Federal government increasingly recognizes the need for more tech savvy within their agencies, even as they struggle to find the talent or even get approval for hires. This is amplified with efforts to comply with cybersecurity orders from the Biden administration. This panel will examine how agencies can drive DevSecOps into their IT efforts, even amid the dearth of available resources in secure software development.

Productivity and security are always in contention. If you put up too many hoops to jump through in the name of security, then users will reject and attempt to circumvent in the name of productivity; and if there is not enough security in the name of productivity, you will have a breach on your hands. The challenge here is how can organizations, especially in the federal space, make informed decisions that promote just enough security while supporting user productivity? How can we make better security decisions based on the context of a privileged action... where the user is, what their behavior is, what their job requires and what potential risk a compromise to that user would have on the organization? What we need is "Adaptive Privilege Access"; an approach by which identity context is used to determine just enough privilege for user productivity while maintaining the security posture agencies demand.

Federal government maintains some of the most sensitive data and networks in the world, and yet the perpetual challenges tied to the budget cycle and procurement and oversight can often stand in the way of security innovation. This panel will examine how agencies can overcome the typical hurdles that come with government bureaucracy to ensure effective protection of their crown jewels.    

In recent years, the cybersecurity community has responded to the call for partnerships, demonstrating more than ever before effective collaboration across the public and private sectors. But just as the threat evolves, so must the nature of partnerships, with expanded trust-based, mutually beneficial relationships that go beyond information sharing. During this session, government and industry cybersecurity leaders will provide perspectives on leveraging the power of collaboration.

All federal partners expose agencies to a degree of risk, if security standards are not properly implemented. But federal and defense contractors, which often access or maintain government’s most critical data and IT networks, must be held to comparable standards to the agencies themselves to preserve national security. Cybercriminals and enemy nation states recognize the potential gold mine and are increasingly targeting contractors. This panel will examine how contractors and federal leaders can work together to address third-party risk and how recent security standards placed upon contractors help (or hurt?) the effort.