Protecting and Defending Sensitive Data in the Cloud for the Information Security Professional

Thank you to the Information Technology Security Community for their collaboration and support of Cybersecurity Awareness Month, October 2023.

Description

As the IC, DoD, and Federal Agencies migrate enterprise communications, collaboration, and operations to commercial cloud, this is changing the information security and cybersecurity paradigm from Network to Data Centric Defense. In support of key federal initiatives like Zero Trust, Digital Transformation, Software Modernization, and DevSecOps, the speed and increase of new applications and services delivered in agile and extensible cloud hosted environments forces information security and cybersecurity professionals to transform and modernize approaches to key processes and approach to activities such as implementation, monitoring, and authorization of applications and services in the cloud. Another dynamic transformation involves the expansion of workforce skills to support the protection and defense of data in the cloud, from the cloud. As the commercial cloud service providers manage, control, and operate the systems within their environments and reliance on FedRAMP and other authorizations.

This session is intended to educate and inform information system security and cybersecurity professionals on transformation of federal operating environments to cloud and the workforce necessary to support it. Traditional cyberspace protection and defense; basic commercial cloud concepts; and new major initiatives within the federal community will be discussed to form the foundation of information, concepts, and approaches underway and planned to support transformation from network centric to data centric security. Attendees will learn new approaches to the Risk Management Framework in support of the integration of development, delivery, and security (DevSecOps) to support rapid and agile delivery of software to support increasingly complex and advanced mission and warfighting operations.

Learning Objectives

Upon completion, participants will be able to:

• At the end of this session, participants will gain an understanding of key commercial cloud concepts through the eyes of a cyber defender.
• At the end of this session, participants will gain insights and knowledge of new key initiatives such as Zero Trust, Software Modernization, and Defensive Cyberspace Operations.
• At the end of this session, participants will gain thought provoking awareness of skills and challenges required to protect data in the cloud

Presenter*

Robby Ann Carter
CEO
Special Aerospace Security Services, Inc. (dba SASSI)

Ms. Robby Ann Carter is the CEO and Owner of Special Aerospace Security Services, Inc. (SASSI), a Woman Owned Small Business and serves as a Senior Consultant to USG executive offices and Industry clients. She has over thirty years of experience as a trusted advisor, handling a multitude of responsibilities related to information systems, physical, personal protection, personnel, communications, and operational security as an employee of the CIA, FBI, and as a consulting contractor to various US Government agencies and corporations. Ms. Carter has been an Independent Security Consultant for the past 14 years as a Strategic and Technical Trusted Advisor and Subject Matter Expert in the areas of Information Assurance and Cybersecurity to Office of Secretary of Defense / DoD CIO, NSA Information Assurance Directorate / Cyber Integration, and Army Defensive Cyberspace Solutions. ​Ms. Carter has also served as a Curriculum / Course Developer and Instructor for Intelligence Community security courses and most recently developed and delivered the ICD 503 and associated Risk Management Framework course to federal government employees and contractors and the DoD’s Risk Management Framework / DoDI 8510.01 web-based training for the Defense Acquisition University.

In addition, Ms. Carter consults to best in class IT security product and services companies delivering secure mobility, wireless and network security solutions to the federal government and private industry. Ms. Carter coordinates technology requirements and solutions with government (US and NATO partners), universities, financial, healthcare, and private industry creating partnerships and integrated technology solutions. ​Ms. Carter is the former Unit Chief for the FBI’s Information Technology Security Program where she established and directed the activities of six major FBI Information Assurance programs which included the US Government’s first Wireless and Mobile Computing Security Program; Certification & Accreditation (C&A); ISSM/ISSO Program, COMSEC Program; and the FBI’s Field IT Security Program.

As a former CIA employee, Ms. Carter established in-depth knowledge and experience in the core disciplines of security that consisted of investigations, polygraph, and adjudications; provided armed support for USG personnel and facilities domestic and abroad; domestic and overseas secure facility construction; and provided program & operational security support to various USG program offices over the course of ten years. ​Ms. Carter has participated in Committee for National Security Systems (CNSS) and Information Security Information Management Committee (ISIMC) working groups for CNCI, Cloud Computing, and Use of social media.​

*Note:  Speakers and content are subject to change without notice.

Credit Information

Completion of this webinar is eligible for 1 CPE credit.  CPE credits for ASIS-sponsored webinars will be updated in your user profile within 48 hours of completion.  Self-reporting of CPE credits is not required.