12:05 PM | Panel: Preparing for DoD’s Cybersecurity Maturation Model Certification (CMMC) Moshe Schwartz - Defense Procurement Analyst
Spearheaded by the Office of Under Secretary of Defense for Acquisition & Sustainment, the Cybersecurity Maturation Model Certification (CMMC) maps out the cyber hygiene requirements for all contractors within the defense industrial base seeking to do business with the Department of Defense. In contrast to past regulations that relied on contractor self-certification, the CMMC requires third-party validation of cybersecurity controls and processes across five levels, from basic to advanced. Though it represents a long-overdue reckoning with the defense industry’s vulnerabilities, there is still a lot of work to be done until the CMMC is ready for complete deployment. As the DoD finalizes its third-party accreditation process and begins building CMMC requirements into contract this year, businesses must proactively prepare. |
Executive | ||||||||||||
| 10/22/2020 12:05 PM -to- 12:20 PM | An Interview with the Creator of Zero Trust John Kindervag - Field CTO and Creator of Zero Trust
Hear from the Creator of Zero Trust about his perspective on the misconceptions of Zero Trust, such as:
- Zero trust means making a system trusted - Zero trust is about identity - There are Zero Trust products - Zero Trust is complicated |
Executive | ||||||||||||
| 10/22/2020 12:20 PM -to- 12:30 PM | Enterprise IT as a Service (EITaaS) Implications on the APL Dr. Claire Cuccio - President and CEO, SNVC LLC As the DoD moves towards Enterprise IT as a Service (EITaaS), there are policy implications involving the APL. It appears to be a loss of control for an organization that likes to be in control. How will the APL policies evolve to support EITaaS? |
Executive | ||||||||||||
| 10/22/2020 12:20 PM -to- 12:30 PM | Complete Visibility as the Foundation for Zero Trust David Pulido - Sr Systems Engineer, Public Sector, Forescout As Zero Trust Architectures and execution planning continue to evolve, it is important to understand the requirements that must first be met in order to deploy a successful cybersecurity solution. Ensuring 100% visibility into every connected device across the enterprise environment is the key foundation to any solution. Combining visibility with the current DoDIN enterprise tool sets will establish that foundation in order to successfully deploy Zero Trust to the Enterprise of Things. |
Technical | ||||||||||||
| 10/22/2020 12:20 PM -to- 12:35 PM | APL 101 Michael Houde - Program Manager, DISA APL 101 will introduce the DoDIN Approved Products List and the DISA office that manages the process. We'll talk about the various stakeholders in the APL process and how each fit into the overall picture. Finally, we'll provide resources for further research to ensure a successful DoDIN APL submission. |
APL Process | ||||||||||||
| 10/22/2020 12:30 PM -to- 12:40 PM | Industry Needs from DISA for Innovation Dr. Dave Lockhart - Site Manager, Aberdeen Proving Ground, Boeing How do we effectively apply open innovation theory and practices employed in the private sector to the federal public sector, specifically the Department of Defense (DOD) Defense Acquisition Management System (DAMS) to address on-going DOD innovation challenge? The principal focus is on using open innovation to enhance the DOD’s ability, working with its industrial-base and its associated ecosystem, to get innovative products and services from industry through the DAMS to DOD’s end-users faster, at lower cost, while continuing to meet or exceed performance requirements. |
Executive | ||||||||||||
| 10/22/2020 12:30 PM -to- 12:50 PM | Access Remote Applications and DoD Office 365: Ensuring Compliance without Layer-3 VPN Tunneling Michael Riemer - Global Field CTO, Pulse Secure Zero Trust initiatives and secure remote access are highly relevant in our post COVID-19 world. How are highly scalable, DoDin-approved tools, including Software Defined Perimeter (SDP), being leveraged to connect remote DoD employees and contractors to on-prem applications and hosted SaaS applications such as DoD O365 and others. This session will examine key use cases, reference architectures and tech innovations. |
Technical | ||||||||||||
| 10/22/2020 12:35 PM -to- 12:50 PM | Distributed Testing Jeff Bhe - Group Leader, US Army, USAISEC-TIC, Fort Huachuca Joining Jeff Bhe will be Jordan Silk, the primary sponsor for the majority of all Army sponsored products on the DoDIN APL. Starting with the beginnings of Distributed Testing, this session will cover how we got to where we are today, the teams involved, the facilities, the sponsorship required, and what happens after testing. |
APL Process | ||||||||||||
| 10/22/2020 12:40 PM -to- 12:50 PM | Taking the DoDIN APL One Step Further: Securing Software Supply Chains John Zanni - CEO, Acronis SCS From power grids and advanced weapons systems to the telework-enabling apps connecting us during COVID-19, software sits at the heart of nearly all that keeps America and the world running. But in the words of a recent Atlantic Council report, “society has a software problem.” As more and more products and services rely on the use of unvetted third party code and open source libraries, cyber risks and opportunities for exploitation have surged. While the DoDIN APL does a tremendous job of outlining the polices necessary for hardware to be vetted and deployed within the DoD’s technology infrastructure, little has been done to define what constitutes software as secure. To successfully serve our nation’s software needs, vendors need access to clearly defined polices, processes, and practices for objectively assessing software code risk – without breaking the bank. |
Executive | ||||||||||||
| 10/22/2020 12:50 PM -to- 1:00 PM | Proposed APL Augmentation to the Current VDI and VMI Environments CW5 Deshawn Bell - Senior Technical Advisor, USARPAC G6 Many of us have attended AFCEA TechNet, AUSA events, or other DoD sponsored industry events, when a senior leader held up his or her personal smartphone or tablet and asked, “Why can’t I perform the same tasks on my government device that I perform on my personal device I hold in my hand?” Those of us in the information systems, and network and information services profession, know the response to that question requires many qualifiers and caveats that serve to highlight and underscore the need to protect sensitive government information, to ensure the security of the United States, and to protect our way of life. National Defense is paramount to us within DoD, but not so much so in the commercial sector. Nevertheless, this persistent question from senior leaders provides an opportunity in my opinion to evolve our current communications and information capabilities to align with senior leaders’ growing expectations. |
Executive | ||||||||||||
| 10/22/2020 12:50 PM -to- 1:00 PM | Lessons Learned: DoDIN APL Submission Process Brian Coache - Offering Manager, QRadar, IBM IBM is no stranger to submitting products for DODIN approval. In the best case scenario, everything works as planned. Not everything is the best-case scenario. IBM will present lessons learned during the approval process when Federal units are within a commercial model. |
APL Process | ||||||||||||
| 10/22/2020 12:50 PM -to- 1:10 PM | Implementing Cloud for your Needs - Modernizing Data Management Jeffrey Phelan Every agency supports different missions—and has to support their researchers in unique ways. What is not unique is that the need to ensure the security, integrity and speed of how we access data is always changing. New tools like A.I and Data analytics, have increased the need for speed in ingesting large sets of data for processing. This has been accomplished in the past with On prem Hardware in Large data Centers. The introduction of cloud has many thinking of how to change that model of running large siloed data centers. While cloud has made promises of speed and data resiliency—it is important to pick a model that works for your IT and research organizations. |
Technical | ||||||||||||
| 10/22/2020 1:00 PM -to- 1:15 PM | Mobile-First Zero Trust Security Bill Harrod - Federal CTO, MobileIron Modern work increasingly takes place in the cloud and on personal mobile devices, eroding the traditional network perimeter and introducing countless new threat vectors to DoD organizations. At the same time, mobile threats are evolving. Nation-state hackers are exploiting mobile vulnerabilities and threat actors are exploiting devices of targeted users as well as more general “spray and pray” attacks. Meanwhile, unmanaged devices provide a goldmine of readily accessible and highly critical personal and potentially DoD data. DoD is expanding their security strategy to include mobile devices. A mobile-centric zero trust approach deals with the security challenges posed by the perimeter-less modern DoDIN while also allowing agility and anytime access. The mobile-centric zero trust model provides the visibility and IT controls needed to secure, manage and monitor every device, user, app, and network being used to access data. This approach also provides threat detection and remediation on the device, before it ever reaches the protected applications and network resources. |
Executive | ||||||||||||
| 10/22/2020 1:00 PM -to- 1:30 PM | Navigating the Pitfalls on the Path to DoDIN APL Certification Jeremy Duncan - Managing Partner, Tachyon Dynamics The DoDIN APL process is a very confusing, onerous, and obtuse one for equipment vendors to navigate – especially if they have no experience interacting with the US Federal Government or DoD. Our talk is about all the traps and pitfalls vendors get themselves into that either cause them to fail testing, cause significant delay, or create significant sales challenges with system architectures. These pitfalls range from process-oriented issues like documentation and certification pre-requisites, but also significantly effect the technical roadblocks that a vendor may experience like CAT 1s, IPv6, multifactor authentication, and overall product security and interoperability readiness. We hope by the end of this talk, vendors will have a better idea about what pitfalls to avoid by having better certification risk mitigation. |
APL Process | ||||||||||||
| 10/22/2020 1:10 PM -to- 1:20 PM | Managing Infrastructure Complexity to Improve Security Arthur Bradway - Senior Sales Engineer, Government and Education Complexity of internal environments is a leading obstacle to federal IT security, according to our recent cybersecurity survey. Managing this complexity requires improved visibility and details about devices and their dependencies. SolarWinds tools help with visibility, including device discovery and dependency mapping. Additional security use cases include baselining normal activity, backing up device configurations, managing vulnerabilities, and improving compliance. - You should attend this session if you’d like to learn how to: - Leverage next generation maps with summary and detailed views, including dependencies - Monitor network baselines to identify abnormal activity - Use configuration and patch management to reduce vulnerabilities and improve compliance |
Technical | ||||||||||||
| 10/22/2020 1:15 PM -to- 1:30 PM | Securing the DoD Supply Chain: From Compliance to Actions at Scale Jeff Miller - Managing Director, Management Consulting Dr. Radica Sipcic - Client Lead, Defense Agencies
Accenture executives, Jeff Miller and Dr. Radica Sipcic, will present a framework for managing supply chain risk and actions to take to mitigate supply chain risk inside of DoD.
|
Executive | ||||||||||||
| 10/22/2020 1:20 PM -to- 1:30 PM | Network Modernization, Zero Trust, and the US Army Andrew Balzarini The majority of the Army’s security controls address external threats to the infrastructure with very few considerations given to internal threats other than policy-based controls. The Army’s inability to have proactive, internal security at all levels will prove to be detrimental, especially as the Army moves more to the cloud and the Internet of Things. As such, the Army is interested in a holistic security solution that could help ensure a zero-trust environment through monitoring and trust assurance at every level. The solution should include micro segmentation with the goal to reduce internal incidents or insider threats and the development of a standard tool to identify indicators and defend against insider threats. |
Technical | ||||||||||||
| 10/22/2020 1:30 PM -to- 1:40 PM | Hybrid Cloud and the US Army Andrew Balzarini The Army develops and sustains applications and data in a highly distributed manner and does not have a holistic mechanism to modernize or manage application life cycles. Cloud brings the essential elements of elasticity, resiliency, broad access, efficiency, secure computing platforms, data standardization and compliance tools. Given this, the Army needs assistance to establish enterprise cloud and data ecosystems that are artificial intelligence and machine learning-ready and hybrid. The Army needs to deploy an agile and flexible cloud framework to adapt legacy software to quickly meet changing operational environments, increase readiness and improve cybersecurity. |
Technical | ||||||||||||
| 10/22/2020 1:30 PM -to- 1:41:20 PM | DISA Direction for the Industry Major General Garrett Yee - Assistant to the Director, DISA Major General Garrett Yee will provide an update on some major projects happening at DISA and will discuss how industry and government partner together for advancement |
Executive | ||||||||||||
| 10/22/2020 1:41:22 PM -to- 1:50 PM | Closing Statements: Partnering for Advancement Westley McDuffie The network is no longer new to the battlespace; it is very much part of today's modern military. Cybersecurity and the mantra that surrounds it is a rapidly changing paradigm. Gone are the days of an entity being self-reliant - none more critical than the DoD. There has to be partnership, even in this era of Zero Trust networking. There has to be a standard. There has to be a trust set between DoD and its vendors. It's the partnership that will shape and secure the future of DoD. |
Executive | ||||||||||||
