Loading…
Attending this event?
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, February 13
 

8:30am

Welcome and Opening Remarks
Speakers
avatar for Rita Creel

Rita Creel

SCSS Co-chair, Software Engineering Institute
Rita C. Creel is Associate Director and Principal Engineer, Cross-Discipline Initiatives, in the Software Engineering Institute’s CERT Division. Ms. Creel’s focus is on building and leading interdisciplinary teams that can navigate competing concerns related to software, systems... Read More →
avatar for John Robert

John Robert

SCSS Co-Chair, Software Engineering Institute
John Robert is a Principal Engineer at the Software Engineering Institute (SEI) and currently serves as Deputy Director, Software Solutions (SSD) Division.  Mr Robert previously served for two years as Technical Director, Client Technical Solutions (CTS) Directorate leading a portfolio... Read More →


Wednesday February 13, 2019 8:30am - 8:45am
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203

8:45am

From Correlation to Causation: Lessons for Security and Defense
Machine learning and AI are sweeping through all aspects of public and private life, but one key challenge is how to move beyond simple correlations and predictions to causal knowledge that can guide action, policy, and plans. Over the past 30 years, a number of algorithms for learning and using causal knowledge (even from purely observational data) have been developed. In this talk, I will first describe the state of the art in causal discovery and reasoning methods, many of which have been developed at CMU. I will then outline various natural uses of these algorithms in (national) security and defense contexts, drawing from examples of research and applications conducted with the SEI.

Speakers
avatar for David Danks

David Danks

Carnegie Mellon University
Dr. David Danks is the L.L. Thurstone Professor of Philosophy & Psychology, and Head of the Department of Philosophy, at Carnegie Mellon University. He is also an associate/adjunct member of: the Center for the Neural Basis of Cognition (CMU); the Center for Advanced Study of Language... Read More →


Wednesday February 13, 2019 8:45am - 9:30am
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203

9:30am

Morning Keynote: Fifty Shades of Red
Woeful inexperience is no longer a good excuse for poor software security. Building rugged software requires us to expose the sordid tales of our craft, bringing both pleasure and pain to the forefront. During this talk, we’ll examine the many dimensions of resilience to help us understand how security really fits in with a five 9’s analysis.

Speakers
avatar for Shannon Lietz

Shannon Lietz

DevSecOps Leader and Director, Intuit
Shannon Lietz is an award winning innovator with over two decades of experience pursuing advanced security defenses and next generation security solutions.  Ms. Lietz is currently the DevSecOps Leader for Intuit where she is responsible for setting and driving the company’s DevSecOps... Read More →


Wednesday February 13, 2019 9:30am - 10:15am
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203

10:15am

Morning Break
Wednesday February 13, 2019 10:15am - 10:30am
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203

10:30am

Securing Software Supply Chains
In October 2018, the topic of technology supply chain attacks landed on the front page of every newspaper in the world when Bloomberg Businessweek broke the “Supermicro” story. While that pertained to an alleged attack on a hardware supply chain (and questions still remain about its accuracy), the scary truth was, and still is, that it’s much easier for bad actors to infiltrate and hack "software" supply chains. With "hardware," you need to physically access something in order to conduct a hack. With software, attacks can be carried out from anywhere.

Today, software development teams are consuming billions of open source components and containerized applications to improve productivity at a massive scale by leveraging open source software supply chains. The good news: they are accelerating time to market. The bad news: many of the components and containers they are using are fraught with defects, including critical security vulnerabilities. While most commercial enterprises and various government agencies are aware of software supply chain threats, cross-industry and governmental knowledge has not been fully coordinated, and proactive measures have been limited. There is little consensus on roles, responsibilities, authorities, and accountability for software supply chain security.

This session will explore recent high-profile software supply chain attacks (e.g., Equifax, India's AADHAAR, CoPay Bitcoin Wallets), including the ease and scale at which they were executed. Derek will also discuss improvements required for software supply chain security and what combination of actions are being implemented or considered to protect, fortify, and defend critical operations, consumers, missions, and core infrastructure. Derek will also share insights on current efforts spanning legislation and regulation, policy, acquisition, and technology aimed at improving software supply chain security.

Speakers
avatar for Derek Weeks

Derek Weeks

Vice President, Sonatype
Derek E. Weeks is the world's foremost researcher on the topic of securing software supply chains. For the past five years, he has championed the research of the annual State of the Software Supply Chain Report. Derek is a huge advocate of applying proven supply chain management principles... Read More →


Wednesday February 13, 2019 10:30am - 11:00am
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203

11:00am

Panel: Supply Chain Security Risk Management
The complexity of the supply chain continues to increase and new methods are required to effectively manage risk. This moderated panel explores how organizations can identify foundational supply chain management needs and apply practical solutions to create justified confidence in their risk posture.

Speakers
avatar for Joshua Corman

Joshua Corman

Founder / CSO, I am The Cavalry / PTC
Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research, analyst, & strategy roles... Read More →
avatar for Reginal Bryant

Reginal Bryant

Group Vice President, Office of the Chief Information Security Officer, National Information Technology, Federal Reserve
Reginal Bryant has over 20 years of experience in Information Technology Operations, Information Security and Risk Management, Military Command & Control and Intelligence Systems, and Program Management. He is currently a Group Vice President with the Federal Reserve’s National... Read More →
avatar for Edna Conway

Edna Conway

Chief Security Officer, Global Value Chain, Cisco
Edna Conway currently serves as Cisco’s Chief Security Officer, Global Value Chain, creating clear strategies to deliver secure operating models for the digital economy. She has built new organizations delivering cyber security, compliance, risk management, sustainability and value... Read More →


Wednesday February 13, 2019 11:00am - 12:00pm
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203

12:00pm

Lunch
Wednesday February 13, 2019 12:00pm - 1:00pm
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203

1:00pm

SEI Expert Presentation: The Software Dilemma
The official acquisition guidance has been to describe “what” you want and to avoid telling the contractor “how” to do the work. Yet the process by which the contractor chooses to develop your software—even the software in your embedded weapon system—is important. The development processes are important for being able to validate the quality attributes (like cybersecurity) of the software when it is delivered. But even more important, the development processes determine the cost of sustaining the software for the life of the system. This talk will address the significance of software development processes and provide some ideas about how they can affect your acquisition strategy, request for proposal, and contract terms.

Speakers
avatar for Ceci Albert

Ceci Albert

Software Engineering Institute
Ms. Cecilia Albert is a Senior Member of the Technical Staff in the SEI's Intelligence Sector, Client Technical Solutions Directorate, where she supports and accelerates the delivery of software to the intelligence community and DoD by accessing, leveraging, and integrating leading-edge... Read More →


Wednesday February 13, 2019 1:00pm - 1:30pm
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203

1:30pm

Afternoon Keynote: Air Force Agile DevOps
Dr. Roper will present a keynote talk on a paradigm shift known as Agile DevOps. This presentation addresses the initiative to gain and maintain a competitive edge; the Air Force must shift toward agile software development (short development cycles) and close integration with operators and developers. This will require collaborating with all software developers, establishing standard processes, sharing best practices, and ultimately transforming how we develop and deploy software across the Air Force. To achieve this, the Air Force will develop state-of-the-art agile software development processes, metrics, and methodologies and share and promulgate best practices.

Keynote Speakers
avatar for Dr. Will Roper

Dr. Will Roper

Assistant Secretary for Acquisition, Technology and Logistics, U.S. Air Force
Dr. Will Roper is the Assistant Secretary of the Air Force for Acquisition, Technology and Logistics. As the Air Force’s Service Acquisition Executive, Dr. Roper is responsible for and oversees Air Force research, development and acquisition activities totaling an annual budget... Read More →


Wednesday February 13, 2019 1:30pm - 2:15pm
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203

2:15pm

Mid-afternoon Break
Wednesday February 13, 2019 2:15pm - 2:30pm
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203

2:30pm

Panel: Innovation in Software Acquisition
This moderated discussion will feature a diverse set of perspectives on applying innovative approaches across the entire acquisition and system lifecycle to achieve performance at the speed of relevance.

Moderators
avatar for John Robert

John Robert

SCSS Co-Chair, Software Engineering Institute
John Robert is a Principal Engineer at the Software Engineering Institute (SEI) and currently serves as Deputy Director, Software Solutions (SSD) Division.  Mr Robert previously served for two years as Technical Director, Client Technical Solutions (CTS) Directorate leading a portfolio... Read More →

Speakers
avatar for Dr. Suzette Johnson

Dr. Suzette Johnson

Agile Transformation and Center of Excellence Lead, Northrop Grumman Corporation
Dr. Suzette Johnson works for Northrop Grumman Corporation near Baltimore, Maryland where she leads Northrop Grumman’s Agile Transformation and Center of Excellence. As a Certified Agile Enterprise Coach and Scaled Agile Program Consultant, she has an interest and passion for driving... Read More →
avatar for Maj. Matthew Getts

Maj. Matthew Getts

Chief of Assembly, Test and Launch Operations, AEHF, U. S. Air Force
Major Matthew T. Getts is the Chief of Assembly, Test and Launch Operations for the Advanced EHF System Program Office. In this role, he directs the final assembly/qualifications, testing, flight readiness reviews, and launch operations for the $14 billion MILSATCOM constellation... Read More →
avatar for Dr. Ann Wong

Dr. Ann Wong

Defense Systems Management College, Defense Acquisition University (DAU)
Dr. Ann Wong is currently a Professor of Executive Program Management at Defense Systems Management College (DSMC), where she works closely with the executive-level members of the DoD acquisition workforce. She develops and conducts training on agile and software curriculums with... Read More →


Wednesday February 13, 2019 2:30pm - 3:30pm
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203

3:30pm

Mini-Tutorial: Emerging Technologies for Software-Reliant Systems
Timely identification and understanding of emerging technologies are key for DoD systems to realize computation and algorithmic advantage. However, adoption of these technologies can greatly change the way that software-reliant systems are developed, deployed, and acquired. This talk presents several emerging technologies and their potential impact for software-reliant systems.

Speakers
avatar for Grace Lewis

Grace Lewis

Software Engineering Institute
Grace Lewis is Principal Researcher and Lead of the Tactical Technologies Group (TTG) initiative at the Software Engineering Institute (SEI) at Carnegie Mellon University (CMU). Grace is the principal investigator for the “Authentication and Authorization of IoT Devices in Edge... Read More →


Wednesday February 13, 2019 3:30pm - 4:30pm
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203

4:30pm

Closing Remarks
Speakers
avatar for Rita Creel

Rita Creel

SCSS Co-chair, Software Engineering Institute
Rita C. Creel is Associate Director and Principal Engineer, Cross-Discipline Initiatives, in the Software Engineering Institute’s CERT Division. Ms. Creel’s focus is on building and leading interdisciplinary teams that can navigate competing concerns related to software, systems... Read More →
avatar for John Robert

John Robert

SCSS Co-Chair, Software Engineering Institute
John Robert is a Principal Engineer at the Software Engineering Institute (SEI) and currently serves as Deputy Director, Software Solutions (SSD) Division.  Mr Robert previously served for two years as Technical Director, Client Technical Solutions (CTS) Directorate leading a portfolio... Read More →


Wednesday February 13, 2019 4:30pm - 4:45pm
NRECA Conference Center 4301 Wilson Boulevard, Arlington, VA 22203
 
Thursday, February 14
 

8:00am

Secure DevOps: Build a Secure Deployment Pipeline to Deploy Secure Applications
Limited Capacity seats available

This tutorial is designed for managers, developers, security, and operational teams and offers training on secure DevOps principles and processes for designing and building a secure development pipeline for project planning, security requirements, development, security testing, and deployment from start to finish. This workshop will expose attendees to reference architectures and use cases for continuous integration (CI), continuous delivery/deployment (CD), and continuous authorization (CA) tools and practices, including technical demonstrations and practical scenarios.

Speakers
avatar for Hasan Yasar

Hasan Yasar

Software Engineering Institute
Hasan Yasar is the technical manager of the Secure Lifecycle Solutions group in the CERT Division of the Software Engineering Institute, CMU. Hasan leads an engineering group on software development processes and methodologies, specifically on DevOps and development; and researches... Read More →


Thursday February 14, 2019 8:00am - 12:00pm
NRECA Conference Center, Room 2 4301 Wilson Boulevard, Arlington, VA 22203

8:00am

Software Assurance for the Supply Chain
Limited Capacity seats available

Integrating sufficient software assurance into the supply chain includes evaluating the impact of suppliers on mission capabilities, using a structured approach to identify capabilities and gaps in desired vendor products, and integrating this knowledge into acquisition decision making. This tutorial will present various types of supply chain relationships and the ways in which software assurance should be addressed in a sound acquisition strategy.

Speakers
avatar for Carol Woody

Carol Woody

Software Engineering Institute
Dr. Carol C. Woody is the technical manager of the Cybersecurity Engineering team in the Software Engineering Institute at Carnegie Mellon University.  Her research focuses on building capabilities for measuring, managing, and sustaining cybersecurity for highly complex networked... Read More →


Thursday February 14, 2019 8:00am - 12:00pm
NRECA Conference Center, Room 1 4301 Wilson Boulevard, Arlington, VA 22203

1:00pm

Scaling Agile Metrics to Large Complex Programs
Limited Capacity seats available

Do you have data to answer these questions?

  • Are we delivering capabilities fast enough to keep pace with the user’s operational needs?
  • Are we delivering enough important capabilities to match the level of investment?
  • Are we delivering capabilities that satisfy the demands of the operational environment?

Cost and schedule performance will always be important to the viability of your enterprise. However, the contribution of your work to the larger mission of your users must serve as the rallying cry if you are to be truly successful.

This tutorial focuses on measuring flow, fitness for purpose, and rate of delivery of "value" as defined by users (and their representatives) to indicate the performance of the product development pipeline. This fresh perspective on metrics will arm you with insights that address some of the most challenging problems encountered when implementing Agile "at scale."

Speakers
avatar for Will Hayes

Will Hayes

Software Engineering Institute
Will Hayes is principal engineer at the Software Engineering Institute (SEI) of Carnegie Mellon University. He provides direct lifecycle management support to major Department of Defense (DoD) programs. Throughout his 26 year career at the SEI, he has supported numerous commercial... Read More →


Thursday February 14, 2019 1:00pm - 5:00pm
NRECA Conference Center, Room 2 4301 Wilson Boulevard, Arlington, VA 22203

1:00pm

Understanding Software Architecture, Quality, and Security Through Code Analysis
Limited Capacity seats available

Increase visibility into the architecture, quality, and security of your software, and enable improvements throughout the software lifecycle with code analysis. This tutorial will introduce program managers, system integrators, and acquirers to the value and limitations of static and dynamic code analysis. Attendees will leave equipped with the right code anlaysis questions to ask in order to help assure delivery of a high-quality software systems.

Speakers
avatar for Ceci Albert

Ceci Albert

Software Engineering Institute
Ms. Cecilia Albert is a Senior Member of the Technical Staff in the SEI's Intelligence Sector, Client Technical Solutions Directorate, where she supports and accelerates the delivery of software to the intelligence community and DoD by accessing, leveraging, and integrating leading-edge... Read More →
avatar for Robert Schiela

Robert Schiela

Technical Manager, Software Engineering Institute
Robert manages the Secure Coding team in the Cyber Security Foundations directorate of CERT. Robert has been working in the field of information technology, software development, and software development education for more than 20 years. Prior to joining Cyber Security Foundations... Read More →
avatar for Jay Marchetti

Jay Marchetti

Software Engineering Institute
Jay Marchetti has been a product development engineer for a number of companies spanning diverse business domains, starting at Eastman Kodak, where he worked in the group credited with the invention of the digital camera. Over the next 25 years he developed hardware, software, and... Read More →


Thursday February 14, 2019 1:00pm - 5:00pm
NRECA Conference Center, Room 1 4301 Wilson Boulevard, Arlington, VA 22203