Future Tech DC 2026 Government Track Sessions

AI, Zero Trust, and the Accountability Imperative — Governing Emerging Technology in Public Sector Environments

Presenter: Jennifer Franks (GAO)

As agencies accelerate AI adoption and modernize toward Zero Trust Architectures, the real challenge is not innovation, it is governance. This session examines how federal agencies are managing AI risk, securing AI within FedRAMP and DoD environments, and aligning emerging technologies with statutory, budgetary, and workforce realities. Attendees will explore the intersection of innovation, compliance, and accountability—and how to avoid creating tomorrow’s high-risk list while pursuing modernization today.

Learning Objectives

• dentify where AI governance gaps most often emerge—policy misalignment, data integrity weaknesses, and unclear risk tolerance.
• Understand how Zero Trust principles apply to AI systems, including model access, enclave architecture, and supply chain risk.
• Avoid vendor lock-in and technical debt through portable, standards-based architecture.
• Balance experimentation with accountability using structured pilot frameworks and measurable risk thresholds.

CMMC on the Ground: What the Defense Industrial Base Should Expect as Compliance Becomes Reality

Moderator: Chris Haigh

Panelists: Perry E. Keating (Protiviti Government Services), Branden Reber (Fortreum), Guy Walsh (NDIA)

CMMC is no longer theoretical. As the Defense Industrial Base moves from preparation to execution, organizations are discovering that the true challenge is not understanding the framework, but navigating what CMMC looks like in real operational environments. This panel brings together essential perspectives from across the CMMC ecosystem: an experienced advisor guiding organizations through readiness, an organization actively navigating the compliance journey, a C3PAO offering direct insight into assessment expectations and common pitfalls, and a CMMC Instructor to moderate the discussion.

Panelists will share what they are seeing on the ground as organizations adopt this new compliance level, including where expectations diverge from assumptions, where organizations struggle most, and how readiness truly plays out during assessments. The discussion will surface practical challenges, hard earned lessons, and how roles and responsibilities evolve as CMMC becomes embedded into contracts, operations, and organizational culture.

Designed for government and defense contractors, auditors, and cybersecurity leaders, this session delivers a candid and practical view of what to expect as CMMC reshapes trust, accountability, and cyber resilience across the defense supply chain. Attendees will leave with clearer insight into how to prepare effectively, what assessors are really looking for, and how to approach compliance in a way that strengthens security while maintaining agility.

Learning Objectives

• Understand how CMMC is being implemented in practice across the Defense Industrial Base, including common challenges and readiness gaps.
• Recognize assessment realities from a C3PAO perspective and better align preparation efforts with real world evaluation criteria.
• Apply practical lessons from advisors and clients to strengthen CMMC readiness, reduce risk, and support sustainable compliance.

Balancing IT Governance and Innovation to Manage and Safeguard the Thrift Savings Plan (TSP)

Presenter: Jason Boyd (FRTIB)

The Federal Retirement Thrift Investment Board (FRTIB) administers the Thrift Savings Plan (TSP) solely in the interest of participants and beneficiaries, which makes trust, risk management, and operational resilience non‑negotiable. In this session, FRTIB’s CIO shares how the agency manages technology decisions with governance spanning managed service providers, a modern technology portfolio, and supporting the operations of the agency responsible for ensuring Federal Government workers can “retire with dignity”. Additionally, he will cover how the agency is leveraging modern cloud technology and exploring Artificial Intelligence (AI) to better service the TSP and streamline agency operations.

Learning Objectives

• Explain how mission drives technology risk decisions at FRTIB and why administering the TSP solely in the interest of participants and beneficiaries is the north star for trust.
• Describe FRTIB’s governance operating model for managed services and technology investments including service‑orientation (turnkey managed services → SaaS → PaaS by exception), and alignment with mission, budget, and architecture principles.
• Apply the NIST AI RMF (Map, Measure, Govern, Manage) to public‑sector AI portfolios, including how FRTIB identifies high‑impact AI that warrants heightened due diligence and promotes lower‑risk innovation to increase agility and efficiency.
• Experiment and operationalize AI in government. Identify use cases, determine low risk areas for experimentation, and plan for technology to support adoption and growth.

How to Effectively Convey Improvement Opportunities

Moderator: Suzanne Yuter

Panelists: Dr. Jeffrey Pullen (DOJ), Jason Yovich (FDIC OIG), Mark Priebe (DOE OIG)

Effective communication can make or break how a control deficiency is understood, acted on, and ultimately resolved. This session will explore practical ways to convey these issues so that stakeholders clearly grasp their significance and impact. The panel will share real examples of what works, what does not, and why certain messages resonate more effectively than others. Attendees will walk away with approaches they can immediately apply to strengthen the clarity and influence of their reporting.

Learning Objectives

• Recognize methods for tailoring messages to various audiences, including management and non-technical stakeholders.
• Apply techniques that enhance clarity, reduce ambiguity, and improve the impact of control-related communication.
• Evaluate how tone, structure, and supporting evidence contribute to effective reporting of control deficiencies.

Same Controls, New Frontier: Adapting NIST Security Controls for AI Systems

Presenter: Victoria Yan Pillitteri (NIST)

Artificial intelligence systems introduce new risks—but they don’t require abandoning established cybersecurity foundations. In fact, much of what secures traditional IT systems still applies. The challenge lies in understanding where AI is different—and where it isn’t. The NIST Control Overlays for Securing AI Systems (COSAiS) Project demonstrates how existing security controls can be thoughtfully adapted to address AI-specific risks. Building upon the NIST Risk Management Framework and aligned with the NIST AI Risk Management Framework, AI overlays clarify which controls remain unchanged, which require enhancement, and where entirely new considerations emerge—such as training data integrity, model behavior manipulation, adversarial inputs, and AI supply chain dependencies. Learn more about COSAiS and get engaged with the ongoing work and community of interest.

Learning Objectives

By the end of this session, participants will understand:

• Some of the differences between traditional IT security risks and AI-specific risks, identifying where existing controls are sufficient and where adaptation is necessary.
• How NIST control overlays extend established security baselines to account for AI development, deployment, and monitoring environments.
• An approach to align AI security efforts with enterprise governance structures using established NIST frameworks.

Jennifer Franks
Director, Center for Enhanced Cybersecurity, Acting Director & Analytics Foundry @ US Government Accountability Office (GAO)

Jennifer Franks directs the Center for Enhanced Cybersecurity within GAO’s Information Technology and Cybersecurity team. She oversees reviews that primarily focus on emerging cybersecurity issues and assessing an agency’s ability to protect the confidentiality, integrity, and availability of its sensitive data and computing infrastructure. Her multi-disciplinary teams actively review agencies’ computer security vulnerabilities across their enterprise-wide computing environment by assessing program management compliance and technical controls recommended for the agencies to follow in accordance with federal guidance and leading practices. In addition, she leads reviews in the areas of IT management and operations, financial management, healthcare and public health IT, data protection, and privacy.

Further, Jennifer serves as the Acting Director of the Analytics Foundry; a dedicated cloud computing environment that manages GAO’s complex analytical functions.

Jennifer earned a master’s degree in information security policy and management from Carnegie Mellon University and earned a bachelor’s degree in computer information systems from Hampton University.

Chris Haigh

Chris serves as a cybersecurity consultant to numerous entities that are considered critical infrastructure and is a frequent speaker at CMMC and critical infrastructure conferences. He is an advisor and instructor for NERC, the regulatory body for energy utilities, and has obtained the highest levels of certification possible through the Department of Defense Cybersecurity Maturity Model Certification (CMMC) program: Certified CMMC Assessor, Certified CMMC Professional, and Certified CMMC Instructor. He was also engaged by Microsoft and Ingram Micro to author the Level 2 CMMC Implementation Guide for MSPs and Organizations Seeking Certification. Recently, Chris partnered with Northern Virginia Community College to launch the first college course aimed at getting students certified as professionals in the CMMC community.

As a trained aeronautical and astronautical engineer who complemented his undergraduate work with a law degree, Chris finds the marriage of technology, law, and regulatory policy fascinating. He has worked as a legislative policy analyst and as a Chief Technology Officer for a cybersecurity firm, and is the founder and CEO of Meerkat Cyber, a Certified Third-Party Assessment Organization under the DoD’s CMMC Framework.

Perry E. Keating
Managing Director, President & CEO @ Protiviti Government Services

With over three decades at the forefront of government and industry cybersecurity, Perry E. Keating brings a rare blend of hands-on experience, strategic vision, and a passion for protecting what matters most—US Government data and national security.

Perry leads Protiviti Government Services, guiding federal, state, and local agencies, as well as contractors, through the evolving landscape of trust, privacy, and compliance. A former US Army Corps of Engineers officer, Perry’s career spans executive roles in Government as well as Aerospace & Defense, where he has designed, deployed, and assessed critical frameworks for protecting government data such as CMMC, FAR, DFARS, FISMA, FedRAMP, NIST, and NISPOM. He’s known for making complex security concepts accessible, and for helping organizations build resilience and agility in the face of digital transformation and AI-driven change.

Perry’s expertise covers security control design, cyber policy, incident response, and recovery—from classified environments to public sector data. He’s a recognized thought leader, honored in Marquis Who’s Who (2025), and a Registered Practitioner with The Cyber AB.

Perry holds an MBA from Virginia Tech and a BS in Computer Science from Tulane University. He is a member of the Army Engineer Association (AEA); Armed Forces Communications and Electronics Association (AFCEA); Association of the U.S. Army (AUSA); CyberAB; Honored Listee Who’s Who for 2025; Information Systems Audit and Control Association (ISACA); National Defense Industrial Association – Cybersecurity Division; Reserve Officers Association (ROA); and is always ready to share a story from the trenches or a practical tip for surviving the next cyber challenge.

Branden Reber
Senior Security Consultant @ Fortreum
CISSP, Security+, Certified CMMCC Professional, Certified Acquisition Professional in Engineering & Technical Management

With over three decades at the forefront of government and industry cybersecurity, Perry E. Keating brings a rare blend of hands-on experience, strategic vision, and a passion for protecting what matters most—US Government data and national security.

Branden Reber is a seasoned Cybersecurity Specialist with over 13 years of expertise in information security, compliance, and governance, specializing in NIST SP 800-171 and CMMC Level 2 assessments. Based in Jonestown, PA, he holds certifications as a Certified Information Systems Security Professional (CISSP, 2017), CompTIA Security+ (2014), Certified CMMC Professional (LCCA, 2025), and Certified Acquisition Professional in Engineering & Technical Management (2023). He earned a Bachelor of Science in Security and Risk Analysis from The Pennsylvania State University in 2013.

As Senior Security Consultant I at Fortreum, LLC since April 2025, Branden leads CMMC Level 2 assessments for Defense Industrial Base contractors. He manages pre-assessment planning, client working sessions, and reviews of information systems, security plans, and policies against NIST SP 800-171 and CMMC 2.0 requirements. He develops comprehensive Security Authorization Packages, mentors junior assessors on NIST and CMMC frameworks, and stays updated on evolving cybersecurity policies, threat vectors, and DoD directives to ensure assessment integrity.

From 2023 to 2025, as DIBCAC Lead Cybersecurity Assessor at the Defense Contract Management Agency, Branden conducted CMMC Level 2 assessments for intended C3PAOs and NIST SP 800-171 High assessments within the DIB, ensuring compliance, coordinating progress, delivering detailed reports, and resolving challenges. He was also trained and designated as one of the first CMMC Level 3 assessors.

At Naval Supply Systems Command (2014–2023), he advanced from IT Specialist to Enterprise Information System Security Manager, overseeing cybersecurity for 10,000+ users per DoD, SECNAV, and NIST standards. He developed access controls aligned with FISMA and RMF and led audit remediations. Proficient in SAP ERP, Oracle Webcenter, network security, and audit compliance, Branden has earned multiple performance awards and a nomination for NAVSUP Junior Employee of the Year (2017).

Guy Walsh
Executive Vice President @ NDIA

Brigadeer Gen Guy M. Walsh, USAF (Ret.), serves as the Executive Vice President and Chief Operating Officer for the National Defense Industrial Association (NDIA). NDIA is a non-profit 501(c) (3) educational association representing industry, government, and academia. More than 1,700 companies and 62,000 individual members rely on NDIA for networking, knowledge, and business development opportunities. As NDIA’s Chief Operating Officer, His previous roles with NDIA include serving as the Chair of the Cyber Augmented Operations Division, during which he acted as the Conference Chair of JADC 2 in 2021/2022. Before joining NDIA, Walsh served as the founding Executive Director of the National Security Collaboration Center at the University of Texas at San Antonio (UTSA).

He is among the nation’s foremost leaders in national security, having previously served as U. S. Cyber Command’s first Director of Strategic Initiatives and as the National Guard and Reserve Programs Director. In 2015, Walsh was a founding member and deputy director of the Capabilities Development Group, charged with integrating USCYBERCOM’s prioritized cyberspace capability development to rapidly deliver joint operational products and services required for generating, facilitating, and monitoring effects in and through cyberspace.

Jason Boyd
Chief Information Officer (CIO) @ US Federal Retirement Thrift Investment Board (FRTIB)

Jason Boyd is a seasoned IT senior executive with comprehensive technical and business expertise, consistently delivering results across application development, DevSecOps, cloud computing, analytics, artificial intelligence (AI) and machine learning (ML), IT operations, and cybersecurity. His leadership experience encompasses several prominent roles, including Deputy Chief Product Officer at the Department of Health and Human Services, Director of Cloud and Platform Services at the Department of Homeland Security, AI Innovation Lead for the Bureau of Consular Affairs, and Chief Information Officer of the FRTIB.

Throughout his career, Mr. Boyd has driven business transformation and innovation at all organizational levels. Notable accomplishments include leading the development of advanced simulation modeling and AI applications for determining airport security staffing in response to post-9/11 security requirements, deploying a federal mobile app in 2012 ahead of most government agencies, modernizing analytics infrastructure to support enterprise reporting from DHS to the White House, overseeing large-scale cloud migrations for DHS systems to AWS and Azure, and spearheading innovative AI initiatives to enhance visa and immigration processes at the Department of State. He has also promoted the adoption of GenAI technology to improve agency operations and leveraged Open-Source Intelligence to bolster national security related to visas, passports, and overseas citizen services at the Department of State.

Mr. Boyd is recognized as an expert in cloud computing and holds the AWS Solution Architect Professional Certification. Additionally, he is certified in Analytics and AI/ML from MIT. He remains committed to a forward-thinking strategic approach, continually seeking opportunities to increase organizational value and drive success. Jason holds a BS in Computer Information Systems from Towson University and an MS in Executive Management of Information Systems Technology from The George Washington University.

Suzanne Yuter
Partner @ Guidehouse

Suzanne has 20+ years of experience in federal financial management, internal controls, audit readiness, and complex accounting and reporting initiatives. She has led large, cross-functional teams supporting agencies such as the Department of Education, Treasury Department, State Department, Department of Justice, and other federal entities to improve auditability, risk management, and operational efficiency. Suzanne is recognized as a trusted advisor who translates complex audit findings and regulatory requirements into clear, actionable improvement opportunities for senior leaders and stakeholders. As a licensed CPA, she applies rigorous accounting judgment, professional standards, and audit discipline to yield improvement recommendations are practical, defensible, and aligned with sound financial governance.

Dr. Jeffrey Pullen
Associate Director, Financial Systems @ U.S. Department of Justice

Dr. Jeffrey Pullen is a senior financial systems leader and Doctor of Business Administration specializing in project management, enterprise business systems, and large‑scale federal financial operations. He oversees the Department of Justice’s financial management and payroll systems and brings more than three decades of experience in accounting, information systems, and program leadership. He is a Project Management Professional and holds senior‑level Federal Acquisition Certification for Program and Project Managers. His work has earned multiple honors, including the Attorney General Award for Excellence in Information Technology and the Federal 100 Award recognizing his contributions to government technology.

Jason Yovich
Acting Assistant Inspector General for Audits@ Federal Deposit Insurance Corporation Office of Inspector General

Jason has 27 years of experience as an oversight professional within several Offices of Inspector General (OIG) – Federal Deposit Insurance Corporation (FDIC), U.S. Postal Service, National Reconnaissance Office, and Department of Defense. He has been in audit leadership and/or executive positions for over 16 years.

Jason is currently the Acting Assistant Inspector General for Audits responsible for leading auditors and evaluators in conducting audits, evaluations, and reviews to examine FDIC programs and operations, assess their efficiency and effectiveness, and make recommendations for improvements at the FDIC.

Before joining the FDIC OIG, Jason served as an audit executive at the U.S. Postal Service OIG responsible for leading teams of auditors, evaluators, analysts, and specialists in performing audits related to IT, contracting, infrastructure, facilities, and human resources. Prior to this leadership position, he was an audit director at the U.S. Postal Service OIG leading the performance of complex IT and cybersecurity-related audits of the third largest IT infrastructure in the world.

Jason also previously served as the Deputy Assistant Inspector General for IT at the National Reconnaissance Office OIG where he was responsible for the performance of IT and cybersecurity-related audits of classified systems and networks. He was a financial auditor leading the National Reconnaissance Office’s annual financial statement audit for several years. Before joining the intelligence community, Jason began his career at the Department of Defense OIG performing numerous contracting, acquisition, logistics and readiness, and financial audits.

Jason graduated from California University of Pennsylvania with a B.S. in Accounting and Finance. He is also a Certified Information Systems Auditor and Certified Fraud Examiner.

Mark Priebe
Acting Inspector General @ the U.S. Department of Education Office of Inspector General

Mark Priebe is the Acting Inspector General of the U.S. Department of Education, where he leads a nationwide team focused on improving efficiency and preventing fraud across the agency’s programs. He brings more than 22 years of experience in auditing, financial management, and oversight. Before stepping into his current role, he directed the OIG’s Non Federal Audit Team and served as the National Single Audit Coordinator, guiding quality reviews and shaping oversight for major pandemic relief programs. His career spans state and federal service, including work at the Michigan Department of Treasury, the Federal Energy Regulatory Commission, and the Department of Housing and Urban Development. He is a Certified Fraud Examiner and holds both bachelor’s and master’s degrees in accounting, as well as a Master of Science in Business Analytics.

Victoria Yan Pillitteri
Supervisory Computer Scientist and Security Engineering and Risk Management Group Manager @ National Institute of Standards and Technology (NIST)
CISSP

Victoria Yan Pillitteri, CISSP, Supervisory Computer Scientist and Security Engineering and Risk Management Group Manager at the National Institute of Standards and Technology (NIST).

Victoria Yan Pillitteri is a supervisory computer scientist and manager of the Security Engineering and Risk Management Group at the National Institute of Standards and Technology (NIST). The group conducts the research and development of the suite of risk management, systems security engineering, and cybersecurity risk analytics and measurement guidance used for managing cybersecurity risk. She is the co-author of multiple NIST publications that are foundational for cybersecurity risk management, including the security and privacy controls, control assessment procedures, the Risk Management Framework, and the CUI security requirements and assessment procedures (Special Publications (SP) 800-53, SP 800-53A, SP 800-53B, 800-37, 800-171, and 800-171A).

Ms. Pillitteri holds a B.S. in Electrical Engineering from the University of Maryland, a M.S. in Computer Science, with a concentration in Information Assurance, from the George Washington University, completed the Key Executive Leadership Program at American University, and is a Certified Information Systems Security Professional (CISSP).