This event is Co-Sponosored with the Greater Washington DC Chapter of the Information Systems Audit and Control Asssociation. 

Public Key Infrastructure (PKI) is one of the most secure ways to protect information, but only if it is implemented properly. There are multiple parties involved and Federal policies and standards to follow otherwise it becomes a secure way to lose information or for malicious actors to encrypt and exfiltrate it. In addition, the Federal PKI is a federated PKI ecosystem of federal agencies and business partners. Not all PKI is Federal PKI and, depending on the use case, shouldn’t be. Come learn about the difference between the Federal PKI and Enterprise PKI in policy, use case, and implementation. We will also cover a general framework for auditing a PKI, the general classes of attacks on PKI operations and how to protect against them, and PKI in the cloud.

Instructors:

Kenneth Myers, A Senior Manager in Protiviti's Federal Security and Privacy Consulting practice with a focus in Identity Management. He has more than 15 years of business experience specializing in federated identity systems, Public Key Infrastructure, security management, and governance solutions. Kenneth holds many certifications and degrees including an MBA, ISACA CISM and CISA, PMI PMP and ACP, ITIL, CompTIA Cloud Security Professional, and CIPP/G. He is also a CyberArk Certified Delivery Engineer and a Netskope Certified Cloud Associate. 

Jimmy Jung, President and Lead Auditor at Slandala Company. He has performed audits of PKI systems since 2002 and has more than 30 years’ experience in the design, implementation and certification of information assurance systems. He is certified by the International Information Systems Security Certification Consortium (ISC)² as a Certified Information Systems Security Professional (CISSP) and is certified by the Information Systems Audit and Control Association (ISACA) as a Certified Information Systems Auditor (CISA). He has designed, installed or operated PKI systems for the Department of State, the Department of Energy, the Department of Treasury, the Federal Bureau of Investigation, the Department of Homeland Security, the United States Patent and Trademark Office (USPTO) and other agencies and commercial companies. He has provided PKI audit and compliance support for the Department of State, the Department of Labor, the Department of Commerce (DoC) and has been the lead auditor for the Department of Defense Certification Authorities and auditor of several of the DoD agency Registration Authorities, Local Registration Authorities and External Certificate Authorities.

Cost per Attendee: $39 for Government Audtors, $49 per person for members ($65 per non-member)