CISO, RedSpin
Dr. Thomas Graham, Ph.D., serves as the VP and Chief Information Security Officer (CISO) at Redspin, a top cybersecurity, and privacy consulting firm, the first authorized C3PAO, and one of the first organizations to conduct a DIBCAC High CMMC (Cybersecurity Manual Model Certificate) assessment under the joint surveillance program. Dr. Graham is the architect of Redspin becoming the first authorized C3PAO and has been the lead for numerous assessments under the Joint Surveillance Voluntary Assessment Program (JSVAP). Dr. Graham is responsible for all internal security items for Redspin and its affiliates. Before Redspin, Dr. Graham supported the Defense Health Agency (DHA), where his team received a FedHealthIT award for Innovation, presented to them at the National Press Club in Washington, DC. Dr. Graham holds a Ph.D. in Information Assurance and Security, an MBA, and a Master of Science degree in Technology Systems. He also serves as the Chair for the MIS Advisory Board for East Carolina University, a member of IANS Faculty, and has been a member of the HIMSS Cybersecurity, Privacy, and Security Committee. Dr. Graham has previously spoken at other industry events including the National Cyber Summit and ISC2 Security Congress.
Our world is rapidly changing and our reliance on technology to facilitate literally every aspect of our lives, certainly accelerating its complexity. Not surprisingly, our home and business networks have become riddled with cyber threats. Even the smallest and the most innocuous of oversights can lead to irreparable consequences - as evidenced by relentless, targeting of our defense supply chain.
Recently, these cyber-attacks have transcended beyond mere digital skirmishes to become a cornerstone of a much larger geopolitical strategy. Hackers are now forming loose coalitions between their groups to further political strategy - sharing expertise, intelligence, resources, and more to further these interests. As these attacks grow more complex and politically charged, we need to explore and understand the implications to our national security and more specifically, how compliance standards such as the CMMC can support our nation in this challenging battlefield.
Our session will explore recent attacks on our Defense Supply Chain and U.S. Government Agencies, focusing on how attackers gained access to U.S. information systems and exploited vulnerabilities. From Solar Winds and beyond, we'll unravel the strategies employed by hackers, revealing an alarming trend towards more aggressive, state-sponsored cyber warfare. We will also explore how digital strikes are carefully orchestrated to achieve specific political objectives, often leaving a trail of chaos in their wake.
As we confront the challenges of this new era, we must question the adequacy of existing countermeasures - including, the Cybersecurity Maturity Model Certification (CMMC) and supporting legislation. Is compliance alone enough to stave off these rapidly advancing threats?