2nd Annual NTSC National CISO Policy Conference

Washington, D.C. – July 17-18, 2018

Registration is now closed.

2nd Annual NTSC National CISO Policy Conference

July 17 — July 18, 2018
300 New Jersey Avenue NW
Washington D.C. 20001

Our second annual National Technology Security Coalition (NTSC) CISO Policy Conference is an opportunity for Chief Information Security Officers (CISOs) and other cybersecurity stakeholders to:

  • Educate policymakers about issues impacting their businesses.
  • Ensure that the policy priorities of the CISO community are heard on Capitol Hill.
  • Discuss and learn about the latest cybersecurity policy issues from lawmakers and cybersecurity policy experts.


NTSC National CISO Policy Conference

Tuesday, July 17, 2018
Attendees will hear from CISOs, cybersecurity policy experts, elected officials, and government agency executive leaders about policy issues during presentations including:

Active Cyber Defense for the Private Sector CISO
Geoff Hancock, Principal, Advanced Cybersecurity Group

After major cybersecurity breaches and ransomware attacks, companies are getting angry and considering ways to fight back. Many want to ‘hack back.’ However, that is very risky. Business executives and CISOs have received many conflicting signals about what is legal and what is not. A change in policy needs to happen along with a clear understanding of the difference between hacking back and active cyber defense. Geoff will discuss the importance of both cyber threat intelligence and cyber deterrence as they pertain to active cyber defense.

Cyber Threat Intelligence

Tonya Ugoretz, Director of the Cyber Threat Intelligence Integration Center (CTIFF) at ODNI
Andrea R. Roddy, Chief, Security Engineering Services, NSA
Pete Chronis, CISO, Turner
Moderator: Marci McCarthy, President and CEO, T.E.N.

Speaking earlier this year at the Billington INTERNATIONAL Cybersecurity Summit, Jeanette Manfra, DHS Assistant Secretary for Cybersecurity and Communications, said, “Identifying a threat in one area could lead to building defenses against it in all areas, but only if government is fully leveraging information sharing at the scale and speed that the internet enables.”

That’s the vision. But while the federal government and various ISACs have made significant progress with information sharing, the security community is traditionally not very good at sharing and collaborating—even though experience shows that the more we share and collaborate, the stronger we become when dealing with cyber adversaries.

What are the barriers to effective information sharing and collaboration? How can the private sector and the federal government work together to improve the current state of cyber threat intelligence sharing? Who is responsible for leading this improvement effort? And what do we stand to lose if we don’t find a better way forward?

Multicloud and its Impact on Public Policy

Bikash Koley, CTO, Juniper Networks
As a rapidly evolving area of cloud computing that businesses are quickly embracing, multicloud also creates implications for cybersecurity laws, policies, and regulations that may affect this technological adoption. While multicloud may mitigate business risks and offer more agility for organizations, many cybersecurity questions emerge around the use of multiple cloud vendors, an organization’s security posture, and governance. With Koley’s many years of large-scale cloud infrastructure experience at Google, along with his current expertise in solving significant multicloud problems with Juniper Networks, his talk will educate policymakers about this exciting and challenging new area.

Read "Multicloud and Cybersecurity Policy: A Q&A with Bikash Koley, CTO of Juniper Networks."

Data Privacy and Security

Greg Silberman, Chief Privacy Officer, Cylance Inc.
Pedro Pavón, Senior Managing Counsel, Oracle
Robert Ball, Chief Business Development Officer and General Counsel, Ionic Security
Moderator: Mauricio F. Paez, Partner and Legal Counselor, Jones Day

DHS’ Cybersecurity Priorities
Rick Driggers, Deputy Assistant Secretary for Cybersecurity and Communications, U.S. Department of Homeland Security (DHS)

Annual Threat Report

Suzanne Kelly, CEO and Publisher, The Cipher Brief
Suzanne Kelly is CEO and Publisher of The Cipher Brief, a digital, security-based conversation platform that connects the private sector with 75 national security experts and over 900 contributors worldwide. Suzanne will summarize The Cipher Brief’s Annual Threat Report that provides an insider look at the complex global security landscape and expert perspectives on the world’s most-pressing threats.

The Federal Government’s Role in Cyber Deterrence

Lt. General Kevin McLaughlin (Ret)., President, Kevin McLaughlin Associates and former Deputy Commander of US Cyber Command
Led by Suzanne Kelly, CEO and Publisher, The Cipher Brief
Current proposed legislation such as the Cyber Deterrence and Response Act of 2018, discussion around active cyber defense, and the shifting roles of the US military in cyberspace are all leading to many questions around our approach to cyber deterrence. Lt. General Kevin McLaughlin (Ret.), with his experience and perspectives as former Deputy Commander of US Cyber Command, and Suzanne Kelly, CEO and Publisher of The Cipher Brief, with her insights from The Cipher Brief’s Annual Threat Report, will chat about these questions and discuss the future of cyber deterrence.


Wednesday, July 18
In conjunction with the NTSC National CISO Policy Conference, the NTSC welcomes CISO advocates to Washington, D.C. for our annual NTSC DC Fly-In. NTSC members—including CISOs and underwriters from across the nation—will spend time on Capitol Hill speaking with Members of Congress and congressional staffers about cybersecurity issues affecting the CISO community and their businesses.

This year’s DC Fly-In calls for action and policy priorities include:

  • National Data Breach Notification Legislation: The NTSC supports the enactment of a meaningful and uniform federal national data breach notification law that is consistent, predictable, and feasible about how an affected person shall be notified.
  • Public-Private Intelligence Information Sharing: The NTSC promotes information sharing partnerships to create a more robust and resilient cybersecurity alliance that protects both the private and public sectors’ critical infrastructure from cyber threats.
  • Cybersecurity Workforce Development: The NTSC promotes policies that strengthen the nation’s ecosystem of cybersecurity education, training, and workforce development.

Read about the 2017 NTSC National CISO Policy Conference.