Intelligence Community Executive Forum on Cyber Operations

Carahsoft is a unique, trusted firm that helps government find and rapidly acquire the right technologies and helps high tech firms successfully interact with government (which has famously onerous processes for businesses that want to serve the federal mission).  Carahsoft is a client of my firm and one of the things I'm particularly proud about is their sponsorship of venues where government and industry tech leaders can interact together.  One venue of note is a series they coordinate called the Intelligence Community Executive Forum.

This periodic event focuses on executives from the IC and the industry companies around the IC.  Today's session of the ICEF focused on industry and commercial technologies addressing the Comprehensive National Cybersecurity Initiative.

It is hard to capture the content of a venue like this.  Its true value comes from the dynamic interactions and high data rate conversations that take place throughout.  But I thought I should try to provide some gist of what happened so you can determine whether or not you should participate in future venues like this. Give the agenda below a quick glance then I'll add some additional context:


7:30am - 8:00am Registration & Breakfast
8:00am - 9:00am Welcome and Morning Keynote
Don Boian, Technical Director, J3 Consolidated JFCC-NW/JTF-GNO Staff
9:00am - 9:45am Information Overload and Situational Awareness
Moderator: Francis Landolf, Principal, Core Consulting, LLC
Government Panelist:
Sherri Ramsay, Director of the NTOC (NSA Threat Operations Center)
Industry Panelists:
Marc Breissinger, Executive Vice President, Composite Software
Brian Frutchey, Federal Subject Matter Expert, Endeca
Kevin Griffith, District Manager, DOD and Intelligence, Informatica
9:45am-10:30am Information Sharing and Collaboration for Cyber Operations
Moderator: Francis Landolf, Principal, Core Consulting, LLC
Government Panelist:
Jim Bieda, Deputy Chief Technology Officer, NSA
Industry Panelists:
Jim Kovach, Director of Federal Operations, Jive
Dean Pianta, CTO, EnvolveMEDIA LLC (formerly with Adobe)
Rob Cardwell, Vice President Middleware Technology, Red Hat
10:30am - 11:15am Securing the Cloud
Moderator: Bob Gourley, Founder and CTO, Crucial Point LLC and editor of
Government Panelists:
Robert Vietmeyer, Director,, DISA
Industry Panelists:
Fran Trentley, Senior Service Line Director, Akamai
Rob Randell, Senior Security and Compliance Specialist, VMware
Dr. Steven Armentrout, Founder and CEO, Parabon
11:15am - 12:00pm Networking Break and Exhibits
12:00pm - 1:00pm Lunch Keynote
Tony Sager, Chief of Vulnerability Analysis and Operations, NSA
1:00pm - 1:45pm Efficiently Automating Security with Industry Best Practices and Tools
Moderator: Bob Gourley, Founder and CTO, Crucial Point LLC and editor of
Government Panelist:
Dr. Ted Kircher, Chief Architect, NSA Threat Operations Center
Industry Panelists:
Doug Cahill, Vice President of Corporate Development and Product Management, Bit9
Fred Unterberger, Senior Manager, Sales Engineering, Symantec
Frank Hecker, Federal Sales Engineer, IronKey
1:45pm - 2:00pm Q+A Session and Closing

During breaks several sponsors were providing demos and additional information on their technology including:

A quick gist:

Don Boian of Cyber Command provided great context and a good kickoff to dialog.  Then throughout the event, cyber thought leaders in and out of government discussed the state of current technologies and current mission needs in cyber-focused organizations.  Some of these mission needs are truly enduring.  For example, the need for defense in depth as a strategy and approach vice just point solutions.  But today, defense in depth is not enough.  Adversaries always find a way in and defenders must continuously monitor and prepare for remedial action.  With the incredibly high volumes of data and information around those intrusions new means must be found to gain insights into what is occurring and then determine the appropriate action to take.  This must be done so fast new operational constructs around "dynamic defense" are required.  Defenders require capabilities that can increase the speed of good guy decision-making.  There must be speed in vulnerability detection, speed in intrusion detection, speed in decision-making and speed in execution.  Cyber Command defenders use the phrase "operate at network speeds."

Another common theme throughout the event was a call for enhanced situational awareness in the cyber domain. The bad news is that call has been made for decades now.  There has been movement in enhancing situational awareness, but nothing yet fills the need.  More work is required.

Another theme was the need to enable humans to interact with data in far better, far faster ways.  Cyber data needs to be rapidly run through automated tools that can enable not just search but discovery using tools like Endeca.

Collaboration for cyber related commands and organization is another area where many enhancements have been made lately.  In a very good trend, it seems most organizations working cyber defense/cyber operations now know of each other and have frequent interactions.  There is more need for enhanced human to human collaboration and even enterprise grade social networking/social media around cyber defense as an aide to bringing the right understanding to situations.  A capability to watch here is Jive.

It is not only network defenders that need collaborative capabilities.  Developers of software and those that lead/manage/interact with them, including users, need ways to collaborate.  The ICEF was treated to an overview of a very positive capability to do that, the DISA led .  In my opinion, the positive disruptions from this activity have just begun, far more goodness will come from this project as more and more developers make use of it.  It is speeding development of new capabilities and is also laying the foundation of what may be the biggest positive improvement in the security and testing environment in years.

The security aspects of Cloud Computing were discussed in detail.  A general statement: If security is engineered into cloud computing capabilities, cloud concepts can significantly enhance the security of enterprises.  However, the reverse is also true.  If security is neglected in cloud constructs it can doom us all!

The ICEF was treated to an interaction with Tony Sager, one of the nation's greatest thinkers in cyber security. Tony's ability to express technological concepts in ways we can all understand is always appreciated.  A key conclusion from Tony: we are entering a phase in cyber defense that will require enhanced information management.   Note:  Tony provided us all with context on some very important concepts that all network defenders should be tracking, SCAP, NDV and FDCC.   My personal sense from the interaction was that most in the venue who work closely with security technology new of these constructs, however, it is getting to the point where all IT professionals and all leaders in an out of government need to know these capabilities, even if you are not a security professional.  So, a recommendation:  accept it as your civic duty to study up on SCAP, NVD and FDCC.

Other speakers, including Dr. Ted Kirscher, Chief Architect of the NSA Threat Operations Center, underscored again the need for new means to conduct highspeed assessment of the right data from defensive devices.  Ted, like everyone else who spoke, also ensured we all knew the collaborative nature of the work in front of us all.

For the many people I heard from this was a day well spent, a time to reflect on progress and to think through the next priorities to address.  There are some huge challenges that confront cyber defenders, but with new organizational constructs and new focus being placed on the mission these challenges are certainly achievable.  Some might still look impossible, but hey, like Walt Disney said, "It's kind of fun to do the impossible."

Connect Here

Bob Gourley

Partner at Cognitio Corp
Bob Gourley is a Co-founder and Partner at Cognitio and the publisher of Bob's background is as an all source intelligence analyst and an enterprise CTO. Find him on Twitter at @BobGourley
Connect Here
About Bob Gourley

Bob Gourley is a Co-founder and Partner at Cognitio and the publisher of and Bob's background is as an all source intelligence analyst and an enterprise CTO. Find him on Twitter at @BobGourley


  1. Ron Bounds says:


    This was truly an outstanding event. You and Fran did a great job of keeping everything moving but the speakers were extraordinary. I have given my debrief to the EMC (Data Domain) leadership and I will give them a link to your blog to let them read your comments. I attended the IEEE Mass Storage and Key Management conference last week and between these two events, my note pads are full. Thanks again and I will be in contact soon.


    • Thanks Ron, this is a great way to keep the dialog up between government and industry and all in the ecosystem. Next big event is DoDIIS. Hope to see you there.


  2. Scott Granado says:


    This forum was packed with authoritative speakers and panelists. You and Fran did an excellent job in driving the event. Hard to believe the breadth and depth of content that was covered. Some quick bullet points that I’m still pondering:

    – Appeal by Don Boian (Cyber Command) for comprehensive configuration control capabilities to enable solving of the easier 80% of challenges; will free time/effort to pursue on the really hard 20%

    – Sherri Ramsay's (NTOC) call for multi-dimension data models (encompassing red + blue + white data) to help with analysis

    – Jim Kovach's (Jive Software) comments (and my conversation with him at the booth) on increased awareness to the huge potential within social business software concepts to collaboratively address the above hard problems

    – Tony Sager's lunch keynote points could be used to structure a complete, one-day forum in itself! Emphasized need for full, multi-discipline approaches to cyber early warning and understanding cyber activity spillover into other dimensions. Discussion on supply chain security and its relationship with tech adoption rate was fascinating: Increase speed of tech adoption ~ increase info security as adversary is forced to reconfigure exploit processes to keep up with a dynamic target.

    – Fred Unterberger's (Symantec) discussion on the reputation-based security concept got me thinking: Could this concept be used at the core of a model for enterprise security?

    Thanks for a thought-provoking conference and valuable networking event!


  3. Anonymous says:

    Buy cheap dr dre headphones online at,We are the best online shop of beats by dre headphones,excellent design and terrific quality.Top rated customer service With Fast & Free Shipping.

  4. Anonymous says:

    Buy cheap mulberry bags online at,We are the best online shop of mulberry bags,excellent design and terrific quality.Top rated customer service With Fast & Free Shipping.

Leave a Reply