Summit Speaker Irene Garcia-Goan
Facility Management Considerations in Cybersecurity—Tips for Achieving Compliance
Wednesday, June 5, 2019 1:15 p.m. - 2:00 p.m.
Organizational information assets are threatened by an array of sources, both internal and external. Many attack methods and mitigation measures involve facility operations. Facility managers must consider everything from physical security to contractor network access. They are also often responsible for ensuring appropriate controls and documentation are in place. The Department of Defense and NIST have teamed up to create control requirements for companies and DoD contractors whose networks must comply with the Defense Federal Acquisition Regulation Supplement (DFARS) or adhere to the Risk Management Framework (RMF). Based on completion of more than 85 DFARS compliance processes and nearly a dozen RMF accreditations, we have found that organizations often overlook threats and vulnerabilities that exist at the physical level and facilities often lack the controls and documentation required for compliance. Cybersecurity risks faced by companies require new approaches to security. DFARS and RMF processes and controls present one way for companies to assess their security posture and “bake in” information security to their operations. Examples of cybersecurity regulations and federal guidance related to facility management include having proper documentation of when people enter and leave physical facilities, video surveillance, restricting mobile or storage devices, role-based training, access authorizations through access control devices (e.g. keys, badges, cipher locks), environmental controls (e.g. temperature in server rooms), storage site protection, and having a plan to continually monitor flow of resources and sensitive information, both hard copies and digital formats. Subcontractors and vendors are often subject to regulations and security-related responsibilities as well. We discuss strategies in which Facility Managers and Security Officers can collaborate with IT to create an organization-wide “culture of security” as well as confront challenges posed by cyber criminals and governance regulation and control. Additionally, we introduce the basic components of DFARS and RMF, and practical first steps to achieve compliance and accreditation.
Senior Cybersecurity Analyst
Jocquette Blue is a Security Analyst of H2L Solutions, Inc. Jocquette AKA “Jackie” served eight years in the California National Guard and United States Army Reserve. She worked for four years at Wounded Warrior Project as a Technical Trainer instructing military veterans and their spouses A+, Network+, and Security+ prior to attending the University of Alabama in Huntsville where she received a master’s degree in Cybersecurity.
Sr. Cybersecurity Analyst
Irene Goan a the Senior Cybersecurity Analyst at H2L Solutions, Inc., a native Texan, she served over twenty years in the United States Air Force. Irene has proved to be an exceptional leader not only in the military, serving on active duty during the Gulf, Iraq, and Afghanistan conflicts/wars and during the 9/11 attacks. She is highly sought after and is quickly becoming the “go to” person for Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and Risk Management Framework (RMF). Irene obtained an undergraduate degree in Information Systems and has earned three master’s Degrees; each in Human Resources Development, Management and Cybersecurity.
Chief Operating Office and President
Jonathan Hard is the CEO and President of H2L Solutions, Inc. In the past four years, he has successfully conducted over 150 security assessments, gap analysis and provided compliance solutions. Jonathan is a sought-after speaker in the field, and has presented to Infragard, ISACA, ASIS, NCMA, NCMS regional conference and many other events on the subject of Safeguarding Covered Defense Information in compliance with DFARS 252.204-7012 clause. Jonathan has been an information technology and security professional since 2008. Prior to founding H2L, Jonathan served as a Cyber Security Engineer in the Defense Industry. He also was in the Alabama National Guard for 12 years; during that time, he graduated from Infantry Officer Basic Course, Ranger school, Airborne school, and completed a tour in Iraq as an Infantry officer.
Meet Our NCS 2019 Speakers
Jocquette Blue Senior Cybersecurity Analyst H2L Solutions
Ms. Paige Boshell Managing Member Privacy Counsel LLC
Paul Coggin Cyber Security Research Scientist Financial Institution
Brian Contos CISO Verodin
Randall Cottrell Chief Executive Officer Bluejireh Incorporated
Joshua Crumbaugh Chief Hacker/Chief Operating Officer PeopleSec® LLC
Ben Curry Chief Architect, Managing Partner Summit 7 Systems
Byron DeLoach Director of Adaptive Services Cybriant
Major Bradley Eames 47CTS OL-A Deputy Commander 47 Cyberspace Test Squadron
Mr. Scott Edwards President Summit 7 Systems
Shawn Edwards Cyber Adversarial Engineer The MITRE Corporation
Irene Garcia-Goan Sr. Cybersecurity Analyst H2L Solutions
Jonathan Hard Chief Operating Office and President H2L Solutions
Sean Hopkins Red Team Security Engineer Millennium Corporation
Dr. Dr. Michaela Iorga Senior Security Technical Lead NIST
Charlene Mowery CISM, PE Vice President of Global Business and Marketing, Cybersecurity SME Ultra Electronics, 3eTI
Ms. Sonia Mundra President Chenega Analytic Business Solutions, LLC (CABS)
Michael Portera Information Security Manager Deloitte
Kell Rozman Security Software Engineering Senior Manager Toyota Motor North America
Brian Ruf FedRAMP PMO SME FedRAMP/GSA
Greg Schaffer Principal vCISO Services, LLC
Winn Schwartau Chief Visionary Officer Winn Schwartau LLC
Mr. Wes Widner III Senior Cloud Engineer CrowdStrike