IMPACT Agenda & Speaker Lineup

DAY 1 - Morning Sessions - April 25

The Rise of Insider Threats: Key Trends to Watch in 2022

Michael J. Orlando, Acting Director, National Counterintelligence & Security Center

MikeOrlando

The Rise of Insider Threats: Key Trends to Watch in 2022
8:00 – 8:45

“The risks to government and industry from insider threats are severe. These threats can take many forms, whether it’s a federal employee coopted by a foreign adversary to steal sensitive information or a corporate employee clicking on a spear-phishing link that infects their company’s networks,” according to NCSC Acting Director Michael Orlando. 

The insider threat is evolving and organizations need to evolve with it.  Mitigating insider threats is best done proactively—before something bad happens. 

In this scene-setting keynote address, Mr. Orlando will discuss the current state of the insider threat and key strategies to defend against threats to classified and sensitive information.

You Will Learn:

  • Conditions that contribute to insider threats
  • Strategies for spotting insider threats
  • Best practices for insider threat mitigation

The Growing Espionage Threat to U.S. Businesses

Bill Priestap, Founder, Trenchcoat Advisors, (former Asst. Director, Counterintelligence, FBI)

Trenchcoat Headshot Bill Priestap 2021 2

The Growing Espionage Threat to U.S. Businesses
8:45 – 9:30

As a former FBI assistant director of counterintelligence, Bill Priestap, is well-versed in the threats facing U.S. corporations from a host of bad actors including nation-state spy services tasked with obtaining a company’s vital intellectual property. 

Companies must determine all that needs protecting; anything that provides a business with a competitive edge may be targeted and exploited.  Spy services often look to employees as an entry point into a company.  Mitigating corporate espionage will chiefly depend on how well employees are trained in counterespionage. 

This presentation will address the tools, techniques and knowledge needed to safeguard your company’s secrets.

You Will Learn:

  • Prepare and assist employees being targeted
  • Identification of critical assets
  • Effective and practical countermeasures

Navigating the New Cybersecurity Threat Landscape

Mike Herrington, Section Chief, FBI Cyber Division

Herrington

Navigating the New Cybersecurity Threat Landscape 
10:30 – 11:30

The rapidly evolving national security landscape proves that cyber threat actors remain undeterred from seeking to damage the US defense posture through theft of critical defense information and technology and disruption of critical infrastructure that supports the defense community.

Chinese and Russian state-sponsored hackers have been regularly observed targeting U.S. classified information, sensitive technology and our national critical infrastructure and supply chains. The cyber threat from hostile nation-states—including China and Russia — calls for a new mode of collaboration and sharing with the private companies that are now on the front lines.

This presentation will examine emerging cyber threats and how to defend against them.

You Will Learn:

  • Cyber threats to watch in 2022
  • Key risk mitigation practices
  • Public/Private collaboration priorities

DCSA Industrial Security Program: Issues & Answers

Gus Greene, Director, Industrial Security, DCSA

Gus Greene

DCSA Industrial Security Program: Issues & Answers 
11:30 – 12:30

DCSA’s vision to change the way it oversees industrial security is being ramped up for 2022. The agency wants to move from a compliance-based “check the box” inspection mentality to one that prioritizes cleared industry’s most important technology first.  The agency is implementing a new methodology that is based on knowing the assets at each facility, analyzing threats to those assets, identifying vulnerabilities, and applying appropriate countermeasures. This new methodology couples NISPOM compliance with an intelligence-led, asset-focused, and threat-driven approach. Keeping up with changing requirements is critical to avoid security compliance issues and safeguard classified information.

You Will Learn:

  • Strategies for keeping your program in compliance
  • Industrial security program oversight priorities
  • New Security Rating Score model

DAY 1 - Afternoon Workshops - April 25

2 – 3:15pm

3:35 – 4:50pm

Cybersecurity Essentials for FSOs

Robby Ann Carter, CEO, SASSI and National Security Training Institute

Robby Ann Carter2

Cybersecurity Essentials for FSOs
2:00 – 3:15

In the modern workplace, there are many challenges that security teams need to be prepared for — whether it’s phishing, BYOD, IoT, the list is long.  Complicating matters? The growing use of unauthorized apps and the added obstacle of Shadow IT.  While today’s workforce is increasingly technology savvy, their understanding of the risks they introduce has not kept pace. Keeping your organization safe from cyber risk is everyone’s job, not just the IT Department. 

You Will Learn:

  • How to identify and mitigate the risk of Shadow IT
  • Actionable recommendations to address vulnerabilities
  • Cybersecurity awareness best practices

NISPPAC: 2022 Hot Button Issues

David Tender, SVP, Chief Security
Officer, ASRC Federal 

David Tender

NISPPAC: 2022 Hot Button Issues 
2:00 – 3:15

The National Industrial Security Program Policy Advisory Committee (NISPPAC), comprised of both Government and industry representatives, is responsible for recommending changes in industrial security policy. The group also advises the Information Security Oversight Office on all matters related to the National Industrial Security Program (NISP). In 2022 they’ll be working to create a new path forward on a number of security fronts.  Attend this workshop to find out what’s on the NISPPAC agenda and how you can help shape the future of the NISP.

You Will Learn:

  • Security policy changes on their radar
  • Risk based industrial security oversight
  • Industry engagement and top issues

Roadmap: Risk Mgmt Framework & eMASS

Jonathan Cofer, Senior Information Systems Security Professional, DCSA

Speaker2

Roadmap: Risk Management Framework & eMASS 
3:35 – 4:50

DCSA has adopted the NIST Risk Management Framework (RMF) standards as a common set of guidelines for the assessment and authorization of information systems to support contractors processing classified information. Information systems must be authorized prior to processing classified information.  All requests for authorizations or reauthorization must be submitted through eMASS.  This workshop will take you through the various steps to IS authorization and security plan approval.  Navigating the RMF process can be confusing so come prepared to learn.

You Will Learn:

  • Comprehensive RMF process walk through
  • How to complete required eMASS tasks
  • Key missteps to avoid

Improve Security Awareness With Good Marketing

Mitch Lawrence, CEO, Lawrence Solutions

Mitch Lawrence

Improve Security Awareness Using Marketing Techniques 
3:35 – 4:50

Security awareness and training is a critical element in the security practitioner’s toolbox that helps organizations respond better to security threats and prevent security robbing behaviors.  With just a few adjustments to how your organization plans, creates and manages awareness activities, it can build awareness campaigns that are more engaging and perform better. By adapting the techniques that marketing teams use to gauge their brand awareness and interactions with potential customers, your company or agency can get increased buy-in from employees and maximize your security awareness results.

You Will Learn:

  • Ways to increase security motivation
  • How to create effective messaging
  • Key marketing techniques you can leverage

DAY 2 - Morning Sessions - April 26

Defending Against Economic Espionage in the Digital Era

Alan E. Kohler, Jr., FBI Asst. Director, Counterintelligence Division

Alan Kohler, Jr

Defending Against Economic Espionage in the Digital Era
8:00 – 8:45

U.S. intelligence officials warn that the foreign spying threat is increasing in both scale and sophistication. Every day, U.S. government and defense contractors are targeted by hostile nations for espionage and theft, resulting in huge losses of national security information and technology secrets. Staying ahead of the threat requires constant vigilance.

Heading into 2022, we should expect nation-state actors to continue their multi-pronged espionage efforts against the United States. The FBI has over a 1,000 open cases of attempted theft of U.S. intellectual property, across a range of industries. The FBI estimates that Beijing steals $200 billion to $600 billion worth of military and economic secrets from the U.S. every year.

You Will Learn:

  • Paradigm shift in the threat landscape
  • Whole-of-society approach to counter threats
  • Spy tactics and exploitation methods

Counterterrorism: Examining the Evolving Threat Surface 

Geoffrey Fowler, NCTC’s Asst. Director, Office of IT Services

Fowler

Counterterrorism: Examining the Evolving Threat Surface
8:45 – 9:30 

Threats to U.S. national security will expand and diversify in 2022, with technology playing an increasing role. As the contemporary terrorist threat changes, it is being amplified by technological advances that are making extremist groups more connected, more resilient and more capable than ever before. 

Although we have become much more capable at detecting terror threats, our enemies are determined and ingenious. This session will examine current trends in counterterrorism along with the changing face of terrorism—both domestic and international.

You Will Learn:

  • Terrorism trends to watch in 2022
  • Changing nature of the threat
  • Risk mitigation strategies

Managing the Human Side of Cybersecurity Excellence 

Shayla Treadwell, Director, Cybersecurity-Organizational Psychologist, ECS Federal

Shayla Treadwell

Managing the Human Side of Cybersecurity
9:50 – 10:50 

Media reports on the cyber threat frequently cite high-profile, high-impact cyber attacks carried out by organized, sophisticated and deliberate cyber criminals. However, research shows that the everyday behavior of employees presents one of the greatest risks to your organization.  

While technical defenses are important, they have limited effect if they are undermined either intentionally or unintentionally by employees. A critical part of your security strategy must be to focus on the human element of your organization.   

You Will Learn:

  • Cyber behaviors that undermine security
  • Challenges of multi-generational workforce
  • Keys to creating a positive security culture

Clearance Vetting, Adjudication & Appeals 

Perry Russell-Hunter, Director, DOHA 


Russell Hunter2

Understanding Clearance Vetting, Adjudication & Appeals 
10:50 – 11:50

Several initiatives designed to bring the security clearance process out of the 20th century are actively underway or soon to be deployed. Everything from the type of security clearances themselves to the standards used to investigate and adjudicate clearance holders are evolving. 

Among the new process reforms are: continuous vetting of security clearance holders, reviewing existing standards used to establish trust with an employee or contractor and migrating from the five current investigative tiers to three.  Attend this session to see where clearance reforms are headed and how it impacts your organization.

You Will Learn:

  • Security clearance plans and reforms
  • Key goals and timelines for 2022 and beyond
  • Trends in adjudications and appeals

DAY 2 - Afternoon Workshops - April 26

1:30 – 2:45pm

3:05 – 4:20pm

How to Build an Effective Insider Threat Program

Dr. Shawn Murray, President, Murray Security Services 

Sean Murray2

How to Build an Effective Insider Threat Program 
1:30 – 2:45

Insider threats can come in many forms, and federal agencies and contractors should double down on continuous monitoring for early detection of individuals under pressure or stress, as well as misconduct, high-risk behaviors, and digital anomalies. There is a high probability the next attack on our government will come from a vetted, trusted insider — someone who doesn’t need to find the key to unlock our defenses because they are already inside. If there is any chance of preventing that eventuality, we need to continually evaluate and strengthen our insider threat programs and challenge our current assumptions and processes.

You Will Learn:

  • Steps to building an insider threat program
  • How to gain buy-in from key stakeholders
  • Lessons learned from the experts

Personnel Clearance Innovation: VROC & CAF

Charis Lyon, Division Chief, DCSA 
Michael Ray, DCSA
Tracy Thornton, DCSA

Charis Lyon

Personnel Clearance Innovation: VROC & CAF 
1:30 – 2:45

DCSA’s Vetting Risk Operations Center (VROC) has achieved a milestone in enrolling 100% of DoD cleared population  into its continuous vetting program. The VROC currently oversees personnel security within the National Industrial Security Program as well as Continuous Evaluation (CE) across the entire Department of Defense. 

Along with the DoD’s Consolidated Adjudication Facility, the VROC acts as the central nervous system for the security clearance process where initial applications pass through all phases of the vetting process to final eligibility approval at the CAF. Find  out how these two vital clearance processes intersect and how automation will improve quality and timeliness of clearance decisions.

You Will Learn:

  • Common VROC e-Qip reject reasons
  • Industry’s average timeliness trends
  • Clearance reciprocity initiatives

DCSA: Initiatives and Priorities for 2022

Michael Halter, Deputy Assistant Director, National Operations, Critical Technology Protection Directorate

Michael Halter

DCSA: Initiatives and Priorities for 2022 
3:05 – 4:20

The Defense Counterintelligence and Security Agency is now responsible for conducting 95% of the government’s background investigations.

DCSA is also rolling out improvements to the security clearance process; refining internal operations and IT systems; changing how it evaluates defense contractor security programs; updating requirements to better secure defense technology; adopting a risk-based approach to security; continuous vetting of cleared workers and much more.

Find out what’s in store for DCSA (and FSOs) in 2022 and how it will impact your security program.

You Will Learn:

  • New security requirements in the pipeline
  • Next phase of Trusted Workforce Initiative
  • Security policy changes and impacts

CUI Compliance: What You Need to Know Right Now

Curtis Chappell, Director, Corporate Security, Thales Defense & Security, Inc.

1.Curtis.Chappell HeadshotDC

Prepare for Implementing CUI Requirements 
3:05 – 4:20

Because there are fewer controls over Controlled Unclassified Information (CUI) as compared to classified information, CUI is the path of least resistance for adversaries. Loss of aggregated CUI is the one of the most significant risks to national security, directly affecting the protection and lethality of our warfighters. 

As a starting point for CUI oversight, DoD has elected to begin conducting assessments of major defense contractors that are contractually obligated to protect this information.  Learn about the CUI program, how it impacts you, and the steps you can take to be prepared for implementation in your organization.

You Will Learn:

  • Key elements of the CUI program
  • Update on agency implementation efforts
  • CUI best practices

DAY 3 - Final Sessions - April 27

Defending Against Growing Threats to Classified Networks

Molly Moore, Director Adversary Defeat, NSA Cybersecurity Directorate

UNCLASSIFIED//FOR OFFICIAL USE ONLY: Senior portrait Molly Moore mamoor8

Defending Against Growing Threats to Classified Networks
8:00 – 8:45

Cyber threats against classified Pentagon and defense industry computers are increasing in frequency, sophistication and impact, opening up to attack vast amounts of critical data that is housed on government IT systems. These threats often pose a greater threat than physical attacks on our nation and are incredibly difficult to identify. Each day, the Department of Defense, which protects our national security and terabytes of some of the country’s most sensitive data, thwarts more than 36 million email breach attempts. With new threats every day and criminals who regularly diversify their attacks, experts predict cyberattacks will get worse before getting better.

You Will Learn:

  • Top cyber threats for 2022
  • How adversaries are targeting defense networks
  • Intelligence sharing initiatives

Assessing China’s Cyber and Human Intelligence Gathering Activities

Mark Kelton, Frmr Dep. Director, Counterintelligence, CIA National Clandestine Service

Kelton
  • Assessing China’s Cyber and Human Intelligence
    8:45 – 9:45

The People’s Republic of China reportedly operates the single largest intelligencegathering apparatus in the world—and its growing appetite for secrets is seemingly insatiable. The Chinese Communist Party (CCP) openly has declared its intent to dominate high-tech industries across the world by 2025. Current and former intelligence officials say that no country — not even the Soviet Union at its peak — spies on the U.S. in such a comprehensive way as China now does. While other nations, including North Korea, Russia and Iran, have carried out sustained attacks on American computer networks, China stands in a class by itself. 

You Will Learn:

  • China’s evolving intelligence operations
  • Cyberespionage againsttheU.S.
  • PRC strategies to target, recruit and maintain contact

Insider Threat: Defending Against the Next Snowden

Steven Bay, Director of Threat Intelligence, Security On-Demand

Steven Bay, Snowden's Former NSA Boss, Headlines IEEE Computer Society's Cybersecurity Awareness Campaign with Talk on Edward Snowden

Defending Against the Next Snowden
10:05 – 10:50


Leadership Through Security: The Changing Role of the FSO

Lindy Kyzer, Director, ClearanceJobs

Kyzer2

Leadership Through Security: The Changing Role of the FSO
10:50 – 11:35

“Change is the only constant”—This time-worn phrase has special significance for security professionals in the National Industrial Security Program. We all know our role as FSO is constantly morphing as sweeping policy changes and technological advances now require us to wear many hats. The problem is these hats aren’t necessarily the ones we want to wear, or signed up to wear.  But to be successful in the new decade, FSOs must evolve into advisors, educators and business enablers who can communicate the value of security to both management and employees.  This session will show you how to adapt and thrive in this new environment.

You Will Learn:

  • FSOs new playbook for 2022
  • Best practices to become an effective leader
  • New tools you must add to your arsenal

Learn from the Best at IMPACT!

“Knowledgeable and passionate presenters. Great case studies which made the topics more ‘real’ and useful.”
Northrup Grumman
Ellen Bertuccelli
Northrop Grumman
“The speakers were excellent and really conveyed their knowledge effectively. Great topics with just the right amount of time for each. Can’t wait till next year!”
Fbi
Kelly Batchelder-Long
DOJ/FBI
“I’m an FSO for a small business. This forum consolidates experts from the government and industry who share their perspectives and ideas about security issues we face now and will face in the future.”
Kegman
Lisa Shoemaker
Kegman, Inc.
“NSI sets the bar again! Presenters were on topic, informative and approachable. Impact is a dynamic, interactive learning opportunity I recommend to all security practitioners. As a repeat attendee, I once again, leave better prepared for my day-to-day responsibilities. Spot on topics, informed presenters and networking opportunities make this my ‘Go To’ training year after year!”
Excivity, Blue Halo
Barbara Felker
Excivity, a Blue Halo company
“As always great seminar. My third consecutive attendance. Speakers were awesome and networking very successful.”
Harris Corp
David Cummings
Harris Corporation