2025 DoD Cybersecurity & SAP IT Summit Approved Presentations

ZT Implementation Plan Update

Mr. Les Call, DoD CIO

The purpose of this session is to provide the DoD cybersecurity community an update on FY25 Zero Trust implementation plans. 

Technical Application of CMMC Requirements

Mr. James Gillooley, DCIO(CS)/CMMC PMO
Ms. Dana Mason, DCIO(CS)/CMMC PMO

The purpose of this session is to help industry understand CMMC assessment requirements for various asset types to ease implementation.

FedRAMP

Mr. Jeffrey Eyink, DoD CIO

Provide summit attendees with an understanding of the Federal Risk and Authorization Program (FedRAMP) background and applicability, as well as to detail the recent FedRAMP Joint Authorization Board (JAB) Transition of November 2024. Discuss the current state of and way ahead for FedRAMP’s new governance structure and authorization process to equip the audience with knowledge to best utilize FedRAMP in their roles and organizations, as applicable. Provide information for FEDRAMP Equivalency.

CMMC Alignment to NIST Standards

Mr. James Gillooley, DCIO(CS)/CMMC PMO
Ms. Dana Mason, DCIO(CS)/CMMC PMO

The purpose of this session is to help industry understand how CMMC assessment requirements align to standards in National Institute of Standards and Technology Special Publications (NIST SP) 800-171 and -172.

FedRAMP Authorization and Equivalency Requirements

Mr. Jeff Eyink, DoD CIO
Mr. James Gillooley, DCIO(CS)/CMMC PMO
Mr. William Spence, DCMA

The purpose of this session is to help participants understand how companies can achieve FedRAMP Authorization and Equivalency.

DoD SPRS and CMMC eMASS Demos

Ms. Lorraine DeBlasio, MITRE
Mr. John Duncan, USN

The purpose of these sessions are to provide an overview of the DoD Supplier Performance Risk System (SPRS) and the CMMC Enterprise Mission Assurance Support System (eMASS) database. These two DoD systems will be used to store CMMC assessment and affirmation data, support the acquisition workforce in understanding the current cyber posture of DIB companies, and provide reports and metrics on CMMC Program adoption.

Future of Cybersecurity Architecture

Dr. Josef DeVaughn Allen, DoD CIO

The purpose of this session is to provide an overview of the DoD CIO’s plan to modernize the Cybersecurity Reference Architecture (CSRA) by transitioning from static, paper-based artifacts to dynamic, digital models. It introduces the application of Model-Based Systems Engineering (MBSE) to the CSRA, addressing stakeholder challenges, mitigation strategies, and the development of interoperable and actionable models.

DoD Cryptographic Modernization A Strategic Viewpoint

Mr. Kristopher Joiner, DoD CIO

The purpose of this session is to provide an overview of Cryptographic Modernization (CM), its DoD-wide challenges and strategy requirements to achieve a fully synchronized DoD-wide modernization plan.

Post Quantum Crypto

Dr. Britta Hale, DoD CIO

The purpose of the Post-Quantum Cryptography (PQC) break-out session is to provide an overview of PQC strategy goals and challenges. It is important to understand that all DoD National Security Systems (NSS) and Non-NSS employ interoperable, agile, secure, and PQC Systems to support the complex use environment.

Data Centric Environment

Dr. Josef DeVaughn Allen, DoD CIO

The purpose of this Data-Centric Environment break-out session is to provide an overview of the Data-Centric Environment and the Digital Infrastructure Architecture, highlighting their components, interconnected roles, and how they support mission-critical operations through the integration of Identity, Credential and Access Management (ICAM), Data Centricity, and Infrastructure as Code (IaC) Cloud Hosting.

Post Quantum Crypto (Part 2)

Dr. Matthew Campagna, Amazon
Dr. Britta Hale, DoD CIO
Mr. Mike Ounsworth, Entrust
Dr. Douglas Steblia, University of Waterloo

The purpose of the Post-Quantum Cryptography (PQC) break-out session is to provide an overview of PQC strategy goals and challenges through panel discussion with academic and industry experts in the field, including those deploying PQC. These insights provide context on PQC transition, including strategic and tactical transition considerations.

Flank Speed Success Overview

Mr. Darren Turner, DON CTO

The purpose of this session is to provide an overview of the Navy’s successful Flank Speed Zero Trust (ZT) effort and lessons learned. It provides insight into how the Navy developed, implemented, and assessed Flank Speed to achieve ZT outcomes effectively.

ZT Functional Assessment

Mr. Kevin Davis, Advantage Engineering & IT Solutions

The purpose of this session is to inform the DoD cybersecurity community about how to use Zero Trust (ZT) and cybersecurity principles to create a Functional Assessment process for measuring ZT implementation accurately.

ZT Assessed Solutions

Mr. Jonathan Flack, USAF AFMC AFRL/IZ
Dr. Pam Kobryn, AFRL
Ms. Tiffany Roth, DISA

The purpose of this session is to provide the DoD cybersecurity community an overview of assessed ZT solutions, capabilities, and implementation lessons learned from DISA’s Thunderdome, and AFRL’s Google Cloud Platform.   

Dark AI: Adversarial use of GenAI

Ms. Lisa Reginaldi, Gartner

This presentation explores how attackers have started to exploit GenAI technology to craft better malicious and fraudulent content at scale and low cost. CISOs and their teams need to understand the changing threat landscape in order to build strong defensive solutions in response.

DAU | ZT Segmentation

Mr. Tim Denman, Defense Acquisition University
Mr. George Alves, Defense Acquisition University

The purpose of this session is to summarize Zero Trust segmentation and to examine its importance as it relates to Zero Trust implementation within the Department of Defense.

State of CESO

Presented By:

Mr. Cleveland K. “Murph” Murphy, IV
Chief of the Compartmented Enterprise Services Offices (CESO), Defense Information System Agency

High Performance Computing

Presented By:

Mr. Kelly Dalton
Director, DoD High Performance Computing Modernization Program

Mr. Jonathan “JT” Thompson
Chief, Advanced Technologies Branch, AFRL/ IZHT

Cyber Update

Presented By:

Mr. Craig R. Gladu
Director of Cybersecurity for SAP IT, SAP CISO, DoD, OCIO

The Perceptor Program

Mr. James Doswell, CDAO
Mr. Aaron Sant-Miller, CDAO

Perceptor is a government-owned, DoD-authorized AI/ML orchestration platform. Perceptor accelerates model deployment timelines into DoD missions, scales industry and commercial AI/ML use across the DoD enterprise while protecting commercial intellectual property and enables robust AI/ML fielding across the Joint Force.

ICT-SCRM Risk Management

Ms. Carol Assi, DoD CIO/CS

Introduce the (first) DoD Information and Communications Technology Supply Chain Risk Management (ICT-SCRM) Assurance Strategy and Implementation Plan (the strategy) and describe how the Department manages risk in the ICT supply chain at the strategic level.

NextGen CSSP Table Top Exercises to Support DoDI 8530.01 Update

Ms. Carol Assi, Deputy Chief Information Officer for Cybersecurity Chief Operations Officer, Department of Defense, Office of the Chief Information Officer

Discussion on the current gaps in defense of specific technologies table-top exercises (e.g., weapons systems) and how they will relate to the upcoming DoDI 8530.01 update.

User Activity Monitoring (UAM) & Insider Threat Panel

Mr. Lewis “Lew” Call, Chief for Insider Threat OUSD(I&S/CL&S)
Mrs. Patricia “Trish” Janssen, Director for Capability Oversight (DoD DCIO(CS)/CO)
Lt Col Margell Munoz, Chief for UAM for Insider Threat (DoD DCIO(CS)/CO)

The purpose of this session is to provide insight into DoD User Activity Monitoring (UAM) priorities and challenges to minimize the risk of insider threats. It introduces the UAM ecosystem comprised of cyber tools, people, and processes that enable the collection and analysis of data to detect anomalous behavior of potential insider threats in support of the DoD’s Insider Threat Program.

Panoptic Junction

Mr. Alan Mollenkopf, ARCYBER

Panoptic Junction uses AI to link EMASS, the platform for authorizing IT systems, with cybersecurity continuous monitoring tools that detect anomalous and malicious cyber activity. This session will provide an overview of our AI driven platform that when productized, will enable scalable, continuous security monitoring of IT systems and more effective detection of anomalous and malicious cyber activity.

Bridging the Gap between Cybersecurity & Data Science

Mr. Nathan Ron-Ferguson, NGA

This brief will explore how a partnership between cyber domain experts and data science professionals is helping to modernize defensive cyber operations at the National Geospatial-Intelligence Agency (NGA). The presentation will cover the team structure and the specific tools, methods, and models that they are using to collect, transform, and operationalize AI/ML for defensive cyber operations.

DoD Mobile Security

Mr. Brannon Jones, Cyber Security Mobility Analyst

The purpose of this session is to provide guidance and clarity for using mobile devices and applications (apps) to access Department of Defense information. This guidance is a combination of multiple policies that maintain the security of authorized, mission-related mobile apps, collaboration capabilities, non-mission apps, and where apps are allowed for use.

NextGen CSSP 8530.01 Roadmap

Ms. Carol Assi, Deputy Chief Information Officer for Cybersecurity Chief Operations Officer, Department of Defense, Office of the Chief Information Officer

Audience will understand the DoDI 8530.01 roadmap and how it effects the CSSP Community of Interest.

Capability Oversight: Endpoint Security and Comply-to-Connect (C2C)

Mrs. Patricia “Trish” Janssen, Director for Capability Oversight (DoD DCIO(CS)/CO)
Mr. Spencer Rothermel, C2C SME
Mr. Joshua Sawyer, Endpoint Security SME

The purpose of this session is to discuss CIO’s proposed way ahead for the endpoint security and C2C programs, modernizing the way we think about device categories to improve understanding of the overall cyber threat landscape. This includes updating data reporting requirements and expanding cybersecurity capabilities to better protect Operational Technology.

ZT for Facility Related Control Systems

Dr. Annie Weathers, MIT Lincoln Library
Ms. Sandra Kline, DoD

The purpose of this session is to provide the DoD cybersecurity community with an overview of Zero Trust (ZT) implementation for DoD Operational Technology (OT), specifically discussing ZT objectives, risks, architecture, pilots, and outcomes for Facility-Related Control Systems (FRCS). 

AIxCC (Cybersecurity challenge held by DARPA), SemaFor, Formal Methods, & Scalability and Adaptability

Dr. Matthew Turek, DARPA

The brief will provide the audience with a better understanding about how the Information Innovation Office (I2O) at the Defense Advance Research Projects Agency (DARPA) leverages advances in state-of-the-art AI to produce trustworthy cyber capabilities that operate beyond human capacity and speed to surprise adversaries and maintain an enduring advantage for national security.

Assess Only Focus Group Update

Mr. Jeffrey Eyink, DoD CIO

By the end of the presentation the audience will explain the current “Assess Only” process and guidance. DoD organizations will be able to effectively implement the updated guidance and establish a standardized enterprise-wide process for assessing products and services, and AI technologies that do not meet system-level criteria.

Cyber Hardening Scorecard Changes & Alignment to Cybersecurity framework (CSF) 2.0 and FISMA Shift to CSF

Mr. McKay Tolboe, DoD CIO

Provide summit attendees with an understanding of current Cybersecurity Hardening Scorecard efforts and receive feedback on the way ahead.