Speaker biographies, presentations and handouts are available on this page for you to view/download. Please click on the speaker name to view their biography and any presentations pre-submitted will appear below the speakers for each session.
Go to a specific session:
The process of managing risk in an enterprise is a constantly evolving effort that requires proper feedback and metrics from multiple functional groups, including Operations, Security, and Identity Management. Many organizations fail to factor in evolving threats that include extortion, data and/or reputation loss, as well as other tactics. In this talk, Aaron will outline several of these pitfalls, and provide real-life experiences of complicated incident and risk management decisions.
With an increasingly sophisticated threat landscape, innovative security executives across government and industry are rethinking their security strategies. They are looking at approaches to not just prevent but proactively detect and protect against cyber threats. They are turning to risk management strategies and employing frameworks that help monitor and evaluate their posture. With the realization that ‘all data is security relevant’ and that real-time data-driven decision making is critical, organizations are leveraging machine data, a by-product of any and all digital activities that gives them a trace of what is transpiring across the enterprise. In this session you will learn about a C-level view into security challenges and how government and industry can partner to best meet CISO priorities, the fundamental shift in strategies necessary for resilience in today’s new threat landscape, and best practices for risk management and practical tips on implementing these strategies to improve organizational security posture.
SSL encryption (port 443) is the de-facto encryption technology for delivering secure Web browsing, and the benefits it provides. SSL encryption is driving the levels of SSL Web traffic to new heights. According to different industry authorities such as Google, Gartner & Forester in 2018 about 70% of all casual Web traffic is now HTTPS encrypted. Some industries such as finance, government, healthcare & legal are even higher. Warning - not all SSL traffic is benign. Without the right security tools, SSL is a blind spot in your network rendering gateway security measures neutered. Next Generation Firewalls (NGFW) using Web filters, Application Awareness, Anti-Virus Gateway and IDS/IPS can only provide limited protection against malicious SSL traffic. Advanced Threat Protection (ATP) sandboxes provided limited protection against HTTPS traffic too. A more advanced approach of intercepting the SSL traffic allowing the NGFW & ATP devices to examine all Web traffic HTTP & HTTPS traffic is fast becoming a critical requirement.
The National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) has served as the basis for a unified cybersecurity framework for government agencies since 2010. Adoption was slow initially as agencies determined how to transition from the legacy point-in-time risk assessment model to the RMF model of continuous monitoring. Compounding the transition challenge was the need to update thousands of system artifacts, migrate numerous authorization packages, and implement continuous monitoring controls and approaches. More recently, agencies have been challenged by the emergence of new and disruptive technologies, the continual increase and evolution of cybersecurity vulnerabilities, and the heavily manual RMF tasks. Join KPMG as we discuss leading practices for implementing the RMF, developing and maintaining security artifacts and authorization packages, and implementing risk management and continuous monitoring approaches consistent with the RMF.
Many of us managing a network or collection of computing resources use education, awareness, and training to protect users and data. Despite our best efforts, we are often challenged to secure the most tricky of OSI Layers: Layer 8. Learn how digital lions find and stalk cyber gazelle as we review a case study of a cyber profiling activity of a North American public sector entity.
This is the fifth age of computing. Everywhere you turn, someone wants to move to cloud. Terms like Low Cost, CapEx and OpEx are bandied about when discussing advantages of migrating to cloud. This presentation will help you understand the elements involved in securing the cloud. Who is watching the data? How is the environment being protected? Anvaya Solutions' security experts will provide insights into security parameters for your cloud environment. We will discuss the items you need to consider before, during and after migration to the cloud.
Two major transformations are occurring in the workplace today: 1. State agencies are embracing a Cloud first policy by adopting an increasing number of SAAS applications from a line of business perspective and 2. Employees are no longer static; they work from home, remote branch locations, coffee shops, home, etc and from various devices including laptops, smart tablets and smart phones. As this shift is occurring the network or perimeter is expanding to the cloud. At the same time traditional hardware based security or networking tools are inefficient and archaic. Gaps in a coverage model from traditional hardware is a major security concern while availability and networks extending to the cloud is a major concern for network teams. To help fill the security and availability gap and bring together two traditionally speaking adversarial groups, a cloud based firewall can be the answer. The Zscaler session will focus on how. We will have real world examples from companies like GE, SIEMENS, Kelly Services and government entities such as the State of NY, WI, AK, MA. State of CA depts such as ETP, DPH, Calpers and DSH and CA Counties such as Santa Clara, San Mateo, Orange have also moved to a cloud based firewall replacing traditional hardware such as Websense/Forcepoint, Mcafee, BlueCoat/Symantec, Cisco, Palo Alto, etc. The goal will be to have this as a panel session with CISOs from state and county agencies who have embraced the technology to speak in regards to their use cases, lessons learned, etc
We've all seen it: a cybersecurity management program that has developed and grown over time, based on evolving requirements, one-off issues, differing expectations, and a legacy of ad-hoc decisions. Cybersecurity-by-design deconstructs those influences, wipes the slate clean, and shifts the basis of cybersecurity into the needs and realities of today. Through an analysis that includes threat analysis, key asset identification, and risk scenarios, it builds a mindset of cybersecurity that is shared across the organization. The analysis determines cybersecurity goals in non-technical terms, identifies common and complimentary approaches, and supports decision making. This talk addresses how to do this, and integrates a number of cybersecurity concepts such as compartmentalization, isolation, defense in depth, and along the way identifies key players in the process, how to establish buy in, how to tie-break individual perspectives (biases), and the language and approaches that have proven successful.
This session will focus on the built in security baseline and best practice feature of Office 365 called Secure Score. We will discuss current security trends in state and local government and how many of these can be addressed with existing features and configuration options in Office 365. We will go in depth on the ability of Office 365 Secure Score to baseline your current configuration and provide detailed guidance on how to configure Office 365 for improved security.
Thanks to an increasingly mobile workforce and the widespread adoption of cloud services, it’s no longer safe to assume that your data is secure simply because a credential checks out. With most data breaches involving stolen credentials, authorized and unauthorized access can look identical. The traditional perimeter has moved beyond the network to wherever the user is attempting to access the data. How can you provide a consistent experience for employees who are working from the office, the airport, a coffee shop or home? And how can you provide them access without risking compromise? Secure Your Perimeter and Trust No One.
Cloud environments are growing exponentially. Many organizations are blind to how much their users are accessing cloud services. Learn how to gain visibility into your cloud providers, but also unsanctioned cloud applications that could put your organization and its data at risk. Many organizations are blind to how much their users are accessing cloud services. We will discuss governance and policies across multi cloud environments. How to gain visibility and control into what your users are doing in the cloud at any given point in time.
Join us for a lively talk on how organizations are balancing end user enablement and organizational security with the power of the cloud. In government, the goal is simple: to provide fast, safe, reliable services to your end users. However, it is becoming more difficult to effectively enforce security in today’s environments with highly distributed networks, increased usage of cloud apps, users who work from anywhere, and continuously evolving threats — all which leave you vulnerable to breaches, and device infections.
The current data protection strategies of firewalls, SSL, and breach detection are ineffective against today’s hackers. These are merely outer layers of security to stall hackers, but they don’t actually protect your data once an attacker gets inside your system. To adequately protect your data today, you must assume an attacker can already get inside your system, and build a security roadmap with that in mind. A holistic approach to security that provides application-level encryption combined with FIDO-based strong authentication and digital signatures is the most effective way to ensure an attacker cannot subvert the system. This session will provide a detailed guide to building a holistic data security roadmap involving the approach defined above so you can make data breaches irrelevant by securing the core.
Having multiple, cascaded gatekeepers fortifies security by rendering additional checkpoints. With the use of multiple unique proofs of identity, required through separate routes, the more difficult it is for a bad actor to steal your identity or impersonate you. To maintain security while minimizing the impact to the user experience, a key precept in newly evolving login systems is multi-factor authentication. Participants will gain an. Understanding of various multi-factor authentication approaches, and how it can be implemented to enhance the user experience and improve the security posture through Risk-Based Authorization (RBA), a dynamic system which grants access depending on the trustworthiness of the user requesting admission and the sensitivity of the information under protection.
Introduction of key Enterprise Governance, Risk and Compliance (EGRC) concepts around risk and security/privacy compliance management. We will cover the EGRC journey and key public sector use cases, followed by an overview of EGRC technology. Participants will gain an understanding of how manual risk and compliance processes and tasks can be automated and streamlined to gain efficiency, allowing key resources to focus on competing priorities.
The current threat landscape is in a state of evolution that poses a significant risk to organizations’ assets, reputations, and identities. Aaron Goldstein explores new and existing threat vectors such as ransomware and nation state attacks (and why traditional defenses fail to address them) and explains how Endpoint Detection and Response (EDR) functionality can improve the speed and efficiency of incident response tactics, even when combating the toughest threat actors.
Cybercrime can come in any shape or size, and not always the form you would expect. During this interactive discussion, we will be reviewing data from the 2018 Verizon Data Breach Investigations Report (DBIR). Mr. Bowman will walk you through patterns in the security landscape and our adversary’s operational methods. No system is 100% secure. However, understanding the threats you face will help you improve your security. Cybercriminals are using all the information they can get hold of to up their game — you should too.
Many solutions exist to solve particular security and technical issues in your network. But as solutions are added, complexity is increased as ‘Silos’ are created and visibility suffers. By breaking down these ‘Security Silos,’ you can get a better overall picture of what’s transpiring on your network as well as reducing your overall attack surface. Discussion of Malware propagation, encryption complications, and various security technologies to ensue.
Security on Amazon Web Services is robust and feature rich, but how do I know what to do and how to start? This workshop will cover how to start your AWS threat response automation platform using native AWS tools and OSS. We will begin with how to collect and analyze all the different data sources in an AWS account. Next, we will cover how to take that log data and automatically address risks identified from network intrusion, insider threats, or misconfigurations. We’ll also cover preventative controls that can help block risk in the first place and alert when drift occurs, and finally how to scale this all out to multiple accounts.
Protecting and recovering from a cyber-incident is heavily dependent upon good information sharing. In this session, topics will surround the importance of why information sharing is critical to the State and its stakeholders and what data we are sharing. We will discuss establishing relationships with information sharing organizations, incorporating those relationships into security plans, and how to exercise the interaction procedures. We will discuss how organizations can manipulate shared data to create and or provide indications and warnings of threat activity as well as how, what and when you should share information with partner organizations and entities.
When you are boiling the ocean, measurement is everything! Leaders often face challenges strategizing, adopting, and operationalizing new cyber security programs, policies, guidelines, and procedures when merging existing structure and ideas with new ideas. We will discuss the advantages and disadvantages of how utilizing concepts such as Requisite Organization (ref: Elliott Jacques) can help you identify how to best operationalize your security program and written policies with continuous oversight methods and analytical measures that can be extracted by your teams for short and long term planning. We will also review and help you understand the best way to lean on the California Department of Technology’s investments to set your security program, posture, and goals while interpreting best in class alignment with the SIMM 5300-C Cyber Security Metrics tool. Moreover, we will deliver a personal action summary and "easy button" to build your plan based on leadership goals provided by California’s Statewide Technology Strategic Plan -- “Vision 2020”. Finally, we will discuss cyber security and Internet futures due to unavoidable changes forced by mathematical limitations of the current Internet design and what you can do about it today.
A majority of security awareness programs across the State of California are compliance focused. Training is limited, and employees are unsure of organizational policies as related to the protection of information assets. As such, security officers are recognizing that an awareness curriculum simply does not do much in changing behavior.This presentation will examine how the K12 High Speed Network, in collaboration with the California Department of Education and the California Education Technology Professionals Association has deployed a statewide cybersecurity education program for all K-12 public education employees. The program has been used with some 24k employees across 95 school districts. The overall result has driven down phish triggering from over 30% to 2% over the past 18 months. Via a robust metrics framework for tracking progress and measuring impact, the program has yielded continuous improvement and considerable return on the investment made to provide it. Participants will learn how the program works, WHY the program works, and what it takes to cause behavioral changes in end-users.
How an organization communicates to the public about a breach is an essential part of an Incident Response Plan. With Social Media and the pressure from news outlets to disclose more information quicker, the amount of public scrutiny an organization faces as they go through a breach is at an all-time high and can have a significant long-term impact on reputation. This session will examine how, what, and when organizations need to communicate about a data breach. What are the reporting laws? What are the common pitfalls to avoid? How do I prepare my executives and elected officials? This session will offer an inside look at crisis management around real-world breaches, communications pressures created by today’s threat landscape, and the crisis management planning essentials that public sector organizations need to be aware of.
First, we will challenge the audience to identify and document a persona based on “trash can” material. Once the persona has been identified, the audience will be tasked to create a way to socially engineer that person and an attack vector to exploit their network. Second, we will discuss how the exercise is playing out in actual cyber space and how the industry is moving towards a ONE SECURITY model. Finally, we will share about what the government should know about this shift in cyber direction.