Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Bryant University and OSHEAN
Cyber Security Exchange Day
May 25th, 2017
8:30AM – 4:00PM
Bryant University Bello Center Grand Hall
Thank you to our event Sponsors
___________________________________________________________________________________
8:30am – 9:15am
Breakfast, Registration and Opening Remarks Speaker: Rich Siedzik, , Director of Information Security and Planning/ISO, Bryant University
Speaker: Chuck LoCurto, Vice President of Information Services and Chief Information Officer, Bryant University Speaker: Dave Marble, President and CEO, OSHEAN
9:15am -‐ 10:00am
Keynote Speaker Presentation I Speaker: Etay Maor, Executive Security Advisor, IBM Topic: Getting Into The Mind of a Cybercriminal Presentation Description: We read about hacks and breaches on a daily basis -‐ attacks conducted by cybercriminals that result in millions of compromised credentials, loss of millions of dollars or denial of service attacks that can almost bring the Internet to a halt. But how do these underground groups conduct these attacks? Where do they communicate and coordinate? What products and services do they buy and sell? In this session we will dive into the world of organized cybercrime! We will learn basic hacking and OSINT (Open Source Intelligence) techniques, see how easy it is to profile and get all the information you need on your target, visit underground and dark web websites where everything from drugs and guns to identity theft and malware customization is bought and sold and get inside the mind of a cyber criminal.
Keynote Bio: Etay is an executive security advisor at IBM Security, where he leads security and fraud fighting awareness and research. A security evangelist, Etay regularly presents at industry events and academic master classes as well as volunteer for educational security awareness programs. Previously, Etay was the Head of RSA’s Cyber Threats Research Labs where he managed malware research and intelligence teams and was part of cutting edge security research. Etay holds a BA in Computer Science and a MA in Counter Terrorism and Cyber Terrorism, he was a teaching assistant at an Introduction to Cyber Security course and contributed to the ICT (International Institute for Counterterrorism) in cybersecurity and cyberterrorism topics.
10:00am – 10:30am
BREAK
Vendor Tables Lighthouse Computer Services
Cisco Cloudlock Compass IT Envision
RI State Police Joint Cyber Task Force ISACA-‐RI Varonis
10:30am -‐ 11:15am
Keynote Speaker Presentation II Speaker: Ron Zalkind, CTO and Co-‐Founder, Cloudlock Topic: The Emperor Has No Code: Security Assumptions in Today’s IT Environment Presentation Description: In the age of cloud computing and everything-‐as-‐a-‐service, is the assumption that you have visibility into traffic or content you’re trying to secure still valid? This session explores the latest trends and research about how users consume computing resources, how businesses can deploy their services more securely, and how security can regain critical visibility into connected Internet traffic. The reality is that risk in the cloud is fundamentally different from on-‐premises risk. With this increased accessibility and collaboration, conventional security tools need re-‐examination. In this session, Ron Zalkind will examine old paradigms of information security on-‐premises, demonstrate live how cloud risk is different, as well as address ways security professionals can enable their organization to embrace and leverage the benefits of cloud technologies while remaining secure and compliant.
Keynote Bio: As CTO Ron is responsible for Cloudlock’s overall technology and product vision and continuous innovation. Prior to founding Cloudlock, Ron was Director of Product Management at Interwise (acquired by AT&T), and held varied Engineering Management positions in Private and Military sectors such as the Israeli Air Force Software Development unit, where he worked on the development of mission critical intelligence systems. Ron has over 20 years of experience building complex software systems and product platforms. Ron was named a CTO of the Year Finalist for the 2014 MassTLC Leadership Awards and Winner of the 2014 Golden Bridge Awards. He has been featured in SecurityWeek, TechCrunch, Boston Business Journal, and more. Ron has spoken at Dreamforce 2014, as well as the 2014 MassTLC Security Conference: Building Security Into an Insecure World. Ron has a BA in Computer Science from the Academic College of Tel Aviv-‐Jaffa and is a graduate of MAMRAM (Elite software developer program at IDF Computer & Technology Unit)
11:15am – 12:00pm
Keynote Speaker Presentation III Speaker: Todd Knapp, Founder and CEO, Envision Technology Advisors Topic: Blockchain Explained: An examination of structure, current uses, and future applications of distributed ledger.
Presentation Description: Blockchain is a technology that’s often associated with Bitcoin. However, the two are not one and the same. Blockchain’s potential to transform commerce and digital chain of custody has been compared in magnitude to the impact of the Internet itself. So… what is Blockchain? How does it work, where is it used, and what’s the future of this technology that has everyone so excited? In this session we will explore all of these questions with an eye towards providing an easily digestible, practical explanation that will make sense to your executive teams when you repeat it later!
Keynote Bio: Todd Knapp has been providing IT services nationally for 20 years and has an extensive background in enterprise network architecture and strategic planning. Todd’s career began in the small business and non-‐ profit space, operating as an independent consultant. In 1998, he founded Envision Technology Advisors, a technology and business consulting firm that has offices in the Providence and Greater Boston areas. Since starting Envision, Todd has provided Enterprise level consulting and implementation services to a vast range of businesses including public companies, multi-‐ national banks, hospital systems, higher education institutions, and financial services organizations. Todd is a certified VMware vExpert and was recognized by the Providence Business News in the 2010 class of 40 under Forty. Todd speaks throughout New England on a number of technology topics including emerging technologies, virtualization, Internet of Things, leveraging the data economy, and integrating user psychology into IT strategic planning and services. He is also a regular contributor to industry publications and is a contributing editor to three different segments of TechTarget.
12:00pm -‐ 1:30pm Lunch
12:30pm -‐ 1:30pm
Panelist Discussion Discussion with experts on the state of Incident Response and Breach Management MODERATOR -‐ Larry Wilson, Chief Information Security Officer from UMass President's Office
Larry Wilson is the Information Security Lead for the University of Massachusetts President's Office. In this role, Larry is responsible for developing, implementing and overseeing compliance with the UMASS Information Security Policy and Written Information Security Plan (WISP). Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street. In this role he was responsible for selecting, implementing and overseeing an engineering staff who managed network security technologies / tools including vulnerability scanning, network firewalls, intrusion detection, remote access technologies, security event management tools, etc. Larry's industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International. Larry's team focused on the application level controls and general computer controls for information technology services that were implemented and managed from the MasterCard data center in St. Louis. Larry has been teaching CISA certification training for 5 years.
Adam Cottini, Managing Director Cyber Liability Practice, Arthur J. Gallagher & Co. Adam is Managing Director, Cyber Liability Practice for Arthur J. Gallagher & Co. He is responsible for the overall direction of the Cyber Liability Practice including development of state of the art product solutions, insurance gap analysis, risk exposure analysis, risk modeling, benchmarking, and best practices implementation. He has been brokering cyber liability for 12 years. From 2008 – 2014, Adam managed a diverse book of professional liability accounts for Arthur J. Gallagher & Co. consisting of Directors & Officers Liability, Employment Practices, Fiduciary Liability, Professional Errors & Omissions, Cyber Risk, and Media Liability. Adam came to Gallagher from AmWINS Brokerage of New York, Inc. where he was an Assistant Vice President within the Financial Risk Group from 2005 – 2008. His focus within AmWINS was producing and marketing Professional and Executive Liability insurance solutions for public, private, nonprofit and association entities. Prior to joining AmWINS Brokerage of New York, Adam was employed by American International Group Inc. (AIG) in the Middle Market Executive Liability Group from 2000 to 2005 as an Underwriter/Underwriting Manager. At AIG Adam shared day to day management responsibility of a large book of Executive Liability products consisting of Directors & Officers Liability, Employment Practice Liability, and Fiduciary Liability for Public, Private, and Non-‐Profit corporations. While at AIG additional emphasis was placed on
policy form analysis, education of underwriting peers, and financial analysis. Adam began his insurance career at Reliance National in 1998 in the Casualty Risk Management division underwriting Workers Compensation, General liability and Commercial Auto Liability for Fortune 1000 insureds. While at Reliance he underwent a 3 month intensive insurance training program focusing on all facets of the commercial property and casualty industry.
Linn Freedman, Chair Date Privacy & Security Team, Robinson & Cole LLP
Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. Ms. Freedman focuses her practice on compliance with all state and federal data privacy and security laws and regulations, as well as emergency data breach response, mitigation and litigation. She also counsels clients on state and federal investigations. Ms. Freeman works with companies and organizations to adopt a risk management approach to precisely frame the purpose and means for the collection, maintenance, transfer and disposal of high-‐risk data throughout their organization. She advises them to identify high-‐risk data—both paper and electronic—and to implement measures to protect it and help them develop defensible, and reasonable, approaches to comply with constantly evolving regulatory requirements and the risk of a data breach.
Hollie Lussier, EVP, Chief Risk Officer & General Counsel, Bristol Country Savings Bank
Hollie B. Lussier, Esq. is an Executive Vice President/Chief Risk Officer and General Counsel for Bristol County Savings Bank. In this capacity, Lussier is responsible for implementing an Enterprise Risk Management (EMR) strategy, handling all legal matters pertaining to the Bank, providing counsel on strategic initiative as well as ensuring adequate cybersecurity and privacy controls. Prior to her joining Bristol County Savings Bank, Lussier held the position of General Counsel with AAA Southern New England/AAA Southern New England Bank in Providence, Rhode Island. Previously, she had worked in several capacities over a ten-‐year period for Citizens Financial Group, Inc. in Providence, including Senior Counsel, Senior Vice President and Head of Business Services for RBS Legal, Americas and Senior Counsel, Vice President and Head of Business Services with Citizens Legal. Lussier also served as Vice President and Counsel for Bank of America Corporation in Boston, Massachusetts. Lussier’s professional affiliations include membership in the Rhode Island Bar Association, the Massachusetts Bar Association and the American Bar Association. Active in the community, she currently is a member of the Strategic Planning Committees for Care New England and is also a member of the Leadership Counsel for the Arthritis Foundation, New England Region. Lussier was also recently involved in a leadership capacity with the Ocean State Theatre Company, Warwick, Rhode Island and the annual Women’s Summit held at Bryant University, Smithfield, Rhode Island. Lussier earned her Juris Doctor degree at Roger Williams University School of Law, Bristol, Rhode Island and her bachelor’s degree from Providence College. She also received an Advanced Leadership Development Program certificate from Babson College, Wellesley, Massachusetts and completed Lean Six Sigma Green Belt training. Lussier resides in North Kingstown, Rhode Island. In her free time, she enjoys fitness and sailing on the bay with her husband.
Jason Pufahl, CISO, University of Connecticut Jason Pufahl is the Chief Information Security Officer for the University of Connecticut. He has 20 years of infrastructure and information security experience and has spent the last 10 years dedicated to information security and privacy. He has responsibility for information security for the institution, encompassing security awareness and training, disaster recovery, risk management, identity management, security policy and regulatory compliance, security analytics, and controls implementation. Jason works closely with both the administrative and academic areas of the University. He is a member of the University’s Data Governance Committee, Joint Audit and Compliance Committee, and Public Safety Advisory Committee. He is also member of the University IRB with a primary focus of improving data privacy and security practices related to institutional research. Jason has a Master’s in Education Technology and has a passion for professional development, security training and awareness. He designed and ran an information security and awareness game called HuskyHunt, founded the Connecticut Higher Education Roundtable on Information Security (CHERIS) to provide a quarterly forum for sharing of best practices in the field of information security targeted at higher education institutions in Connecticut and is active in the security community nationally.
1:30pm -‐ 2:00pm
BREAK
Vendor Tables Lighthouse Computer Services
Cisco Cloudlock Compass IT Envision
RI State Police Joint Cyber Task Force ISACA-‐RI Varonis
2:00pm -‐ 2:55pm
Breakout Session Round I Choice One Room – Academic Innovation Center – RM 222 Speaker Name: Patrick Laverty, Security Consultant, Rapid7
Topic: Your Web Applications, From a Pentester's Point of View
Presentation Description: You've heard about the OWASP Top 10, you're worried about SQL injection, cross site scripting and similar things. But what do they look like in your real web apps? What types of bad things can happen? And what about all those other things that can happen to your web applications? We will try to cut through the FUD (Fear, Uncertainty, Doubt) and talk about some of the things that I see on a daily basis as a professional penetration tester and get some tips on how to better secure your sites.
Speaker Bio: Patrick is a professional penetration tester working for Rapid7. He also runs the local OWASP and DC 401 chapters in Rhode Island. (Please join us at either or both!) He has also worked in the CSIRT for Akamai Technologies and spent 12 years as an application developer at Brown University. He has helped to organize BSides Boston and BSides Rhode Island conferences and has been a presenter at conferences also talking about web application security. He's a big Bruins and Red Sox fan and is training to ride 100 miles on a bicycle this summer, for some crazy reason.
-‐-‐-‐ Choice Two Room – Bello Grand Hall Speaker Name: Rich Siedzik, Director of Information Security and Planning/ISO, Bryant University
Topic: Red-‐Team Blue-‐Team: What Does a Very Determined Adversary Look Like?
Presentation Description: If your organization has yet to conduct a real-‐world red-‐team blue-‐team exercise, hear what it takes to develop, plan, coordinate and most importantly, control the engagement from end-‐to-‐end. Understand the value proposition, the risks you agree to assume, and the potential collateral damage or side-‐effects you may not have thought about, but should. This type of exercise lengthens the limits of vulnerability and penetration testing, and is a mindset shift for an operations team, from unadventurous incident prevention to new age incident detection and handling.
Speaker Bio: Rich is the Director of Information Security and Planning/ISO at Bryant University. He is responsible for the administration of the University's comprehensive information security program. Before assuming the role of ISO he was Director of Computer and Telecommunications Services at Bryant, where he provided direction and oversight of core technologies and service groups. Prior to joining Bryant, he spent a number of years in both technical and supervisory roles in the electric utility industry. He holds a M.S. in Information Systems from Bryant University.
-‐-‐-‐ Choice Three Room – Academic Innovation Center – RM 223 Speaker Name: William Young, Global Security Architecture Team, Cisco
Topic: Cisco SAFE -‐ Building (or Rebuilding) your Security Architecture
Presentation Description: Cisco has recently updated the SAFE program from a network design guidance, to a capabilities driven security architecture methodology. William Young, a security architect with Cisco’s Global Security Architecture Team will discuss how the new Cisco SAFE process, helps you create a shared design method between the "Security", "Network", "Operations" and "Leadership" teams to ensure that the right capabilities are introduced into the infrastructure in the right places. Whether you're competing for resources, have segments of the network scattered across a campus, around the world, or in the cloud, SAFE will help you identify the security concerns you have, alongside the operational goals you need to maintain so the right decisions are made for the right reasons. Best part of all, it's vendor agnostic!
Speaker Bio: William Young is a Technical Solutions Architect at Cisco. My career focuses on developing an understanding of how security solutions must advocate, protect and ensure business success. In 2001, I shifted a background in security architecture into security solution sales, intent on helping customers address not just specific security needs, but unique value benefits from well-‐deployed solutions. Having guided customers through compliance needs, cyber warfare and threat response, SOC operations, and outcome based security architecture, I focus on integrating security capabilities to maximize security and operational outcomes.
3:00pm -‐ 3:55pm Breakout Session Round II Choice One Room – Grand Bello Hall Speaker Name: Adam Cravedi, VP Information Security Practice/Partner, Compass IT Compliance
Topic: Anatomy of a Hack
Presentation Description: In this session, Adam Cravedi from Compass IT Compliance will discuss the “Anatomy of a Hack” and how bad actors are exposing the human element of Information Security to gain entry to an organization's network, the steps that hackers use to get sensitive information out of the organization, and some tips/strategies that you can implement to further protect the sensitive information that your organization possesses.
Speaker Bio: Adam Cravedi is an original member of Compass IT Compliance, LLC. He brings over 26 years of experience in the Information Technology arena including Financial, Higher Education and Healthcare industries to the Compass team. He holds a Masters of Science in Management Operations and Information Technology and a Bachelors of Science in Electrical Engineering both from Worcester Polytechnic Institute. Mr. Cravedi has worked in the IT Services arena since 1989 and during his career has provided solutions in the Financial, Health Care, Higher Education, and Small Business sectors. As a Senior IT Auditor for Lighthouse Computer Services, he headed up the PCI ASV scanning and Internal/External Vulnerability and Penetration testing functions for the organization. He also contributed to PCI, IT and Information risk and security audits. His work includes the role of Information Security Officer where he developed an in-‐depth Information Security Program that included Information Security Awareness Training as a baseline for information security for the organization and their employees. He also has extensive experience in planning, directing and implementing large scale Information Technology projects including WAN/LAN infrastructure, Information Systems architecture, VMware, Storage, Security and Compliance. Additionally, Mr. Cravedi has been involved in the planning, coordinating and execution of several Business Continuity and Disaster Recovery projects.
-‐-‐-‐
Choice Two Room – Academic Innovation Center – RM 222 Speaker Name: Ryan Heidorn, System Engineer, Varonis
Topic: The Enemy Within: Understanding Insider Threats
Presentation Description: Let’s admit that there are too many people on the inside with access to data they don’t need and that no one is watching them. How do we monitor data access to catch and correct deviations that violate policy? Can we automatically detect data not being used or in the wrong place and properly disposition it? Ransomware should be a wakeup call. We need to protect our organizations’ assets from the inside out.
Speaker Bio: Ryan Heidorn teaches cyber security at Endicott College, is a systems engineer for Varonis Systems, and is a managing partner at the tech-‐consulting firm Steel Root. A frequent speaker on the subjects of data privacy and security, Ryan is an advocate, somewhat paradoxically, of the need for both open access and digital privacy. He and his family hang their tinfoil hats in Salem, MA.
-‐-‐-‐
Choice Three
Room – Academic Innovation Center – RM 223 Speaker Name: Todd Knapp, Founder and CEO, Envision Technology Advisors
Topic: After the Conference: A practical approach to cybersecurity in your organization
Presentation Description: “Cyber” is a huge topic and conferences on the subject can be overwhelming. Over the course of the conference, presenters will have provided you with lots of detail about specific facets of this immense subject area. That’s important, but if we’re honest with ourselves, the reason we’re interested in the first place is to determine what we need to do to craft our own cyber strategies within our organizations. This session will focus on how to do just that. We’ll talk about the key components of an effective Cyber strategy and will discuss the specific actions you should take to harden your organization appropriately. This will be a session meant to provide meaningful solutions that you can action immediately around IT Governance Policy implementation, endpoint control, staff security posture training and measurement, and 3rd party validation of your systems.
Speaker Bio: Todd Knapp has been providing IT services nationally for 20 years and has an extensive background in enterprise network architecture and strategic planning. Todd’s career began in the small business and nonprofit space, operating as an independent consultant. In 1998, he founded Envision Technology Advisors, a technology and business consulting firm that has offices in the Providence and Greater Boston areas. Since starting Envision, Todd has provided Enterprise level consulting and implementation services to a vast range of businesses including public companies, multinational banks, hospital systems, higher education institutions, and financial services organizations. Todd is a certified VMware vExpert and was recognized by the Providence Business News in the 2010 class of 40 under Forty. Todd speaks throughout New England on a number of technology topics including emerging technologies, virtualization, Internet of Things, leveraging the data economy, and integrating user psychology into IT strategic planning and services. He is also a regular contributor to industry publications and is a contributing editor to three different segments of TechTarget.
4:00pm
End