Public Speaking

Federal Executive Forum Program on Secure Cloud Computing in Government on Federal News Radio, WFED, in Washington D.C.

Moderated by Jim Flyzik (President, Flyzik Group), the panelists also included:

• Frank Koneiczny, Chief Technology Officer, US Air Force
• Tonya Manning, Chief Information Security Officer, Dept. of Labor
• Chris Bollerer, Director of Security Governance, Risk Management & Compliance & Acting Deputy Chief Information Security Officer, HHS
• Sarah Jackson, Vice President for Sales Consulting Public Sector Applications, Oracle
• Don Hewatt, Director of US Public Sector Workload & Cloud Solutions, HP Enterprise Services

Zero Trust Architecture - Guidance for Federal Agencies

REGISTRATION: https://carahevents.carahsoft.com/Event/Details/327186-accenture

A zero trust architecture is not achieved by a single, out-of-the-box network security solution. It’s a strategy based on an agency’s cybersecurity plan that contains a collection of zero trust concepts. It requires multiple security solutions that cybersecurity teams need to orchestrate in their environment.

Of course, introducing new tools and solutions can increase complexity, but federal agencies can simplify their zero trust architecture by including an enterprise platform strategy.

Join in-person on Thursday, December 8th to hear from ServiceNow and government experts as they discuss zero trust. Discussion will include:

• How to get started on your zero trust journey
• How ServiceNow helps you align with zero trust requirements
• Best practices for implementing zero trust broken out by the CISA pillars
• Use cases for securing edge devices
• Tactics for automation and orchestration

Visionary Panel: Government Guidance on Zero Trust

Event Webpage: https://atarc.org/event/8-9-22-zero-trust-summit/

To help Federal agencies convert their networks, systems and devices to a Zero Trust Security architecture, the White House has issued three new draft guidance documents. The documents, including the Federal Zero Trust Strategy from the Office of Management and Budget, and the Zero Trust Maturity Model and Cloud Security Technical Reference Architecture from the Cybersecurity and Infrastructure Security Agency, are meant to provide agencies with a roadmap and resources required to sustain a multiyear push towards Zero Trust.

Listen in as topic experts dive into the Guidance, as well as the importance behind them. How will these guidance documents affect Zero Trust Security? Do these roadmaps present any challenges? How can agencies best leverage the guidance documents for successful security architecture implementation?

Spoke on a panel with:

• Karim Said, CISO, Office of Headquarters, NASA
• Stephen Haselhorst, Zero Trust Program Manager, OCIO, FDIC
• Conrad Bovell, Director of the Division of Information System Security, CMS

The Cyber Threat Landscape is Winnable but ONLY through Public-Private Collaboration

REGISTRATION: https://humanatsfmoma.splashthat.com/

When we talk about cybersecurity public-private collaboration in the abstract, it may seem soft. It’s not just about sharing indicators of compromise (IOCs) or even actionable threat intelligence, although both are important elements of a fraud fighting partnership. True public-private collaboration is about engaging modern defense strategy powered by collective protection to make sure cybercriminals are disrupted and experience real costs and consequences.

Spoke on a panel with:

• Morgan Adamski - Chief of NSA's Cybersecurity Collaboration Center
• Chuck Brooks - Professor at Georgetown University
• Tamer Hassan - Cofounder & CEO of HUMAN
• Nick Shevelyov - Author Cyber War & Peace; Former Chief Information Risk Officer at Silicon Valley Bank (SVB)

AFS Zero Trust Conversation Framework

Public presentation given during AFS Zero Trust Partner Enablement webinar that discusses the key conversational topics for an AFS Zero Trust engagement.

Outcomes were to help partners understand our strategy and our why behind the strategy. To collaborate and discuss together; together in order to ensure we understand our strategy the reasoning behind it, and the best ways we ca achieve it - TOGETHER.

Covers four key conversations/capabilities:

• Progressive safeguards
  Protects high-risk, high-value targets through intelligence, risk-based scenarios and vulnerability hunting


• Risk-based identity & access
  Drives integrated and collaborative security risk management across functions


• Dynamic operations
  Enables independent/autonomous resiliency while reducing impacts from the unknown


• Cyber-savvy workforce
  Adapts quickly and securely during disruption and change

An Open Source Approach to FedRAMP

Recent news headlines include how GSA took their ATO process from 6 months to 30 days, the Navy's "Compile to Combat in 24 hours" capability, or how ORock achieved FedRAMP Moderate in three months. These rapid ATO success stories sharply contrast to opinions that FedRAMP, FISMA, and broader initiatives like Controlled Unclassified Information (CUI) slow down innovation.

Via NIST 800-53 the U.S. Government created a security control catalog. Could a response catalog be created, sharing prepopulated answers for common technologies like operating systems and container platforms? If we could create a control response catalog, could deployment specific ATO materials be dynamically generated?

This talk steps through a joint industry/government initiative called OpenControl, which in partnership with GSA and NIST, is working to automate much of the ATO process.

Keynote Presentation

Given evolving adversarial threat models, what technologies are being developed by Intel and Red Hat to secure the underlying compute platforms? Co-presented with Steve Orrin, CTO of Intel Federal, on the joint Intel/Red Hat security roadmap. Discussed technologies such as Intel Boot Guard, Trusted Execution Technology (TXT), hardware accelerated cryptography (ADOX/ADX), and EXCITE (fuzzing for BIOS).

OpenFirst DC: DevSecOps in Practice (Moderated Panel)

Moderated a panel discussion on DevSecOps and how government agencies can integrate it into their security efforts. Panelests were:

• Kshemendra Paul, Cloud Action Officer & Deputy Director of Mission Strategy, DHS
• Phil Harvey, Technical Directory & Principal Engineering Fellow, Raytheon IIS/CMS

Aligning and Sharing Cybersecurity Practices Between Federal and State Government

Many state CIOs and their teams have spent countless hours trying to create their own cybersecurity frameworks from scratch. Reflecting enormous amounts of research, planning and implementation, these bespoke cybersecurity frameworks distract from the state’s core mission of providing citizen services. Yet according to the Public Technology Institute, only 42 percent of local governments have successfully adopted a cybersecurity framework based on national standards and guidelines. That’s a missed opportunity. Indeed, state agencies could be saving themselves a lot of time, money and effort by looking toward their federal brethren, who are here to help. For decades, the federal government has painstakingly developed cybersecurity frameworks to thwart a rise in ransomware attempts, software vulnerabilities and other malicious actions by hackers and rogue states seeking to gain access to U.S. assets. This session, in partnership with GovLoop, reviews opportunities for aligning and sharing cybersecurity best practices between Federal and State government agencies.

Continuous Change and IT Security

Teams tasked with IT security face mounting pressure due to rapid changes in IT infrastructure, the increasing number of high-profile vulnerabilities, the reality of hybrid cloud environments, and the need to deliver business value faster. IT operations and security teams must find innovative ways to keep up and new opportunities to get ahead. Join the Red Hat virtual event, Continuous change and IT security, on Nov. 16. You’ll learn how to address security concerns across an ever-changing IT landscape and the crucial role of automation, management, and open source technologies in assisting you. In this event, you’ll hear from experts on topics including: * Managing vulnerabilities. * Keeping up with compliance demands. * Improving security for deployments across complex, hybrid environments.

Repeatable DCO Platforms (Built in Partnership with ARCYBER)

This session detailed the OpenShift-based Cyber DCO platform which was built with ARCYBER at Fort Gordon.

Defense in Depth 2017 Keynote

Co-presenting with Steve Orrin (CTO, Intel Federal), discussed upcoming trusted computing technologies and initiatives from both Intel Corporation and Red Hat.

IRS Mini Summit on OpenShift Security

With several co-presenters, and sponsored by the IRS, this session delivered an overview of the OpenShift architecture, IRS’ DevOps vision, RHEL and Container Security, OpenSCAP, OpenShift S2I (Source-to-Image), Atomic Scan, and how to use OpenControl to automated security authorization packages.

DevOpsSec: Building CI/CD with Security Teams

Session stepped through how continuous monitoring techniques can be applied to Linux-based containers. Live demo of the ComplianceAsCode and OpenShift Compliance Operator, which showed how known vulnerability scanning and misconfiguration detection can be embedded into CI/CD pipelines.

New Era of Digital Security

As citizens demand digital access and more software is delivered as a service, government organizations need new technologies to offer these services. But adopting them makes security and regulatory compliance more difficult. In addition, securing devices and infrastructure that are outside of your environment is a key challenge. This means IT teams must manage and secure a continuously evolving landscape. New vulnerabilities emerge regularly, from external attacks and internal issues caused by human error or malice. However, organizations can often view security teams as blockers to rapid productivity, rather than supporters. How can this be flipped to enable innovation? To discuss how government can better do this, GovLoop and Shawn Wells, Chief Security Strategist, U.S. Public Sector Red Hat spoke as part of GovLoop and Red Hat’s Gov Security in the Digital World Virtual Summit in Wells’s session, New Era of Digital Security. GovLoop Article: https://www.govloop.com/new-era-digital-security/

Changing the Open Hybrid Cloud Game: Deploying OpenShift to Azure

Building secure environments and ensuring adherence to FedRAMP authorization requirements can be complex and cumbersome. Red Hat’s OpenShift Container Platform provides a secure, government-ready platform for containers and DevOps.

In GovLoop’s Gov Security in a Digital World Virtual Summit, Harold Wong, Cloud Architect at Microsoft and Shawn Wells, Chief Security Strategist in Red Hat’s Public Sector, teamed up to provide architectural guidance on deploying Red Hat OpenShift Container Platform in Azure Government, which is a hybrid cloud solution.

GovLoop landing site: https://www.govloop.com/changing-open-hybrid-cloud-game/

DevOpsSec: Building CI/CD with Security Teams

As presented at AFCEA West 2017.

Integrated Solutions for Trusted Clouds and SDI

Commercial and government organizations are looking to reduce network complexity and cost while simultaneously increasing flexibility and agility. Additionally, new security challenges must be considered along with all the benefits that a software-defined IT infrastructure provides. Intel and Red Hat have teamed up to help solve software defined cloud environment challenges.

OpenSCAP Workshop: Hands-on Labs to explore Scanning, Reporting, Remediation

• What’s the latest in the Linux Security Automation space?
• Government & Commercial Initiatives
• Formal and Emerging SCAP Standard
• What tools and content are available today?
• For enumerating (known) software vulnerabilities
• For assessing configuration

Live Demos @ FBI Mini Summit

Slides used at the FBI Mini Summit.

Security Automation: RHEL7 DoD STIG Update

Co-presented with Ted Brunell (Red Hat’s DoD Chief Architect) on the current state of the Red Hat Enterprise Linux STIG. Additionally discussed security automation development initiatives between Red Hat + NSA + NIST.

Red Hat Enterprise Virtualization for Desktops 3.0

Why virtualize your desktop? Who benefits? This presentation answered those questions while introducing the SPICE adaptive protocol for VDI.

MADFW Program Review

Copresenting with the projects SETA, detailed the MSD Application Development Framework (MADFW) hosting capabilities. Session reviewed the architecture and system capabilities for potential mission customers.

Red Hat Update

Invited by the Government contrating officer of Red Hat's enterprise agreement with NSA to speak to NSA about the latest Red Hat technologies. Topics included an update on the Red Hat Enterprise Linux lifecycle, RHEL 6 updates, security topics, and Red Hat Virtualization technologies/roadmap.

Red Hat Enterprise Virtualization (RHEV) with Cisco UCS

Spoke about Red Hat Enterprise Virtualization on Cisco UCS hardware. Detailed recent RHEV-D features, performance and scalability results, and details of the underlying SPICE technology.

Red Hat Virtualization Overview

Invited by TMA to speak at the first meeting of the U.S. Intelligence Community's Cloud Users Group. Spoke about the latest happenings in open source virtualization (Aeolus, CloudForms, KVM) and Red Hat Enterprise Virtualization.

Trends & Observations in Open Source Cloud Computing

Invited by In-Q-Tel, the venture capital firm of the U.S. Intelligence Community, to speak at their Technology Focus Day to discuss how the open source movement competes against proprietary companies in the cloud space.

Red Hat Portfolio Overview

Invited by Lockeed Martin to their Gaithersburg facility to brief technical staff within IS&GS on various Red Hat topics. Discussed Red Hat Enterprise Linux, MRG, Red Hat Network Satellite, Red Hat Enterprise Virtualization, JBoss, and various cloud technologies.

Red Hat Technical Symposium

After closing an agency-wide enterprise licensing agreement, invited by the Government Contracting Officer to brief all of NSA at an in-person event at the NSA Research & Engineering Symposium Center at Fort Meade, MD. Topics covered included a Red Hat Enterprise Linux 6 update, Red Hat in a Virtualized Environment, and Security topics. Co-presented with Chris Runge (Technical Director) and Gunnar Hellekson (Red Hat Federal CTO).

Dell / Red Hat Alliance in the U.S. Intelligence Community

Invited by Dell to speak at their U.S. Intelligence Community Executive Briefing. Outlined joint corporate initiatives, Red Hat Enterprise Virtualization (RHEV), and performance benchmarks on the recently released Dell R710 hardware.

NexGen Desktop Concept Architecture, Phase 2

Asked by the U.S. Government to present at a second DoDIIS Industry Day, gave a live system demonstration of how Red Hat technology could lay the foundation for a cross-domain virtual desktop environment. Using native technologies available in Red Hat Enterprise Linux and Red Hat Enterprise Virtualization, demonstrated virtual desktops of differing classification levels connecting through a single thin client.

DoDIIS NexGen Desktop Concept Architecture

Delivered conceptual overview of how Red Hat technology could lay the foundation for a cross-domain virtual desktop environment. Using native technologies available in Red Hat Enterprise Linux and Red Hat Enterprise Virtualization, demonstrated virtual desktops of differing classification levels connecting through a single thin client.

Red Hat Identity Management & Certificate System Technical Overview

Invited to speak at the Identity Management working group of the United States Intelligence Community. Provided an overview of PKI, Red Hat Certificate System, and a deep dive into several requested technical topics (token innovations, scalability and performance concerns, high-availability deployment models, tools and SDKs, NSS crypto libraries, and new features).

Current & Future Linux on Sysetm z Technology Deep Dive

Invited to speak at the Open Source Software user group at the National Security Agency. Discussed the latest Linux on System z technology and capabilities, the Red Hat Enterprise Linux release roadmap, RHEL 5.4, and upcoming Intel NEHALEM support for the x86 platform.

Red Hat on the Mainframe: The Reasons Are Compelling

Invited to speak at the NYC System z Executive Council meeting. Shared Red Hat updates, which included publicly speaking about the libVirt project -- an attempt to unify x86 virtualization with s390x and z/VM through a consolidated API.

Announcing the IBM Enterprise Linux Server and the System z Solution Edition for Enterprise Linux

With Linux on System z growth globally, partnered with IBM to announce a 'System z Solution Edition' that pre-bundled Linux subscriptions at a highly discounted price for System z customers. Co-presented with Reed Mullen, the System z Consolidation and Virtualization Leader at IBM.

Red Hat System z Partner Program Review

With Red Hat's System z marketshare growing, third party software providers were looking to port their software to Red Hat Enterprise Linux on System z. Co-presenting with Michael Fremder (Red Hat ISV Program Manager), discussed current market trends and resources for Red Hat ISVs to join the Linux on System z market.

System z Update

Covered the release of RHEL 5.4, tentative roadmap of RHEL 6 for IBM System z, an update on CMM2/CMMA via the CMM-Lite technology, and future-looking discussion regarding the joint IBM and Red Hat development initiatives.

Session zQV31: Current & Future Linux on System z Technology (RHEL 5.4 and beyond)

Covered the release of RHEL 5.4, tentative roadmap of RHEL 6 for IBM System z, an update on CMM2/CMMA via the CMM-Lite technology, and future-looking discussion regarding the joint IBM and Red Hat development initiatives.

Current & Future Linux on System z Technology (RHEL 5.4 and beyond)

Covered the release of RHEL 5.4, tentative roadmap of RHEL 6 for IBM System z, an update on CMM2/CMMA via the CMM-Lite technology, and future-looking discussion regarding the joint IBM and Red Hat development initiatives.

The Linux Audit Subsystem: Deep Dive

Why is Linux auditing needed? What can it do for me? How does it work? How do events get audited? How do I make sense of all the data? What is the difference between Linux's syslog and audit facilities?

Session 9204: Managing your Red Hat Enterprise Linux Guests with RHN Satellite

What is Red Hat Network? What are the modules? What are the deployment architectures? How's it run on IBM System z?

System z Update - Analyst Call

Delivered to press and industry analysts such as Gartner, Forrester, and IDC, delivered the Red Hat corporate overview, System z revenue growth, updated marketshare, and other business statistics/data.

Co-presented with Nick Carr, Director of Industry Relations at Red Hat.

System z Update

Invited to return and speak at the Chicago Area VM (and Linux) Enthusiats meetup. Session delivered an update about the latest Red Hat Enterprise Linux technical updates; namely, the Sistina GFS filesystem, LVM2, sVirt's integration of Mandatory Access Control, Fedora for System z, and libvirt.

Red Hat Network Satellite (On System z)

Invited to return and speak at the Chicago Area VM (and Linux) Enthusiats meetup. This session discussed how Linux on System z administrators can automate Linux updating, monitoring, provisioning, and overall system management, with Red Hat Network Satellite.

Red Hat Solutions for System z

Invited to return to Marist College for their 2009 summer series. Spoke about Red Hat's Open Source University (OSU) program. Our goal was to enable thousands of colleges and universities around the world to teach open source principles, programming, and system administration, to hundreds of thousands of students.

This presentation ultimately led to Marist joining Red Hat's Open Source University and incorporating formal Red Hat certification training into their undergraduate curriculum.

Red Hat Solutions for System z

Focusing primarily on the business benefits of Linux on System z, covered a recent design win within the U.S. Government. This agency saved >$5M in virtualization costs, and >$8M in Oracle Database licensing, by converting from x86/VMWare to Linux on System z.

A Customer's Perspective on Making Enterprise Linux Deployable, Scalable, and Manageable

Discussed management challenges facing IT organizations with large Enterprise Linux fleets. Provided an overview of Red Hat Network Satellite, Red Hat's system management tool, and how Salt River Project implemented it at scale.

Co-presented with Kevin Masaryk (Linux/UNIX Administrator at Salt River Project) and Chris Wells (Senior Product Marketing Manager, Red Hat)

Red Hat on IBM System z

Invited to visit IBM's Linux Technology Center in India. Over the course of multiple days, presented at technical interlock meetings with IBM kernel developers, support engineers, and kernel test engineers.

Current & Future State of Linux on System z

Session delivered a Red Hat System z business update, RHEL 5.3 updates (released 45-60 days prior to this event), and future technology development efforts. Technical updates included accelerated in-kernel crypto algorithms for IBM z10, SELinux per-package access controls, nv_conntrack subsystem, and other kernel topics such as address space randomization.

Taking "Green" Beyond the Hardware

When thinking "Green Datacenters," most individuals only consider hardware. This session delivered content to expand that thinking to tunables provided within the Linux operating system to optimize system power consumption.

Stepped through the Red Hat deployment to the Bank of New Zealand, which reduced power consumption by over 35% when compared to their legacy SUN environment.

Current & Future State of Linux on System z

Session delivered a Red Hat System z business update, RHEL 5.3 updates (released 45-60 days prior to this event), and future technology development efforts. Technical updates included accelerated in-kernel crypto algorithms for IBM z10, SELinux per-package access controls, nv_conntrack subsystem, and other kernel topics such as address space randomization.

Current & Future State of Linux on System z

Invited to deliver 2009-03-03 IBM SHARE conference presentation to the IBM Atlanta System z council.

Session delivered a Red Hat System z business update, RHEL 5.3 updates (released 45-60 days prior to this event), and future technology development efforts. Technical updates included accelerated in-kernel crypto algorithms for IBM z10, SELinux per-package access controls, nv_conntrack subsystem, and other kernel topics such as address space randomization.

RHEL 5.3 Update for IBM System z

Technical presentation of the latest s390x/IBM System z related features delivered in Red Hat Enterprise Linux 5.3.

Red Hat System z Update

Invited to speak at the IBM Destination z event. Provided an overview of Red Hat's System z business, Red Hat partner programs, and updated customer success/public references.

Red Hat System z Update

Asked by IBM to present on their System z ISV community call, with over 150 software companies in attendance. Discussed the overall IBM/Red Hat relationship, current campaigns/programs, quick technical overview of Red Hat's System z capabilities, and new customer references to share.

Red Hat Deep Dive Sessions: Linux on System z

Invited to speak at the Chicago Area VM (and Linux) Enthusiats meetup. Led a discussion about the current Linux for System z development process, what s390x features were delivered in the latest releases of Linux, provisioning and patching via Red Hat Network Satellite, and several security updates (SELinux, audit, etc).

Session ID zLS01: Red Hat Update for IBM System z

Why do we need SELinux? What are the principal concepts? Session discussed SELinux type enforcement, available policies, and how to write your own SELinux policy. Covered SELinux from the perspective of a system user and system administrator. Performed live demo of creating an SELinux policy based on errors in syslog.

Session ID zLP07: Managing your Red Hat Enterprise Linux Guests with RHN Satellite

Presented on Red Hat Network Satellite. Discussed the available modules, deployment architectures, and how RHN Satellite can be deployed on System z. Performed live demo at the end.

Co-presented with Brad Hinson, Senior Support Engineering Lead for System z at Red Hat.

Session ID zQV18: Red Hat Update for IBM System z

Technical update for Red Hat Enterprise Linux on IBM System z. Stepped through plans for RHEL 5.2, future RHEL 5.3 updates, and upstream Fedora activities. Covered topics such as skb scatter-gather support for kernel memory management, CPU affinity, ETR support, and other kernel development topics.

Co-presented with Brad Hinson, Senior Support Engineering Lead for System z at Red Hat.

Red Hat Update for System z

Red Hat technology update covering Enterprise Linux, long-range virtualization plans, and security/MLS/common criteria updates. Discussed kernel updates such as high resolution timers introduced in 2.6.16, updated I/O schedules in 2.6.10, filesystem updates to ext3, and several other kernel-related topics.

Managing your Red Hat Enterprise Linux Guests with RHN Satellite

Reviewed Red Hat Network Satellite, Red Hat's modular web-based Linux management platform. Stepped through how to perform system updates, enterprise fleet management, provisioning, and system monitoring.

Co-presented with Brad Hinson, Senior Support Engineering Lead for System z at Red Hat.

SELinux: A Key Component in Secure Infrastructures

Why do we need SELinux? What are the principal concepts? Session discussed SELinux type enforcement, available policies, and how to write your own SELinux policy. Covered SELinux from the perspective of a system user and system administrator. Performed live demo of creating an SELinux policy based on errors in syslog.

Red Hat Update for System z

45 minute update on Red Hat. Spoke about the upstream-to-downstream development model, contextualized for s390x kernel development, Red Hat Enterprise Linux 4 (RHEL4) and RHEL5 updates. Introduced audience to Security Content Automation Protocol (SCAP).

Red Hat Enterprise Solutions for System z

30 minute update on Red Hat System z announcements, ISV partnerships, Red Hat Enterprise Linux 5 (RHEL5) for System z update, and talk through how to manage Linux on System z instances with Red Hat Network Satellite.

Red Hat Enterprise Linux & System z: How Red Hat uses System z

Invited to the System z Summer Series at Marist College to share and discuss how Red Hat uses System z infrastructure internally. Spoke about Red Hat's usage of an IBM zSeries 2094 (z9), zSeries 2084 (z990), and Shark storage, and how those systems contribute to the development of Enterprise Linux.

Red Hat Technology and Roadmap

Invited to speak at Lockheed Martin San Jose to their U.S. Department of Defense customers. Topics covered Red Hat security -- from the hypervisor, to APIs, to cryptography and PKI.

Red Hat Security Seminar

Invited to return to Harris Corporation and re-deliver the 23-JAN-2008 session to a wider audience. Topics included Red Hat security roadmap, covering Red Hat's implementation of the Xen hypervisor, libVirt API, security certifications, and SElinux.

Remember when we just sold Linux? Intro to Red Hat Middleware

Invited to speak at an IT conference at the Federal Aviation Administration (FAA). Session introduced audience to Red Hat's middleware portfolio, named JBoss.

Red Hat Overview

Topics included incident response, SELinux, and Red Hat Enterprise Linux 5 security.

Co-presented with Mark St Laurent and Michael Brown of Red Hat.

Red Hat Security Roadmap

Red Hat security roadmap, covering Red Hat's implementation of the Xen hypervisor, libVirt API, security certifications, and SElinux.