BROADCASTS.com

b'

• Can you tell us a bit about your journey to becoming the CISO at CMS, we know you spent most of your time in the commercial industry prior. How has it helped, what are some of the major differences you've experienced?
• Can you give us some industry specific guidance on what it means to be a CISO in the healthcare industry?
• CMS handles the PII of over 50 Million Americans I believe - can you elaborate on the scale/scope of that challenge and how the organization prioritizes this protection given the huge responsibility and reach?
• Based on your experience are there targeted threats against your industry or maybe specific types of security considerations are most important?
• We know you've mentioned some of the challenges with programs like FedRAMP when it comes to Government Cloud, and just the struggles/risks associated with overly cumbersome regulation and compliance requirements - how do we balance the need for security, compliance, and governance, without introducing bottlenecks that stifle innovation?
• As a CISO, how do you feel about Incident Response? Is this more or less important than the preventative measures you may be using?
• You've mentioned a Batcave DevSecOps type initiative you have in mind - can you tell us a bit about that?
• The government has a long history of challenging to attract and retain tech talent, any recommendations on this front to draw more folks like yourself and others to civil service?
• Given your role at a major Federal civilian agency, and the recent Cybersecurity Executive Order (EO) - do you have any major takeaways or thoughts regarding the EO and its potential impact on not just the government but the broader IT/Cyber industry?
• What does the term Cyber Resilience mean to you?