OWASP AppSec DC 2012/Fed Panel
Dr. Ron Ross is a senior computer scientist and information security researcher at the National Institute of Standards and Technology (NIST). His current areas of specialization include security requirements definition, testing and evaluation, risk management, and information assurance. Dr. Ross leads the Federal Information Security Management Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the U.S. critical information infrastructure. His recent publications include Federal Information Processing Standards (FIPS) Publication 199 (security categorization standard), FIPS Publication 200 (security requirements standard), NIST Special Publication 800-53 (security controls guideline), NIST Special Publication 800-53A (security assessment guideline), NIST Special Publication 800-37 (certification and accreditation guideline), and NIST Special Publication 800-39 (risk management guideline). Dr. Ross is the principal architect of the Risk Management Framework that provides a disciplined and structured methodology for integrating the suite of FISMA security standards and guidelines into a comprehensive enterprise-wide information security program. Dr. Ross also leads the Joint Task Force Transformation Initiative Working Group, a joint partnership with NIST, the Department of Defense, the Intelligence Community, and the Committee on National Security Systems to develop a unified information security framework for the federal government.
In addition to his responsibilities at NIST, Dr. Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. A graduate of the United States Military Academy at West Point, Dr. Ross served in a variety of leadership and technical positions during his twenty-year career in the United States Army. While assigned to the National Security Agency, he received the Scientific Achievement Award for his work on an inter-agency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. Dr. Ross is a three-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government and is a recipient of the Department of Commerce Gold Medal Award. Dr. Ross has been inducted into the Information Systems Security Association (ISSA) Hall of Fame and elected to the grade of ISSA Distinguished Fellow. Dr. Ross has also received several private sector awards for cyber security including the Vanguard Chairman’s Award and the Symantec Cyber 7 Award. During his twenty-year military career, Dr. Ross served as a White House aide and as a senior technical advisor to the Department of the Army. Dr. Ross is a graduate of the Program Management School at the Defense Systems Management College and holds both Masters and Ph.D. degrees in Computer Science from the United States Naval Postgraduate School.
Joe Jarzombek is the Director for Software Assurance in the National Cyber Security Division of the U.S. Department of Homeland Security (DHS). He leads government interagency efforts with industry, academia, and standards organizations to shift the security paradigm away from patch management by addressing security needs in work force education and training, more comprehensive diagnostic capabilities, and security-enhanced development and acquisition practices. (see https://buildsecurityin.us-cert.gov and http://www.us-cert/swa) After retiring from the U.S. Air Force as a Lt. Col. in program management, Joe Jarzombek worked in the cyber security industry as vice president for product and process engineering. He served in two software-related positions within the Office of the Secretary of Defense prior to accepting his current DHS position. Throughout his career he has actively lead process improvement initiatives, including serving on the CMMI Product Development Team and later on the CMMI Steering Group. He has continued to co-lead efforts to integrate safety and security into integrated Capability Maturity Models (CMMs).
Kris Britton is the Director for the NSA Center for Assured Software. He has been involved in the Information Assurance discipline for the U.S. DoD for the last 20 years working in areas of operating system security, database security, international security criteria, security engineering and most recently software assurance. As the Director of the NSA Center for Assured Software he leads a government team of analysts to promote software assurance principles and practice to DoD and National Security clients.