Future Tech DC 2026 Workshop Track Sessions

From Security Compliance to Resilience: Continuous Assurance with OSCAL

Instructors: Dr. Michaela Iorga (NIST) and Selena Xiao (NIST)

This immersive, hands-on training equips cybersecurity professionals, security assessors, and auditors with practical skills for applying the Open Security Controls Assessment Language (OSCAL) in real-world assessment and authorization workflows. Participants move beyond theory to actively codify regulations, implemented controls, and assessment results in OSCAL, enabling repeatable, automatable, and scalable security assessments. Through guided exercises and realistic scenarios, the session demonstrates how OSCAL transforms traditional, point-in-time compliance activities into data-driven, continuous assurance processes aligned with modern risk management, continuous authorization, and resilient system design.

Learning Objectives:

• Apply OSCAL fundamentals by creating, interpreting, and using OSCAL catalogs, profiles, and assessment artifacts in security assessments and audits.
• Modernize assessment and audit practices by leveraging OSCAL to automate workflows that support ongoing monitoring, improve accuracy and consistency, and enhance traceability across systems and infrastructure layers.
• Enable continuous authorization and system resilience by using OSCAL-based assessment data to continuously evaluate control effectiveness and support timely risk-informed decision-making.

System Requirements:

• Personal computer with an up to date operating system.
• Additional details will be provided prior to the event on tools that should be installed prior to the workshop.
• Enable continuous authorization and system resilience by using OSCAL-based assessment data to continuously evaluate control effectiveness and support timely risk-informed decision-making.

Prerequisites:

• Information Security & Risk Management Foundations, Security Controls and ATO workflows, and Security assessment artifacts (See NIST SP 800-37 and NIST SP 800-53).
• Participants should understand the control-based risk management model that OSCAL represents.
• Participants should be fluent in the following Domains and Required Knowledge:
• Risk: Threats, vulnerabilities, likelihood, impact, risk
• Controls: What a security control is, how it mitigates risk
• NIST: SP 800-53 control families and structure
• ATO: SSP, SAR, POA&M, continuous monitoring
• Governance: Who owns controls, who assesses, who authorizes
• Participants should understand the following concepts:
• Control IDs
• Control Enhancements
• Inheritance and overlays
• Control implementation statements
• Students must be able to answer questions like:
• What is the difference between a control and an implementation statement?
• What is the role of evidence in a security assessment?
• How does a POA&M relate to risk?
• Participants should know what the following documents represent:
• A System Security Plan (SSP)
• A Security Assessment Plan (SAP)
• A Security Assessment Report (SAR)
• A POA&M
• Basic understanding of Data Modeling, Structured Data, Schema-driven validation.
• Basic understanding of the difference between a file format and a formal data model and schemas.
• Basic understanding of XML format familiarity.
• Participants must be able to understand XML representation and scope of XSD schemas to validate structured data.

Under Attack: Rapid Incident Response When Every Minute Counts

Instructor: Inno Eroraha (NetSecurity)

It’s 9:47 AM on a Thursday morning. Your SOC is lighting up with alerts. Users across the Finance department can’t access their files. Ransom notes are appearing on desktops. Then, just as you’re mobilizing your incident response team, the DLP system flags a massive 3.2 GB data transfer to an unknown external IP that occurred overnight from an Engineering workstation while the employee was on vacation.

Your organization has been compromised with a confirmed ransomware attack and suspected data exfiltration. The executive team is demanding answers. Legal is asking about breach notification requirements. The CFO wants to know the business impact. And you’ve been called to lead the investigation.

How quickly can you determine:

• Which systems are actually compromised?
• What was the initial attack vector?
• Has the attacker established persistence?
• What data was accessed or stolen?
• Is there evidence of lateral movement to other systems?

With traditional digital forensics tools, this investigation could take days or even weeks, imaging drives, manually parsing artifacts, correlating evidence across multiple endpoints. Every hour of delay means extended downtime, continued data exposure, and mounting costs. Your organization can’t afford to wait.

This intensive 2-hour hands-on workshop puts you in the investigator’s seat during active cyber incidents. You’ll experience firsthand how modern incident response platforms like ThreatResponder enable you to conduct investigations that traditionally required 30-50 hours in just 30-60 minutes, without sacrificing thoroughness or evidentiary integrity.

Learning Objectives:

• The critical limitations of traditional DFIR tools and methodologies
• How to perform rapid multi-endpoint triage at enterprise scale
• Automated artifact collection and correlation techniques
• Building comprehensive investigation timelines across multiple systems
• Quantifying time and cost savings: the business case for platform-based IR

System Requirements:

• Laptop with Windows 10 (or 11) Virtual Machine installed (optional)
• Mobile phone with Google Authenticator app installed
• Internet connectivity

Prerequisites:

• Basic understanding of incident response concepts and Windows operating systems. No prior experience with ThreatResponder required.

Who Shoud Attend:

• Incident Response Team Members
• Digital Forensics Investigators
• SOC Analysts and Managers
• Threat Hunters
• Security Operations Leaders
• IT Security Professionals
• CISOs and Security Architects evaluating next-generation IR capabilities

Dr. Michaela Iorga
Supervisory Computer Engineer, Secure Systems and Applications Group @ NIST/ITL

Dr. Michaela Iorga is a supervisory computer scientist at the National Institute of Standards and Technology (NIST/ITL). She serves as the Strategic Outreach Director for the Open Security Controls Assessment Language (OSCAL) program, and as the senior security technical lead for cloud computing, chairing the NIST Cloud Security and Forensics Working Groups.

Dr. Iorga, a subject matter expert in cybersecurity, risk assessment, and information assurance, collaborates with industry, academia, and other government stakeholders on developing and disseminating high-level, vendor-neutral cybersecurity and forensics guidelines that meet national priorities and promote American innovation and industrial competitiveness. Dr. Iorga received her Ph.D. from the Duke University/ Pratt School of Engineering, in North Carolina, USA.

Selena Xiao
Computer Scientist @ NIST

Selena Xiao is a computer scientist at the National Institute of Standards and Technology (NIST) in the Information Technology Laboratory. She serves as part of the Open Security Controls Assessment Language (OSCAL) program team, maintaining and supporting OSCAL adoption.

Her work is focused on cybersecurity and risk assessment automation, including projects such as Cybersecurity And Privacy Open Reference Datasets IN OSCAL (CAPORDINO), a command-line data translator to generate OSCAL artifacts from NIST’s Cybersecurity and Privacy Reference Tool, and Blockchain-based Secure Software Assets Management, an implementation of OSCAL-based continuous Assessment and Authorization (A&A) in a blockchain environment.

Inno Eroraha
Founder & CEO @ NetSecurity Corporation
Inventor & Architect of ThreatResponder® Platform

Innocent “Inno” Eroraha is a renowned cybersecurity visionary with over two decades of experience solving complex security challenges. As Founder and CEO of NetSecurity Corporation, he has established the company as a leading provider of next-generation endpoint security solutions and digital forensics services.

Mr. Eroraha is the inventor and chief architect of the ThreatResponder® Platform, a unified cloud-native endpoint security solution that delivers comprehensive threat detection, threat hunting, incident response, and forensic investigation capabilities at enterprise scale. Under his leadership, ThreatResponder® ranked #1 as the endpoint security product with the lowest system performance impact in both 2024 and 2025 independent testing by AV-Comparatives, while maintaining 99.2% malware protection rates.
He personally consults with Department of Defense agencies, Fortune 500 companies, financial institutions, and government organizations to address their most challenging cybersecurity problems. NetSecurity has built industry-leading expertise in endpoint cyber resilience, forensic investigation and recovery, incident response, SOC operations, and threat hunting services.

A highly sought-after speaker and educator, Mr. Eroraha has presented at RSA, SANS, CEIC, and other major industry conferences. His innovative philosophy emphasizes the seamless integration of human expertise with machine automation to build truly cyber-resilient organizations.