Join Us for Our June Chapter Meeting on Tuesday, June 17, 2025 at 6:30 PM ET

We’re excited to welcome Jim Wiggins, a seasoned IT and cybersecurity expert, as our featured speaker for this month’s chapter meeting.

Using Generative AI to Support the RMF Process

Abstract
The Risk Management Framework (RMF), as outlined by NIST, remains a cornerstone of cybersecurity compliance across federal agencies and contractors. However, the RMF process is often seen as time-consuming, documentation-heavy, and labor-intensive. With the rapid emergence of Generative AI (GenAI), cybersecurity professionals now have an opportunity to reimagine how RMF tasks can be executed with greater speed, consistency, and quality.

This presentation—designed for a practitioner-level audience of cybersecurity professionals—examines how GenAI can be pragmatically applied to support and streamline each phase of the RMF lifecycle. Attendees will be guided through concrete use cases demonstrating how GenAI tools can assist with:

Generating and refining system security documentation (SSPs, POA&Ms, SARs)
Tailoring and mapping security controls based on system categorization
Assisting with control assessments and continuous monitoring narratives
Automating compliance evidence generation and cross-referencing
Enhancing audit readiness with intelligent summarization and tagging

The session will include demonstrations of prompt engineering techniques, real-world tool integrations, and examples drawn from public sector environments. Special attention will be given to challenges such as model accuracy, data security, and alignment with NIST guidance and federal mandates.

By the end of the session, attendees will walk away with a clear understanding of where GenAI fits into the RMF process today, what use cases are achievable without compromising integrity, and how to responsibly adopt these capabilities within their own cyber programs.

Speaker

Jim Wiggins is a seasoned IT and cybersecurity expert with over 28 years of industry experience, 23 of which have been dedicated to information security. He is the Founder and CEO of Securible, LLC, a Washington, DC-based cybersecurity training and consulting firm specializing in practical, forward-thinking solutions.

Through Securible, Jim has championed innovative approaches to address emerging threats, ensure regulatory compliance, and harness the power of Artificial Intelligence in IT audit, cybersecurity, governance and privacy. Throughout his distinguished career, Jim has trained well over 20,000 IT and cyber professionals, underscoring his commitment to education and the advancement of the field.

In addition to his leadership at Securible, Jim also serves as the Founder and CEO of the Federal IT Security Institute (FITSI), a 501(c)(6) non-profit certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024:2012. FITSI provides role-based cybersecurity certifications designed to fortify the U.S. federal cybersecurity workforce.

Enhancing his contributions to the cybersecurity community, Jim hosts a TV show in the Washington, DC area called Cybersecurity Today. The program offers expert
insights, in-depth analysis, and the latest updates on cybersecurity trends and threats, further establishing his role as a prominent thought leader in the industry. Recognized as a Federal 100 award recipient in 2019 and the Federal Information Systems Security Educators’ Association (FISSEA) “Educator of the Year” in 2011, Jim is widely respected for his commitment to elevating cybersecurity education.

In the rapidly evolving arena of Artificial Intelligence (AI), Jim has directly trained well over 1,000 IT and cyber professionals on generative AI fundamentals through intensive sessions with the Department of the Interior’s University, the Defense Information Systems Agency (DISA), the National Risk Management Center
(NRMC) within CISA, and the Greater Washington DC Chapter of ISACA. He leverages AI-driven tools such as ChatGPT, Gemini, Dalle, Midjourney, and Copilot to translate complex concepts into practical, governance-focused applications.

Below is the list of credentials Jim currently holds:
• Cybersecurity: CISM, CISA, CRISC, CDPSE, CISSP, ISSEP, CGRC (CAP), SCNA, SCNP, IAM, IEM, SSCP, CEH, ECSA, CHFI, LPT, TICSA, CIWSA, Security+, and FITSP-M.
• Information Technology: MCITP, MCSE: Security, MCSE: Messaging, MCSA, MCDST, Server+, Network+, A+.
• Project Management: PMP (Project Management Professional).
• Education: ICE-CCP (I.C.E. Certified Credentialing Professional).

Jim is currently working on a Master’s Degree in Education from George Washington University with a concentration in Assessment, Testing, and
Measurement (sometimes called psychometrics).

Registration is required to attend this session. Don’t miss it!

Join Us for Our May Chapter Meeting onTuesday, May 20, 2025 at 6:30 PM ET

We’re excited to welcome Sean Connelly, a leading voice in federal cybersecurity and Zero Trust architecture, as our featured speaker for this month’s chapter meeting.

Zero Trust Efforts Across Governments

Abstract
Zero Trust is no longer a conceptual ideal—it’s a global mandate. This session traces the evolution of Zero Trust architecture within the U.S. federal government and its growing adoption by international partners. It begins with a key inflection point: the SolarWinds campaign, which exposed systemic weaknesses in traditional trust models. From there, we follow the rapid acceleration of Zero Trust policies and investments, including Executive Order 14028, OMB M-22-09, and the development of foundational guidance such as NIST SP 800-207 and CISA’s Zero Trust Maturity Model.

The session concludes by exploring how governments worldwide adapt Zero Trust to fit national strategies and cultural contexts, with practical takeaways for building defensible, resilient architectures and avoiding the next SolarWinds.

Speaker
Mr. Sean Connelly has spent over 25 years in networking and cybersecurity, including 11 years at DHS’s Cybersecurity and Infrastructure Security Agency (CISA), where he served as the initial Director of the Zero Trust Initiative. He co-authored NIST’s SP 800-207 on Zero Trust Architecture and CISA’s Zero Trust Maturity Model. He helped lead the U.S. Federal Government’s Trusted Internet Connections (TIC) Initiative for over a decade.

Mr. Connelly also served as a Technology Modernization Fund (TMF) Board member, supporting funding for Zero Trust and modernization efforts across dozens of agencies. He recently concluded his federal service in 2024 and joined Zscaler, where he continues supporting Zero Trust adoption across U.S. and international governments. He holds two CCIE certifications and has a long background in secure network design and federal IT modernization.

Registration is required to attend this session. Don’t miss it!

Add to calendar Outlook^® Calendar | Google Calendar™ | iCal^®

 

Securing the Health IT Ecosystem
(laying track when the train is coming)
Dr. Deborah Lafky
Department Of Health and Human Services

CLICK HERE FOR POWERPOINT PRESENTATIONS AND AUDIO PODCASTS 

Abstract
An overview of the challenges faced in the rapid build-out of health IT as HHS works to meet the objectives of ARRA/HITECH to provide all Americans with access to an electronic health record by 2014. With only about 20% of records available electronically now, a dramatic expansion of capability is underway.
Enabling this expansion to be done securely and protecting patient privacy is essential to building public trust in the HIT enterprise. My talk will explain our strategy and some of the steps we are taking. Input from the audience in the form of suggestions, ideas, and lessons learned in other sectors is encouraged.

About the Speaker
Deborah Lafky, MSIS, Ph.D., CISSP is the program officer for security and cybersecurity in the Office of the National Coordinator for Health IT (ONC) at HHS. The HITECH Act, a part of the Recovery Act, set out $2 billion for the purpose of nationwide adoption of electronic health records and ONC is the lead office for that effort. Dr. Lafky has been with ONC since 2007, leading security efforts first for the Nationwide Health Information Network and now over-seeing security efforts within all ONC programs.
Previously, Dr. Lafky was a researcher working with healthcare data protection at the University of California (Irvine) and at Claremont Graduate University. She earned her doctorate in Management Information Systems at Claremont, a Masters in Information Science at the University of Pittsburgh, and a Bachelor of Science from Carnegie-Mellon University.

June 15, 2010 6:30 PM
@

9500 Arena Dr.
Suite 300
Largo MD, 20774
Click here for details

Please RSVP if you plan to attend.   

Abstract:
As clearly demonstrated by China's theft of Google's Gaia single-sign-on framework, and ongoing information operations against USG agencies, many of today's network-based advanced threats from state-sponsored attackers and organized criminal groups are evading current prevention and detection techniques.  This session focuses on the true nature and sources of today's most difficult security threats to governments and major corporations, and describes the solutions required to detect and mitigate these invisible threats. 

The speaker will illustrate actual technical case studies to describe an effective operational plan of action consisting of the use of real-time situational awareness, automated network forensics, and interactive advanced threat analysis.  The session will demonstrate techniques that will enable your staff to use next generation network intrusion monitoring techniques to inspect network and application layer traffic, detect designer malware and zero-day attacks, and improve overall tactical network intelligence and situational awareness, including problems such as data leakage and exfiltration of sensitive organizational data.

Attendees will learn:

• The technical reasons that advanced persistent threats are evading current security technologies such as IDS, anti-virus, log monitoring and flow-based technologies.
• The true nature and sources of threats facing public and commercial organizations and the gaps in current network visibility.
• Advanced techniques for next generation network monitoring, continuous controls review, and real-time network surveillance using full packet capture and session reconstruction, and the situational awareness improvements provided by this approach.
• Specific examples of adversary exploits (demonstrations) similar to trends observed within organized crime groups and nation-sponsored attacks.

About the Speaker
As Chief Security Officer for NetWitness, Eddie Schwartz is responsible for the alignment of the NetWitness product strategy with the evolving operational threat management needs of government and commercial organizations. Prior to joining NetWitness, Mr. Schwartz served as CTO of ManTech Security Technologies Corp, Senior Vice President of Operations of Guardent Inc, (acquired by Verisign), and EVP of Operations for Predictive Systems (acquired by INS). Mr. Schwartz also worked as Chief Information Security Officer at Nationwide Insurance, as a Senior Computer Scientist for CSC, and a Foreign Service Officer with the U.S. Department of State.

May 18, 2010 6:30 PM
@

International Spy Museum
Garbo Room
800 F St. NW
Washington, DC 20004
Click here for details

Please RSVP if you plan to attend.   

May 19, 2009

May Meeting Topic: PCI-DSS Compliance
Presenter: Ulf Mattsson

Abstract
The session will review the different options for data protection strategies for PCI DSS and other regulations. We will present case studies on data protection in an enterprise environment. We will position different solutions that can protect the enterprise data against advanced attacks from internal and external sources. We will show how to provide a balanced mix of different approaches to protect sensitive information like credit cards across different systems in the enterprise, including tokenization, encryption and hashing. We will show how to balance performance and security, in real-world scenarios, and recommend when to use encryption at the database level, application level and file level. This session will also present methods to protect the entire data flow across systems in an enterprise while minimizing the need for cryptographic services.

This interactive, educational presentation will:

1. Review of case studies on enterprise data protection;
2. How to prevent internal and external threats;
3. Review solutions for enterprise data encryption and key management;
4. How to prevent data misuse and advanced attacks on data;
5. How to protect the entire enterprise data flow;
6. How to develop a database encryptionstrategy balancing security, performance and other aspects;
7. Review and position different solution alternatives;
8. Discuss how to balance security, performance and other aspects.

About Ulf T. Mattsson
Ulf T. Mattsson, chief Technology Officer, Protegrity Corporation, created the initial architecture of Protegrity’s database security technology, for which the company owns several key patents. His extensive IT and security industry experience includes 20 years with IBM as a manager of software development and a consulting resource to IBM’s Research and Development organization. He specializes in the areas of IT Architecture and IT Security. Ulf is the inventor of a number of European patents and US Patents, Data Usage Control, Dynamic Access Control, Intrusion Prevention and Cross System Layer Security. He holds a master’s degree in Physics, a degree in finance and a degree in electrical engineering.

May 19, 2009 6:30 PM

740 15th Street NW
4th floor
Washington, DC 20005

Click here for details.

Please email your RSVP if you plan to attend.