2019 NTSC EASTERN REGION CISO POLICY ROUNDTABLE

New York City – April 18, 2019

April 18, 2019

The National Technology Security Coalition’s 2019 Eastern Region CISO Policy Roundtable brings together senior technology security executives in an exclusive setting to talk about trends in national cybersecurity policy.

CISA: DHS’ Newest Agency and the Mission to Partner for Collective Defense

Cyber threats remain one of the most strategic risks for the United States, threatening our national security, economic prosperity, public health, and safety. As the lead federal agency responsible for coordinating the protection of our nation’s critical infrastructure from physical and cyber threats, CISA is leading an effort to work with federal and private sector partners to exchange threat intelligence and manage risk. Matthew Travis will talk about these efforts with our attendees.

Matthew Travis, Deputy Director, Cybersecurity & Infrastructure Security Agency (CISA)

Matthew Travis serves as the first Deputy Director for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). Mr. Travis served as Deputy Under Secretary for the National Protection and Programs Directorate (NPPD) before the agency became CISA on November 16, 2018. As Deputy Director, he supports the CISA Director in overseeing the Cybersecurity Division, the Infrastructure Security Division, the National Risk Management Center, and the Emergency Communications Division. His operational support responsibilities are to ensure a holistic approach to critical infrastructure protection across physical and cyber risk activities.


Lessons Learned from the City of Atlanta Ransomware Attack

In March 2018, the City of Atlanta experienced a sophisticated ransomware attack that made national headlines. The hackers literally held the city for ransom, preventing it from using certain critical databases like those for the judicial system and first responders until the city agreed to pay the hackers to unlock the city’s systems. Attacks like these are becoming increasingly common and serve to demonstrate that state and local governments are vulnerable to cyber threats. Roy Hadley was the lead outside counsel assisting the city in responding to the attack and will discuss what happened, lessons learned, and best practices to help prevent organizations from becoming the next headline.

Roy Hadley, Attorney & Cyber Practice Lead at Adams & Reese, LLP

Roy is a lawyer and trusted advisor to businesses, governments, and families worldwide. He is an attorney in Adam and Reese's Atlanta office and a member of the corporate and securities team. With a nod to our interconnected world, Roy counsels clients globally on complex business issues, particularly those involving technology, communications, cybersecurity, life sciences, economic development, and trade. He regularly assists with matters involving data security and risk mitigation. Named a “Cyber-Security Visionary” by USBE Magazine, Roy was also named one of Georgia's “Most Powerful and Influential Lawyers,” was recognized by Legal 500 for his work in middle-markets M&A and by Savoy Magazine as a Top 100 lawyer in the U.S. for 2015, and was recently named a recipient of the 2017 Pinnacle Leadership Award.


Making Security Automation Work for Your Organization

The issues around the current state of cyber defense are well documented. The potential for automation and autonomy to address these issues is openly promoted and marketed…and also highly debated. As the Technical Director for Integrated Adaptive Cyber Defense (IACD), Kim Watson has partnered with and influenced government, industry, academia, and not-for-profits with the goal of advancing the speed and scale of cyber defense. Through demonstrations, experiments, and pilots, the IACD team has learned a lot about the use of automation in cyber defense operations. Because IACD is based on tenets like Bring Your Own Enterprise (BYOE), dial-able automation, and actionable information sharing optimized for network defenders, the team’s findings tend to be very practical. This session will highlight aspects of these lessons learned and discuss (or debate) strategies for implementing security automation in a manner that serves your organization instead of ended up as just another security capability you are forced to deploy, manage, and report on.

Kim Watson, Technical Director, Applied Physics Laboratory, John Hopkins University

Kim Watson is a member of the Senior Staff at the Johns Hopkins Applied Physics Laboratory and is a Technical Director for Integrated Adaptive Cyber Defense (IACD). Ms. Watson was a technical leader for Continuous Diagnostics and Monitoring (CDM) at the Department of Homeland Security (DHS) from 2013-2015. During that time, she directly supported the U.S. government security automation strategy team comprised of representatives from DHS, the National Security Agency (NSA), and the National Institute of Standards and Technology (NIST). Prior to her DHS role, she worked at NSA for more than 25 years, most of which was spent performing vulnerability discovery and technology evaluation activities. For the past 15+ years, she has analyzed network data, with a focus on how to represent and relate different aspects (e.g., vulnerability, threat) of the network security environment.



Agenda

1:00 p.m.—Welcome & Introductions: Patrick Gaul, Executive Director, NTSC

1:15 p.m.—CISA: DHS’ Newest Agency and the Mission to Partner for Collective Defense - Matthew Travis, Deputy Director, CISA

2:45 p.m.—Lessons Learned from the City of Atlanta Ransomware Attack: Roy Hadley, Senior Counsel & Cyber Practice Lead, Adams and Reese, LLP

4:00 p.m.—Break

4:15 p.m.—Making Cybersecurity Automation Work for Your Organization: Kim Watson, Technical Director, Applied Physics Laboratory, John Hopkins University

5:30 p.m.—Closing Remarks


Interested in attending?

An invitation-only event for CISOs and senior cybersecurity policy stakeholders, the 2019 NTSC Eastern Region CISO Policy Roundtable serves as part of our mission to provide a platform for CISOs to discuss and advocate for beneficial legislative and regulatory cybersecurity policies.

If you are a CISO or senior technology security executive interested in attending, please do not hesitate to reach out to Patrick Gaul (patrick@ntsc.org) for more details.

There is no cost to attend.