Share this:

Cyber Resilience Summit: The Crossroads of IT Modernization and Cybersecurity

October 16, 2018


TOPIC: Reducing Modernization Risk through Compliance to Software and Risk Management Standards


HOSTED BY: Consortium for IT Software Quality™ (CISQ™) in cooperation with the Object Management Group® (OMG®) and IT Acquisition Advisory Council (IT-AAC)


REGISTRATION: Admission is complimentary for government employees and elected officials, not-for-profit organizations, and universities. An industry pass is $250. Admission includes lunch and a refreshment break. Thank you for supporting this public service event. Register online here. Note: If eligible for a complimentary pass, select “Special” under Payment Type and enter CISQGOVF18 in Discount Code field. For a media pass, enter CISQPRF18.





The 6th semiannual Cyber Resilience Summit: The Crossroads of Modernization and Cybersecurity returns to Arlington, VA in October. The program focuses on standards and best practices for measuring risk and quality in IT-intensive programs from the standpoint of productivity, software assurance, overall quality and system/mission risk. Discussions expose proven methods and tools of incorporating such standard quality metrics into the IT software development, sustainment and acquisition processes.


Our message to attendees: This is a unique opportunity to get this right for the next twenty years. You are deploying the “legacy systems of tomorrow” and need sustainable outcomes.





8:00 Welcome to the Cyber Resilience Summit

Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)

John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)

8:15 Titans of Cyber: Critical Success Factors for Modernizing and Securing Government IT

Lead: John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)


Federal IT leaders brief on priorities, policy and plans for modernizing and securing government IT, building momentum from the “forcing functions” of the Federal IT Acquisition Reform Act (FITARA), Executive Order 13800 for Cybersecurity, Modernizing Government Technology (MGT) Act, and the President’s Management Agenda.


Titans of Cyber speakers:

  • Jeanette Manfra, Assistant Secretary for Cybersecurity and Communications, National Protection and Programs Directorate, U.S. Department of Homeland Security  – confirming
  • Mark Hakun, Deputy Chief Information Officer, National Security Agency
  • Scott Tousley, Deputy Director, Cyber Security Division, U.S. Department of Homeland Security Science and Technology Directorate
  • Susan Dorr, Director of Cybersecurity Division, Office of the Director of National Intelligence
  • Mark Kneidinger, Deputy Director, National Risk Management Center, U.S. Department of Homeland Security – confirming
9:30 Trustworthy Systems Manifesto from CISQ

Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)


As businesses and governments automate more of their business and mission processes, the risk to which Information Technology (IT) exposes the organization grows dramatically. In an era of 9-digit defects (IT incidents with damages over $100,000,000), senior executives outside IT are held accountable and some have lost their jobs.


CISQ will brief on cyber risk measurement standards and then introduce a Trustworthy Systems Manifesto. The Manifesto contains a set of principles that senior business and public executives should hold IT accountable for implementing to ensure the systems to which they have entrusted the business or mission are trustworthy. A trustworthy system is one that is secure from unauthorized users and actions, reliable in its performance, resilient to unexpected conditions, and accurate in its computations.


 10:15 Break & Networking
 10:30 Supply Chain Risk Management (SCRM) Gets Legislative Attention

Lead: Joe Jarzombek, Director for Government, Defense and Aerospace Programs, Synopsys and Board Member, Consortium for IT Software Quality (CISQ)


Software supply chain assurance is finally en vogue. The Pentagon is evaluating how to insert security metrics into the acquisition process to measure cyber risk on the same scale as cost, schedule, and performance. The phrase “shift left” from software development circles applies here, referring to the practice of mitigating risk earlier in the system lifecycle to avoid costly, compounded technical debt and unacceptable levels of risk from vulnerabilities and compromise. This panel will discuss the latest developments, best practices, and standards of practice for SCRM.



  • Christopher Nissen, Director, Assymetric Threat Response, MITRE; Co-author of Deliver Uncompromised: A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War
  • Don Davidson, Deputy Director, Cybersecurity Risk Management (+ Chief of SCRM Division), Office of the Deputy DoD-CIO for Cybersecurity
  • Dr. Allan Friedman, Director, Cybersecurity Initiatives, National Telecommunications and Information Administration, U.S. Department of Commerce
  • Shon Lyublanovits, Senior Advisor for Cybersecurity, GSA
 11:30 Continuous Diagnostics and Mitigation (CDM) Moves to Phase 4

Kevin Cox, Program Manager, CDM, U.S. Department of Homeland Security – confirming


One of the biggest cybersecurity programs in the U.S. Federal Government is Continuous Diagnostics and Mitigation (CDM) at the Department of Homeland Security. This panel will discuss the CDM roadmap and phase 4 of the program which targets protection of data and the application stack. Speakers will join from agencies successfully deploying CDM.


12:15 Lunch and keynote
1:15 Regulators Roundtable: Best Practices in Cyber Policy for Industry


Cybersecurity challenges are not unique to government. This cross-industry panel will discuss how risk is measured and how policy is set and implemented in sectors outside of government, including financial services, healthcare, and utilities. What can we learn from each other? How do we strike the right balance?



  • Chris Hetner, Senior Cybersecurity Advisor to the Chairman, SEC – confirming
  • Bethany Dugan, Deputy Comptroller for Operational Risk, Office of the Comptroller of the Currency
  • Seth Carmody, Cybersecurity Program Manager, U.S. Food and Drug Administration
  • Donald Saxinger, Senior Examination Specialist, IT Supervision Brand, Division of Risk Management Supervision, FDIC – confirming
 2:15 Innovative Methods for Producing Cybersecure Software

Lead: Girish Seshagiri, EVP and CTO, ISHPI Information Technologies and Board Member, Consortium for IT Software Quality (CISQ)


The IT standards community is driving initiatives to automate cyber risk measurement and cyber threat modeling. In tandem, workforce development is critical to meeting the government’s cyber challenges and our nation’s IT skills gap. This panel of subject matter experts will brief the audience on methods for producing cybersecure, resilient and sustainable software systems through practice and education.



  • Robert Martin, Senior Principal Engineer, MITRE
  • Rodney Petersen, Director, National Initiative for Cybersecurity Education (NICE), NIST
  • Paul Seay, Northrop Grumman Fellow, Engineering Center of Excellence, NGMS Engineering, Sciences, and Technology, Northrop Grumman Corporation – confirming
3:15 Closing Remarks




Army Navy Country Club

Grand Ballroom, 2nd floor

1700 Army Navy Drive, Arlington, VA

website: phone: 703-521-6800














9 thoughts on “Cyber Resilience Summit: The Crossroads of IT Modernization and Cybersecurity

Leave a Reply

Your email address will not be published. Required fields are marked *



Comment validation by @