ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Speakers

Alex Wood
Alex Wood

 

View

Alex Wood
Brandon Levene
Brandon Levene

Head of Applied Intelligence Virus Total

View

Brandon Levene
Cameron Williams
Cameron Williams

CTO OverWatch ID

View

Cameron Williams

For more than 25 years, Cameron Williams has helped enterpise clients like IBM, Wells Fargo, Sony, BP, and dozens others keep their data safe and secure from data breaches, hacks, ransomware, and spear-phishing. As OverWatchID’s CTO, Cam leads all product design and product development, and is responsible for ensuring that that OverWatchID’s cloud-based converged identity security platform is meeting existing and future threats to identity security

David Hogue
David Hogue

Technical Director, Cybersecurity Threat Operations Center NSA

View

David Hogue

Mr. Dave Hogue is currently serves as the Technical Director for the NSA’s Cybersecurity Threat Operations Center (NCTOC), a dynamic, national-level entity that serves at the forefront in the fight against malicious cyber activity through integrated cybersecurity operations. Previously, Mr. Hogue was the Technical Director of the Analysis Group within the National Security Agency (NSA) Threat Operations Center (NTOC), charged to deliver vital threat intelligence across a multitude of threat actors and technologies. While in this position, Mr. Hogue also served as a corporate officer, leading agency-wide efforts such as NSA’s response in delivering foundational technical analysis and attribution of the 2014 Sony Pictures Entertainment (SPE) computer network attack (CNA).

Dr. Branden Williams
Dr. Branden Williams

Director, Cyber Security Union Bank

View

Dr. Branden Williams
Guy Fillippelli
Guy Fillippelli

Vice President of user and Data Security Forepoint

View

Guy Fillippelli

Guy Filippelli is VP Solutions for Forcepoint’s Insider Threat and Data Security business. An experienced software entrepreneur, Guy has 15 years of experience building software teams to solve some of the world’s most challenging data and integration problems, most recently as Founder and CEO of RedOwl, which was acquired by Forcepoint in August 2017. Prior to RedOwl, Guy co-founded Berico Technologies, a high-end engineering firm that services the federal government, and launched Oxpoint Holdings, an investment arm that has invested in and incubated multiple private ventures. In 2007, Guy received the National Intelligence Medallion, the nation’s highest award for non-governmental personnel, for his efforts in Iraq as the analytic lead of NSA’s RT-RG program.

Kevin Bocek
Kevin Bocek

 

View

Kevin Bocek
Matthew Dobbs
Matthew Dobbs

CTO - X-Force Command Center IBM Security

View

Matthew Dobbs
Michael Melore CISSP
Michael Melore CISSP

Cyber Security Advisor  IBM

View

Michael Melore CISSP
Michael Wylie
Michael Wylie

Security Consultant Corporate Blue

View

Michael Wylie
Ricardo Johnson
Ricardo Johnson

Sr. Director, Security, Risk & Compliance CrowdStrike

View

Ricardo Johnson

Ricardo Johnson, Sr. Director of Security, Risk and Compliance for CrowdStrike Inc., has more than 18 years of experience in the fields of privacy, information security and risk. Previously, he served as the Director of Global Compliance for Ryder, where some of his responsibilities included overseeing privacy and security compliance for the company’s inaugural BYOD, mobile marketing, social media and cloud migration programs, along with other regulatory mandates such as export controls and Anti-bribery and PCI. Prior to Ryder, Ricardo served as the Chief Privacy & IT Compliance Officer for Burger King Corporation. Ricardo has also been a guest speaker on privacy, security and risk topics at the Visa PCI Symposium, WorldCompliance Summit, IAPP, Cloud Security Alliance (CSA), Institute of Internal Auditors (IIA) and Compliance Elliance.

Rick Redman
Rick Redman

Senior Security Consultant KoreLogic Inc.

View

Rick Redman
Sam Pickles
Sam Pickles

Co-Founder and CTO RedShield Security

View

Sam Pickles

Sam Pickles has provided IT and security services for banking, government and service provider clients for over seventeen years across Europe, Asia Pacific and the United States. During this period, Sam built and ran some of the world’s largest web application firewall gateways, conducted penetration testing of networks, applications and hardware devices and currently focuses on advanced techniques for web application vulnerability shielding.

Timothy Kosiba
Timothy Kosiba

Chief, Computer Network Operations NSA

View

Timothy Kosiba

Mr. Kosiba is the Chief of Computer Network Operations (CNO). Prior to his arrival, he was the Deputy Director of the NSA/CSS Commercial Solutions Center (NCSC) and the Chief of the Network Solutions Office within the NCSC. He was the Chief of the Special US Liaison Officer (SUSLOC) in Canberra, Australia from June 2012 to July 2015. Mr. Kosiba has 29 years of Federal Government service with the last 21 years in technical management/leadership positions. During his career at NSA, he has served in technical leadership positions requiring collaboration responsibilities with domestic and foreign government representatives. Mr. Kosiba was selected for the Defense Intelligence Senior Level (DISL) Service position in March 2012. Prior to being assigned as the SUSLOC, Mr. Kosiba served as the Technical Director for the Requirements and Targeting (R&T) Office in the Tailored Access Operations (TAO) organization at the National Security Agency from August 2010 to June 2012. Prior to that tour, he served as the Plans and Policy Technical Director for USCYBERCOM, and as the Technical Director for the Joint Functional Component Command for Network Warfare (JFCC-NW) from December 2007 to August 2010. Mr. Kosiba has frequently represented NSA and USCYBERCOM at The White House and other government sponsored deliberations relating to cyber activities.

ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Seminars

  • Wed 17th Oct 09:40 - 10:30
  • The Rise of the Robot Analyst Sam Pickles  |   RedShield Security  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Wed 17th Oct 09:40 to 10:30

    The Rise of the Robot Analyst

    Humans are in short supply. This talk will present practical learnings from 6 years of research, using machines to correlate application vulnerabilities and threats; from low level packet drops and vulnerability scan results, to high level APT campaigns lasting months and targeting multiple attack surfaces. An approach is discussed which uses graph structures to represent related security data points, and attribute risk from the perspective of human analysts who must investigate increasing numbers of events, with limited time and resources. Graph structures are further associated together to gain broader views of attack coordination and persistence. Further categorization is applied to graph structures, to initiate those actions which may be safely automated - such as updating an application firewall policy, activating DDoS defenses, or blocking an IP address, without a human in the loop. No specific platform or vendor technology is emphasized. Concepts are illustrated with examples which may refer to common commercial and/or open source tools. 

    Speaker

    Photo Speaker Name Profile
    Sam Pickles Sam Pickles View Profile
  • Wed 17th Oct 10:40 - 12:30
  • The Art of the Nudge: Helping Users Make Secure Choices Dr. Branden Williams  |   Union Bank  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Wed 17th Oct 10:40 to 12:30

    The Art of the Nudge: Helping Users Make Secure Choices

    People are almost always the weakest link when it comes to securing our enterprises. We invest millions into controls that prevent data from leaking outside the company in an email, but someone printing out sensitive stuff and leaving it in a coffee shop. What if we could tap into their bias and human nature to influence them in a good way? Behavioral economist Richard H. Thaler and law professor Cass R. Sunstein introduced the concept of the Nudge in 2008, stemming from their work on libertarian paternalism and decades of research and theory before them. They describe a concept of altering human behavior, almost subconsciously, to influence humans to make choices that benefit them. Cybersecurity is full of opportunities to for us to build nudges into daily work, such that we encourage our associates to choose the path that is best for the company, and best for the individual. This session will help the audience become better choice architects, designing choices in a way that take advantage of users automatic brains, thus making better and safer choices for the organization.

    Speaker

    Photo Speaker Name Profile
    Dr. Branden Williams Dr. Branden Williams View Profile
  • Wed 17th Oct 11:40 - 12:30
  • New Security Frontier: Threat Hunting, Augmented Intelligence, and Automated Response Michael Melore CISSP  |   IBM  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Wed 17th Oct 11:40 to 12:30

  • Wed 17th Oct 01:00 - 01:50
  • From Passive to Active Analytics: Risks, Opportunities, and Methodologies of moving to Risk-Adaptive Protection Guy Fillippelli  |   Forepoint  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Wed 17th Oct 01:00 to 01:50

  • Wed 17th Oct 02:00 - 03:30
  • Panel; Incident Response on a Cloudy Day Tech Leaders  |  ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Wed 17th Oct 02:00 to 03:30

    Panel; Incident Response on a Cloudy Day

    Enterprises are moving more workloads to the cloud every day. While this helps speed and agility, what happens when there is an incident? How do you run your incident response process in an environment that you don’t own? Do you have the visibility you need to respond effectively? This panel will examine our new cloud world, what we can do to adapt our processes, and how we can respond to security incidents in the cloud.

    Speakers

    Photo Speaker Name Profile
    Alex Wood View Profile
    Brandon Levene View Profile
    Cameron Williams Cameron Williams View Profile
    Ricardo Johnson Ricardo Johnson View Profile
  • Thu 18th Oct 09:40 - 10:30
  • Shooting Phish in a Barrel Michael Wylie  |   Corporate Blue  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Thu 18th Oct 09:40 to 10:30

    Shooting Phish in a Barrel

    With millions of phishing Emails caught be spam filters and users properly trained by well-defined cybersecurity programs, it’s getting harder and harder to properly phish users. Spear phishers must come up with new and improved methods for increasing success. Typosquatting, doppelganger domains, and IDN homograph attacks will be explored and demonstrated during this presentation. Most fully patched modern browsers and Email systems are susceptible to these attacks. This talk will discuss the problem and how to avoid falling victim to some of the best recently discovered domain named based attacks designed to inject malware and steal your passwords. The goal of this presentation is to make IT and Security professionals aware of newly identified techniques used to get high click rates during phishing campaigns. The talk will introduce new research conducted using typosquatting, doppelganger domains, and IDN homograph attacks. Current research and demonstrations will show how the attacks working against current and patched applications.

    Speaker

    Photo Speaker Name Profile
    Michael Wylie Michael Wylie View Profile
  • Thu 18th Oct 10:40 - 11:30
  • You’re Under Attack, Now Live the Response Matthew Dobbs  |   IBM Security  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Thu 18th Oct 10:40 to 11:30

    You’re Under Attack, Now Live the Response

    Cyber Incident is a business issue, not just a security issue. To combat this danger, you need to create a security culture for your organization, and that starts with a comprehensive plan of preparedness. Using a state-of-the-art cyber range can train your security team, business leaders, and communications, human resources, public relations and legal representatives to act on a cyber attack as it’s happening—by showing them what it’s like to live through an attack. To help your firm survive, the cyber range gives your team the tools they need through a completely immersive security experience that tests skills, process and leadership competence.

    Speaker

    Photo Speaker Name Profile
    Matthew Dobbs Matthew Dobbs View Profile
  • Thu 18th Oct 11:40 - 12:30
  • Integrated Operations at NSA – How Defense is Constantly Challenged to Stay Ahead of the Adversary Tech Leaders  |  ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Thu 18th Oct 11:40 to 12:30

    Integrated Operations at NSA – How Defense is Constantly Challenged to Stay Ahead of the Adversary

    NSA addresses cybersecurity issues from both a defensive and offensive perspective. NSA’s Cybersecurity Operations Center (NCTOC) has one of the largest 24*7*365 footprints across the US Government as they defend over 3 million Department of Defense users across the globe. Mr. Dave Hogue, Technical Director, will discuss how innovations in policy, technology, and people can lead to break-through results in this operational environment. Computer Network Operations (CNO) is NSA’s premier Computer Network Exploitation (CNE) organization. CNO conducts CNE operations on foreign targets and supports Computer Network Defense (CND) and other computer network operations for the US. Mr. Tim Kosiba is Chief, CNO, and will discuss how a sophisticated adversary would attempt to get around cybersecurity defenses.

    Speakers

    Photo Speaker Name Profile
    David Hogue David Hogue View Profile
    Timothy Kosiba Timothy Kosiba View Profile
  • Thu 18th Oct 01:00 - 01:50
  • Brains over Brawn: Intelligent Password Recovery Rick Redman  |   KoreLogic Inc.  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Thu 18th Oct 01:00 to 01:50

    Brains over Brawn: Intelligent Password Recovery

    Attendees will leave this session with new ideas that can immediately be applied to their password cracking needs ranging from recovery of password-protected documents needed for forensics, incident response, law enforcement, and legal cases to improving password compliance in large organizations. We will share our experience running the DEFCON password cracking contest "Crack Me If You Can", our security R&D work for DARPA and for the Carnegie Mellon University CyLab Usable Privacy and Security Laboratory. This experience has helped us to develop "intelligent recovery" methods (those that are most likely to succeed first thereby increasing recovery speed and success) as well as cutting-edge cracking logic (rules, patterns, & dictionaries) created from analyzing millions of cracked passwords. The presentation will cover the following topics:
    Present real-world use cases:
    Best practice password compliance monitoring by information security and audit teams
    Quantifying organizational improvement in password strength. A rare opportunity to show security ROI to management
    Recovering password-protected documents needed for forensics, incident response, law enforcement, and legal cases
    The importance of password cracking in penetration testing
    Share what we have learned about cutting edge cracking techniques, architectures and rules from the DEFCON password cracking contest run by KoreLogic (including new tools, techniques, GPU password cracking, etc)
    Brains or brawn: Brute forcing passwords vs. rule based logic, extensive dictionaries (and horsepower)
    Briefly review password hashing methods and password cracking methods

    Speaker

    Photo Speaker Name Profile
    Rick Redman Rick Redman View Profile
  • Thu 18th Oct 03:00 - 03:50
  • Are You Protecting Your Machine Identities? Kevin Bocek  |     |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Thu 18th Oct 03:00 to 03:50

    Are You Protecting Your Machine Identities?

    There are two kinds of actors on every network—people and machines—and both need to be secured. People rely on usernames and passwords, but machines use keys and certificates for machine-to-machine communication and authentication. Billions are spent each year securing identity and access management, but virtually all of it is spent securing usernames and passwords, almost none on protecting keys and certificates. Unprotected machine identities are lucrative targets for cyber criminals. They use unprotected keys and certificates to eavesdrop on private communications, make phishing sites or malicious code look valid, and hide their nefarious activity in encrypted traffic—getting malware in and sensitive data out. In this presentation, we’ll discuss the different types of machines identities and where they proliferate in your network. You’ll see the role and lifecycle of machine identities, and where we’re falling short in protecting them. We’ll then look at where there are current risks as well as where new risks are emerging. We’ll conclude with steps you can take immediately to get these risks under control.

    Speaker

    Speaker Name Profile
    Kevin Bocek View Profile
Top