12th Annual U.S. Department of Justice Cybersecurity Symposium - U.S. Department of Justice
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
12th Annual U.S. Department of Justice Cybersecurity Symposium U.S. Department of Justice
Hosts Welcome
Melinda Rogers
DOJ Deputy Assistant Attorney General and
Welcome to the 12th Annual U.S. Department
Chief Information Officer (CIO) of Justice Cybersecurity Symposium.
Ms. Rogers oversees DOJ’s $3.3 billion information technology (IT)
portfolio, providing strategic direction to DOJ components and directly We are pleased to bring back our annual DOJ Cybersecurity Symposium after
supporting mission operations through IT service delivery, as well as DOJ’s suspending it last year in response to the pandemic. To support safety guidelines of
cybersecurity program to proactively mitigate and monitor risks associated maintaining social distance while continuing with our tradition, we are hosting our
with the acquisition, management, and security of technology assets. symposium this year virtually. Though our venue has changed from in-person to
Previously, she served as Deputy Chief Information Officer, and earlier as virtual, the goals of the symposium remain the same—to promote greater awareness
Chief Information Security Officer. Before joining DOJ, she was Equifax’s of cybersecurity and encourage information sharing among peers.
Assistant Vice President for Fraud Prevention and Identity Verification
Solutions. Ms. Rogers holds a Master's of Business Administration from
Today’s cybersecurity tools, cutting-edge techniques, and expanding knowledge
Emory University and is an alumna of George Mason University.
continue to play critical roles in addressing threats throughout the nation and around
the world. A skilled and forward leaning cybersecurity workforce is essential to our
Nickolous Ward day-in and day-out mission of securing the federal enterprise, incorporating
DOJ Chief Information Security Officer (CISO) innovative and agile solutions that include incident response, identity management,
Mr. Ward leads a team of cybersecurity specialists providing services insider threat prevention, risk management, and so many more critical areas. Our
across DOJ, including continuous monitoring and diagnostics; security diverse list of speakers includes leading cyber experts in the federal and private
operations and incident response; security architecture; and identity sectors, with insight into the current challenges facing the field and the direction
and access management solutions. Previously, he served as CISO for of cybersecurity in the next few years.
Adient, a global 2000 manufacturer, and earlier as Assistant Director
of Security Operations at DOJ. Mr. Ward’s cybersecurity experience
This year we are introducing the first annual DOJ Cybersecurity Symposium Capture
also includes eight years of service in the United States Marine Corps.
the Flag (CTF) event. The CTF will take place over the course of the three days and will
Mr. Ward holds a Bachelor of Science in Computer Networks and
Cybersecurity from the University of Maryland Global Campus. offer an opportunity for cyber experts and novice participants to test their cyber
acumen based on real-world and emerging threat scenarios. Good luck to all those who
registered to participate!
Vu Nguyen
DOJ Deputy Chief Information Security Officer (DCISO)
Again, thank you for participating, and we look forward to the thoughtful discussions ahead.
Mr. Nguyen manages cybersecurity operations, including architecture,
compliance, engineering, and risk. Previously he served at the U.S.
Department of Homeland Security, including the Cybersecurity
Operations Division and the U.S. Citizenship and Immigration Services. Melinda Rogers Nickolous Ward
DOJ Deputy Assistant Attorney General and DOJ Chief Information Security Officer
Mr. Nguyen holds a Master of Science in Telecommunications focused Chief Information Officer
on cybersecurity and computer forensics from George Mason University.
Thank You Thank you to all presenters and panelists.
Agenda / DAY 1 / MAY 4
9:00 – 9:05 a.m. 10:35 – 10:45 a.m. 11:35 a.m. – 1:00 p.m. 1:40 – 2:20 p.m.
Welcome Break Lunch Emerging Tech for
Nickolous Ward Security at Scale
DOJ Chief Information Security Officer 10:45 – 11:25 a.m. 1:00 – 1:40 p.m. Merritt Baer
U.S. Department of Justice
Bringing an Ethical Hacker’s Executive Leadership Panel Principal Security Architect for
Global Accounts
Approach to Shaping Cyber Policy Discussion: Ensuring Cybersecurity
Amazon Web Services
9:05 – 9:10 a.m.
Dr. Mark Kuhr and Mission Success
National Anthem Chief Technology Officer and Co-founder MODERATOR:
Dorothy Fleming Williams Synack 2:20 – 2:25 p.m.
Janet Vogel
Accessibility Specialist Chief Information Security Officer The Day in Review
U.S. Department of Justice (DOJ) U.S. Department of Health and Nickolous Ward
11:25 – 11:35 a.m.
Human Services DOJ Chief Information Security Officer
2021 DOJ Cybersecurity Symposium
PANELISTS: U.S. Department of Justice
9:10 – 9:15 a.m.
Capture the Flag (CTF) Security
Opening Remarks Challenge | Day 1 Perryn B. Ashmore
Acting Chief Information Officer
Melinda Rogers Nickolous Ward U.S. Department of Health and
DOJ Deputy Assistant Attorney General and DOJ Chief Information Security Officer Human Services
Chief Information Officer U.S. Department of Justice
U.S. Department of Justice Keith A. Jones
Andre Gerard Chief Information Officer
Senior Manager, Community Operations U.S. Department of State
9:15 – 9:55 a.m.
Synack
Cybersecurity Priorities at John Sherman
the United States Office of Jeremiah Roe Acting Chief Information Officer
Solutions Architect and Red Team Expert U.S. Department of Defense
Management and Budget Synack
Chris DeRusha
Federal Chief Information Security Officer
United States Office of Management and Budget
9:55 – 10:35 a.m. Special thanks to Dorthy Fleming Williams
Nation Cybersecurity Threats for performing the national anthem since 2017.
Kevin Mandia
Chief Executive Officer
FireEye
Note: The 12th Annual U.S. Department of Justice Cybersecurity Symposium is presented by the
DOJ OCIO Leadership Office of the Chief Information Officer. Agenda and schedule subject to change without notice.
4 12th Annual U.S. Department of Justice Cybersecurity Symposium May 4 - 6, 2021 | Office of the Chief information Officer 5
Agenda / DAY 2 / MAY 5
10:00 – 10:05 a.m. 10:50 – 11:00 a.m. 12:05 – 1:05 p.m. 2:15 – 2:20 p.m.
Welcome Break Lunch The Day in Review
Nickolous Ward Vu Nguyen
DOJ Chief Information Security Officer 1:05 – 1:45 p.m.
DOJ Deputy Chief Information Security Officer
U.S. Department of Justice 11:00 – 11:35 a.m. U.S. Department of Justice
Cybercrime and What Do CISOs Wrestle with Now?
Cybersecurity Trends Dr. Andy Ozment
10:05 – 10:40 a.m. Chief Technology Risk Officer
Federal Network Security and Paul Abbate Capital One
Deputy Director
CISA’s Efforts to Raise the Federal Federal Bureau of Investigation
Cybersecurity Baseline 1:45 – 2:15 p.m.
Eric Goldstein
11:35 a.m. – 12:05 p.m.
The State of Federal Mobility
Executive Assistant Director for Cybersecurity
Justice IT Service Offerings | Vincent Sritapan
Cybersecurity and Infrastructure Security Agency
Section Chief, Cybersecurity Quality
U.S. Department of Homeland Security Cybersecurity Services Services Management Office
Daphna Shai Cybersecurity and Infrastructure Security Agency
10:40 – 10:50 a.m.
Program Manager, Cybersecurity U.S. Department of Homeland Security
Shared Services
2021 DOJ Cybersecurity Symposium U.S. Department of Justice
Capture the Flag (CTF) Security
Challenge | Day 2 James Sheire
Branch Chief, Cybersecurity Quality
Vu Nguyen Services Management Office
DOJ Deputy Chief Information Security Officer Cybersecurity and Infrastructure Security Agency
U.S. Department of Justice U.S. Department of Homeland Security
Andre Gerard
Senior Manager, Community Operations
Synack
Jeremiah Roe
Solutions Architect and Red Team Expert
Synack
Note: The 12th Annual U.S. Department of Justice Cybersecurity Symposium is presented by the
DOJ OCIO Leadership Office of the Chief Information Officer. Agenda and schedule subject to change without notice.
6 12th Annual U.S. Department of Justice Cybersecurity Symposium May 4 - 6, 2021 | Office of the Chief information Officer 7
Agenda / DAY 3 / MAY 6
11:00 – 11:05 a.m. 1:40 – 2:15 p.m. 2:15 – 2:30 p.m. 2:30 – 2:35 p.m.
Welcome Open Discussion: Cyber Threats 2021 DOJ Cybersecurity Symposium The Day in Review | Thank you
Nickolous Ward to National Security and the Capture the Flag (CTF) Security Nickolous Ward
DOJ Chief Information Security Officer DOJ Response Challenge | Day 3 DOJ Chief Information Security Officer
U.S. Department of Justice U.S. Department of Justice
John C. Demers Melinda Rogers
Assistant Attorney General for National Security DOJ Deputy Assistant Attorney General and
11:05 – 11:45 a.m. U.S. Department of Justice Chief Information Officer
U.S. Department of Justice
Cybersecurity Risk MODERATOR:
Managements Melinda Rogers Vu Nguyen
DOJ Deputy Assistant Attorney General and DOJ Deputy Chief Information Security Officer
Jason Witty
Chief Information Officer U.S. Department of Justice
Global Chief Information Security Officer
U.S. Department of Justice
J.P. Morgan Chase Andre Gerard
Senior Manager, Community Operations
Synack
11:45 a.m. – 1:00 p.m.
Jeremiah Roe
Lunch Solutions Architect and Red Team Expert
Synack
1:00 – 1:40 p.m.
Zero Trust Security Designed
for a Pandemic
Chris “CJ” Johnson
Product Manager
Google
Note: The 12th Annual U.S. Department of Justice Cybersecurity Symposium is presented by the
DOJ OCIO Leadership Office of the Chief Information Officer. Agenda and schedule subject to change without notice.
8 12th Annual U.S. Department of Justice Cybersecurity Symposium May 4 - 6, 2021 | Office of the Chief information Officer 9
11:25 – 11:35 a.m.
2021 DOJ Cybersecurity Symposium Capture the Flag (CTF)
Presentations / DAY 1 / MAY 4 Security Challenge | Day 1
Nickolous Ward Andre Gerard Jeremiah Roe
DOJ Chief Information Security Officer Senior Manager Solutions Architect and
U.S. Department of Justice Community Operations Red Team Expert
9:15 – 9:55 a.m.
Synack Synack
Cybersecurity Priorities at the United States Office
of Management and Budget U.S. Department of Justice Symposium attendees who also registered to compete in the 2021 DOJ
CTF Security Challenge will engage in a friendly competition each day with other federal security
Chris DeRusha
Federal Chief Information Security Officer professionals to ethically hack simulated targets. Each has an exploitable weakness ready to be found,
United States Office of Management and Budget and the goal is to detect the most hidden codes. Simulations will be shared with participants at the
start of each day, including instructions and access. Each simulation features a different real-world
Learn about government-wide cybersecurity priorities and the United States Office of Management and challenge inherent to the ongoing cyber threat.
Budget’s strategic approach for implementing the Biden Administration’s cybersecurity objectives.
The 2021 DOJ CTF Security Challenge is open to all skill levels and provides an educational opportunity
to explore current vulnerabilities.
9:55 – 10:35 a.m.
Nation Cybersecurity Threats 1:00 – 1:40 p.m.
Kevin Mandia Executive Leadership Panel Discussion: Ensuring Cybersecurity
Chief Executive Officer
and Mission Success
FireEye, Inc.
MODERATOR: PANELISTS:
Recent cybersecurity breaches have affected many organizations, including the federal Janet Vogel Perryn B. Ashmore
Chief Information Security Officer Acting Chief Information Officer
government. Hear the perspective about current nation cybersecurity threats from a leading
U.S. Department of Health U.S. Department of Health and
cybersecurity company. and Human Services Human Services
Protecting the government from cyber threats and Keith A. Jones
10:45 – 11:25 a.m.
supporting highly productive business processes Chief Information Officer
Bringing an Ethical Hacker’s Approach to U.S. Department of State
are key to successful mission delivery. Hear from
Shaping Cyber Policy
leading government executives on how they balance
Dr. Mark Kuhr and Synack associates
keeping critical assets safe, while empowering John Sherman
Chief Technology Officer and Co-founder
Synack productivity that enables government agencies to Acting Chief Information Officer
deliver essential services to government entities as U.S. Department of Defense
Sophisticated and damaging cyberattacks in recent months, including SolarWinds, call for an well as serving the American citizen.
approach embracing an adversarial mindset. Several Hack the Pentagon programs illustrate
1:40 – 2:20 p.m.
success with this bold approach, and at least 22 federal agencies utilize some form of crowdsourced
Emerging Tech for Security at Scale
cybersecurity in which ethical hackers help find and fix vulnerabilities. Discover how this aggressive
Merritt Baer
approach hardens U.S. defenses and augments existing programs, and how Washington, D.C., can Principal Security Architect
borrow from the hackers’ handbook to truly protect itself and begin strengthening cyber defense for Global Accounts
across the U.S. government. Amazon Web Services
Emerging technologies, such as artificial intelligence, machine language, and quantum computing,
now play a vital role in today’s cybersecurity strategies. Discover the many opportunities for
applying emerging technologies in today and tomorrow’s foremost cybersecurity solutions.
10 12th Annual U.S. Department of Justice Cybersecurity Symposium May 4 - 6, 2021 | Office of the Chief information Officer 11
Presentations / DAY 2 / MAY 5
10:05 – 10:40 a.m. 11:35 a.m. – 12:05 p.m.
Federal Network Security and CISA’s Efforts to Justice IT Service Offerings | Cybersecurity Services
Raise the Federal Cybersecurity Baseline Daphna Shai
Eric Goldstein Program Manager, Cybersecurity Shared Services Program
Executive Assistant Director for Cybersecurity U.S. Department of Justice
Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security James Sheire
Branch Chief, Cybersecurity Quality Services Management Office
Find out how to defend against increasing cybersecurity threats, and learn about opportunities for Cybersecurity and Infrastructure Security Agency
collaboration to build a more secure and resilient infrastructure for the future. U.S. Department of Homeland Security
10:40 – 10:50 a.m.
Learn about DOJ's cybersecurity shared services provided to more than 30 U.S. government agencies.
2021 DOJ Cybersecurity Symposium Capture the Flag (CTF) Discover how DOJ provides protection against ever-evolving threats, reduces costs, and enables
agencies to leverage new security operating models, including zero trust. Also, hear about DOJ’s
Security Challenge | Day 2
partnership with the Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity
Vu Nguyen Andre Gerard Jeremiah Roe Quality Services Management Office (QSMO) as a verified cybersecurity marketplace provider.
DOJ Deputy Chief Information Security Officer Senior Manager Solutions Architect and
U.S. Department of Justice Community Operations Red Team Expert
Synack Synack 1:05 – 1:45 p.m.
What Do CISOs Wrestle with Now?
Symposium attendees who also registered to compete in the 2021 DOJ CTF Security Challenge
Dr. Andy Ozment
will engage in a friendly competition each day with other federal security professionals to ethically
Chief Technology Risk Officer
hack simulated targets. Each has an exploitable weakness ready to be found, and the goal is to Capital One
detect the most hidden codes.
Simulations will be shared with participants at the start of each day, including instructions and access. Explore several key cybersecurity issues that challenge today’s Chief Information Security Officer,
Each simulation features a different real-world challenge inherent to the ongoing cyber threat. including cloud infrastructure.
11:00 – 11:35 a.m. 1:45 – 1:45 p.m.
Cybercrime and Cybersecurity Trends The State of Federal Mobility
Paul Abbate Vincent Sritapan
Deputy Director Section Chief, Cybersecurity Quality Services Management Office
Federal Bureau of Investigation Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security
Learn what cybercrimes and cybersecurity trends currently challenge the Federal Bureau of
Investigation, and what information technology (IT) and cybersecurity professionals can do Learn about the focus areas and activities of the Federal Mobility Group, as chartered under
to protect DOJ and the federal government. the Federal Chief Information Security Officer Council. Hear about the overall state of federal
mobility, including essential metrics.
12 12th Annual U.S. Department of Justice Cybersecurity Symposium May 4 - 6, 2021 | Office of the Chief information Officer 13
Presentations / DAY 3 / MAY 6
11:05 – 11:45 a.m. 2:15 – 2:30 p.m.
Cybersecurity Risk Management 2021 DOJ Cybersecurity Symposium Capture the Flag (CTF)
Jason Witty Security Challenge | Day 3
Global Chief Information Security Officer Melinda Rogers
J.P. Morgan Chase DOJ Deputy Assistant Attorney General and
Chief Information Officer
J.P. Morgan Chase invests in its own cybersecurity, while collaborating with other financial sector U.S. Department of Justice
institutions and partners in the federal government, to combat cybercrime and reduce risk in the
Vu Nguyen
ongoing effort to protect the nation’s financial systems. DOJ Deputy Chief Information Security Officer
U.S. Department of Justice
1:05 – 1:40 p.m. Andre Gerard
Zero Trust Security Designed for a Pandemic Senior Manager, Community Operations
Synack
Chris “CJ” Johnson
Product Manager Jeremiah Roe
Google
Solutions Architect and Red Team Expert
Synack
Learn why virtual private network (VPN) concentrators may not be the right solution for
protecting a mobile workforce during the ongoing pandemic. Find out what alternatives are Symposium attendees who also registered to compete in the 2021 DOJ CTF Security
available and why they should be considered. Challenge will engage in a friendly competition each day with other federal security
professionals to ethically hack simulated targets. Each has an exploitable weakness ready to
be found, and the goal is to detect the most hidden codes.
1:40 – 2:15 p.m.
Open Discussion: Cyber Threats to National Security and Simulations will be shared with participants at the start of each day, including instructions and
the DOJ Response access. Each simulation features a different real-world challenge inherent to the ongoing
cyber threat.
John C. Demers
Assistant Attorney General for National Security
U.S. Department of Justice
Moderator:
Melinda Rogers
DOJ Deputy Assistant Attorney General and
Chief Information Officer
U.S. Department of Justice
Join an open discussion with the DOJ Assistant Attorney General for National Security moderated by
the DOJ CIO to examine the state of cyber threats to national security and how DOJ is responding.
14 12th Annual U.S. Department of Justice Cybersecurity Symposium May 4 - 6, 2021 | Office of the Chief information Officer 15
Biographies
Paul M. Abbate, Deputy Director, Federal Bureau From October 2013 to September 2015, Mr. Abbate for the FCC using low-code, cloud platforms, and has appeared in the journals of Georgetown, Santa
of Investigation (FBI) served as the special agent in charge of the Detroit services. He was responsible for citizen-facing Clara, Temple, University of Pennsylvania, and
Mr. Abbate was named Deputy Director in February Division, covering the state of Michigan. He applications and processes that were pivotal to FCC University of Virginia.
2021 and oversees all FBI domestic and international was appointed assistant director in charge of the operation and regulation. He also worked at the U.S. Ms. Baer is a graduate of Harvard Law School and
investigative and intelligence activities. Washington Field Office in September 2015, where Department of Veterans Affairs and at the General Harvard College. She is admitted to the Bars of New
he served until his appointment in December 2016 Services Administration, serving as Deputy CIO and York, the U.S. Court of Appeals for the Armed Forces,
He began his FBI career in March 1996 as a special as the executive assistant director for the Criminal, Chief Technology Officer.
agent assigned to the New York Field Office, where and the U.S. Supreme Court. She has been a member
Cyber, Response, and Services Branch, where he was His experience spans more than 30 years of federal of the Council on Foreign Relations, a National
he worked in the Criminal Division and served as a responsible for overseeing all FBI criminal and cyber
member of the SWAT Team. service and includes policy, procurement, human Security Fellow at the Center for New American
investigations worldwide, international operations, resources, and technology solutions, as well as hands- Security, and a Cyber Fellow at the East-West Institute.
In December 2003, Mr. Abbate transferred to the critical incident response, and victim assistance. on IT management. Ms. Baer is founder of the women’s technology expert
Counterterrorism Division at FBI Headquarters as a Mr. Abbate was named Associate Deputy Director of network Tech & Roses, and she is Adjunct Professor of
supervisory special agent in the Iraq Unit, overseeing Mr. Ashmore holds a Master of Science in Information
the FBI in February 2018, where he was responsible Systems from the George Washington University and Cybersecurity at the University of Maryland.
FBI counterterrorism operations and personnel for the management of all FBI personnel, budget,
deployments in Iraq. In October 2005, he deployed a Bachelor of Business Administration in Information
administration, and infrastructure. Systems from Georgia Southern University. He is John C. Demers, Assistant Attorney General for
to Iraq, serving as senior FBI liaison officer to the U.S.
a graduate of the Harvard Senior Executive Fellows National Security, U.S. Department of Justice (DOJ)
Department of Defense and leading a group of FBI
Perryn B. Ashmore, Acting Chief Information program and a veteran of the U.S. Air Force. Mr. Demers became Assistant Attorney General for
personnel conducting counterterrorism operations
Officer, U.S. Department of Health and Human National Security on February 22, 2018. He leads
in-theater.
Services (HHS) Merritt Baer, Principal, Office of the Chief DOJ’s efforts to combat national security related cyber-
From February 2006 to December 2009, Mr. Abbate Mr. Ashmore was appointed as the Acting Chief crime, terrorism, and espionage, to enforce export
Information Security Officer, Amazon Web
served as a supervisory special agent within the Information Officer (CIO) for HHS in September control and sanctions laws, to use the authorities of the
Services (AWS)
Newark Division’s Joint Terrorism Task Force. He 2019. He provides leadership and oversight of the Foreign Intelligence Surveillance Act, and to conduct
deployed to Afghanistan in February 2008, where he Ms. Baer provides technical cloud security guidance to
information technology (IT) systems and security complex, regulated organizations like the Fortune 100, national security review of foreign investments. He
served as FBI deputy on-scene commander, leading activities for the HHS workforce of more than 83,000. was selected to lead the Attorney General’s China
FBI counterterrorism and personnel in-theater. and advises the leadership of AWS’ largest customers
He leads HHS’ efforts to develop and implement on security as a bottom line proposition. She also Initiative in November 2018, which was put in place
Mr. Abbate returned to the Counterterrorism Division IT policies, managing high-priority projects, and helps build strategic initiatives for how AWS secures to counter the Peoples Republic of China’s persistent
in December 2009 as assistant section chief, providing planning strategic IT investments. Mr. Ashmore itself, running on AWS. and aggressive economic espionage, trade secret theft,
national-level oversight and guidance of all U.S.-based also provides leadership and oversight of HHS’ $6.3B hacking, and other related crimes.
international terrorism investigations. During this IT portfolio in support of its expansive mission to Ms. Baer has experience in all three branches of
government and the private sector. Previously, Before rejoining DOJ, Mr. Demers was Vice President
time, he was a member of a team that received the enhance the health and well-being of Americans. and Assistant General Counsel at The Boeing
Attorney General's Award for Exceptional Service. she served as Lead Cyber Advisor to the Federal
He joined HHS in July 2014, and has worked in Communications Commission (FCC) and also Company, where he held several senior positions,
Mr. Abbate reported to the Los Angeles Field Office in multiple capacities. Before becoming CIO, he served at the U.S. Department of Homeland Security including in Boeing Defense, Space, and Security,
July 2010, serving as assistant special agent in charge served as the Principal Deputy CIO and Customer (DHS), the Office of U.S. Senator Michael Bennet (D) and served as lead lawyer and head of international
for counterterrorism matters, overseeing the primary Experience Executive, as well as Executive Director of of Colorado, and the U.S. Court of Appeals for the government affairs for Boeing International.
branch of the Los Angeles Joint Terrorism Task Force. the Office of the Chief Information Officer's Office of Armed Forces. Before joining the government, Ms. From 2006 to 2009, Mr. Demers served on the first
In August 2011, Mr. Abbate again returned to the Operations. Previously, and most notably, he served Baer started a business advisory and legal practice, leadership team of the National Security Division, first
Counterterrorism Division, where he served as section in the Office of Human Resources and was responsible working with emerging technology companies. as Senior Counsel to the Assistant Attorney General,
chief, providing oversight of all FBI international for the successful implementation of Enterprise and then as Deputy Assistant Attorney General for the
Human Capital Management, the major upgrade of She speaks regularly on infosec, including cloud
terrorism investigations and counterterrorism computing, artificial intelligence and machine Office of Law and Policy. In addition, he has served
operations external to the United States. the HHS human resources management system. in the Office of Legal Counsel and the Office of the
learning, quantum computing, and the future of
Mr. Abbate was appointed special agent in charge Previously Mr. Ashmore worked for the Federal the Internet. Her insights on business strategy and Deputy Attorney General. From 2010 to 2017, he
of the Washington Field Office’s Counterterrorism Communications Commission (FCC) in the area technology have been published in Forbes, The taught national security law as an adjunct professor
Division in October 2012, when he also served as the of tailored platforms and data, where he led and Baltimore Sun, The Daily Beast, LawFare, Talking at the Georgetown University Law Center. Mr.
FBI on-scene commander in Libya. implemented an application modernization strategy Points Memo, and ThinkProgress. Her academic work Demers worked in private practice in Boston, and he
16 12th Annual U.S. Department of Justice Cybersecurity Symposium May 4 - 6, 2021 | Office of the Chief information Officer 17
Biographies (continued)
clerked for Associate Justice Antonin Scalia of the U.S. Eric Goldstein, Executive Assistant Director for Keith A. Jones, Chief Information Officer, U.S. platforms to protect banks and U.S. Department of
Supreme Court and Judge Diarmuid O’Scannlain of Cybersecurity, Cybersecurity and Infrastructure Department of State Defense (DoD) classified assets. Before co-founding
the U.S. Court of Appeals for the Ninth Circuit. Mr. Security Agency (CISA), U.S. Department of Mr. Jones was named Chief Information Officer Synack, Dr. Kuhr’s professional focus on cybersecurity
Demers graduated from Harvard Law School and the Homeland Security (DHS) (CIO) and the Assistant Secretary-level head of in both academia and government of more than nine
College of the Holy Cross. Mr. Goldstein became the Executive Assistant Director the Bureau of Information Resource Management years included serving at the National Security Agency
Chris DeRusha, Federal Chief Information Security for Cybersecurity for DHS' Cybersecurity and on January 20, 2021. He establishes technology (NSA) and the Defense Information Systems Agency
Officer, United States Office of Management and Infrastructure Security Agency (CISA) on February strategic direction and provides oversight for $2.4 (DISA). Dr. Kuhr received a Ph.D. in Computer
Budget (OMB) 19, 2021. He leads CISA’s mission to protect and billion of technology programs. Science from Auburn University under a DoD/
strengthen federal civilian agencies and the nation’s NSA-sponsored fellowship. He has published several
Mr. DeRusha became Federal Chief Information Mr. Jones previously spent more than 36 years in papers on enterprise cybersecurity and performed
Security Officer in January 2021. Previously, he served critical infrastructure against cyber threats. the federal government, having retired from the research under DoD contracts related to information
as the Chief Security Officer for the State of Michigan Previously, Mr. Goldstein was the Head of U.S. Department of Homeland Security (DHS), U.S. security, network analysis, and jam-resistant network
until becoming the Chief Information Security Officer Cybersecurity Policy, Strategy, and Regulation at Citizenship and Immigration Services (USCIS), in communication protocols.
for the Biden for President campaign in June 2020. Goldman Sachs, where he led a global team to improve October 2018, where he served as acting CIO and
Mr. DeRusha has extensive experience managing and mature the firm’s cybersecurity risk management Principal Deputy Chief Information Officer.
Kevin Mandia, Chief Executive Officer, FireEye
cybersecurity and critical infrastructure programs program. He served at CISA’s precursor agency, the After leaving DHS/USCIS, he became President and
and operations both in the public and private sectors. National Protection and Programs Directorate from Mr. Mandia has served as FireEye Chief Executive
CEO of the Edgewater Group (DC) and, in addition, Officer (CEO) since June 2016 and as a member of the
Mr. DeRusha led Ford Motor Company's Enterprise 2013 to 2017 in various roles, including Policy Advisor served as a principal consultant to Deep Water Point,
Vulnerability Management program and has more than for Federal Network Resilience, Branch Chief for FireEye Board of Directors since February 2016. He
LLC. Mr. Jones also served as a valued strategic previously served as FireEye President, from February
eight years of federal government experience working Cybersecurity Partnerships and Engagement, Senior advisor for the Government Technology and Services
both at OMB and the U.S. Department of Homeland Advisor to the Assistant Secretary for Cybersecurity, 2015 until his appointment as CEO. Mr. Mandia
Coalition, where he assisted large to small businesses joined FireEye as Senior Vice President and Chief
Security. He holds a Master’s in Security Studies from and Senior Counselor to the Under Secretary. by offering business strategies and acquisition
Columbia University and a Bachelor’s in Business Operating Officer in December 2013, when FireEye
At other points in his career, Mr. Goldstein practiced capabilities in support of government initiatives. acquired Mandiant, the company he founded in 2004.
Administration from James Madison University. cybersecurity law at an international law firm, led Mr. Jones formerly served as deputy executive Mr. Mandia grew Mandiant to nearly 500 employees
cybersecurity research and analysis projects at a director of the DHS Information Technology Services
Andre Gerard, Senior Manager, Community federally-funded research and development center, and more than $100 million in revenue. Mandiant was
Operations, Synack Office from 2008 to 2012, where he was responsible widely recognized as the leading provider of security
and served as a Fellow in Advanced Cyber Studies for the oversight and management of DHS-wide
Mr. Gerard leads multiple global programs for Synack. at the Center for Strategic and International Studies, incident management products and services before
infrastructure services, a $900 million-plus budget for acquisition and remains a core component of FireEye’s
He partners with employees at all levels to determine among other roles. service delivery to some 8,500 headquarters users.
what catalysts can elevate organizations to meet consulting business.
He is a graduate of the University of Illinois at Urbana- He also served as Deputy CIO at Immigration and
and exceed project and annual goals and energize Champaign, the Georgetown University School of He has spent more than 20 years in information security
team collaboration and communication in domestic Customs Enforcement (ICE), where he was the and has been on the front lines helping organizations
Public Policy, and Georgetown University Law Center. founder of the ICE Career Connections Mentoring
and international settings. Mr. Gerard’s experience respond to computer security breaches. Mr. Mandia
managing teams in the U.S. military, enterprise, Program launched in 2008, which provided an was the Director of Computer Forensics at Foundstone
Chris “CJ” Johnson, Product Manager, Google opportunity for both mentees and leaders across the
and start-up organizations also includes building (acquired by McAfee Corporation) from 2000 to 2003,
partnerships across multiple non-profit organizations. Mr. Johnson is responsible for regulated data security, agency an opportunity to enhance their careers and and he was the Director of Information Security for
His business, technical, and customer-centric leadership compliance, and security partnerships. He started leadership skills through the development of dynamic Sytex (later acquired by Lockheed Martin) from 1998
experience within community and operational spaces his first tech company at 16 years of age (with mentoring partnerships. to 2000.
has included delivering measurable transformations for another Googler), and he has taken two different Mr. Jones holds a Master of Public Administration
technology startups through growth and acquisition Mr. Mandia also was a U.S. Air Force Officer, serving as
Facebook and the United States Marine Corps. from American University.
to large companies. Before joining Google, Mr. a computer security officer in the 7th Communications
Mr. Gerard holds a Master of Science in Organizational Johnson designed microservice applications and the Group at the Pentagon, and a special agent in the U.S.
Leadership from Norwich University, a Master of Dr. Mark Kuhr, Chief Technology Officer and Air Force Office of Special Investigations (AFOSI). He
containerized application framework at a large software
Arts in Intelligence Studies from American Military Co-founder, Synack holds a Bachelor of Science in Computer Science from
company, serving as the chief architect. Mr. Johnson
University, and Bachelor of Arts in Humanities from also served as a firefighter in all ranks (from line Dr. Mark Kuhr co-founded Synack to provide Lafayette College and a Master of Science in Forensic
Florida State University. firefighter to Deputy Chief) in Colorado for 10 years. crowdsourced security and trusted hacker-powered Science from The George Washington University.
18 12th Annual U.S. Department of Justice Cybersecurity Symposium May 4 - 6, 2021 | Office of the Chief information Officer 19Biographies (continued)
Dr. Andy Ozment, Executive Vice President and from the London School of Economics. Dr. Ozment her achievements in deploying and managing industry, to ensure the IC would remain a leader.
Chief Technology Risk Officer, Capital One also holds a Bachelor of Science in Computer Science cybersecurity services across the federal government. Mr. Sherman served from 2014 through 2017 as the
Dr. Ozment leads the second line technology risk from Georgia Tech. Deputy Director of the Central Intelligence Agency’s
management organization for Capital One. James Sheire, Branch Chief, Cybersecurity Quality (CIA’s) Open Source Enterprise (OSE), where he
Jeremiah Roe, Solutions Architect and Services Management Office (Cyber QSMO), helped transform Open Source Intelligence, leveraging
He has worked in cybersecurity as an operator,
Red Team Expert, Synack Cybersecurity and Infrastructure Security Agency new technologies and interagency partnerships to
programmer, policymaker, and executive in both
Mr. Roe leads client implementation of federal and (CISA), U.S. Department of Homeland Security (DHS) enhance the growing OSE mission. He previously
government and the private sector. Previously Dr.
Ozment was the Chief Information Security Officer U.S. Department of Defense (DoD) solutions for Mr. Sheire directs the Cyber QSMO, which serves served for seven years in several senior executive
and a partner at Goldman Sachs from 2017 through Synack. His primary goal is to help organizations as the government marketplace of high-quality positions at the National Geospatial-Intelligence
mid-2020. He led a global team that ensured the combat digital dance moves that attackers portray cybersecurity services that align with federal Agency (NGA), where he led organizations involved in
firm was positioned to securely build cloud-native towards unsuspecting entities. Mr. Roe has more requirements while reducing costs. He previously analysis, collection, homeland security, organizational
applications and enter into new consumer markets, than nine years of hands-on experience that span a served as Division Director, Identity Assurance and strategy, and international affairs. Earlier, he served as
including the Apple credit card. wide range of complex disciplines, including network Trusted Access of the Office of Government-wide the Principal Deputy National Intelligence Officer for
penetration testing, Red Team operations, web Policy (OGP) at the General Services Administration Military Issues on the National Intelligence Council,
He also served as the Assistant Secretary for application testing, war gaming, and threat-modeling. (GSA); as a Senior Advisor at National Institute of and as a White House Situation Room duty officer.
Cybersecurity and Communications at the U.S. Standards and Technology (NIST), advancing the
Department of Homeland Security (DHS), where he Mr. Sherman holds a Master of Public Administration
Daphna Shai, Program Manager, Cybersecurity National Strategy for Trusted Identities in Cyberspace from the University of Houston and is a 1992
led a team of almost 700 employees that protected (NSTIC); and as a legislative aide to U.S. Senator
Shared Services Program, U.S. Department of Distinguished Military Graduate of Texas A&M
two million government users against cyberattacks Ron Wyden (D) of Oregon. He also worked in
Justice (DOJ) University where he commanded the Corps of Cadets
and helped the private sector protect itself. His team the information technology industry, managing
responded to dozens of incidents in the government Ms. Shai manages DOJ’s Justice IT Service and received a Bachelor of Arts in History. Following
Offerings | Cybersecurity Services, the DOJ portfolio cybersecurity government engagements for NXP his graduation from Texas A&M, he served as an
and private sector, such as the breaches of OPM and Semiconductors and Philips Electronics.
the 2015 Ukrainian power grid. His team also built of cybersecurity shared services provided to more Air Defense Officer in the 24th Infantry Division.
and operated a classified, government-wide intrusion than 30 U.S. government agencies in support of the He also is graduate of the DoD CAPSTONE
President’s Management Agenda. Ms. Shai oversees John Sherman, Acting Chief Information Officer, course, the “Leading the IC” course, and the CIA
prevention system and worked with federal agencies to
the development and operations of DOJ’s high-quality, U.S. Department of Defense (DoD) Director’s Seminar.
deploy endpoint monitoring solutions across millions
of government computers. cost-efficient cybersecurity services and capabilities, Mr. Sherman is a career member of the Senior
Mr. Sherman has been awarded the Distinguished and
including Security Operations, a designated shared Intelligence Service and became Acting Department
Before joining DHS, Dr. Ozment served at the Obama Meritorious Presidential Rank, the DIA Director’s
service by the Office of Management and Budget. of Defense Chief Information Officer (DoD CIO)
White House as the President’s Senior Director for Award, the CIA Intelligence Medal of Merit,
Her responsibilities include managing customer in January 2021, serving as the primary advisor
Cybersecurity, where he developed national policy the Secretary of Defense Medal for Meritorious
relationships and driving program growth. to the Secretary of Defense for Information
and coordinated federal cybersecurity efforts. He was Civilian Service, the NGA Meritorious Civilian
Ms. Shai was previously Deputy Assistant Director Management / Information Technology and
responsible for the development and implementation Service Medal, and the Canadian Chief of Defence
in the Service Delivery Staff of the Office of the Information Assurance, as well as non-intelligence
of the President’s Executive Order 13636 on Improving Intelligence Medallion.
Chief Information Officer (OCIO) at DOJ, where space systems; critical satellite communications,
Critical Infrastructure Cybersecurity. He then oversaw navigation, and timing programs; spectrum; and
the resulting development of the National Institute she oversaw the engineering, architecture, and Vincent Sritapan, Section Chief, Cybersecurity
operations for all DOJ public-facing websites and telecommunications.
of Standards and Technology (NIST) Cybersecurity Previously, he served as the Principal Deputy DoD Quality Services Management Office (Cyber QSMO),
Framework. the DOJ intranet. Cybersecurity and Infrastructure Security Agency
CIO from June 2020 to January 2021.
Ms. Shai holds a Masters of Science in Information (CISA), U.S. Department of Homeland Security (DHS)
Additionally, Dr. Ozment worked in cybersecurity and Before joining DoD CIO, Mr. Sherman served
engineering roles at the U.S. Department of Defense, Systems from George Mason University, and a Mr. Sritapan leads the development and delivery
Bachelor of Science from Case Western Reserve from 2017 through 2020 as the Intelligence of mobile security services and capabilities to help
MIT Lincoln Laboratory, Merrill Lynch, Georgia Tech, Community (IC) CIO, driving and coordinating
and Nortel Networks. University. She is a Certified Information Systems protect government networks. He leads CISA’s cross-
Security Professional (CISSP), and a Program IT modernization among 17 agencies. He led functional teams that are tackling emerging risks
While studying in the United Kingdom on a Marshall Management Professional (PMP). Ms. Shai received major advancements to the IC’s cloud computing, and developing cybersecurity services to address
Scholarship, Dr. Ozment earned a Ph.D. in Computer the FedHealthIT Leading for Impact: Women cybersecurity, and interoperability capabilities, and enterprise mobile challenges, including mobile device,
Science from the University of Cambridge after in Leadership Award at the 2020 conference for built long-term commitment to these priorities mobile application, and mobile network security.
earning a Master of Science in International Relations among stakeholders, both in government and
20 12th Annual U.S. Department of Justice Cybersecurity Symposium May 4 - 6, 2021 | Office of the Chief information Officer 21Biographies (continued)
He also leads CISA’s 5G Research and Development Medicare and Medicaid Services (CMS). She also including the City Temple of Baltimore Baptist, the and DDA channel fraud risk management. He led
(R&D) initiatives supporting CISA’s 5G Strategy. served as the Director for the Financial Management Madison Avenue Presbyterian Church (Baltimore), multiple classified and unclassified sector-wide
Mr. Sritapan also serves as a co-chair of the Federal Systems Group (FMSG) in the Office of Financial the Sharon Baptist Church (Washington, D.C.), the St. initiatives to upgrade the security posture for U.S.
Mobility Group, chartered under the Federal Chief Management at CMS, which operates, manages, and Peter Claver/St. Pius V Catholic Church (Baltimore), Critical National Infrastructure, including overseeing
Information Security Officer Council as a cross- maintains the major financial systems for CMS and as well as The Community Concert Choir of Baltimore creation of industry-wide products for destructive
agency forum to help drive strategy development related program integrity, provider enrollment and and The Olton Singing Society (Baltimore), among malware best practices and utilization of clearances
in mobility and to share information across federal enumeration, and electronic submission of medical others. Her support to ministries also has included St. within the financial sector.
departments and agencies. Additionally, he co-chairs documentation systems. In this role, Ms. Vogel led the John A.M.E. Church (Baltimore), where she was a Previously, Mr. Witty was the Senior Vice President
the Committee for National Security Systems’ software development, implementation, and technical member for more than 20 years, serving as director and Cyber Threat Prevention Services Executive at
Mobile and Wireless Security (CNSS) Working Group operation of the Healthcare Integrated General Ledger for the Ebony Male Chorus, Mass Choir, and the Bank of America. He was responsible for a team of
to address policy and directives for mobility in national Accounting System, a secure, integrated, Internet- Tots Choir. information security professionals spanning eight
security systems. based accounting system, through which CMS Ms. Williams also presents in recital at churches, countries who provided global information security
manages financial transactions. Additionally, her including This Is My Story: A Journey in Song and risk prevention and deterrence services.
Previously, he served six years as the Mobile Security experience includes directing data projects, such as
R&D Program Manager at DHS’ Science and Praise in 2016 at the Milford Mill United Methodist Mr. Witty is a certified Information Systems Security
the One PI, providing system maintenance of provider Church (Pikesville, Maryland). Additionally, she
Technology Directorate, where he led R&D efforts in enrollment and integrity systems, and implementing Management Professional (ISSMP), with more than 28
mobile security and helped accelerate the adoption presents in concert, including Ladies in Song by the years of experience on information risk management.
health insurance marketplace capabilities. President’s Scholarship Committee in October 2005
of secure mobile technologies for DHS, the U.S. His experience includes executive leadership,
government, and the global community. He also Ms. Vogel joined the HHS Office of the Secretary in at Copping State University. management and technical skills, and expansive
served multiple years in the DHS Office of the Chief 2018, with more than 25 years of experience which She attended Morgan State University (MSU) knowledge of risk management, as well as specializing
Information Security Officer as the Technical Lead includes implementing the Federal Shared System majoring in Music Education, where she studied in solutions for business and IT security challenges.
and Security Architect in the Information Security for human resources management (HR Connect) at vocal performance in the studio of Betty Malkus-
the U.S. Treasury; directing information technology Within industry, Mr. Witty serves as the Vice-Chair of
Architecture and Engineering Division. Ridgway and with the late Dr. Nathan M. Carter, the Analysis and Resilience Center for Systemic Risk
(IT) policy and implementing the fee-for-service Jr. Ms. Williams also was a soloist for the MSU
Mr. Sritapan holds a Master of Arts in National management of systems at the Federal Aviation (the ARC), as well as the Vice-Chair of the National
Security Studies and a Master of Business Choir, including MSU Choir tours in The Bahamas, Technology Security Coalition (NTSC). He also
Administration; and managing computer hardware, Bermuda, and across the United States.
Administration in Information Assurance and Security software, and support service acquisitions world-wide is a member of Security 50. He also served as the
Management from California State University, San for the Agency for International Development. Ms. Williams was presented an Honorary Doctorate Chair of the Financial Services Information Sharing
Bernardino, and a Bachelor of Science in Information in Sacred Music by the Eastern Theological Seminary, and Analysis Center (FS-ISAC) from 2014 to 2019,
Systems from California State University Northridge. She holds a Master of Arts in Political Science/Public and was an honoree of the 18th Annual Women in as well as the Sector Chief for Financial Services in
Administration and a Bachelor of Science in Business The Arts, sponsored by the Patapsco River Chapter the Federal Bureau of Information (FBI) Chicago's
He also is an alumnus of the National Science Administration, as well as additional IT course work at
Foundation CyberCorps Scholarship for Service and of The Links, Inc. Infragard program from 2013 to 2018. He has
Cornell University and the American University. further served on multiple public company advisory
the Office of the Director of National Intelligence's
Intelligence Community Scholar programs. Mr. Jason Witty, Global Chief Information Security boards, including Amgen Pharmaceuticals, Arbor
Dorothy Fleming Williams, Accessibility Specialist Officer, J.P. Morgan Chase (JPMC) Networks, Forcepoint, Kohl’s Department Stores,
Sritapan currently serves a direct commissioned officer and National Anthem Soloist, U.S. Department of
in Information Warfare in the U.S. Navy Reserve. Mr. Witty oversees approximately 3,300 employees Qualys, and VMWare.
Justice (DOJ)
in 24 countries, dedicated to managing JPMC's Mr. Witty holds a Bachelor of Science in Electrical
Ms. Williams ensures compliance with accessibility cybersecurity, technology risk management and Engineering Technology from Old Dominion
Janet Vogel, Chief Information Security Officer,
standards in the Disability Rights Section, Civil technology resiliency programs. He is a member of University.
U.S. Department of Health and Human Services Rights Division. In addition to her career at DOJ,
(HHS) JPMC’s Global Technology Operating Committee.
she supports multiple local ministries with her
Ms. Vogel initiates transformation projects related vocal performance talent, and performs the national Before joining JPMC, Mr. Witty was the Chief
to machine learning, authorization to operate, and anthem, as well as other musical tributes, at official Information Security Officer (CISO) at U.S.
cybersecurity reporting standardization. She was events of federal agencies. Bancorp, providing singular accountability for all
previously the Deputy Chief Information Officer information security controls in the company.
She is a member of and a soloist for multiple ministries
(DCIO) and Deputy Director for Operations for the in the Baltimore-Washington metropolitan area, He also had responsibility for enterprise-wide
Office of Information Technology for the Centers for customer authentication products as well as Internet
22 12th Annual U.S. Department of Justice Cybersecurity Symposium May 4 - 6, 2021 | Office of the Chief information Officer 23This symposium is presented by the Office of the Chief Information
Officer. Agenda and schedule subject to change without notice.
May 4 - 6, 2021
Robert F. Kennedy Department of Justice Building
950 Pennsylvania Avenue NW
Washington, D.C. 20530
U.S. Department of JusticeYou can also read
