This document provides information about a cybersecurity conference taking place June 24-26, 2015 in Augusta, Georgia. It introduces several keynote speakers from the U.S. military's cyber commands, including Admiral Michael Rogers from U.S. Cyber Command, who will provide an overview of that organization. Other speakers will discuss topics like cyber space leader development, education and training, and quality cyber education. The conference aims to communicate future training and technology requirements from the military to industry and academia in order to help defend cyber space.
This document summarizes a presentation on information assurance. The presentation covered topics like information assurance concepts, risk assessment and management, cryptography, penetration testing, recent cybersecurity incidents, and the need for Egypt to develop a cybersecurity strategy. It provided details on recent attacks against RSA and a US national laboratory. It also summarized Israel's efforts to develop a cyber defense strategy and the US White House's new cybersecurity plan. The presentation concluded with a discussion on challenges for Egypt establishing its own cybersecurity strategy.
CSCSS Science of Security - Developing Scientific Foundations for the Operati...Shawn Riley
This document discusses developing a scientific foundation for cybersecurity by creating an organized body of knowledge. It defines key concepts like the science of security, the cyber ecosystem, and semantic eScience. The science of security aims to develop a rigorous, structured body of knowledge across 7 core themes like common language and human factors. The cyber ecosystem relies on automation, interoperability, and authentication between systems. Semantic eScience uses semantic technologies to extract and link knowledge from data to support tasks like analytics, visualization and sharing findings. It aims to organize current knowledge and enable discovery of new insights through approaches like object-based production and activity-based intelligence.
Understanding the 'physics' of cyber-operations - Pukhraj SinghPukhraj Singh
The document discusses several key ideas about cyber operations:
1) Cyber capabilities shift rapidly, with assumptions needing reevaluation every 5 years. The nature of cyberweapons and thresholds for cyber conflict remain ambiguous.
2) Offense and defense in cyber are indistinguishable and symbiotic, challenging traditional notions of proportionality and legality in conflict. Nation-state operations are also supplemented by powerful non-state actors.
3) Escalation dynamics in cyber are difficult to predict, as seen in wargaming exercises, increasing uncertainty for decision-makers regarding responses to cyber attacks. Bureaucracy may provide the most identifiable signature of state-backed operations.
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018Pukhraj Singh
The speaker discusses how enterprise security as we know it is dying due to increased complexity, unpredictability from emergent behaviors, and an overemphasis on offense over defense. Political and organizational factors also influence security more than technical issues. True situational awareness is difficult to achieve given these challenges. Defenders need to think differently and adopt more open and collaborative approaches to have a chance of keeping pace with adaptive attackers.
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Pukhraj Singh
In 2012, I led the first joint cyber operations with the Indian Air Force. Seven years too late, we have started talking about cyber jointness.
“Synergy in Joint Cyber Operations” presented at an Indian National Defence University event. The first time ever that jointness was discussed in the Indian context. Not very verbose for obvious reasons – I flagged politics and turf wars. Some shakeups are happening; the Defence Cyber Agency is up. Winds of change…
This document discusses politics and power in cybersecurity. It notes that most countries focus on passive or kinetic cyber capabilities through intelligence and military organizations. However, true innovation is in cognitive cyber effects that manipulate information to change thoughts and behaviors. The largest risk is using cyber-enabled information warfare to erode trust in societies. Offensive cyber toolchains have a distinct political architecture, and case studies show how code reuse reveals political semantics. Cyberspace is a continuously contested territory where control of data and assets does not overlap and is hard to ensure. Nation state sovereignty in cyberspace is declining as the environment becomes more contested.
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)Pukhraj Singh
This document discusses power and politics in cybersecurity. It argues that cyber offense relies more on political subterfuge than technical skills. Nation-state offensive cyber teams use partnerships with telecom and technology companies as well as influence over standards bodies and research grants to maintain structural dominance. Code reuse and targeting restrictions reveal the technical signatures of bureaucratic politics. Politics shapes the cybersecurity industry and influences choices around standards, vulnerabilities, and defensive strategies. Cybersecurity is ultimately a function of power between states in this contested domain.
This document summarizes a presentation on information assurance. The presentation covered topics like information assurance concepts, risk assessment and management, cryptography, penetration testing, recent cybersecurity incidents, and the need for Egypt to develop a cybersecurity strategy. It provided details on recent attacks against RSA and a US national laboratory. It also summarized Israel's efforts to develop a cyber defense strategy and the US White House's new cybersecurity plan. The presentation concluded with a discussion on challenges for Egypt establishing its own cybersecurity strategy.
CSCSS Science of Security - Developing Scientific Foundations for the Operati...Shawn Riley
This document discusses developing a scientific foundation for cybersecurity by creating an organized body of knowledge. It defines key concepts like the science of security, the cyber ecosystem, and semantic eScience. The science of security aims to develop a rigorous, structured body of knowledge across 7 core themes like common language and human factors. The cyber ecosystem relies on automation, interoperability, and authentication between systems. Semantic eScience uses semantic technologies to extract and link knowledge from data to support tasks like analytics, visualization and sharing findings. It aims to organize current knowledge and enable discovery of new insights through approaches like object-based production and activity-based intelligence.
Understanding the 'physics' of cyber-operations - Pukhraj SinghPukhraj Singh
The document discusses several key ideas about cyber operations:
1) Cyber capabilities shift rapidly, with assumptions needing reevaluation every 5 years. The nature of cyberweapons and thresholds for cyber conflict remain ambiguous.
2) Offense and defense in cyber are indistinguishable and symbiotic, challenging traditional notions of proportionality and legality in conflict. Nation-state operations are also supplemented by powerful non-state actors.
3) Escalation dynamics in cyber are difficult to predict, as seen in wargaming exercises, increasing uncertainty for decision-makers regarding responses to cyber attacks. Bureaucracy may provide the most identifiable signature of state-backed operations.
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018Pukhraj Singh
The speaker discusses how enterprise security as we know it is dying due to increased complexity, unpredictability from emergent behaviors, and an overemphasis on offense over defense. Political and organizational factors also influence security more than technical issues. True situational awareness is difficult to achieve given these challenges. Defenders need to think differently and adopt more open and collaborative approaches to have a chance of keeping pace with adaptive attackers.
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Pukhraj Singh
In 2012, I led the first joint cyber operations with the Indian Air Force. Seven years too late, we have started talking about cyber jointness.
“Synergy in Joint Cyber Operations” presented at an Indian National Defence University event. The first time ever that jointness was discussed in the Indian context. Not very verbose for obvious reasons – I flagged politics and turf wars. Some shakeups are happening; the Defence Cyber Agency is up. Winds of change…
This document discusses politics and power in cybersecurity. It notes that most countries focus on passive or kinetic cyber capabilities through intelligence and military organizations. However, true innovation is in cognitive cyber effects that manipulate information to change thoughts and behaviors. The largest risk is using cyber-enabled information warfare to erode trust in societies. Offensive cyber toolchains have a distinct political architecture, and case studies show how code reuse reveals political semantics. Cyberspace is a continuously contested territory where control of data and assets does not overlap and is hard to ensure. Nation state sovereignty in cyberspace is declining as the environment becomes more contested.
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)Pukhraj Singh
This document discusses power and politics in cybersecurity. It argues that cyber offense relies more on political subterfuge than technical skills. Nation-state offensive cyber teams use partnerships with telecom and technology companies as well as influence over standards bodies and research grants to maintain structural dominance. Code reuse and targeting restrictions reveal the technical signatures of bureaucratic politics. Politics shapes the cybersecurity industry and influences choices around standards, vulnerabilities, and defensive strategies. Cybersecurity is ultimately a function of power between states in this contested domain.
The document summarizes key takeaways from the RSA Conference 2016. It discusses the rising threat of ransomware and the need to back to basics on security fundamentals like authentication, firewalls, and software updates. It also notes that the target of attacks is expanding to cloud and big data, and that organizations need to treat data as toxic. Other topics covered include new approaches to threat modeling, developing resilience after a breach, extending security teams through outsourcing, and reassessing threat detection capabilities. The document provides an agenda and information on speakers for an upcoming cybersecurity summit event.
In many companies, SharePoint begins as a grass-roots effort with little thought given to governance, risk and compliance (GRC). Before long, issues with security, storage, site sprawl, and others force us to rethink our long-term SharePoint strategy. Around this time, governance plans are developed and put into place. But, do these plans address the auditing, records management, e-discovery and other legal risks? And does SharePoint’s built-in feature set deliver everything you need to rest soundly? In this session, we’ll raise some questions, share some stories and most-importantly provide answers and much needed guidance to this trending topic.
The session will discuss means in which information assets and business continuity is protected and propose an additional layer of defense with a human counterespionage focus. The proposed proactive counterespionage plan includes operational security audits, reverse open source intelligence and classification of employees who are prime targets for disruptive espionage.
- See more at: http://www.rsaconference.com/events/ad15/agenda/sessions/2219/proactive-counterespionage-as-a-part-of-business#sthash.JUipJ0BR.dpuf
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
“Securing the Critical Infrastructure Networks Effectively” - Is OT the Weakest Link in Securing the Critical Infrastructure?
Cyber Attacks has consistently ranked among the top threats faced by businesses. Cyber Security as a subject that has now reached boardroom agendas. There have been proposals to link Cyber Security to CEO performance and pays. The point only underlines the critical nature and importance of Cyber Security to Businesses.
In an OT environment, the threat is amplified much more because it can have ramifications that impact human lives and their safety.
Cyber war, cyber terrorism, and cyber espionage were discussed. The document began by noting some disclaimers from the author about their expertise and intentions. It then discussed how cyber war is often misunderstood and does not refer to things like cybercrime or hacking. The document went on to discuss how cyber attacks could potentially lead to accidental nuclear war by degrading decision making systems. It also provided a real example of how access was gained to a strategic nuclear system, highlighting the risks of cyber threats in this domain.
Speaker at the IDC IT Security Roadshow 2017 in Doha. It was a one day event bringing together some Security Vendors and End User folks to present and discuss security related topics. The event midway was split into two tracks A - Threat Intelligence and B - Securing the Endpoint to the cloud. My End User Presentation (Track A) covered Threat Intelligence. There were some some interesting speakers and audience Q & A discussions followed by a networking lunch to boot. The venue at the Shangri La Hotel in Doha provided a great space and good networking opportunity.
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
The Federal computing space has been relatively unscathed by ransomware attacks such as Petya, WannaCry, and others—but are Federal systems really that much better than their commercial counterparts?
In this presentation from his webinar, cybersecurity expert and SANS Institute Instructor G. Mark Hardy, explores the myth of invulnerability and why Federal systems have appeared to dodge the ransomware bullet — so far. Although best practices go a long way, aging technology, legacy systems, and sheer size make the case for additional protection.
This presentation (and the webinar), also cover
• Why a Cybersecurity Sprint can’t win a marathon
• How ransomware is evolving faster than we can defend
• Ways to identify potential vulnerabilities before they are exploited
• Seven tips for reducing the Federal attack surface
Catch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/federal-systems-immune-ransomware-grim-fairy-tales/
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...EC-Council
This document discusses developing a robust data loss prevention strategy to thwart insider threats. It begins by noting that 64% of data loss is caused by well-meaning insiders and 50% of employees leave with data, costing companies an average of $5.4 million per breach. The document then provides definitions and an overview of data loss prevention strategies before outlining a 10-step strategy that includes identifying sensitive data owners, locating where data resides, monitoring how data is used, implementing real-time enforcement of policies, educating users, and wrapping additional security around sensitive data to prevent leaks. The goal is to safeguard organizations' most sensitive data and reputation from both unintentional and malicious insider threats.
Shift to Intelligent Endpoint Security Management
The document discusses the shift from traditional endpoint security methods to more intelligent approaches. Traditional defenses like antivirus software and patching are no longer effective against modern threats. New strategies are needed to control applications and local user privileges, prevent zero-day and targeted attacks, and provide better security reporting. Without improved technology solutions, organizations will continue to have sensitive data and systems compromised by cybercriminals. The future of endpoint security requires more intelligent methods like application whitelisting to lock down systems while optimizing security and resources.
Cyber attacks are increasingly common and pose a serious threat to all organizations. The document discusses a major DDoS attack in 2016 that crippled many large companies and governments. It provides examples of data breaches at well-known companies in recent years that compromised millions of customer records. The typical attack lifecycle is described along with common sources of attacks and alarming cybercrime statistics. The emergence of new technologies like IoT and big data are also driving greater security risks. Organizations of any size can be vulnerable to attacks, so protection is important.
Dr. Arun Sood is a professor of computer science who has developed an approach called Self Cleansing Intrusion Tolerance (SCIT) to improve server security. SCIT works by converting static servers into dynamic servers that refresh regularly, reducing exposure time to malware while maintaining service. His research aims to limit losses from successful attacks by restoring servers to a pristine state frequently. SCIT has been implemented to refresh servers every minute, limiting the time for malware to cause damage.
This document provides an overview of the CISSP Mentor Program session #1. It introduces Evan Francen and Brad Nigh, who lead the program. It discusses the severe talent shortage problem in cybersecurity, noting projections of millions of unfilled jobs by 2021 and factors contributing to this problem. It also outlines the agenda, schedule, and structure for the mentor program classes, which will cover CISSP domains and preparation for the exam.
E 060 oil gas cyber security north americaAlia Malick
This document provides information about an oil and gas cybersecurity conference taking place on May 13-14, 2015 at the Marriott West Loop Hotel in Houston, Texas. The conference will feature expert panels discussing current cybersecurity threats and regulations affecting the oil and gas industry in North America. Specific topics will include the NIST cybersecurity framework, control system security, insider threats, and case studies. There will also be a pre-conference cybersecurity frameworks workshop on May 12th. The goal of the event is to help oil and gas companies understand emerging cyber risks and develop effective security programs.
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
This panel discussion on cybersecurity will focus on making attendees familiar with information security management. It will be moderated by Michael Black and feature panelists Colonel Terrence Adams, Gary Gadson, Dr. Aaron Ferguson, and Ernest Smiley. The panelists will discuss governance of cybersecurity, effective information security policies, risk management processes, and common information security practices.
Christopher W. Wright is a retired Army veteran with over 18 years of experience in leadership, management, cyber operations, and network administration. He has a Masters in Political Science and Bachelors in History. Throughout his career he has managed large communication networks supporting military operations, developed security policies, and supervised teams of up to 20 personnel. He has extensive experience in satellite communications, network engineering, and information assurance.
Learning Objective: Learn and explore the benefits and opportunities in cyber security
Technology has changed our lives for the better. Yet due to the labor shortage in the cyber security field, the small number of women in this field translates to big opportunities for growth and advancement. The possibilities are endless. From social networking to homeland security, energy, and banking, the impact of technological advancements is massive, creating the need for cyber security professionals in every industry. Join us in this seminar where a panel of cyber security professionals will discuss the opportunities and advantages for women in this growing area.
At the end of this seminar, participants will learn:
a. About the impact women can have on cyber security in diverse industries.
b. What advantages women who work in cyber security enjoy.
c. What opportunities are available for women transitioning to new careers.
d. How to transition to a career in cyber security.
The Product Manager for Installation Information Infrastructure Modernization Program (PM I3MP) helps ensure Soldiers have access to a secure, integrated communications network. Comprising over 100 personnel, PM I3MP rapidly delivers IT solutions to connect the global Army. The program provides oversight of the procurement and installation of the Army's information infrastructure worldwide. It has three assistant managers who lead work to procure, install, and sustain the information infrastructure through projects at military installations.
Bancroft Parker is a highly skilled information technology and communications professional with over 20 years of experience in the US Navy, including roles managing submarine communication systems and recruiting. He holds a Bachelor's degree in Information Technology and security clearances up to Top Secret. His experience includes roles managing submarine radio rooms, implementing encryption systems, and recruiting Navy officers.
Military Government Career Transition Event with AFCEA NOVAClearedJobs.Net
As you think about your next career, join us at the AFCEA NOVA Military Government Career Transition Seminar on May 8th from 7:30am to 9:00am at the Doubletree Hotel in Crystal City.
This event will feature a panel discussion by military personnel – from senior officers to enlisted - who have transitioned and will share with you what worked for them and what didn’t.
You will also be able to meet and network with recruiters and program managers from CACI, Next Tier Concepts, TEKSystems, Virginia Tech, Blue Canopy, Agilex, NJVC, IMTAS, Inc., Microsoft, ClearedJobs.Net, AdNet, and ExecuTech Strategic Consulting.
The document summarizes key takeaways from the RSA Conference 2016. It discusses the rising threat of ransomware and the need to back to basics on security fundamentals like authentication, firewalls, and software updates. It also notes that the target of attacks is expanding to cloud and big data, and that organizations need to treat data as toxic. Other topics covered include new approaches to threat modeling, developing resilience after a breach, extending security teams through outsourcing, and reassessing threat detection capabilities. The document provides an agenda and information on speakers for an upcoming cybersecurity summit event.
In many companies, SharePoint begins as a grass-roots effort with little thought given to governance, risk and compliance (GRC). Before long, issues with security, storage, site sprawl, and others force us to rethink our long-term SharePoint strategy. Around this time, governance plans are developed and put into place. But, do these plans address the auditing, records management, e-discovery and other legal risks? And does SharePoint’s built-in feature set deliver everything you need to rest soundly? In this session, we’ll raise some questions, share some stories and most-importantly provide answers and much needed guidance to this trending topic.
The session will discuss means in which information assets and business continuity is protected and propose an additional layer of defense with a human counterespionage focus. The proposed proactive counterespionage plan includes operational security audits, reverse open source intelligence and classification of employees who are prime targets for disruptive espionage.
- See more at: http://www.rsaconference.com/events/ad15/agenda/sessions/2219/proactive-counterespionage-as-a-part-of-business#sthash.JUipJ0BR.dpuf
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
“Securing the Critical Infrastructure Networks Effectively” - Is OT the Weakest Link in Securing the Critical Infrastructure?
Cyber Attacks has consistently ranked among the top threats faced by businesses. Cyber Security as a subject that has now reached boardroom agendas. There have been proposals to link Cyber Security to CEO performance and pays. The point only underlines the critical nature and importance of Cyber Security to Businesses.
In an OT environment, the threat is amplified much more because it can have ramifications that impact human lives and their safety.
Cyber war, cyber terrorism, and cyber espionage were discussed. The document began by noting some disclaimers from the author about their expertise and intentions. It then discussed how cyber war is often misunderstood and does not refer to things like cybercrime or hacking. The document went on to discuss how cyber attacks could potentially lead to accidental nuclear war by degrading decision making systems. It also provided a real example of how access was gained to a strategic nuclear system, highlighting the risks of cyber threats in this domain.
Speaker at the IDC IT Security Roadshow 2017 in Doha. It was a one day event bringing together some Security Vendors and End User folks to present and discuss security related topics. The event midway was split into two tracks A - Threat Intelligence and B - Securing the Endpoint to the cloud. My End User Presentation (Track A) covered Threat Intelligence. There were some some interesting speakers and audience Q & A discussions followed by a networking lunch to boot. The venue at the Shangri La Hotel in Doha provided a great space and good networking opportunity.
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
The Federal computing space has been relatively unscathed by ransomware attacks such as Petya, WannaCry, and others—but are Federal systems really that much better than their commercial counterparts?
In this presentation from his webinar, cybersecurity expert and SANS Institute Instructor G. Mark Hardy, explores the myth of invulnerability and why Federal systems have appeared to dodge the ransomware bullet — so far. Although best practices go a long way, aging technology, legacy systems, and sheer size make the case for additional protection.
This presentation (and the webinar), also cover
• Why a Cybersecurity Sprint can’t win a marathon
• How ransomware is evolving faster than we can defend
• Ways to identify potential vulnerabilities before they are exploited
• Seven tips for reducing the Federal attack surface
Catch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/federal-systems-immune-ransomware-grim-fairy-tales/
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...EC-Council
This document discusses developing a robust data loss prevention strategy to thwart insider threats. It begins by noting that 64% of data loss is caused by well-meaning insiders and 50% of employees leave with data, costing companies an average of $5.4 million per breach. The document then provides definitions and an overview of data loss prevention strategies before outlining a 10-step strategy that includes identifying sensitive data owners, locating where data resides, monitoring how data is used, implementing real-time enforcement of policies, educating users, and wrapping additional security around sensitive data to prevent leaks. The goal is to safeguard organizations' most sensitive data and reputation from both unintentional and malicious insider threats.
Shift to Intelligent Endpoint Security Management
The document discusses the shift from traditional endpoint security methods to more intelligent approaches. Traditional defenses like antivirus software and patching are no longer effective against modern threats. New strategies are needed to control applications and local user privileges, prevent zero-day and targeted attacks, and provide better security reporting. Without improved technology solutions, organizations will continue to have sensitive data and systems compromised by cybercriminals. The future of endpoint security requires more intelligent methods like application whitelisting to lock down systems while optimizing security and resources.
Cyber attacks are increasingly common and pose a serious threat to all organizations. The document discusses a major DDoS attack in 2016 that crippled many large companies and governments. It provides examples of data breaches at well-known companies in recent years that compromised millions of customer records. The typical attack lifecycle is described along with common sources of attacks and alarming cybercrime statistics. The emergence of new technologies like IoT and big data are also driving greater security risks. Organizations of any size can be vulnerable to attacks, so protection is important.
Dr. Arun Sood is a professor of computer science who has developed an approach called Self Cleansing Intrusion Tolerance (SCIT) to improve server security. SCIT works by converting static servers into dynamic servers that refresh regularly, reducing exposure time to malware while maintaining service. His research aims to limit losses from successful attacks by restoring servers to a pristine state frequently. SCIT has been implemented to refresh servers every minute, limiting the time for malware to cause damage.
This document provides an overview of the CISSP Mentor Program session #1. It introduces Evan Francen and Brad Nigh, who lead the program. It discusses the severe talent shortage problem in cybersecurity, noting projections of millions of unfilled jobs by 2021 and factors contributing to this problem. It also outlines the agenda, schedule, and structure for the mentor program classes, which will cover CISSP domains and preparation for the exam.
E 060 oil gas cyber security north americaAlia Malick
This document provides information about an oil and gas cybersecurity conference taking place on May 13-14, 2015 at the Marriott West Loop Hotel in Houston, Texas. The conference will feature expert panels discussing current cybersecurity threats and regulations affecting the oil and gas industry in North America. Specific topics will include the NIST cybersecurity framework, control system security, insider threats, and case studies. There will also be a pre-conference cybersecurity frameworks workshop on May 12th. The goal of the event is to help oil and gas companies understand emerging cyber risks and develop effective security programs.
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
This panel discussion on cybersecurity will focus on making attendees familiar with information security management. It will be moderated by Michael Black and feature panelists Colonel Terrence Adams, Gary Gadson, Dr. Aaron Ferguson, and Ernest Smiley. The panelists will discuss governance of cybersecurity, effective information security policies, risk management processes, and common information security practices.
Christopher W. Wright is a retired Army veteran with over 18 years of experience in leadership, management, cyber operations, and network administration. He has a Masters in Political Science and Bachelors in History. Throughout his career he has managed large communication networks supporting military operations, developed security policies, and supervised teams of up to 20 personnel. He has extensive experience in satellite communications, network engineering, and information assurance.
Learning Objective: Learn and explore the benefits and opportunities in cyber security
Technology has changed our lives for the better. Yet due to the labor shortage in the cyber security field, the small number of women in this field translates to big opportunities for growth and advancement. The possibilities are endless. From social networking to homeland security, energy, and banking, the impact of technological advancements is massive, creating the need for cyber security professionals in every industry. Join us in this seminar where a panel of cyber security professionals will discuss the opportunities and advantages for women in this growing area.
At the end of this seminar, participants will learn:
a. About the impact women can have on cyber security in diverse industries.
b. What advantages women who work in cyber security enjoy.
c. What opportunities are available for women transitioning to new careers.
d. How to transition to a career in cyber security.
The Product Manager for Installation Information Infrastructure Modernization Program (PM I3MP) helps ensure Soldiers have access to a secure, integrated communications network. Comprising over 100 personnel, PM I3MP rapidly delivers IT solutions to connect the global Army. The program provides oversight of the procurement and installation of the Army's information infrastructure worldwide. It has three assistant managers who lead work to procure, install, and sustain the information infrastructure through projects at military installations.
Bancroft Parker is a highly skilled information technology and communications professional with over 20 years of experience in the US Navy, including roles managing submarine communication systems and recruiting. He holds a Bachelor's degree in Information Technology and security clearances up to Top Secret. His experience includes roles managing submarine radio rooms, implementing encryption systems, and recruiting Navy officers.
Military Government Career Transition Event with AFCEA NOVAClearedJobs.Net
As you think about your next career, join us at the AFCEA NOVA Military Government Career Transition Seminar on May 8th from 7:30am to 9:00am at the Doubletree Hotel in Crystal City.
This event will feature a panel discussion by military personnel – from senior officers to enlisted - who have transitioned and will share with you what worked for them and what didn’t.
You will also be able to meet and network with recruiters and program managers from CACI, Next Tier Concepts, TEKSystems, Virginia Tech, Blue Canopy, Agilex, NJVC, IMTAS, Inc., Microsoft, ClearedJobs.Net, AdNet, and ExecuTech Strategic Consulting.
David Hale has over 30 years of military experience including 23 years in intelligence, cyber, and identity intelligence. He has 17 years of experience working on cyber policy issues and coordinating SIGINT, biometrics, and clandestine operations. In his career, he has managed over 40 large IT projects and has held leadership positions such as Deputy Commander of the US Army Intelligence and Security Command. He currently holds security clearances and certifications in project management and IT service management.
The document outlines the Department of Defense's strategy for operating in cyberspace. It discusses 5 strategic initiatives: 1) treating cyberspace as an operational domain; 2) employing new defense operating concepts like active cyber defense and network resilience; 3) partnering with other government agencies and the private sector; 4) building international partnerships; and 5) leveraging innovation through cyber workforce development. The strategy aims to organize, train, and equip DoD to operate effectively in cyberspace while addressing growing cyber threats from state and non-state actors.
The document outlines the Department of Defense's strategy for operating in cyberspace. It discusses 5 strategic initiatives: 1) treating cyberspace as an operational domain; 2) employing new defense operating concepts like active cyber defense and network resilience; 3) partnering with other government agencies and the private sector; 4) building international partnerships; and 5) leveraging innovation through cyber workforce development. The strategy aims to organize, train, and equip DoD to operate effectively in cyberspace while addressing growing cyber threats from state and non-state actors.
The document outlines the Department of Defense's strategy for operating in cyberspace. It discusses 5 strategic initiatives: 1) treating cyberspace as an operational domain; 2) employing new defense operating concepts like active cyber defense and network resilience; 3) partnering with other government agencies and the private sector; 4) building international partnerships; and 5) developing an exceptional cyber workforce through training and innovation. The strategy aims to help the DoD organize for, defend, and leverage opportunities in cyberspace while managing threats from state and non-state actors.
This document provides an agenda for a cybersecurity event hosted by the University of Maryland University College (UMUC) featuring several keynote speakers and panelists. The event will include keynote addresses from Deborah Frincke, Director of Research at the National Security Agency, and David DeVries, Chief Information Officer of the Office of Personnel Management. Paul Cunningham, Chief Information Security Officer of the Department of Energy, will moderate a panel discussion. Networking opportunities will be provided throughout the event. The agenda also lists several other panelists who will participate, including experts from government agencies, private companies, and academia. Attendees who apply to UMUC within 30 days can have the $50 application fee waived
This document is a resume for Robert D. Venekamp summarizing his experience in technical skills, attributes, computer skills, and professional experience in site security management and law enforcement spanning over 33 years. It highlights his key accomplishments such as being named the 2012 Department of Veterans Affairs National Police Chief of the Year. His experience includes oversight of security programs protecting nuclear weapons, B-2 Bombers, and Navy Nuclear Submarines. He has extensive leadership experience managing security operations and personnel.
Christopher Ward is currently the Director of Cyber Operations at Cyber Toa leading consulting, product sales, and strategic partnerships. He has extensive experience in cyber security and information assurance, previously serving as the New Zealand Defence Force lead for cyber security and chairing two international cyber committees. Ward has created and managed computer security incident response teams in both the UK and New Zealand. He also delivers training as a Software Engineering Institute instructor.
Elijah Weber has over 6 years of experience in information security and network administration for both classified and unclassified systems. He is proficient in building, administering, and protecting local and wide area networks in secure environments. He currently works as a Network Systems Administrator at NAWS China Lake, where he is responsible for administering three enterprise networks and ensuring compliance with security policies and vulnerability assessments.
This document provides an overview of cyber weapons. It defines cyber weapons as computer code used to threaten or cause harm to systems or living beings. Cyber weapons have two components - a penetration component to gain access to targeted systems, and a payload component to achieve intended effects like data destruction. Characteristics of cyber weapons include their dual-use nature for intelligence and attacks, difficulty in attribution, and potential for unintended consequences. The document discusses various definitions of cyber weapons and elements that comprise cyber weapons like vulnerabilities, exploits, and propagation methods. It also outlines the unique features of cyber weapons in cyberspace.
This document provides information about an upcoming conference on integrated air and missile defense (IAMD) to be held from September 28-30, 2016 in Arlington, Virginia. The conference will focus on developing sustainable and reliable solutions to next generation air and missile threats. It will include workshops and presentations on topics such as directed energy applications, improving ballistic missile defense architecture, and examining gaps in detection capabilities for non-ballistic threats. Military leaders, industry representatives, and defense experts will speak at the event. The document provides details on the agenda, speakers, sponsoring organizations, and registration information.
This document provides a resume for James P. Callahan, a retired US Air Force Colonel. It includes his contact information, professional summary, experience, accomplishments, and duties in the USAF from 1979 to 2006 including as Commander of the 98th Operations Group in Iraq from 2003 to 2004. It details his expertise in areas such as security operations, tactical planning, operational leadership, administration and management, aeronautical science, and communication/networking.
Jeremy Majors is an information security analyst and data center technician intern seeking a full-time position. He has over 20 years of experience in the US Air Force leading teams of up to 100 personnel and maintaining classified networks. Currently, he provides daily operational oversight of over 5,500 servers and maintains the data center infrastructure and documentation at TiVo. Majors holds a Bachelor's degree in Information Technology and has extensive experience with cyber security programs, risk assessment, and information management.
The document summarizes a panel discussion on cyber defense in a constantly changing environment. The panel was moderated by Tony Starks, President and COO of Starks Industries, and Sonia Kumar, Director of Cybersecurity Business Development at Starks Industries. The panelists included Renata Spinks, Cyber Technology Officer of the U.S. Marine Corps Forces Cyberspace Command; Cynthia Miller, Chief of Human Resources at the Department of Defense; and Harry Wingo, Chair of the Cyber Security Department at the National Defense University. The panel discussion focused on ensuring the U.S. military's ability to fight and win wars in cyberspace and strengthening cyber capacity and bi-directional information sharing, as outlined in
Nicholas O'Connor has extensive experience in cyber operations and information warfare. He received a Master's degree from the Naval Postgraduate School where he graduated first in his class. O'Connor has held several leadership positions, including leading 132 personnel across five Cyber Protection Teams and 19 personnel onboard a destroyer. He established innovative training programs and identified over 1,500 vulnerabilities during a mission assessment. O'Connor also has experience as a Special Evaluator, flying over 1,000 hours on 109 combat missions and providing timely intelligence.
1. Register Today! www.cybersecurityfordefense.com • 1-800-822-8684 • idga@idga.org
Admiral Michael Rogers
Commander,
United States Cyber Command
Mrs. Essye Miller
Director, Cyber Security
Army CIO/G6
ADDITIONAL FEATURED SPEAKERS
INTRODUCING OUR KEYNOTE SPEAKERS
WHY THIS IS A “MUST ATTEND” EVENT
June 24-26, 2015 | Augusta Marriott at the Convention Center, Augusta, GA
Developing the Next Generation of Cyber Warriors
Located at the Future Home of the U.S. Army Cyber Command...
Ms. Marie Baker
Senior Engineer,
Software Engineering
Institute
CYBER WORKFORCE
DEVELOPMENT
Mr. Martin Malcolm
US Army Cyber Center of Excellence
Transformation & Technology
Integrator and Cyber Security Director
Cyber Support Element-
Ft. Leavenworth, KS
CYBER SPACE LEADER
DEVELOPMENT
Complimentary to all Active Military and Government Personnel
LTC Scott Nelson
Program Manager, Cyber P3
U.S. Army Reserve
CYBER P3
ADML. Rogers is a native of Chicago and attended Auburn University, graduating in 1981 and receiving
his commission via the Naval Reserve Officers Training Corps. ADML. Rogers was selected to become a
flag officer in 2007. He assumed his present duties as the Commander, U.S. Cyber Command and director,
National Security Agency/Chief, Central Security Service in April 2014. Rogers is a distinguished graduate
of the NationalWar College and a graduate of highest distinction from the NavalWar College. He is also a
Massachusetts Institute of Technology Seminar XXI fellow, Harvard Senior Executive in National Security
alum, and holds a Master of Science in National Security Strategy.
Mrs.MillerisaSeniorExecutivewithbroadexperienceinformationtechnology.Duringher29-yearcareer,
Mrs. Miller has held positions of increased responsibility in U.S. Air Force, both tactical and strategic C4IT.
As the Director for Cyber Security, Mrs. Miller assists the Secretary of the Army, the Chief of Staff of the
Army, the Vice Chief of Staff of the Army and the CIO/G-6 with implementing cyber strategy and cyber-
related information technology initiatives. She is also the Army's Senior Information Assurance Officer
and therefore, she is responsible for the development, implementation, execution and oversight of the
Army's Cyber Security program. Mrs. Miller holds a B.A. from Talladega College, a MBA from Troy State
University, and a Masters of Strategic Studies from the United States Air War College, Pennsylvania.
Understand the future requirements of the U.S. Cyber
Command directly from its Commanding Officer
Get an Introduction to the Army Cyber Command directly
from its leadership
Come see the future home of the Army Cyber Command
Delve into the future requirements of Cyber Security during
our Focus Day
Learn how to mitigate human error on your Network
Develop advanced tactics to more effectively predict cyber
attacks
Understand best practices for deploying resilience metrics
for cyber systems
Hear about Cyber Space Leader Development, Education,
and Training
Dr. Daniel Ragsdale (COL Ret)
Professor of Practice, Dept. of
Computer Science & Engineering,
Texas A&M University
CYBER EDUCATION
2. Register Today! www.cybersecurityfordefense.com • 1-800-822-8684 • idga@idga.org
Dear Colleague,
Defending Cyber Space is never an easy task. In fact, it is
one of the most difficult tasks that the United States Military
now faces. How do you defend against an enemy that can
attack from any direction, anonymously, and can potentially
cripple entire units without firing a single shot? This is the task
given to the Military Cyber Commands.
What's the first step? To identify training gaps and educational
requirements to ensure Warfighters engaged in this fight
have the knowledge to win. To simultaneously identify next
generation technologies that can be successfully partnered
with these Warfighters, leading to the complete domination
of the battlefield.
How do we accomplish this first step? By successfully
communicating to both academia and industry what these
requirements are so that they in turn can provide the training,
education, and technology to make the Military successful.
Without successfully interfacing with industry and setting a
direction for the future, the Military understands that it will
be forced to also be in a reactive planning state, which runs
contrary to the core ideals of the Military.
This event serves as an opportunity for solution providers to
break through the background noise and present their unique
ideas and products in an environment specifically tailored to
highlighting them, while simultaneously learning about the
future requirements of the Military and a variety of other
topics. Meanwhile the Department of Defense gets a first hand
look at some of the solutions they may have not originally
considered, all in pursuit of that best value solution.
Come and be apart of the future of Cyber Security.
It starts now!
Respectfully,
Brian Wharton
Conference Director
Institute for Defense and Government Advancement
USCYBERCOM plans, coordinates,
integrates, synchronizes and conducts
activities to: direct the operations and
defense of specified Department of
Defense information networks and;
prepare to, and when directed, conduct full spectrum
militarycyberspaceoperationsinordertoenableactions
in all domains, ensure US/Allied freedom of action in
cyberspace and deny the same to our adversaries
Army Cyber Command's mission is to
plan, coordinate, integrate, synchronize,
direct, and conduct network operations
and defense of all Army networks. When
directed, Second Army will conduct
cyberspace operations in support of full spectrum
operations to ensure U.S. and allied freedom of action in
cyberspace, and to deny the same to adversaries
The mission of Fleet Cyber Command
is to serve as central operational
authority for networks, cryptologic/signals
intelligence, information operations,
cyber, electronic warfare, and space
capabilities in support of forces afloat and ashore; to
direct Navy cyberspace operations globally to deter and
defeat aggression and to ensure freedom of action to
achieve military objectives in and through cyberspace;
to organize and direct Navy cryptologic operations
worldwide and support information operations and
space planning and operations, as directed; to execute
cyber missions as directed; to direct, operate, maintain,
secure, and defend the Navy's portion of the Global
Information Grid.
The 24th Air Force's mission is to
operate, extend, and defend the Air Force
Information Network, defend key mission
systems, and provide full spectrum
cyberspace capabilities for the joint
warfighter in, through, and from cyberspace.
JUNE 24-26, 2015
AUGUSTA MARRIOTT AT
THE CONVENTION CENTER
AUGUSTA, GA
US CYBER COMMAND
Register for the all access
pass and hear future
requirements first hand.
3. JUNE 24-26, 2015
AUGUSTA MARRIOTT AT
THE CONVENTION CENTER
AUGUSTA, GA
Register Today! www.cybersecurityfordefense.com • 1-800-822-8684 • idga@idga.org
Admiral Michael Rogers
Commander,
U.S. Cyber Command
Mr. Martin Malcolm
USArmyCyberCenterofExcellence
Transformation&Technology
IntegratorandCyberSecurityDirector
Cyber Support Element-
Ft. Leavenworth, KS
Dr. Daniel Ragsdale (COL Ret)
Professor of Practice, Dept
of Computer Science &
Engineering,
Texas A&M University
Keynote: Overview of the U.S. Cyber Command
Adm. Rogers is a native of Chicago and attended Auburn University,
graduating in 1981 and receiving his commission via the Naval Reserve
Officers Training Corps. After serving in a variety of leadership positions,
Adm. Rogers was selected to become a flag officer in 2007. Rogers' joint
service both afloat and ashore has been extensive, culminating in his service
as director of the Chairman's Action Group, and a leader of the JCS Joint
Strategic Working Group. He assumed his present duties as Commander,
U.S. Cyber Command and Director, National Security Agency/Chief, Central
Security Service in April 2014. Rogers is a distinguished graduate of the
National War College and a graduate of highest distinction from the Naval
War College. He is also a Massachusetts Institute of Technology Seminar
XXI fellow, Harvard Senior Executive in National Security alum, and holds a
Master of Science in National Security Strategy.
Session: Quality Cyber Education
Dr. Daniel "Rags" Ragsdale was DARPA as a Program Manager from June
2011 to February 2015. His research interests include computer network
operations, cyber deception, cyber security education and training,
computer ethics and privacy, and network sciences. Before joining DARPA,
Dr. Ragsdale served for more than a decade at the United States Military
Academy at West Point where he held a variety of supervisory roles,
culminating with his service as Vice Dean for Education. In this capacity,
Dr. Ragsdale was the Strategic Planner and Principal Deputy toWest Point's
Chief Academic Officer. A recently retired U.S. Army colonel, Dr. Ragsdale's
operational assignments included combat deployments in support of
Operations Urgent Fury (Grenada), Enduring Freedom (Afghanistan), and
Iraqi Freedom (Iraq). In his most recent deployment, Dr. Ragsdale served
as the Deputy Commander of a 2000-personTask Force responsible for the
security and defense of the largest coalition based in Iraq.
Session: Cyber Space Leader Development, Education, and Training
Mr. Malcolm W. “Mack” Martin is the US Army Cyber Center of Excellence
Transformation & Technology Integrator and the Cyber Support Element-
Ft. Leavenworth, KS Director. A proven and highly accomplished Army
executive leader with strategic, operational and tactical expertise in the
rapidly advancing, highly dynamic cyber domain and electromagnetic
spectrum (EMS). Mr. Martin is a recognized visionary and expert on the
cyber domain, electronic warfare and EMS and has directed the in depth
and detailed analysis to develop long term Army cyberspace and EW
capabilities. Mr. Martin is a retired US Naval Flight Officer and Electronic
WarfareOfficerwithoperationaldeploymentsonnuclearsubmarines,carriers
and expeditionary aviation squadrons supporting coalition ground forces.
CONFIRMED SPEAKERS AT A GLANCE
SOME MILITARY AND
ORGANIZATIONS
EXPECTED TO ATTEND
• U.S. Cyber Command
• U.S. Army Cyber Command
• U.S. Navy Cyber Command
• U.S. Air Force Cyber Command
• U.S. Coast Guard Cyber Command
• MARFORCYBER
• Fort Gordon Cyber Center of Excellence
• Cyber Capabilities and Integration
Directorate
• TRADOC
• DAPRA
• CAC Support Element
• 35th Signal Brigade
• 7th Signal Command
• Service Academy Cyber Departments
• Army Research Lab
• Software Engineering Institute
• ESRI
• Department of Homeland Security
Ms.MarieBaker
Senior Engineer,
SoftwareEngineeringInstitute
Session: State of Cyber Workforce Development
Marie Baker is a Senior Engineer in the CERT Program at the Software
EngineeringInstitutewheresheisamemberoftheCyberSecuritySolutions
directorate. Baker operates with the Cyber Workforce Development team
where she is responsible for managing the development of training
assets that support federal training directives. Baker has over 15 years of
experience in information technology, particularly in information security
and assurance training and holds a BS degree in Computer Science from
Robert Morris University and an MS in Information Technology from
Carnegie Mellon University, as well as several industry certifications.
BREAKDOWN OF
SUBCONTRACTORS
EXPECTED TO ATTEND
Mrs. Essye Miller
Director, Cyber Security
Army CIO/G6
Keynote: Vision of Army Cyber Security
Mrs. Miller is a Senior Executive with broad experience information
technology. During her 29- year career, Mrs. Miller has held positions of
increased responsibility in U.S. Air Force, both tactical and strategic C4IT.
As the Director for Cyber Security, Mrs. Miller assists the Secretary of
the Army, the Chief of Staff of the Army, the Vice Chief of Staff of the
Army and the CIO/G-6 with implementing cyber strategy and cyber-
related information technology initiatives. She is also the Army's Senior
Information Assurance Officer and therefore, she is responsible for the
development, implementation, execution and oversight of the Army's
Cyber Security program. Mrs. Miller holds a B.A. from Talladega College,
a MBA from Troy State University, and a Masters of Strategic Studies from
the United States Air War College, Pennsylvania.
4. Register Today! www.cybersecurityfordefense.com • 1-800-822-8684 • idga@idga.org
AGENDA AT A GLANCE
FUTURE REQUIREMENTS DAY: WEDNESDAY, JUNE 24, 2015
MAIN CONFERENCE DAY 1: THURSDAY, JUNE 25, 2015
08:00 Registration
08:45 Chairperson Welcome and Opening Remarks
09:00 Workshop A: DoD Cyber Warfare of 2025
10:30 Morning Networking & Refreshment Break
10:45 Workshop B: Network Resiliency: How to Mitigate the Damage after its Done
12:15 Lunch
13:15 Workshop C: Intrusion Detection and Firewall Customization
14:45 Afternoon Refreshment Break
15:00 Workshop D: Designing the Perfect Cyber Defender Team
16:30 Chairperson Closing Remarks
16:45 End of Future Requirements Day
08:00 Registration & Coffee
08:45 Chairperson’s Welcome and Opening Remarks
09:00 Keynote: Overview of US Cyber Command
09:45 Reserved for Presentation by Fort Gordon CG
10:30 Morning Networking & Refreshment Break
11:15 Cyber Security Best Practices: Offense VS Defense
12:30 Networking Lunch
13:30 Mitigating Human Error Within Your Network
14:15 Cyber Space Leadership Development Education and Training
15:00 Afternoon Networking & Refreshment Break
15:45 Reserved for Presentation by Commandant of U.S. Army Cyber School
16:30 Resilience Metrics for Cyber Systems
17:15 Closing Remarks
17:30 End of Main Conference Day One
MAIN CONFERENCE DAY 2: FRIDAY, JUNE 26, 2015
07:45 Registration & Coffee
08:30 Chairperson’s Recap of Conference Day One
08:45 Quality Cyber Education
09:30 State of Cyber Workforce Development
10:15 Morning Networking & Refreshment Break
11:00 Overcoming the Inherent Vulnerabilities of Cyber Physical Facilities
11:45 Challenges within Cyber Security
12:30 Networking Lunch
13:30 Enduring Threats in Cyber Space
14:15 Afternoon Networking & Refreshment Break
14:45 Increasing Need for Cooperation within the Cyber Community
15:30 Predicting Cyber Attacks
16:15 Chairperson’s Closing Remarks
16:30 End of Conference