Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Business [clear filter]
Thursday, June 8
 

11:00am

Can Game Theory Save Us from Cyber Armageddon?
What can the movies "War Games" and Doctor Strangelove" teach us about avoiding a cyber Armageddon? The Mutual Assured Destruction (MAD) doctrine, first introduced in the 1960s, is largely attributed with preventing any full-scale conflicts between the United States and the Soviet Union. MAD was part of U.S. strategic doctrine which believed that nuclear war could best be prevented if neither side could defend itself against the other's missiles. Although not talked about very much today, the ghost of MAD and the lessons it teaches remain even if people would rather not think about it. Join this interactive session as we explore the parallels and learn the lessons of the MAD doctrine as it applies to cyber warfare today. It’s the same thing that the computer Joshua learned, the only way to win in cyber warfare is not to play.

Speakers
avatar for Barry Kouns

Barry Kouns

CEO, Risk Based Security, Inc.
Barry Kouns is CEO and principal consultant for Information Security Program services at Risk Based Security, Inc., an information security, threat intelligence, and risk management consultancy. Barry's experience includes information security consulting, risk assessment and quality management. Barry has provided training, procedure development and pre-certification consulting services resulting in the successful ISO/IEC 27001 certification of more than three dozen organizations. | | He has earned a B.S. in Statistics from Virginia Tech and a M.S. in Industrial Engineering Management from North Dakota State University. He has earned the CISSP designation, is a trained ISO /IEC 27001:2013 Auditor... Read More →


Thursday June 8, 2017 11:00am - 11:50am
Ballroom

1:00pm

Defend the Defenders: Managing and Participating in Excellent Teams
Response teams apply threat models to protect an organization's goals and to determine which controls are important to defend organizational interests. But defensive teams themselves are under threat: working in emergency response takes its toll on individuals. Budgets, over-commitment, urgency, and crisis all put a great deal of pressure on incident responders. This presentation will examine "threats against the goals of the SIRT itself" for managers and "blue team" practitioners: how to build, manage, and participate a defensive / incident response team under fire. Attendees will learn a practical approach for identifying and defending against the key threats against their team goals. The speaker will share examples from his own past threat modeling, such as: how to find, hire, and retain good candidates; how to maintain morale when under crisis; how to improve a struggling team; how to (re)organize to meet imminent challenges to long-term success; and more.

Speakers
avatar for Seth Hanford

Seth Hanford

Proofpoint
As a Staff Information Security Engineer, Seth Hanford applies his experience to incident response, PSIRT, and security operations functions for both enterprise and customer security. Hanford has been an individual contributor for PSIRTs, CSIRTs, and intelligence teams in small businesses, large enterprises, and several global teams. He has worked on-site in operations center watch floors, collaborated globally with FIRST Special Interest Groups, and has more than a decade of experience being an effective full-time remote worker. He has also had the pleasure to serve as a manager both globally and locally, and recruited for world-class threat research teams as well as to relaunch a Fortune 100 SOC into a threat-driven detection... Read More →


Thursday June 8, 2017 1:00pm - 1:50pm
Ballroom

2:00pm

Adventures in (Dynamic) Network Segmentation or And That's How I Got This Scar
Network segmentation is a great way to build a foundation for a thorough approach to defense in depth as part of your security program. The benefits can be great, but the path is not without some risk of its own. This talk with review some of the challenges and successful strategies to create a solid and sustainable practice on getting your arms around what is out there and on your network. The presenters, fresh from a large scale project to do this at a health system, will cover tips, tricks, pitfalls and the like to let you approach this very useful tool with your eyes wide open.

Speakers
avatar for Rick Lull

Rick Lull

Consulting Engineer, SyCom Technologies
Network bubba, healthcare IT survivor, and now playing Horatio on the bridge for hire with a local VAR shop.
avatar for Shannon Yeaker

Shannon Yeaker

Lead Consultant, GRC Practice, Impact Makers
Shannon Yeaker, PMP, CISA, CAHIMS is a Lead Consultant with Impact Makers in the Governance, Risk and Compliance (GRC) Practice. She is a dynamic IT professional with extensive experience in Information Security, control design, risk management, project and process management at... Read More →


Thursday June 8, 2017 2:00pm - 2:50pm
Ballroom

3:00pm

Managing Crowdsourced Security Testing
The crowdsourced security model has been embraced by organizations running public bug bounty programs. These programs are intended to discover and resolve vulns in production applications, but they can unexpectedly deviate from being an effective part of the security development lifecycle into a source of noise. This presentation questions what role such programs have in improving security and what pitfalls they pose for security budgets. It covers strategies for keeping a bounty program focused on positive contributions to development and avoiding the traps that make it a distraction.

Speakers
avatar for Mike Shema

Mike Shema

VP SecOps & Research, Cobalt.io
Mike Shema is VP of SecOps and Research at Cobalt.io, where he organizes crowdsourced pen tests. Mike's experience with information security includes managing product security teams, building web application scanners, and consulting across a range of infosec topics. He's shared t... Read More →



Thursday June 8, 2017 3:00pm - 3:50pm
Ballroom

4:00pm

Think of the Children: Preparing the Next Generation of Security Specialists
Undoubtedly, cybersecurity is one of the hottest topics in today’s industry. For example, a Cisco report from a few years ago estimates there to be over 1 million unfilled cybersecurity positions worldwide. But how are we preparing people to fill this critical job gap? What kinds of skills should be taught and do current programs do a good job of preparing students? How do you teach “the security mindset”?

This talk will discuss a few issues (and solutions!) as seen by high school students who are interested in the cybersecurity field. How can industry professionals and organizations help train the people capable of securing their businesses? Join this session to learn some of the ways you or your company could get involved.

Speakers
avatar for Roman Bohuk

Roman Bohuk

Student, Deep Run High School
Roman Bohuk is an about-to-graduate senior at Deep Run High School. He has been a part of the Center for Information Technology at his school where he was introduced to both theoretical and applied computer science, some cybersecurity topics, and project management. In the past, Roman was fortunate to meet a few industry professionals, which enabled him to participate in several security and programming conferences and contests... Read More →
avatar for Jake Smith

Jake Smith

Student, Deep Run High School
Jake Smith has just finished up his senior year at Deep Run High School as part of the Center for Information Technology (CIT) program. Over the last four years through competing in competitions such as CyberPatriot and various CTFs, Jake discovered his passion - cybersecurity... Read More →


Thursday June 8, 2017 4:00pm - 4:50pm
Ballroom

5:00pm

Zero Trust “Lite” Architecture to Securely Future-Proof Your Network
The traditional 3-tier data center architecture model continues to challenge security professionals who are tasked with embracing a highly mobile workforce. I and many others were taught years ago that we must design an onion like perimeter that has a trusted user base and critical data living inside a well-protected perimeter. Forrester turned this model on its head when they coined the term “Zero Trust” in a report published in 2010. I prefer not to speak in absolutes, so I’ll proposed an alternate, more flexible approach to implementing the Zero Trust methodology. Instead of eating the elephant, I’ll show how implementing bite sized portions of the Zero Trust model will help future proof your organization against challenges such as BYOD, SaaS offerings, Cloud hosted resources, mobile workers, and the ever increasing compliance requirements on segmentation.

Speakers
avatar for Jeremy Dorrough

Jeremy Dorrough

Advanced Solutions Architect, Comm Solutions
Jeremy has built his career around protecting assets in the most critical IT sectors. He started his career working in a Network Operations Security Center for the US Army. He then went on to work as a Network Security Engineer defending Dominion’s North Anna Nuclear Power Stat... Read More →


Thursday June 8, 2017 5:00pm - 5:50pm
Ballroom
 
Friday, June 9
 

10:10am

OSINT: The Secret Weapon in Hunting Nation-State Campaigns
Discussing real use cases of state actors engaged in APT campaigns, explore what can be done with the available intelligence tools we have today, specifically from the Dark Web.

Speakers
avatar for Alon Arvatz

Alon Arvatz

Co-founder & CPO, IntSights
Alon Arvatz VP of Intelligence & Product served in an elite intelligence unit in the Israel Defense Forces. While serving for 3 years in the most innovative and operational setting, Alon led and coordinated large operations in the cyber intelligence world. Alon established Cyber... Read More →


Friday June 9, 2017 10:10am - 11:00am
Ballroom

11:10am

DevOpSec - Killing the Buzz
The DevOps movement continues to grow, and it is beginning to move out of small startups into large enterprises. DevOps and Agile development bring a lot to the table, but are often viewed as coming at the expense of security. This presentation explores ways to integrate security into DevOps environments: identifying the benefits of doing so, outlining potential problems, and attempting to provide solutions to them. Ultimately, the talk hopes to provide practical guidance and tools that can be used as a base to improve security throughout the stack.

Speakers
avatar for Jason Ross

Jason Ross

Sr. Consultant, NCC Group
Jason Ross is a Senior Consultant with NCC Group - a global information assurance specialist providing organizations with expert security consulting services. Working primarily from Rochester, NY, he has developed and delivered training tools and programs on topics such as advanc... Read More →


Friday June 9, 2017 11:10am - 12:00pm
Ballroom

2:00pm

Building A Pentest Program On A Shoestring Budget
You don’t have $85,000 laying around to bring in an external pentest vendor. Even if you did, you’re afraid your program is so full of holes you will be overwhelmed by the findings. Even worse, if they do a bad job and fail to get in, it will reinforce the organization’s false sense of security. What are your options; do nothing, continue worrying about the specter looming in the darkness? No, you pull together a rag tag group of spunky upstarts and get the job done yourself. No budget, no problem. In this talk, we’ll cover options that can fit into your standard operations, without having to beg for budget. Even if you are privileged with a strong budget, scheduled external pentests, and ongoing security operations, you can pick up some tips on how to integrate self-tests to validate the controls you implemented in your remediation process. 

Speakers
avatar for Grayson Walters

Grayson Walters

Information Security Officer, Virginia Department of Taxation
Grayson Walters has over 20 years of Information Technology and Information Security experience. Currently, he serves as the Information Security Officer for the Virginia Department of Taxation. Previously, Grayson served as the Information Security Officer for the Virginia State Corporation Commission. His prior positions include leading the security engineering branch of a Richmond based IT consulting firm where he oversaw penetration testing, security policy development and security product implementation activities for dozens of clients. Grayson also served as the Lead Network Architect for Standing Joint Force Headquarters... Read More →


Friday June 9, 2017 2:00pm - 2:50pm
Ballroom