Skip to Main Content

Cyber Security Symposium 2013 - Securing California

Please select the optional registration items below for the
Education Breakout Sessions
depending on your area of interest, &/or job function. 

 >>> Choose one session for each block of time <<<

Choose from the following tracks: 

Track 1: CA ISO's Office (sessions 1, 8, 15, 22, 29) 
Track 2: Privacy (sessions 2, 9, 16, 23) 
Track 3: Security Training & Development (sessions 3, 10, 17, 24, 31) 
 Track 4: Identity Management & Security Architecture (sessions 4, 11, 18, 25, 32) 
 Track 5: Protecting Against the Cyber Threat (sessions 5, 12, 19, 26, 33) 
Track 6: Tools & Techniques for a More Secure Environment (sessions 6, 13, 20, 27, 34) 
Track 7: Security Leadership & Strategies (sessions 7, 14, 21, 28, 35)

Agenda

  • Wednesday, October 9, 2013
  •  
    12:30 PM  -  5:00 PM
    Cyber Security Solution Center - 3rd Floor Lobby
    Visit the Cyber Security Solution Center on the 3rd Floor to see the latest in Security Technology and talk with many industry leaders!
    12:30 PM  -  1:00 PM
    Registration and Check In - 3rd Floor  (Easy Lobby)
    1:00 PM  -  1:30 PM
    Introduction and Opening Remarks - Ballroom, 3rd Floor  (Ballroom)
    Introduction of the 12th Annual Cyber Security Symposium

    by Carlos Ramos, Director & Chief Information Officer, CA Dept of Technology
    Michele Robinson, Chief Information Security Officer, CA Dept of Technology, Office of Information Security
    Joanne McNabb, Director of Privacy Education and Policy, Office of the Attorney General, California Department of Justice
    1:30 PM  -  2:15 PM
    Keynote - Threat & Response: Combating Advanced Attacks & Cyber-Espionage - presented by FireEye  (Ballroom)
    Speaker: Dave DeWalt, Chairman of the Board and CEO, Presented by FireEye

    Threat and Response: Combating Advanced Attacks and Cyber-Espionage


    With 94% of countries containing malware communication servers, cyber attacks are a serious threat facing organizations today. DeWalt's talk will cover how well-funded criminals and nation-states are targeting government and industry with sophisticated malware to steal, compromise and even destroy information with increasing frequency. DeWalt will then explore how the United States and individual organizations can better protect themselves and shift the paradigm from reactive to proactive cyber defense.
    2:30 PM  -  3:30 PM
    Education Session 1: NIST Training (National Institute of Standards and Technology)  (Room 309)
    Speaker: Kelly L. Dempsey, Senior Information Security Specialist with National Institute of Standards and Technology, Information Technology Laboratory/Computer Security Division

     Optional 
    2:30 PM  -  3:30 PM
    Education Session 2: Managing Privacy Risks with PIAs  (Room 302/303)
    Speakers:
    Debbie Castanon,
    Chief Privacy Officer, CA Dept of Motor Vehicles
    Mary Morshed
    , Security Manager, CalPERS

    New technologies and business practices based on the use of data create privacy risks for organizations and for the individuals whose data they collect and retain. In this session, you will receive an overview of how companies are using the privacy impact assessment (PIA) process to manage privacy risks. You will also learn how a PIA can help you uncover privacy risks in proposed IT projects and business process changes and determine ways to eliminate or mitigate them, while meeting project objectives.
     Optional 
    2:30 PM  -  3:30 PM
    Education Session 3: Next Generation Firewalls  (Room 310)
    Speakers:
    Jamie Butler
    , Technology Executive Director, College of Engineering, UC Davis
    Chris Clements
    , Network Operations Manager, Communications Resources, Information and Educational Technology, UC Davis

    Today’s network based threats are more sophisticated than ever. Universities must adapt to these threats with a new unified approach to network security. UC Davis College of Engineering and IET Communications Resources are partnering to explore opportunities for Next Generation Firewalls and comprehensive user focused network security. This session will review the current and long-term plans for this project.
     Optional 
    2:30 PM  -  3:30 PM
    Education Session 4: Document Security: How to keep control after you press Send!  (Room 301)
    Speaker: Tim Choi, VP, Product Management and Marketing, WatchDox

    Government organizations face strict requirements to secure and control sensitive information. However, this information often must be shared both internally and externally (with other agencies, Federal entities, private sector, individuals, etc.). Analysts report that users are turning to unsanctioned file sync and share solutions leading to an increase in the risk of data loss. The challenge is how to secure this information while enabling seamless, efficient sharing.

    In this session participants will learn about:
    • The needs for information sharing in government agencies, especially when cloud based solutions cannot or should not be used
    • The issues that must be addressed to enable secure information sharing
    • The special challenge that mobility introduces for file protection as users expect to have access to information anywhere, on any device
    • Strategies for ensuring files/documents are protected for misuse and unauthorized sharing
     Optional 
    2:30 PM  -  3:30 PM
    Education Session 5: How to protect your websites and web applications from today’s attacks  (Room 311)
    Speaker:  Preston Hogue, Security Product Manager, F5

    Security of Web applications has become increasingly important over the last decade. Web applications are now ubiquitous, spanning all verticals including public sector, healthcare, financial and commercial sectors. More and more Web-based applications deal with sensitive personal, financial and medical data, which, if compromised, in addition to downtime can mean millions of dollars in damages. Additionally websites without sensitive data are being attacked to deface or load malware. Yet, to date, more attention has been given to network-level attacks, even though about 75% of all attacks target layer 7 web-based applications. Traditional defense strategies, such as firewalls, struggle to protect against web application attacks. Join us for an educational session on how a web application firewall can help you protect your sites and web applications from vulnerabilities, bots, and zero day attacks as well as the negative publicity that comes with data loss.
     Optional 
    2:30 PM  -  3:30 PM
    Education Session 6: Preparing for the "Cyber Pearl Harbor"  (Room 304/305)
    Speaker: Wade Williamson, Senior Security Analyst, Palo Alto Networks

    Preparing for the "Cyber Pearl Harbor" - How to safely enable business applications in the face of modern threat.
    From the presidential State of the Union address to speeches from the secretary of defense cyber security and its threats are mainstream realities. At the center of that reality are highly evasive networked applications called malware, enabling attackers to gain a foothold in an enterprise which they can use to dig deeper into the network, control their attack, and steal information over a period of weeks, months, or even years. Organizations can gain an advantage by safely enabling business applications, identifying all known threats, and systematically managing unknowns. Join us to better understand and break the lifecycle of the modern threat.
     Optional 
    2:30 PM  -  3:30 PM
    Education Session 7: The Art of Quantifying Information Security Risks for Executive Consumption  (Room 312)
    Speaker:  Dale Jablonsky, Vice President – Executive IT Strategist, Performance Technology Partners

    Executives hesitate to fund Information Security improvement projects unless an embarrassing breach has occurred and made public. This session will show you a remarkably simple way to illustrate Organizational Risks that are due to Security holes in your IT environment and how Executives can measure real progress as your security projects gradually improve your risk posture.
     Optional 
    3:30 PM  -  4:00 PM
    Closing Remarks & Awards Ceremony - Ballroom 3rd Floor  (Ballroom)
    4:00 PM  -  5:00 PM
    Meet and Greet Reception - Solution Center 3rd Floor  (East Lobby)
    Join us for a reception following the Awards Ceremony and Closing Remarks from Day One.
  • Thursday, October 10, 2013
  •  
    8:00 AM  -  8:30 AM
    Day Two Registration and Check In - 3rd Floor  (East Lobby)
    8:00 AM  -  4:30 PM
    Cyber Security Solution Center - 3rd Floor Lobby
    Visit the Cyber Security Solution Center on the 3rd Floor to see the latest in Security Technology and talk with many industry leaders!
    8:30 AM  -  9:00 AM
    Day Two, Introduction and Opening Remarks - Ballroom, 3rd Floor  (Ballroom)
    12th Annual Cyber Security Symposium
    by Michele Robinson, Chief Information Security Officer, CA Dept of Technology, Office of Information Security
    Joanne McNabb, Director of Privacy Education and Policy, Office of the Attorney General, California Department of Justice
    9:00 AM  -  9:45 AM
    Opening Keynote Presentation - Never Fly Solo!!  (Ballroom)
    Speaker: Lt. Col. Rob "Waldo" Waldman, The Wingman

    Lead with Courage, Build Trusting Partnerships, and Reach New Heights in Business Flying solo? You might think so. But take a good look around. You have support staff and managers. You have suppliers, vendors, and distributors. And you have colleagues, family members and significant others. Today in our super charged, highly competitive world of rapid and constant change, those who build trust and work as a team will dodge the missiles and win. By committing yourself to excellence and placing your trust in those around you, you can overcome obstacles, adapt to change, and break performance barriers during adverse times. By placing your trust in your wingmen and by being a wingman to your customers and team, there is no mission you can't complete!

    Lt. Col. Rob "Waldo" Waldman, The Wingman, overcame a lifelong battle with claustrophobia and a fear of heights to become a combat decorated Air Force fighter pilot and highly successful businessman, entrepreneur, and New York Times bestselling author. His motto is Winners Never Fly Solo! Through his captivating personal stories and high energy videos, learn how you, like a fighter pilot, can succeed in highly competitive and demanding environments.

    Discover how to prepare diligently for every mission; employ loyal wingmen to promote integrity and mutual support; and lead your team with courage, compassion and conviction. Be inspired to take to the skies knowing that you have wingmen to help you face challenges and change with confidence while maximizing your potential in all aspects of your life.
    10:00 AM  -  10:45 AM
    Education Session 8: Back-To-Basics: A Roadmap to SAM, FIPS, and NIST  (Room 309)
    Speaker: Marianne Chick, Enterprise Risk Management and Privacy Program Manager, California Department of Technology, California Information Security Office

    Join us as we discuss what they are and the requirements within each, and walk away with a roadmap of how to logically follow them to ensure Information Security.
     Optional 
    10:00 AM  -  10:45 AM
    Education Session 9: Finding Sensitive Data  (Room 312)
    Speaker Panel:
    Tye Stallard, IT Security Manager, UC Davis
    Sophon Im, Security Administrator, UC Davis
    Russell Jones, Partner, Deloitte & Touche
    Monte Ratzlaff, Security Manager at UC Davis Health System

    One of the challenges faced by privacy and information security officers is finding the sensitive personal information they are charged with protecting. Such information resides not only on servers in the data center, but may also lurk on employee PCs and laptops or even hide in metadata on mobile devices. In this session, you will learn about tools and strategies for locating sensitive data. You will also hear about what metadata can reveal and how to control it in your mobile implementations.
     Optional  Closed 
    10:00 AM  -  10:45 AM
    Education Session 10: Designing an Effective User-Based Security Program  (Room 310)
    Speakers:
    Kevin Mazzone,
    Security Programmer, Information and Communication Services, UC Davis Health System
    Sean Cordero, President, Cloud Watchmen, Inc.

    Facebook, Twitter, Instagram - what do they have in common? They all are social networks that revolve around communication and relationships. An effective security and compliance program is required to do the same. This session covers the roles, the communications, and the relationships needed in order to build and maintain an effective security and compliance program.
     Optional 
    10:00 AM  -  10:45 AM
    Education Session 11: Cybersecurity Strategy and Framework in Today’s State Government World  (Rom 304/305)
    Speaker: Gary Osland, Business Development Manger at Cisco Systems Inc.

    Given the vast scope of Cybersecurity, and the current threat landscape, developing a comprehensive framework for government IT enterprises is extremely complex. To help simplify this effort, Cisco has built a framework based on Visibility, Intelligence, and Control of the network. This framework includes an integrated approach addressing four important areas of Cybersecurity: Secure Identity and Mobility, Cyber Threat Defense, Malware Detection and Defense, and Cloud/Data Center Security. This approach will ensure information assurance and compliance with Federal and State guidelines and regulations. It also supports cost-saving and mission enhancing initiatives, such as cloud computing, telework, and citizen self-service.
     Optional  Closed 
    10:00 AM  -  10:45 AM
    Education Session 12: Designing a Cyber Attack Plan  (Room 311)
    Speaker: Jeff Schilling, Director for the Incident Response Practice, Dell SecureWorks

    Aside from death, loss and taxes, businesses have one more inevitable situation to worry about: a computer incident. And when it strikes, you’d better be prepared. If you’ve ever wondered what you would do if your computer network were attacked or your entire website went down, and didn’t know, you probably don’t have an effective tried-and-true Computer Incident Response Plan (CIRP). Having a CIRP in place to help organizations stop the incident and repair the damages as quickly as possible could mean the difference between losing hundreds of dollars and tens of thousands of dollars. And conducting forensics after the incident could let you know who the hacker was and how to prevent future attacks. In this session, attendees will learn: 1) How to prepare an Incident Response Plan tailored to their organization 2) Which people in the organization need to be involved in the planning and become a member of the Community Emergency Response Team 3) What constitutes an “incident”? 4) How to decide what systems are most critical to get back online first 5) What the best ways are to stop an incident before it spreads 6) How to conduct a tabletop exercise to test the organization’s ability to respond to an incident.
     Optional  Closed 
    10:00 AM  -  10:45 AM
    Education Session 13: Security Imperatives in Your BC/DR Strategy  (Room 301)
    Speakers:
    Chad Hodges will lead an interactive panel discussion
    Chad Hodges, Enterprise Networking Solutions, Inc. (ENS, Inc).
    Scott MacDonald, Agency Information Security Officer, CA Dept. of Corrections and Rehabilitation
    Gary Coverdale, CISO, County of Napa

    It is imperative that your IT security policies be a critical part of any Business Continuity/Disaster Recovery (BC/DR) plan; even heightened security may be called for in a disaster event. In this interactive panel discussion, we will explore the development of your BC/DR strategies and the security integration pieces. Issues to be addressed include:

    • Should your BC/DR plan involve a cloud solution?
    • Critical establishment of Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO)
    • Classifying data for protection levels
    • Multi-tenancy concerns
    • Effective testing and restore
    • Documentation and procedures
     Optional 
    10:00 AM  -  10:45 AM
    Education Session 14: New Infrastructure Security: Assessing Vulnerability, Strategy, and Cost  (Room 302/303)
    Speaker: Andy Sulak, Solutions Specialist, Entisys Solutions, Inc.

    The pervasive use of virtualization, the consumerization of IT, and the adoption of Cloud solutions to support IT service delivery are drivers of “new infrastructure” innovation that require public sector technology managers to better identify and mitigate associated security risks. By leveraging a holistic approach to vulnerability, strategy and cost, IT managers can formulate sound plans and operative decisions relative to security and its management. This session will explore these considerations for new infrastructure, workforce mobility, and end-point application security. The goal is to encourage a deliberate, cohesive approach to this important subject. Though specific product examples and case studies may be discussed, this session will explore these issues from an objective, manufacturer agnostic perspective.
     Optional 
    11:00 AM  -  11:45 AM
    Education Session 15: True or False? Can you recover your Department’s technology?  (Room 309)
    Speaker: TBD, California Department of Technology, California Information Security Office

    A simple quiz will reveal how your Department will stack-up when a disaster strikes. Questions to known threats and gaps will be asked – all responses are anonymous. Discover what may be missing from your department’s Technology Recovery Plan and Program.
     Optional 
    11:00 AM  -  11:45 AM
    Education Session 16: Once More Into the Breach: Lessons Learned  (Room 302/303)
    Speakers:
    Joanne McNabb, Director of Privacy Education and Policy, Office of the Attorney General
    Michele Robinson, Chief Information Security Officer, California Information Security Office

    Ten years and 46 states after California’s landmark law on data breach notification, breaches continue to make news on a daily basis. The Attorney General’s Privacy Enforcement and Protection Unit and the California Information Security Office both review and analyze the breaches reported to them. In this session, you will learn about trends and lessons learned from data breaches affecting Californians in the past year. You will also get a preview of legislative and policy approaches to address some of the vulnerabilities revealed in breach analysis.
     Optional  Closed 
    11:00 AM  -  11:45 AM
    Education Session 17: Turning Back the Hordes  (Room 310)
    Speaker: Vincent Stoffer, Cyber Security Engineer, Lawrence Berkeley National Lab

    Bad guys are increasing their agility by using techniques of rapidly changing IPs, domain names and name servers. We see more and more malware using domain generated algorithms as well as the registration of thousands of unique domains for command and control, phishing and spam. In this talk we discuss our implementation of Bind response policy zones (RPZ) as well as some other DNS protections and how they have helped Berkeley Lab get a handle on modern malware.
     Optional 
    11:00 AM  -  11:45 AM
    Education Session 18: Breach Mitigation through Continuous Auditing/IAM  (Room 312)
    Speaker: Chris Novak, Global Director, Verizon Investigative Response Unit, Verizon

    The first recommended step in nearly every organizational risk assessment is to identify all assets under your control that might contribute to unacceptable risk. For cyber risk, it is natural to only include cyber-centric items such as computers, routers, printers, firewalls, filesystems, and information being stored and processed. Unfortunately, two important assets are often overlooked: the people using those systems, and the data that the machines and the people create about themselves. In this talk, we will discuss how organizations can leverage the many tools available for continuous monitoring of event logs, network flows, employee actions, and other observable occurrences in order to build a better picture of the overall health and/or security of an organization.
     Optional  Closed 
    11:00 AM  -  11:45 AM
    Education Session 19: Techniques and Tactics of the Cyber Adversary  (Room 304/305)
    Speaker: Tony Cole, FireEye

    Techniques and Tactics of the Cyber Adversary – What are the tools and techniques being used to infiltrate your network

    Today's cyber-attacks have changed radically from just a few years ago. Broad, scattershot attacks designed for mischief have been replaced with attacks that are advanced, targeted, stealthy, and persistent. The next generation of attacks are focused on acquiring something valuable—sensitive personal information, intelligence on critical government infrastructure, authentication credentials —and each attack is often conducted across multiple threat vectors, web and email, and across multiple stages, with premeditated steps to get in, to signal back out of the compromised network, and to get valuables out. How are these tools designed, who is designing them and how do you make sure you have the proper defenses in place to protect yourself from the adversaries.
     Optional  Closed 
    11:00 AM  -  11:45 AM
    Education Session 20: Non-standard use cases for SIEM technology  (Room 301)
    Speaker: Lewis Carr, HP

    Traditionally, SIEM technology has focused on information security--perimeter security, user monitoring, internal threats, threat intelligence, and so forth. Hear business-enablement use cases outside the realm of information security. Topics include assisting HR with corporate policy monitoring and enforcement, monitoring internal Chinese firewalls, finding fraud within call centers, detecting pharmaceutical waste and theft, monitoring for inappropriate access to corporate and patient records, and teaming with physical security staff to provide a higher level of corporate security.
     Optional 
    11:00 AM  -  11:45 AM
    Education Session 21: Security Leadership  (Room 311)
    Speaker: Mark Seward, Senior Director of Security and Compliance Solutions, Splunk Inc

    Security Leadership: Decision-makers that will prevent and respond to Future Cyber Attacks

    Do you know what IT security threats are trying to get into your organization, or even worse, are already inside? Do you need to speed up security investigations from days to seconds? Today's security teams are being strained to the limit, doing more with less while defending against threats that are more numerous, advanced, and difficult to detect. Empower your security team with solutions that provide better insight and visibility into your organization’s machine data to identify threats, investigate security violations, and discover outliers before systems are compromised. A comprehensive Security program will ensure all relevant data is available for investigations and threat detection, resources are appropriately allocated, as well as improve departmental collaboration and limit exposure. Compliance frameworks are also a critical component of any Security program.
     Optional 
    12:00 PM  -  1:15 PM
    Keynote Presentation - Next-generation security- Presented by Palo Alto Networks (NO lunch provided)  (Ballroom)
    You may attend the Keynote presentation, but a Lunch will not be provided for you.

    Next-generation security: eliminating today’s silos to minimize cyber risks
    Speaker: Lee Klarich, Senior Vice President, Product Management, Palo Alto Networks

    Today’s reality for many security teams is a plethora of security tools bolted on to their network infrastructure over the years to address new threats and a constantly evolving application landscape. The resulting silos have made your network security ineffective and costly. Join us to learn how a new approach to network security can put the power back in the hands of your teams, and break the current cycle of cyberthreats.
     Optional 
    12:00 PM  -  1:15 PM
    Keynote Presentation - Next Generation Security by Palo Alto Networks (Lunch Available for purchase)  (Ballroom)
    Lunch is available for $10.00. Ticket must be purchased in advance. You will receive your lunch ticket at the Check In Registration Table, with your event badge.

    Next-generation security: eliminating today’s silos to minimize cyber risks
    Speaker: Lee Klarich, Senior Vice President, Product Management, Palo Alto Networks

    Today’s reality for many security teams is a plethora of security tools bolted on to their network infrastructure over the years to address new threats and a constantly evolving application landscape. The resulting silos have made your network security ineffective and costly. Join us to learn how a new approach to network security can put the power back in the hands of your teams, and break the current cycle of cyberthreats.
    Fee  Optional 
    1:30 PM  -  2:15 PM
    Education Session 22: Policy and the Road to Compliance: Learn How to Avoid a Collision  (Room 309)
    Speakers:
    Patrick McGuire,
    Special Advisor, California Department of Technology, California Information Security Office
    Katrina Yang-Fuentes, Information Security Analyst, California Department of Technology, California Information Security Office

    Join us as we discuss what the latest updates to State Administrative Manual Chapter 5300 means to state agencies, the new process of acknowledging compliance reporting, and learn what you can do now to prepare your agency.
     Optional  Closed 
    1:30 PM  -  2:15 PM
    Education Session 23: You Gotta Have a Policy: Step One for Privacy Coordinators  (Room 312)
    Speakers:
    Joanne McNabb, Director of Privacy Education and Policy, Office of the Attorney General
    Debbie Castanon, Chief Privacy Officer, DMV

    State law, and more recently SAM, require state agencies to post privacy policies on their web sites and in their offices, and put privacy notices on data collection forms. In addition to meeting compliance goals, drafting such policies and notices provides an excellent opportunity for a privacy coordinator to uncover (and in some cases change) implicit privacy practices, educate key players in the agency on current policies, and improve transparency to the public. In this session you will receive tools and tips on using them to update your agency’s privacy policies and notices as required in SAM 5310 and SIMM 5310-A.
     Optional  Closed 
    1:30 PM  -  2:15 PM
    Education Session 24: IT Evaluation Process  (Room 310)
    Speaker: Monte Ratzlaff, Security Manager, UC Davis Health System

    How do you know whether the newly purchased budget software keeps sensitive data secure? Evaluating the security of new technologies is imperative to understanding and mitigating risks to data and the university. This presentation focuses on information security issues related with new technologies and strategies to mitigate those risks.
     Optional 
    1:30 PM  -  2:15 PM
    Education Session 25: Bring Your Own Identity (BYOI)  (Room 302/303)
    Speaker: Matt Ulery, Director of Product Management, NetIQ

    Bring Your Own Identity (BYOI) - strategies for organizations and their impact

    BYOI is the enabling of employees, customers, and constituents to use their own defined identities to access organizational resources and or entitlements. This trend is being embraced and extended to use individual social media identities. Organizations that embrace BYOI save on identity management costs as well as enable better directed marketing and communications. As all new trends, the question must come up 'Does BYOI come with hidden costs or exposures?'. This session will discuss the items you need to consider in order to move forward, including: 1) - Benefits of BYOI and why 2) - Potential downsides of blending organizational and personal identities? Ie: What is the potential privacy impact of using BYOI 3) - Issues that may arise with the use of non-organizational / personal identities while accessing information and entitlements? 4) - What can happen if a social identity is compromised? 5) - How can we use them securely?
     Optional 
    1:30 PM  -  2:15 PM
    Education Session 26: Description of the Enhanced Cyber Security Program  (Room 304/305)
    Speaker: Raleigh Rhodes, Sr. Manager-Cyber Security & Special Programs, CenturyLink Government

    Discussion and presentation will provide an overview/update on the Department of Homeland Security (DHS) Enhanced Cybersecurity Services (ECS) program that was expanded in February of 2013 by Presidential Executive Order (PPD-21). ECS is a voluntary information sharing program that assists critical infrastructure owners and operators as they improve the protection of their systems from unauthorized access, exploitation, or data exfiltration. DHS works with cyber security organizations from across the federal government to gain access to a broad range of sensitive and classified cyber threat information. DHS develops indicators based on this information and shares them with qualified Commercial Service Providers (CSPs), thus enabling them to better protect their customers who are critical infrastructure entities. CenturyLink Government is an original and fully approved operational Commercial Services Provider for the Department of Homeland Security’s ECS program. CenturyLink will share information and hold a discussion in this session on ECS and provide details on services such as advanced email and DNS security designed to approved critical infrastructure protection for entities utilizing government-furnished threat and technical information.
     Optional  Closed 
    1:30 PM  -  2:15 PM
    Education Session 27: Social media use is proving to be an effective customer management platform  (Room 301)
    Speaker: Nasser Azimi, Senior Partner, Teranomic

    New cyber threats and malicious attacks are emerging every day and government agencies must take the necessary measures to protect their customer data and confidentiality within Social Media applications against persistent threats. As the cloud use to run government systems expands and social media integration grows within government applications, Social Media Security issues must be considered and resolved as legitimate threats to data and confidentiality. This session will use case studies to demonstrate various categories of Social Media cyber threats, current measures to protect against such threats during system design and implementation and how to protect against such threats on a day to day basis within operational systems. Attendees will leave this session with a roadmap for implementation of Social Media Security Measures.
     Optional 
    1:30 PM  -  2:15 PM
    Education Session 28: Privacy is Why, Security is How  (Room 311)
    Speakers:
    Neils Johnson,
    Principal Evangelist, Symantec
    Laurie Rhea, Privacy & Disclosure Officer, CA Franchise Tax Board
    Dan Manson, Computer Information Systems Dept Chair and Professor at CA State Polytechnic University, Pomona , Cal Poly Pomona/Cyber Watch West

    The volume and sophistication of security threats are rising at an unimaginable rate. Government organizations need to protect their most value asset, an overwhelming amount of information. At the same time that information must be made available to those authorized to use it. There is a tension between making information available and keeping it secure. That tension is better defined as RISK. In this session, you will learn from ‘real life’ examples of how information sharing can be implemented to maximize business output and STILL protect sensitive and confidential information, as well as discuss the steps necessary to develop an Information Centric approach to better work in a world of Mobility, Cloud Computing and Big Data.
     Optional 
    2:30 PM  -  3:15 PM
    Education Session 29: The Evolution of Incident Reporting for State Agencies  (Room 309)
    Speakers:
    Katrina Yang-Fuentes
    , Information Security Analyst, California Department of Technology, California Information Security Office
    Leo Barnes
    , Information Security Analyst, California Department of Technology, California Information Security Office

    The manual incident reporting process state agencies know of today will soon the a thing of the past. Join us as we discuss the new AUTOMATED incident reporting process and system and learn how it can be used to benefit your agency.
     Optional  Closed 
    2:30 PM  -  3:15 PM
    Education Session 31: Risk management - from an asset owner perspective  (Room 310)
    Speaker: TBD, SMUD

    There are two enterprise risk management documents that the electricity subsector has developed that can easily be leveraged by other entities. The first is the Department of Energy (DOE) Risk Management Process (RMP) which is adapted from the National Institute of Standards and Technology Guideline for Managing Risk in an Organization. This provides a repeatable methodology to engage from the executive layer of the organization down to the information technology and industrial control system practitioner. Building on the RMP, we have developed the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) which can be used to measure the effectiveness of a cybersecurity program across 10 domains. While both of these documents carry electricity subsector titles, their concepts are not sector specific.
     Optional 
    2:30 PM  -  3:15 PM
    Education Session 32: Identity is the New Perimeter  (Room 304/305)
    Speakers:
    Bill Harrod,
    Cybersecurity Advisor, CA Technologies
    Scott MacDonald, Agency Information Security Officer, CA Dept of Corrections and Rehabilitation (CDCR)
    Laurie Rhea, Privacy & Disclosure Officer, CA Franchise Tax Board

    Privacy is why, Security is how; protecting personal information and providing security in an environment where our traditional security boundaries are less and less effective, and yet where we are encouraged to provide greater access to more information.
     Optional  Closed 
    2:30 PM  -  3:15 PM
    Education Session 33: Working with System Designers to Improve Security  (Room 312)
    Speaker: Chris Eng, Vice President, ResearchVeracode, Inc.  

    Often times, when developing new systems and software, security takes a back seat to functionality and rapid development. Additionally, the use of third-party code in internally developed applications makes ensuring security even more difficult. During this presentation, Chris Wysopal, co-founder and CTO, Veracode, will discuss strategies government agencies can use to work with system designers in an effort build security testing into their development lifecycle in order to improve the security of internally developed applications.
     Optional 
    2:30 PM  -  3:15 PM
    Education Session 34: Building Secure & Interoperable Citizen Services  (Room 302/303)
    Speaker: Paul Laurent, Public Sector Director of Cybersecurity Strategy, Oracle

    Public Sector sits in a precarious position: Every day we face more functional requirements and greater security risks with less money and fewer resources than ever before. Government on all levels tries to provide new and proactive services (online, mobile, social, etc.), while sharing resources and cutting costs, and maintaining compliance with some of Public Sector’s most stringent laws and regulations. The key to preparing for these new security & privacy constraints has been re-architecting IT services with open, standards-based identity federation models for security, privacy, and interoperability. This session will discuss how Federal, State, and Local governments are architecting new, agile citizen/government services.
     Optional 
    2:30 PM  -  3:15 PM
    Education Session 35: The Evolving Information Security Officer (ISO)  (Room 311)
    Speaker Panel:
    Russell Jones,
    Partner, Health Sciences & Government - Security & Privacy Services, Deloitte
    Cathy Cleek, CIO Ca Franchise Tax Board,
    Jorge D. DeCesare, Chief Information Security Officer, Dignity Health

    The Evolving Information Security Officer (ISO): Trends from the Public & Private Sector

    Participants will learn about the current trends in the development and evolution of the Information Security Officer role – and of the responsibilities, expectations and importance of this critical role from a cross sector perspective. More specific to California, participants will hear about cybersecurity and privacy trends and events both in the public sector and Federal government that highlight the importance of having a dedicated individual that ensures that a Department or Agency has the “minimum” appropriate security and privacy controls and IT Risk Management framework in place to effectively deal with the world that we live in today: a world where the threat is not a teenage hacker but organized crime, nation states and sophisticated hacker coalitions (e.g. Anonymous). Topics will include the types of skill sets and education/training needed, the essential attributes & characteristics that senior leadership are seeking, first-hand accounts from ISOs from other states/Federal government and strategies for becoming more effective in working with CIOs, Department and Agency leaders, and the Legislature.
     Optional 
    3:30 PM  -  4:30 PM
    Closing Remarks - Ballroom 3rd Floor  (Ballroom)
Top