CMMI Institute

Capability Counts 2019

30 April & 1 May, 2019

Reston, VA

Register Now

Speaker Profile

Greg Witte, Senior Security Engineer


View Organization


Mr. Greg Witte, a Senior Security Engineer, supports both federal and commercial clientele, including extensive work as an Associate for the NIST IT Laboratory. Drawing on nearly 40 years' IT experience, including 25 in information security, Greg has helped to author and expand use of many recognized business and security frameworks such as the NIST Cybersecurity Framework, the NICE Workforce Framework, ISACA's COBIT, CMMI’s Cybermaturity Platform, and the Baldrige Cybersecurity Excellence Builder. As an architect of these models, Greg helps to shape and implement the concepts foundational to building a high-level structure for fostering communications, documenting good cybersecurity practices, and applying roadmaps for continuous improvement.


Evolving Security, Privacy and Data Standards

Conference Track: Building Resilience Through Greater Cybersecurity Capability

The exciting thing about governance and management of information & technology is that the industry is always changing and evolving. While the core principles haven't changed much in thousands of years, the evolution and transformation of technology itself, and the way we apply that technology, keeps us all on our toes. Notably, various standards are also evolving to keep pace, as are state, national, and international regulations for ensuring those standards are well applied. Security, privacy, and data protection are not equivalent, but there's a great deal of overlap among them. Similarly, with important and evolving regulations such as NYDFS, GDPR, and CCPA, it is more important than ever that organizations understand how to best monitor achievement and adherence to compliance requirements. The most cost-effective way to do so is to implement effective capabilities that happen to result in compliance, rather than chasing compliance for compliance-sake. In this session, we'll take a look at some emerging data protection standards and regulations, and how your organization can stay ahead of the curve.