2022 Impact Agenda & Speaker Lineup

Follow us on Twitter to stay up to date with IMPACT 

Morning Sessions - Monday, April 25, 2022

Senior Official U.S. Intelligence Community has been invited. 

The rapidly evolving national security landscape proves that cyber threat actors remain undeterred from seeking classified information and technology. From nation-state espionage to cyberattacks and insider threats, the security risks we face as a nation have never been greater or more diverse.  Cyber-attacks against government networks are growing more sophisticated, frequent and dynamic. The cyber threat from nation-states—including China and Russia — calls for a new mode of collaboration with the private companies that are now on the front lines.  In this scene-setting keynote address, find out what cyber threats are on the horizon for 2022 and how best to safeguard national security information. 

 Bill Priestap, Founder, Trenchcoat Advisors, LLC

As a former FBI assistant director of counterintelligence, Bill Priestap, is well-versed in the threats facing U.S. corporations from a host of bad actors including nation-state spy services tasked with obtaining a company’s vital intellectual property.  Companies must determine all that needs protecting; anything that provides a business with a competitive edge may be targeted and exploited.  Spy services often look to employees as an entry point into a company.  Mitigating corporate espionage will chiefly depend on how well employees are trained in counterespionage.  This presentation will address the tools, techniques and knowledge needed to safeguard your company’s secrets.

You Will Learn:

Prepare and assist employees being targeted
Identification of critical assets
Effective and practical countermeasures

Follow us on Twitter for special announcements and offers from this year’s expo participants.

Michael J. Orlando, Acting Director, National Counterintelligence & Security Center has been invited. 

The risks to government and industry from insider threats are severe. These threats can take many forms, whether it’s a federal employee co-opted by a foreign adversary to steal sensitive information or a corporate employee clicking on a spear-phishing link that infects their company’s networks.  Studies show that organizations with a positive work culture are better positioned to reduce insider threats.  This presentation will discuss the current state of federal and industry insider threat programs; resources for training; and strategies for developing a positive organizational culture in combating the insider threat.

You Will Learn:

  • Conditions that contribute to insider threats
  • Strategies for spotting insider threats
  • Best practices for insider threat mitigation

William Lietzau, Director, Defense Counterintelligence and Security Agency

The Defense Counterintelligence and Security Agency is now responsible for conducting 95% of the government’s background investigations. DCSA is also rolling out improvements to the security clearance process; refining internal operations and IT systems; changing how it evaluates defense contractor security programs; updating requirements to better secure defense technology; adopting a risk-based approach to security; continuous vetting of cleared workers and much more. Find out what’s in store for DCSA (and FSOs) in 2022 and how it will impact your security program.

You Will Learn:

  • New security requirements in the pipeline
  • Next phase of Trusted Workforce Initiative
  • Security policy changes and impacts

Afternoon Workshops - Monday, April 25, 2022

Robby Ann Carter, CEO, SASSI and NSTI 

In the modern workplace, there are many challenges that security teams need to be prepared for — whether it’s phishing, BYOD, IoT, the list is long.  Complicating matters? The growing use of unauthorized apps and the added obstacle of Shadow IT.  While today’s workforce is increasingly technology savvy, their understanding of the risks they introduce has not kept pace. Keeping your organization safe from cyber risk is everyone’s job, not just the IT Department. 

You Will Learn:

  • How to identify and mitigate the risk of Shadow IT
  • Actionable recommendations to address vulnerabilities
  • Cybersecurity awareness best practices

Karl Hellmann, Asst. Deputy Director, NAO, DCSA 

DCSA has adopted the NIST Risk Management Framework (RMF) standards as a common set of guidelines for the assessment and authorization of information systems to support contractors processing classified information. Information systems must be authorized prior to processing classified information.  All requests for authorizations or reauthorization must be submitted through eMASS.  This workshop will take you through the various steps to IS authorization and security plan approval.  Navigating the RMF process can be confusing so come prepared to learn.

You Will Learn:

  • Comprehensive RMF process walk through
  • How to complete required eMASS tasks
  • Key missteps to avoid

David Tender, Sr. VP, CSO, ASRC Federal 

The National Industrial Security Program Policy Advisory Committee (NISPPAC), comprised of both Government and industry representatives, is responsible for recommending changes in industrial security policy. The group also advises the Information Security Oversight Office on all matters related to the National Industrial Security Program (NISP). In 2022 they’ll be working to create a new path forward on a number of security fronts.  Attend this workshop to find out what’s on the NISPPAC agenda and how you can help shape the future of the NISP.

You Will Learn:

  • Security policy changes on their radar
  • Risk based industrial security oversight
  • Industry engagement and top issues

Mitch Lawrence, CEO, Lawrence Solutions

Security awareness and training is a critical element in the security practitioner’s toolbox that helps organizations respond better to security threats and prevent security robbing behaviors.  With just a few adjustments to how your organization plans, creates and manages awareness activities, it can build awareness campaigns that are more engaging and perform better. By adapting the techniques that marketing teams use to gauge their brand awareness and interactions with potential customers, your company or agency can get increased buy-in from employees and maximize your security awareness results.

You Will Learn:

  • Ways to increase security motivation
  • How to create effective messaging
  • Key marketing techniques you can leverage

Morning Sessions - Tuesday, April 26, 2022

Alan E. Kohler, Jr., FBI Asst. Diector, Counterintelligence Division has been invited. 

U.S. intelligence officials warn that the foreign spying threat is increasing in both scale and sophistication. Every day, U.S. government and defense contractors are targeted by hostile nations for espionage and theft, resulting in huge losses of national security information and technology secrets. Staying ahead of the threat requires constant vigilance. Heading into 2022, we should expect nation-state actors to continue their multi-pronged espionage efforts against the United States. The FBI has over a 1,000 open cases of attempted theft of U.S. intellectual property, across a range of industries. The FBI estimates that Beijing steals $200 billion to $600 billion worth of military and economic secrets from the U.S. every year.

You Will Learn:

  • Paradigm shift in the threat landscape
  • Whole-of-society approach to counter threats
  • Spy tactics and exploitation methods

Christy Abizaid, Director, National Counterterrorism Center has been invited. 

Threats to U.S. national security will expand and diversify in 2022, with technology playing an increasing role. As the contemporary terrorist threat changes, it is being amplified by technological advances that are making extremist groups more connected, more resilient and more capable than ever before. Although we have become much more capable at detecting terror threats, our enemies are determined and ingenious. This session will examine current trends in counterterrorism along with the changing face of terrorism—both domestic and international.

You Will Learn:

  • Terrorism trends to watch in 2022
  • Changing nature of the threat
  • Risk mitigation strategies

Follow us on Twitter to see which defense contractors, government agencies and military facilities will be represented this year.

Shayla Treadwell, Director, Cybersecurity-Organizational Psychologist, ECS Federal

Media reports on the cyber threat frequently cite high-profile, high-impact cyber attacks carried out by organized, sophisticated and deliberate cyber criminals. However, research shows that the everyday behavior of employees presents one of the greatest risks to your organization.  While technical defenses are important, they have limited effect if they are undermined either intentionally or unintentionally by employees. A critical part of your security strategy must be to focus on the human element of your organization.   

You Will Learn:

  • Cyber behaviors that undermine security
  • Challenges of multi-generational workforce
  • Keys to creating a positive security culture

Perry Russell-Hunter, Director, DOHA 

Several initiatives designed to bring the security clearance process out of the 20th century are actively underway or soon to be deployed. Everything from the type of security clearances themselves to the standards used to investigate and adjudicate clearance holders are evolving. Among the new process reforms are: continuous vetting of security clearance holders, reviewing existing standards used to establish trust with an employee or contractor and migrating from the five current investigative tiers to three.  Attend this session to see where clearance reforms are headed and how it impacts your organization.

You Will Learn:

  • Security clearance plans and reforms
  • Key goals and timelines for 2022 and beyond
  • Trends in adjudications and appeals

Afternoon Workshops - Tuesday, April 26, 2022

Dr. Shawn Murray, President, Murray Security Services 

Insider threats can come in many forms, and federal agencies and contractors should double down on continuous monitoring for early detection of individuals under pressure or stress, as well as misconduct, high-risk behaviors, and digital anomalies. There is a high probability the next attack on our government will come from a vetted, trusted insider — someone who doesn’t need to find the key to unlock our defenses because they are already inside. If there is any chance of preventing that eventuality, we need to continually evaluate and strengthen our insider threat programs and challenge our current assumptions and processes.

You Will Learn:

  • Steps to building an insider threat program
  • How to gain buy-in from key stakeholders
  • Lessons learned from the experts

Gus Greene, Director, Industrial Security, DCSA

DCSA’s vision to change the way it oversees industrial security is being ramped up for 2022. The agency wants to move from a compliance-based “check the box” inspection mentality to one that prioritizes cleared industry’s most important technology first.  The agency is implementing a new methodology that is based on knowing the assets at each facility, analyzing threats to those assets, identifying vulnerabilities, and applying appropriate countermeasures. This new methodology couples NISPOM compliance with an intelligence-led, asset-focused, and threat-driven approach. Keeping up with changing requirements is critical to avoid security compliance issues and safeguard classified information.

You Will Learn:

  • Strategies for keeping your program in compliance
  • Industrial security program oversight priorities
  • New Security Rating Score model

Heather Green, Dir. VROC, DCSA Vetting Directorate
Charis Lyon, Division Chief, DCSA 

DCSA’s Vetting Risk Operations Center (VROC) has achieved a milestone in enrolling 100% of DoD cleared population  into its continuous vetting program. The VROC currently oversees personnel security within the National Industrial Security Program as well as Continuous Evaluation (CE) across the entire Department of Defense.  Along with the DoD’s Consolidated Adjudication Facility, the VROC acts as the central nervous system for the security clearance process where initial applications pass through all phases of the vetting process to final eligibility approval at the CAF. Find  out how these two vital clearance processes intersect and how automation will improve quality and timeliness of clearance decisions.

You Will Learn:

  • Common VROC e-Qip reject reasons
  • Industry’s average timeliness trends
  • Clearance reciprocity initiatives

CUI Program Lead, Information Security Oversight Office

Because there are fewer controls over Controlled Unclassified Information (CUI) as compared to classified information, CUI is the path of least resistance for adversaries. Loss of aggregated CUI is the one of the most significant risks to national security, directly affecting the protection and lethality of our warfighters. As a starting point for CUI oversight, DoD has elected to begin conducting assessments of major defense contractors that are contractually obligated to protect this information.  Learn about the CUI program, how it impacts you, and the steps you can take to be prepared for implementation in your organization.

You Will Learn:

  • Key elements of the CUI program
  • Update on agency implementation efforts
  • CUI best practices

Morning Sessions - Wednesday, April 27, 2022

Senior IT official from Intelligence Community (Invited)

Cyber threats against classified Pentagon and defense industry computers are increasing in frequency, sophistication and impact, opening up to attack vast amounts of critical data that is housed on government IT systems. These threats often pose a greater threat than physical attacks on our nation and are incredibly difficult to identify. Each day, the Department of Defense, which protects our national security and terabytes of some of the country’s most sensitive data, thwarts more than 36 million email breach attempts. With new threats every day and criminals who regularly diversify their attacks, experts predict cyberattacks will get worse before getting better.

You Will Learn:

  • Top cyber threats for 2022
  • How adversaries are targeting defense networks
  • Intelligence sharing initiatives

Stacy Bostjanick, Director of CMMC Policy, DoD (Invited)

Supply chains have become the gift that keeps on giving for cyber spies and information thieves. Experts estimate losses up to $600 billion per year in the transfer of wealth, expertise and trade secrets. Adversaries and bad actors specifically target the defense industrial base, using the pilfered data to close capability gaps with the United States. A new DoD initiative aims to protect critical technology from cradle-to-grave by establishing security as the foundation of the acquisition process. In a bid to stem the loss of controlled, unclassified information, the Pentagon is rolling out the Cybersecurity Maturity Model Certification (CMMC) program to better protect defense data and networks.

You Will Learn:

  • Why supply chain risk belongs on your radar
  • All DoD contractors will require security certification
  • Expected timeline on implementing CMMC

Follow us on Twitter to see which defense contractors, government agencies and military facilities will be represented this year.

Mark A. Bradley, Director, Information Security Oversight Office has been invited. 

The National Industrial Security Program is undergoing significant changes in several key areas that will dictate future requirements for the protection of classified and controlled unclassified information. The Information Security Oversight Office (ISOO), which oversees the government-wide security classification system and the National Industrial Security Program, is at the forefront of these efforts. As changes to industrial security policy advance, security practitioners can take a number of steps now to address changing requirements and stay ahead of coming reforms. This timely presentation will bring you up to speed on key areas of government security that will affect the way you do your job. 

 You Will Learn:

  • CUI: Key implementation challenges
  • NISPOM policy revisions and updates
  • Security classification system issues

Evan Lesser, Co-Founder & Managing Director, Clearancejobs.com 

“Change is the only constant”—This time-worn phrase has special significance for security professionals in the National Industrial Security Program. We all know our role as FSO is constantly morphing as sweeping policy changes and technological advances now require us to wear many hats. The problem is these hats aren’t necessarily the ones we want to wear, or signed up to wear.  But to be successful in the new decade, FSOs must evolve into advisors, educators and business enablers who can communicate the value of security to both management and employees.  This session will show you how to adapt and thrive in this new environment.

You Will Learn:

  • FSOs new playbook for 2022
  • Best practices to become an effective leader
  • New tools you must add to your arsenal
“Knowledgeable and passionate presenters. Great case studies which made the topics more ‘real’ and useful.”
Ellen Bertuccelli
Northrop Grumman

Seats for 2022 are Filling Fast!

Follow us on Twitter to stay up to date with IMPACT 2022 speakers and sessions as they are announced

“NSI sets the bar again! Presenters were on topic, informative and approachable. Impact is a dynamic, interactive learning opportunity I recommend to all security practitioners. As a repeat attendee, I once again, leave better prepared for my day-to-day responsibilities. Spot on topics, informed presenters and networking opportunities make this my ‘Go To’ training year after year!”
Barbara Felker
Excivity, a Blue Halo company
“As always great seminar. My third consecutive attendance. Speakers were awesome and networking very successful.”
David Cummings
Harris Corporation
“I’m an FSO for a small business. This forum consolidates experts from the government and industry who share their perspectives and ideas about security issues we face now and will face in the future.”
Lisa Shoemaker
Kegman, Inc.
“The speakers were excellent and really conveyed their knowledge effectively. Great topics with just the right amount of time for each. Can’t wait till next year!”
Kelly Batchelder-Long
DOJ/FBI