Agenda
Bonus Session
September 16, 2025 | 1:00–2:00 pm
A Primer on Entering and Operating in the FOCI World: A Practical, Updated Roadmap to FOCI Requirements, Risks, Mitigation Agreements and DCSA’s Jurisdiction
This bonus session is included in the main conference registration fee.

Flip through our conference brochure and discover what’s new this year.
Download Brochure
Day 1
September 29, 2025
Registration and Continental Breakfast
Close of Pre-Conference Primer
Main Conference
INTERVIEW
Current DCSA Expectations: The 5-Year Strategic Plan for 2025-2030 and 3 Tactical Priorities
Navigating Proposed 847 Revisions: Creating Processes and Protocols for Expanded Reporting Requirements

Paul MichaelsChief Security OfficerFortinet Federal, Inc.

Robert RixmannVice President, SecurityLeonardo DRS

Kevin SweeneyBoard Member/Proxy HolderElement U.S. Space and Defense
The Defense Counterintelligence and Security Agency (DCSA) FOCI evaluation which previously, was only required for contractors and subcontractors that are performing classified work, has expanded to all contractors that hold certain contracts more than $5 million. There are several factors that companies should consider with the proposed implementation of the DoD’s new FOCI reporting requirements applicable to non-classified contracts.
- Understanding commercial product or commercial service determination made by the contracting officer in accordance with FAR 2.101 and question requests about beneficial ownership when that determination has been made
- With its expanded FOCI review, when will DCSA create new templates that are tailored to mitigating FOCI unrelated to classified contracts
- Determining which FOCI companies, non-FOCI companies, public trust contracts and third-party contractors are subject to increased scrutiny
- Anticipating DCSA’s expectations and guidance
- Analyzing the need for an Electronic Communication Monitoring Plan, or a Quality Management Plan, or an export license
- Monitoring international suppliers and evaluating supply chain security and resiliency
Networking Break
Mitigation Strategies: How DCSA is Now Expanding its Scope and Increasing Requirements for Special Board Resolutions

Norman E. PashoianSenior Industrial Security AdvisorWhite & Case LLP

Richard RayFSO / TCO / ITPSOEutelsat America Corp.
- Analyzing how DSCA is now reviewing Board Resolutions, how requirements are changing and which types of companies are now affected
- Examining the requirements for a Board Resolution, and when the foreign entity does not own voting stock enough to elect a representative to the company’s governing board
- How to handle a cleared subsidiary when the parent company has a small-percentage of foreign ownership
- Determining which tools are (and aren’t) necessary in a mitigation, such as proxies, board resolutions and company service arrangements
- Addressing when an investor has a right to a board seat, but is not exercising their right, and documenting it for DCSA
Back by popular demand! Delegates are invited to break out into smaller group discussion tables to trade experiences and lessons learned for confronting the challenges of maintaining security standards amid a remote and hybrid workforce. Facilitators will guide the conversation to identify the latest best practices. Delegates are encouraged to choose their preferred table topic, and to move between tables during the discussion.
- TABLE ONE Visit Requests: Routine vs Non-Routine, In Person vs VTC
- TABLE TWO Email Reviews: Best Practices for How to Set up Your Review Processes Via Different Methodologies
- TABLE THREE Insider Threat: How are You Safeguarding Access and Information?
Close of Day One
Day 2
September 30, 2025
Registration and Continental Breakfast
Parent Company Perspectives: How Investors and FOCI Mitigated Partners Successfully Operate Under FOCI Mitigation Arrangements

Jennifer BrownDirector of Security & FSO/TCOiDirect Government

Anthony FadelGeneral Counsel & SecretaryST Engineering

Mark HounsellChief Legal and Compliance Officer and Corporate SecretaryCAE
- Implications of the FOCI mitigation arrangement in relation to the cleared subsidiary’s business operations
- Parent/affiliate relationships with Outside Directors or Proxy Holders and cleared subsidiary C-suite
- Balancing group business goals/strategy/procedures versus FOCI mitigation requirements
HYPOTHETICAL EXERCISES AND AUDIENCE POLLING
The Increasing Overlap of CFIUS and DCSA Jurisdictions: Special Considerations for Filing, Reviewing and Transaction Due Diligence

Michael BarbaHead of Regulatory Security Compliance and CFIUS Security OfficerNokia of America Corp.

Tom BrewerVice President, Security and ComplianceTAD PGS, Inc.

Jason GarkeyChief Security OfficerMomentus
This session will guide you through the latest in how current CFIUS regulatory dynamics intersect with DCSA compliance. Delegates will participate in anonymous live polling as well as hypothetical exercises for enhanced learning and benchmarking.
- Examining new forms, commitment notices, and processes for both CFIUS and DCSA
- How does CFIUS involvement affect DCSA timelines
- Assessing the key provisions of the recent CFIUS reform (FIRRMA)
- Understanding how FOCI blends into the CFIUS review process, and the risks of undue transaction delays
- Identifying and addressing FOCI issues during due diligence and in transaction documents
- Analyzing the effects that FIRRMA has on companies at varying points in the FOCI mitigation and CFIUS approval processes
- Developing a strategy for managing the FOCI and CFIUS processes in tandem
- Best practices for coordinating with government, transaction parties, and outside counsel
Networking Break
The Evolving Role of General Counsel in FOCI-Mitigated Companies: First-Hand Insights into the Bigger Picture of FOCI Mitigation

James DevlinCorporate CounselNTT DATA Federal

Mark DewittChief Legal Officer, General Counsel and SecretaryGardaWorld Federal Services

Matthew MadaloSenior Vice President – General Counsel, Chief Compliance Officer and Corporate SecretarySiemens Government Technologies
- The relationship between DCSA and the company, and dos and don’ts of working with DCSA
- CFIUS LOA FOCI Agreement, with controls, restrictions, audits, and penalties
- Becoming FOCI proficient and detecting and handling FOCI concerns in the initial stages
- Implementing a FOCI mitigation agreement with fewer resources
- Budgeting and the business impact of FOCI mitigation on possible delays to company operations
- Utilizing legal counsel and FSO expertise vs. when to hire a consultant
Networking Luncheon
HYPOTHETICAL EXERCISES AND AUDIENCE POLLING
Simplifying and Baselining Your Affiliated Operation Plan (AOP): Practical Takeaways for Mitigating and Managing Affiliated Operations

Wayne BellucheVice President & Chief Security OfficerElbit Systems of America

Erin BruceNational Security AdvisorSquire Patton Boggs

Jason WelchChief Technology & Security OfficerAustal USA
- Best practices and pitfalls to avoid when drafting and submitting an AOP, including:
- Describing services: Who is providing the affiliated operation, to whom, and the costs and benefits
- Implementing services: How will affiliated operations be implemented and are they mandatory?
- Technology: What is being utilized, who has ownership, types of information being shared, and frequency of interaction
- What to ask your security committees
- How companies can manage the financial burden
- Customizing your AOP
- Key strategies for mitigating and managing affiliated operations
- Effective tactics for handling and reducing risks in affiliated operations
- DCSA compliance and enhanced efficiency
- Developing internal steps to ensure you are properly mitigating potential risks, including:
- Review of services: internal steps to ensure compliance with mitigating procedures, and how the FSO and Technology Control Officer (TCO) can work together to ensure compliance
Perspectives from Outside Directors and Proxy Holders: How Outside Directors Are Now Approaching Their Roles to Meet DCSA Expectations

Ric HelthallOutside Director and Government Security MemberShiver Security Systems

Curtis H. Chappell, ISP®Vice President, SecurityThales Defense & Security, Inc.
- Discussing what qualifications or criteria make for a good outside director and proxy holder
- How to meet government expectations and annual reporting standards
- Meeting expectations for site visits and how DCSA now supervises compliance
- How to support your FSO in ascertaining priorities
- Knowing when your company is a target for a security threat
- How (and how not) to address compliance concerns and issues as they arise
Networking Break
HYPOTHETICAL EXERCISES AND AUDIENCE POLLING
Classified Contracts and CUI: What DCSA Now Requires in a FOCI Mitigated Landscape

Darrall HendersonPresidentKaba Mas LLC

H. Boyd Green IVPartnerKirkland & Ellis
- Paraphrasing information that is passed to affiliates about classified contracts
- Establishing networking and IT requirements and how to separate the network CUI from affiliate companies
- Determining who has access when a global company has different subsidiaries
- Ensuring continuous auditing and compliance
- Examining who has access to what when employees have dual citizenship
- Reviewing the requirements when your classified documents are off site
The Nuanced Role of the National Interest Determination (NID): How Companies are Now Structuring and Implementing Mitigation Agreements and Addressing Expected (and Unexpected) Challenges

Alex VenezianoChief Administrative OfficerAirbus Space and Defense

Margaret M. CassidyManaging Attorney Cassidy Law LLC
- Determining when a NID’s required
- What is a NID?
- When is it required: Accessing classified information under a US Government contract
- Procedures For obtaining a NID
- Initiating the NID through a Government Contracting Activity (GCA)
- Coordinating with DCSA NID requests from contracting officers, program managers, etc.
- Getting entities controlling the classified information to participate in the decision making
- Defining the procedures around who makes the decision based on the information to be shared
- Determining if the NID covers a program, a project or be contracts specific
- Understanding that a NID is not the tool for disclosing classified information to a foreign government but to a US Government contractor
- Going over step by step the procedural path
- Working with your GCA to put a complete package together
- What does a package require?
- How to prepare an effective package