Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Back to Event Page

Agenda

Wednesday

Thursday

Wednesday, January 26

12:00 - 2:30pm EST (UTC-5)

Day 1: Interactive Training with Envoy & ISTIO

In this session we’ll showcase a real-life deployment implementing Zero Trust Architecture, by deploying and describing the Platform One stack. This training will demonstrate how and why to use these tools to solve the challenges of security, observability, networking, and multi-cloud. We’ll walk through a real Platform One deployment showcasing the use of Istio, Kubernetes, and other tools to build in-app and user-level security permissions, encryption in transit, enhanced identity and access controls, and provide runtime observability required to achieve a zero trust platform in practice. Throughout, you’ll have experts in the room to answer questions.

Familiarity with Kubernetes, Istio or service mesh, and Platform One will be helpful for attendees.

Topics include:

Traffic management and resilient communication between services

Policy enforcement and rate limiting

Telemetry, monitoring, and reporting

Securing communication between microservices

Canary deployment

Secure compute and runtime controls with a service mesh

Cluster management

Deploying a service mesh across heterogeneous, multi-cloud enterprise environments

Thursday, January 27

11:00 - 11:10am EST (UTC-5)

Opening Remarks

Speaker(s)

Dr. Michaela Iorga, Senior Security Technical Lead, NIST

Zack Butcher, Founding Engineer, Tetrate

11:10 - 11:35am EST (UTC-5)

Keynote: Zero Trust the Hard Way

Speaker(s)

Kelsey Hightower, Principal Engineer, Google

11:35am - 12:00pm EST (UTC-5)

How to Use SASE and CASCE to Connect and Secure Distributed Applications and Users

Speaker(s)

Joe Skorupa, VP Distinguished Analyst, Gartner

View Recorded Presentation

12:00 - 12:25pm EST (UTC-5)

Transitioning to Engineering-based Cybersecurity: SP 800-160 and Applying Design Principles to Develop Trustworthy Secure Systems

Speaker(s)

Ronald Ross, Fellow, NIST

12:25 - 12:35pm EST (UTC-5)

Break

12:35 - 1:00pm EST (UTC-5)

External Authorization: A Deep Dive on SP 800-204B (Attribute-based Access Control for Microservices-based Applications using a Service Mesh)

Speaker(s)

Zack Butcher, Founding Engineer, Tetrate

1:00 - 1:25pm EST (UTC-5)

SP 800-204C: Implementation of DevSecOps for a Microservices-based Application with Service Mesh

Speaker(s)

Dr. Ramaswamy Chandramouli, Senior Solutions Engineer, NIST

1:25 - 1:50pm EST (UTC-5)

Platform One: Successes with Istio, DevSecOps, and ZTA

Speaker(s)

Gabriel R. Scarberry, USAF Platform One

Christopher Rice, Senior Solutions Engineer, Tetrate

1:50 - 2:45pm EST (UTC-5)

Lunch

1:55 - 2:35pm EST (UTC-5)

Lunch Time Breakout Rooms (Parallel Tracks)

Networking Rooms

Bring your lunch and discuss your concerns and aspirations around these new and emerging technologies with experts in each field.

Mesh and Runtime Security

Hosted By: Ignasi Barrera

DevSecOps

Hosted By: Adam Zwickey

Multi-Cloud Challenges (ZTA)

Hosted By: Zack Butcher

Continuous Assessment/Continuous ATO

Hosted By: Christopher Rice

NIST Movies Entertainment Room

Enjoy your lunch during a showing some Emmy-Award short movies.

2:35 - 3:00pm EST (UTC-5)

Keynote: Leadership in Turbulent Times

Speaker(s)

André Mendes, Chief Information Officer, Department of Commerce

3:00 - 3:25pm EST (UTC-5)

Continuous ATO with Open Security Controls Assessment Language (OSCAL)

Speaker(s)

Dr. Michaela Iorga, Senior Security Technical Lead, NIST

3:25 - 3:35pm EST (UTC-5)

Break

3:35 - 4:20pm EST (UTC-5)

Service Mesh as the Security Kernel for Zero Trust Platforms

Speaker(s)

Ignasi Barrera, Founding Engineer, Tetrate

3:35 - 4:35pm EST (UTC-5)

BLOSS@M (Blockchain-based Secure Software Assets Management) & NGAC for Smart Contracts

Speaker(s)

Joshua Roberts, Computer Scientist, NIST

4:20 - 5:10pm EST (UTC-5)

Panel: ZTA in Practice

Moderator(s)

Adam Zwickey, Global Solutions Engineer, Tetrate

Speaker(s)

Aradhna Chetal, Senior Director Executive - Cloud Security, TIAA

Alex Shulman-Peleg, Managing Director, Cloud Security Practice Leader, Ernst & Young

Robert Wood, CISO, Centers for Medicare and Medicaid Serivces, HHS

Vishwas Manral, Founder, Nanosec

Quint Van Deman, Principal, Office of the CISO, Amazon

5:10 - 5:20pm EST (UTC-5)

Closing Remarks

Speaker(s)

Matthew Scholl, Chief, Computer Security Division, NIST