2011 Symantec Government Symposium

24/7 - Assured, Efficient, Anywhere

June 14, 2011 | Ronald Reagan Building and International Trade Center | Washington, D.C.

Program

Please continue to check back for new program updates.

7:30 - 8:10 a.m.	Registration and Breakfast
8:10 - 8:15 a.m.	Welcome - GiGi Schumm, Vice President and General Manager, Public Sector, Symantec
8:15 - 8:30 a.m.	Introduction - Enrique Salem, President and Chief Executive Officer, Symantec
8:30 - 9:15 a.m.	Morning Keynote - General Colin L. Powell, USA (Ret.)
9:15 - 9:30 a.m.	Break and Networking
9:30 - 10:45 a.m.	Track A: Cyber	Track B: Compliance, IT Reform, and Open Standards	Track C: Cloud	Track D: Information Sharing and Risk Management	Track E: Mobile Access
	Session A-1 The Cyber Threat Landscape - Meeting it Head OnSession A-1: The Cyber Threat Landscape - Meeting it Head On Hackers, foreign nationals, and other malicious actors continue to feed their enthusiasm for cyber warfare, increasing the number of potentially damaging cyber attacks. In a world of always-on global connectivity and an increasingly mobile government workforce, how are we protecting ourselves against insider threats, Advanced Persistent Threats (APTs), and other cyber hazards? What are government agencies actually doing and where are the gaps? How can we establish a meaningful public-private dialogue that leads to real, measurable results? Dean Turner, Director, Global Intelligence Network, Security Response, Symantec [Moderator] Rear Admiral Mike Brown, Director, Cybersecurity Coordination, National Protection and Programs Directorate, Department of Homeland Security Lynn DeCourcey, Director of Cyber Security, NJVC Joji Montelibano, Insider Threat Security Analyst, Computer Emergency Readiness Team Program, Software Engineering Institute, Carnegie Mellon University Sherrill Nicely, Deputy Chief Information Officer, Central Intelligence Agency Matthew Stern, Program Director, United States Computer Emergency Readiness Team, Cyber Systems Division, General Dynamics Advanced Information Systems	Session B-1 Continuous Monitoring: Part One - FISMA 2.0 and The Current LandscapeSession B-1: Continuous Monitoring: Part One - FISMA 2.0 and The Current Landscape For years, government has regarded the Federal Information Security Management Act (FISMA) as a paperwork exercise with no real, actionable results for information security. But now, there is movement to push beyond meeting legislative and management requirements and put effective, measurable security practices in place. So, how will the next incarnation of FISMA affect risk management frameworks? Is online reporting working? How does the Department of Homeland Security's Continuous Asset Evaluation, Situational Awareness and Risk Scoring (CAESARS) Reference Architecture Report support FISMA requirements? How are different organizations working to build a better system and use it effectively? Hear from National Institute of Standards and Technology (NIST), DHS, and others on this critical component of our nation's cybersecurity and how some in government are making real progress to make continuous monitoring a reality. Tiffany Jones, Director, Public Sector Strategy and Programs, Symantec [Moderator] Ryan Brewer, Chief Information Security Officer and Director, Centers for Medicare & Medicaid Services, Department of Health & Human Services Ron Ross, Senior Computer Scientist, National Institute of Standards and Technology Simon Szykman, Chief Information Officer, Department of Commerce	Session C-1 Cloud Implementation - Cloud First, Security FirstSession C-1: Cloud Implementation - Cloud First, Security First The Obama administration is urging the Federal government to adopt a "cloud first" policy whenever a "secure, reliable, and cost-effective" cloud option exists. How does the government define these three terms, and to what extent must each element exist in an effective IT solution? What are the real operational differences in the public vs. private cloud debate and how do they affect mission-critical applications? How will the government manage the risks and communicate requirements to industry? Join this session to gain insight on how to best meet OMB "Cloud First" standards and leverage the latest technologies. Daniel Graves, Senior Director, Technology Strategy, Symantec [Moderator] Curtis Brazier, Principal Technologist, Federal Cloud Computing, VMware Earl Crane, Director, Cybersecurity Strategy Division, Office of the Chief Information Security Officer, Department of Homeland Security Christopher Fountain, Advisory Board Member, International Cyber Center, George Mason University and President & Chief Executive Officer, SecureInfo Corporation	Session D-1 Need to Know vs. Need to Share - Striking the BalanceSession D-1: Need to Know vs. Need to Share - Striking the Balance In the age of WikiLeaks, can we blame unsecure data sharing practices for the compromise of information? Many argue shutting down access is not the answer. Cyber space is the ultimate sharing environment. Do Federal employees really have secure, real-time access to critical information from anywhere in the world? Where are the boundaries for sharing? Has the increased sharing environment across intelligence agencies, the State Department, and the Department of Defense helped warfighters perform better? Hear from leading government experts as they discuss if "data sharing" is now the default and how to best balance the need for information access with national security concerns. Brian Dye, Vice President, Product Management, Information Management Group, Symantec [Moderator] Brian Burns, Deputy Director, Warfighter Systems Integration, Office of Information Dominance and Chief Information Officer, Office of the Secretary of the Air Force Michael Howell, Deputy Program Manager, Office of the Program Manager, Information Sharing Environment, Office of the Director of National Intelligence Dr. Peter Levin, Chief Technology Officer and Senior Advisor to the Secretary, Department of Veterans Affairs	Session E-1 Mobile Management - Device ConsumerizationSession E-1: Mobile Management - Device Consumerization Is there an app for that? Today the answer is most likely yes. How can government IT professionals guarantee the security of externally developed applications? Does the government need to restrict or manage mobile devices or should end users receive more latitude? Can the government build, design, and test its own applications for mobile devices and ensure they meet security standards? This session will examine how government can effectively embrace the world of mobile devices and Web applications with limited risk. Francis deSouza, Group President Enterprise Products and Services, Symantec [Moderator] Troy Lange, National Security Agency and Information Assurance Directorate Capabilities Manager for Mobility, National Security Agency David Stender, Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer, Internal Revenue Service
10:45 - 11:15 a.m.	Break and Networking
11:15 a.m. - 12:30 p.m.	Session A-2 Cyber Policy Priorities - Walking the WalkSession A-2: Cyber Policy Priorities - Walking the Walk The Administration and the new Congress have talked about cybersecurity as a tier-one priority - but where's the beef? Cyber legislation continues to stall, and policy changes, while well debated, do not move forward, despite the public's increased awareness of the economic, political, and national security consequences of cyber threats. How can we make forward progress on these legislative and policy priorities? What can we expect as the government develops a comprehensive cybersecurity plan? How will international coordination play into policy development? Join this session to hear from policy insiders on what must occur to move policies forward. Cheri McGuire, Vice President for Global Government Affairs and Cybersecurity Policy, Symantec [Moderator] Liesyl Franz, Vice President, Cybersecurity and Global Public Policy, TechAmerica Chris Painter, Chief Cyber Officer, Office of Cyber Issues, Department of State Tommy Ross, Senior Intelligence and Defense Advisor, Office of Senate Majority Leader Harry Reid Michael Seeds, Legislative Director, Office of Representative Mac Thornberry Denise Zheng, Professional Staff Member, Senate Homeland Security and Governmental Affairs Committee	Session B-2 Continuous Monitoring: Part Two - What's Next?Session B-2: Continuous Monitoring: Part Two - What's Next? The need to track the security state of an information system in near real-time and on an ongoing basis is a pivotal one - but which method of continuous monitoring will provide the most comprehensive, cost-effective, and measurable results? Government professionals have differing views on the path to successful continuous monitoring and how to best meet security compliance reform standards. What standard and best practices can agencies leverage to provide a transparent, interoperable, repeatable, and ultimately automated way to assess security software flaws and misconfiguration in the enterprise? Ned Miller, Director, Public Sector Strategy, Symantec [Moderator] Ryan Brewer, Chief Information Security Officer and Director, Centers for Medicare & Medicaid Services, Department of Health & Human Services Peter Mell, Senior Computer Scientist, National Institute of Standards and Technology Tony Sager, Chief, Information Assurance Directorate's Vulnerability Analysis & Operations Group, National Security Agency David Stender,Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer, Internal Revenue Service	Session C-2 FedRAMP - Getting on the Cloud Standardization HighwaySession C-2: FedRAMP – Getting on the Cloud Standardization Highway The Federal Risk and Authorization Management Program (FedRAMP) framework has met mixed reviews. What does the future hold for the program which aims to provide a standard approach to assessing and authorizing cloud computing services and products? How can FedRAMP take a more innovative, 2.0-esque approach? Will virtualization serve as the key framework for cloud implementation? And, critically, where are the best practices? Join this discussion to take part in the debate. Steve O'Keeffe, Founder, MeriTalk [Moderator] Sanjeev "Sonny" Bhagowalia, Deputy Associate Administrator, Office of Citizen Services and Innovative Technologies, General Services Administration John Bordwine, Chief Technology Officer, Public Sector, Symantec Ron Ross, Senior Computer Scientist, National Institute of Standards and Technology	Session D-2 Identity Management - What's Next?Session D-2: Identity Management - What's Next? Long gone are the days when identity management only required matching a photo with a face. How can organizations leverage the proliferation of collaborative networks and other online tools to both maintain security and allow for quick information retrieval? What is the impact of Homeland Security Presidential Directive 12 (HSPD-12) and will the introduction of the cloud hurt or improve identity management? There is an increasing convergence of physical and cyber access - but where are the best practices? Join this session to learn how access convergence will affect agencies and to debate the tough issues surrounding identity management. Jim Flyzik, Chairman, Armed Forces Communications and Electronics Association International Homeland Security Committee and President, TheFlyzikGroup [Moderator] Joshua Gruenspecht, Cybersecurity Fellow, Center for Democracy and Technology Greg Schaffer, Assistant Secretary for Cybersecurity and Communications, Department of Homeland Security Ashley Stevenson, Senior Identity Consultant, Public Sector, HP	Session E-2 Telework - Keeping A Mobile Government SecureSession E-2: Telework - Keeping A Mobile Government Secure As the number of teleworkers grows, the government will focus closely on minimizing data loss, particularly as agencies store information in an increasing number of locations, including private residences. How can organizations address telework security risks? How can CIOs select cost-effective technologies that enable expanded, secure access for remote Federal employees? What can executives do to best train and educate employees to reduce security risks in their day-to-day activities? Mark Bregman, Executive Vice President, Chief Technology Officer, Symantec [Moderator] Gary Galloway, Deputy Director, Office of Information Assurance, Department of State Eric Kretz, Director, National Continuity Programs, Federal Emergency Management Agency Van Ristau, Chief Technology Officer, DLT Solutions Rod Turk, Director, Office of Organizational Policy and Governance and Chief Information Security Officer, Patent and Trademark Office, Department of Commerce
12:30 - 2:15 p.m.	Introduction - GiGi Schumm, Vice President and General Manager, Public Sector, Symantec 2011 Cyber 4 Awards Ceremony - Presented by Enrique Salem, President and Chief Executive Officer, Symantec and GiGi Schumm, Vice President and General Manager, Public Sector, Symantec Luncheon and Keynote - Rand Beers, Under Secretary for the National Protection and Programs Directorate and Counter-Terrorism Coordinator, Department of Homeland Security
2:15 - 2:30 p.m.	Break and Networking
2:30 - 3:45 p.m.	Session A-3 Critical Infrastructure Security - The Crucial Choke PointSession A-3: Critical Infrastructure Security - The Crucial Choke Point In today's constantly evolving threat landscape, our nation's critical infrastructure is one of the critical choke points. There is no doubt we need to vastly improve security in this area - especially with the growing number of cyber attacks on both government and private networks. But despite these very real risks, the government is falling behind. As we become mired in policy debates, it is difficult to see who is holding the ball. Where does authority lie for putting effective mandates in place? How can government and the private sector work more effectively together? Where is the leadership and organization to make this a priority? How will the cybersecurity pact between the Department of Homeland Security, the Department of Defense, and the National Security Agency result in a coordinated joint-agency effort for protecting critical infrastructure? John Jolly, Vice President & General Manager, Cyber Systems Division, General Dynamics Advanced Information Systems [Moderator] Barry Hensley, Director, Counter Threat Unit, Dell SecureWorks Michael C. Layton, Deputy Director for Material Safety, Nuclear Regulatory Commission Jon Stanford, Director, Information Security Advisory, Utilities and Power Generation Practice, PricewaterhouseCoopers Col. John Toomer, Deputy Director, Cyber and Information Operations Directorate, Deputy Chief of Staff for Operations, Plans and Requirements, U.S. Air Force	Session B-3 OMB 25-Point Plan and Data Center Consolidation - Are We Seeing the "Light?"Session B-3: OMB 25-Point Plan and Data Center Consolidation - Are We Seeing the "Light?" The Office of Management and Budget's (OMB) 25 Point Plan has generated a lot of positive buzz. It is ambitious and potentially game-changing with its agile, adaptive approach to IT project management and technology acquisition, as well as advocacy for "light technology" and shared solutions. Data center consolidation figures prominently. But, the plan presents challenges as well. How can agencies consolidate infrastructure without compromising performance, end-user data access, and security? Many agencies are focused on managing and securing the virtual environment. This session will provide updates on OMB's 25 Point Plan, funding issues, and data center reduction timelines, as well as highlight best practices from government and private industry. Anil Chakravarthy, Senior Vice President, Storage and Availability Management Group, Symantec [Moderator] Walter Bigelow, Deputy Chief, Service Management Division, Bureau of Alcohol, Tobacco, Firearms, and Explosives Janice C. Haith, Director, Assessments and Compliance, U.S. Navy John Rucker, Acting Director, Corporate Data Center Operations Department of Veterans Affairs	Session C-3 The Next Generation of Cloud - E-mail and BeyondSession C-3: The Next Generation of Cloud - E-mail and Beyond With the eventual move to the cloud inevitable for many government organizations, hear how agencies have been working to implement cloud e-mail services - from the early decision points through to the actual user experiences - and how their decisions to move to Web-based systems affected functionality and business processes. In addition, hear about various organizations' plans to expand cloud capabilities, and what these plans could mean for the future of government. What lessons or best practices can agencies take away from their peers' move to the cloud? Scott Armstrong, Senior Business Development Manager, Civilian Strategic Programs, Symantec [Moderator] William Corrington, Chief Technology Officer, Department of the Interior Fred Whiteside, Project Manager, National Institute of Standards and Technology Cloud Computing Program, Department of Commerce	Session D-3 Addressing Cyber Security through Collaboration - The 2.0 World and BeyondSession D-3: Addressing Cyber Security through Collaboration - The 2.0 World and Beyond Internal and external social networking sites have helped spur intra- and inter-agency collaboration - which comes with all the expected security risks. The government has very few requirements for collaborative capabilities, but as agencies initiate programs in response to the passage of the Telework bill, online collaboration tool use will become more prevalent and necessary. Is the government ready for this shift? This session will explore how the government is evolving with Web 2.0, as well as how different organizations are meeting user demands, assessing available technologies, and addressing the associated risks. Riley Repko, President & Chief Executive Officer, Trusted Cyber Solutions, LLC [Moderator] Daniel Dunkel, President, New Era Associates, LLC Jamil Farshchi, Chief Information Security Officer, Los Alamos National Labs, Department of Energy Francis Landolf, Principal, Core Consulting, LLC Ari Schwartz, Senior Internet Policy Advisor, Information Technology Laboratory, National Institute of Standards and Technology Major General Steven Smith, Director, Cyber Directorate, Office of the Army Chief Information Officer/G-6, United States Army	Session E-3 Always On - Reliable, Secure Access AnywhereSession E-3: Always On - Reliable, Secure Access Anywhere The age of mobile computing, smart devices, open-source culture, and increased computing power has a side effect: a growing number of threats to government IT systems. Concurrently, the press for data center consolidation, smart grid enhancements, and cloud deployment highlights the requirement for seamless continuity of mission-critical operations and citizen services. Agencies are increasingly using Web-based and cloud services where high availability support, a secure and cost-effective energy grid, and interoperability of systems is paramount. Service level challenges will compromise enterprise and mission performance. And threats to critical systems such as the smart grid have amplified in increasingly mobile enterprise environments. What best practices exist across agencies? How can government increase operational efficiency, reduce costs, minimize frustration, and provide the level of security and availability required for mission-critical functions? Jose Iglesias, Vice President Education & Enablement Services, Symantec [Moderator] Albert Kinney, Director, Defense Cybersecurity Capability, Enterprise Services, HP Robert Mayer, Vice President, Industry and State Affairs, U.S. Telecom Association John Santo, Executive Director, Wireless Systems Program Office, Customs and Border Protection, Department of Homeland Security
4:00 - 6:30 p.m.	After-Symposium Reception: W Hotel