FTC Hosts Federal/State Cybersecurity Symposium with Congressman Neal Dunn

Updated: Oct 19



On September 16th, FTC hosted Congressman Neal Dunn, FBI Cyber Jacksonville, and seven cyber security experts from our member organizations for a discussion around the needs in the cyber space for both federal and state governments.


What were the panelists?

Panelists included Juan Guerreo-Saade, Principal Threat Researcher at Sentinel One, Darryl Richardson, Chief Platform Evangelist at Aparavi, Chris Usserman, Director of Security Architecture at Infoblox, Ryan Hardenbrook, Regional Enterprise Executive at Elastic, Simon Hill, Vice President of Contract Management at Certes Networks, Greg Porpora, Distinguished Engineer & Distinguished Industry Leader - Government at IBM, and a representative from the FBI's Cyber division. The session was moderated by David Clark - former deputy chief of staff for Governor Ron Desantis.



While our panelists discussed hot topics in the cybersecurity space, notes were taken on an eGlass and displayed to the audience. The notes from this session have been transcribed below.


Enterprise Awareness & Education

  • Understand the battlespace, limitations, and rules of engagement

  • We are fighting an asymmetric war

  • It is essential to keep systems updated

  • To be defensive, we must begin to think offensively

  • Systems and data risk mitigation

  • It is important to understand your data in order to know where the risk is

  • There is immense risk in duplication of PII

  • Workforce education and training

  • There is a shortage of cyber professionals, > 100,000 open positions

  • We must invest more resources into training, bring people from outside IT, build the workforce

  • Look outside your market space, incentivize potential employees, and be open to training them


Response to Cyber Emergencies

  • Not if, but when

  • Zero Trust: strategy to protect data and mitigate risk

- based on the idea that at some point, someone will get into your network

- strategy is to never trust, always verify, and limit privileges

  • Everyone should have a viable, actionable plan that is frequently updated

  • Ransomware is the effect, it is truly a stratified ecosystem of crime. It's important to address the higher problem.

  • Data, backup, disaster recovery

  • We are not doing everything we can, one thing that is essential is building up talent

  • Organizations tend to underestimate the capabilities of malicious hackers

  • Disaster recovery is only as good as your last backup

  • Cloud is not necessarily more secure, used for reducing infrastructure

  • Know what you have and what you don't -> make your data searchable and classifiable

  • Top 3 vulnerabilities

  1. People

  2. Process (supply chain)

  3. Products


Strategy and Federal Legislation

  • Defense, active defense, and offense

  • What strategy should we focus on? Zero trust is a good start

  • Make sure your house is in order

  • CISA 2015

  • Concept of "hacking back"

  • Cyber resiliency

- We are currently only responsive, we need to be offensive

- Build safeguards (ex. immutable data, separation of networks, preparedness)

- Think offensively

  • Need more and clearer laws about what can be prosecuted

  • incidents can take 3-9 months to detect

  • HR3270 - Active Cyber Defense Certainty Act (ACDC): Good Samaritan Law