Why Participate in the Forum

Andre Leduic IT Association of Canada

Amdre Ledic itac
Andre Ledic

As VP Government Relations and Policy this event will explore best practices for collaboration and measuring cyber resilience and capacity to adapt to an ever changing threat landscape.

I’ve long been a proponent for increased collaboration and a ‘whole of community’ approach to cyber security. This event will allow me to garner lessons learned and best practices from the NFPPC and bring these back to Canada.

Greg Sanker State of Oregon

As the Acting CIO and Technology Delivery Manager at Oregon Department of Administrative Services I have been working with both the National Forum for Public-Private Collaboration (NFPPC) and a working

greg sanker cio oregon
Greg Sanker

group chartered by the Department of Defense to develop supplementary guidance for cyber security to the Department of Defense Enterprise Service Management Framework (DESMF) document.


The DESMF is a public domain document I’m using as a starting point for how to include best practice security and mission elements in daily IT operations.

The NFPPC recognizes it as a foundation for public-private collaboration.

 Benefit to Department of Administrative Services (DAS) of the State of Oregon:

Collaborate with leaders in Cyber Security and IT Service Management

Learn how other government agencies (both state and federal) are addressing information security in IT operations

Shape DAS approach to information security based on real world experience of industry experts

Leverage world class expertise in information security (rather than developing our own expertise from scratch)

Establish mutually beneficial connections with leading IT and Information security experts

This is a great opportunity to further collaborate with leading experts in an area that is critically important to DAS information security.

Mike Smith Acacia Security

True public-private partnerships are the only way to achieve resilient critical infrastructure.

mike Smith CEO Acacia Secrurity
Mike Smith

I applaud the NFPPC’s goals and objectives and hope the lessons I learned at the Department of Energy will add value to its efforts. I am also anxious to learn from the experiences of other participants in this critical activity.

Mike is the Founder and Chief Executive Officer of Acacia Security, a Maryland Corporation, providing consulting services to enhance the security and resilience of Energy Sector industrial control systems. Prior to founding Acacia Security, Mike was the Senior Cyber Policy Advisor to the Assistant Secretary in the Office of Electricity Delivery and Energy Reliability at the U.S. Department of Energy. He was responsible for coordinating all ICS cybersecurity activities that could impact the Energy Sector, to include legislation, policies, public-private partnerships, threat information sharing, best practices, and research and development. Mike established and led the Cybersecurity Risk Information Sharing Program (CRISP) with the Electricity Subsector; current participants provide electric power to more than half of the continental U.S. customers.

Mike’s LinkedIn: https://www.linkedin.com/in/mike-smith-a8979554/

Acacia Security website: https://www.acaciasec.com

Blake Bommelje Novant Health

Blake Bommelje

To achieve: Novant Health is attending in the hopes of learning and discussing some ways in which the Cybersecurity Framework is being utilized to meet the needs of the cybersecurity programs in other organizations and in other industries. I’m also hoping to have a better understanding from thought leaders how they are integrating the framework within the context of changing security landscapes and NIST’s newer publications.

To offer: As one of the few healthcare entities embracing the CSF as a foundation for our Cybersecurity Program, we offer unique insights and experiences in that adoption and determining what works best for our organization and industry. We have had great wins in a world dominated by headlines of ransomware in convincing our leadership to adopt a slow-and-steady and process-focused cybersecurity program that I think could be valuable to others.