Keynote Speakers

Major General Mitchell Kilgo Major General Garrett Yee
Commanding General  Assistant to the Director
US Army CECOM DISA

 

The Department of Defense Information Network (DoDIN) is a key component of the nation’s critical infrastructure providing stability and security in protecting our domestic and global interests.  The DoD must take all measures to ensure offensive and defensive strength of the network to combat invisible adversaries, threats and attacks. 
 
The inaugural DoDIN APL Summit is designed to provide attendees from across the DoD the opportunity to learn and expand their understanding of the DODIN APL and its requirements as well as open dialogue between all key stakeholders.  Government and industry experts will discuss the procurement process and potential challenges and the importance of buying products from the APL to protect our nation’s security, as well as give attendees the opportunity to interact live in the virtual exhibit hall with APL vendors.
 
ADVANCE.
The speed of technological change is exponential, but the adoption is linear.  DoDIN requirements outpace the implementation of security-architected products due to the exhaustive, yet necessary, certification process.  Can the APL community work in parallel to close the gap between vendor product/version release and government-approved use on sensitive networks?
 
PROTECT.
To achieve DoDIN APL status, vendors must architect products that meet the highest security without sacrificing interoperability.  The APL is an acquisition decision-support tool based on a rigorous, product testing, validation, certification, and selection process.  In selecting COTS products from the DoDIN APL, decision makers across DoD ensure the products they use have met the “gold-standard” for network protection.
 
LEAD.
Leaders set the direction by helping others see what lies ahead and rising to the challenges.  Network administrators, cyber professionals, technologists, and procurement officials can lead by example by choosing to leverage the DoDIN APL to its fullest extent.  Use of the DoDIN APL, in lieu of waivers or branch-specific product lists, provides risk mitigation for DoD organizations interested in procuring products to add to the DISN to support their mission.



In 2011, the DoD created the DoDIN APL to identify solutions that were tested and trusted to address government concerns. DISA defines the DoDIN Approved Product List (APL) as the single, consolidated list of products that have completed cybersecurity and interoperability certification. 

The APL process is used to test and certify products that affect communication and collaboration across the DoDIN and is an acquisition decision support tool for DoD organizations interested in procuring equipment to add to the DISN to support their mission. 

The APL offers DoD decision makers the knowledge that rigorous due diligence has been conducted, resulting in an increased level of confidence the equipment being selected will be the best choice with regards to cost, effectiveness, and security without sacrificing operability. As of 2020, more than 80 vendors have achieved DoDIN APL certification.


Interested in sponsoring the DoDIN APL Summit? Contact sales@v-fed.com for the event prospectus

Sessions


All times are Eastern Time Printable Schedule || Times, presenters and sessions are subject to change.

11:00 AM
-to-
11:10 AM


   
add_alert
Add to Calendar

Welcome & Kickoff: Advance. Protect. Lead


Rock Booze -   Event Co-Chair, Colonel (ret.) U.S. Army

 

We’ve heard it before and will probably continue to hear the same theme in every DoD circle, conference, or conversation where technology is involved, “we need to close the gap between the speed to need.”  Technological advances are happening at an exponential rate and often outpacing its usefulness once implemented in the DoD spaces.  That’s why it’s important for government and industry to have continuous conversations and tight-knit partnerships to close that gap.  As we team together to work through cutting edge solutions, we must ensure they are secure, functional, and most importantly satisfy the requirement. We are an intricately, technologically connected world and our ability to meet today’s challenges on the world stage is not a matter of technology for technology’s sake but another cog in the wheel of our National Security.


11:10 AM
-to-
11:20 AM


   
add_alert
Add to Calendar

Opening Keynote: CECOM and the APL


Major General Mitchell Kilgo  - Commanding General, US Army CECOM

 

"CECOM and the APL" will introduce the basics of what the APL is and why it is important.  It will also explain the critical role that the U.S. Army Communications-Electronics Command and its subordinate U.S. Army Information Systems Engineering Command have in ensuring Army program managers have access to cyber-secure and interoperable components for network infrastructure.


11:20 AM
-to-
11:30 AM


   
add_alert
Add to Calendar

Rethinking the APL in the COVID Environment


Greg Touhill -   Brigadier General (ret.), USAF

 

Nine years after it’s inception, the DODIN Approved Products List only has about 80 vendors whose products have been certified. In this short discussion, retired Brigadier General Greg Touhill, the former US CISO, challenges the DoD to rethink how it manages the DODIN APL. Recommendations include rethinking reciprocity, measuring process performance and eliminating processes that don’t add value, and confederate to expand capacity and throughput.

Sponsored by:


11:30 AM
-to-
12:05 PM


   
add_alert
Add to Calendar

Panel: Preparing for DoD’s Cybersecurity Maturation Model Certification (CMMC)


Moshe Schwartz -   Defense Procurement Analyst

 


Moshe Schwartz
Moderator
David Berteau
Panelist
Dr. Morgan Dwyer
Panelist
John Zanni
Panelist


Defense Procurement Analyst and Associate

Etherton and Associates

President and CEO
 

Professional Services Council
Deputy Director for Policy Analysis

CSIS
CEO 

Acronis SCS


Spearheaded by the Office of Under Secretary of Defense for Acquisition & Sustainment, the Cybersecurity Maturation Model Certification (CMMC) maps out the cyber hygiene requirements for all contractors within the defense industrial base seeking to do business with the Department of Defense. In contrast to past regulations that relied on contractor self-certification, the CMMC requires third-party validation of cybersecurity controls and processes across five levels, from basic to advanced.

Though it represents a long-overdue reckoning with the defense industry’s vulnerabilities, there is still a lot of work to be done until the CMMC is ready for complete deployment. As the DoD finalizes its third-party accreditation process and begins building CMMC requirements into contract this year, businesses must proactively prepare.


Sponsored by:


12:05 PM
-to-
12:20 PM


   
add_alert
Add to Calendar

An Interview with the Creator of Zero Trust


John Kindervag  - Field CTO and Creator of Zero Trust

 

Hear from the Creator of Zero Trust about his perspective on the misconceptions of Zero Trust, such as:
- Zero trust means making a system trusted
- Zero trust is about identity
- There are Zero Trust products
- Zero Trust is complicated


12:20 PM
-to-
12:30 PM


   
add_alert
Add to Calendar

Enterprise IT as a Service (EITaaS) Implications on the APL


Dr. Claire Cuccio  - President and CEO, SNVC LLC

 

As the DoD moves towards Enterprise IT as a Service (EITaaS), there are policy implications involving the APL. It appears to be a loss of control for an organization that likes to be in control. How will the APL policies evolve to support EITaaS?


12:20 PM
-to-
12:30 PM


   
add_alert
Add to Calendar

Complete Visibility as the Foundation for Zero Trust


David Pulido -   Sr Systems Engineer, Public Sector, Forescout

 

As Zero Trust Architectures and execution planning continue to evolve, it is important to understand the requirements that must first be met in order to deploy a successful cybersecurity solution. Ensuring 100% visibility into every connected device across the enterprise environment is the key foundation to any solution. Combining visibility with the current DoDIN enterprise tool sets will establish that foundation in order to successfully deploy Zero Trust to the Enterprise of Things.

Sponsored by:


12:20 PM
-to-
12:35 PM


   
add_alert
Add to Calendar

APL 101


Michael Houde  - Program Manager, DISA

 

APL 101 will introduce the DoDIN Approved Products List and the DISA office that manages the process.  We'll talk about the various stakeholders in the APL process and how each fit into the overall picture.  Finally, we'll provide resources for further research to ensure a successful DoDIN APL submission.  


12:30 PM
-to-
12:40 PM


   
add_alert
Add to Calendar

Industry Needs from DISA for Innovation


Dr. Dave Lockhart -   Site Manager, Aberdeen Proving Ground, Boeing

 

How do we effectively apply open innovation theory and practices employed in the private sector to the federal public sector, specifically the Department of Defense (DOD) Defense Acquisition Management System (DAMS) to address on-going DOD innovation challenge? The principal focus is on using open innovation to enhance the DOD’s ability, working with its industrial-base and its associated ecosystem, to get innovative products and services from industry through the DAMS to DOD’s end-users faster, at lower cost, while continuing to meet or exceed performance requirements.
 


12:30 PM
-to-
12:50 PM


   
add_alert
Add to Calendar

Access Remote Applications and DoD Office 365: Ensuring Compliance without Layer-3 VPN Tunneling


Michael Riemer -   Global Field CTO, Pulse Secure

 

Zero Trust initiatives and secure remote access are highly relevant in our post COVID-19 world. How are highly scalable, DoDin-approved tools, including Software Defined Perimeter (SDP), being leveraged to connect remote DoD employees and contractors to on-prem applications and hosted SaaS applications such as DoD O365 and others. This session will examine key use cases, reference architectures and tech innovations.

Sponsored by:


12:35 PM
-to-
12:50 PM


   
add_alert
Add to Calendar

Distributed Testing


Jeff Bhe -   Group Leader, US Army, USAISEC-TIC, Fort Huachuca

 

Joining Jeff Bhe will be Jordan Silk, the primary sponsor for the majority of all Army sponsored products on the DoDIN APL. Starting with the beginnings of Distributed Testing, this session will cover how we got to where we are today, the teams involved, the facilities, the sponsorship required, and what happens after testing.


12:40 PM
-to-
12:50 PM


   
add_alert
Add to Calendar

Taking the DoDIN APL One Step Further: Securing Software Supply Chains


John Zanni -   CEO, Acronis SCS

 

From power grids and advanced weapons systems to the telework-enabling apps connecting us during COVID-19, software sits at the heart of nearly all that keeps America and the world running. But in the words of a recent Atlantic Council report, “society has a software problem.” As more and more products and services rely on the use of unvetted third party code and open source libraries, cyber risks and opportunities for exploitation have surged.

While the DoDIN APL does a tremendous job of outlining the polices necessary for hardware to be vetted and deployed within the DoD’s technology infrastructure, little has been done to define what constitutes software as secure. To successfully serve our nation’s software needs, vendors need access to clearly defined polices, processes, and practices for objectively assessing software code risk – without breaking the bank. 


Sponsored by:


12:50 PM
-to-
1:00 PM


   
add_alert
Add to Calendar

Proposed APL Augmentation to the Current VDI and VMI Environments


CW5 Deshawn Bell  - Senior Technical Advisor, USARPAC G6

 

Many of us have attended AFCEA TechNet, AUSA events, or other DoD sponsored industry events, when a senior leader held up his or her personal smartphone or tablet and asked, “Why can’t I perform the same tasks on my government device that I perform on my personal device I hold in my hand?”  Those of us in the information systems, and network and information services profession, know the response to that question requires many qualifiers and caveats that serve to highlight and underscore the need to protect sensitive government information, to ensure the security of the United States, and to protect our way of life.  National Defense is paramount to us within DoD, but not so much so in the commercial sector.  Nevertheless, this persistent question from senior leaders provides an opportunity in my opinion to evolve our current communications and information capabilities to align with senior leaders’ growing expectations.


12:50 PM
-to-
1:10 PM


   
add_alert
Add to Calendar

Implementing Cloud for your Needs - Modernizing Data Management


Jeffrey   Phelan

 

Every agency supports different missions—and has to support their researchers in unique ways. What is not unique is that the need to ensure the security, integrity and speed of how we access data is always changing.  New tools like A.I and Data analytics, have increased the need for speed in ingesting large sets of data for processing.  This has been accomplished in the past with On prem Hardware in Large data Centers. The introduction of cloud has many thinking of how to change that model of running large siloed data centers. While cloud has made promises of speed and data resiliency—it is important to pick a model that works for your IT and research organizations.

Sponsored by:


12:50 PM
-to-
1:00 PM


   
add_alert
Add to Calendar

Lessons Learned: DoDIN APL Submission Process


Brian Coache -   Offering Manager, QRadar, IBM

 

IBM is no stranger to submitting products for DODIN approval. In the best case scenario, everything works as planned. Not everything is the best-case scenario. IBM will present lessons learned during the approval process when Federal units are within a commercial model.

Sponsored by:


1:00 PM
-to-
1:15 PM


   
add_alert
Add to Calendar

Mobile-First Zero Trust Security


Bill Harrod -   Federal CTO, MobileIron

 

Modern work increasingly takes place in the cloud and on personal mobile devices, eroding the traditional network perimeter and introducing countless new threat vectors to DoD organizations. At the same time, mobile threats are evolving. 
 
Nation-state hackers are exploiting mobile vulnerabilities and threat actors are exploiting devices of targeted users as well as more general “spray and pray” attacks.  Meanwhile, unmanaged devices provide a goldmine of readily accessible and highly critical personal and potentially DoD data.
 
DoD is expanding their security strategy to include mobile devices. A mobile-centric zero trust approach deals with the security challenges posed by the perimeter-less modern DoDIN while also allowing agility and anytime access. The mobile-centric zero trust model provides the visibility and IT controls needed to secure, manage and monitor every device, user, app, and network being used to access data. This approach also provides threat detection and remediation on the device, before it ever reaches the protected applications and network resources.


Sponsored by:


1:00 PM
-to-
1:30 PM


   
add_alert
Add to Calendar

Navigating the Pitfalls on the Path to DoDIN APL Certification


Jeremy Duncan -   Managing Partner, Tachyon Dynamics

 

The DoDIN APL process is a very confusing, onerous, and obtuse one for equipment vendors to navigate – especially if they have no experience interacting with the US Federal Government or DoD.  Our talk is about all the traps and pitfalls vendors get themselves into that either cause them to fail testing, cause significant delay, or create significant sales challenges with system architectures.  These pitfalls range from process-oriented issues like documentation and certification pre-requisites, but also significantly effect the technical roadblocks that a vendor may experience like CAT 1s, IPv6, multifactor authentication, and overall product security and interoperability readiness.  We hope by the end of this talk, vendors will have a better idea about what pitfalls to avoid by having better certification risk mitigation.

Sponsored by:


1:10 PM
-to-
1:20 PM


   
add_alert
Add to Calendar

Managing Infrastructure Complexity to Improve Security


Arthur Bradway -   Senior Sales Engineer, Government and Education

 

Complexity of internal environments is a leading obstacle to federal IT security, according to our recent cybersecurity survey. Managing this complexity requires improved visibility and details about devices and their dependencies.
 
SolarWinds tools help with visibility, including device discovery and dependency mapping. Additional security use cases include baselining normal activity, backing up device configurations, managing vulnerabilities, and improving compliance.


- You should attend this session if you’d like to learn how to:
- Leverage next generation maps with summary and detailed views, including dependencies
- Monitor network baselines to identify abnormal activity
- Use configuration and patch management to reduce vulnerabilities and improve compliance


Sponsored by:


1:15 PM
-to-
1:30 PM


   
add_alert
Add to Calendar

Securing the DoD Supply Chain: From Compliance to Actions at Scale


Jeff Miller -   Managing Director, Management Consulting

 

Jeff Miller Dr. Radica Sipcic
Managing Director, Accenture Federal Services, Management Consulting - Supply Chain & Operations Client Executive, Defense Agencies, Accenture Federal Services

Accenture executives, Jeff Miller and Dr. Radica Sipcic, will present a framework for managing supply chain risk and actions to take to mitigate supply chain risk inside of DoD. 


Sponsored by:


1:20 PM
-to-
1:30 PM


   
add_alert
Add to Calendar

Network Modernization, Zero Trust, and the US Army


Andrew  Balzarini

 

The majority of the Army’s security controls address external threats to the infrastructure with very few considerations given to internal threats other than policy-based controls. The Army’s inability to have proactive, internal security at all levels will prove to be detrimental, especially as the Army moves more to the cloud and the Internet of Things. As such, the Army is interested in a holistic security solution that could help ensure a zero-trust environment through monitoring and trust assurance at every level. The solution should include micro segmentation with the goal to reduce internal incidents or insider threats and the development of a standard tool to identify indicators and defend against insider threats.

Sponsored by:


1:30 PM


   
add_alert
Add to Calendar

DISA Direction for the Industry


Major General Garrett Yee  - Assistant to the Director, DISA

 

Major General Garrett Yee will provide an update on some major projects happening at DISA and will discuss how industry and government partner together for advancement


1:30 PM
-to-
1:40 PM


   
add_alert
Add to Calendar

Hybrid Cloud and the US Army


Andrew  Balzarini

 

The Army develops and sustains applications and data in a highly distributed manner and does not have a holistic mechanism to modernize or manage application life cycles. Cloud brings the essential elements of elasticity, resiliency, broad access, efficiency, secure computing platforms, data standardization and compliance tools. Given this, the Army needs assistance to establish enterprise cloud and data ecosystems that are artificial intelligence and machine learning-ready and hybrid. The Army needs to deploy an agile and flexible cloud framework to adapt legacy software to quickly meet changing operational environments, increase readiness and improve cybersecurity.

Sponsored by:


1:41:22 PM


   
add_alert
Add to Calendar

Closing Statements: Partnering for Advancement


Westley  McDuffie

 

The network is no longer new to the battlespace; it is very much part of today's modern military. Cybersecurity and the mantra that surrounds it is a rapidly changing paradigm. Gone are the days of an entity being self-reliant - none more critical than the DoD. There has to be partnership, even in this era of Zero Trust networking. There has to be a standard. There has to be a trust set between DoD and its vendors. It's the partnership that will shape and secure the future of DoD. 


Sponsors







Acronis SCS is an American cyber protection and edge data security company exclusively dedicated to meeting the unique requirements of the US public sector. Our innovative and comprehensive cyber protection, backup and disaster recovery, anti-ransomware, and enterprise file sync and share software solutions ensure operational assurance and data security across America’s federal, state and local government, education, healthcare, and nonprofit computing environments.




IBM Security develops intelligent enterprise security solutions and services to help your business prepare today for the cyber security threats of tomorrow.




Wildflower International is a small, minority-owned, woman-owned, HUBZone business, serving the Federal Government and its National Laboratories for three decades. We have long-term experience delivering comprehensive information technology products, services, and solutions with a proven record of accomplishments. Our solutions are available via a variety of contract vehicles including, CHESS ITES-3H, SEWP V, DHS First Source II, DOE ICPT, SCMC, and GSA. We are a Dell Federal Titanium Partner.




Wildflower International is a small, minority-owned, woman-owned, HUBZone business, serving the Federal Government and its National Laboratories for three decades. We have long-term experience delivering comprehensive information technology products, services, and solutions with a proven record of accomplishments. Our solutions are available via a variety of contract vehicles including, CHESS ITES-3H, SEWP V, DHS First Source II, DOE ICPT, SCMC, and GSA. We've been recognized as the Juniper Networks Federal Partner of the Year for both 2018 & 2019!




Accenture Federal Boilerplate - Accenture Federal Services, a wholly owned subsidiary of Accenture LLP, is a U.S. company with offices in Arlington, Virginia. Accenture’s federal business has served every cabinet-level department and 30 of the largest federal organizations. Accenture Federal Services transforms bold ideas into breakthrough outcomes for clients at defense, intelligence, public safety, civilian and military health organizations. Learn more at www.accenturefederal.com.







At CommScope Federal, we push the boundaries of communications technology to create the world’s most advanced networks. Across the globe, our partners and their solutions are redefining connectivity, solving today’s challenges and driving the innovation that will meet the needs of what’s next.




CyberArk is the global leader in privileged access management, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce the risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including more than 50 percent of the Fortune 500, to protect against external attackers and malicious insiders.




The Cyber Security Forum Initiative (CSFI) is a non-profit organization headquartered in Omaha, NE and in Washington DC with a mission "to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training to assist the US Government, US Military, Commercial Interests, and International Partners."







Forescout is the leader in Enterprise of Things security, offeringa holistic platform that continuously identifies, segments and enforces compliance of every connected thing across any heterogeneous network. The Forescout platform is the most widely deployed, scalable, enterprise-class solution for agentless device visibility and control. It deploys quickly on your existing infrastructure – without requiring agents, upgrades or 802.1X authentication. Fortune 1000 companies and government organizations trust Forescout to reduce the risk of business disruption from security incidents or breaches, ensure and demonstrate security compliance and increase security operations productivity.
 
Don’t just see it. Secure it. Visit forescout.com to learn how Forescout provides active defense for the Enterprise of Things.




Fortinet provides federal government customers with complete visibility and control across the expanding attack surface and the power to take on ever-increasing performance requirements today and in the future. Fortinet offers federal agencies world-class solutions for on-premises perimeter security, secure remote access, multi-domain networks, advanced threat protection, zero-trust network access, operational and security awareness, third-party and insider threat protection, and many other needs. Learn more at www.FortinetFederal.com.







MobileIron is redefining enterprise security with the industry’s first mobile-centric, zero trust platform built on a unified endpoint management (UEM) foundation to secure access and protect data across the perimeter-less enterprise. Zero trust is defined by a “never trust, always verify” approach to security. MobileIron’s mobile-centric, zero trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats to ensure that only authorized users, devices, apps, and services can access business resources.




The National Defense Industrial Association drives strategic dialogue in national security by identifying key issues and leveraging the knowledge and experience of its military, government, industry, and academic members to address them. NDIA is comprised of 1,610 corporate and 65,000 individual members, is a non-partisan, non-profit, educational association that has been designated by the IRS as a 501(c)3 nonprofit organization - not a lobby firm - and was founded to educate its constituencies on all aspects of national security.




Pulse Secure provides easy, comprehensive software-driven Secure Access solutions for people, devices, things and services that improve visibility, protection and productivity for our customers. Our suites uniquely integrate cloud, mobile, application and network access to enable hybrid IT in a Zero Trust world. Over 24,000 enterprises and service providers across every vertical entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance. Learn more at www.pulsesecure.net.




Rubrik enables agencies to cultivate a highly effective IT workforce by supplying automated backup policies and eliminating time intensive manual processes. By allowing users to do secure self-service restores, Rubrik helps federal agencies improve their customer IT experiences.




Silvereye Technologies is a value-added IT reseller and marketing services provider for government agencies and enterprise customers. Here at Silvereye, we specialize in turn-key solutions in the areas of back-up, security, and mobility, in order to foster an agile IT environment and increase end user productivity.




SolarWinds® provides powerful and affordable IT management software to customers worldwide from enterprises of all sizes to virtually every civilian agency and branch of the US Military. We focus exclusively on IT Pros and strive to eliminate the complexity that they have been forced to accept. SolarWinds delivers on this commitment with unexpected simplicity through products that are easy to find, buy, use and maintain while providing the power to address any IT management problem.




Tachyon Dynamics is a premier technology company focused on advanced technology enterprise planning, designing, and implementation like Internet Protocol version 6 (IPv6), virtual server systems, cutting edge networking systems, and proven cyber security technologies and processes. We are a Service-Disabled Veteran-Owned Small Business (SDVOSB) that understands the importance of efficient and reliable communications.




Thales Trusted Cyber Technologies, a business area of Thales Defense & Security, Inc., is a trusted, U.S. based source of cyber security solutions for the U.S. Federal Government. We offer holistic data protection solutions that deliver the same level of security whether deployed in enterprise, tactical or cloud environments.




v-FED is a virtual conference dba organization focused on connecting the Federal Government and the IT industry through our virtual events and those of our partners.