Speakers

Bailey Bickley is the Chief of DIB Defense at the NSA Cybersecurity Collaboration Center (CCC). In this role, she’s responsible for scaling intel-driven cybersecurity solutions across the U.S. Defense Industrial Base (DIB).

Her former positions include CCC’s Chief Strategy Officer and Chief of NSA Cybersecurity Communications. In both roles, she drove culture change and revitalized the way the NSA engages with the cybersecurity community at the unclassified level.

Bailey has worked across two Intelligence Community Agencies, as well as in the private sector. She earned her undergraduate in Communications and her masters degree in Management. She is an eternal optimist and dog person. In her spare time, you’ll find her outside.
 

Paul Blahusch has more than 25 years of cyber and IT security experience with the U.S. Department of Labor (DOL). He serves as the Director of Cybersecurity and the Chief Information Security Officer (CISO) for the U.S. Department of Labor in the Office of the Chief Information Officer. In this role, Paul supports the Department’s overall mission by promoting and bolstering enterprise-wide cybersecurity efforts. As CISO, he is responsible for security initiatives within the department, including but not limited to regulatory compliance and oversight, Federal Information Security Modernization Act (FISMA) implementation and planning, computer awareness and training, and computer security incident response.

He previously served as the Information Technology Security Officer for the Bureau of Labor Statistics.

Paul Blahusch holds a Bachelor of Science in Petroleum and Natural Gas Engineering from the Pennsylvania State University. He is also a Certified Information Systems Security Professional (CISSP).

Jon Boyens is the Deputy Chief of the Computer Security Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). His responsibilities include Cybersecurity Research and Development at NIST and Cybersecurity Standards and Guidelines for Federal Agency Security Programs. He also leads NIST’s Cyber Supply Chain Risk Management (C-SCRM) Program, helps develop and coordinate the Department of Commerce's cybersecurity policy among the Department’s bureaus, and represents the Department in the Administration’s interagency cybersecurity policy process. Boyens has worked on various White House-led initiatives, including those on trusted identities, botnets, the Cybersecurity Framework and Roadmap, telecommunications supply chain, software supply chain, and government-wide implementation of the Federal Acquisition Supply Chain Security Act, serving as NIST’s principal to the Federal Acquisition Security Council.

Since 2010, Boyens has conducted research to identify, evaluate and develop technologies, tools, techniques, practices, and standards needed to enable organizations to manage supply chain risk. Building on this research, he led a team to develop and issue a set of foundational, standardized, repeatable, and feasible practices to help organizations manage cyber supply chain risks to their organizations and systems. These practices were initially released in 2015 and updated in May 2022 as NIST Special Publication 800-161 Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. Continuing this line, Boyens has also released research and findings on criticality analysis and industry key practices for Cybersecurity SCRM. He is currently working on implementing the supply chain aspects of EO 14028 and the National Cybersecurity Strategy.

Keith Busby is the Acting Chief Information Security Officer (CISO) for the Centers for Medicare and Medicaid Services (CMS).  He leads enterprise cyber security, compliance, privacy, policy, and counterintelligence functions at CMS and ensures the Agency complies with secure IT requirements while encouraging innovation. 

Mr. Busby has over ten years of experience in information technology, security, and management consulting. 

Previously, Mr. Busby served as the Deputy CISO, the director of CMS’ Cyber Threat and Security Operations Division, and the director of the agency’s Security and Privacy Compliance Division.

Before his tenure at CMS, Busby was executive director of Information Technology Security for the School District of Philadelphia.

Keith is an eight-year U.S. Army veteran with a bachelor’s degree in computing and security technologies from Drexel University and a master’s in cybersecurity and information security from Capitol Technology University.

Keith likes to brag that he is a participation trophy award-winning backyard BBQ pit master.  He is a dedicated youth baseball assistant coach who spends his “free” time shuffling his son from field to field.

Gerald Caron is the Chief Information Officer for the International Trade Administration. In this role, he implements information technology services, solutions, and strategy for an agency of 2,200 employees across 100 U.S. cities and 80 international markets.

Caron has two decades of experience leading global teams in IT operations and cybersecurity. Prior to joining ITA, he was the Chief Information Officer and Assistant Inspector General of Information Technology at the Department of Health and Human Services during the height of the COVID-19 pandemic. He also served at the State Department in various technical roles, including as Director of Enterprise Network Management oversaw the Department’s infrastructure and operations (network, perimeter security, active directory and much more) and was extensively involved in mitigating cybersecurity attacks. He began public service in the U.S. Army for seven years. 

Caron is a tri-chair on the interagency U.S. Chief Information Officers Council’s E-Ops Committee for Zero Trust, whose aim is to drive efficiency and effectiveness of government cybersecurity effectiveness. He also chairs the Zero Trust Working Group for the Advanced Technology Academic Research Center (ATARC), a non-profit that bridges the gap between government, industry, and academia on emergent technologies. Previously, he chaired ATARC’s Trusted Internet Connection 3.0 Working Group.

Caron is a recipient of the FedHealthIT 100 2022 and 2023 award. He was named GovCIO’s 2022 and 2023 GovCIO Zero Trust Advocate Flywheel Award, ATARC’s 2022 Government Member of the Year, and FedScoop’s Best Bosses in Federal IT 2022. He is a graduate of Northern Virginia Community College and holds certifications from Forrester as a Zero Trust Strategist and Federal IT Security Manager

Richard Grabowski is the Deputy Branch Chief of Capability Implementation (CI) and the Deputy Program Manager for the Continuous Diagnostics and Mitigation (CDM) Program within the Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Division. Through partnerships with agencies and industry, the CDM Program fortifies the cybersecurity of civilian government data and networks by providing capabilities that deliver relevant, timely and actionable information. CDM enables cybersecurity professionals to manage risks by providing innovative tools, processes, governance and training required to defend against cybersecurity threats and vulnerabilities.

In his role, Richard has specific responsibilities for managing portfolios to deliver CDM capabilities and services to program-participating federal agencies. As the chief engineer of the program, he oversees the day-to-day operations of the technical implementation efforts within the projects under the program as well as the strategic direction of the CDM Architecture.

Prior to Richard’s current role, he led the CDM Program’s senior technical staff as the Architecture team lead. He started with CDM in 2014 as a Systems Engineer supporting the CDM Dashboard and the Dynamic and Evolving Federal Enterprise Network Defense (DEFEND; formerly Task Order [TO2]) Group C agencies. Previous to this, Richard spent over nine years providing client/server Windows administration and virtualization integration services to the federal government. Richard also served as the acting CDM program manger throughout most of 2021 and 2022, when he led the successful execution of high visability initiatives that spun off of EO 14028, including enterprise EDR and the complete deployment of the modernized, rearchitected CDM Dashboard platform across the FCEB.

Richard holds a Bachelor of Science degree in Systems and Information Engineering from the University of Virginia and a Master of Science degree in Systems Engineering from The George Washington University. He has received numerous industry certifications and recognitions, including Meritalk’s Cyber Defenders and the Federal 100 awards.  

Amy S. Hamilton, Ph.D. is the Visiting Faculty Chair from the Department of Energy to the Department of Defense (DOD) National Defense University (NDU) College of Information and Cyberspace (CIC). She has served for the past three years as the Senior Advisor for National Cybersecurity Policy and Programs at the Department of Energy. She spent two years as a senior cyber security policy analyst at the Office of Management and Budget, Executive Office of the President. She served in the Michigan Army National Guard as a communications specialist and was commissioned into the US Army Officer Signal Corp, serving on Active Duty and later the US Army Reserves. She has worked at both the US European Command and the US Northern Command & North American Aerospace Defense Command (NORAD) on multiple communications and IT projects.

She became a certified Project Management Professional through the Project Management Institute in 2007 and earned her Certified Information Security Manager certification in 2011.  She presented on the “The Secret to Life from a PMP” at TEDxStuttgart in September 2016. She taught Project Management Tools at Colorado Technical University and was a facilitator for the Master’s Degree Program in Project Management for Boston University. She is an award-winning public speaker and has presented in over twenty countries on overcoming adversity, reaching your dreams, cyber security, and project management.

Amy holds a Bachelor of Science (BS) in Geography, from Eastern Michigan University, a Master of Science (MS) in Urban Studies from Georgia State University, Master in Computer Science (MSc) from the University of Liverpool, Master Certificate in Project Management (PM) and Chief Information Officer (CIO) from the National Defense University, and completed the US Air University, Air War College. She completed her Doctor of Philosophy (PhD) at Regent University in their Organizational Leadership Program with a dissertation on “Unexpected Virtual Leadership: The Lived Experience of US Government IT and Cybersecurity Leaders transitioning from physical to virtual space for COVID-19.”

Amy’s motto is “A woman who is passionate about project management, public speaking, and shoes.”

Shon Lyublanovits is the Cyber Supply Chain Risk Management Program Management Office Lead within CISA’sCybersecurity/Capability Building organization. Under Shon’s leadership is the SIGMA team which providesoperational support to the Federal Acquisition Security Council and serves as the Information Sharing Agency.

She also leads the STORM team which focuses on improving processes and establishing C-SCRM best practices which can be leveraged across the FCEB, SLTT, and industry. She is a Fed100 award recipient and was named one of the “Rockstars of Cybersecurity” by IEEE. She has over 25 years of federal service and experience in the areas of cybersecurity, privacy, governance, and supply chain risk management.

Prior to joining CISA in July 2022, Shon served as the Senior Advisor for Cybersecurity and the Supply Chain Risk Management lead for the Office of Information Technology Category (ITC) in GSA’s Federal Acquisition Service (FAS). While at GSA, she successfully served as ITC’s very first IT Security Subcategory Manager and was the leading force and advocate for dealing with the challenges of infusing cybersecurity and supply chain risk management into the acquisition process. Shon developed one of the top initiatives under the Obama
Administration in creating the Highly Adaptive Cybersecurity Services (HACS) SIN in response to the OPM breach. She also successfully created a Supply Chain Risk Management (SCRM) center of excellence, ensuring FAS IT products and services aligned with federal cybersecurity standards and mandates. She also led the NDAA Section 889 Part B implementation within ITC and served as a champion to promote a SCRM Enterprise Framework focused on Acquisition and Policy Compliance, Cyber Risk Management, and Supplier Relationship
Management.

Shon has also held senior cybersecurity leadership positions at the Department of Labor, Army Criminal Investigative Division, and the Defense Logistics Agency. She is a graduate of the Cybersecurity for Managers program at MIT Sloane School of Management. She holds graduate certificates in Information Systems/Information Technology Project Management, Applied Project Management, Six Sigma and Organizational Leadership from Villanova University and is a graduate of Mitchell Hamline’s School of Law Cybersecurity and Privacy Law Program.

Ms. Monica Montgomery is the Deputy Chief Information Security Officer for Management and Strategy, and the Deputy Director of the Cybersecurity Office at the National Geospatial-Intelligence Agency, based in Springfield, Virginia.

Named to the position in March 2022, Ms. Montgomery is responsible for the cybersecurity strategy, standards, policy, and procedures that safeguards NGA’s information systems against cyber threats. Additionally, she is responsible for the development of cybersecurity performance measures, and a comprehensive investment plan, education and outreach, and cybersecurity workforce management.

Prior to her current position, Ms. Montgomery served at NGA as its Chief of Staff for the Office of the Chief Information Officer, and the Director of Corporate Services. In these roles, she led the directorate in managing and executing administrative, communication, and business operations, and led the CIO-T workforce through the COVID-19 response. Additionally, she served as the Chief of Risk Management in the Cybersecurity office, where she broke new ground by streamlining the assessment and authorization process and creating an agile, risk-adaptive cybersecurity posture. She also decreased the time to market for vital intelligence applications, enabling analysts and collectors to gather and exploit intelligence in near-real time.

Prior to joining NGA in 2016, Ms. Montgomery spent 15 years in the private sector, supporting the Intelligence Community’s Chief Information Officer, the Central Intelligence Agency, and other public sector partners. Most recently, Ms. Montgomery created and published ODNI policy and standards for safeguarding and information sharing, and provided strategic direction as a senior advisor to the IC’s CIO.

Ms. Montgomery received a bachelor’s degree in Computer Science and Engineering from Bucknell University, and holds the Certified Information Systems Security Professional and the Certified Cloud Security Professional certifications.

Paul Selby currently serves as the Chief Information Security Officer and Deputy, CIO for the United States Department of Energy. In this role, Paul leads cybersecurity operations, strategy, policy, authorization, and assessment efforts supporting agency-wide cyber and information security programs. Paul oversees the cybersecurity programs of the DOE enterprise, comprising a diverse set of missions – from open science research to Power Marketing Administrations.

Previously, Paul served as the Deputy Chief Information Security Officer for the IRS. In this role Paul was responsible for leading strategic priorities to maximize protection of IRS assets, mitigate risks or operational disruptions and ensure resilience of critical IRS functions and business processes, while maintaining continuous service to both internal and external IRS customers. Paul led an organization of professionals who manage IRS Security Policy, Audit Management, Security Assessments, Cloud Strategy, Incident Response, Configuration Management, Security Services, and Risk Management.

Paul also served as acting Deputy Chief, Facilities Management and Security Services. In this role, Paul led an organization of professionals who delivered a diverse set of facilities and security services to all IRS employees. These services included: physical security and emergency preparedness, logistics, real estate and project management, and environmental and safety services.

Paul has over 25 years of IT experience providing complex networking solutions for U.S. DoD and Civilian agencies. Paul is an officer in the United States Navy Reserves and holds a Master's in Information Systems (Cybersecurity and Information Assurance) from Penn State University and an MBA from Wake Forest University.

As Senior Vice President of Product Management, Shailesh leads the product management team and drives the Qualys product vision helping customers assess and improve their IT, security and compliance posture.

Since joining Qualys in 2012, he has worked in various security and compliance roles driving innovative solutions, including remote endpoint protection, endpoint detection and response, and SaaS security. In addition, Shailesh headed engineering, research and product management for Qualys Policy Compliance and File Integrity Monitoring, where he helped customers go beyond compliance to drive their IT GRC objectives. Before Qualys, he focused on security research for Symantec ESM and Compliance solutions. Shailesh holds a master’s degree in computer applications (MCA) from the Vishwakarma Institute of Technology and has various security certifications including CISA, CRISC, CISM. He is also a regular speaker at industry conferences.

Nayeem Islam is the Vice President of Product Management at Qualys for the TotalCloud initiative. Prior to joining he was founder and CEO of Blue Hexagon, a cloud security company that pioneered the use of AI to detect cloud threats. Blue Hexagon is now part of Qualys.

As the Chief Risk Technology Officer at Qualys, Richard helps customers and the broader security community measure, communicate, and eliminate risk. With over 10 years of experience as a CISO at organizations including GE Healthcare, Twilio and LendingClub, he's led and supported security strategy, operations, and governance across critical infrastructure and cloud-native organizations. Richard was also cofounder of Soluble, a cloud native security company sold to Lacework.

Richard has published two books, "How to Measure Anything in Cybersecurity Risk" and "The Metrics Manifesto: Confronting Security with Data." Each provides practical and innovative approaches to quantifying and reducing security risk. His first book is the main curriculum at the U.S. Department of Defense (DoD) CISO program at Carnegie Mellon University and numerous other higher learning institutions.

Richard holds a Bachelor of Arts degree from California State University, Northridge and coursework towards a Master of Science in predictive analytics from Northwestern University.

As a cybersecurity visionary, Sumedh is passionate about making the world’s digital journey safer. His education and early experiences as a coder led him to Qualys, where he rose from engineer to president and CEO. He joined Qualys in 2003, shortly after the company’s founding and in an era when organizations started using the cloud but didn’t know what to call it. His contributions and leadership helped propel Qualys to its current success in cybersecurity.

Sumedh became president and CEO in 2021. In 2019, he was named president, and prior to that, he was chief product officer, driving the company’s vision of making enterprise security more efficient and disrupting the VM space with integrated capabilities like patch management and cybersecurity asset management. A “product fanatic and engineer at heart,” Sumedh was instrumental in dramatically expanding the original Qualys platform’s scope, integrations, and automations. He also scaled the company’s engineering talent internationally with a global 24x7 follow-the-sun product team. He is a co-inventor of five U.S. patents for cybersecurity technology in Qualys offerings.

Previously, Sumedh was an engineer at Intacct, an early cloud-based financial and accounting software provider. He also worked at Northwest Airlines developing complex algorithms for its yield and revenue management reservation system. He has a bachelor’s degree in computer engineering with distinction from Savitribai Phule Pune University.

Jonathan is the Chief Information Security Officer and Senior Vice President for Security Solution Architecture at Qualys. He has more than 20 years of experience in the cybersecurity industry, and his career spans operational CISO and infosec roles with the State of Colorado, Qualys, Optiv, and Microsoft. At Microsoft, Jonathan led the Detection and Response Team (DART), whose members responded to cyber security incidents around the globe ranging from cyber espionage initiated by nation-state actors to ransomware attacks.

Jonathan also serves as an advisor to several security startups and venture capital firms and supports the broader security community through his work with IANS. He is also an adjunct faculty member at Carnegie Mellon University, where he mentors and coaches those attending the CISO Executive Education Program. Jonathan is a frequent speaker at industry conferences such as Black Hat, RSA, and SANS and holds several industry certifications including the CISSP, OSCP, CCSP, and GCFA.