Ohio Cybersecurity Day

Agenda:
8:30 – 9 a.m. | Virtual lobby log-in and gather online |
9 – 9:10 a.m. |
Welcome Ohio Governor Mike DeWine |
Opening Remarks Kirk Herath, Cybersecurity Strategic Advisor, Governor’s Office |
|
9:10 – 9:15 a.m. | CIO Remarks Katrina Flory, CIO, State of Ohio, Department of Administrative Services |
9:15 – 10 a.m. | We All Have a Role in Cybersecurity General Gregory Touhill, Brigadier General (Ret.) Carnegie Mellon University, SEI CERT Division |
10 – 10:05 a.m. | Break |
10:05 – 10:50 a.m. | Information Security from an Agency Perspective Jeff Swan, CIO, Ohio Department of Natural Resources James Matheke, Enterprise Security Manager, Office of Information Security and Privacy, Ohio Department of Administrative Services |
10:50 – 11:25 a.m. | Ransomware in State and Local Government Chris Weldon, Director of Security and Risk Management, Gartner |
11:25 a.m. – 12 p.m. | Cybersecurity Vulnerabilities Uncovered: Tips and Tricks Nathan Norris, Enterprise Security Manager, Office of Information Security and Privacy, Ohio Department of Administrative Services |
12 – 12:30 p.m. | Service Provider Management Kent King, Enterprise Security Manager, Office of IT Security and Privacy, Ohio Department of Administrative Services |
12:30 – 1 p.m. | Cybersecurity Reserve Kevin Mamula, Deputy Program Manager of SAIC's Cyber Training and Exercises |
1 – 1:05 p.m. | Closing Remarks Anupam Srivastava, Chief Information Security Officer, Office of Information Security and Privacy, Ohio Department of Administrative Services |
Bios:
Ohio
Governor Mike DeWine
On Nov. 6, 2018, Mike DeWine was elected to serve as the 70th Governor of the State of Ohio. The Governor has had a long and distinguished career in public service, focusing on protecting Ohio children and families. He was previously the 50th Attorney General of Ohio and has previously been elected to serve as Greene County Prosecutor, Ohio State Senator, U.S. Congressman, Ohio Lt. Governor, and U.S. Senator.
Kirk
Herath, Ohio Cybersecurity Strategic Advisor, Governor’s Office
Kirk Herath is the Cybersecurity Strategic Advisor for Governor Mike DeWine and Lt. Governor Jon Husted as well as Chairman of CyberOhio, the State of Ohio’s Cybersecurity Advisory Board. He also is an Adjunct Professor of Law at both The Ohio State University Moritz College of Law and the Cleveland State University Cleveland-Marshall College of Law. Kirk retired as Vice President, Associate General Counsel, and Chief Privacy Officer at Nationwide Insurance, where he worked for 32 years.
Katrina
Flory, State of Ohio Chief Information Officer, Ohio Department of Administrative Services
As the State Chief Information Officer (CIO) and Assistant Director of Ohio Department of Administrative Services, Katrina Flory oversees the DAS Office of Information Technology and sets the IT direction for the State of Ohio. She is an original architect and leader of two transformational Ohio IT Initiatives, the now completed IT Optimization effort and the ongoing IT Innovation initiative. IT Optimization provided the standardization necessary to drive economies of scale through infrastructure consolidation (server, storage, mainframe, and network) allowing us to turn our attention to innovation. IT Innovation will streamline and modernize state IT through a focus on digital experience, data analytics, enterprise shared services, and collaboration.
Gen. Gregory Touhill, Brigadier General (Ret.), SEI CERT Division, Carnegie Mellon University
Gen. Gregory Touhill is Director of the CERT Division of the Carnegie Mellon University Software Engineering Institute. Gregory was appointed by former President Barack Obama to be the first Chief Information Security Officer of the United States government. Previously, he served in the U.S. Department of Homeland Security as Deputy Assistant Secretary in the Office of Cybersecurity and Communications. He also was President of Appgate Federal, a provider of cybersecurity products and services to civilian government and defense agencies. A 30-year veteran of the U.S. Air Force, he was the Chief Information Officer of the U.S. Transportation Command. His numerous awards include the Bronze Star medal, the Air Force Science and Engineering Award, and being recognized by Security Magazine as one of its Most Influential People in Security. He is the co-author of the books Cybersecurity for Executives: A Practical Guide and Commercialization
of Innovative Technologies.
Jeff
Swan, Chief Information Officer, Ohio Department of Natural Resources
As Chief Information Officer, Jeff Swan oversees the Ohio Department of Natural Resources’ IT systems and security measures. Jeff has more than 20 years of experience in the field with previous positions including IT manager at the Ohio Department of Administrative Services and Network Services Supervisor at the Ohio Department of Health.
James Matheke, Enterprise Security Manager, Office of IT Security and Privacy, Ohio Department of Administrative Services
An Enterprise Security Manager for the Ohio Department of Administrative Services’ (DAS) Office of Information Security and Privacy, James Matheke is the Agency Information Security Officer for the Ohio Department of Developmental Disabilities and also manages other Agency Information Security Officers for DAS. His 18 years with the State of Ohio include serving the Ohio Department Job and Family Services (ODJFS) as their Security Architect. Prior to that, he was the ODJFS Pre-Production Assistant Section Chief responsible for managing the Client, Server, and Network groups. He is a certified information security and privacy professional who has his CISSP, CISM, and CDSPE.
Chris
Weldon, Director of Security and Risk Management,
Gartner
Chris Weldon is a Director with Gartner Consulting’s Security and Risk Management practice and is the State and Local Government Security Practice Solution Lead. He has more than 35 years of experience in a wide variety of technologies, platforms, and architectures. He covers SRM, identity and access management, virtualization, infrastructure, disaster recovery, enterprise architecture, and
networking. Chris has provided technical leadership for numerous major, enterprise infrastructure and mission-critical systems projects. Prior to joining Gartner in 2009, he was the Chief Technology Engineer for Information Management at United Space Alliance, L.L.C. at Kennedy Space Center, Florida. He holds U.S. Government-approved technical certifications in Microsoft Windows Administration and Network Security and is trained in ITIL foundations.
Nathan Norris, Enterprise Security Manager, Office of Information Security and Privacy, Ohio Department of Administrative Services
An Enterprise Security Manager for the Ohio Department of Administrative Services’ Office of Information Security and Privacy, Nathan Norris manages the State Incident Response Team, Vulnerability Department, Red Team Department, and Forensic Department. Their overall responsibilities include monitoring and researching tools that identify phish attempts, potential compromised account risks, and malicious activity enterprise wide. His teams help ensure that the State of Ohio’s security threat landscape and vulnerabilities are lessened by resolving misconfigurations, uninstalling high-risk and obsolete software, and auditing port settings.
Kent King, Enterprise Security Manager, Office of IT Security and Privacy, Ohio Department of Administrative Services
An Enterprise Security Manager for the Ohio Department of Administrative Services’ Office of Information Security and Privacy, Kent King is the Agency Information Security Officer for the Ohio Department of Transportation. Prior to joining the State of Ohio in 2021, he worked as an Information Security Director/ISO at several organizations including the Central Ohio Transit Authority (COTA), Denison University, Sterling Commerce, State Auto, and NiSource. Kent is an active member of the central Ohio cybersecurity community and holds numerous information security and privacy certifications including CISSP, CISA, CISM, and CDPSE.
Kevin Mamula, Deputy Program Manager of SAIC's Cyber Training and Exercises
Kevin Mamula is a cybersecurity, cyber training and exercise expert, and retired military officer with 30 years of experience in leadership and international and public- and private-sector relations. He specializes in liaison and direct support operations with nation-state, federal/state/local governments, public and private organizations for cyber security services in the forms of incident response, compliance and vulnerability assessments, and cyber hygiene education.
Anupam Srivastava, Chief Information Security Officer, Office of Information Security and Privacy, Ohio Department of Administrative Services
Anupam Srivastava is the Chief Information Security Officer for the State of Ohio. The team’s goal is to enable the state to support productivity and innovation, as well as to achieve the organizational objective of providing secure services to Ohio citizens. The team partners with InnovateOhio, agencies, boards, and commissions on key initiatives while holding vendor partners accountable to the state’s cybersecurity standards. Anupam’s prior IT experience spans from developing software for very large database systems, writing system code on multiple Operating System platforms, leading infrastructure teams to provide high uptime across services, and being responsible for the security and regulatory compliance of sensitive systems. He is a certified Project Management Professional and holds a CISSP.