Skip to Main Content

Cyber Security Symposium 2014 - Securing the Internet of Things

Please select the optional registration items below for the
Education Breakout Sessions
depending on your area of interest, &/or job function. 

 >>> Choose one session for each block of time <<<

Choose from the following tracks: 
 
Track 1: Security Leadership  (sessions 1, 9, 17, 25) 
Track 2: Risk Management (sessions 2, 10, 18, 26) 
Track 3: Building Security In  (sessions 3, 11, 19, 27) 
 Track4: Information Sharing and Collaboration (sessions 4, 12, 20, 28) 
 Track 5: Business Continuity Umbrella  (sessions 5, 13, 21, 29) 
Track 6: Convergence of Incident Mgmt & Emergency Mgmt (sessions 6, 14, 22, 30) 
Track 7: Protecting Privacy While Securing Cyberspace  (sessions 7, 15, 23, 31)
Track 8: Responding to Cyber Attacks (sessions 8, 16, 24, 32)
Lab Sessions: 2 per hour

Agenda

  • Tuesday, September 23, 2014
  •  
    12:30 PM  -  5:00 PM
    Cyber Security Solution Center - 3rd Floor Lobby  (Easy Lobby)
    Visit the Cyber Security Solution Center on the 3rd Floor to see the latest in Security Technology and talk with many industry leaders!
    12:30 PM  -  1:00 PM
    Registration and Check In - 3rd Floor  (Easy Lobby)
    1:00 PM  -  1:30 PM
    Introduction and Opening Remarks - Ballroom, 3rd Floor  (Ballroom)
    Introduction of the 14th Annual Cyber Security Symposium

    Michele Robinson, State of California Chief Information Security Officer, CA Dept of Technology, Office of Information Security
    Joanne McNabb, Director of Privacy Education and Policy, Office of the Attorney General, California Department of Justice
    1:30 PM  -  2:15 PM
    Keynote - Foreign Attacks - How Local Governments Can Apply Lessons Learned From The Private Sector  (Ballroom)

    Speaker: Kevin Mandia, Senior Vice President and Chief Operating Officer, FireEye

    Description: Today's cyber criminals morph their appearance and tactics before most organizations have even responded to the last attack. While defense-in-depth architecture has been the de-facto standard for fighting these attackers, their newfound speed has led to this architecture seeing 97% of “secure” organizations, including State, Local Government and Critical Infrastructures, breached within the last year.

    Diving into global attack data and his learnings from responding to decades of breaches, Kevin Mandia will provide a look at how the best answer to today’s threats is about making security faster in responding to incidents. He will dissect recent campaigns that have seen even the “basic” cyber criminal adopting advanced attack techniques to bypass traditional defenses and present case studies that demonstrate how we need to rethink cyber security to make incident response a 10 minute, not 10 month, cycle.

    2:30 PM  -  4:15 PM
    Executive Leadership During a Cyber Attack – Lab-based Simulation Exercise  (Ballroom)

    Description:  In today’s interconnected digital world, as an executive leader are you up-to-speed on cyber threat and what you would do if your agency or department was hit by a cyber-attack? Do you know who you would call? Do you have a response team identified and ready to deploy? Do you know the quick decisions that need to be made that may impact citizens, state employees and the Governor’s office?

    This simulation lab will consist of a simulated cyber-attack against the State of California and discussion about key topics that are relevant for executive leaders during a cyber-attack. At the end of this session you will walk away with key questions to ask your direct reports so that you better understand your agency/departments preparedness to deal with a cyber-attack and have a clear response plan and team in place to respond and limit the impact to citizens, state employees and the Governor’s office. This simulation lab will also highlight other related cyber-attack/resiliency sessions at the 2014 Cyber Security Symposium that will be of interest to you and your direct reports.

    4:15 PM  -  4:30 PM
    Closing Remarks - Ballroom 3rd Floor  (Ballroom)
    4:30 PM  -  5:30 PM
    Meet and Greet Reception - Solution Center 3rd Floor  (East Lobby)
    Join us for a reception following the Closing Remarks from Day One.
  • Wednesday, September 24, 2014
  •  
    8:00 AM  -  8:30 AM
    Day Two Registration and Check In - 3rd Floor  (East Lobby)
    8:00 AM  -  4:30 PM
    Cyber Security Solution Center - 3rd Floor Lobby  (East Lobby)
    Visit the Cyber Security Solution Center on the 3rd Floor to see the latest in Security Technology and talk with many industry leaders!
    8:30 AM  -  9:00 AM
    Day Two, Introduction and Opening Remarks - Ballroom, 3rd Floor  (Ballroom)
    14th Annual Cyber Security Symposium
    by Michele Robinson, Chief Information Security Officer, CA Dept of Technology, Office of Information Security
    Joanne McNabb, Director of Privacy Education and Policy, Office of the Attorney General, California Department of Justice
    9:00 AM  -  9:45 AM
    Opening Keynote Presentation - How NOT to do Security - Lessons Learned from the Galactic Empire  (Ballroom)

    Speaker:  Kellman Meghu, Head of Security Engineering, Check Point Software Technologies Inc.

    Description:  Join me for a critique of the LucasFilm epic, from the perspective of a security audit. Let’s review the security procedures and practices
    of the Galactic Empire, and see what they did well, but more importantly, learn from the mistakes they made. Prepare for a discussion on security policies and procedures, applied during the events that lead to the catastrophic business impact the Galactic Empire suffered as the result of data loss. This data was then turned against the Empire, with an advanced persistent threat that targeted, and eventually destroyed critical infrastructure. Then let us re-examine the situation with a proper security policy in place to understand how even the most basic policy approach, could have saved the Empires business, employee lives, and ultimately billions of dollars.

    10:00 AM  -  10:45 AM
    Education Session 1 - Privacy and Security: Working Well Together  (Room - 309)
    Speakers:
    Alea Garbagnati , ERS Consultant, Deloitte
    Laurie Rhea, Privacy & Disclosure Officer, CA Franchise Tax Board
     
    Description: This presentation will focus on building a successful partnership between privacy and security teams. Presenters will provide effective models for state government and private industry, as well as best practices and tips for creating a collaborative environment between these distinct yet integral disciplines. Whether the role of privacy and security is unified in your organization or divided between separate offices, you’ll gain insights into establishing a structure that will help your organization deal with issues, streamline operations, and improve productivity.
     Optional 
    10:00 AM  -  10:45 AM
    Education Session 2 - Risk Analysis, Big Data, and the Butterfly Effect  (Room - 310)

    Speaker: Monzy Merza, Director of Security Markets, Splunk, Inc.

    Continuous assessment and analysis of risk means selecting an approach or risk framework, gathering the structured and unstructured data you need from across the agency from security sensors, and viewing the data in the context of IT operations and applications data – all this while analyzing the data in a much broader context of the way people interact with the world around them. The smallest environmental factor can leave behind a digital bread crumb and can change the risk picture, potentially moving a risk score from very low to very high.

    In this session we'll discuss:
    • A step-by-step approach to selecting a risk framework
    • The data types you should be collecting from your security infrastructure
    • How a tiny bit of context creates a lot of understanding
    • Why employing a big data system can make implementation less painful


    Intended Outcome:

    Attendees will learn: • A step-by-step approach to selecting a risk framework • The data types you should be collecting from your security infrastructure • How a tiny bit of context creates a lot of understanding • Why employing a big data system can make implementation less painful

     Optional 
    10:00 AM  -  10:45 AM
    Education Session 3 - Baking Security into Projects: Making it Work in the Real World  (Room - 304/305)

    Speaker: Kelly Vance, Senior Director of Engineering and Education Services, McAfee. Part of Intel Security

    Description: State government enterprises of all sizes need to protect their internal systems against both inbound and outbound attack vectors. When security considerations are absent from IT projects, there are significant risks. This session will discuss real world examples of how public sector departments can bake in security during the plan, design and operation phases of a project. This session will also discuss best practice approaches leading to successful collaboration between business and IT leads during phases of an IT project.

    Intended Outcome: Attendees will leave this session with specific ideas and best practice approaches to creating collaboration between the department/agency business leads and security leads during the phases of an IT project.

    Intended Audience: Agency and Department business leaders, security leaders, project managers, engineers

     Optional 
    10:00 AM  -  10:45 AM
    Education Session 4 - Don’t get caught on Cloud 9!  (Room - 312)
    Speakers
    Nasser Azimi, Sr. Partner, Teranomic
    Nick Degnan, Channel Manager, Pure Storage

    Description: Cloud solutions require that Public and Private entities release physical control over their systems and data. This session will provide attendees with a presentation of how to plan and secure data running on Cloud solutions to avoid service and data risks while maintaining control at improved performance and cost! The presentation will provide evolving industry standards for Cloud solutions, identify best and worst practices, and lessons learned in recent years.

    Intended Outcome: Tips and roadmap for the best use of Cloud in terms of the appropriate systems and data should be placed on a secure cloud and those that need to remain within the physical control of the entity that owns the system and data.

    Intended Audience: IT and Business Executives and managers

     Optional 
    10:00 AM  -  10:45 AM
    Education Session 5 - Zero Day and Targeted Attacks: Preparing for the Inevitable  (Room - 319)

    Speaker: Andrew Brandt, Director of Threat Research, Blue Coat Systems

    Description: Advanced Persistent Threats: they are real and more prevalent than ever. The question is not if but when and how much damage will be done. Please join Andrew Brandt, Blue Coat Director of Threat Research, as he dissects a handful of significant and interesting attacks, based on in-depth research using real-world analytics gathered from Blue Coat’s WebPulse Labs. Andrew will take us through a step-by-step journey into the world of cyber-crime, investigating today’s prominent threat vectors. When it comes to the most dreaded CISO questions – Who did this? How? What systems were impacted? Is it over? Will it happen again? we will introduce a dynamic security defense that can keep up with the latest Web-based threats.

    Intended Audience: CISO’s, Agency and Department Executives and representatives from the Governor’s office, IT Security Directors and Network Infrastructure Managers, and anyone concerned about the threat of a cyber attack.

     Optional 
    10:00 AM  -  10:45 AM
    Education Session 6 - Jump Start Your Incident Response Plan  (Room - 301)
    Speakers:
    Carl Neidhardt, Security Engineer, Check Point Software
    Denise Mellor, AISO, GovOps & BCHS and CA Franchise Tax Board

    Description: Have you been tasked with developing or revising your agency’s cyber incident response plan? Or are you a leader that has been asked to sponsor or sign off on such a plan? Almost every organization is asked to comply with this requirement. But where do you actually start? Do you have to reinvent the wheel, or can you ‘steal with pride’ from existing, proven plan components? In this session we will explore the many resources available to you in starting or improving your own plan, in accordance with guidelines from the state, from NIST, and from industry best practices.

    Intended Outcome: You will leave this session with tools to help you fulfill the mandate to have a successful response plan, including advice on securing executive sponsorship.

    Intended Audience: People tasked with writing, or leaders asked to endorse, cyber incident/emergency management plans

     Optional 
    10:00 AM  -  10:45 AM
    Education Session 7 - Cyber-attacks threaten CA’s roads, water and online services everyday  (Room - 311)
    Cyber-attacks threaten CA’s roads, water and online services every minute of every day –
    How agency and department executives can manage cyber risks to California

    Speaker: Mike Wyatt,CISA, CIPP,  Director - Cyber Risk Services Public Sector, Deloitte

    Description: When the topic is a cyber-threat, most often, leadership (and the public) focus on the IT technology aspect of such an attack or the privacy implications as in the breach of credit card information or protected health information. However, the risks to public safety and the well-being of Californians due to cyber-attacks to the essential infrastructure, such as water resources, power plants, and online services are frightening and not well-understood by agency and department executives. The media places an overemphasis on the breach of personal information and protected health information but places little to no emphasis on the very real risks to public health and safety issues stemming from cyber-attacks. This session will paint three business scenarios involving hypothetical cyber-attacks against California's water system, surface transportation system and online services. It will highlight the all-too-real impact to agencies and departments, citizens, and the Governor’s Office. At the end of the session you will be equipped with 2 – 3 practical risk management strategies to begin identifying and managing risks related to California’s critical infrastructure and online services.

    Intended Outcome: Participants will clearly understand the risks to California, walk away with 2 - 3 risk management strategies that they can execute and have more informed discussions with their cyber security and resiliency leaders and the Legislature.

    Intended Audience: Chief Information Security Officers (CISO), Agency and Department Executives and representatives from the Governor’s office (including Office of Emergency Services)

     Optional 
    10:00 AM  -  10:45 AM
    Education Session 8 - Cyber Events Can Kick You in the Continuity Plan Panel Discussion  (Room - 302/303)
    Speaker Panel: 
    Glen Carson, Agency Information Security Officer, State of California Resources Agency
    Gary Coverdale, Assistant Chief Information Officer and Chief Information Security Officer, County of Napa, CA
    Bill Billings, CISO Federal HP Enterprise Security, CISSP, Hewlett-Packard Company
     
    Moderator:
    Mary DiPietro, Deputy Chief Information Security Officer, State of California

    Description: We all know what happens when we assume that we can continue with ‘business as usual’ during and after a major disruption. Our panel includes an Executive Leader, a Cyber Threat Expert, a state Agency Information Security Officer on a mission to create a cyber-continuity plan for the business – but they have to understand each other first! Delve into the definition of business continuity, what cyber threats mean to the business, and how an exploit can devastate the business in a millisecond. This session illuminates surprising perspectives about who needs to champion continuity planning and testing. Learn techniques to promote your business continuity program before you hear the words “this is not a drill”. Join us for an informative meeting of the minds.

    Intended Outcome: A memorable group discussion that respects the influential viewpoints of business, finance and technology. This session explains the immediacy of cyber threats and cuts through the buzz words so you can describe threats in terms people understand. Incentives you need to form the team, set priorities, build and test your cyber strength Business Continuity Plan.

    Intended Audience: Executive and Business Leadership, Information Security Officers, Business Analysts, Program Managers, Technology Recovery Strategists

     Optional 
    10:00 AM  -  10:45 AM
    Lab Session 1 - Context Aware Security/It's Just Metadata, presented by Lancope  (Room - 318)

    Speaker: Keith Wilson, Senior Systems Engineer, Lancope

    Description: How reliable is your perimeter? Protecting the borders of your network is only half of the battle. While perimeter security remains a necessity increasingly malicious attackers are able to establish operational footholds on the network interior where they can wreak havoc on an organization. Criminal enterprises and malicious insiders mask their activities inside the day-to-day operations of an organization – the first step in identifying them is to gain visibility into their activities. Internal visibility through Context Aware Security allows organizations to understand what is going on behind their virtual borders utilizing information that already exists in their infrastructure - the metadata. Do you know what isn't normal on your network? We do. In this session we will explore the attacks that circumvent or evade traditional perimeter security and demonstrate how metadata can provide visibility into these higher level attacks.

     Optional 
    11:00 AM  -  11:45 AM
    Education Session 9 - Communicating Risk to Executives  (Room - 309)
    Speaker Panel:
    Christian Turner, AISO Employment Development Department and LWDA
    Scott MacDonald, AISO, CA Dept of Corrections & Rehabilitation
    TBD, Verizon
    Robert Vescio, Global Director, Security Services Management Verizon

    Description: How do you explain to the business that just accepting the risk is NOT an okay way to mitigate risk? Are you prepared for a breach like the University of Maryland breach and the infamous Target breach? The threat landscape has changed from you MIGHT be attacked to you WILL be attacked. There are more ways than ever before for perpetrators to infiltrate your business and attackers have become more diverse, sophisticated and persistent. There is no doubt – you are a target! And the attackers are getting faster, while businesses are getting slower to react. But do not despair! Learn how you too can use evidence from confirmed breaches in the Verizon Data Breach Report to communicate risk to your executives and to build a focused security strategy. Also, learn specifics about breaches in the Public Sector and guidelines for defending against them.

    Intended Outcome: Audience will be encouraged to join in open discussion regarding the evaluation of risk management with the business. The audience will also learn how attackers are penetrating public sector networks based on breach investigations reported from around the world.

    Intended Audience: Information Security Officers, security leadership, members of security teams, or IT teams

     Optional  Closed 
    11:00 AM  -  11:45 AM
    Education Session 10 - Who Has My Data and How Did They Get It?  (Room - 310)

    Speaker: John Milburn, Executive Director, Product Management, Identity and Windows Management, Dell Security

    Description: The need for increased visibility and controls over who has access to application data and unstructured data is becoming increasingly important to prevent breaches. And when there is a breach, how do we expedite decisions to resolve the breach?

    Data breaches underwent explosive growth in 2013:
         740 million records were disclosed
         The average cost of one of these breaches was $214k
         89% of these breaches were preventable
         76% of these breaches were due to weak or stolen account credentials
         31% of these breaches came from insiders with
         84% of these inside attacks being motivated by revenge.
    During this session you will learn best practices for:
         Identifying Ownership of Data
         Securing Internal and Remote Access to Data
         Reporting Security Risks to Management

    Intended Outcome: Learn Best Practices for: Identifying Ownership of Data, Securing Internal and Remote Access to Data, and Reporting Security Risks to Management

    Intended Audience: Security Admins and Management

     Optional  Closed 
    11:00 AM  -  11:45 AM
    Education Session 11 - Secure by design: Building in security at the front end  (Room - 304/305)
    Speakers:
    Nick Brandreth, AVP, Imperva
    Doug Leone, AISO, CA Environmental Protection Agency
    Robert Pittman, CISO- County of Los Angeles
     
    Description: The technology landscape is continually evolving to the point where government entities must rethink their cybersecurity postures and adopt strategies, tactics, techniques and procedures to manage risk and protect their “crown jewels” (information assets) in the Networked Age. Now, more than ever, a holistic approach is necessary to secure sensitive data and deliver public service in a manner that meets the unique, mission critical needs of government. This session will discuss defense-in-depth layered approaches that enable entities to discover and classify their most important assets at the front end of project planning. By using such approaches, government entities can better determine dynamic technical solutions that meet cyber protection needs and proactively protect against cyber threats and not-yet-realized vulnerabilities.
     
    Expected Outcome: Clearer understanding on how prevalent attacks have become. Staying proactive and working with vendors as partners to build security into every aspect of a new solution. Case study examples and customer references on how web application firewall and database security solutions can help to meet compliance and auditing requirements including NIST, PCI, PII, HIPAA.
     
    Intended Audience: Business Line Executives and IT Security
     Optional 
    11:00 AM  -  11:45 AM
    Education Session 12 - Privileged User Management – What You Don’t Know, Can Hurt You  (Room - 312)

    Speaker: Bill Harrod, Advisor, CA Technologies

    Description: Almost every agency admits they need to do something about privileged user access (i.e., root access provided to system programmers, DBAs, etc.) within their environment, but usually don’t understand all the associated risks. In this session, you’ll better understand what privileged user management entails, your personal exposure, what recent breaches are attributable to a lack of proper privileged user management (can you say Target), and what simple steps you can take to address the situation.

    Intended Outcome: Attendees will better understand the exposure that comes from privileged user access and steps they can take to improve their situation.

    Intended Audience: Anyone concerned with a relatively unknown, but significant source of security breaches.

     Optional 
    11:00 AM  -  11:45 AM
    Education Session 13 - Back to Basics: Mitigation Techniques for Today’s Threats  (Room - 301)

    Speaker: Bill Billings, CISO Federal HP Enterprise Security, CISSP, Hewlett Packard

    Description: We all know that Cyber Attacks are on the rise. At some point every organization will go through defending and cleaning up after a successful attack. During this session I will walk through top infiltration techniques that I’ve encountered during the past year. Then I will discuss processes, technologies and minimum standards which will help during the remediation and cleanup efforts.

     Optional 
    11:00 AM  -  11:45 AM
    Education Session 14 - Look, don't touch: A new approach to industrial control systems security  (Room - 319)

    Speaker: Dan Scali, Manager, Industrial Control Systems Security Consulting Services, Mandiant, a FireEye company

    Description: Despite an increasing focus and investment in Industrial Control Systems (ICS) security, the ICS technology used to operate our society’s critical infrastructure remains fundamentally flawed. Outdated operations and deployment models, a lack of appropriate security capabilities, and the extreme fragility of existing ICS technology all contribute to a reality where any anomaly in an ICS environment has the potential to disrupt operations or compromise critical ICS assets with implications for public welfare and national security.

    At the same time, the ""air gap"" that engineers have traditionally relied on to protect industrial control systems (ICS) is quickly eroding. As we modernize and digitally connect the systems that govern our power grids, dams, sewage systems, water supply, traffic systems and other critical infrastructure, we also expose them to threat actors who can conduct attacks from anywhere in the world with little risk of attribution. Even as more robust and security-capable technology is deployed, “the defender’s dilemma” makes it impossible to prevent a sufficiently-resourced, targeted cyber attack on ICS.

    Although many organizations establish some form of security operations capability for their enterprise network, these benefits rarely extend directly to ICS. Instrumentation is usually deployed at the edge of the network rather than the core, where ICS typically resides. Logs are not often collected and forwarded to the Security Operations Center to enhance its visibility into ICS security. In cases where security operations capabilities are in place, the focus has been on finding evidence of compliance rather than indicators of intrusion or compromise.

    This session presents an analysis of the ICS threat landscape followed by a high-level approach that asset owners can use to build effective capabilities for ICS network security monitoring.

     Optional 
    11:00 AM  -  11:45 AM
    Education Session 15 - Be Unafraid: Compliance doesn’t have to be so scary!  (Room - 311)
    Speaker Panel:
    Joseph McClosky, IT Security Specialist, DuPont
    Paul Haugan, CIO, Johnson County, Kansas
    Johan Hybinette, CISM, CISSP, ISSAP, ISSMP, NSA-IEM, NSA-IAM CISO, HOSTING.com
    John Stubbs, VP-Sales Global Software Channels, Stealth by Unisys
    Panel Moderator - Jill Walsh, Unisys Stealth Strategic Solutions

    Description: Shared access to data resources among employees, agencies, customers, and supply chain partners is must-have, and checking that compliance box is a must-do. But what you really want is to be more secure than check box requirements, and safeguard citizen privacy, intellectual property and other sensitive resources in a proactive, cost-effective and convenient way in this cyber-crazy era. Whether it’s PCI, HIPAA, NIST, CJIS or others, compliance requirements are forcing organizations to re-think their security posture, and driving them to leverage breakthrough technologies to protect privacy, mitigate risk, reduce costs, and improve agility – all at the same. Listen how government and commercial representatives are tackling these challenges….and succeeding.

    Intended Outcome: Attendees learn about new, proven cybersecurity technology and approach to protecting citizen privacy and information security. Attendees can leverage information on how other states have chosen to proceed and are being successful.

    Intended Audience: Those responsible in state agenciesfor security and privacy compliance requirements.This includes agencies who realize they have to open their security perimeters for customers and vendors, but also protect the sensitive and personal information entrusted to them.

     Optional 
    11:00 AM  -  11:45 AM
    Education Session 16 - Disaster Recovery Planning: Not the Same Old Story  (Room - 302/303)

    Speaker: Michael F. Angelo, Chief Security Architect, NetIQ Corporation

    Description:  We all know how to deal with traditional disaster & recovery scenarios but like everything else in IT, traditional wisdom may no longer be enough. Power, air conditioning, fire, flood and all other potential physical disasters are no longer the biggest problem facing your critical services and systems. We now need to worry about cyber-disaster recovery too.

    This session will cover the impact of cyber threats on the disaster recovery process. It will provide guidance and insight beyond current reactive and preventative approaches. This guidance can reduce the risk of a cyber disaster and help you recover quicker in the event of a cyber disaster.

    Intended Outcome: The extension of disaster recovery to encompass cyber threats.

    Intended Audience: Disaster Recovery teams, and Cyber analysis teams.

     Optional 
    11:00 AM  -  11:45 AM
    Lab Session 2 - Context Aware Security/It's Just Metadata, Presented by Lancope  (Room - 318)

    Speaker: Keith Wilson, Senior Systems Engineer, Lancope

    Description: How reliable is your perimeter? Protecting the borders of your network is only half of the battle. While perimeter security remains a necessity increasingly malicious attackers are able to establish operational footholds on the network interior where they can wreak havoc on an organization. Criminal enterprises and malicious insiders mask their activities inside the day-to-day operations of an organization – the first step in identifying them is to gain visibility into their activities. Internal visibility through Context Aware Security allows organizations to understand what is going on behind their virtual borders utilizing information that already exists in their infrastructure - the metadata. Do you know what isn't normal on your network? We do. In this session we will explore the attacks that circumvent or evade traditional perimeter security and demonstrate how metadata can provide visibility into these higher level attacks.

     Optional 
    12:00 PM  -  1:15 PM
    Learning From the Data Threat Landscape -Option #1, No lunch provided  (Ballroom)
    Luncheon Registration Option #1 – No Lunch Provided

    *Note: A lunch purchase is not required in order to attend this session.

    Speaker: Terry Ray, Chief Product Strategist, Imperva

    Learning From the Data Threat Landscape: Industrialization of Hacking and Sensitive Data Theft

    Description: Advanced hackers are organized, armed and after the most prized commodity - your data. Data theft occurs daily and for various reasons, almost always with sensitive or confidential information. Terry Ray will explore the different types of threats in today's cyber security landscape - who they are, what they're after, how they attack, and the potential impact to your organization. Most importantly, he will outline how to prevent and combat these threats.

     Optional 
    12:00 PM  -  1:15 PM
    Learning From the Data Threat Landscape - Lunch Option #2 - Pre-Purchased Lunch.  (Ballroom)
    Luncheon Registration Option #2 –  A Pre-Purchased Lunch is available for $10.00.
    You will receive your lunch ticket at the Check In Registration Table, with your event badge.

    Speaker: Terry Ray, Chief Product Strategist, Imperva

    Learning From the Data Threat Landscape: Industrialization of Hacking and Sensitive Data Theft

    Description: Advanced hackers are organized, armed and after the most prized commodity - your data. Data theft occurs daily and for various reasons, almost always with sensitive or confidential information. Terry Ray will explore the different types of threats in today's cyber security landscape - who they are, what they're after, how they attack, and the potential impact to your organization. Most importantly, he will outline how to prevent and combat these threats.

    Fee  Optional 
    1:30 PM  -  2:15 PM
    Education Session 17: The Rise of the CPO in State Government  (Room - 309)

    Speakers: Renault Ross, SLED Enterprise Architect, Symantec

    Description:
    There are many models for managing data privacy in state government. In California, agencies have privacy coordinators who coordinate the impleentation of a privacy program based on law and on the privacy policies issued by the California Information Security Office. Some states have a Chief Privacy Officer(CPO) for the State, setting policy and providing oversight for individual agencies. Ohio created one of the first statewide CPO positions in 2007. This session will describe the different roles of the state CPO in the privacy programs of Ohio and West Virginia. You will learn how the CPO collaborates with the state CISO, how privacy compliance is ensured, and how Privacy Impact Assessments are used to manage privacy risk along with various governance and risk management tools.

    Intended Outcome: Greater understanding of the CPO role in building an effective Privacy Program.

    Intended Audience: Anyone interested in other State strategies supporting Privacy Programs.

     Optional 
    1:30 PM  -  2:15 PM
    Education Session 18 - Defending Against Targeted Attacks with Actionable Security Intelligence  (Room - 310)

    Speaker: Diana Kelley, Executive Security Advisor, IBM Security Division

    Description:  The targeted attacks of today are perpetrated by sophisticated threat actors—including cyber-criminals, terrorists and nation states—who will gather their own intelligence about the intended target to develop custom strikes that improve the success of their campaigns. Once inside an organization, they are able to maintain persistence for longer periods of time in order to identify the data they wish to steal, and conceal their presence. In this session, you will learn why traditional approaches to security are being penetrated, and how organizations can redesign their security model to minimize the risk of attack. IBM will share how, by leveraging existing investments and integrating technologies, organizations can effectively communicate timely information and visibility into what is transpiring across all layers of the network. This access to data coupled with deep forensic capabilities allows organizations in turn to build a complete cyber security solution that protects critical Web applications, data and processes throughout their entire life cycle. 

    Intended Outcome: An introduction to how by taking a comprehensive and integrated approach to application vulnerability management, agencies can measurably improve operational security, mitigate risks, and reduce costs.

    Intended Audience: Executive level & security practitioners.

     Optional 
    1:30 PM  -  2:15 PM
    Education Session 19 - Web Application Security: Challenges, Remediation and Prevention  (Room - 304/305)

    Speaker: Ronald Hamilton, VP Security Solutions Division, Performance Technology Partners, LLC.

    Description: Now, more than ever, government agencies are expected to provide effective web applications to deliver public services. Adoption of e-business methods has brought and will continue to create efficiencies, enhance service provision, and result in cost savings for hundreds of functions, including submission of tax returns and purchasing of health insurance. In this session, we will present the basic web application concepts, reactive techniques for remediating existing vulnerabilities, and proactive methods for building security into future web applications. Specific techniques, as applied to real world situations, to be discussed include penetration testing, digital incident investigation and leading edge methods for improving cyber offense capabilities.

    Intended Outcome: In this session, we will present the basic web application concepts, reactive techniques for remediating existing vulnerabilities, and proactive methods for building security into future web applications.

     Optional 
    1:30 PM  -  2:15 PM
    Education Session 20 - Leveraging SAML to Enable Departmental Collaboration, Federation & Cloud Svcs  (Room - 319)
    Speakers: Megha Tamvada, Sr. Product Manager, F5 Networks
    Kala Kinyon Solutions Deployment Specialist, The SCE Group

    Description: Organizations are deploying distributed, hybrid architectures that can span multiple security domains. At any moment, a user could be accessing the corporate data center, the organization’s cloud infrastructure, or even a third party, SaaS web application. Also with the ever-increasing number of Web applications being accessed from a variety of devices, providing users with simple and secure single sign-on (SSO) is more critical than ever. SAML and identity federation solve these challenges by enabling a secure enterprise-wide single sign-on (SSO) solution and delivering the level of security that enterprises need to ensure their user identities are protected while providing federation. In this session you'll discover how to achieve departmental collaboration and cloud services leveraging identity federation with Security Assertion Markup Language (SAML)

    Intended Outcome: To educate participants on how to allow seamless and centralized account management that enables secure collaboration between departments, agencies and cloud services

    Intended Audience: Information Security Officers, IT Managers, Directors and Executives, Software Developers

     Optional 
    1:30 PM  -  2:15 PM
    Education Session 21 - Department of Homeland Security's Enhanced Cyber Security (ECS) Program  (Room - 301)

    Speaker: Raleigh Rhodes, Sr. Manager, Cyber Security Division, CenturyLink Government Services

    Description: Discussion and presentation will provide an overview/update on the Department of Homeland Security Enhanced Cybersecurity Services (ECS) program that was expanded in February of 2013 by Presidential Executive Order (PPD-21). ECS is a voluntary information sharing program that assists critical infrastructure owners and operators as they improve the protection of their systems from unauthorized access, exploitation, or data exfiltration. DHS works with cyber security organizations from across the federal government to gain access to a broad range of sensitive and classified cyber threat information.

    Intended Outcome: Provide a wide range of government entities at the State, County, and Municipal level with and update on the Department of Homeland Security ECS program. Panel discussion will add updated DHS information on a broad range of sensitive and newly released classified cyber threat information.

    Intended Audience: Any level, from CISO to Analyst, will greatly benefit from the information shared regarding this program and how they can improve protection of their critical infrastructure.

     Optional 
    1:30 PM  -  2:15 PM
    Education Session 22 - Four Cyber Security Innovations  (Room - 312)

    Speaker: Raj Shah, Director of Cyber Security, Palo Alto Networks

    Description: With all the negative press about how weak the collective good-guy cyber defenses are, there is reason to hope. This presentation discusses four cyber security innovations that not only work but will fundamentally change how we will all do our jobs in the future. Some of our community are leaning forward with these ideas and showing us the way. They are teaching us how to transform our tactical Incident Response teams into strategic intelligence organizations. They are changing our old-school thinking of deploying tactical signature defenses into the more modern Kill-Chain and Indicators-of-Compromise methodology. They are breaking new ground on how to share threat indicator information between peers. Finally, they are adopting next-generation firewall technology to replace the very old last generation technology.

    Intended Outcome: Better understand innovative new techniques to allow IT organizations to safely enable the business.

    Intended Audience: Network Managers, Network Architects, Information Security Officers, Security Analysts

     Optional 
    1:30 PM  -  2:15 PM
    Education Session 23 - Data Protection Starts with Data Classification  (Room - 311)
    Speakers:
    Devin Cambridge, Global Managing Director, FirstData Enterprise Security, Risk & Compliance, First Data
    Carla Zuehlke, Statewide Technology Recovery Program Manager, CA Information Security Office

    Description: With both the move to mobile and to the cloud, the challenge of protecting sensitive data as it flows from point can be daunting. The first step is to classify the data, as required by the State Administrative Manual, and that can be a difficult step to take. At this session,you will receive pointers on some simple classifications to use at smaller agencies as well as learn about new tool sets and techniques utilized in the private sector to classify information so that you can protect it as it moves from point to point and lands on various devices.

    Intended Outcome: Attendees should understand how to communicate with their organization to gain heightened participation in their privacy program. They will understand what tools and processes can be used to classify data in order to enforce privacy compliance.

    Intended Audience: State agency Privacy Coordinators and Information Security Officers

     Optional 
    1:30 PM  -  2:15 PM
    Education Session 24 - Cyber Security Incident Response  (Room - 302/303)
    Speaker: John Ode, Field Product Manager, Americas, Sourcefire/Cisco

    Description:Cyber Security Incident Response. Notes from the field. In this session the audience will learn how to plan, prepare, and partner to facilitate a Cyber Security Incident response.

    Intended Outcome: Knowledge transfer. The intention is to help the attendees justify the need for an incident response plan or team and to educate on ways to implement the plan. The audience will learn from my past experiences and mistakes leading a Cyber Security Incident response team for a major utility company in the Northwest.

    Intended Audience: Incident responders and security leadership.

     Optional 
    1:30 PM  -  2:15 PM
    Lab Session 3 - Context Aware Security/It's Just Metadata, presented by Lancope  (Room - 318)

    Speaker: Keith Wilson, Senior Systems Engineer, Lancope

    Description: How reliable is your perimeter? Protecting the borders of your network is only half of the battle. While perimeter security remains a necessity increasingly malicious attackers are able to establish operational footholds on the network interior where they can wreak havoc on an organization. Criminal enterprises and malicious insiders mask their activities inside the day-to-day operations of an organization – the first step in identifying them is to gain visibility into their activities. Internal visibility through Context Aware Security allows organizations to understand what is going on behind their virtual borders utilizing information that already exists in their infrastructure - the metadata. Do you know what isn't normal on your network? We do. In this session we will explore the attacks that circumvent or evade traditional perimeter security and demonstrate how metadata can provide visibility into these higher level attacks.

     Optional 
    2:30 PM  -  3:15 PM
    Education Session 25 - The Internet of Things: Data Access Policy in a Post-PC World  (Room - 309)

    Speaker: Coy Thorp, Systems Engineer Aruba Networks

    Description: We are living in an exciting era. Distributive technologies, such as social and mobile, have changed how we fundamentally work as a society. But our policy structure needs to keep pace with these changes. Typically, organizations do not have policy structures based on dated data access archetypes, and this policy structure is lagging behind the rate of innovation, aw well as the inherent security challenges that have resulted from an increasingly mobile workforce and contituency. This session will discuss how we adapt to these changes. In order to stay ahead of this wave, we have to create a policy structure that is 1. Flexible and adaptable to changing organizational needs. 2. Enables Security as a core function of the business and 3. Simple to understand, implement and revise. We will explore these challenges during this session. We will look at policy as a basic structure of security, and how we can create a policy that is not just a paper tiger, but a fundamental part of business and enables better security, visibility and control of the Internet of Things.

    Intended Outcome: Learn how policies can be created that are a fundamental part of business that enables better security, visibility and control of the internet of things

    Intended Audience: CTOs, Program Administrators and Managers

     Optional  Closed 
    2:30 PM  -  3:15 PM
    Education Session 26 - Internet of Things - An Approach for Cyber-Security  (Room - 310)
    Speakers:
    Dr. Harsh Verma, Vice-President, Global Innovative Research, R Systems
    Bill Svien,Vice President of Corporate Strategy, 911 ETC
    Ashok Bhatia, Vice President, R Systems
    Karen Wong, CIO, CalOES
    Daniel Quach, CIO, CPUC

    Description: The Internet of Things (IoT) is fast becoming a reality - connecting People and Things to create a fully connected lifestyle. IoT will help government to accelerate the improvement of public services wherein Agencies can use data feeds from various monitoring sources and connected devices like grid and environmental sensors, cameras and building data to improve their performance. It is predicted that there will be over 50 billion devices and objects connected by 2020. Cyber Attacks in the forthcoming age of IoT can however create major disruption. Consequences of cyber-attacks leading to Traffic Lights possibly turning all green at the same time, in cities and towns, can create havoc and lead to disastrous accidents. Similarly, such attacks on Water Treatment System can lead to poisoning of water system supplies for citizens and the failure of Power Grid Systems resulting into failure of transit system, transportation & utilities. This will cause chief information security officers (CISOs) to reassess the scope of their security responsibilities, like an increased use of Enhanced 911 location co-ordinates and in such situations, it will be critical, for continuous risk analysis and assessment, to have detailed record on Location Info at the site of Incident where a Cyber Attack is reported or could potentially occur. This session will discuss the unique issues and challenges of IoT and provide an introduction and framework to blend e911 processes with Cyber-Security for effective continuous risk management.

    Intended Outcome:

    • Understand the potential of ""Internet of Things"" as well as the Platform Risk involved in IoT
    • Understand the challenges for CISOs when delivering secured services for IoT applications
    • Understand an approach to use Location Coordinates and e911 processes for Cyber-Security
     Optional  Closed 
    2:30 PM  -  3:15 PM
    Education Session 27 - Domain Name System (DNS) – Network Security Asset or Achilles Heel?  (Room - 304/305)

    Speaker: Arya Barirani, Vice President, Product Marketing, Infoblox, Inc.

    Description: The DNS is a key building block of the Internet which is fast becoming one of the top-rated vectors for external (“outside-in”) attacks on the infrastructure and internal (“inside out”) attacks from malware. Most IT professionals know very little about the DNS and, subsequently, have done little to protect this critical asset. This session will discuss common vulnerabilities and attack surfaces, different types of DNS threat vectors, and security strategies/techniques to mitigate for this oft ignored security threat to network architecture. If built into a project plan from inception, the right network architecture can be designed to protect against the multitude of DNS attack vectors.

    Intended Audience: Directors, IT managers

     Optional 
    2:30 PM  -  3:15 PM
    Education Session 28 - The Chief Privacy Officer in State Government  (Room - 312)

    Speaker: Renault Ross, Enterprise Architect, Symantec

    Description: There are many models for managing data privacy in state government. In California, agencies have privacy coordinators who coordinate the impleentation of a privacy program based on law and on the privacy policies issued by the California Information Security Office. Some states have a Chief Privacy Officer(CPO) for the State, setting policy and providing oversight for individual agencies. Ohio created one of the first statewide CPO positions in 2007. This session will describe the different roles of the state CPO in the privacy programs of Ohio and West Virginia. You will learn how the CPO collaborates with the state CISO, how privacy compliance is ensured, and how Privacy Impact Assessments are used to manage privacy risk along with various governance and risk management tools.

    Intended Outcome: Greater understanding of the CPO role in building an effective Privacy Program

    Intended Audience: Anyone interested in other State strategies supporting Privacy Programs

     Optional 
    2:30 PM  -  3:15 PM
    Education Session 29 - Continuity Response-How to Give the Advantage to Hackers!  (Room - 301)

    Speaker: James Christiansen, CISO, Accuvant

    Description: An incident response plan allows or your organization to launch a mitigation effort against a cyber attack, but it opens a door that leads to a landscape of land mines. Being successful at managing an incident requires knowing exactly where the land mines are hidden so you can avoid making a career-ending mistake that can also cause severe damage to your agency. This is a critical survival skill for those who manage an incident response team and communications. Unfortunately, until now this skill was learned only through experience. Too often agencies have been blind sided by events during the incident response that they never expected. As a result response takes longer, cost more, and can make the situation even more unstable. Executive teams want complete answers quickly, yet communicating inaccurate information or taking the wrong step could result in lawsuits and regulatory fines. In the middle of a cyber attack, the incident response manager is faced with making many decision even when the information is incomplete. By making the wrong decision, you can give the advantage to the hackers. This session explores the most common issues encountered during an incident response effort and actions incident response teams can take in advance to prepare and avoid a challenging situation. The session will include case scenarios, details on what to expect and how to react, and best practices learned from combating attackers during the attack.

    Intended Audience: Security/Executives

     Optional 
    2:30 PM  -  3:15 PM
    Education Session 30 - Breaking the Threat Kill Chain  (Room - 302/303)

    Speaker: Lamont Orange, CISO, Websense, Inc.

    Description: The most secure organizations are not those with the latest defensive solutions or utilities on the market. They are those who employ broad defensive strategies. This is more than the 2014 model for “Defense in Depth” or “Layered defenses”. They are prepared for today’s advanced threats because of the well-orchestrated application of both common and innovative defensive solutions, processes, and policies. This session will use the threat ‘kill chain’ as a framework to discuss this highly effective approach.

    Intended Audience: Directors of Security, CISO's, Security Executives

     Optional 
    2:30 PM  -  3:15 PM
    Education Session 31 - Privacy in the World of Big Data  (Room - 311)
    Speakers:
    Glenn Brunette, Senior Director, Cybersecurity, Oracle Public Sector Oracle
    Joanne McNabb, Director of Privacy Education & Policy, CA Attorney General’s Office

    Description: Cheaper storage, pervasive imbedded sensors and sophisticated analytics are enabling the collection of larger and larger troves of data. Big Data offers the promise of new discoveries, new economic opportunities and solutions to seemingly intractable problems. Big Data also implicates privacy, for individuals, for government and for society as a whole. In this session, you will learn about privacy concerns related to Big Data, including how they might come up for state government, along with an overview of some approaches to addressing such concerns.

    Intended Outcome: Attendees will become aware of privacy issues their agencies should consider and address in order to ensure public trust as they provide greater transparency and access to government data sets.

    Intended Audience: State agency Privacy Coordinators, Information Security Officers, Public Records Act Coordinators and others with responsibility for open government and data governance.

     Optional 
    2:30 PM  -  3:15 PM
    Lab Session 4 - Context Aware Security/It's Just Metadata, presented by Lancope  (Room - 318)

    Speaker: Keith Wilson, Senior Systems Engineer, Lancope

    Description: How reliable is your perimeter? Protecting the borders of your network is only half of the battle. While perimeter security remains a necessity increasingly malicious attackers are able to establish operational footholds on the network interior where they can wreak havoc on an organization. Criminal enterprises and malicious insiders mask their activities inside the day-to-day operations of an organization – the first step in identifying them is to gain visibility into their activities. Internal visibility through Context Aware Security allows organizations to understand what is going on behind their virtual borders utilizing information that already exists in their infrastructure - the metadata. Do you know what isn't normal on your network? We do. In this session we will explore the attacks that circumvent or evade traditional perimeter security and demonstrate how metadata can provide visibility into these higher level attacks.

     Optional 
    3:30 PM  -  4:00 PM
    Cyber Security Awards Ceremony & Closing Remarks - Ballroom 3rd Floor  (Ballroom)

    Awards will be presented to those individuals that have had the greatest impact on the security and privacy in government and education sectors.

    A total of five awards will be presented in the following categories:

    Security Leadership (3)

    Security Leadership State Government
    Security Leadership Local Government (City or County)
    Security Leadership in Education

    Privacy Leadership (1)

    Security Operations Leadership (1)

    4:00 PM  -  5:00 PM
    Cyber Security Awards Reception - Ballroom, 3rd Floor  (Ballroom)
    Join us for a reception following the Awards Ceremony and Closing Remarks from Day Two.
Top