Classified as Public

Information Security

In an Insecure WorldWednesday, April 22, 2020, 8:15-4:45

Grant Thornton LLP, 1000 Wilson Boulevard, 15th Floor,Arlington, VA 22209

Jointly presented by the Northern Virginia and Metropolitan Maryland chapters of ARMA

The importance of information security has been steadily rising and has caught the full attention of the C-suite. Data breaches, new privacy regulations, and reports of rogue actors hacking public and private networks fill the news, as anxiety about protecting our most sensitive information grows. At the same time, business and government leaders are increasingly interested in leveraging cloud-based collaboration tools, artificial intelligence, the Internet of Things, and other emerging technologies – all of which present significant security challenges.

7:45-8:20 Registration/Breakfast

8:20-8:30 Welcome/Introductions: Chapter presidents

8:30-10:00 Erik Winebrenner, VP, Chief Information Security Officer at Thermo Fisher Scientific

Building a Culture that Minimizes Risks

According to McKinsey & Company, a risk culture is defined as “the norms of behavior for individuals and groups within an organization that determine the collective ability to identify and understand, openly discuss and act on the organization’s current and future risks.” How does an organization overcome barriers to understanding and acting on risk? Once the C-suite buys into the need to develop a plan to address information security risks, how do we influence the thinking and behavior of our employees?

10:00-10:25 Break

10:25-11:55 Panel discussion: Angela Dingle, President & CEO, Ex Nihilo; Danyetta Magana, President, Covenant Security Solutions; E. Wayne Rose, PhD, IT Strategy, Security and Leadership Consultant

Balancing Security Compliance with the Need for Collaboration, Openness, and Transparency

Classified as Public

Due to increasing privacy requirements and recent cyberattacks, the public and private sector alike have responded by implementing new cybersecurity regulations to detect data breaches, protect information, and safeguard against insider threats. With five generations in the workplace, the need for openness and collaboration cannot be overstated. Seasoned workers have valuable knowledge and historical perspectives to offer. Millennials want to bring their own devices, access the latest tools and work in collaborative workspaces. So, how do you find the right balance between mitigating cybersecurity risks and creating a workplace environment that fosters innovation and transparency? How much should you be investing in cybersecurity protections?

11:55-1:10 Lunch and Optional Speed Networking

Representatives from our top-level sponsors will spend 10 minutes at each table in an interactive format to discuss topics of mutual interest

1:10-2:40 Mark Riddle, Principal for CUI Program Oversight, National Archives and Records Administration

CUI/NIST Compliance and Management

This session will provide an overview of the Controlled Unclassified Information Program, address marking and safeguarding requirements, and provide an update on the status of agency implementation efforts.

2:40-3:05 Break

3:05-4:35 Kevin A. McGrail, Director of Business Growth, InfraShield

The Future of Information Security and Privacy

This presentation will provide a practical take on data security and privacy in 2020. Are data security and privacy a source of growth in business? Can they be a competitive differentiator? Kevin (aka KAM) will address “Zero Trust” network models and review the Practical Vision for a Zero Trust Network Model Implementation he wrote for a US federal agency. Along with discussing Zero Trust, he’ll define “toxic data” and challenge you to ask hard questions such as, "Do we really need this data?" and "Can we dispose of this data?" After all, it's hard to have data compromised in a breach if you don't have the data. Finally, he will discuss the impact of some of the legal requirements for data security and privacy including those embodied in CCPA, GDPR, COPPA & HIPAA.

4:35-4:45 Conclusion/Wrap-up: Chapter presidents

Classified as Public

SpeakersANGELA DINGLE, CMC, CGEITPresident & CEO, Ex Nihilo Angela is Certified in the Governance of Enterprise Information Technology (CGETI) with 20+ years of public and private sector experience in the areas of management consulting, information technology,

training, services sales, and sales support. An award-winning business owner, she successfully launched and managed several professional services organizations. Angela is an architect of high-performance software development and quality assurance teams, is experienced in a variety of management techniques and IT methodologies, and has strong international logistics engineering and system deployment experience. Angela is a Certified Management Consultant (CMC), holds a Master of Science in Management Information Systems from Bowie State University and serves as Chair of the Women Impacting Public Policy (WIPP) Board of Directors.

DANYETTA FLEMING MAGANA, CISSPPresident, Covenant Security Solutions Danyetta Fleming Magana is a Certified Information Systems Security Professional (CISSP) who founded Covenant Security Solutions in 2003. Her goal is to push the envelope regarding how we think about our information and find new and innovative ways to secure our digital way of life. Danyetta is a

Certified Information Systems Security Professional (CISSP), a globally recognized certification in the information security arena. She has been published in the Defense Information Systems Agency IA Newsletter and interviewed as an expert on Federal News Radio's “Mark Amtower Show.” In 2001, she received the Black Engineer of the Year Award for the “Most Promising Engineer in Government.” She is an advisory board member for the Armed Forces Communications and Electronics Association (AFCEA), International Technology Committee. She also serves as an advisory board member for the International Consortium of Minority Cyber Professionals (ICMCP). Danyetta also previously served as a Fellow with the Institute for Critical Infrastructure Technology (ICIT), a Washington DC based think tank that briefs Congress, Senate and the Senior Executives of the U.S. Federal government on matters related to Cybersecurity and Critical Infrastructure.

KEVIN A. McGRAILDirector of Business Growth, Infrashield.comIn his role as Director of Business Growth @ InfraShield.com, Kevin A. McGrail, aka KAM, focuses on cyberphysical security for critical infrastructure. Kevin loves Open Source Software and is a member of the Apache Software Foundation. He is a cyber security and privacy expert, and his research protects

millions of Internet users every day. He is an advisor for SecurityUniversity.edu & Virtru.com, as well as a Director at the Dysautonomia Support Network and The McGrail Foundation. His latest honor is becoming a member of the U.S. Marine Corps Cyber Auxiliary.

MARK RIDDLESenior Program Analyst for the Information Security Oversight Office (ISOO) at the National Archives and Records AdministrationMark serves as Lead for implementation and oversight activities for the Controlled Unclassified Information (CUI) Program. He co-authored the National Institute for Standards and Technology Special

Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (June 2015). This publication recommends standards for protecting CUI in nonfederal electronic environments that may be prescribed in agreements between federal and non-federal partners. He consults with executive branch departments and agencies, and with industry and other non-federal organizations on the structure and implementation of the CUI program, and its impact on the protection of sensitive information within these entities.

Classified as Public

E. WAYNE ROSE, PhD, CIO, CISO, ISSP, CFO, GSL, PCFMIT Strategy, Security and Leadership Consultant Wayne is an integrative information strategic thinker and technical leader with business acumen to analyze business needs, develop high-level overarching strategic leadership plans embedded via strategic goals and objectives, and operationalize via proven solutions to advance the organization. He is currently

an independent consultant with more than 30 years’ experience in IT and security. He most recently served as Vice President for Information Technology & Chief Information Officer for Bowie State University. Before that he worked in leadership roles at SAIC, the Naval Criminal Investigative Service, and Swissotel Hotels & Resorts. He holds a B.S. in Computer Networking, a M.S. in IT Leadership and Strategic Transformation, a Ph.D. in Organizational Leadership, and has numerous licenses and certifications, including Chief Information Officer, Chief Information Security Officer, Government Strategic Leader, and Information Systems Security Professional.

ERIK WINEBRENNERVP, Chief Information Security Officer at Thermo Fisher Scientific Erik has spent two decades leading strategic cyber programs. Within these programs, he has introduced new ideas and effective ways to strengthen the security capabilities of global multi-billion dollar companies by not only utilizing advanced tools and best practices, but also in developing efficient

processes to support risk management and data protection. He is passionate about building teams and leading cybersecurity professionals that are focused on managing risk and combating advanced threats within large-scale global and complex environments. He loves to teach others and has spent close to a decade teaching cybersecurity for the Masters Program at Towson University.