IMPACT Agenda & Speaker Lineup
DAY 1 - Morning Sessions - April 25
The Rise of Insider Threats: Key Trends to Watch in 2022
Michael J. Orlando, Acting Director, National Counterintelligence & Security Center
The Rise of Insider Threats: Key Trends to Watch in 2022
8:00 – 8:45
“The risks to government and industry from insider threats are severe. These threats can take many forms, whether it’s a federal employee coopted by a foreign adversary to steal sensitive information or a corporate employee clicking on a spear-phishing link that infects their company’s networks,” according to NCSC Acting Director Michael Orlando.
The insider threat is evolving and organizations need to evolve with it. Mitigating insider threats is best done proactively—before something bad happens.
In this scene-setting keynote address, Mr. Orlando will discuss the current state of the insider threat and key strategies to defend against threats to classified and sensitive information.
You Will Learn:
- Conditions that contribute to insider threats
- Strategies for spotting insider threats
- Best practices for insider threat mitigation
The Growing Espionage Threat to U.S. Businesses
Bill Priestap, Founder, Trenchcoat Advisors, (former Asst. Director, Counterintelligence, FBI)
The Growing Espionage Threat to U.S. Businesses
8:45 – 9:30
As a former FBI assistant director of counterintelligence, Bill Priestap, is well-versed in the threats facing U.S. corporations from a host of bad actors including nation-state spy services tasked with obtaining a company’s vital intellectual property.
Companies must determine all that needs protecting; anything that provides a business with a competitive edge may be targeted and exploited. Spy services often look to employees as an entry point into a company. Mitigating corporate espionage will chiefly depend on how well employees are trained in counterespionage.
This presentation will address the tools, techniques and knowledge needed to safeguard your company’s secrets.
You Will Learn:
- Prepare and assist employees being targeted
- Identification of critical assets
- Effective and practical countermeasures
Navigating the New Cybersecurity Threat Landscape
Mike Herrington, Section Chief, FBI Cyber Division
Navigating the New Cybersecurity Threat Landscape
10:30 – 11:30
The rapidly evolving national security landscape proves that cyber threat actors remain undeterred from seeking to damage the US defense posture through theft of critical defense information and technology and disruption of critical infrastructure that supports the defense community.
Chinese and Russian state-sponsored hackers have been regularly observed targeting U.S. classified information, sensitive technology and our national critical infrastructure and supply chains. The cyber threat from hostile nation-states—including China and Russia — calls for a new mode of collaboration and sharing with the private companies that are now on the front lines.
This presentation will examine emerging cyber threats and how to defend against them.
You Will Learn:
- Cyber threats to watch in 2022
- Key risk mitigation practices
- Public/Private collaboration priorities
DCSA Industrial Security Program: Issues & Answers
Gus Greene, Director, Industrial Security, DCSA
DCSA Industrial Security Program: Issues & Answers
11:30 – 12:30
DCSA’s vision to change the way it oversees industrial security is being ramped up for 2022. The agency wants to move from a compliance-based “check the box” inspection mentality to one that prioritizes cleared industry’s most important technology first. The agency is implementing a new methodology that is based on knowing the assets at each facility, analyzing threats to those assets, identifying vulnerabilities, and applying appropriate countermeasures. This new methodology couples NISPOM compliance with an intelligence-led, asset-focused, and threat-driven approach. Keeping up with changing requirements is critical to avoid security compliance issues and safeguard classified information.
You Will Learn:
- Strategies for keeping your program in compliance
- Industrial security program oversight priorities
- New Security Rating Score model
DAY 1 - Afternoon Workshops - April 25
2 – 3:15pm
3:35 – 4:50pm
Cybersecurity Essentials for FSOs
Robby Ann Carter, CEO, SASSI and National Security Training Institute
Cybersecurity Essentials for FSOs
2:00 – 3:15
In the modern workplace, there are many challenges that security teams need to be prepared for — whether it’s phishing, BYOD, IoT, the list is long. Complicating matters? The growing use of unauthorized apps and the added obstacle of Shadow IT. While today’s workforce is increasingly technology savvy, their understanding of the risks they introduce has not kept pace. Keeping your organization safe from cyber risk is everyone’s job, not just the IT Department.
You Will Learn:
- How to identify and mitigate the risk of Shadow IT
- Actionable recommendations to address vulnerabilities
- Cybersecurity awareness best practices
NISPPAC: 2022 Hot Button Issues
David Tender, SVP, Chief Security
Officer, ASRC Federal
NISPPAC: 2022 Hot Button Issues
2:00 – 3:15
The National Industrial Security Program Policy Advisory Committee (NISPPAC), comprised of both Government and industry representatives, is responsible for recommending changes in industrial security policy. The group also advises the Information Security Oversight Office on all matters related to the National Industrial Security Program (NISP). In 2022 they’ll be working to create a new path forward on a number of security fronts. Attend this workshop to find out what’s on the NISPPAC agenda and how you can help shape the future of the NISP.
You Will Learn:
- Security policy changes on their radar
- Risk based industrial security oversight
- Industry engagement and top issues
Roadmap: Risk Mgmt Framework & eMASS
Jonathan Cofer, Senior Information Systems Security Professional, DCSA
Roadmap: Risk Management Framework & eMASS
3:35 – 4:50
DCSA has adopted the NIST Risk Management Framework (RMF) standards as a common set of guidelines for the assessment and authorization of information systems to support contractors processing classified information. Information systems must be authorized prior to processing classified information. All requests for authorizations or reauthorization must be submitted through eMASS. This workshop will take you through the various steps to IS authorization and security plan approval. Navigating the RMF process can be confusing so come prepared to learn.
You Will Learn:
- Comprehensive RMF process walk through
- How to complete required eMASS tasks
- Key missteps to avoid
Improve Security Awareness With Good Marketing
Mitch Lawrence, CEO, Lawrence Solutions
Improve Security Awareness Using Marketing Techniques
3:35 – 4:50
Security awareness and training is a critical element in the security practitioner’s toolbox that helps organizations respond better to security threats and prevent security robbing behaviors. With just a few adjustments to how your organization plans, creates and manages awareness activities, it can build awareness campaigns that are more engaging and perform better. By adapting the techniques that marketing teams use to gauge their brand awareness and interactions with potential customers, your company or agency can get increased buy-in from employees and maximize your security awareness results.
You Will Learn:
- Ways to increase security motivation
- How to create effective messaging
- Key marketing techniques you can leverage
DAY 2 - Morning Sessions - April 26
Defending Against Economic Espionage in the Digital Era
Alan E. Kohler, Jr., FBI Asst. Director, Counterintelligence Division
Defending Against Economic Espionage in the Digital Era
8:00 – 8:45
U.S. intelligence officials warn that the foreign spying threat is increasing in both scale and sophistication. Every day, U.S. government and defense contractors are targeted by hostile nations for espionage and theft, resulting in huge losses of national security information and technology secrets. Staying ahead of the threat requires constant vigilance.
Heading into 2022, we should expect nation-state actors to continue their multi-pronged espionage efforts against the United States. The FBI has over a 1,000 open cases of attempted theft of U.S. intellectual property, across a range of industries. The FBI estimates that Beijing steals $200 billion to $600 billion worth of military and economic secrets from the U.S. every year.
You Will Learn:
- Paradigm shift in the threat landscape
- Whole-of-society approach to counter threats
- Spy tactics and exploitation methods
Counterterrorism: Examining the Evolving Threat Surface
Geoffrey Fowler, NCTC’s Asst. Director, Office of IT Services
Counterterrorism: Examining the Evolving Threat Surface
8:45 – 9:30
Threats to U.S. national security will expand and diversify in 2022, with technology playing an increasing role. As the contemporary terrorist threat changes, it is being amplified by technological advances that are making extremist groups more connected, more resilient and more capable than ever before.
Although we have become much more capable at detecting terror threats, our enemies are determined and ingenious. This session will examine current trends in counterterrorism along with the changing face of terrorism—both domestic and international.
You Will Learn:
- Terrorism trends to watch in 2022
- Changing nature of the threat
- Risk mitigation strategies
Managing the Human Side of Cybersecurity Excellence
Shayla Treadwell, Director, Cybersecurity-Organizational Psychologist, ECS Federal
Managing the Human Side of Cybersecurity
9:50 – 10:50
Media reports on the cyber threat frequently cite high-profile, high-impact cyber attacks carried out by organized, sophisticated and deliberate cyber criminals. However, research shows that the everyday behavior of employees presents one of the greatest risks to your organization.
While technical defenses are important, they have limited effect if they are undermined either intentionally or unintentionally by employees. A critical part of your security strategy must be to focus on the human element of your organization.
You Will Learn:
- Cyber behaviors that undermine security
- Challenges of multi-generational workforce
- Keys to creating a positive security culture
Clearance Vetting, Adjudication & Appeals
Perry Russell-Hunter, Director, DOHA
Understanding Clearance Vetting, Adjudication & Appeals
10:50 – 11:50
Several initiatives designed to bring the security clearance process out of the 20th century are actively underway or soon to be deployed. Everything from the type of security clearances themselves to the standards used to investigate and adjudicate clearance holders are evolving.
Among the new process reforms are: continuous vetting of security clearance holders, reviewing existing standards used to establish trust with an employee or contractor and migrating from the five current investigative tiers to three. Attend this session to see where clearance reforms are headed and how it impacts your organization.
You Will Learn:
- Security clearance plans and reforms
- Key goals and timelines for 2022 and beyond
- Trends in adjudications and appeals
DAY 2 - Afternoon Workshops - April 26
1:30 – 2:45pm
3:05 – 4:20pm
How to Build an Effective Insider Threat Program
Dr. Shawn Murray, President, Murray Security Services
How to Build an Effective Insider Threat Program
1:30 – 2:45
Insider threats can come in many forms, and federal agencies and contractors should double down on continuous monitoring for early detection of individuals under pressure or stress, as well as misconduct, high-risk behaviors, and digital anomalies. There is a high probability the next attack on our government will come from a vetted, trusted insider — someone who doesn’t need to find the key to unlock our defenses because they are already inside. If there is any chance of preventing that eventuality, we need to continually evaluate and strengthen our insider threat programs and challenge our current assumptions and processes.
You Will Learn:
- Steps to building an insider threat program
- How to gain buy-in from key stakeholders
- Lessons learned from the experts
Personnel Clearance Innovation: VROC & CAF
Charis Lyon, Division Chief, DCSA
Michael Ray, DCSA
Tracy Thornton, DCSA
Personnel Clearance Innovation: VROC & CAF
1:30 – 2:45
DCSA’s Vetting Risk Operations Center (VROC) has achieved a milestone in enrolling 100% of DoD cleared population into its continuous vetting program. The VROC currently oversees personnel security within the National Industrial Security Program as well as Continuous Evaluation (CE) across the entire Department of Defense.
Along with the DoD’s Consolidated Adjudication Facility, the VROC acts as the central nervous system for the security clearance process where initial applications pass through all phases of the vetting process to final eligibility approval at the CAF. Find out how these two vital clearance processes intersect and how automation will improve quality and timeliness of clearance decisions.
You Will Learn:
- Common VROC e-Qip reject reasons
- Industry’s average timeliness trends
- Clearance reciprocity initiatives
DCSA: Initiatives and Priorities for 2022
Michael Halter, Deputy Assistant Director, National Operations, Critical Technology Protection Directorate
DCSA: Initiatives and Priorities for 2022
3:05 – 4:20
The Defense Counterintelligence and Security Agency is now responsible for conducting 95% of the government’s background investigations.
DCSA is also rolling out improvements to the security clearance process; refining internal operations and IT systems; changing how it evaluates defense contractor security programs; updating requirements to better secure defense technology; adopting a risk-based approach to security; continuous vetting of cleared workers and much more.
Find out what’s in store for DCSA (and FSOs) in 2022 and how it will impact your security program.
You Will Learn:
- New security requirements in the pipeline
- Next phase of Trusted Workforce Initiative
- Security policy changes and impacts
CUI Compliance: What You Need to Know Right Now
Curtis Chappell, Director, Corporate Security, Thales Defense & Security, Inc.
Prepare for Implementing CUI Requirements
3:05 – 4:20
Because there are fewer controls over Controlled Unclassified Information (CUI) as compared to classified information, CUI is the path of least resistance for adversaries. Loss of aggregated CUI is the one of the most significant risks to national security, directly affecting the protection and lethality of our warfighters.
As a starting point for CUI oversight, DoD has elected to begin conducting assessments of major defense contractors that are contractually obligated to protect this information. Learn about the CUI program, how it impacts you, and the steps you can take to be prepared for implementation in your organization.
You Will Learn:
- Key elements of the CUI program
- Update on agency implementation efforts
- CUI best practices
DAY 3 - Final Sessions - April 27
Defending Against Growing Threats to Classified Networks
Molly Moore, Director Adversary Defeat, NSA Cybersecurity Directorate
Defending Against Growing Threats to Classified Networks
8:00 – 8:45
Cyber threats against classified Pentagon and defense industry computers are increasing in frequency, sophistication and impact, opening up to attack vast amounts of critical data that is housed on government IT systems. These threats often pose a greater threat than physical attacks on our nation and are incredibly difficult to identify. Each day, the Department of Defense, which protects our national security and terabytes of some of the country’s most sensitive data, thwarts more than 36 million email breach attempts. With new threats every day and criminals who regularly diversify their attacks, experts predict cyberattacks will get worse before getting better.
You Will Learn:
- Top cyber threats for 2022
- How adversaries are targeting defense networks
- Intelligence sharing initiatives
Assessing China’s Cyber and Human Intelligence Gathering Activities
Mark Kelton, Frmr Dep. Director, Counterintelligence, CIA National Clandestine Service
- Assessing China’s Cyber and Human Intelligence
8:45 – 9:45
The People’s Republic of China reportedly operates the single largest intelligencegathering apparatus in the world—and its growing appetite for secrets is seemingly insatiable. The Chinese Communist Party (CCP) openly has declared its intent to dominate high-tech industries across the world by 2025. Current and former intelligence officials say that no country — not even the Soviet Union at its peak — spies on the U.S. in such a comprehensive way as China now does. While other nations, including North Korea, Russia and Iran, have carried out sustained attacks on American computer networks, China stands in a class by itself.
You Will Learn:
- China’s evolving intelligence operations
- Cyberespionage againsttheU.S.
- PRC strategies to target, recruit and maintain contact
Insider Threat: Defending Against the Next Snowden
Steven Bay, Director of Threat Intelligence, Security On-Demand
Defending Against the Next Snowden
10:05 – 10:50
Leadership Through Security: The Changing Role of the FSO
Lindy Kyzer, Director, ClearanceJobs
Leadership Through Security: The Changing Role of the FSO
10:50 – 11:35
“Change is the only constant”—This time-worn phrase has special significance for security professionals in the National Industrial Security Program. We all know our role as FSO is constantly morphing as sweeping policy changes and technological advances now require us to wear many hats. The problem is these hats aren’t necessarily the ones we want to wear, or signed up to wear. But to be successful in the new decade, FSOs must evolve into advisors, educators and business enablers who can communicate the value of security to both management and employees. This session will show you how to adapt and thrive in this new environment.
You Will Learn:
- FSOs new playbook for 2022
- Best practices to become an effective leader
- New tools you must add to your arsenal