SUMMIT - sans.org · Agenda All Summit Sessions will be held in the Astor Ballroom (unless noted). All approved presentations will be available online following the Summit at

@SANSInstitute #SANSBreachSummit

Program Guide

S U M M I T

Data Breach Summit 2018

@SANSInstitute | #SANSBreachSummit

Summit SessionsLocation: Astor Ballroom

August 20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9:00 am – 5:30 pmAugust 21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9:00 am – 5:00 pm

Summit PresentationsAll approved Summit presentations will be uploaded to sans.org/summit-archives/cyber-defense

Summit EvaluationsPlease take the time to fill out each day’s evaluations . We use your feedback to ensure we’re meeting the needs of the community and our speakers are delivering information you can apply the day you get back to the office .

Summit BreaksLocation: Astor Foyer

August 20 Morning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10:30 – 10:50 am Lunch & Panel Discussion . . . . . . . . . . . . . . . . . . . . . . 12:10 – 1:15 pm Afternoon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:00 – 3:10 pm

August 21 Morning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10:30 – 10:50 am Networking Lunch . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12:30 – 1:30 pm Afternoon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:25 – 3:45 pm

SUMMIT INFORMATION

SUMMIT CHAIRS

Benjamin Wright SANS Senior Instructor

@benjaminwright

Eric Zimmerman SANS Certified Instructor

@EricRZimmerman


Monday, August 20 | 5:30 pm – 7:00 pm | Location: Promenade – 9th Floor

Unwind from a packed day of Summit content and join your fellow attendees for networking, food, and drinks .

SUMMIT NETWORKING RECEPTION

AgendaAll Summit Sessions will be held in the Astor Ballroom (unless noted).

All approved presentations will be available online following the Summit at https://www.sans.org/summit-archives/cyber-defense

Monday, August 20 7:00-8:30 am Registration & Coffee (LOCATION: ASTOR FOYER)

8:30-8:45 am Welcome, Overview & Summit Roadmap Benjamin Wright, Attorney in Private Practice; Senior Instructor, SANS Institute Eric Zimmerman, Senior Director, Kroll; Certified Instructor, SANS Institute

8:45-9:30 am Keynote: Response to High-Profile Incidents A company often needs to minimize and control any immediate public comment on a data

breach or security incident . But what if news of the incident hits the media outlets nearly immediately, requiring you to quickly develop public statements while simultaneously trying to figure out exactly what happened? Do you “spin” the story to protect the impacted organization or do you say “no comment” and leave everybody guessing, or do you do something else? This opening talk will look at a few recent high-profile incidents and how the impacted organizations responded when their incident became a lead news story .

Marc Sachs, CSO, Coventry Computer; Former CSO, North American Electric Reliability Corporation (NERC)

Investigation and Notification of Data Breaches: A Global Perspective Laws including the new General Data Protection Regulation (GDPR) require organizations to

give notice of data breaches . This session will consider how those laws are interpreted and enforced in practice . It will consider procedures for authorities to discover details about how an organization investigated and evaluated a suspected breach and then decided whether notice was required . It will consider methods for maintaining confidentiality of investigations . The discussion will include the possibility for class actions, collective actions or other private lawsuits to enforce law related to data breaches . We’ll examine the topic from three perspectives, with attorneys from continental Europe, the UK, and the US .

9:30-10:00 am Investigation and Notification of Data Breaches Alexander Blumrosen, KAB Avocats Associés, France

10:30-10:50 am Networking Break (LOCATION: ASTOR FOYER)


Monday, August 20 10:50-11:10 am Investigation and Notification of Data Breaches: A U.S. Perspective Melinda L. McLellan, Partner, BakerHostetler

11:10 am – 12:10 pm Legal Investigation and Notification of Data Breaches: A Global Perspective After hearing each of the three perspectives on the topic, Ben Wright will lead an interactive

panel discussion . MODERATOR:

Benjamin Wright, Attorney in Private Practice; Senior Instructor, SANS Institute PANELISTS:

Alexander Blumrosen, Attorney, KAB Avocats Associés (France) Melinda L. McLellan, Partner, BakerHostetler James A. Sherer, Partner, BakerHostetler

12:10-1:15 pm Lunch & Panel Discussion: Information Sharing: How ISACs Help with Incident Response Numerous industries have their own Information Sharing and Analysis Centers (ISACs). This

panel of experts will share stories and opinions about best practices for drawing upon ISACs before, during, and after a cybersecurity incident.

MODERATOR: Benjamin Wright (@benjaminwright), Esq., Senior Instructor & Summit Co-Chair, SANS Institute PANELISTS:

Peter Falco, Director of Broker-Dealer Services, FS-ISAC Joshua Singletary, CIO, NH-ISAC

1:15-2:00 pm How Management Absorbs Information During a Cyber Event The Analyst: Here we go again . Another cyber event and the suits are interrupting the

investigation and asking what IOC stands for . The Leader: Here we go again . Another cyber event and the techies are speaking Greek when I

need information . Sound familiar? Of course it does; this isn’t a unique scenario . Cyber events are fast-paced,

high-stress scenarios where information is constantly evolving . Suddenly, the security team is in the limelight and being asked to provide technical information in business terms . Meanwhile, leadership is being pressured to provide answers to the Board, the customers, and the media . How can these two groups work together in this scenario to get leadership the necessary information without derailing the investigation? In this session, Sara Hall, the former CISO of the U .S . Department of Health and Human Services, will cover topics including:

• Understanding perspectives from each side • What each side should be asking for • What each side should be prepared to provide • How to prepare before an actual cyber event Sara Hall, Chief Operating Officer, NH-ISAC; Former CISO, U.S. Department of Health and

Human Services


Monday, August 20 2:00-3:00 pm Incident Response: From Basics to Best Practices Two seasoned incident responders will share case studies and hard-earned wisdom, and get you

prepared to get hands on with a simulated incident . Lucie Hayward, Managing Consultant, Investigations & Disputes, Kroll Mike Quinn, Director – Cyber Risk, Kroll

3:00-3:10 pm Networking Break (LOCATION: ASTOR FOYER)

3:10-5:30 pm Workshop: Data Breach Advanced Exercise When many smart people are in the same room, everyone can learn from everyone else . Leaders

will walk the assembled Summit participants through a realistic, challenging case scenario for enterprise management that faces a cyber crisis . The scenario will raise a thicket of technical, practical, legal, and public communications issues . As these issues come up, the floor will be open for questions, discussion and debate . Participants will evaluate the options available to management and learn by living through a simulated experience with peers and experts .

Lucie Hayward, Managing Consultant, Investigations & Disputes, Kroll Mike Quinn, Director – Cyber Risk, Kroll

5:30-7:00 pm Networking Reception (LOCATION: PROMENADE – 9TH FLOOR)


Thank you for attending the SANS Summit. Please remember to complete your evaluations for today.

You may leave completed surveys at your seat or turn them in to the SANS registration desk.

Tuesday, August 218:00-9:00 am Registration & Coffee (LOCATION: ASTOR FOYER)

9:00-9:45 am Keynote: Model-Driven Security: It’s Closer Than You Think This session will offer an explanation of model-driven security, its implementations, and

its implications . This model is not limited to large, sophisticated enterprises . You’ll gain an understanding of why the growth of unconventional controls using models will continue .

Jim Routh, CISO, Aetna

9:45-10:30 am Beauty & The Breaches: One Organization’s Journey Towards a Culture of Confidentiality For the Henry Ford Health System, privacy and cybersecurity has been a journey of continuous

quality improvement and team collaboration . As Henry Ford’s Privacy and Security Team expanded its scope over the course of seven years, multiple incidents and response plans netted beautiful results .

Join Meredith Harper for this engaging session that will review the beauty that can come out of each breach . Harper will share her perspective as a Chief Information Privacy and Security Officer, providing a window into how breaches have led to dramatic process improvements, and how people, processes, and technology were put into place to continuously develop a culture of confidentiality at the Henry Ford Health System .

Meredith Harper, Chief Information Privacy & Security Officer, Henry Ford Health System

10:30-10:50 am Networking Break (LOCATION: ASTOR FOYER)

10:50-11:45 am Getting Data Breach Right: Lessons Learned from Fighting in the Cyber Trenches The call comes in from the FBI . A customer . Your IT Director . You have a problem . Your data, your

customers’ data, has been exposed . For sale . Locked down . Two servers are impacted . No wait, it’s forty-two…

You’ve been breached . For years now, this story has been repeating itself in retail store chains, health care systems,

fast food restaurants, and other enterprises . In response, enterprises have upped their game, investing billions of dollars to improve cyber defense towards becoming increasingly cyber resilient . But even the best-laid plans – the best IPS, the best end-point protection, the best employee anti-phishing training and awareness campaigns – aren’t fool-proof . That’s why it is so important to be prepared to get a data breach “right” if and when it happens to your organization .

In this impactful session, John Ansbach will discuss the lessons Stroz Friedberg has learned over the years about how to get data breach response right, as a “first responder” in the US and globally . Through a discussion of real-world examples of fighting in the data breach trenches, John will reveal keys to a successful response while also highlighting some not-so-obvious not-to-do’s and derailers to avoid . He’ll also discuss the evolution of breach response and the ways in which companies are revising and innovating their approach to executing an effective response to cyber crises .

This session is designed to be a focused discussion surrounding actionable insights and practical ideas for those tasked with managing and mitigating data breaches within their organizations . If you are trying to up your game and prepare for cyber crisis, you won’t want to miss it .

John Ansbach, Vice President – Engagement Management, Stroz Friedberg, an Aon Company


Tuesday, August 2111:45 am-12:30 pm Crossing Borders: Managing a Security Incident Across Multiple Collaborating Organizations How often does a security incident or breach response cover four different organizations? It

can and does happen in university environments, where multiple stakeholders are involved in sensitive research . When it does happen, there are not just local security and privacy officials to coordinate but also the urgent question of who is in charge of the response . This presentation will provide the story of a real incident, the bumps, twists and turns, and, after the smoke clears, the lessons learned, both from risk management and regulatory compliance perspectives . You’ll leave with key guidance on how to address this risk through relationships between information security professionals in the various collaborating entities involved .

Thomas Siu, CISO, Case Western Reserve University

12:30-1:30 pm Networking Lunch (LOCATION: ASTOR BALLROOM)

1:30-2:05 pm Global DFIR in a Fractured World: Challenges in Managing International Incidents Despite decades of efforts to foster frictionless global trade and finance, the truly vital currency

of our global economy – data – seems harder to move across borders than ever . While data protection and privacy laws have always varied from country to country, Edward Snowden’s revelations about data collection and mining by government intelligence agencies along with rising alarm regarding how global technology juggernauts like Facebook and Google are using (or abusing) personal data has given us a more fractured set of rules to follow as DFIR practitioners . Failure to recognize and heed applicable laws and restrictions when planning and carrying out an incident response protocol can put you in the cross-hairs of a local regulator that may not take kindly to you moving data across borders – even if your purpose is purely benign . The kinds of issues that can catch even seasoned first-responders off guard include export controls that can apply to certain forensic tools and technology, challenges getting specialized equipment and personnel into or out of certain countries (hint: Pelican cases can attract unwelcome attention at the airport) . In other situations, even when you try to do everything “by the book” and work in cooperation with local law enforcement, unexpected problems can arise (and in some cases, guns can even be drawn) .

This talk will use specific examples and rely on the speaker’s experience with cross-border incident response and forensics to illuminate pitfalls and try to provide some best-practices guidance on how to respond with necessary urgency and confidence while still staying on the right side of the law .

R. Jason Straight, Senior Vice President, Cyber Risk Solutions, UnitedLex Corporation

2:05-2:40 pm Don’t Panic! Tales from the Front Lines In a time of crisis, the last thing you should do is overreact . To determine if there was an actual

breach, you need a plan, clear thinkers, and decisive advisors . Mary N. Chaney, Esq., CISSP; Former Director – Worldwide Information Security, Johnson & Johnson


Tuesday, August 212:40-3:25 pm Talking to the Techs: Asking the Right Questions If (when) you suffer a breach, you’ll need to respond appropriately, and immediately . But you’ll

also have to retrace your steps to root out the causes . Every contact leaves a trace, and digital forensics professionals can unearth artifacts to help determine causes, fix the vulnerabilities to mitigate additional damage, and provide evidence you’ll need if further legal action becomes necessary . But how can you collaborate with the digital forensic examiners when you don’t have a deep understanding of the technology? Summit co-chair Eric Zimmerman, instructor of SANS’s FOR508: Advanced Digital Forensics, Incident Response and Threat Hunting course, author of X-Ways Forensics Practitioner’s Guide, and a former Special Agent with the FBI, will break it down for you . Learn the lingo, familiarize yourself with the kinds of forensic artifacts you’ll need in a breach situation, and hone the skill of asking for what you need in a way that enables your cybersecurity team to deliver .

Eric Zimmerman, Senior Director, Kroll; Certified Instructor, SANS Institute

3:25-3:45 pm Networking Break (LOCATION: ASTOR FOYER)

3:45-4:30 pm Developing the Human Sensor Far too often we discuss breaches only in terms of technology . And yet people are often one

of the most powerful tools organizations have in detecting a breach . Learn how you can create a trained workforce to quickly identify and report an incident, improving your ability to both respond to and manage a breach .

Lance Spitzner, Director, SANS Security Awareness

4:30-5:00 pm Summary Remarks Eric Zimmerman, Senior Director, Kroll; Certified Instructor, SANS Institute


Thank you for attending the SANS Summit. Please remember to complete your evaluations for today.

You may leave completed surveys at your seat or turn them in to the SANS registration desk.

S P E A K E R S

John Ansbach, Vice President – Engagement Management, Stroz Friedberg, an Aon Company John Ansbach serves as a Vice President of Engagement Management in Stroz Friedberg’s Dallas office . In support of his clients, which include Fortune 500 companies, law firms, federal, state and local entities and foundations, John provides proactive cybersecurity risk mitigation services . He also supports his clients in responding to information security incidents, directing and managing digital forensic investigations, and in handling electronic discovery matters overseeing data collection and processing projects . John is a 21-year litigator with more than 10 years of litigation experience and another 10 years of experience serving as a Chief Legal Officer and General Counsel to companies with national and international footprints . Prior to joining Stroz, he was General Counsel for a global technology systems integrator that supported commercial enterprises with cybersecurity, cloud, unified communication and networking, storage and compute solutions . John is a Certified Information Privacy Professional for the U .S . private sector (CIPP/US) and a cum laude graduate of Texas A&M University where he earned a Bachelor’s of Science degree in Economics . He earned his law degree from the University of Texas School of Law in Austin .

Alexander Blumrosen, Attorney, KAB Avocats Associés, France Alex is an American attorney admitted to the Bars of Paris and New York . He specializes in the litigation and arbitration of international disputes in the technology space . Formerly with Shearman & Sterling and Paul, Weiss, and a partner with the French firm Bernard-Hertz-Béjot for 25 years, he has a broad international commercial law practice focused on litigation of business disputes and in the technology industry .

Mary N. Chaney, Esq., CISSP®; Former Director – Worldwide Information Security, Johnson & Johnson Mary N . Chaney, Esq ., CISSP, has over 20 years of progressive experience within the fields of Law, Information Security, Privacy and Risk Management . She graduated from Xavier University in Cincinnati, Ohio with her B .S .B .A in Information Systems and received her J .D . degree from Thurgood Marshall School of Law . Ms . Chaney spent several years practicing law in Washington, DC focusing primarily on anti-trust and intellectual property rights infringement cases . She then transitioned to serve her country by becoming a Special Agent for the Federal Bureau of Investigation (FBI) where she investigated cybercrime and served as their Information Systems Security Officer . She obtained her Certified Information Systems Security Professional (CISSP) certification in 2008 . In her corporate career, she has held senior level information security roles with Comcast, Johnson & Johnson and GE Capital . Ms . Chaney also held a post as an adjunct professor with the University of Cincinnati where she assisted with the establishment of their Cybersecurity Certificate program . Currently, Ms . Chaney practices cyber security law for her own firm, The Law Offices of Mary N . Chaney, P .L .L .C . where she specializes in helping the CIO, CISO and General Counsel understand each other to legally protect the enterprise from cyber security risk .

Peter Falco, Director of Broker Dealer Services, FS-ISAC Peter Falco is the director of broker dealer services of the Financial Services Information Sharing and Analysis Center (FS-ISAC) . For over a decade, Peter served as a SVP and Technical Officer for Roosevelt & Cross Inc ., a broker dealer based in New York City . At Roosevelt & Cross, Peter oversaw all of the firm’s technology – including voice, data, software development, and network systems – as well as being a co-author of the firm’s business continuity plan . Peter has worked in a variety of other technology management roles with UPS, IBM, and Prudential and is an honored graduate of Saint Peter’s College in Jersey City, New Jersey .


S P E A K E R S

Sara Hall, Chief Operating Officer, NH-ISAC; Former CISO, U.S. Department of Health and Human Services Sara Hall has spent her career in the Cybersecurity field and is now the Chief Operating Officer for the National Health ISAC (NH-ISAC), a non-profit working for the cyber protection of healthcare as part of the Nation’s critical infrastructure . In this role, she drives operations and cybersecurity solutions that improve security for the healthcare sector . Sara also serves on the Strategic Advisory Board of the International Consortium of Minority Cybersecurity Professionals (ICMCP), a non-profit working to bring more minorities and women into the field of cybersecurity . Previously, Sara served as the Chief Information Security Officer (CISO) for health intelligence biotech company, Human Longevity, Inc ., and before that as CISO for the U .S . Department of Health and Human Services (HHS) . Prior to coming on as the COO of the NH-ISAC, Sara served on the Board of Directors of the NH-ISAC . In all of her roles, response to cyber events has been a common refrain . The gaps between cyber response and leadership response are a challenge for every organization and Sara has lessons learned and successful approaches to offer .

Meredith R. Harper, MHSA, CHC, CHPC, HCISPP, ITIL Chief Information Privacy & Security Officer, Ford Healthcare System Meredith joined Henry Ford Health System in 2003 as their first Chief Privacy Officer . Over her 24-year career, she has emerged as a strategic leader who is not just interested in processes, goals and objectives but most of all she is passionate about her greatest assets…her human capital . Her success has been attributed to her ability to manage large-scale complex projects that cross-functional areas within integrated delivery systems and health plans while advancing the skill sets of her team members . As the industry has evolved, so has her areas of responsibilities and in 2012 her role was expanded to include leadership responsibilities for Information & Network Security, Privacy & Security Risk Management as well as Identity & Access Management . As Chief Information Privacy & Security Officer, she has responsibility for the protection of Henry Ford’s provider, insurance, retail and research businesses . Her sensitivity to the operational needs of these various businesses helps her guide the objectives of her team to ensure that the operations are successfully married with the technology or regulatory requirements . Meredith is an active member of the Health Care Compliance Association and the International Association of Privacy Professionals, is certified as a HealthCare Information Security & Privacy Practitioner through the International Information System Security Certification Consortium, Inc . and is a Certified Information Security Manager through the Information Systems Audit and Control Association . She is a member of HIMSS, CHIME, Inforum, the PHI Protection Network, the Michigan Council of Women in Technology, Information Technology Senior Management Forum, Association for Executives in Healthcare Information Security, America’s Health Insurance Plans, InfraGard, the Information Systems Audit and Control Association and Walsh College IT/Cybersecurity Advisory Board . Meredith serves as a Governing Body Co-Chair for the Detroit CISO Executive Summit and a member of the Health Information Technology Commission for the State of Michigan . She is the immediate past Chair of the Michigan Healthcare Cybersecurity Council and the immediate past President of the Medical ID Fraud Alliance . Meredith is passionate about empowering women and minorities to embark upon careers in technology especially in information security where those populations are not very well represented . She serves on several advisory boards in support of that passion and she has a unique perspective she enjoys sharing with others . She has also served her community for almost 27 years through her Diamond Life membership in Delta Sigma Theta Sorority, Inc . Meredith is a proud alumna of the University of Detroit Mercy where she received her Master’s in Health Services Administration and her Bachelor of Science in Computer Information Systems . She is an avid supporter of her alma mater’s mission and serves on the advisory boards for the Center for Cyber Security & Intelligence Studies and the Health Information Management program . She is currently enrolled at Loyola Chicago School of Law where she is pursuing her Master’s of Jurisprudence in Health Law .


S P E A K E R S

Lucie Hayward, Director, Cyber Risk, Kroll Lucie Hayward is a Director with Kroll’s Cyber Risk practice, based in the Nashville office . With certifications from leading cyber security and project management organizations, Lucie has wide-ranging experience in project management, security administration, security awareness and training, and incident response . In her current role, she manages incident response, forensics, and consulting projects for Kroll’s clients . Lucie additionally advises clients on best practices in incident response planning with the goal of improving their ability to detect and respond to a cyber incident . She also frequently plans and executes tabletop exercises to assist clients in validating and testing their plans .

Melinda L. McLellan, Partner, Baker & Hostetler Melinda McLellan works with clients to navigate complex privacy, cybersecurity and data management issues in a rapidly evolving regulatory environment . She counsels companies of all sizes across multiple industry sectors, helping them identify, evaluate and manage the myriad compliance obligations associated with corporate privacy and information security practices . Melinda regularly advises on the creation, development and implementation of global privacy and security policies, standards, procedures and guidelines, as well as company codes of conduct and employee privacy training programs . Attentive to her clients’ business needs, Melinda’s proactive approach favors pragmatic, forward-thinking compliance strategies that emphasize prevention and mitigation of privacy and data security risks . Melinda counsels clients on regulatory compliance strategies and best practices for private-sector use of cloud computing solutions, biometric authentication, facial recognition technology, geolocation tracking systems, mobile applications, behavioral marketing tools, social media platforms, data analytics services and other emerging technologies . She also develops and implements EU General Data Protection Regulation (GDPR) compliance programs for numerous US and international organizations, including GDPR applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, selection of Data Protection Officers, and employee training .

Jim Routh, CSO, Aetna Jim Routh is the Chief Security Officer and leads the Global Security function for Aetna . He is Chairman of the NH-ISAC Board, serves on the Board of the National Cyber Security Alliance and is a member of the Advisory Board of the ClearSky Security Fund . He is on the Advisory Committee for the UC Berkeley Center for Long-Term Cybersecurity . He previously served as a Board Member of the FS-ISAC . He was formerly the Global Head of Application and Mobile Security for JP Morgan Chase . Prior to that he was the CISO for KPMG, DTCC and American Express and has over 30 years of experience in information technology and information security as a practitioner, management consultant and leader of technology, analytic and information security functions for global firms .

Mike Quinn, Director, Cyber Risk, Kroll Michael Quinn is an associate managing director with Kroll’s Cyber Risk practice . He joined Kroll from the Federal Bureau of Investigation (FBI), where he most recently served as a Supervisory Special Agent in the Cyber Division . Michael managed a variety of state-sponsored and criminal intrusion matters for several FBI field offices and was responsible for some of the first-ever indictments against state-sponsored cyber attackers .


S P E A K E R S

Marc Sachs, CSO, Coventry Computer Marcus (Marc) Sachs is the Chief Security Officer of Coventry Computer, a startup in stealth mode, where he is responsible for overall corporate security policy and strategy . He is a retired US Army officer, was a White House appointee in the George W . Bush administration, and prior to joining Coventry was the Senior Vice President and Chief Security Officer at the North American Electric Reliability Corporation . Prior to NERC he was Verizon’s Vice President for National Security Policy . Marc directed the SANS Internet Storm Center in 2003-2010 and has co-authored several books on information security . He holds degrees in Civil Engineering, Computer Science, and Technology Commercialization . He is a licensed Professional Engineer in the Commonwealth of Virginia .

James A. Sherer, Partner, BakerHostetler James is a Partner in BakerHostetler’s New York office, where he chairs the Information Governance practice team and serves as a member of the E-Discovery and Management and Privacy and Data Protection groups . His work focuses on litigation; discovery management processes; enterprise risk management; records and information governance; data privacy, security, and bank secrecy; technology integration issues; artificial intelligence; and related merger and acquisition diligence . Prior to joining BakerHostetler, James worked as in-house litigator with a Fortune 500 company . James holds an MBA, his CIPP/US, CIPP/E, CIPM, and FIP data privacy professional credentials, the CIP and IGP information governance designations, and the CEDS eDiscovery specialist credential . James is a fellow of the American Bar Foundation and a member of The Sedona Conference® Working Groups One, Six, and Eleven . He is also a member of the New York State Bar Association EDiscovery Committee as well as the New York eDiscovery Counsel Roundtable . James is admitted to practice in New York, Washington DC, and Michigan .

Josh Singletary, CIO, NH-ISAC Josh Singletary has over 15 years of public- and private-sector business experience spanning information technology and cybersecurity leadership, executive management, and technical experience and expertise including supporting cybersecurity protection and information for the nation’s health sector and other national critical infrastructures and development and adoption of cyber resilience best practice principles . He’s also been heavily involved with government coordination and collaboration directly with the U . S . Department of Homeland Security (DHS), the National Institute for Standards & Technology (NIST), the U .S . Department of Health and Human Services (HHS), NASA/Kennedy Space Center and state governments .

Thomas Siu, CISO, Case Western Reserve University Tom directs the CWRU Information Security Office, with responsibility for information security programs, security operations, identity management, and IT policy . Tom specializes in risk management practice, security strategy, emergency operations (including BCP and DR), and FISMA security adaptations in a research-intensive educational environment . Current CWRU activites include deployment of multifactor authentication, IT strategic planning, and deployment of a Security Fusion Center . Tom also is active in addressing U .S . policy with regard to information security and higher education . He is part of the leadership team of the Northeast Ohio Cyber Consortium, a cross-channel security threat sharing organization . He serves as co-chair of the Technologies, Operations and Practices Working Group for EDUCAUSE, and is a graduate of the MOR Advanced Leadership Program . Tom is a past officer of the Executive Council for Northeast Ohio InfraGard . He holds a SANS GSEC Gold Certification and serves on the GIAC Advisory Board, and a participant in REN-ISAC .


S P E A K E R S

Lance Spitzner, (@lspitzner), Director, SANS Security Awareness Lance Spitzner has over 20 years of security experience in cyber threat research, awareness and training . He invented the concept of honeynets, founded the Honeynet Project and published three security books . Lance has worked and consulted in over 25 countries and helped over 350 organizations plan, maintain and measure their security awareness programs . In addition, Lance is a member of the Board of Directors for the National Cyber Security Alliance, frequent presenter, serial tweeter and works on numerous community security projects . Before working in information security, Mr . Spitzner served as an armor officer in the Army’s Rapid Deployment Force and earned his MBA from the University of Illinois .

Jason Straight, Chief Privacy Officer/SVP - Cyber Risk Solutions, UnitedLex Jason Straight has been managing information security risks, data breach incidents, data privacy obligations, and complex e-discovery challenges for over a decade . He frequently writes and speaks about topics related to data privacy, cybersecurity, data breach response and forensics . Previously, he led the cybersecurity practice of a leading global investigations and cybersecurity company .

Benjamin Wright, Attorney in Private Practice; Senior Instructor, SANS Institute An attorney in private practice, Benjamin Wright teaches the SANS Institute’s Legal 523 course titled “Law of Data Security and Investigation .” Wright is the author of several technology law books, including Business Law and Computer Security, published by SANS . Mr . Wright advises many organizations, large and small, on privacy, e-commerce, cyber security, and e-mail record retention and has been quoted in publications around the globe, from the Wall Street Journal to the Sydney Morning Herald . Mr . Wright is known for spotting and evaluating trends, such as the rise of whistleblowers wielding small video cameras .

Eric Zimmerman, Senior Director, Kroll; Certified Instructor, SANS Institute When Eric Zimmerman was a Special Agent with the FBI, one of his responsibilities was managing on-scene triage . He identified several gaps in an existing process and started creating solutions to address them . What began as building and expanding a few live response tools took Eric down a path that eventually led to him writing more than 50 programs that are now used by nearly 8,800 law enforcement officers in over 80 countries . Much of Eric’s work involved designing and building software related to investigations of sexual abuse of children . In a single year, Eric’s programs led to the rescue of hundreds of these children . As a result, in May 2012, Eric was given a National Center for Missing and Exploited Children’s Award, which honors outstanding law enforcement professionals who have performed above and beyond the call of duty . Eric was also presented with the U .S . Attorney’s Award for Excellence in Law Enforcement in 2013 . Today, Eric serves as a Senior Director at Kroll in the company’s cybersecurity and investigations practice . At SANS, he teaches the FOR508: Advanced Digital Forensics, Incident Response and Threat Hunting course, and is a two-time winner of the SANS DFIR NetWars Tournament (2014, 2015) . Eric is also the award-winning author of X-Ways Forensics Practitioner’s Guide, and has created many world-class, open-source forensic tools . Eric is a sought-after instructor and speaker who brings expertise in the cyber realm, complex law enforcement investigations, computer forensics, expert witness testimony, computer systems design, and application architecture to his work and classroom .


N O T E S

Tactical Detection & Data AnalyticsSummit & Training

Scottsdale, AZSummit: Dec 4-5 Training: Dec 6-11

sans.org/DetectionSummit

Arlington, VASUMMIT: Jan 21-22TRAINING: Jan 23-28

“ The SANS Cyber Threat Intelligence Summit is the most pertinent and relevant CTI conference available to intelligence professionals.” -Craig Barrington, GDS sans.org/CTI-Summit

For more information on speaking at an upcoming summit or sponsorship opportunities, e-mail SANS at [email protected]. Visit sans.org/summit for detailed summit agendas as they become available.

Upcoming Summit & Training Events

Advancing Cybersecurity Through Collaboration

Threat Hunting & Incident Response New Orleans, LA | Sep 6-13

Cyber Threat Intelligence Washington, DC | Jan 21-28, 2019

Alaska Anchorage, AK | September 10-15

Open-Source Intelligence (OSINT) Washington, DC | Feb 25 - Mar 3

Oil & Gas Cybersecurity Houston, TX | Oct 1-6

ICS Security Orlando, FL | Mar 18-24

Secure DevOps Denver, CO | Oct 22-29

Blue Team Louisville, KY | Apr 11-18

Pen Test HackFest Bethesda, MD | Nov 12-19

Cloud Security San Jose, CA | Apr 29 - May 6

Tactical Detection & Data Analytics Scottsdale, AZ | Dec 4-11

Digital Forensics & Incident Response Austin, TX | Jul 25 - Aug 1

Documents

SUMMIT - sans.org · Agenda All Summit Sessions will be held in the Astor Ballroom (unless noted). All approved presentations will be available online following the Summit at