The COT CISO and the Security Administration Branch are pleased to announce that October 2012 is Cyber Security Awareness Month. Experts in the field of IT Security will deliver presentations that bring awareness and current security information to staff in state government and other associated agencies and organizations. Finalized events are described below.
Anyone planning to attend any of the presentations and who wishes to reserve a seat should contact Gail Ritchey. You will receive a response verifying a seat, as well as information on location and parking. In the event a presentation’s seating is filled, preference for attendance will be in the order received.
Event Schedule
“Physical Security Best Practices and IT Convergence”
October 9, 2012, 10:00 a.m. to 11:30 a.m.
101 Cold Harbor Training Rooms, Frankfort, KY
Brad Pyles, PSP, Advanced Digital Solutions, LLC
Brad Pyles is Board Certified in Physical Security based on experience and by having PSP certification by ASIS International. Additionally, he has CSE, CFATS, EMC Velocity/Isilon and the Federal DHS Safety Act certifications. He is an FBI Infraguard Kentucky Member.
Brad Pyles will cover the progression of physical security from analog to digital and digital to Internet Protocol and beyond. He will explain best practices for network deployment, storage, virtualization, wireless deployment and server-less physical security. Additionally, he will explain the latest developments in high definition, low light and wide dynamic range cameras, asset tracking and data center security.
“Current Threat and Mitigation State: A Whole New World”
October 11, 2012, from 10:00 a.m. to 11:00 a.m.
101 Cold Harbor Training Rooms, Frankfort, KY
David O'Berry, Technology Strategist, McAfee
David O'Berry is a “reformed CxO/CIO currently working for ‘The Dark Side’ as a Technology Strategist for McAfee’s Advance Technology Group. He spent 19 years on the enterprise side as a network manager, Director of Information Technology Systems and Services and, most recently, Director of Strategic Development and Information Technology in the public sector. Active within the industry, he currently holds CISSP-ISSAP, ISSMP, CISSLP, CRMP certifications among others. He has also been published several years in a row in the Information Security Management Handbook as well as writing for various publications over the years on a wide-range of IT and IT-SEC topics. Most recently he was honored as a ComputerWorld Top 100 IT Leader for 2011, a fact he attributes to the amazing team that surrounded him during his service in the public sector.
David will address how the rapidly expanding numbers and complexities on the threat landscape require a new mentality and set of tools available to practitioners in order to try and get ahead of the curve. This discussion will touch on the current threat and mitigation state including the newest ways to potentially mitigate the newest challenges to the “Digital Ecosystem.”
“The State of Web Exploit Kits”
October 16, 2012, 10:00 a.m. to 11:00 a.m.
101 Cold Harbor Training Rooms, Frankfort, KY
Jeremy “Howie” Howerton, Technologist, HP Enterprise Security Products Group
Howie has spent 10+ years in the security field on both the client and vendor side of the fence. Previous to his role as a Technologist, Howie worked within the HP TippingPoint group as a Senior Solutions Architect covering the Mid-Atlantic region.
Web exploit toolkits have become the most popular method for cybercriminals to compromise hosts and to leverage those hosts for various methods of profit. This talk will dive into some of the most popular exploit kits available today including Black Hole, and Phoenix and some of the newer players that have appeared from Asia. An overview of how each kit is constructed and analysis of its observed shellcodes, obfuscations and exploits will be explained giving a better understanding of the differences and similarities between these kits, exploring data harvesting methods and trends.
How to be an Individual Contributor to Enterprise Cyber-security”
October 19, 2012, 10:00 a.m. to 11:00 a.m.
Transportation Building, 200 Mero Street, Frankfort, KY Room C118
Brian Tillett, Chief Security Strategist, Symantec Public Sector, Symantec Inc.
As a security practitioner with 19 years of experience in the IT and Voice Security industries, Brian meets regularly with Federal, State and Local Government entities to focus on understanding and meeting real-world IT security challenges. Throughout his career, Brian has directly supported organizations including but not limited to: USAF, USN, USMC, USA Departments of Homeland Security, Joint Chiefs of Staff, and Executive Office of the President, the United Nations, National Aeronautics and Space Administration, and Defense Ministries of Japan, France, and the United Kingdom. Brian is viewed as a trusted advisor across Public Sector, including providing testimony and briefings for US Congress and maintains a DoD Top Secret Clearance.
Brian Tillett will be covering the significant role the individual plays in Enterprise Cyber-Security in the public sector.
“Passwords, Policies, People, . . . and Problems!”
October 24, 2012, 10:00 a.m. to 11:30 a.m.
101 Cold Harbor Training Rooms, Frankfort, KY
Brent Crossland, Senior Manager, State Government Initiatives, Entrust, Inc.
Brent worked for the State of Illinois for 12 years, the last four as Deputy Technology Officer in the Governor’s Office. He has been with Entrust since 2003 working with state & local government projects to implement strong authentication, encryption, and digital signatures to protect sensitive information for a variety of law enforcement, education, benefits, and healthcare agencies.
Brent’s presentation will look at recent developments & trends in identity management and authentication along with some notable privacy and password breaches from the past year. There will also be a review of what is going on with the NSTIC (National Strategy for Trusted Identities in Cyberspace) and HIT (Health Information Technology) initiatives that are being driven by federal funding. As these topics are discussed, we will try to answer a couple of questions: Do we make realistic assumptions about the security choices that our end users actually make today? What best practices could we recommend to end users? (and do we actually practice them!)? Can we identify lessons or trends that help us move forward to improve how we authenticate users, documents, and transactions?
"Weaponizing the User"
October 26, 2012, 2:30 p.m. to 4:00 p.m.
101 Cold Harbor Training Rooms, Frankfort, KY
Chris Sanders, Senior Security Analyst, InGuardians
Chris has extensive experience supporting multiple government and military agencies, as well as several Fortune 500 companies. Chris has authored several books and articles, including the international best seller "Practical Packet Analysis" from No Starch Press. Chris specializes in network-based intrusion detection and analysis.
In 2008, Chris founded the Rural Technology Fund. The RTF is a 501(c)(3) non-profit organization designed to provide scholarship opportunities to students from rural areas pursuing careers in computer technology. The organization also promotes technology advocacy in rural areas through various support programs
Chris currently holds the CISSP, GCIA, GCIH, GREM, GPEN, and GSEC certifications.
Chris Sanders will be discussing the state of cyber espionage and targeted attacks and how individual users contribute to their success. Sophisticated attackers no longer engage the perimeter, but rather, leverage the weaknesses of human users inside the network to accomplish larger goals. Chris will demonstrate some of these techniques, including how adversaries develop targeted phishing campaigns and how modern exploit techniques can be used against everyday users. Whether the adversary is a nation-state seeking to gather critical intelligence or a hacktivism group simply out to prove a point or, the user isn't just the target, they're the weapon.