TechNet Cyber Supporting Partner Opportunities (Advertisements and Supporting Partner recognition does not imply federal endorsement.)


Stand Out in the Crowd! If branding, lead generation and market visibility are important to your organization, the supporting partner opportunities available at TechNet Cyber 2021 are exactly what you need. This event attracts over 4,000 cyber security professionals, who want to see the leading industry solutions, and take part in networking and business building opportunities.

Have an idea for a supporting partner opportunity you don't see listed below? Let us know! We are happy to discuss possibilities with you. Contact us today!

Branding Opportunities Deadline: October 1st
Patron Package and Individual Opportunities Deadline: October 15th

Engagement Theater 1: DevSecOps: Automating STIG Compliance and Vulnerability Assessment

  • Room: Swing Hall, 2700/2800 Aisle
Wednesday, October 27, 2021: 10:30 AM - 11:30 AM

Speaker(s)

Moderator (confirmed)
Matthew Palmer
Chief Engineer C2 Modernization
Defense Information System Agency
Panelist (confirmed)
Jason Mackanick
Chief, Cyber Standards Branch, DISA RME
Defense Information Systems Agency
Speaker (confirmed)
Andrew "Drew" Malloy
Technical Director, Cyber Security and Analytics Directorate
Defense Information Systems Agency
Speaker (confirmed)
William Mohseni
DevSecOps Program Manager, DISA SD
Defense Information System Agency
Speaker (confirmed)
Kyle Saunders
Command and Control (C2), Software Factory Engineer
Defense Information System Agency

Description

The Defense Information Systems Agency(DISA Services Development (SD) Directorate DevSecOps Program is focused on the development of a Continuous Compliance Monitoring (CCM) approach for all DoD mission partners that monitors and provides compliance enforcement of containerized applications which cover all the DevSecOps pillars - Develop, Build, Test, Release and Deploy, and Runtime - for a secure posture with the focus being on automation and integration going forward. CCM is an automated process by which the DevSecOps team, including ISSMs and SCAs, can detect compliance issues and security threats during each phase of the DevSecOps pipeline. To date, the DevSecOps team has completed the STIG compliance (as Compliance as Code (CaC) files) to a cloud centric model where DevSecOps containerized applications are monitored with minimal human interference. The work also includes monitoring STIG compliance, Vulnerabilities and Organizational Policy. CaC files are available today for mission partner usage, found on Cyber Exchange, with CCM ready for Proof of Concept (PoC) testing fall of this year. Compliance as Code (CaC) can be summarized as the codification of compliance controls so their adherence, application and remediation can be automated. CaC tools work by utilizing the automatable STIG compliance checks to validate the mission partner’s environment. CaC’s objective has been driven by the ultimate aim of automating the traditional manual process of STIG validation which consumes valuable DoD time and resources. CaC takes the tightest delivery bottleneck, e.g., reading a 50-page compliance PDF, and translates it into automated scripts, which ultimately results in reduced time to perform audits and generate data to ensure compliance.

Approved for 1 CompTIA CEU: A+, Network+, Security+, Cloud+, and Linux+; 1 GIAC CPE; and 1 CertNexus CFR CEC


Tracks: