Session Abstracts - October 22nd, 2020
The conference features educational talks and a panel to expand your knowledge and foster security discussions.
Keynote: You Can't Patch Your Way to Security
William Hugh Murray, National Cyber Security Hall of Fame, (ISC)2 Fellow & Harold Tipton Lifetime Achievement Award, ISE Luminary Leadership Award

William Hugh (Bill) Murray has been responding for years to security threats with nonconventional thinking. When he sees a security breakdown, he asks what is the current practice that allows the breakdown to happen, and what new practice would stop it? Most of our security vulnerabilities arise from poor practice, not from inadequate technology.

He joined IBM Research as a programmer in 1956, where he worked on such iconic systems as the first 704 and the first 650 Tape System, US Steel One, and with such industry pioneers as Nathaniel Rochester, Arthur Samuels, Jerrier Haddad, and Frederick Brooks. He managed the design and development of the access control subsystem for IBM's Advanced Administrative System and has since been associated with security, audit, and control. He has been recognized as a "founder" of the systems audit field and as a "pioneer" of computer security. After retiring from IBM in 1987, he has been associated with Ernst & Young, Deloitte, TruSecure, Cybertrust, and Verizon Business. He serves on the faculty of the Naval Postgraduate School. He also serves on the board of (ISC)^2, the certifying body for computer security professionals. In 2016, he was inducted into National Cyber Security Hall of Fame.
Beyond Cybersecurity: Why, How, and What Do You Need to Know about Cyber Resilience?
Speaker: Michael Melore

Compelling presentation of the latest innovations available in Detection, Prevention, and Response used to address threats increasing in frequency, sophistication, and impact, in an increasing climate of cost constraints, and resource and skills shortage. Traditional security controls and response can't keep pace, your vulnerabilities and entry points are already well known.

Private and State sponsored dark web actors are well orchestrated, using innovative AI technologies and tooling, leveraging Digital Currencies, their R&D producing wares designed to circumvent traditional security practices have changed the game. You now require innovative integrated security approaches, and testing your own defenses using the same tools used against you. Are your Security Controls smartly working in tandem to one another?
Boosting Cyber Resilience - Black Swans, Gray Rhinos and Coordinated Crisis Response
Speaker: Beth Dunphy

Given the growing reliance on highly available and distributed computing, the potential for cyber events to cause significant financial impacts is greater than ever. Organizations must plan ahead for a wide array of crisis events ranging from system compromise to data loss as well as business continuity concerns such as unavailability of a workplace or their workforce due to natural or manmade crisis. When planning for incident response or business continuity, many organizations only consider the worst-case or the unimaginable (black swan) events which may occur. Frequently, many organizations overlook the more likely events (aka ""Gray Rhinos) that will impact their business or impede crisis response and recovery. While these Cyber Incident Respond and Business Continuity teams both have the same objectives -- to protect their organization's ability to securely and reliably operate -- they evaluate the threats, their likelihood and impact of those risks differently and often in silos. Through closer collaboration, they can improve the organization's cyber resilience with a more holistic view of both risk and business response.

In this session we will cover:
  • The importance of crisis planning
  • Identifying Black Swans, Gray Rhinos, and Cassandras
  • Planning for success - Many teams, one goal
  • Test like you Execute - Scenarios and timing
  • Measuring Success - Evaluating and improving your plan"
    •
    Forensics Investigation
    Speaker: Ondrej Krehel

    Protecting the Big Apple: Managing Cyber Risk at the City Level
    Speaker: Munish Walther-Puri

    What are the major cyber risks to New York City? As we face cyber threats at the geopolitical and national levels, municipalities experience the impact on a local, tangible level. This talk will explore the technology and systems that serve New Yorkers, outline New York City Cyber Command's (NYC3) approach to cyber risk, and extract lessons from previous cyber attacks targeting municipalities, such as ransomware. NYC3 believes that cyber security is a public safety issue and this talk will explore several aspects of protecting the public and the city services that they use.
    The Art of Social Engineering
    Speaker: John Pizzuro

    Our online world and the use of electronic devices have led to most of our interactions in the online world. Technology contributes to people's perception of things being real when they are not. This has enabled people to be manipulated through the Art of Social Engineering. This webinar will delve into the science of Social Engineering and explain how people get manipulated. We will also talk about how Social Engineering in proactive investigations to engage suspects and have them unwittingly provide you information and more importantly evidence that can be used for your investigation.
    The OODA Loop for CISOs
    Speaker: Roselle Safran

    The OODA (Observe, Orient, Decide, Act) loop is often applied to tactical security operations where the security analysts are in a constant state of evaluating and responding to alerts. But the same OODA loop can also be applied to the strategic decision-making and action-taking processes of cybersecurity executives.

    In the case of a strategic OODA loop, the inputs for "Observing" will be similar to those used for the tactical OODA loop. The telemetry generated by the cybersecurity stack will be the main source. But how that data is then used for strategic "Orienting" will be significantly different than that used on the tactical side. It is this strategic "Orienting" perspective that provides the foundation for executives to make optimal decisions for running operations and managing risk.

    Some of the main takeaways from the presentation will include:
  • The sources of data for the Observe step
  • The processes for incorporating Observe data in the Orient step
  • The use of Orient results for the Decision step
  • The feedback needed from the Act step to close the loop
  • Recommendations on how to implement a strategic OODA loop
    •
    Top Ten Challenges of Securing Smart Infrastructure
    Speaker: Niloufer Tamboly

    The fusion of cyber-physical systems deployed from multiple vendors creates a unique smorgasbord of risks in the smart infrastructure. As cars, cities, homes, hospitals, and the electrical grid come under frequents attacks by criminals, they prevent us from realizing their transformational potential. We will review the top ten challenges encountered in securing our connected world and discuss mitigation strategies. As the adoption of IoT devices explodes, the supporting infrastructure has to keep pace for securely creating, processing, transmitting, and storing data.
    Understanding AI's Risks and Rewards
    Speaker: Mark Francis

    The use of Artificial Intelligence (AI) has enabled organizations to leverage vast datasets, automate many processes, reduce errors and achieve significant cost savings. AI can therefore lead to more robust, data-driven solutions-with cybersecurity being a key use case. However, AI can also present many risks for an organization when it goes wrong. This presentation will provide a primer on how AI works, describe positive use cases and identify key issues that can present legal and risk exposure, with guidelines for establishing a safer AI program within organizations.

    As part of our educational mission as a coalition of non-profit organizations, registration fees are only to cover the costs of the logistics.

    [ Home ]