Zero Trust: Beyond the Moat

Wednesday, April 7, 2021

Federal Computer Week’s Zero Trust Workshop on April 7th will feature NIST’s Scott Rose discussing last year’s publication of the NIST SP 800-207, Zero Trust Architecture and the current state of the National Cybersecurity Center of Excellence (NCCoE) project, Implementing a Zero Trust Architecture. This project will result in a new NIST 1800-series Special Publication that describes how to build a zero trust enterprise using commercially-available technology.

Virtual Workshop on Improving the Security of DevOps Practices

Thursday, January 21, 2021

Workshop Overview

During this workshop, we discussed the National Institute of Standards and Technology’s (NIST’s) proposed approach for helping industry and government improve the security of their DevOps practices. NIST solicited proposed approaches from participating organizations and heard from the community about DevSecOps-related topics that NIST could tackle. The findings from the workshop will inform NIST in the creation of new applied guidance to fill any gaps, updates to existing guidance, and potential development of a National Cybersecurity Center of Excellence project to demonstrate the practices.

Workshop Recording

Watch the webcast from this event. 


Related Materials

- Read about NIST's plans to advance current and emerging secure software development and operations practices


Post-Workshop Materials

Presentation #1

NIST Introduction and Workshop Overview

Kevin Stine – NIST

Presentation #2

Why Frameworks Matter for Modern Software Developers: Rooting DevSecOps Practice in Security Frameworks

Aaron Cooper – BSA

Presentation #3

6 Pillars of DevSecOps 

John Martin – SAFECode

Presentation #4

DevSecOps Pipeline for Complex Software-Intensive Systems: Addressing Cybersecurity Challenges

Carol Woody – SEI

Presentation #5

92 years to DevOps: A Motorola Solutions Case Study

Adam Lewis – Motorola Solutions

Question Summary

Moderated Q&A

Karen Scarfone – Scarfone Cybersecurity

Presentation #6

Lessons Learned and Open Problems Delivering Companywide DevSecOps Solutions at Microsoft

Michael Fanning – Microsoft

Presentation #7

How Leaders Set the Stage – Successfully Scaling DevSecOps

Tim Anderson – AWS

Presentation #8

Shift-Left Compliance & Security

Jim  Doran – IBM

Presentation #9

Securing and Protecting DevSecOps with Cloud-Enabled Technologies

Lisa Lorenzin – Zscaler

Question Summary

Moderated Q & A

Mike Bartock – NIST

Presentation #10

Full Stack DevSecOps

John Morello - Palo Alto Networks

Presentation #11

Using Balanced Development Automation to Address Security in a DevOps Environment

Ehsan Foroughi - Security Compass

Presentation #12

Journey to DevSecOps

James Barr – TechTrend

Presentation #13

Enhancing DevSecOps Capabilities with Observability and Automation

Michael Polisky – Splunk

Wrap Up/Next Steps

Moderated Q & A

Curt Barker – Dakota Consulting

To receive future updates about this project, send an email to to join the DevOps Community of Interest.


Manufacturing Supply Chain Traceability with Blockchain

Monday, October 26, 2020 to Tuesday, October 27, 2020

Workshop Objectives

The National Institute of Standards and Technology’s (NIST) Engineering Laboratory (EL) and the NIST National Cybersecurity Center of Excellence (NCCoE)  will host a virtual workshop on October 26-27, 2020. The purpose of the workshop is to discuss the challenges, opportunities and use cases of various blockchain technologies to improve traceability across manufacturing supply and logistics chains.



Our nation’s supply chain continues to grow in complexity with a variety of stakeholders, processes, and intermediaries, constantly working together to deliver products that we all rely on. As this complexity increases, so does the need to secure our nation’s manufacturing supply chains, especially those supporting critical infrastructure.

The National Institute of Standards and Technology’s (NIST) Engineering Laboratory (EL) and the NIST National Cybersecurity Center of Excellence (NCCoE) are organizing this workshop organizing this workshop to inform a subsequent whitepaper that will provide guidance on the challenges and benefits of using various blockchain technologies for manufacturing supply chain traceability. This whitepaper will cover the role of blockchain technologies to improve traceability across manufacturing supply and logistics chains, to assure the provenance of parts, and to identify participants and organizations in the overall manufacturing supply chain. The whitepaper will build upon prior NIST guidance on Blockchain Technology, and Securing Manufacturing Industrial Control Systems.



NIST invites industry subject matter experts and stakeholders to join this conversation.  

The workshop provides an opportunity for participants to provide feedback on relevant standards, guidelines, recommended practices, and use cases as they relate to supply chain traceability.



October 26 - Day 1


10:00 – 10:15

Welcome and Overview of NIST and the NCCoE

10:15 – 10:35

Manufacturing Supply Chain Issues: Government Perspective

10:35 - 11:35

Manufacturing Supply Chain Challenges: Industry Perspective

11:35 – 11:50


11:50 – 12:20

Blockchain Adoption

12:20 – 12:50

Agriculture Food Tracking

12:50 – 1:20

Successful Implementation Stories

1:20 – 2:00

End of Virtual Day Wrap-up Discussion


Click here to register for Day 1 of this workshop.


October 27 - Day 2


10:00 – 10:15

Welcome and Recap of Day 1

10:15 – 11:00

Blockchain and Standards-Today and Tomorrow

11:00 - 11:45

On and Off the Chain: Physical Anchors and Linking Objects

11:45 – 12:00


12:00 – 12:45

Digital Thread/IoT/ Quantifiable Assurance

12:45 – 1:15

Practicalities of Adoption: Small & Medium Sized Businesses

1:15 – 2:00

End of Virtual Day 2 Wrap-up Discussion


Click here to register for Day 2 of this workshop.


Confirmed Speakers

  • Ron Ross, NIST
  • Kraig Adams, VP Blockchain GS1
  • Susanne Somerville, CEO Chronicled
  • Jeff Denton, VP AmerisourceBergen
  • Ophir Gaathon, CEO Dust Identity
  • Joel Neidig, CEO Simba Chain
  • Donald Davidson, Director Cyber-SCRM Synopsys
  • Mr. Christopher Peters, The Lucrum Group, CEO


Registration for the workshop will close on October 23. The workshop will be limited to 500 participants.

The workshop will not be recorded and attendees may request presentations from each presenter after the event. Please join the community of interest by sending an email to to get the latest updates on the activities related to Manufacturing Supply Chain Traceability.


Virtual Workshop on Trusted IoT Device Network-Layer Onboarding and Lifecycle Management

Monday, October 26, 2020

Workshop Overview 

The National Institute of Standards and Technology (NIST) hosted a virtual workshop on October 26, 2020. The purpose of the workshop was to discuss the challenges and investigate the practical and implementable approaches to enhance the security of IoT devices through trusted network-layer onboarding and re-onboarding of those devices throughout the device lifecycle. 

Workshop Recording 

Post-Workshop Materials

 Presentation #1   

  NIST and NCCoE Overview 

 Jeff Greene, Director, NCCoE

Presentation #2

  Workshop Introduction

 Tim Polk, NCCoE 

 Presentation #3

  Workshop Overview, Background, and Challenges

 Susan Symington, NCCoE

 Presentation #4

  NIST IoT Baseline with Respect to IoT Device Onboarding

 Michael Fagan, NCCoE 



 Presentation #5

 Standards, Technical, and Operational Considerations for IoT Device Onboarding and Lifecycle Management

 Eliot Lear, Cisco

 Presentation #6

 An Approach to IoT Device Onboarding and Lifecycle Management

 Darshak Thakore/Craig Pratt, CableLabs

 Presentation #7

 Enhancing IoT Device Security Through Trusted Network-Layer Onboarding

 Steve Clark, WISeKey


 Presentation #8

 Application Onboarding with Intel SDO and FIDO IoT

 Geoffrey Cooper, Intel

 Presentation #9

 IoT Device Onboarding with DPP

 Dan Harkins, HPE

 Presentation #10 

 Trusted IoT Device Onboarding and Lifecycle Management

 Alon Shamir, Arm



 Presentation #11

 Next Steps/Wrap-Up

 Curt Barker, NCCoE



The National Cybersecurity Center of Excellence (NCCoE) is investigating the development of a project to demonstrate implementations for trusted network-layer onboarding of IoT devices. We define network-layer onboarding of an IoT device as provisioning  network credentials to that device at the time of the device’s deployment on a network. The trusted aspect of network-layer onboarding indicates that the device is provided with unique network credentials after the device and the network have had the opportunity to authenticate each other and establish an encrypted channel without user knowledge of the credentials, thereby mitigating unauthorized credential disclosure. Trusted IoT device onboarding processes are needed to mitigate the risk of unauthorized devices connecting to networks. Trusted onboarding processes are also needed to mitigate the risk of devices being taken over by networks that are not authorized to onboard them. 

The project’s goal is to enhance the overall security posture of IoT devices and, by extension, the security of the networks to which they connect. The project will be based on the initial concepts described in the draft NIST cybersecurity paper Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management. The objective of the project is to design, build, demonstrate, and document example trusted solutions that onboard IoT devices to networks and that support trusted re-onboarding of those devices throughout the device lifecycle to support operations such as device credential maintenance and eventual reuse of the device on other networks. In addition, the project seeks to further enhance IoT device and network security by integrating additional, optional related capabilities with the secure onboarding solutions, such as:  

  • use of attestation mechanisms to establish trust in the authenticity and integrity of the IoT device platform  

  • secure transmission of the device’s Manufacturer Usage Description (MUD) to the network to enable device intent enforcement 

  • secure application-layer onboarding (i.e., automatic, secure downloading of the device’s application from a trusted application server) 

  • secure establishment of an automated lifecycle management application/service for the device 

  • ongoing mutual attestation to ensure the trustworthiness of both the IoT device and the application/service that is managing it 

  • integration with a centralized asset management system to support cross-checking of discovered devices with onboarded devices 

To receive updates about this project, click here.  


Please send an email to

FCW’s Zero Trust Workshop

Tuesday, May 19, 2020

The NCCoE’s Alper Kerman will participate in Federal Computer Week’s virtual half-day Zero Trust Workshop where he will provide updates on the NCCoE’s latest project, Implementing a Zero Trust Architecture. This event will feature cyber leaders from government and industry who will describe their moves toward zero trust, the challenges of adapting existing systems and operations, and the benefits early adopters are seeing as attacks continue to multiply.

Zero Trust Architecture Technical Exchange Meeting

Wednesday, November 13, 2019 to Thursday, November 14, 2019

The NIST National Cybersecurity Center of Excellence (NCCoE) and the Federal CIO Council hosted a two-day Technical Exchange Meeting on Zero Trust Architectures on November 13-14, 2019.

Over the past year, NIST NCCoE cybersecurity researchers have had the opportunity to work closely with the Federal CIO Council, federal agencies, and industry to address the challenges and opportunities for implementing zero trust architectures across U.S. government networks. This work has resulted in publication of draft NIST Special Publication (SP) 800-207, Zero Trust Architecture. Through this event, we built on previous work and took steps to further strengthen relationships among industry and government to address gaps and advance the state of readiness of zero trust architectures.

Meeting Goals

Through collaboration with this community, the NCCoE and the Federal CIO Council:

  • provided a forum for critical decision makers and stakeholders to enumerate zero trust cybersecurity requirements and challenges for federal networks/systems
  • shared current successes, best practices, and lessons learned in implementing zero trust in the federal government and the commercial sector
  • provided a setting for government and industry to connect, network, and share big-picture federal needs and ideas around zero trust in a “no sales pitch” environment
  • gathered feedback from key zero trust stakeholders on current NIST efforts in NIST SP 800-207, Zero Trust Architecture, and areas where NIST and the Federal CIO Council are best suited to support zero trust efforts moving forward


The following presentations were given during the two-day event:

Workshop on Cybersecurity Online Informative References

Tuesday, December 3, 2019

The National Institute of Standards and Technology (NIST) invites you to attend a Cybersecurity Online Informative Reference (OLIR) workshop which will be held on December 3rd, 2019, at the National Cybersecurity Center of Excellence.

NIST invites industry subject matter experts and early adopters to share their views of the OLIR program, discuss potential opportunities and challenges affecting authoritative cybersecurity data-mapping, and offer industry-recommended practices for correlating cybersecurity-related data.


The purpose of this NIST OLIR cybersecurity workshop is to present the NIST Cybersecurity Online Informative References Program, the reference data currently and potentially generated for the repository, highlight the work of early adopters, identify existing industry recommended practices for correlating cybersecurity-related data, and understand potential opportunities and challenge areas affecting authoritative cybersecurity data-mapping. The findings from the workshop will inform the development of the OLIR reference repository and NIST guidance for the use and adoption of these data resources.

The three main drivers for the OLIR program are also its primary objectives: 1) to apply greater scientific and mathematical rigor to cybersecurity guidance, 2) to create an integrated and actionable NIST guidance reference resource inclusive of maintained data sources, and 3) integrate NIST-supported United States Government (USG) legislative and administrative project responsibilities. By achieving these main drivers, the program creates a more standards-based, consumable reference set of NIST guidance as related to itself and other government, industry, and academia-produced cybersecurity products, guidance, services, and education.


At its core, the OLIR program provides a forum and format for cybersecurity subject matter experts to make mathematics and logic-based relationship assertions between their framework, document, or product and the Cybersecurity Framework (CSF) in a simple format defined by NIST Interagency Report (IR) 8204, Cybersecurity Framework Online Informative References (OLIR): Specification for Completing the OLIR Template, which was established to provide guidance to Informative Reference developers for completing and submitting Informative References for inclusion within the OLIR catalog.

At the workshop, NIST will introduce the OLIR program and the associated processes and procedures documented within NISTIR 8204 as well as highlight existing Informative Reference data within the OLIR catalog from early adopters. NIST will gather feedback regarding the current instructions and definitions detailed within the NISTIR and use this information to mature the evolution of the OLIR catalog and current and future guidance. 

Questions about the workshop should be sent to:

Registration is Open

To register for this free workshop, please complete this short form by November 26th, 2019.  The workshop will be limited to 100 registrants.

For our international visitors, registration is suggested as soon as possible to allow for the registration process. Please download the file and fax the hard copy to (301-975-8670). Once the form has been faxed, email to confirm receipt.



Date: Tuesday, December 3rd, 2019

Time: 9:30 a.m. – 12:00 p.m.

Location: National Cybersecurity Center of Excellence, 9700 Great Seneca Hwy, Rockville, MD 20850


8:30am – 9:00am

Check-in, NCCoE Lobby

9:00am – 9:10am

Welcome & Introduction to NIST

9:10am – 9:50am

Online Informative Reference (OLIR) Program Briefing & Website Demonstration

9:50am – 10:10am

Program Briefing Q & A

10:10am – 10:25am


10:25am – 11:15am

Technical Panel - Perspective from OLIR Program Early Adopters Panelists

11:15am – 12:05pm

Industry Panel - Perspective from Industry Partners Panelists

12:05pm – 12:30pm

 Closing Remarks and Q&A


End of Workshop

Information Protection and Data-Centric Security Management: Data Classification Workshop

Thursday, October 24, 2019

The purpose of this workshop is to discuss the challenges and opportunities with data classification in the context of data management and information protection to support various business use cases. The outcome of the workshop will help the National Institute of Standards and Technology (NIST) develop a National Cybersecurity Center of Excellence (NCCoE) demonstration project that may be divided into multiple phases to support the full life cycle of managing information security at the data level and demonstrating compliance. We recognize that policies and controls are necessary to secure the data, but the initial scope of this project will focus on classification.


Data Classification

There are a few NIST guidelines and practices for data security, but data classification—a key foundational element—is not well defined. Data classification is a mechanism to help organizations determine the type of data, its criticality with respect to a categorization schema, the adequate access level, and the level of protection.

Data classification is an activity that is often overlooked. And, there is limited guidance available covering taxonomy, methodology, and practical approaches to help organizations discover, classify, and label data. Several challenges related to data discovery and classification are driven by the fact that:

  • Data is everywhere—on devices (e.g., laptops, desktops, mobile) and in applications running in an on-premise and/or outsourced environment, and/or in the cloud.
  • Relying on end users to identify and classify is error prone and often incomplete.
  • There is a lack of common definitions and understanding of classifiers, which results in the same information potentially being classified and labeled in a contradictory manner.
  • Lack of persistence of the label in the Information that are interoperable across various vendor technology clients and tamper detectable.
  • There are inconsistent global standards across technologies and industries.

About the Workshop

During the workshop, NIST will present a summary of existing and ongoing work related to data classification, data security, data-centric threat modeling, and zero-trust architecture. Next, industry and other parties will present their views of the challenges in data discovery and classification, and recommended approaches and practices to address the challenges with managing the security of the data throughout its lifecycle driven by the business use cases to support the organizations’ mission. NIST welcomes input from workshop participants on all aspects of the planned NCCoE demonstration project, including the proposed scope, use cases, technologies to be considered, and sources of specifications and guidance. NIST will use the findings and feedback received from the workshop to develop a project description that will be released for public review. Then, NIST will solicit organizations to directly collaborate on the technical project and development of its outputs.

A final agenda is coming soon.

Register Today!

The workshop is free and open to the public; however, advance registration is required. Please complete this short form by October 21, 2019.

For our international visitors, registration is suggested no later than October 17, 2019, to allow for the registration process. Please download this file and fax the hard copy to 301-975-0321. Once the form has been faxed, email to confirm receipt.


Date/Time: Thursday, October 24, 2019. Check-in begins at 8:30 a.m. The formal program begins at 9 a.m. and concludes at 1 p.m.

Location: NCCoE, 9700 Great Seneca Highway, Rockville, Maryland 20850

Dress: Business Casual

Note: This is not a virtual event. You must join us in person at the NCCoE to attend this event.

Questions? Please email your questions to

Workshop on 5G Cybersecurity: Preparing a Secure Evolution to 5G

Thursday, October 10, 2019


Workshop Objectives 

The National Institute of Standards and Technology (NIST) hosted a workshop that was open to the public, on 5G cybersecurity on October 10, 2019 at the National Cybersecurity Center of Excellence (NCCoE) . The purpose of the workshop was  to explore the practical and implementable cybersecurity capabilities delivered by 5G systems, identify existing industry recommended practices for securing the supporting infrastructure and technologies, and understand potential opportunities and challenge areas affecting this evolution to 5G. The findings from this workshop will inform the development of potential NCCoE demonstration projects to leverage 5G cybersecurity capabilities and supporting technologies to protect the cellular communication network in addition to securing core 5G underlying infrastructure and services.


As 5G technology is deployed in our nation and across the world, there is great promise of positive change in the way humans and machines communicate, operate, and interact in the physical and virtual world. With cellular technology becoming the primary way devices are connected, it is imperative for organizations to understand and address the risks associated with the use of these technologies. As industry embarks on ubiquitous 5G deployments, there are opportunities to take advantage of the various cybersecurity technologies and capabilities that are available today. 5G introduces the concept of a Service Based Architecture for the first time in cellular networks. This design has fundamental impacts on the way network services are created and how the individual Network Functions communicate – not only is the core network decomposed into smaller functional elements, the communication between these elements is also expected to be more flexible, routed via a common service bus and deployed using virtualization technologies. It is envisioned that 5G network components are deployed on a hyper scalable containerized and virtualized infrastructure. While this is not the only approach for 5G deployments, this infrastructure is a fundamental building block of 5G that operators and manufacturers can adopt to meet customers’ demand of modern use cases. Secure deployment of the core network and radio access network services on cloud-like infrastructure constitutes a foundational element of both commercial and private 5G networks.

During the workshop, NIST introduced some notional ideas of a high-level reference architecture, supporting components of 5G deployments, and a proposed preliminary approach for gathering the existing cybersecurity guidance to develop practical practices that can be instantiated as potential NCCoE demonstration projects.

NIST invited industry subject matter experts and practitioners to present their views related to cellular security enhancements, deployment challenges and opportunities introduced with new service-based architecture of 5G technology, as well as proposed solutions. The workshop provided an opportunity for participants to share ideas about this work related to the evolution to 5G networks to include technologies and best practices that will be critical to a successful and secure deployment and operation of the network. Workshop participants also provided feedback on all aspects of the planned activities to include: relevant standards, guidelines, best practices, use cases and technologies to be considered, and sources of specifications and guidance. NIST is using the resulting prioritized list of activities to help accelerate the demonstration of the next generation cellular networks along with their supporting technologies that can be deployed and operated securely by default.


The following presentations  were given during the workshop:

-NCCoE Overview - See the agenda & presentation

- Cisco - See the presentation

-Intel - See the presentation

- Nokia - See the presentation

-T-Mobile - See the presentation


Questions? Please send an email to



Cyber Supply Chain Risk Management (C-SCRM): Validating the Integrity of Server and Client Devices

Tuesday, September 10, 2019

NIST’s NCCoE is developing a demonstration project to identify the perceived issues and challenges in supply chain assurance. When a device’s supply chain is compromised, the security of that computer device can no longer be trusted, whether it is a laptop, desktop or server. A primary focus of the workshop and subsequent NCCoE demonstration project is to explore methods by which organizations can verify that their purchased computing devices’ internal components are genuine and have not been altered during the manufacturing and distribution process or after sale from a retailer. During the workshop, NIST will present its preliminary plans for this project and subject matter experts in the field will present on their views of the challenges in supply chain assurance and/or enabling technologies and best practices to address perceived challenges. The resulting project hopes to also verify that components have not been tampered with nor otherwise modified through the retirement of the computing device.

NIST explicitly solicits input from workshop participants on all aspects of the planned NCCoE demonstration project including the proposed scope, use cases and technologies to be considered, and sources of specifications and guidance. Once the project description is finalized, NIST will solicit organizations to directly collaborate in the technical project and the development of its outputs.

We would like to welcome you to subscribe to our community of interest mailing list where we will announce future updates and events on our project. To receive periodic updates about the process and opportunities to engage, subscribe to NIST’s NCCoE Supply Chain Assurance community of interest here.


Workshop Agenda (subject to change)

8:30 - 9:00 a.m. Check-In, NCCoE Lobby
9:00 - 9:15 a.m. Safety Brief / Intro to NCCoE
9:15 - 9:30 a.m. Cyber Supply Chain Risk Management Overview
9:30 - 9:45 a.m. NCCoE Project Description Overview
9:45 - 9:55 a.m. Trusted Computing Architecture
9:55 - 10:10 a.m. Break
10:10 - 11:35 a.m.

Industry Session with invited speakers from:


Hewlett Packard, Inc.


Hewlett Packard Enterprise



Eclypsium, Inc.

11:35 a.m. - 12:05 p.m. Industry Panel Q&A
12:05 - 12:30 p.m. Wrap-up

Questions about the workshop should be sent to:


The following presentations from the industry day have been approved for public release.



Hewlett Packard, Inc.

Hewlett Packard Enterprise



Eclypsium, Inc.

Trusted Computing Group



Mark Boucher, Intel

Mark Boucher is the chief architect for Compute Lifecycle Assurance at Intel.  He has more than 15 years of Supply Chain software and process experience, and has been architected large scale enterprise solutions for the past decade.


Jim Mann, Hewlett Packard, Inc.

Jim Mann is an HP Distinguished Technologist and Security Strategist in the Office of the Chief Engineer.  He leads the company’s product security quality and governance, talent management and education, serves as a key technical resource for HP business units in bringing secure products to market, and is a co-lead for HP’s Supply Chain Risk Management Compliance Function.  Mann is active in numerous industry consortia activities and private-public forums related to security, and serves on the Board of Directors and as a co-chair of the Cyber Resilient Technology Workgroup for the Trusted Computing Group.  He was also a technical contributor to NIST SP 800-147/B (now ISO 19678) and SP 800-193, was a co-author on the Open Group Trusted Technology Provider Standard (now ISO 20243), and is participating in the DHS ICT Supply Chain Risk Management Task Force.


Jon Amis, Dell Technologies, Inc.
Jon Amis is the Supply Chain Assurance Program Director for Dell Technologies, Inc. and has had the responsibility for the development of the Dell program for ten years.  He has served in various roles at Dell over the past 19 years within Manufacturing Engineering, Supply Chain and Logistics.  Jon currently represents Dell on several key public-private partnerships and industry forums that focus on the integrity, security, and assurance aspects supply chain risk management, to include the Department of Homeland Security (DHS) Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force, The Open Group Trusted Technology Forum, the Supply Chain Risk Leadership Council (SCRLC), and the Software and Supply Chain Assurance Forum (SSCA).

Jon graduated from the United States Military Academy at West Point in 1990 with a Bachelor of Science degree in Systems Engineering and went on to serve as an Infantry Platoon Leader and Executive Officer with the 101st Airborne Division.  After leaving the Army, he earned a Master of Engineering degree with Highest Honors in Industrial Engineering at the University of Louisville.  Prior to joining Dell, he was an engineer for FedEx Ground.  Jon lives with his wife, Lori, and their two children just north of Nashville, Tennessee.  


CJ Coppersmith, Hewlett Packard Enterprise

CJ Coppersmith is presently driving secure development lifecycle and maturity assessment methodology, as well as security architectural standards and compliance, and vulnerability analysis and response across HPE. Previously Coppersmith drove HPE development environment, SOA and Linux strategy for the corporation.

Coppersmith brings over 30 years in the IT industry, covering security, various aspects of development operations, and technology incubation. Coppersmith was CTO for Compaq’s Alpha Division, leading the J2EE and middleware strategy for the division. While working for Digital Equipment Corporation, he worked as the Technical Point of Contact between Digital and the National Computer Security Center, and was certified as a Vendor Security Analyst (VSA) by the Center. He led several NCSC Operating System Security Evaluations as well as leading several overall operating system releases.

Coppersmith holds Bachelor of Science degrees in Biology and Chemistry from Allegheny College and the University of Pittsburgh, respectively, and a Master of Science degree in Computer Systems Engineering from Northeastern University.


Chirag Shroff, Cisco Systems, Inc.

Chirag Shroff is a Principal Engineer with Cisco's Security and Trust Organization where Trustworthy Technologies are at the heart of his work. As principal engineer, Mr. Shroff is responsible for Trustworthy Systems architecture and technology innovation, including threat response, intelligence and engineering development that enhances the security of Cisco's product portfolio.

Mr. Shroff has held various leadership roles at Cisco as a senior technical leader and hardware manager, encompassing the fields of global government solutions engineering, hardware assurance and resilient systems architecture. During his 19 years at Cisco, he has made a tremendous impact on security engineering. Mr. Shroff is highly regarded as a trusted security partner and advisor to Cisco product teams, global government standards organizations, and worldwide key technology suppliers. His passion, talent, and dedication to innovation have resulted in several security and networking patents.

He holds a Master of Science degree in Electrical Engineering from California State University, Northridge and a Bachelor of Science degree in Computer Engineering from the Gujarat University, India.


Monty A. Forehand, Seagate Technology

Monty Forehand is Product Security Officer and Managing Technologist of the Product Security Office at Seagate, leading the security assurance of products, operations, and life-cycle across all Seagate business lines.  He has held a variety of leadership positions in Embedded System Architecture, Security and VLSI Architecture, Security Portfolio Delivery, Research, Technology, and Architecture over a 29 year career at Seagate,

Forehand is a frequent industry and government speaker and a pioneer in the secure storage industry leading the delivery of the world’s first fully integrated Self Encrypting Drive (SED), and other firsts including security and Cybersecurity in all Seagate Products, Worldwide Security Standards, Certified Security Products and Certified Life-Cycle. He continues leading the proliferation of Seagate Secure, Data Security, and a Trusted Digital Life Cycle worldwide, and into the Digital Transformation, IT 4.0, and the Edge.

Forehand holds master’s and bachelor’s degrees from Oklahoma State University in electrical and computer engineering, with emphasis on artificial intelligence.  He holds 26 patents in the areas of Machine Vision, Electronics Systems, Storage Virtualization, and Embedded Security and is a two-time recipient of the Seagate Technology Hall of Fame Award along with the top technology achievement award.


John Loucaides, Eclypsium Inc.

John has extensive history in hardware and firmware threats from experience at Intel and the United States government. At Intel he served in Advanced Threat Research, Platform Armoring and Resiliency, PSIRT, and was a CHIPSEC maintainer. Prior to this, he was Technical Team Lead for Specialized Platforms for the federal government. He has presented and given training on firmware security at multiple events including DEFCON, CanSecWest, Ruxcon, and other security conferences.


Lawrence Reinert, Department of Defense

Lawrence Reinert is a senior systems engineer with the Department of Defense actively involved with open source projects dealing with device integrity. Many of those projects have utilized the Trusted Computing Groups (TCG) defined supply chain artifacts. As a member of the Infrastructure Working Group Lawrence has been working with the TCG to provide standards based methods to help mitigate supply chain risk and to promote confidence in procurement.


Registration is closed.

Thank you for your interest in the event! Registration has reached capacity, and is now closed.



Tuesday, September 10, 2019 8:30 a.m. – 12:30 p.m.

The NCCoE 9700 Great Seneca Hwy Rockville, MD 20850