ISSA-NOVA April 2014 – Software Assurance

Featuring Joe Jarzombek, PMP, CSSLP, Director, Software & Supply Chain Assurance, Stakeholder Engagement & Cyber Infrastructure Resilience, Office of the Assistant Secretary for Cyber Security and Communications

U.S. Department of Homeland Security

Speaking on “Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management”

Meeting Presentation Available – Click Here

Abstract:  Enterprise information and communications technology (ICT) assets are under constant attack.  Thwarting the active attacker is not something most designers, engineers, developers, or project managers normally consider or have been trained to address.  Yet encouraging resilience in every stage of development and supply of ICT must continue to be the forward-leaning focus of the Software and Supply Chain Assurance efforts within government and industry.  Attacks against our supply chains unite acquirers and suppliers in the search of scalable means for sharing information about ICT risks that arise through malice or negligence.  Suppliers and acquirers need standardized means for conveying information about common issues related to both the hardware and software aspects of ICT, especially regarding non-conforming products that contain counterfeit, tainted, or defective components that can cause subsequent harm.  Many initiatives and standardized processes now offer means for industry and government to proactively address software and supply chain challenges.

Date: Thursday, April 17, 2014
Time: Doors Open at 5:15 PM; Mach37 Presentations Start at 5:45, Scheduled Speaker Starts at 6:15 PM
Location: MITRE-1, 7525 Colshire Drive, McLean, VA 22102
Joe Jarzombek is the Director for Software & Supply Chain Assurance (SSCA) in Cyber Security and Communications within the Department of Homeland Security (DHS).  He leads public-private collaboration efforts for government interagency teams with industry, academia, and standards organizations to shift the resilience paradigm by addressing security needs in work force education and training, security automation and processes for mitigating supply chain risks through security-enhanced development and acquisition practices, and research and development efforts focused on maturing diagnostic and measurement capabilities to more provide transparency in software and supply chain external dependencies.After retiring from the U.S. Air Force as a Lt. Col. in program management, Jarzombek worked in the cyber security industry as vice president for product and process engineering. Prior to accepting his current position he served in the Office of the Secretary of Defense as Director for Software Intensive Systems within Acquisition, Technology & Logistics (AT&L) and as the Deputy Director for Software Assurance under the CIO’s Director for Information Assurance.  As a Project Management Professional (PMP) and Certified Secure Software Lifecycle Professional (CSSLP), Joe Jarzombek has spoken extensively on security automation, measurement, software assurance, supply chain risk management and practices for security-enhanced acquisition and development.  He encourages community participation in public-private collaboration efforts via the Software & Supply Chain Assurance Forum and Working Groups, along with the SSCA Community Resources and Information Clearinghouse and Build Security In websites https://buildsecurityin.us-cert.gov/swa/