Laurianna Callaghan presented on developing a security awareness program from simple to mature. She outlined the SANS maturity model, which ranges from non-existent programs to mature programs that incorporate metrics and a security awareness lifecycle. Callaghan discussed key elements of simple, compliance-focused, and promoting awareness programs before focusing on the characteristics of a mature program, including measuring impact through metrics in areas like compliance, incidents, culture and technology. She emphasized changing perspectives to see humans not as a liability but as stakeholders and concluded by offering next steps organizations can take to advance their programs.
Security is overdue for actionable forecasts. Like predicting the weather, similar models should work for vulnerabilities. With some open source data and a clever machine learning model, Kenna Securities can predict which vulnerabilities attackers are likely to write exploits for. Their model has 90 percent accuracy, one the day a vulnerability is released. The speaker will issue some forecasts live.
(Source: RSA Conference USA 2018)
Security is overdue for actionable forecasts. Like predicting the weather, similar models should work for vulnerabilities. With some open source data and a clever machine learning model, Kenna Securities can predict which vulnerabilities attackers are likely to write exploits for. Their model has 90 percent accuracy, one the day a vulnerability is released. The speaker will issue some forecasts live.
(Source: RSA Conference USA 2018)
Dave Hogue provided one of the first in-depth perspectives from a “Day in the Life” of NSA’s Cybersecurity Threat Operations Center (NCTOC)—the mission, threat landscape, and offer best principles for CISOs and other network defenders. Mr. Hogue equipped the audience with actionable insights that they can implement into their daily operations.
(Source: RSA Conference USA 2018)
How security analytics helps UCAS protect 700,000 student applicationsSplunk
For two weeks a year, UCAS, the UK’s Universities and Colleges Admissions Service, is seen as a critical national service, during which 700,000 students rely on the service to find and secure university placements. If UCAS fails, students won’t get their places confirmed on time and universities won’t fill the spaces they need to. Personal data flows from the point of student application, through UCAS, to the universities. Protecting this data is paramount.
Join this webinar to learn how the UCAS uses Splunk Enterprise Security running on Splunk Cloud to gain real-time end-to-end visibility and reporting across various technology stacks, both on premise and across their AWS environment, and why an analytics-driven approach can enable you to identify anomalies that could indicate potential compromise.
Find out how Splunk helps UCAS:
· Gain centralised visibility into their Security Operations Center (SOC)
· Use incident investigation to prove-negative for breach notification obligation under the Data Protection Act 1988 (soon to be GDPR)
· Proactively detect security risks beyond malware
A Day in the Life of a GDPR Breach - September 2017: France Splunk
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organisation has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next? Splunk's own Mathieu Dessus and Elizabeth Davies explore the future scenario.
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organization has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next?
Join this session to learn about the impact of GDPR and go through a breach investigation and response scenario as it would be after GDPR comes into effect in May 2018. You’ll hear from Splunk’s Data Privacy Officer Elizabeth Davies and Splunk’s Security Ninja Matthias Maier.
What you will learn:
- What breach response will look like under the GDPR
- What tools and processes a data privacy officer will rely on in case of a breach
- What departments and entities will be involved beyond IT
- What activities are currently happening within organizations to prepare for the GDPR
- What the consequences of the breach could be
Watch the webinar: http://explore.splunk.com/GDPR_Webinar_EN
Splunk for Enterprise Security featuring UBA Splunk
This session will review Splunk’s two premium solutions - Splunk Enterprise Security (ES) is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and
incident response environments. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
If you follow the trade press, one theme you hear over and over again is that organizations are drowning in alerts. It’s true that we need technological solutions to prioritize and escalate the most important alerts to our analysts, but the humans have a critical part to play in this process as well. The quicker they are able to make decisions about the alerts they review, the better they are able to keep up. An incident responders’ most common task is alert triage, the process of investigation and escalation that ultimately results in the creation of security incidents. As crucial as this process is, there has been remarkably little written about how to do it correctly and efficiently. In this presentation, learn incident response best practices from Sqrrl security expert, David Bianco.
The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software.
For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways that they can be chained together for the purpose of automation.
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemPriyanka Aash
While near-ultrasonic communications are gradually established as an alternative to Bluetooth and WiFi, the technology remains largely unregulated. This talk will go through the security challenges that the ecosystem faced from its inception, demonstrate its shortcomings and propose mitigations. The insights shared will inform potential adopters and those seeking to prevent security incidents.
Learning Objectives:
1: Learn about near-ultrasonic communication technology and the surrounding ecosystem.
2: Explore security shortcomings, privacy issues and mitigations.
3: Discover past and future security incidents, coupled with relevant insights.
(Source: RSA Conference USA 2018)
Is your SOC overwhelmed with alerts and threats? Cyber-adversaries are wielding tools and machine power, while organizations are still trying to scale their cybersecurity with OpEx and poorly planned CapEx spending. In this session, you will learn from a SOC expert about mistakes that have been made in the past, what we can do about it right now and what is in store as we move towards SOC 2030.
(Source: RSA Conference USA 2018)
A Day in the Life of a GDPR Breach - September 2017: Germany Splunk
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organisation has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next? Splunk's own Matthias Maier and Elizabeth Davies explore the future scenario.
Detecting and Catching the Bad Guys Using Deception
Traditional controls are well known for their short comings in the face of modern cyber-attacks. Cyber security technologies will make use of signature based, behavioral, Next Generation capabilities or attempt to augment capabilities by leveraging cloud based or on premise cyber analytics warehouse and threat intelligence feeds via indicator of compromise (IOC) or other mechanisms. Although the later efforts have increased organizational cyber capabilities, they only do so with proper investments in people, process and technology. Additionally, as attackers adapt to defenses, these controls begin to experience decreasing marginal rates of defensive capability.
Deception programs, architectures and technologies endeavor to augment existing cyber security capabilities through the use of honeypots or honey net (decoys) or breadcrumbs or broken glass (deceptions).
Advanced deception technologies are differentiated by the use of distributed deception technology which features agentless, simple deployment capabilities with lightweight deceptions that leverage operating system objects deceive attackers into triggering alerts. Normal users would never trigger the deceptions as an attacker would, resulting in high fidelity alerting with near-zero false positives. Such technology consequently serves to not only augment cyber security capabilities post-breach but provides a new, highly effective post-breach cyber security capability along with precise real-time forensics.
James Muren is a strategist and delivers workshops in cyber security strategy, GRC and security architecture that are used to develop long-term strategies and tactical roadmaps for customers that addresses security for legacy and cloud architectures. As a strategic management consultant and having built fully capable cyber programs in the past, he helps mentor and lead teams for programs & projects in information technology & cyber security. James is primarily focused on the business benefits of cyber security, and the demonstration of those benefits through metrics that can be quickly communicated to executive leadership. By properly integrating security controls within a regulatory and policy context, security programs such as breach and incident response, data governance, forensics, etc. can properly demonstrate value, receive proper investment and adequately secure organizations.
James is also a researcher. His areas of research include: Continuous GRC, cyber analytics, Trusted Computing Group (TCG), Security Automation, Hardware & Software Security, ICS, SCADA, IOT, Malware Research, Full System Security Design Lifecycle and Leap Ahead technology.
Dave Hogue provided one of the first in-depth perspectives from a “Day in the Life” of NSA’s Cybersecurity Threat Operations Center (NCTOC)—the mission, threat landscape, and offer best principles for CISOs and other network defenders. Mr. Hogue equipped the audience with actionable insights that they can implement into their daily operations.
(Source: RSA Conference USA 2018)
How security analytics helps UCAS protect 700,000 student applicationsSplunk
For two weeks a year, UCAS, the UK’s Universities and Colleges Admissions Service, is seen as a critical national service, during which 700,000 students rely on the service to find and secure university placements. If UCAS fails, students won’t get their places confirmed on time and universities won’t fill the spaces they need to. Personal data flows from the point of student application, through UCAS, to the universities. Protecting this data is paramount.
Join this webinar to learn how the UCAS uses Splunk Enterprise Security running on Splunk Cloud to gain real-time end-to-end visibility and reporting across various technology stacks, both on premise and across their AWS environment, and why an analytics-driven approach can enable you to identify anomalies that could indicate potential compromise.
Find out how Splunk helps UCAS:
· Gain centralised visibility into their Security Operations Center (SOC)
· Use incident investigation to prove-negative for breach notification obligation under the Data Protection Act 1988 (soon to be GDPR)
· Proactively detect security risks beyond malware
A Day in the Life of a GDPR Breach - September 2017: France Splunk
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organisation has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next? Splunk's own Mathieu Dessus and Elizabeth Davies explore the future scenario.
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organization has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next?
Join this session to learn about the impact of GDPR and go through a breach investigation and response scenario as it would be after GDPR comes into effect in May 2018. You’ll hear from Splunk’s Data Privacy Officer Elizabeth Davies and Splunk’s Security Ninja Matthias Maier.
What you will learn:
- What breach response will look like under the GDPR
- What tools and processes a data privacy officer will rely on in case of a breach
- What departments and entities will be involved beyond IT
- What activities are currently happening within organizations to prepare for the GDPR
- What the consequences of the breach could be
Watch the webinar: http://explore.splunk.com/GDPR_Webinar_EN
Splunk for Enterprise Security featuring UBA Splunk
This session will review Splunk’s two premium solutions - Splunk Enterprise Security (ES) is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and
incident response environments. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
If you follow the trade press, one theme you hear over and over again is that organizations are drowning in alerts. It’s true that we need technological solutions to prioritize and escalate the most important alerts to our analysts, but the humans have a critical part to play in this process as well. The quicker they are able to make decisions about the alerts they review, the better they are able to keep up. An incident responders’ most common task is alert triage, the process of investigation and escalation that ultimately results in the creation of security incidents. As crucial as this process is, there has been remarkably little written about how to do it correctly and efficiently. In this presentation, learn incident response best practices from Sqrrl security expert, David Bianco.
The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software.
For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways that they can be chained together for the purpose of automation.
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemPriyanka Aash
While near-ultrasonic communications are gradually established as an alternative to Bluetooth and WiFi, the technology remains largely unregulated. This talk will go through the security challenges that the ecosystem faced from its inception, demonstrate its shortcomings and propose mitigations. The insights shared will inform potential adopters and those seeking to prevent security incidents.
Learning Objectives:
1: Learn about near-ultrasonic communication technology and the surrounding ecosystem.
2: Explore security shortcomings, privacy issues and mitigations.
3: Discover past and future security incidents, coupled with relevant insights.
(Source: RSA Conference USA 2018)
Is your SOC overwhelmed with alerts and threats? Cyber-adversaries are wielding tools and machine power, while organizations are still trying to scale their cybersecurity with OpEx and poorly planned CapEx spending. In this session, you will learn from a SOC expert about mistakes that have been made in the past, what we can do about it right now and what is in store as we move towards SOC 2030.
(Source: RSA Conference USA 2018)
A Day in the Life of a GDPR Breach - September 2017: Germany Splunk
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organisation has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next? Splunk's own Matthias Maier and Elizabeth Davies explore the future scenario.
Detecting and Catching the Bad Guys Using Deception
Traditional controls are well known for their short comings in the face of modern cyber-attacks. Cyber security technologies will make use of signature based, behavioral, Next Generation capabilities or attempt to augment capabilities by leveraging cloud based or on premise cyber analytics warehouse and threat intelligence feeds via indicator of compromise (IOC) or other mechanisms. Although the later efforts have increased organizational cyber capabilities, they only do so with proper investments in people, process and technology. Additionally, as attackers adapt to defenses, these controls begin to experience decreasing marginal rates of defensive capability.
Deception programs, architectures and technologies endeavor to augment existing cyber security capabilities through the use of honeypots or honey net (decoys) or breadcrumbs or broken glass (deceptions).
Advanced deception technologies are differentiated by the use of distributed deception technology which features agentless, simple deployment capabilities with lightweight deceptions that leverage operating system objects deceive attackers into triggering alerts. Normal users would never trigger the deceptions as an attacker would, resulting in high fidelity alerting with near-zero false positives. Such technology consequently serves to not only augment cyber security capabilities post-breach but provides a new, highly effective post-breach cyber security capability along with precise real-time forensics.
James Muren is a strategist and delivers workshops in cyber security strategy, GRC and security architecture that are used to develop long-term strategies and tactical roadmaps for customers that addresses security for legacy and cloud architectures. As a strategic management consultant and having built fully capable cyber programs in the past, he helps mentor and lead teams for programs & projects in information technology & cyber security. James is primarily focused on the business benefits of cyber security, and the demonstration of those benefits through metrics that can be quickly communicated to executive leadership. By properly integrating security controls within a regulatory and policy context, security programs such as breach and incident response, data governance, forensics, etc. can properly demonstrate value, receive proper investment and adequately secure organizations.
James is also a researcher. His areas of research include: Continuous GRC, cyber analytics, Trusted Computing Group (TCG), Security Automation, Hardware & Software Security, ICS, SCADA, IOT, Malware Research, Full System Security Design Lifecycle and Leap Ahead technology.
Business Geekdom: 1 = 3 = 5
Each year a security team participates in several audits, meetings with the business and strategy meetings. Often times, security is seen as one imposing requirements that are either too difficult, impossible to manage or flat out ridiculous.
This is similar to a geek. A geek is defined, as, "an unfashionable or socially inept person." Is this socially ineptness actually just the lack of the ability to translate the passion of the security professional to the business professional?
In this presentation, I would like to cover how to create, establish and evangelize a framework that has one backend with several frontends. The backend is a common security control framework (not the UCF) and the front end translates to the various business units, audits and business strategies encountered in a security professionals profession each year.
Grant Gilliam is a Enterprise and Solutions Architect for CHRISTUS Health. Previously, Gilliam has been a security architect, senior security engineer and senior data security analyst. Industries worked in include healthcare, insurance, software and news media. Gilliam has also established and created his own business focusing in outsourcing non-competitive business tasks for allowing clients a strategic advantage over competitors by minimizing FTE and contractor headcount.
His educational background includes a Master of Science in Information Systems, focusing in Information Security, and Bachelor of Business Administration in Management Information Systems, both from Baylor University. The focus of his masters degree research was IT law and Intellectual Property. Gilliam also is a Certified Information Systems Security Professional, Certified Information Security Manager and Certified Information Systems Auditor.
Array Networks - A Layered Approach to Web and Application Security
Encryption creates the need for at least two levels of security. ADC’s provide high availability and a secure layer for SSL traffic termination, decryption, inspection and forwarding to advanced security appliances for further inspection.
Ed Keiper is a senior systems engineer with Array Networks. His background includes 10+ years of experience in cloud computing, infrastructure and security.
Harold Toomey, Principal Product Security Architect; McAfee, Part of Intel Security
My Other Marathon
When it comes to enterprise IT applications, what happens before you purchase the software can significantly impact your business even after it is installed with the best security controls. Learn what software developers should be doing to ensure their code is free from vulnerabilities before you ever put their products into an operational environment. People, processes, and technology needed to run a successful software security program and incident response team (PSIRT) will be covered. The tasks required to do this have been adapted to both waterfall and agile development methodologies. Each task will be compared to my recent journey of running my first 100 mile ultra-marathon. I will answer the question: “Which is less painful, developing secure software or running a 100 mile race?”
Red, Amber, Green Status: The Human Dashboard
This session will outline the importance of presenting actionable metrics for the Security Awareness program. Oftentimes security programs are presented while omitting the most constant threat to Information Systems: the human. From a security awareness perspective, we will review analytics that include key performance indicators that may already be available to you; they just need to be added to the new human dashboard.
Laurianna Callaghan currently serves as a security consultant for Ana Academy, a Dallas based security training company. Previously, Laurianna worked with Dell where she was the creator of security analytics for a major healthcare customer which were presented at the 2016 IASAP conference. In addition, Laurianna has more than 21 years experience in various IT domains. She has served as the Director of Systems Engineering for a telemarketing firm, the UNIX/MVS Manager for a major airline and has IT experience in the healthcare, communications, transportation, education, retail, and other industry sectors. Laurianna holds both the CCNA Security and CISSP designations.
Doug Landoll, CEO, Lantego
Why Lead with Risk?
There are many approaches to establishing, maintaining and improving information security programs: technology-centric, policy-driven, framework-based, audit-driven, compliance-driven, or risk-based. Mr. Landoll will discuss these each of these approaches and give concrete examples of why the only effective approach is to lead with risk. The presentation will also give pointers on conducting an effective security risk assessment and establishing a risk management process. Many of these approaches are based on Mr. Landoll's book: The Security Risk Assessment Handbook (2011).
Layered Security / Defense in Depth
One area that I have found that even seasoned security professionals have a problem with articulating is layered security (defense in depth). Most are familiar with their area of expertise (servers, networks, pen testing, etc.), but have never viewed security as a heterogeneous process. In my presentation I use a layered diagram to highlight what controls are in what layers, what controls interact across layers, and what a complete layered security model would look like vs. what a more typical company security model does look like.
Nathan Shepard
CISSP, CISM, CRISC, CISA
33 Years in IT.
21 Years in Information Security.
Information Security consulting at the corporate governance level.
Information Security management for outsourced InfoSec delivery.
A Brief History of Cryptographic Failures
Cryptography is hard. It's not hard in the way a challenging video game is, or hard like getting through War and Peace without falling asleep, or even hard like learning a new skill. Cryptography is hard because it's both a system and a technical implementation, and failures in either part can have catastrophic (and sometimes existential) impacts. In this talk we'll take a look at some of the many ways that cryptographic systems have failed over the years, from accidental design flaws like the Data Encryption Standard (DES) defeat so elegantly demonstrated by the Electronic Frontier Foundation to intentional design flaws such as the reported National Security Agency (NSA) backdoor in the Dual Elliptic Curve (EC) Deterministic Random Bit Generator (DRBG). This talk will be a high-level discussion... no PhD in mathematics is required!
Brian Mork is the Chief Information Security Officer for Celanese, where he acts as a senior level executive reporting to the Chief Information Officer (CIO) and leading the strategy and operations of Information and Systems Security. His areas of responsibility include the Security Operations Center (SOC), SAP security, global security architecture, Industrial Control Systems (ICS) security architecture and governance, and the firewalls. He is responsible for establishing and maintaining an enterprise wide information security program to ensure that data information assets are adequately protected. Responsible for identifying, evaluating and reporting on information security risks in a manner that meets company needs, compliance and regulatory requirements. Mr. Mork oversees all technology risk management activities and acts as an advocate for all information security and business continuance best practices.
The Essentials of Cyber Insurance: A Panel of Industry ExpertsShawn Tuma
Patrick Florer (Risk Centric Security, Inc.), Mark Knepshield (McGriff, Seibels & Williams), and John Southrey (Texas Medical Liability Trust) are cyber insurance industry experts who have been working in the industry for longer than most of the newly-minted experts have even known about cyber insurance. In this panel presentation at the North Texas ISSA Conference, cybersecurity and data privacy attorney Shawn Tuma moderated their discussion and it was outstanding even though they did not make it through half of the slides due to the depth of their discussion. The presentation date was November 10, 2017.
The Art of Evading Anti-Virus
There are estimates that security analysts, to include penetration testers, are approximately 5 years behind malicious actors. Anti-virus by itself isn’t enough to stop a malicious individual from gaining access to your servers or computers anymore. In fact many of them have devised ways to evade anti-viruses. We as security professionals should understand how these individuals are doing this, and what tools are available for us to replicate these attacks. Tools such as veil-framework assist us with this. This talk will go over this tool, and how malicious individuals evade anti-viruses with ease.
Quentin Rhoads-Herrera is a security analyst for State Farm. In this position he is responsible for risk analysis and application security assessments. He is accountable for ensuring risks are identified and properly mitigated throughout the organization.
He previously served as the Information Security Director for Clearview Energy and Solarview. In this position he oversaw all information security activities. These included development of company-wide cyber security standards, development of layered defense approaches and the hardening and defense of all company systems.
Mr. Rhoads-Herrera has worked in the Information Security space for a total of seven years serving in roles ranging from Security Consultant to Information Security Director.
Intellectual Property Protection―
Cross Roads between Ethics, Information Security, and Internal Audit
Richard (Rick) Brunner has more than 40 years experience in information security and technology, specializing in secure systems/application design and development, system architectures, information risks and controls, testing, and strategy and program management. Rick’s past assignment was as an Assistant Vice President, Security Strategy and Architecture at GM Financial and has worked in Healthcare, Finance, Human Resources, Military, and Intelligence. Rick has 32 years of military service, both active and reserves, rising to the rank of Colonel (0-6). He holds an Executive Jurist Doctorate degree, concentration in Law and Technology from Concord Law School; Master of Science degree in Computer Science, concentration in Information Systems Security from James Madison University; and a Bachelor of Science degree in Mathematics and Computer Science from University of Texas at San Antonio. Rick is an Assistant Faculty member at Collin College, instructing courses in their cyber security program and is an active member of Collin’s Cyber Security Advisory Board. Rick holds the following certifications:
• Certified Information Systems Security Professional (CISSP) (Certification Number: 375658)
• SABSA Chartered Security Architect - Foundation Certificate (SCF) (License SCF14020703)
• ITIL Foundation Certificate in IT Service Management (Certification Number: 37823)
Day in the Life of a Security Solutions Architect
I'd like to present my "Day in the Life of a Security Solutions Architect" at Hewlett Packard Enterprise. In this presentation, I'll go into detail of what exactly I do as a security architect, and my career progression which got me there. I'll speak about my daily activities, successful client engagements, skills required, etc. I'm happy to answer any questions from the audience, share insights, what I wish I had done earlier in my career, etc.
Marco Fernandes is a Security Solutions Architect at Hewlett Packard Enterprise. Prior to that I worked in IT in the defense industry and security consulting in the commercial world. I'm also President of the North Texas Cyber Security Association. I was born in Dallas, TX, and I obtained my Bachelor of Science in Business Computer Information Systems from the University of North Texas. I've In my free time I enjoy card games, reading, fitness, watching WWE wrestling, & helping my community.
Hacking Performance Management, the Blue Green Game - With a live demo!
Dr. Branden R. Williams has almost twenty years of experience in technology and information security, both as a consultant and an executive. Branden co-founded a technology services company that provided the foundation to a prominent e-learning company. He has vast experience as a practitioner and consultant which included helping companies create user-centric security controls and models. His specialty is navigating complex landscapes—be it compliance, security, technology, or business—and finding innovative solutions that save companies money while reducing risk and improving performance. Along the way, he was a Consulting Director for VeriSign/AT&T, one of four CTOs at RSA, ISSA Distinguished Fellow, elected to the PCI Board of Advisors, and author of four books.
Assuming people are rational, we all do things to maximize our payoffs. It's why things like Enron, and the Sub Prime mortgage crisis happen. This demonstration will show you a key element to designing performance management systems that employees will hack to their advantage.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
3. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
AGENDA
• Why bother with the human?
• Simple program.
• Mature program.
• Next steps.
3
4. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
WHY BOTHER WITH THE HUMAN?
4
5. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
STATISTICS
• Statistics against the human are
daunting.
• Humans are the prevalent
enabler of attacks from the
outside.
• The stronger your security, the
more humans will become
targets.
5
Technology
1st Qtr 2nd Qtr
3rd Qtr 4th Qtr
Compliance
1st Qtr 2nd Qtr
3rd Qtr 4th Qtr
Culture
1st Qtr 2nd Qtr
3rd Qtr 4th Qtr
6. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
“JUST ONE CLICK”
• Fallacy: If one person in a company clicks, we
might as well not teach anyone.
• If enough people report spam, Security may be able to
take quick action.
• Less devices would get infected by malware.
• If using an anti-virus, other companies will benefit.
• Security Awareness saves time, effort and money.
6
7. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
LACK OF CONTROL
7
• For the most part, you can control
technology through proper
configuration and prevention.
• Humans are unpredictable
and cannot be configured.
They require a different
method of security.
Some don’t care.
Some don’t understand.
Some don’t know.
Some just want to be left alone.
8. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
SLEEP
• A truly mature security awareness
program can help you sleep.*
• From security awareness alone, a
mature dashboard can help
determine which technology is “in
danger.”
• Think of what can be done when
consolidating metrics with other
secure applications and AI programs.
*This statement not evaluated by the FDA.
8
KEEPS YOU UP AT
NIGHT
9. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
SIMPLE PROGRAM
9
10. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
SANS MATURITY MODEL
10
11. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
NON-EXISTENT
• Smaller companies.
• Small home-grown companies.
• No perceived need for PCI-DSS or HIPAA, etc.
• Companies that don’t know what to do.
• Companies that don’t follow regulations.
11
12. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
COMPLIANCE FOCUSED
• Most simple programs include
just 1 or 2 projects.
• Trinkets and training only.
• Newsletter or other form of
sending tips and information.
• Humans chose whether they
participate, and many don’t.
• Forgo the Security Awareness
Life Cycle.
“Be Secure”
Button
13. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
PROMOTING AWARENESS
• Understands behavior change.
• Teaches home and travel security.
• Program consistent annually.
• Targets specific behaviors.
• Continual reinforcement.
• Learn by example.
• Changes behavior.
13
14. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
CULTURE CHANGE
• Focuses beyond training with
multiple delivery methods.
• Follows the Security Awareness
Life Cycle.
• Consistent review of program
with updates.
• Executive buy-in.
• Budge resources.
14
15. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
MATURE PROGRAM
15
16. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
SANS MATURITY MODEL
16
17. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
MATURE PROGRAM
• Metrics track progress and
measure impact.
• Each project is planned,
analyzed, designed,
implemented and continually
maintained.
• Given a technology, the
dashboard can show which
human and insecure activity
poses the greatest danger.
• Awareness programs
continually improve with time.
• A culture is built inherently that
humans want to participate in.
• Program and projects are
robust.
17
18. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
CHANGE
• Change our need for control when it
comes to the human factor.
• Change will bring more than you’ve
ever dreamed of to your whole
security program and team.
18
• Customer service is key.
• Your department’s reputation has
everything to do with it.
• Have “honey” at the ready.
• You can catch more flies with
honey than you can with vinegar.
• Plan fun activities.
• What do they know about the
Security Dept.?
19. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
BUY IN
• Humans must have a
stake in the game.
• “What’s in it for me?”
• Protect your family.
• Protect your
401k/retirement
funds.
• Gain useful items.
• Gain fun prizes.
• Share with others
(knowledge).
• Resume builder for
some.
19
22. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
INCIDENT METRICS
• SPAM and phishing reported.
• Social engineering phone calls
reported.
• Phishing texts reported.
• Number of brute forced
passwords cracked.
• Screen viewable area checks.
• Confidential data printed and
left unattended checks.
• Screen lock checks.
22
SPAM
1st Qtr 2nd Qtr
3rd Qtr 4th Qtr
Security Check
1st Qtr 2nd Qtr
3rd Qtr 4th Qtr
Passwords Cracked
1st Qtr 2nd Qtr
3rd Qtr 4th Qtr
23. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
CULTURE METRICS
• Number of respondents to SA
surveys.
• Number of attendees at road
shows.
• Number of newsletter readers.
• Number of complimentary
emails to program.
• Number of badge warnings.
• Number of visits to intranet
site.
23
Road Show
Attendance
1st Qtr 2nd Qtr
3rd Qtr 4th Qtr
Newsletter Unique
Views
1st Qtr 2nd Qtr
3rd Qtr 4th Qtr
Intranet Unique
Views
1st Qtr 2nd Qtr
3rd Qtr 4th Qtr
24. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
TECHNOLOGY METRICS
• Phishing and other SA metrics go much, much
further than a simple program.
• Learn which databases, which machines, etc. are
at the greatest risk.
24
Server Z
1st Qtr 2nd Qtr
3rd Qtr 4th Qtr
Database A
1st Qtr 2nd Qtr
3rd Qtr 4th Qtr
Data Store 3
1st Qtr 2nd Qtr
3rd Qtr 4th Qtr
25. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
AWARENESS LIFE CYCLE
• Follow the Security
Awareness Life Cycle (SALC)*.
• Requirement analysis
• Design
• Implement
• Test and integrate
• Maintain and Evolve
• SALC applies to each project.
*Software/Systems Development Life Cycle (SDLC)
25
26. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
NEXT STEPS
26
27. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Laurianna Callaghan, CISSP, CCNA Security
NEXT STEPS
• Discuss a Security Awareness program with your CSO.
• Get executive buy-in. Present or invite FBI, Police or
other authoritative speaker(s).
• Navigate to SANS Securing the Human.
• Discuss the importance of human security to your
CISO and/or CSO. Use real examples.
• Follow the SANS maturity model to find your
company’s level and challenge them to move
forward.
27