Implementing the President's Cybersecurity Executive Order (EO) Training Workshop II

Keynote Speaker:

Dr. Ron Ross

NIST Fellow

Author of the NIST Risk Management Framework and numerous NIST 800 Series Publications.

Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include information security, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure. His current publications include Federal Information Processing Standards (FIPS) 199 (security categorization), FIPS 200 (security requirements), and NIST Special Publication (SP) 800-39 (enterprise risk management), SP 800-53 (security and privacy controls), SP 800-53A (security assessment), SP 800-37 (Risk Management Framework), SP 800-30 (risk assessment), SP 800-160 (systems security engineering), and SP 800-171 (security requirements for nonfederal systems and organizations). Dr. Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, Office of the Director National Intelligence, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for the development of the Unified Information Security Framework for the federal government and its contractors.

Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. In addition to his responsibilities at NIST, Dr. Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. He has also lectured at many universities and colleges across the country including the Massachusetts Institute of Technology, Dartmouth College, Stanford University, the George Washington University, and the Naval Postgraduate School. A graduate of the United States Military Academy at West Point, Dr. Ross served in many leadership and technical positions during his twenty-year career in the United States Army. While assigned to the National Security Agency, Dr. Ross received the Scientific Achievement Award for his work on an inter-agency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. Dr. Ross is a four-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government and is a recipient of the Presidential Rank Award. He has also received the Department of Commerce Gold and Silver Medal Awards and has been inducted into the Information Systems Security Association Hall of Fame and given its highest honor of Distinguished Fellow. In addition, Dr. Ross has been inducted into the National Cyber Security Hall of Fame.

Dr. Ross has received numerous private sector cybersecurity awards including the Partnership for Public Service Samuel J. Heyman Service to America Medal for Homeland Security and Law Enforcement, Applied Computer Security Associates Distinguished Practitioner Award, Government Computer News Government Executive of the Year Award, Vanguard Chairman’s Award, Government Technology Research Alliance Award, InformationWeek’s Government CIO 50 Award, Billington Cybersecurity Leadership Award, ISACA National Capital Area Conyers Award, ISACA Joseph J. Wasserman Award, Symantec Cyber 7 Award, SC Magazine’s Cyber Security Luminaries, (ISC)2 Inaugural Lynn F. McNulty Tribute Award, 1105 Media Gov30 Award, and three-time Top 10 Influencers in Government IT Security.

During his military career, Dr. Ross served as a White House aide and a senior technical advisor to the Department of the Army. He is a graduate of the Defense Systems Management College and holds Masters and Ph.D. degrees in Computer Science from the U.S. Naval Postgraduate School specializing in artificial intelligence and robotics.

Instructors:

John Lainhart

Director, Global Public Sector

Grant Thornton

John is a Director in the Public Sector Practice of Grant Thornton’s Alexandria office. He is a member of the Information Assurance and Cybersecurity group. 

John has 45+ years of U.S. federal government experience in IT Governance, Security, Privacy, IT Risk Management, IT Value, and Cybersecurity.  He has 30+ years of experience as an IT auditor and culminated his public sector career serving as the first Inspector General and Officer of the U.S. House of Representatives. He joined PwC consulting service as the Partner responsible for providing Security and IT Management services to the U.S. Public Sector and served as the Partner, Cybersecurity & Privacy Services Leader for the U.S. Public Sector when IBM acquired PwC’s consulting business until retiring in June 2016.

John serves on the Board of Directors of George Washington University’s Center for Cyber and Homeland Security. John is active in the ISACA community, and currently serves as Advisor to the ISACA Board of Directors. He previously served as Co-chair of the COBIT 5 Task Force and served on the AICPA’s Assurance Services Executive Committee and was instrumental in the development of the AICPA’s Trust Services and SSAE No. 16.

Education

M.A., Management and Supervision, Central Michigan University, 1976

B.A., Business Administration, Davis & Elkins College, 1969

Wharton Information Systems Program, Wharton School of Finance, 1974

Professional qualifications and memberships

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified in the Governance of Information Technology (CGEIT)
• Certified Information Privacy Professional/Government (CIPP/G)
• Certified Information Privacy Professional/U.S. (CIPP/US)

Dave Simprini

Senior Manager, Global Public Sector

Grant Thornton

Mr. Simprini has experience auditing NIST-governed IT controls, Federal Information System Controls Audit Manual (FISCAM) controls, A-123 Controls, Sarbanes-Oxley compliance controls, segregation of duties, data migration, Enterprise Resource Planning (ERP) implementations, performance audits, and internal audit functions for clients from a broad spectrum of industries including Aerospace and Defense, Financial Services, Entertainment and Media, and Technology. He also has experience in planning integrated Federal financial audits, executing all phases of field work. As the lead IT Manager on the first independent external financial statement audit of any kind for the USMC, Mr. Simprini assisted with the planning and development of the overall audit approach, scoping assessment, and modified FISCAM IT test program. Throughout the testing phase, he led teams in field work at USMC financial centers and their associated financial and reporting IT Systems.