State of California Cybersecurity Education Summit 2018

Session Descriptions, Speaker Biographies & Presentations/Handouts

Return to Conference Website

Speaker biographies, presentations and handouts are available on this page for you to view/download. Please click on the speaker name to view their biography and any presentations pre-submitted will appear below the speakers for each session.

Go to a specific session:


Morning Keynote Tuesday October 9, 2018  9:00 AM - 9:45 AM

Real Time Incident and Risk Management

The process of managing risk in an enterprise is a constantly evolving effort that requires proper feedback and metrics from multiple functional groups, including Operations, Security, and Identity Management. Many organizations fail to factor in evolving threats that include extortion, data and/or reputation loss, as well as other tactics. In this talk, Aaron will outline several of these pitfalls, and provide real-life experiences of complicated incident and risk management decisions.

  • Aaron Goldstein, Director, Endpoint Detection and Response Team, Tanium
 Back to Top

Breakout Session 1 Tuesday October 9, 2018  10:00 AM - 10:55 AM

Alleviating C-Suite Cyber Concerns with Data Analytics View Materials

With an increasingly sophisticated threat landscape, innovative security executives across government and industry are rethinking their security strategies. They are looking at approaches to not just prevent but proactively detect and protect against cyber threats. They are turning to risk management strategies and employing frameworks that help monitor and evaluate their posture. With the realization that ‘all data is security relevant’ and that real-time data-driven decision making is critical, organizations are leveraging machine data, a by-product of any and all digital activities that gives them a trace of what is transpiring across the enterprise. In this session you will learn about a C-level view into security challenges and how government and industry can partner to best meet CISO priorities, the fundamental shift in strategies necessary for resilience in today’s new threat landscape, and best practices for risk management and practical tips on implementing these strategies to improve organizational security posture.

  • Joel Fulton, CISO, Splunk
  • Peter Liebert, CISO and Director of the Office of Information Security, California Department of Technology
Benefits of SSL Deep Packet Inspection View Materials

SSL encryption (port 443) is the de-facto encryption technology for delivering secure Web browsing, and the benefits it provides. SSL encryption is driving the levels of SSL Web traffic to new heights. According to different industry authorities such as Google, Gartner & Forester in 2018 about 70% of all casual Web traffic is now HTTPS encrypted. Some industries such as finance, government, healthcare & legal are even higher. Warning - not all SSL traffic is benign. Without the right security tools, SSL is a blind spot in your network rendering gateway security measures neutered. Next Generation Firewalls (NGFW) using Web filters, Application Awareness, Anti-Virus Gateway and IDS/IPS can only provide limited protection against malicious SSL traffic. Advanced Threat Protection (ATP) sandboxes provided limited protection against HTTPS traffic too. A more advanced approach of intercepting the SSL traffic allowing the NGFW & ATP devices to examine all Web traffic HTTP & HTTPS traffic is fast becoming a critical requirement.

  • Jeff Bird, Senior Security Specialist, Juniper Networks
Cybersecurity Risk Management for the 21st Century View Materials

The National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) has served as the basis for a unified cybersecurity framework for government agencies since 2010. Adoption was slow initially as agencies determined how to transition from the legacy point-in-time risk assessment model to the RMF model of continuous monitoring. Compounding the transition challenge was the need to update thousands of system artifacts, migrate numerous authorization packages, and implement continuous monitoring controls and approaches. More recently, agencies have been challenged by the emergence of new and disruptive technologies, the continual increase and evolution of cybersecurity vulnerabilities, and the heavily manual RMF tasks. Join KPMG as we discuss leading practices for implementing the RMF, developing and maintaining security artifacts and authorization packages, and implementing risk management and continuous monitoring approaches consistent with the RMF.

  • Tony Hubbard, Principal, Advisory, KPMG
  • Ryan Love, Government Cybersecurity Practice, KPMG
  • Eli Owen, Commander, State Threat Assessment Center, Governor's Office of Emergency Services
How to get your Network Hacked in 10 Easy Steps

Many of us managing a network or collection of computing resources use education, awareness, and training to protect users and data. Despite our best efforts, we are often challenged to secure the most tricky of OSI Layers: Layer 8. Learn how digital lions find and stalk cyber gazelle as we review a case study of a cyber profiling activity of a North American public sector entity.

  • Luis Carvajal-Kim, Cyber Risk Manager, Deloitte & Touche LLP
  • James Parsons, Lieutenant Colonel, Cyber Network Defense Chief, California Military Department
Migrating to Cloud? What You Need to Know About Security

This is the fifth age of computing. Everywhere you turn, someone wants to move to cloud. Terms like Low Cost, CapEx and OpEx are bandied about when discussing advantages of migrating to cloud. This presentation will help you understand the elements involved in securing the cloud. Who is watching the data? How is the environment being protected? Anvaya Solutions' security experts will provide insights into security parameters for your cloud environment. We will discuss the items you need to consider before, during and after migration to the cloud.

  • Srinivas Atluri, Executive Vice President, Anvaya Solutions, Inc.
  • Steven Grimes, Information Security Leader, Child Welfare Digital Services
Moving from Appliances to Cloud Security View Materials

Two major transformations are occurring in the workplace today: 1. State agencies are embracing a Cloud first policy by adopting an increasing number of SAAS applications from a line of business perspective and 2. Employees are no longer static; they work from home, remote branch locations, coffee shops, home, etc and from various devices including laptops, smart tablets and smart phones. As this shift is occurring the network or perimeter is expanding to the cloud. At the same time traditional hardware based security or networking tools are inefficient and archaic. Gaps in a coverage model from traditional hardware is a major security concern while availability and networks extending to the cloud is a major concern for network teams. To help fill the security and availability gap and bring together two traditionally speaking adversarial groups, a cloud based firewall can be the answer. The Zscaler session will focus on how. We will have real world examples from companies like GE, SIEMENS, Kelly Services and government entities such as the State of NY, WI, AK, MA. State of CA depts such as ETP, DPH, Calpers and DSH and CA Counties such as Santa Clara, San Mateo, Orange have also moved to a cloud based firewall replacing traditional hardware such as Websense/Forcepoint, Mcafee, BlueCoat/Symantec, Cisco, Palo Alto, etc. The goal will be to have this as a panel session with CISOs from state and county agencies who have embraced the technology to speak in regards to their use cases, lessons learned, etc

  • Frank Andrade, IT Specialist, California Department of State Hospitals
  • Vaishali Patel, Regional Sales Manager, Zscaler
  • Ian Sanford, Systems Architect, California Department of Public Health
Security by Design

We've all seen it: a cybersecurity management program that has developed and grown over time, based on evolving requirements, one-off issues, differing expectations, and a legacy of ad-hoc decisions. Cybersecurity-by-design deconstructs those influences, wipes the slate clean, and shifts the basis of cybersecurity into the needs and realities of today. Through an analysis that includes threat analysis, key asset identification, and risk scenarios, it builds a mindset of cybersecurity that is shared across the organization. The analysis determines cybersecurity goals in non-technical terms, identifies common and complimentary approaches, and supports decision making. This talk addresses how to do this, and integrates a number of cybersecurity concepts such as compartmentalization, isolation, defense in depth, and along the way identifies key players in the process, how to establish buy in, how to tie-break individual perspectives (biases), and the language and approaches that have proven successful.

  • Chris Brown, Senior Manager, EY
Understanding Your Office 365 Security Scorecard View Materials

This session will focus on the built in security baseline and best practice feature of Office 365 called Secure Score. We will discuss current security trends in state and local government and how many of these can be addressed with existing features and configuration options in Office 365. We will go in depth on the ability of Office 365 Secure Score to baseline your current configuration and provide detailed guidance on how to configure Office 365 for improved security.

  • Scott Howland, Chief, Information Management Division, California Highway Patrol
  • Dean Iacovelli, Director - Secure Enterprise, Microsoft State and Local Government
  • Jason Opdycke, Threat Management Specialist, Microsoft State and Local Government
 Back to Top

Breakout Session 2 Tuesday October 9, 2018  11:05 AM - 12:00 PM

Cloud Security and the Zero Trust Model View Materials

Thanks to an increasingly mobile workforce and the widespread adoption of cloud services, it’s no longer safe to assume that your data is secure simply because a credential checks out. With most data breaches involving stolen credentials, authorized and unauthorized access can look identical. The traditional perimeter has moved beyond the network to wherever the user is attempting to access the data. How can you provide a consistent experience for employees who are working from the office, the airport, a coffee shop or home? And how can you provide them access without risking compromise? Secure Your Perimeter and Trust No One.

  • Marc Rodgers, VP of Cybersecurity Strategy, Okta
  • Ron Zander, IT Security Team, Placer County
Do You Have a Firewall Around Your Cloud? View Materials

Cloud environments are growing exponentially. Many organizations are blind to how much their users are accessing cloud services. Learn how to gain visibility into your cloud providers, but also unsanctioned cloud applications that could put your organization and its data at risk. Many organizations are blind to how much their users are accessing cloud services. We will discuss governance and policies across multi cloud environments. How to gain visibility and control into what your users are doing in the cloud at any given point in time.

  • Tyson Moler, Senior Manager, Security & Systems Management, NA Public Sector, Oracle
I’ve Got 99 Problems but Cloud Security Isn’t One - Leveraging Cloud Solutions for Effective Security View Materials

Join us for a lively talk on how organizations are balancing end user enablement and organizational security with the power of the cloud. In government, the goal is simple: to provide fast, safe, reliable services to your end users. However, it is becoming more difficult to effectively enforce security in today’s environments with highly distributed networks, increased usage of cloud apps, users who work from anywhere, and continuously evolving threats — all which leave you vulnerable to breaches, and device infections.

  • Jordan Gackowski, SE Manager, Cisco Systems
Making Breaches Irrelevant View Materials

The current data protection strategies of firewalls, SSL, and breach detection are ineffective against today’s hackers. These are merely outer layers of security to stall hackers, but they don’t actually protect your data once an attacker gets inside your system. To adequately protect your data today, you must assume an attacker can already get inside your system, and build a security roadmap with that in mind. A holistic approach to security that provides application-level encryption combined with FIDO-based strong authentication and digital signatures is the most effective way to ensure an attacker cannot subvert the system. This session will provide a detailed guide to building a holistic data security roadmap involving the approach defined above so you can make data breaches irrelevant by securing the core.

  • Arshad Noor, CTO, StrongKey
Multi-Factor Authentication View Materials

Having multiple, cascaded gatekeepers fortifies security by rendering additional checkpoints. With the use of multiple unique proofs of identity, required through separate routes, the more difficult it is for a bad actor to steal your identity or impersonate you. To maintain security while minimizing the impact to the user experience, a key precept in newly evolving login systems is multi-factor authentication. Participants will gain an. Understanding of various multi-factor authentication approaches, and how it can be implemented to enhance the user experience and improve the security posture through Risk-Based Authorization (RBA), a dynamic system which grants access depending on the trustworthiness of the user requesting admission and the sensitivity of the information under protection.

  • Spiros Angelopolous, Principal Solutions Architect, ForgeRock
  • Debi Mohanty, Cyber Risk Senior Manager, Deloitte and Touche LLP
Security & Privacy compliance automation using Enterprise Governance, Risk and Compliance

Introduction of key Enterprise Governance, Risk and Compliance (EGRC) concepts around risk and security/privacy compliance management. We will cover the EGRC journey and key public sector use cases, followed by an overview of EGRC technology. Participants will gain an understanding of how manual risk and compliance processes and tasks can be automated and streamlined to gain efficiency, allowing key resources to focus on competing priorities.

  • Peter Liebert, State Chief Information Security Officer, California Department of Technology
  • Komal Rastogi, Cyber Risk Senior Manager, Deloitte & Touche LLP
The Evolution of Incident Response

The current threat landscape is in a state of evolution that poses a significant risk to organizations’ assets, reputations, and identities. Aaron Goldstein explores new and existing threat vectors such as ransomware and nation state attacks (and why traditional defenses fail to address them) and explains how Endpoint Detection and Response (EDR) functionality can improve the speed and efficiency of incident response tactics, even when combating the toughest threat actors.

  • Aaron Goldstein, Director, Endpoint Detection and Response (EDR) Team, Tanium
 Back to Top

Luncheon Keynote Tuesday October 9, 2018  12:30 PM - 1:30 PM

Cybersecurity, Tales of Dirty Deeds and Unscrupulous Activities

Cybercrime can come in any shape or size, and not always the form you would expect. During this interactive discussion, we will be reviewing data from the 2018 Verizon Data Breach Investigations Report (DBIR). Mr. Bowman will walk you through patterns in the security landscape and our adversary’s operational methods. No system is 100% secure. However, understanding the threats you face will help you improve your security. Cybercriminals are using all the information they can get hold of to up their game — you should too.

  • Craig Bowman, Vice President, Advanced Solutions Division, Verizon
 Back to Top

Breakout Session 3 Tuesday October 9, 2018  1:40 PM - 2:35 PM

Breaking Security Silos: How Better Integration Mitigates Cybercrime Exposure View Materials

Many solutions exist to solve particular security and technical issues in your network. But as solutions are added, complexity is increased as ‘Silos’ are created and visibility suffers. By breaking down these ‘Security Silos,’ you can get a better overall picture of what’s transpiring on your network as well as reducing your overall attack surface. Discussion of Malware propagation, encryption complications, and various security technologies to ensue.

  • Marc Glenn, Senior Cybersecurity Intelligence Analyst, California Governor's Office of Emergency Services
  • Tony Russi, Solutions Architect, Fortinet
Configure your Cloud to Make it Rain on Threats

Security on Amazon Web Services is robust and feature rich, but how do I know what to do and how to start? This workshop will cover how to start your AWS threat response automation platform using native AWS tools and OSS. We will begin with how to collect and analyze all the different data sources in an AWS account. Next, we will cover how to take that log data and automatically address risks identified from network intrusion, insider threats, or misconfigurations. We’ll also cover preventative controls that can help block risk in the first place and alert when drift occurs, and finally how to scale this all out to multiple accounts.

  • Brad Dispensa, AWS Solution Architect, Amazon Web Services
Cyber Threat Information Sharing View Materials

Protecting and recovering from a cyber-incident is heavily dependent upon good information sharing. In this session, topics will surround the importance of why information sharing is critical to the State and its stakeholders and what data we are sharing. We will discuss establishing relationships with information sharing organizations, incorporating those relationships into security plans, and how to exercise the interaction procedures. We will discuss how organizations can manipulate shared data to create and or provide indications and warnings of threat activity as well as how, what and when you should share information with partner organizations and entities.

  • Justin Edgar, Solutions Architect, FireEye
  • Mark McCutcheon, California Cyber Security Integration Center, Governor's Office of Emergency Services
Impactful Security Program Leadership and Metrics for Executives View Materials

When you are boiling the ocean, measurement is everything! Leaders often face challenges strategizing, adopting, and operationalizing new cyber security programs, policies, guidelines, and procedures when merging existing structure and ideas with new ideas. We will discuss the advantages and disadvantages of how utilizing concepts such as Requisite Organization (ref: Elliott Jacques) can help you identify how to best operationalize your security program and written policies with continuous oversight methods and analytical measures that can be extracted by your teams for short and long term planning. We will also review and help you understand the best way to lean on the California Department of Technology’s investments to set your security program, posture, and goals while interpreting best in class alignment with the SIMM 5300-C Cyber Security Metrics tool. Moreover, we will deliver a personal action summary and "easy button" to build your plan based on leadership goals provided by California’s Statewide Technology Strategic Plan -- “Vision 2020”. Finally, we will discuss cyber security and Internet futures due to unavoidable changes forced by mathematical limitations of the current Internet design and what you can do about it today.

  • George Usi, CEO, SACTECH
Security Awareness: The Power of an Ambassador Program View Materials

A majority of security awareness programs across the State of California are compliance focused. Training is limited, and employees are unsure of organizational policies as related to the protection of information assets. As such, security officers are recognizing that an awareness curriculum simply does not do much in changing behavior.This presentation will examine how the K12 High Speed Network, in collaboration with the California Department of Education and the California Education Technology Professionals Association has deployed a statewide cybersecurity education program for all K-12 public education employees. The program has been used with some 24k employees across 95 school districts. The overall result has driven down phish triggering from over 30% to 2% over the past 18 months. Via a robust metrics framework for tracking progress and measuring impact, the program has yielded continuous improvement and considerable return on the investment made to provide it. Participants will learn how the program works, WHY the program works, and what it takes to cause behavioral changes in end-users.

  • Emil Ahangarzadeh, Program Director, K-12 High Speed Network
The Day After an Attack! Breach Mitigation and Communication Planning View Materials

How an organization communicates to the public about a breach is an essential part of an Incident Response Plan. With Social Media and the pressure from news outlets to disclose more information quicker, the amount of public scrutiny an organization faces as they go through a breach is at an all-time high and can have a significant long-term impact on reputation. This session will examine how, what, and when organizations need to communicate about a data breach. What are the reporting laws? What are the common pitfalls to avoid? How do I prepare my executives and elected officials? This session will offer an inside look at crisis management around real-world breaches, communications pressures created by today’s threat landscape, and the crisis management planning essentials that public sector organizations need to be aware of.

  • Bruce Heard, Senior Manager, Security Consulting Services, Mandiant
  • Vitaliy Panych, CISO, California Department of Corrections
  • Donaldo Wilson, Special Agent, FBI Sacramento Field Office
Who's Hacking You? Participate in this Workshop to Find Out

First, we will challenge the audience to identify and document a persona based on “trash can” material. Once the persona has been identified, the audience will be tasked to create a way to socially engineer that person and an attack vector to exploit their network. Second, we will discuss how the exercise is playing out in actual cyber space and how the industry is moving towards a ONE SECURITY model. Finally, we will share about what the government should know about this shift in cyber direction.

  • Darin Bournstein, Senior Cyber Intel Analyst, Governor's Office of Emergency Services
  • Craig Bowman, VP, Advanced Solutions, Verizon
 Back to Top

Closing Keynote Tuesday October 9, 2018  2:45 PM - 3:45 PM

Closing Panel View Materials

  • Martin Minnich, Program Manager, California Cybersecurity Institute
  • Wendi Whitmore, Global Lead, X-Force IRIS team, IBM
  • Scott Young, President, synED and California Cyberhub
 Back to Top