Government Security Solutions Forum 2022

The past 24 months have proven to be some of the most challenging for information security analysts, leaders, and stakeholders. We are battling workforce complications associated with the COVID-19 pandemic and seemingly never-ending cyber attacks. Coupled with an increase in supply chain issues, defending your organization can seem tougher daily. However, adversaries are not the only ones who have made advancements in technology capabilities.

Join us for the Carahsoft Government Security Solutions Forum, where we will explore concepts and technologies to help defend against adversaries of all shapes and sizes. With a wide range of experts and topics, this forum will provide opportunities for assessing your current security posture and looking for future improvements.

Government Security Solutions Forum

In Partnership With




Agenda | Thursday, July 21st | 10:00 AM - 4:30 PM EDT

All Times Shown in Eastern Daylight (EDT)



10:00 - 10:15 AM EDT

Welcome & Opening Remarks

Matt Bromiley, Certified Instructor, SANS Institute
Brian O’Donnell, Vice President, Carahsoft Technology Corp.

10:15 - 10:45 AM EDT

Zero Trust in Compliance and Health Care Services

Enabling security by streamlining compliance through automation, cloud native integrations and security tooling.  This can be performed by leveraging cloud native tools, such as AWS Audit Manager continually assessing controls.  By building out technical components leveraging machine readable language (OSCAL) to enable an automated way to build and update compliance artifacts (SSPs).  By introducing practices around this, ADOs will be able to focus their time on innovating and securing verses manually being assessed and building artifacts.

Keith Busby, Director, Division of Security & Privacy Compliance Information Security & Privacy Group (ISPG) Office of Information Technology (OIT) Centers for Medicare and Medicaid Services (CMS)

10:45 - 11:30 AM EDT

Automating Security Integration to Streamline Detection and Response Processes

Automating and orchestrating cybersecurity activities within the SOC is an opportunity to catch up with the increasing demands. The challenge is SOAR tools are frequently bought to avoid the one thing that most organizations don't seem to be able to do on their own: figuring out the sequence of actions that need to be automated and bringing together the mass of data from disparate tools. Investing in a SOAR platform is strategic and oftentimes a financially beneficial decision. SOAR systems can help define, prioritize, and standardize responses to cyber incidents. This process occurs when an organization’s security team uses the platform to gain insight on an attacker’s tactics, techniques, and procedures (TTPs) and known indicators of compromise (IOC). But more importantly, to know what the SOC needs to do and perform it with great speed, precision, and consistency. Listen in to hear our panelists explore how to make a more efficient SOC!

Chris Crowley, Senior Instructor, SANS Institute

Brandon Tansey, Cybersecurity Advisor, Splunk
David Hagy, Federal Manager, Palo Alto Networks

11:30 - 12:00 PM EDT

Building America’s Cyber Defenders Bench

New technologies are developing at an explosive pace, giving our adversaries new vectors to threaten the security of our nation. Chief of Staff Kiersten Todt of the Cybersecurity and Infrastructure Security Agency, or CISA, will discuss steps we must take to create a cohesive response to this growing threat landscape. CISA is leading the charge by educating the public about cyber hygiene, using innovative workforce recruiting efforts, and promoting cyber education. Join us to learn why each of us has a critical role to play in cyber defense.

Kiersten Todt, Chief of Staff, Cybersecurity and Infrastructure Security Agency (CISA)

12:00 - 12:15 PM EDT


12:15 - 1:00 PM EDT

Zero Trust Begins with the Basics

The March 2022 Cybersecurity Technical Report on Network Infrastructure Security Guidance by the NSA shows that your journey towards Zero Trust begins with the basics, discovering and assessing where your critical assets are and how they're being accessed, building visibility, mapping data flows, inventorying users and devices, and implementing 'less trust' by leveraging and making the most of the capabilities you have today. Regardless of how we want to call it, the truth is that many organizations still struggle with implementing the basics: they have flat networks (and yes, a network with VLANs and no ACLs is still a flat network), they have a wide attack surface on switches, routers and other non-hardened critical network devices, they have poor logging and detection practices and they're far from implementing least privilege principles. How can organizations start taking successful steps on their journey towards ZT? Tune in to find out!

Ismael Valenzuela, Senior Instructor, SANS Institute

Robert Huber, Chief Security Officer, Tenable
Josh McDonough, Lead Solutions Engineer, BeyondTrust

1:00 - 1:30 PM EDT

Benefits of a Global (and Mobile) Workforce

You can’t make a difference from the sidelines – and today, perhaps more than ever, we need to build a team of diverse thinkers, astute professionals and keen innovators bent on making a difference for a more secure world.

 In March 2020, the world flipped a switch, and we went remote. The key benefit of operating with a global (mobile) workforce is to execute your mission from anywhere in near real-time. The whole reason the U.S. Army went to enterprise email, for one, had nothing to do with email, but everything to do about single identity, whether you were in the Pentagon or Iraq and needed to access the data to do your mission. This need remains relevant for our hybrid operations of today.

Lieutenant General Susan Lawrence, USA, Ret., President and CEO, AFCEA International

1:30 - 2:15 PM EDT

Securing Access to Assets & Data with a Remote Workforce

Cloud-based services are becoming increasingly more attractive to organizations as they offer cost savings, flexibility, and increased operational efficiency. However, protecting systems, applications, and data in the cloud presents a new set of challenges for organizations to overcome. Security teams need to adapt and learn how to utilize the tools, controls, and design models needed to properly secure the cloud. For businesses and users making the transition to the cloud, robust cloud security is important. Constantly evolving security threats are becoming more sophisticated and IT teams will achieve greater security if they adopt a similar approach for the cloud as they do for their on-premise IT environment. Cloud security solutions are generally deployed and used to help protect data running across major public cloud services and private clouds. Come listen to this diverse panel of experts to hear firsthand how they not only cope but thrive in the cloud.

Ken Hartman, Certified Instructor, SANS Institute

Jim Kovach, VP of Public Sector, Zimperium
Chris Boehm, Technology Strategist, SentinelOne

2:15 - 2:30 PM EDT


2:30 - 3:00 PM EDT

Cyber Security Issues in Small Town America

Of the approximately 19,000 incorporated cities or towns in the US, over 16,000 have a population of under 10,000. Most local governments do not have enough the cyber/IT resources of the Federal Government or large corporations and the majority of a citizen's interaction with "the government" is at the local level. In 2021 according to Emsisoft, a security company, at least 67 state and local governments and 1043 schools were impacted by ransomware incidents. Small communities are now becoming the main targets of ransomware groups due to their vulnerability. Tun in to learn from the success of Mayor Skinner and his approach to dealing with cyber crimes with a small town budget!

Gregory J. Skinner, Mayor, Borough of Peapack & Gladstone, New Jersey

3:00 - 3:45 PM EDT

Vulnerability, Patch, and Configuration Management

The November 2021 CISA Binding Operational Directive 22-01 - Reducing the Significant Risk of Known Exploited Vulnerabilities highlights the need for additional focus and effort related to Vulnerability, Patch, and Configuration management. With this directive, all government agencies were required to update their internal vulnerability management procedures to ensure that vulnerabilities found in the CISA-managed vulnerability catalog were remediated within 6 months for vulnerabilities discovered prior to 2021 and 2 weeks for all others. Even though vulnerability management is one of the most fundamental security capabilities and probably one of the first to be implemented in many organizations, companies still struggle to keep up. Fortunately, emerging technologies and changes in the way we architect, design, and develop our networks and applications provide an opportunity for improvement. What can your organization do to mitigate known (and yet to be discovered) vulnerabilities?

David Hazar, Certified Instructor, SANS Institute
Allan Liska, Threat Intelligence Analyst, Recorded Future

3:45 - 4:15 PM EDT

The ICS Mission and Active Control System Cyber Defense

An overview of the differences between IT and ICS/OT. Current adversary attack techniques on targeting control system and engineering systems are discussed. Along with the top active cyber defense approaches for the future protection of critical infrastructure. Question throughout and/or Q&A at the end of the session to address any audience questions.

Dean Parsons, Certified Instructor, SANS Institute & CEO, ICS Defense Force

4:15 - 4:30 PM EDT


Matt Bromiley, Certified Instructor, SANS Institute


Save the Date | November 3, 2022 at 1:00PM EDT

We invite you to join SANS Director of Emerging Security Trends John Pescatore, as he presents the SANS Government Cybersecurity Solutions Focus Report. This report takes a deeper dive into the findings of the Government Security Solutions Forum and provides a summary of the key challenges government agencies face going into FY23, a distillation of the key points made by each of the speakers and prioritized action recommendations for government agencies that need to close security gaps effectively and efficiently.