New for 2024, presented September 17, the day before ICMC. This optional special-focus event will help you prepare now for the threat posed by future quantum computers. This special-focus event will include important, actionable information for anyone concerned with cybersecurity in a data-dependent enterprise.
Click Here for the PQ Cyber Day Agenda
Conference Sessions
Bayshore Foyer
Gateway Ballroom
Moderator: Erin Connor, Consultant, Program Director, ICMC
09:00 Welcome Address (P10a) Yi Mao, CEO and Managing Director, atsec information security corp, United States
09:05 Government Keynote: PQC Roadmap for the Federal Government (P10b) Garfield Jones, Associate Chief of Strategic Technology, Cybersecurity and Infrastructure Security Agency (CISA), United States
09:40 Industry Keynote: The Post-Quantum Question (P10c) Nick Sullivan, Co-Chair, Crypto Forum Research Group (CFRG), Co-Chair, Internet Research Task Force (IRTF) and Principal, Cryptography Consulting, United States
Bayshore Ballroom
Certification Programs (C11) Validation Program Updates |
Moderator: Juan Gonzalez, Laboratory Director, Teron Labs, Australia |
11:00 CMVP Program Update (C11a) David Hawes, CMVP Program Manager, National Institute of Standards and Technology (NIST), United States; Alex Calis, CMVP Deputy Program Manager (US), National Institute of Standards and Technology, United States; Kailai Chen, CMVP Program Manager (Canada), Canadian Centre for Cyber Security (CCCS), Canada
11:30 CMVP Program Future Plans and Issues (C11b) David Hawes, CMVP Program Manager, National Institute of Standards and Technology (NIST), United States; Kailai Chen, CMVP Program Manager (Canada), Canadian Centre for Cyber Security (CCCS), Canada; Alex Calis, CMVP Deputy Program Manager (US), National Institute of Standards and Technology, United States
12:00 NIAP Policy 5 and Equivalency Updates (C11c) Jon Rolf, Director , NIAP National Security Agency (NSA), United States; Edward Morris, CST Lab Manager, Gossamer Security Solutions, United States
Embedded/IoT (E11) Selected Topics |
Moderator: Dr. Seth Nielson, Founder and Chief Scientist, Crimson Vista, United States |
11:00 NIST SP800-90B Certifiable Software-Based TRNG for Embedded Systems (E11a) Tesfa Mael, Embedded/Software Systems Engineer, wolfSSL, United States
11:30 Stirring the SBOM Soup with FIPS (E11b) Loren Shade, VP of Marketing, Allegro Software, United States
12:00 Scaling IoT Security Assessment and Certification with EN 17927 (SESIP) (E11c) Olivier Van Nieuwenhuyze, Vice Chair and Security Task Force Chair, GlobalPlatform, United Kingdom
Open-Source Cryptography (S11) Updates and Strategies |
Moderator: Luis Alfonso Garcia, Cybersecurity Operations Manager, DEKRA, United States |
11:00 Strategies for Evaluating Open-Source Cryptography (S11a) Javed Samuel, Vice President Crypto Services, NCC Group Cryptography Services, United States
11:30 Update on PKCS #11 3.2 (S11b) Robert Relyea, OASIS PKCS #11 Co-chair, Red Hat, United States
12:00 OpenSSL Roadmap Update (S11c) Neil Horman, Software Engineer, OpenSSL Software Services, United States
Bayshore Ballroom
Certification Programs (C12) Relationships and Entropy |
Moderator: Juan Gonzalez, Laboratory Director, Teron Labs, Australia |
13:30 Navigating Vendor and Lab Relationships: Best Practices and Lessons Learned from FIPS 140-3 (C12a) James Dean, Deputy Lab Manager, UL Solutions, Canada
14:00 Entropy Reviewer Panel (C12b) Leader: Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology (NIST), United States; Timothy Hall, Security Testing, Validation, and Measurement Manager National Institute of Standards and Technology (NIST), United States [60 MIN]
Crypto Technology (G12) Cloudy Update Insights |
Moderator: Yi Mao, CEO and Managing Director, atsec information security corp, United States |
13:30 Insights from Automated Large-Scale Analysis of FIPS 140 Certificates (G12a) Adam Janovský, PhD Candidate, Masaryk University, Czechia
14:00 NIST SP 800-38 Series: Status Update on Block Cipher Modes of Operation (G12b) Nicky Mouha, Researcher, Strativia, United States
14:30 FIPS 140-3 in the Cloud: Practical Strategies from a Real-World Case Study (G12c) Brandon Harvey, Principal Security Analyst, Oracle, United States
Open-Source Cryptography (S12) In Practice |
Moderator: Valerie Fenwick, Current Co-Chair of the PKCS#11 Standard, United States |
13:30 From Challenges to Solutions: The Evolution of OpenSSL Governance (S12a) Anton Arapov, Operations Director, OpenSSL, Czechia
14:00 A Further Practical Guide for Proactive Key Management and PQ Readiness Using KMIP (S12b) Tony Cox, Consultant, TC Logic, Australia
14:30 Building an Open-Source FIPS Soft-Token in Rust (S12c) Simo Sorce, Distinguished Engineer, Red Hat, United States
Bayshore Ballroom
Certification Programs (C13) International Updates |
Moderator: Brian Wood, Program Manager for Security Certifications, Google, United States |
15:30 Cryptographic Evaluation in Europe Is Now a Reality: The Spanish Case (C13a) Juan Martínez, Crypto Manager, jtsec Beyond IT Security, Spain
16:00 Panel: The Upcoming ISO/IEC 19790:2024 (C13b) Leader: Yi Mao, CEO and Managing Director, atsec information security corp, United States; Graham Costa, Security and Certifications Manager, Thales, United Kingdom; Carolyn French, CMVP Program Manager, Canadian Centre for Cyber Security, Canada; Margaret Salter, Director of Applied Cryptography, AWS, United States; Timothy Hall, Security Testing, Validation, and Measurement Manager National Institute of Standards and Technology (NIST), United States; Jon Rolf, Director , NIAP National Security Agency (NSA), United States [60 MIN]
Crypto Technology (G13) Authentication, Metrics, and Gaps |
Moderator: Loren Shade, VP of Marketing, Allegro Software, United States |
15:30 Machines Do Not Have Thumbs: Multifactor Authentication for Non-Humans (G13a) Marcos Portnoi, Lab Director & CISO, atsec information security corp, United States
16:00 Security Metrics in Pre-Silicon Processor and System Design (G13b) William Santiago, Distinguished Research Scientist and Manager, IBM, United States
16:30 Bridging the FIPS 140-3 Gap: Insights from Multiple Module Gap Analyses with a Vendor Perspective (G13c) Jennifer Brady, Senior Principal Security Analyst, Oracle, United States
Open-Source Cryptography (S13) Support and Validation |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
15:30 Supporting OpenSSL Providers from a Fork (S13a) Watson Ladd, Principle Software Engineer, Akamai Technologies, United States
16:00 Taking OpenSSL3 to FIPS 140-3 (S13b) Randall Steck, Founder/CEO, Symbiotic Systems Research, LLC, United States; Steve Weymann, Co-Founder, KeyPair Consulting Inc., United States
16:30 OpenSSL FIPS Validation Updates (S13c) Apurva Varalikar, Laboratory Manager, Acumen Security, United States
A free event for conference registrants. During the ICMC opening reception, FIPS-certified product developers will have the opportunity to receive a commemorative certificate from NIST and receive of photograph of the presentation. Click here for complete information.
Separate registration required. Enjoy an informal group dinner and drinks at The Littlest Little Italy with your ICMC colleagues. Reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group Wednesday at 18:30 at the ICMC registration desk in the foyer and depart from there.
Conference Sessions
Bayshore Ballroom
Crypto Technology (G20) Vendor Viewpoints |
Moderator: Valerie Fenwick, Current Co-Chair of the PKCS#11 Standard, United States |
09:00 High Availability Cryptography and FIPS (G20a) Alicia Squires, Principal FIPS Technical Program Manager, Amazon Web Services (AWS), United States; Swapneela Unkule, CST Lab Manager, atsec information security corp, United States
09:30 Cryptographic Agility and Key Rotation (G20b) Sophie Schmieg, Information Security Engineer | ISE Crypto, Google, United States
10:00 Cloud Sourced Security (G20c) Anna Johnston, Cryptographer (Principal Engineer), Juniper Networks, United States
Post-Quantum Crypto (Q20) Quantum-Safe Issues |
Moderator: Johannes Lintzen, Director Business Development, PQShield, United States |
09:00 Multimodal Cryptography: A Defense-in-Depth Approach to Quantum-Safe Security (Q20a) Tony Rosati, evolutionQ, Canada
09:30 Panel: Mapping the Path to Quantum Resilience: How to Navigate an Expanded Cryptographic Menu (Q20b) Leader: Bruno Couillard, CEO, Crypto4A Technologies, Canada; Jeff Anderson, Senior Staff Software Engineer, Google, United States; Michele Mosca, Co-founder and CEO, evolutionQ, and Co-founder, Institute for Quantum Computing, Canada; Margaret Salter, Director of Applied Cryptography, AWS, United States [60 MIN]
RBG/Entropy (N20) Everything Entropy |
Moderator: Brian Wood, Program Manager for Security Certifications, Google, United States |
09:00 Practical Guide to Entropy (N20a) Lisa Rabe, Security Research Engineer, Cisco Systems, United States
09:30 A Practical Guide to Entropy Noise Sources (N20b) Richard Fant, Security Researcher, Intel, United States
10:00 Post-Processing Algorithms and Conditioning Functions for Entropy Sources (N20c) Johannes Mittmann, Mathematician, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States
Bayshore Ballroom
Crypto Technology (G21) Select Topics |
Moderator: Dr. Seth Nielson, Founder and Chief Scientist, Crimson Vista, United States |
11:00 The Hitchhiker’s Guide to FHE (G21a) Sandra Guasch Castelló, Staff Privacy Engineer, SandboxAQ, Spain
11:30 `unsafe` Cryptography: Common Vulnerabilities in Modern Programming Languages (G21b) Paul Bottinelli, Technical Director, Cryptography Services, NCC Group, Canada
12:00 How Will Post Quantum Cryptosystems Fail? (G21c) Phillip Hallam-Baker, Consultant, Hallam-Baker Consulting, United States
Post-Quantum Crypto (Q21) Selected Topics |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
11:00 The First NIST PQC Standards (Crypto Module Edition) (Q21a) Lily Chen, Mathematician, NIST Fellow, United States
11:30 Striking a Balance: Utilizing Hardware Intrinsics for Accelerating Post-Quantum Cryptography (Q21b) David Hook, VP Software Engineering, Legion of the Bouncy Castle, Keyfactor/Legion of the Bouncy Castle, Australia
12:00 All the Things PQ – End-to-End PQ-Secure FIDO2 Protocol (Q21c) Nina Bindel, Staff Researcher, SandboxAQ, Germany
RBG/Entropy (N21) New and Old RNGs |
Moderator: Marcos Portnoi, Lab Director & CISO, atsec information security corp, United States |
11:00 XDRBG – A New Lean DRBG (N21a) Stephan Mueller, Principal Consultant, atsec information security corp, United States; John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States
11:30 Panel: Standardization of Random Number Generators–Perspective from BSI and NIST (N21b) Leader: John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States; Stephan Mueller, Principal Consultant, atsec information security corp, United States; Werner Schindler, Head of Section, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany [60 MIN]
Bayshore Ballroom
Certification Programs (C22) Vendor and Lab Perspectives |
Moderator: Shawn Geddis, Katalyst LLC, United States |
13:30 FIPS Everywhere – Can We Do It? (C22a) Margaret Salter, Sr Principal, Cryptography, AWS, United States
14:00 If I Led the CMVP: Thoughts for the CMVP from Labs and Vendors (C22b) Leader: David Hawes, CMVP Program Manager, National Institute of Standards and Technology (NIST), United States; Swapneela Unkule, CST Lab Manager atsec information security, United States; Ryan Thomas, Director, Lightship Security, Canada; Steve Weymann, Co-Founder, KeyPair Consulting Inc., United States; Trish Wolff, Leader FIPS Certifications, Cisco Systems, United States [60 MIN]
Post-Quantum Crypto (Q22) Post Quantum and HSMs |
Moderator: Reza Azarderakhsh, Professor, Florida Atlantic University, and CEO, PQSecure, United States |
13:30 NIST NCCoE PQC Migration HSM Interoperability Testing (Q22a) Jim Goodman, Chief Technology Officer and Principal Security Architect, Crypto4A Technologies, Canada
14:00 Panel: HSMs & Post-Quantum: Can They Keep Up? (Q22b) Leader: Bruno Couillard, CEO, Crypto4A Technologies, Canada; Jim Goodman, Co-Founder, Chief Technical Officer, Crypto4A Technologies, Canada; Dr. Jake Massimo, Applied Scientist, AWS Post Quantum Cryptography, United States; Stuart Moskovics, Security Engineer, Google, United States; Roberto Quinones, Enterprise Architect, Intel, United States; John O’Connor, VP Product Management, Crypto4A Technologies, Canada [60 MIN]
RBG/Entropy (N22) Practical Entropy |
Moderator: Marcos Portnoi, Lab Director & CISO, atsec information security corp, United States |
13:30 DRNG Trees and RBGC Constructions (N22a) Werner Schindler, Head of Section, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States
14:00 Developing a Stochastic Model for a Ring Oscillator and Determination of Correlation Between Ring Oscillators (N22b) Steele Myrick, Entropy Analyst, Corsec Security, United States
14:30 SP 800 90C and a Case for Extensions to ESVP (N22c) Simon Rix, FIPS Lab Manager, Intertek EWA-Canada, Canada
Bayshore Ballroom
Certification Programs (C23) Selected Topics |
Moderator: Shawn Geddis, Katalyst LLC, United States |
15:30 Dedicated Security Component – A FIPS Module in the CC World (C23a) Brian Wood, Program Manager for Security Certifications, Google, United States; Joachim Vandersmissen, Deputy CC Lab Manager atsec information security, United States
16:00 A Funny Thing Happened on the Way to the Test Lab (C23b) Seamus Mulready, Cryptographic Security Tester (FIPS), Lightship Security, Canada
16:30 Quantum Entropy: Emerging Uses for Advancing Threats (C23c) Michael Redding, CTO, Quantropi, Canada
Post-Quantum Crypto (Q23) Interoperability and Transition |
Moderator: David Schwaderer, CEO, ShapeShift Ciphers, United States |
15:30 PQC Interoperability Project (Q23a) John Gray, Senior Principal Software Applications Developer, Entrust, Canada
16:00 Panel: Crypto Agility in Post-Quantum Cryptography: How to Transition Smoothly (Q23b) Leader: Marcos Portnoi, Lab Director, atsec information security corp, United States; Jai Arun, Head of IBM Quantum Safe Product Management & Strategy; Russ Housley, Owner, Vigil Security; Jim Goodman, Co-Founder, Chief Technical Officer, Crypto4A Technologies; Lily Chen, Mathematician, NIST Fellow, United States [60 MIN]
RBG/Entropy (N23) Health Tests and ESV Trends |
Moderator: Simon Rix, FIPS Lab Manager, Intertek EWA, Canada |
15:30 The SP800-90B Approved Health Tests and Their Cutoffs (N23a) Joshua Hill, Information Security Scientist, KeyPair Consulting, United States
16:00 Health Testing with Sample Variance (N23b) Yvonne Cliff, Senior Research Engineer, Teron Labs, Australia
16:30 Trends of the ESV Submissions to Date (N23c) Chris Bell, Security Engineer, Intertek Acumen, United States
Conference Sessions
Bayshore Ballroom
Certification Programs (C30) Selected Topics |
Moderator: Yi Mao, CEO and Managing Director, atsec information security corp, United States |
09:00 Making Sense of the FIPS 140 Validation Review Queue (C30a) Chris Brych, Senior Principal Security Analyst, Oracle, Canada
09:30 Panel: NCCoE Automation of Module Validation Project (AMVP) (C30b) Leader: Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology (NIST), United States; Walker Riley, IT Security Consultant, atsec information security corp, United States; Raoul Gabiam, Principal Cloud and Cybersecurity Engineer, MITRE, United States; Courtney Maatta, Senior Customer Solutions Manager, Amazon Web Services (AWS), United States; Stephan Mueller, Principal Consultant, atsec information security, United States; Barry Fussell, Principal Engineer, Cisco Systems, United States; Alex Calis, CMVP Deputy Program Manager (US), National Institute of Standards and Technology, United States [60 MIN]
Post-Quantum Crypto (Q30) Real World Issues |
Moderator: Simo Sorce, Distinguished Engineer, Red Hat, United States |
09:00 Applied PQC – Deploying Stateful Hash-Based Signature Algorithms in Distributed Environments (Q30a) Nils Gerhardt, CTO, Utimaco, Germany
09:30 Towards a Quantum-Secure Future: Exploring QKD as a Complement to PQC (Q30b) Marc Wehling, Evaluator, TÜV Informationstechnik, Germany
10:00 Post-Quantum Cryptographic Hardware Engineering (Q30c) Reza Azarderakhsh, Professor, Florida Atlantic University, and CEO, PQSecure, United States
Implementing Crypto Cybersecurity (U30) Common Modules |
Moderator: Loren Shade, VP of Marketing, Allegro Software, United States |
09:00 Vulnerability Handling in Common Criteria (U30a) Daniel O’Loughlin, Vice President Engineering, Qualcomm Technologies, United States
09:30 Panel: Certifications and Common Modules – A Story of Collaboration, Capability, and Change (U30b) Leader: Trish Wolff, Leader FIPS Certifications, Cisco Systems, United States; Clint Winebrenner, Technical Leader. Product Certifications, Cisco, United States; Patricia Karpus, FIPS Manager – Engineering Leader, Cisco, United States; Len Prince, Security Research Engineer, Cisco, United States; Norman Ashley, Software Engineering Technical Lead, Cisco, United States [60 MIN]
Bayshore Ballroom
Certification Programs (C31) Hardware Concerns |
Moderator: Brian Wood, Program Manager for Security Certifications, Google, United States |
10:45 Side-Channel Vulnerabilities, a Closer Look at NIST Standardization (C31a) Sven Bettendorf, Lead Expert for Quantum Technologies, TÜV Informationstechnik, Germany
11:15 Hardware Equivalency for Single-Chip Modules (C31b) Swapneela Unkule, CST Lab Manager, atsec information security corp, United States; Yann L’Hyver, Engineer, Senior Staff, Qualcomm Technologies, Inc., United States
11:45 Physical Security of Single Chips (C31c) Renaudt Nunez, Senior IT Security Consultant, atsec information security corp, United States
Post-Quantum Crypto (Q31) Timing and Inventories |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
10:45 Tooling for Detecting Timing Leaks (Not Only) in Quantum-Safe Implementations (Q31a) Basil Hess, Senior Research Engineer, IBM Research, Switzerland
11:15 Panel: How to Make the Most Out of Cryptographic Inventories for Your Organization (Q31b) Leader: Ryan Hurst, Advisor, SandboxAQ, United Kingdom; Najwa Aaraj, CEO, Technology Innovation Institute (TII); Garfield Jones, Associate Chief of Strategic Technology, Cybersecurity and Infrastructure Security Agency (CISA); Lily Chen, Mathematician, NIST Fellow, United States [60 MIN]
Implementing Crypto Cybersecurity (U31) Selected Topics |
Moderator: Loren Shade, VP of Marketing, Allegro Software, United States |
10:45 Fighting Deepfakes Thru Provenance Attestation (U31b) Asaf Shen, Senior Director for Product Management, Qualcomm Technologies, Inc., United States
11:15 Supporting OpenSSL3 Providers Architecture in Restrictive OSes (e.g., iOS) (U31b) Alexander Zaslavsky, Lead SW Eng, SafeLogic, Spain
11:45 PQKMS: Provably Zero-Trust, Attribute-Based Key Management System (U31c) Yogesh Swami, CTO, SecureSubstrates, United States
Bayshore Ballroom
Fir Room
Certification Programs (C32) Components |
Moderator: Sowndar Gopi, Security Engineer, Intertek – Acumen Security, United States |
13:30 Module Component Pre-Validation Packages: Enhancing Reusability for Scalable Certifications (C32a) Graham Costa, Security and Certifications Manager, Thales, United Kingdom
14:00 Decoupling Applets from Smart Card/Java Card Validations (C32b) Apurva Varalikar, Laboratory Manager, Acumen Security, United States
14:30 The Workflow and The Whack—Implementing On-HSM Custom Firmware (C32c) Richard Williamson, Principal Member of Technical Staff – GP HSMs, Utimaco, United States
Post-Quantum Crypto (Q32) Post Quantum Considerations |
Moderator: Janssen Liston, Sr Dir Sales, PQShield, United States |
13:30 A Gentle Introduction to Lattice Cryptanalysis (Q32a) Daniel Shiu, Chief Cryptographer, Arqit Quantum, United Kingdom
14:00 Challenges and Solutions for Implementing Post-Quantum Algorithms in FIPS Modules (Q32b) Michael Hamburg, Manager Security Engineering, Rambus, United States
14:30 Considerations for Deploying PQC Algorithms at Scale (Q32c) Dr. Jake Massimo, Applied Scientist, AWS Post Quantum Cryptography, United States
Implementing Crypto Cybersecurity (U32) In the Field |
Moderator: Loren Shade, VP of Marketing, Allegro Software, United States |
13:30 Modes of Operation for Digital Signature Schemes (U32a) Dr. Burt Kaliski Jr., Senior Vice President and Chief Technology Officer, VeriSign, United States
14:00 ISO, X9 and Payment Security (U32b) Richard Kisley, Chief Engineer, IBM HSM, United States
14:30 Medical Device Cybersecurity (U32c) Arnab Ray, Director of Cybersecurity (Product and Manufacturing), Abbott Labs, United States
Bayshore Ballroom
15:15 International Cryptographic Module Validation Recognition Arrangement (a la CCRA) – Is it possible? What would it need? (P33a) Leader: Shawn Geddis, Owner, Katalyst, LLC, United States; Laurie Mack, Director Security & Certifications, Thales Group Canada, Canada; David Hook, VP Software Engineering, Legion of the Bouncy Castle, Keyfactor/Legion of the Bouncy Castle, Australia; Manish Upasani, Global Head of Product, Utimaco, United States; Najwa Aaraj, CEO, Technology Innovation Institute (TII)