Cybersecurity education and workforce development is a significant issue given large current national capability and skills gaps. In this webinar, we bring together key partners and major stakeholders from the public sector, private sector, and academia to discuss pathways of collaboration and partnerships moving forward to solving this important problem. Panel members will discuss their experience and “best practices” to reduce th...

Insider Risk Programs have continued to evolve naturally over the past 20 years. They have grown exponentially beyond the traditional lens of trying to identify spies through cyber-focused data exfiltration events. Today, Insider Risk Programs have expanded to include internal HR, legal, and compliance stakeholders within organizations and have expanded security beyond strictly physical and cyber domains to now include analysts, investigators,...

Office of Management and Budget (OMB) Memorandum M-22-09 requires “agencies to achieve specific zero trust security goals” and designates “Identity” as the first of five pillars from CISA’s zero trust maturity model. Additionally, M-22-09 provides specific actions for the Identity pillar that include, employing centralized identity management systems that integrate with agency applications and platforms; leveragin...

The persistence of nation-state actors has introduced a threat to America’s cybersecurity landscape that has never been seen before. Ample countermeasures have been prescribed through various White House, DoD, and CISA guidance that places responsibility on government and private industry to follow these new guidelines for the development of secure software. As we turn the corner toward the close of the federal fiscal year and begin cybe...

Federal agencies across government have started the shift in mindset from just patching and remediation to truly transformative cybersecurity modernization. There is no better example than the move to developing zero trust architecture governmentwide. While every agency is in a different stage of its ZT implementation journey, there are key guideposts and best practices that every federal IT and security team should be following to optimize th...

In today’s interconnected and rapidly evolving digital landscape, ensuring secure access to sensitive resources is of paramount importance. There are various methods of securing data and Federal agencies have explored a majority of them. Identity, Credential, and Access Management (ICAM) and Attribute-Based Access Control (ABAC) have emerged as two prominent frameworks that enable organizations to address the challenges associated with a...

To address the dynamic challenge of Insider Threats, organizations must have an agile process that should include training and the need to stay connected with their internal policies, external requirements, evolving risk discovery technology, best practices from within and other organizations, and government lessons learned. Simply stated, training is not a one-and-done or calendar-based ‘check the box activity.’ It is a critical c...

In the digital age, government agencies face increasing threats from spyware that can compromise sensitive information and undermine national security. To combat this, many government organizations are taking proactive measures by implementing executive orders and directives to ban specific applications on their mobile devices. However, this approach presents challenges in terms of scalability, visibility, and keeping up with rapidly evolving...

With all of the components of Zero Trust, there are various models and theories that an organization can use to strengthen their cybersecurity practices. The CISA Zero Trust Maturity Model and the DoD Zero Trust Strategy are only two examples of frameworks that provide guidance on implementing Zero Trust security principles within an organization. Both models emphasize the steps it takes to achieve total Zero Trust, but they differ in some of...

Federal agencies must undergo the complex and laborious process of security authorization to operate (ATO) for each information system (IS) in accordance with the Federal Information Security Modernization Act (FISMA). Currently, most agencies rely on manual documentation processes. These include popular productivity tools to capture the applicable security controls and the status/plans of implementation of the controls for each IS as well as...