CISO Forum: Ask Me Anything - October 2022

Director of ISPG and Chief Information Security Officer Rob Wood and Deputy Director of ISPG Frank Domizio explore answers to questions from the Ask Me Anything session in October 2022's CISO Forum. Click the link above to watch the entire video or refer to the timestamp list below to fast-forward to the questions that interest you.

TIMESTAMPS

00:01:37 Software supply chain insight.

00:06:46 What advice do you give to software vendors on how to deliver artifacts to CMS?

00:08:06 What is one thing that you thought was going to work but didn't, which surprised you recently?

00:13:20 M-22-09 Federal Zero Trust Strategy Application workload pillar.

00:18:50 Is there an avenue for software vendors to request a meeting with CMS?

00:21:13 Is CMS participating in the DHS C-SCRM Roundtable on 10/25?

00:22:00 The vendor has mapped their solutions to M-22-09 and M-22-18, can we schedule time?

00:23:52 What are your thoughts and opinions about SASSY architecture?

00:29:28 I’m really interested in cybersecurity as a side-hustle career; Is it worth spending time on certifications and certain techs?

00:37:16 Do you think that the current level of security revolving around EUA and IDM authentication are sufficient? If not, what other measures would you like to see implemented?

00:43:37 In regard to CI/CD, do you prefer to optimize for more rigorous but potentially high-noise scans or lower-noise but higher-rate of true positives?

00:46:15 How do you stay up to date on things?

00:50:20 Are there any undefeated NFL teams?

00:51:39 5-year stretch goal for BatCAVE adoption.

00:54:44 Regarding that fire and going hard in the security field, what has motivated you to go hard in this field?