ISSA Quarterly Mid-Atlantic Summit

CISO Panel Discussion: Cyber Supply Chain Risk Management

The Solarwinds Attack has caused government and private sector organizations to renew their focus on strengthening Cybersecurity Supply Chain Risk Management. By statute, federal agencies must use NIST’s C-SCRM and other cybersecurity standards and guidelines to protect non-national security federal information and communications infrastructure. The SECURE Technology Act and FASC Interim Final Rule gave NIST specific authority to develop C-SCRM guidelines. Matthew Butkovic, Technical Manager of the Cybersecurity Assurance, Software Engineering Institute will moderate a discussion with Dr. George Duchak, Chief Information Officer, DLA Information Operations and Robert S. Metzger, Shareholder at the Rogers, Joseph, O’Donnell Washington, D.C. law firm’s Cybersecurity and Privacy Practice Group to share their thoughts about designing stronger cybersecurity risk management strategies and approaches.

Register here for this online quarterly summit. Our chapter will join members from DC and Central Maryland. Thank you to the DC Chapter for organizing this panel!

Matthew J. Butkovic (Panel Moderator)
Technical Manager of the Cybersecurity Assurance, Software Engineering Institute

 Matthew Butkovic is the Technical Manager of the Cybersecurity Assurance team within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Butkovic performs critical infrastructure protection research and develops methods, tools, and techniques for evaluating capabilities and managing risk.

A person wearing glasses

Description automatically generated with medium confidence

Butkovic has more than 15 years of managerial and technical experience in information technology (particularly information systems security, process design and audit) across the banking and manufacturing sectors. Prior to joining CERT in 2010, Butkovic was leading information security and business continuity efforts for a Fortune 500 manufacturing organization.

Butkovic is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA)

Dr. George Duchak (Panelist)
Chief Information Officer, DLA Information Operations

 Dr. George Duchak is the Chief Information Officer for the Defense Logistics Agency (DLA). He was previously the Deputy Assistant Secretary of Defense (DASD) for Command, Control, Communications, Cyber & Business Systems (C3CB). Prior to becoming a DASD, he was the founding Director of the Defense Innovation Unit Experimental (DIUx) in Mountain View, CA, where he served as a conduit between leading edge Silicon Valley innovators and the Department of Defense. Prior to that, he led the Air Force’s and nation’s premier research organization for command, control, communications, computers and intelligence (C4I) and cyber technologies as the Director of the Air Force Research Laboratory’s Information Directorate, Rome, NY. There, he was selected as the Federal Laboratory Director of the Year from over 300 federal lab directors. He is also a former DARPA Program Manager where he conceived of, developed, and transitioned to the services a portfolio of programs in the broad area of C4I and Cyber. He was a private sector entrepreneur and businessman with more than a decade of private industry experience starting several companies that served the US Government by providing technical consultancy or product. His private sector experience was software product focused principally in the area of intelligence exploitation using crowd sourcing techniques, big data analytics and cloud services well before industry in general and DoD began to move in this direction. Finally, and most importantly, he is a retired naval officer.

Information Operations (J6) Leadership bio pic

Dr. Duchak is a graduate of the U.S. Naval Academy, the Naval Postgraduate School, The Ohio State University, George Mason University and University of Chicago Booth Graduate School of Business earning degrees in Mechanical Engineering, Aerospace Avionics, Aeronautical Engineering, Public Policy, and Business Administration. He completed the Program Management Course at the Defense Acquisition University and is a certified level 1 in Program Management as well as Systems Engineering, and level 2 in Test & Evaluation and Budgeting. He is a licensed Professional Engineer and has completed the Carnegie Mellon University Chief Information Security Officer (CISO) course and Harvard’s Information Security course. He is a senior fellow Auburn University’s McCrary Center for Cyber Security, a member of the Intelligence and National Security Alliance Cyber Security Committee, and a current board member of the Blue Cross and Blue Shield Cybersecurity Subcommittee. Dr. Duchak is married to Sonya Milley, Esq., an attorney, and they have two grown children, Alexander and Tatiana.

Robert S. Metzger, Shareholder – (Panelist)
Shareholder, RJO – Rogers| Joseph | O’Donnell, PC

Mr. Metzger heads the Rogers, Joseph, O’Donnell Washington, D.C. office. He co-chairs the law firm’s Cybersecurity and Privacy Practice Group and is a member of the Government Contracts Practice Group. His practice includes cyber and related national security matters in addition to a wide range of public procurement and regulatory matters. In his litigation practice, he is counsel of record for Microsoft Corporation in the Court of Federal Claims litigation brought by Amazon Web Services protesting the $10B DoD award of the “JEDI” cloud services contract to Microsoft. He has represented other class-leading, international technology firms in a variety of administrative controversies, as well as state and federal litigation. He has advised U.S. aerospace and defense and international technology companies on export control laws, on CFIUS and FIRRMA, and on sanctions issues. He also represents leading information technology hardware, software and solution providers in state and local procurements.A person wearing glasses and a suit

Description automatically generated with medium confidence

Co-Sponsored by ISSA DC, ISSA NOVA, ISSA Central Maryland Chapters and Carnegie Mellon Heinz College CISO program