Click a block to view session details
Orem Alumni Hall
An evolving issue being discussed across Federal, State and local government is the processes and procedures by which government resources can and should be brought to the aid of both public and private sector cybersecurity leads in the event of cyber incidents by threat actors. Clear guidance to our cyber community is needed for them to get the best and quickest assistance possible. In my paper, I will outline actions taken and provide a diagram and compendium of available Federal, State and local resources.
Philip R. Rever Alumni Hall of Fame Atrium
As General Alexander's Corporate Briefer, I often spoke on the importance of defending the U.S. Critical Infrastructure. Of all the things that keep national security officials up at night, adversarial incursion of our infrastructure is one of the most harrowing. To add to the angst, particularly within the Intelligence Community, nearly all of the US Critical Infrastructure lies outside the authorities of both NSA and US Cyber Command. There are formidable adversaries at the door, most prominently the Chinese, and we have to ensure that we keep them all at bay. Most troubling, however, is how quickly the Chinese and others have developed advanced offensive cyber capabilities, and how they often can defeat our cybersecurity practices - therefore, incurring the need for clean-up on Aisle 9 and first responder action after a cyber intrusion. We need to change the paradigm and move from robust cyber defenses to impenetrable cyber defenses - and put first responders out of business.
Agencies and Organizations are rapidly adopting cloud services. The advent of readily available automation services are transforming the way we respond to security and systems events at scale. The use of DevSecOps methodologies and technologies is helping us detect and respond to incidents faster and also automate the mitigation activities.
The talk will cover the following topics -
1. Introduction to DevSecOps
2. Overview of Automation technologies and services 3. Description of specific examples relevant to Incident Response
The focus will be on practical examples to help create awareness of emerging practices and technologies on FedRAMP Accredited cloud services such as AWS and Microsoft Azure.