OCTOBER 20 , 2 0 11 Lunch Speaker Room A Speaker Room B Speaker Room C Speaker Room D Keynote Hall Room7:00 Registration, Exhibition, and Breakfast Buffet8:30 Keynote Speaker : Marc Hoit – University Campus: A Microcosm of the Future9:20 Exhibition9:30 Keynote Speaker : Tom Limoncelli – You Suck At Time Management (but it ain’t your fault!) CAPTURE THE FLAG10:20 Exhibition and Tom Limoncelli Book Signing Governance, Risk Professional Data and Endpoint Diamond Sponsor Physical Security & Compliance Development Security Sessions Srini Kolathur - How to Secure DB Infra Beth Wood – Ron Stamboly – Jon Welborn – Using Best Practices Leading By Example/ Authentication of10:30 Introduction to $/&+( for Risk Mitigation, Building Effective Personal Mobile Lockpicking Compliance, Audit Teams Devices | and Assessment LOCKPICK VILLAGE11:20 Exhibition "% !./0*)1 Sandy Bacik – Michael Sutton – Hans Enders – Garion Bunn – Building a Lasting Corporate Jon Welborn – Reinventing11:30 Winning in Business IT GRC Policy Espionage for High Security Locks Dynamic Test- and Life Architecture Dummies ing: Real-Time Hybrid12:15 Lunch Buffet and Exhibition | Penetration Cloud and Security Strategy Applications and Diamond Sponsor LOCKPICK CHALLENGE Testing / SNA Virtual Security and Architecture Development Sessions Ron Stamboly – #,&0*.- Jim Murphy – Steve McKinney – Ryan Linn – Managing Risk, David Duncan – Information Enabling the1:30 Progression Liability and Key Trends in Security Doesn’t Business with of a Hack Compliance in Removable Device Just “Happen”! Security Metrics the Cloud Security2:15 Exhibition and Ryan Linn Book Signing %#$*(%(# !"&) Phillip Grifﬁn – Matt Cooley – Mark Hinkle – Dwayne Melançon Jonathan Norman – Making Fat Web Application Crash Course on2:30 Anatomy of Messages Available: Shahab Nayyer Social Engineering Open Source Cloud an Attack Binary XML Vulnerabilities Computing Steve McKinney Encoding3:30 Keynote Speaker: Lenny Zeltser – Knock, Knock! How Attackers Use Social Engineering to Bypass Your Defenses4:20 Exhibition4:30 Announce Winners of Lockpick Challenge and Capture the Flag (Keynote Hall)5:00 Chapter and Sponsor Giveaways, must be present to win (Keynote Hall)
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11WELCOMEThe Raleigh ISSA Chapter welcomes you to the seventh annual Triangle InfoSeCon.We are very pleased you joined us today. Our conference goal: offer you a convenient way to learn more about the state ofInformation Systems Security (ISS) today, right here in central North Carolina. Our selected speakers offer you a balanced andbroad program. The Raleigh ISSA Chapter especially thanks all the speakers and our conference sponsors, without whom thisevent is not possible. Please visit our sponsors in the exhibit area to learn about the latest in ISS products and services. Enjoythe conference. Please fill out the feedback forms. Your response is important. We strive to improve each year.McKimmon Center InfoSecon Conference Layout (not to scale) 3
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11ABOUT THE ISSAThis conference is brought to you by the Raleigh Chapter ofthe Information Systems Security Association. The ISSA is aninternational professional organization aimed at providing edu-cational forums, publications and peer interaction opportunitiesthat enhance the knowledge, skill and professional growth of itsmembers. The Raleigh Chapter became an official ISSA chapterin February 2003. We meet on the first Thursday of every monthat the McKimmon Center on the campus of NC State University.You can find out more about the chapter at http://raleigh.issa.org.If you would like to get on our announcements email list, pleasesend an email to email@example.com. New This Year! Lockpick Village: Stop by the Lockpick Village and try your hand at picking various locks, from handcuffs to padlocks, door locks and more. Sponsored by the FALE Association of Locksport Enthusiasts (FALE), there will be games, demonstrations, and hands-on workshops for attendees to learn, play and share their experiences. Lockpick sets will be available for purchase for $20. Capture the Flag: Think you have 1337 skilz? Stop by the Capture the Flag event and prove it! Pit your hacking skills against the server, collecting as many flags as you can. Each participant will be scored based on the number of flags captured within the time limit. The winner will be announced at the end of the conference. Don’t forget to turn in your feedback forms! Conference drawings are made from completed returned conference feedback forms and requires at least 12 sponsor “stamps” and your legible name to be eligible. Sponsor door prizes and give-a-ways are drawn from attendees collected business cards directly. All drawings are at 5:00 pm and you must to be present to win.
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11KEYNOTE SPEAKERS 8:30 Marc Hoit Vice Chancellor for IT and CIO, North Carolina State University Marc Hoit is the Vice Chancellor for Information Technology and the Chief Information Officer (CIO) for North Carolina State University (NCSU) in Raleigh, North Carolina. He began his role as the Vice Chancellor for Information Technology in September 2008. Since arriving, he has worked to develop an IT Governance Structure, Strategic Operating Plan and launched a number of key foundational projects that will improve efficiency and effectiveness of IT on campus. He previously held numerous administrative positions at the University of Florida including Interim CIO, Director of Student PeopleSoft Implementation, the Associate Dean for Academic Affairs Administration and the Associate Dean for Research in the College of Engineering. He is a Professor in the Civil, Construction and Environmental Engineering Department. He received his B.S. from Purdue University and his M.S. and Ph.D. from University of California, Berkeley. Dr. Hoit is the Co-Principal Investigator, along with Chapel Hill and SAS, for the North Carolina Bio-Preparedness Collaborative (NCB-Prepared) Grant from the Department of Homeland Security (DHS) and the development of DIGGS, an international XML schema for transferring transportation information. His structural engineering research involves the computer program, FB-MultiPier, which analyzes bridge pier, superstructure and pile foundations subjected to dynamic loading. Keynote Topic: University Campus: A Microcosm of the Future Dr. Hoit will present how a university campus is a petri dish for innovation, future trends and disruption for IT and how it affects services, purchasing and planning. 9:30 Tom Limoncelli Time Management Guru, Author, Blogger, and System Administrator Tom is an internationally recognized author, speaker, and system administrator. His books include The Practice of System and Network Administration (Addison-Wesley) and Time Management for System Administrators (OReilly). He received the SAGE 2005 Outstanding Achievement Award. He works in NYC and blogs at TomOnTime and EverythingSysadmin.com. Keynote Topic: You Suck At Time Management (but it aint your fault!) So much to do! So little time! Security people are pulled in so many directions it is impressive anything gets done at all. The bad news is that if you work in security then good time management is basically impossible. The good news is that it isnt your fault. Tom will explore many of the causes and will offer solutions based from his book, “Time Management for System Administrators” (Now translated into 5 languages.) 5
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11GOVERNANCE, RISK, & COMPLIANCE10:30 (A) How to Secure Database 11:30 (A) Building a Lasting IT GRCInfrastructure Using Best Practices for Policy ArchitectureRisk Mitigation, Compliance, Audit Sandy Bacikand Assessment Sandy Bacik, author and former CSO,Srini Kolathur, Vinay Bansal, & Jim Tarantinos has over 15 years direct development, implementation, and management Srini Kolathur, CISSP, CISA, CISM, information security experience in the MBA is a result-driven IT project manger areas of Audit Management, Disaster with Cisco Systems. Srini has several Recovery/Business continuity, Incident years of experience in helping companies investigation, Physical security, Privacy, Regulatory effectively comply with regulatory compliance, Standard Operating Policies/Procedures, compliance requirements including and Data Center Operations and Management. With an SoX, PCI, HIPAA, etc. Srini believes additional 15 years in Information Technology Operations.and advocates best practices-based security and complianceprogram to achieve business objectives. Also, Srini Abstract: With industries moving toward a governance andmaintains a free collaborative web portal for managing risk culture, the IT and enterprise policy architecture needsIT best practices and audit plans at Checklist20.com. to be updated to align with the enterprise goals of IT Governance. Some may discover that they have all theAbstract: IT governance and strategy are critical to an pieces spread throughout the current organization, butorganizations success. Key to the risk assessment and audit do not know how to proceed to ensure their IT andplan process is breaking down the IT Universe into smaller security policies and processes fit into their enterprisemore manageable sub-components. Databases play a major governance architecture.role in the increasingly complex global business processesand IT universe. A best practice-based assessment toevaluate risks uses an 80-20 rule. This allows to eliminateall the low-hanging fruit by leveraging expertise fromaround the world and helps organizations quickly achieveits desired business objectives at the optimum cost. Wewill specifically focus on how to leverage database bestpractices for building effective risk assesment approachesand to build audit plans to comply with differentcompliance programs including S-ox, HIPAA, PCI-DSSand EU data privacy.6
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11PROFESSIONAL DEVELOPMENT10:30 (B) Leading By Example / 11:30 (B) Winning in Business and LifeBuilding Effective Teams Garion BunnBeth Wood, North Carolina State Garion Bunn is an award winning North Carolina State Auditor Beth A. speaker and workshop facilitator who is Wood, CPA, is serving her first term as a self-driven, results-oriented cultivator the state’s elected auditor after more than of human potential. His purpose is to a decade of service in training and inspire, educate and empower people research for the office. As Training and organizations around the globe. His Director for the Office of State Auditor, success strategy is to continually seek Beth developed and taught audit courses new ways to add value through seminars and workshopsfor the auditor’s staff, concentrating on the areas of Single that are leadership centric. Garion is an empathicAudit, internal control and sampling. She also coordinated communicator and listener.the State Auditor’s Quality Control Review and provided Garion believes that effective leadership skills are theresearch of audit and reporting issues for the audit staff. most powerful tools in the current day workplace and She began working with state government in 1993 with marketplace. Leadership excellence is the fast track upthe Local Government Commission (a division of the Office the corporate ladder. Garion helps professionals whoof the State Treasurer). In that position, she reviewed and want the zest, energy and power to deliver with passionapproved audits of local governments prepared by private and purposeCPA firms. Prior to her work with state government, Beth Abstract: Are you ready for the competition? This keynoteworked as a cost accountant for Ray-O-Vac Corporation for focuses on stirring your enthusiasm and sense of purposethree years. She also supervised audits of local governments in daily life. An excited, focused individual is ready to takeand not-for-profit organizations for McGladrey and Pullen on the challenges and triumph in todays fast paced market.CPAs, a national CPA firm. Beth left the Office of the State Develop knowledge and skills that will significantly increaseAuditor in 2007 as she began her campaign to become the your personal effectiveness and ability to successfullyfirst woman elected to the post. While seeking office, she interact and lead others. This session covers many diversealso taught a variety of courses for the American Institute and critically important business, interpersonal, andof Certified Public Accountants (AICPA) and worked in the leadership topics.institute’s Professional Ethics Division investigating allegedsubstandard audits around the country.Abstract: Moving from a purely technical role to manage-ment is very challenging for most IT people. Most people donot like giving up the hands-on technical work and they alsotend to be more independent. This discussion will deal withparticular challenges faced when moving into a managerialrole and will answer questions such as: How can leaderslearn to assess the strengths of their team members and usethem to get the team working as one unit rather than abunch of lone rangers? How can they deal with jealousyand backstabbing from those not promoted? How can theyanticipate senior managements and the organizationsneeds and ensure the team is truly fulfilling the mission? 7
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11DATA AND ENDPOINT SECURITY10:30 (C) Authentication of Personal 11:30 (C) Corporate Espionage forMobile Devices as Part of an Overall Dummies: The Hidden Threat ofEnterprise Authentication Strategy Embedded Web ServersRon Stamboly, SafeNet; Co-author Maureen Kolb Michael SuttonMr. Stamboly joined SafeNet in 1996 as a Senior Sales Michael Sutton has spent more than aEngineer responsible for technical presales and sales support decade in the security industry conductingfor the entire sales cycle, from evaluation to installation. leading-edge research, building teams ofMr. Stambolys area of expertise includes hardware and world-class researchers, and educatingsoftware products covering authorization, access control, others on a variety of security topics.audit, and encryption. Currently, Mr. Stamboly focuses on As Vice President of Security Research,supporting the sales of SafeNets Information Lifecycle Michael heads Zscaler Labs, the research and developmentProtection and Cloud computing environments, most arm of the company. Zscaler Labs is responsible forspecifically driving SafeNets market share in cloud computing researching emerging topics in web security and developingsecurity and virtualized environments-securing and controlling innovative security controls, which leverage the Zscaleraccess to cloud applications, along with encrypting virtual in-the-cloud model. The team is comprised of researchersvolume and instances. Mr. Stamboly has over 17 years of with a wealth of experience in the security industry. Prior toexperience in the data protection, telecommunications and joining Zscaler, Michael was the Security Evangelist for SPInetworking equipment industries. Additionally, Mr. Stamboly Dynamics where, as an industry expert, he was responsiblehas extensive experience with networking hardware along for researching, publishing, and presenting on various securitywith TCP/IP. Mr. Stamboly graduated summa cum laude with a issues. In 2007, SPI Dynamics was acquired by Hewlett-Bachelors Degree in Telecommunication from The State Packard. Previously, Michael was a Research Director atUniversity of New York Institute of Technology and also iDefense where he led iDefense Labs, a team responsiblegraduated summa cum laude with a Masters Degree from for discovering and researching security vulnerabilities in aPace University in Telecommunications. variety of technologies. iDefense was acquired by VeriSign in 2005. Michael is a frequent speaker at major informationAbstract: IT departments are facing challenges from many security conferences; he is regularly quoted by the media onusers wanting to use their mobile device to access sensitive various information security topics, has authored numerouscorporate information. Clearly, the risk posed by these articles, and is the co-author of Fuzzing: Brute Forcescenarios is great. The key issue confronting security staff is Vulnerability Discovery, an Addison-Wesley publication.management: ensuring only trusted devices can accesscorporate resources, contending with lost devices, managing Abstract: Today, everything from television sets to photo-security policies, and enabling and monitoring access. Finally, copiers have an IP address and an embedded web serverIT organizations need to establish visibility and control over (EWS) for device administration. While embedded webwhat assets can be accessed by and saved onto those servers are now as common as digital displays in hardwaredevices. This presentation will discuss implementing unified devices, sadly, security is not. Leveraging the power of cloudauthentication schemes, security policies and credentials for based services, Zscaler spent several months scanning largeemployee-owned end point devices, helping organizations portions of the Internet to understand the scope of this threat.to enable their workforce while reducing IT management and Our findings will make any business owner think twice beforeadministration resources, as well as show how organizations purchasing a ‘wifi enabled’ device. Well share the results ofcan centrally and consistently manage all authentication our findings, reveal specific vulnerabilities in a multitude ofrequirements for local networks, VPNs, SaaS applications, appliances and discuss how embedded web servers willand virtualized environments. represent a target rich environment for years to come.
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11PHYSICAL SECURITY10:30 (D) Introduction to Lockpicking 11:30 (D) High Security LocksJon Welborn Jon Welborn Jon Welborn is a penetration tester and a Abstract: Great locks are not difficult to come by. This talk co-founder of the FALE Association of will discuss various components of a quality lock as well as Locksport Enthusiasts. FALE came several manufacturers of high-caliber locks. We will discuss together around a shared general specific makes and models of locks that may be beneficial curiosity and persuasion of the public’s in your environments. If nothing else, this talk will open the “right to know”. FALE meets regularly door to the idea that you shouldn’t have to lean on your in the Winston-Salem, NC area and local hardware store to meet your physical security needs.hosts lockpicking villages at various security conferencesaround the country. http://lockfale.comAbstract: Youve locks on your network closet and securedocument bin. Great. What if I can open them in 30seconds or less? Learn the basics about how a lock worksand how to compromise commonly used locks. Thisinformation isn’t complicated in the least, but in this talkwe set out to remove the often practiced “security byobscurity” approach to physical security. 9
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11DIAMOND SPONSOR SESSION (Keynote Hall)10:30 ORACLE PRESENTATION Mark your calendars for the Eighth Annual Triangle InfoSeCon to be held on Thursday, October 18 2012 at the McKimmon Center. Keynote speakers: Chris Nickerson - Lead Security Consultant for Lares Consulting and Stan Waddell - Executive Director and Information Security Officer, University of North Carolina (UNC) Information Technology Services (ITS)
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11DIAMOND SPONSOR SESSION (Keynote Hall)11:30 HP / FORTIFYReinventing Dynamic Testing:Real-Time HybridHans Enders, HP Fortify Hans Enders is a Sr. Solutions Architect for HP Fortify. In his current role, Hans is responsible for demonstrating web application security software and providing solutions to prospective clients for HP Software’s Application Security Center. He has more than 14 years ofexperience in network administration and security, with themost recent 7 years focusing on web application securitytesting and software support. Hans acquired the CISSP in2004 and most recently completed the CISM certification in2011. Hans is an active member of ISSA, ISACA, OWASP,and a past member of InfraGard of Georgia. Hans hasa Bachelor of Science degree in Industrial & SystemsEngineering from North Carolina State University and is of applications undergoing DAST and SAST analysis.moderately fluent in Spanish. Outside of his professional This presentation will introduce you to the nextcareer, Hans also enjoys participating with CERT (Community generation of hybrid security analysis — what it is, how itEmergency Response Team) and being a Cub Scout leader. works, and the benefits it offers. It will also address (andAbstract: Over the years, two key techniques have emerged as dispel) the claims against hybrid, and leave participants withthe most effective for finding security vulnerabilities in soft- a clear understanding of how the new generation of hybridware: Dynamic Application Security Testing (DAST) and Static will enable organizations to resolve their most criticalApplication Security Testing (SAST). While DAST and SAST software security issues faster and more cost-effectivelyeach possess unique strengths, the "Holy Grail" of security than any other available analysis technology.testing is thought to be "hybrid" -- a technique that combinesand correlates the results from both testing methods,maximizing the advantages of each. Until recently, however,a critical element has been missing from first generation hybridsolutions: information about the inner workings and behavior 11
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11PENETRATION TEST / SNA1:30 (A) Progression of a Hack 2:30 (A) Web Application SocialRyan Linn, Trustwaves SpiderLabs Engineering Vulnerabilities Ryan Linn is a Senior Security Matt Cooley, Symantec Consultant with Trustwave’s SpiderLabs Matt Cooley is an accomplished who has a passion for making security information security practitioner knowledge accessible. In addition to working in IT across multiple industries being a columnist with the Ethical for almost 20 years with over a decade Hacker Network, Ryan has contributed of primary focus on security. At to open source tools including Symantec, Matt has been involvedMetasploit, Dradis and the Browser Exploitation with security assessments in the finan-Framework (BeEF). cial sector, government, commercial business, higherAbstract: So you have a firewall, AV, IDS, patch management education, and major ISPs. His primary area of expertiseand more. Nobody is getting in. Somehow Fake-AV and is in web application and product penetration testing.malware still rear their ugly heads from time to time, but Abstract: In this presentation, we plan to demonstrate webthings feel pretty safe. Others in this same situation are still application vulnerabilities which could be leveraged tomaking the news. This talk will look at how a single foothold attack end-users of applications. In particular, cross-sitecan lead to the opening story on the evening news. We will scripting will be used to attack mobile device users. Sociallook at how a motivated attacker can compromise a patched Engineering Toolkit will be demonstrated to compromiseWindows box, escalate privileges on a domain, and get to the systems of fully-patched and protected users. Commondata. As each demonstration shows the techniques, well talk tricks such as URL obfuscation, URL redirection, andabout mitigation strategies and what steps you can take to domain-name manipulation will be used to successfullyavoid being a headline. coerce victims into performing tasks from which an attacker would benefit.12
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11CLOUD / VIRTUALIZATION SECURITY1:30 (B) Managing Risk, Liability, and 2:30 (B) Crash Course on OpenCompliance in the Cloud Source Cloud ComputingRon Stamboly, SafeNet; Co-author Maureen Kolb Mark Hinkle, Citrix SystemsMr. Stamboly joined SafeNet in 1996 as a Senior Sales Mark Hinkle is the Director of CloudEngineer responsible for technical presales and sales support Computing Community at Citrix Systemsfor the entire sales cycle, from evaluation to installation. Inc. He joined Citrix as a result of theirMr. Stambolys area of expertise includes hardware and July 2011 acquisition of Cloud.com. He issoftware products covering authorization, access control, currently responsible for the success of theaudit, and encryption. Currently, Mr. Stamboly focuses on open source cloud computing platform,supporting the sales of SafeNets Information Lifecycle CloudStack. Previously he was the VP ofProtection and Cloud computing environments, most Community at Zenoss Inc., a producer of the open sourcespecifically driving SafeNets market share in cloud computing application, server, and network management software,security and virtualized environments-securing and controlling where he grew the Zenoss Core project to over 100,000 usersaccess to cloud applications, along with encrypting virtual and 20,000 organizations on all seven continents. He also isvolume and instances. Mr. Stamboly has over 17 years of a longtime open source expert and author having served asexperience in the data protection, telecommunications and Editor-in-Chief for both LinuxWorld Magazine and Enterprisenetworking equipment industries. Additionally, Mr. Stamboly Open Source Magazine. Mr. Hinkle is also the author ofhas extensive experience with networking hardware along the book, Windows to Linux Business Desktop Migrationwith TCP/IP. Mr. Stamboly graduated summa cum laude with (Thomson, 2006). He is a contributor to NetworkWorld’sa Bachelors Degree in Telecommunication from The State Open Source Subnet and his personal blog on open source,University of New York Institute of Technology and also technology, and new media can be found at www.socialized-graduated summa cum laude with a Masters Degree from software.com. You can follow him on twitter @mrhinkle.Pace University in Telecommunications. Abstract: Very few trends in IT have generated as much buzzAbstract: Cloud Computing is unquestionably the future of our as cloud computing. This talk will cut through the hype andIT infrastructure and business workloads. Yet the industry is quickly clarify the ontology for cloud computing. The bulkreaching an impasse as organizations have already completed of the conversation will focus on the open source softwareProof-of-Concepts and architectural planning to the cloud. that can be used to build compute clouds (infrastructure-as-Internal Data Governance and Compliance requirements have a-service) and the complimentary open source managementbecome the barrier to more organizations moving to the cloud, tools(including those for security) that can be combinedand larger organizations converting small test projects to full to automate the management of cloud computingproduction. The mix of confusion over ownership and liability, environments. The discussion will appeal to anyone wholack of transparency from the cloud provider, an almost com- has a good grasp of traditional data center infrastructure butplete absolution of liability in contracts, and lack of clear is struggling with the benefits and migration path to a cloudguidance on required controls have all contributed to this. This computing environment. By understanding the architecturesession will focus on pealing back some of these issues to drive of a cloud compute environment users will be able to applysome clarity and actionability. Cloud is the future, with its ease- their existing security knowledge to the management of aof-use, cost-savings and transparency, but Data Governance and cloud compute environment. Systems administrators and ITcompliance requirements have stopped projects due to confu- generalists will leave the discussion with a general overviewsion on risk/liability. Presentation will focus on driving clear of the options at their disposal to effectively build andareas of trust, ownership, and liability-cover audit and contrac- manage their own cloud computing environments usingtual aspects of working with CSPs -identifying new controls free and open source software. 13needed to move to the cloud and will end with PCI 2.0.
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11STRATEGY & ARCHITECTURE1:30 (C) Information Security 2:30 (C) Anatomy of an AttackDoesnt Just “Happen”! Jonathan Norman, Alert LogicJim Murphy, OMMISS Co-Author Michele Hujber James Murphy, CISSP, ISSMP, GSEC, CISA, Jonathan Norman joined Alert Logic CISM NC DHHS, Office of MMIS Services in 2002 and has held numerous security Jim is the Information Security Architect and operational roles throughout his for OMMISS with 30+ years experience, tenure at Alert Logic. Today, as the predominantly in healthcare IT. He plans Director of Security Research, Jonathan and designs enterprise-wide information manages a team of security researchers security for major development projects, and analysts responsible for monitoringincluding the claims processing system for Medicaid and the evolving security landscape for new and emergingrelated plans, and the State Health Information Network. threats. In addition, under his leadership, the SecurityFor the projects, he documents information security and Research team manages complex security incident responsetechnical architecture requirements and reviews security for customers and develops the advanced correlation rulesthroughout project design and development: regulatory that help Alert Logic solutions better detect and defendcompliance, access control, data and network protection, against security threats. Jonathan hold several industrybusiness continuity, operational security, process certifications such as Certified Ethical Hacker, CISSP,documentation and project audit. Jim has written, taught CCSP, and other GIAC certifications.and spoken on information security management, service Abstract: In 2010 the global cybercrime market increasedcontinuity, security auditing and security certification to an estimated 7.5 Billion dollars. Over the past few years,training to diverse audiences. attack sophistication has increased significantly while usersAbstract: The pressure is on—security breaches now cost struggle to keep up with new attacks. We have long-passedpenalties and lawsuits. Information architectures are the days of bright kids causing mayhem on computerbecoming more complex as they adjust to rapid changes in networks. Todays attackers are fast, well-funded, wellsoftware and hardware. Privacy professionals are clamoring organized and business is booming. This presentationfor eliminating the misuse of protected information. State will take you into the world of cybercrime and give youAttorneys General have been authorized to get in on the an insiders look into how hackers operate and what youact. But, as InfoSec professional understand, security just can do to protect your network.does not happen with the latest policy, technical tool, orextra door lock. Information security managers must take theinitiative to coordinate with all levels of the organizationto insure business objectives drive the definitions andcharacterization of protected data, unit leaders understandthe responsibilities of the hallway work force, and technicalsupport staff understand the limits of device-alone solutions.InfoSec planning requires tactical and strategic components,and in a sense, never stops. InfoSec professionals must beable to communicate the planning with all levels of theorganization in a way that facilitates the collaborative effortsand diminishes the internal barriers. In this presentation,I offer some practical suggestions for getting InfoSecplanning into action.
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11APPLICATIONS & DEVELOPMENT1:30 (D) Enabling the Business 2:30 (D) Making Fat Messageswith Security Metrics Available: Binary XML EncodingSteve McKinney, Cisco Systems Phillip H. Griffin, Griffin Consulting Steve has worked at Cisco Systems for Phillip H. Griffin, CISM brings over 15 the past 3 years after graduating from NC years of experience in the information State with a Masters degree. assurance and security profession. Operating as Griffin Consulting, Phil Abstract: Many security scanners will has served as a trusted security adviser, churn out ‘advice’ on the severity of security architect, and consultant with vulnerabilities in your environment. leading corporations including Visa Forwarding that advice to your manager, International, GTE, and IBM. He has acted as committeewill likely produce a blank stare and a report thats in the chair, editor, head of U.S. delegation, and rapporteur intrash before you can walk out the door. So, how do you go the development of national and international securityfrom a scanners advice to wisdom that drives business standards, and currently serves as an ISSA Educationaldecisions? This talk covers what I have learned from others Advisory Council Member, and on the board of the Raleighand developed as I started implementing security metrics ISSA Chapter. His experience encompasses numerousfor my team within Cisco. We will look specifically at facets of security including authentication technologies,metrics for web applications, but the concepts presented encryption, access control, biometrics, and secureapply to other areas of security. messaging schema. Mr. Griffin has eight patents pending in the area of security, and he has been a speaker at leading security conferences and venues around the world. Abstract: For every XML Schema (XSD) there is an analogous ASN.1 schema that can be used to generate compact, efficient binary message formats, and XML markup instance documents that are equivalent to those based on the initial XML schema. These binary formats are appropriate for use in environments constrained by mobility, limited battery life, storage size, or bandwidth (e.g., wireless communications using hand held devices). Using a binary format for XML messages can make secure protocol messages available in environments where verbose formats prohibit application development. 15
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11DIAMOND SPONSOR SESSION (Keynote Hall)1:30 IMATIONKey Trends in RemovableDevice SecurityDavid Duncan, Business Development Director David Duncan is director of ENCRYPTX Duncan has a Bachelor of Science in international affairs at Imation, a team of research and from the University of Maryland, a Master of Science in development experts focused on advances computer science from Regis University, a Master of Business in data security that protect, encrypt, Administration (MBA) from the University of Colorado, and control, and manage “data at rest.” a degree in Chinese Mandarin Linguistics from the Defense Duncan founded ENCRYPTX, Language Institute, Presidio of Monterey, California. which was acquired by Imation from Abstract: David Duncan, Managing Director of theBeCompliant Corp. in March 2011. ENCRYPTX Security Products Group of Imation Enterprises Prior to founding ENCRYPTX, Duncan was senior vice will present key trends in the field of removable storagepresident of Tactical Marketing Ventures, a marketing device security. The presentation will cover: currentaccelerator company for more than 100 technology startups. risk/data loss trends from the latest industry studies, newHe also served as vice president of sales and marketing for and emerging threats, regulatory requirements affectingRL Polk, a consumer marketing information company that compliance, vendor initiatives to mitigate these risks includ-was sold to Equifax Corporation. ing hardware, software and operating system developments Previously, Duncan served in marketing and engineering that improve removable device security, and an evaluationleadership positions with Storage Technology Corporation, framework for assessing gaps in your organizationMartin Marietta and SRA Corporation. He worked for theNational Security Agency as a cryptologist for a number ofyears and designed and built trusted computer systems forhighly classified government programs. 17
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11LIGHTNING TALKS2:30 (Keynote Hall) The IT Blind Side 2:45 (Keynote Hall) Are you usingDwayne Melançon, Tripwire UDP for reliable transmission?Dwayne Melançon joined Tripwire in 2000 and serves as Shahab Nayyer, Wells FargoVice President of the company’s Log Management business. Author is a Senior IT Audit Lead with Wells Fargo &In previous positions at the company, Dwayne has served Company in Charlotte, North Carolina, USA. He holds dualas vice president of Business Development, Professional master degree in Finance and Industrial Engineering with aServices and Support, Information Systems, and Marketing. specialization in IT. Shahab has more than seven years of Prior to joining Tripwire, Dwayne was Vice President of experience in IT Audit and Security and is a CISA, CIA.Operations for DirectWeb, Inc., where he was responsible Shahab is also the President of the ISACA Charlotte Chapter.for product management, logistics, electronic supplier Abstract: UDP (user datagram Protocol) is a widely usedintegration, customer support, information systems, protocol networking and data transmission. It is used in realinfrastructure development, and other business operations. time applications, DNS request reply messages, IP telepho-Before DirectWeb, he ran Pan-European Support for ny, SNMP, Multimedia streaming etc. Due to its nature ofSymantec Corporation, managed callcenter operations being a connectionless protocol its considered very efficientfor several of Symantec’s leading product lines, and for short messaging with low bandwidth usage. So these arespearheaded the development of productivity tools and all the good things with UDP, but UDP also is an unreliableprocesses. In other positions,Dwayne was responsible for protocol which does not guarantee data transfer. With thatSymantec’s global Web presence, program management in mind, do we know where all we are using UDP? Are wefor the company’s encryption products, and functional using UDP where a reliable transmission is needed? Haveintegration for mergers and acquisitions. Prior to joining we evaluated the risk of data loss and can we live with it?Symantec, Dwayne spent eight years at Fifth GenerationSystems, Inc. where he created an award-winning globalsupport organization, was a software developer, and 3:00 (Keynote Hall) Finding Flagsdirected the company’s software and hardware Quality During a Lightning StormAssurance teams. Dwayne is certified on both IT management and audit Steve McKinney, Ciscoprocesses, holding both ITIL and CISA certifications. Steve McKinney has been with Cisco forPrior Speaking Experience: three years after completing his Masters• eFinance World Conference degree at NC State. He was the primary• Frequent speaker at national and regional itSMF, developer for the Capture the Flag contest ISACA, ISSA, and IIA events at the conference this year. Abstract: This presentation will be an overview of the Capture the Flag contest held at the conference. If you tried the contest and didnt complete it or wanted to but didnt have time, drop by, this session is for you.18
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11KEYNOTE SPEAKER 3:30 Lenny Zeltser Security Practice Director, Savvis; Senior Faculty Member, SANS Institute Lenny Zeltser leads the security consulting practice at Savvis, where he focuses on designing and operating security programs for cloud-based IT infrastructure. Lenny’s other area of specialization is malicious software; he teaches how to analyze and combat malware for the SANS Institute. He is also a member of the board of directors for the SANS Technology Institute and an incident handler at the Internet Storm Center. Lenny frequently speaks on information security and related business topics at conferences and private events, writes articles, and has co-authored several books. Lenny is one of the few individuals in the world who have earned the highly- regarded GIAC Security Expert (GSE) designation. He also holds the CISSP certification. Lenny has an MBA degree from MIT Sloan and a computer science degree from the University of Pennsylvania. Lenny writes at blog.zeltser.com and twitter.com/lennyzeltser. More details about his projects are available at http://www.zeltser.com. Lenny says that some of his “books are gradually becoming outdated” but that all of them are listed here. Lenny notes that the “most recent and current volume is CyberForensics. Its a good text.” Keynote Topic: Knock, Knock! How Attackers Use Social Engineering to Bypass Your Defenses Why bother breaking down the door if you can simply ask the person inside to let you in? Social engineering works, both during penetration testing and as part of real-world attacks. This talk explores how attackers are using social engineering to compromise defenses. It presents specific and concrete examples of how social engineering techniques succeeded at bypassing corporate security defenses. Lenny Zeltser will review how attackers have bypassed technological controls by making use of social engineering techniques such as: Starting attacks in the physical world, rather than the virtual Internet: We have spent most of our lives in the physical world, whose norms we know well. As a result, we tend to trust messages that come to us in the physical world more than those in the "virtual" world of the Internet. The talk presents several examples of such scenarios. Targeting attacks through the use of spear phishing and social networks: The talk will explore how attackers may profile victims to include the person or company- specific social engineering elements in an intrusion campaign.20
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11 CONFERENCE COMMITTEE This Conference is only made possible by the incredible efforts of the committee. On behalf of the chapter, sponsors, speakers, and attendees, thank you!President: Brad Hoelscher David ParkerVice President: Robert Martin Michael Rains Nancy SchiponConference Director: Liyun Yu Andrew SenkoConference Program Director: Mark Whitteker Daniel WhiteConference Deputy Director: Ramsey Hajj Lorie WilsherTreasurer: Mark Fontes Rich WoyniczCommunication: Peter Hewitt Applications & Development:Operations Director: Robert Pitney Aby Rao, Chair Lisa LorenzinSponsor Development: Robert MartinWebsite Developer: Phillip Griffin Cloud & Virtualization: Nathan Kim, ChairProduction Support: Steve Toy Eric OlsonConference Support: Chip Futrel Data & Endpoint: Andre Henry, ChairProgram Designer: Rachel Schaub Governance, Risk & Compliance:Sponsor Development Team: Keith Mattox, ChairFrank Chavarria Janet DagysSarah Miller Pen Testing / System & Network Auditing:Operations/AV Team: Artem Kazantsev, ChairDave BalintRob Breault Physical Security: Glenn Morgan, ChairRobert Brown Professional Development:Matt Bryson Holli Harrison, ChairFrank Chavarria Valdez LaddMarie Cross Strategy & Architecture: Jim Murphy, ChairRandall HompeschEric Hoth Capture the Flag: Steve McKinney, ChairWenjian Huany Lockpick Village:Charles Hudock Jennifer Jabbusch, ChairValdez Ladd Jon WelbornSteve McGehee Lightning Talks: Dyana Pearson, ChairGlann Morgan22
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11NOTES:
TRIANGLE INFOSECON • OCTOBER 20 , 2 0 11SPONSORSThe Raleigh ISSA Chapter thanks all of ourconference sponsors for their support:Diamond Sponsors:Imation, HP / Fortify Software, OracleGold Sponsors:Alert Logic, Carolina Advanced Digital, Inc.,Fishnet Security / Sourcefire,Global Knowledge, TripwireSilver Sponsors:Accuvant / Palo Alto, Cisco, Meru Networks,Qualys, SAS, Tenable Security, Trustwave, VaronisParticipating Professional OrganizationsASIS, Cyber Patriot, InfraGard, ISAAC,ISACA, ISSA Raleigh Chapter, NCMS,NCSU/CTU, ThinkPink ZTABreakfast, Lunch, and Break Sponsor:Barbeque LodgeTote Sponsor:Lord Corp.