Cybersecurity Awareness Month 2021

October is Cybersecurity Awareness Month.  During October 2021, COT offered several ways for state staff to engage in cybersecurity events. 

COT management sponsored four drawings for four $25 Amazon gift cards for cybersecurity event participants and one drawing among those with the highest number of entries for a $50 gift card. Congratulations to all the winners!

$50 Gift Card Winner:
Jeffrey R. Howard (DOR)

$25 Gift Card Winners:
Dawn A. Combs (OVR-FL)
Critley L. King Smith(DOCJT)
James Seay (EEC)
Jessica M. Hall (DOC)

 Each event described below gained an entry in the drawings.  There are no further drawings.

  • Participation in one of the virtual presentations listed below on this web page.
  • Replies to feedback requests sent to presentation participants after each sponsored session.
  • Responses to the security quiz question emailed once a week throughout October 2021. 
  • Phishing emails reported during the month of October 2021 by using the Report Phish/ PhishAlarm button in Outlook or by sending the suspect email as an attachment to "COT Phishing Reporting" (phishing.reporting@ky.gov).
  • Entering a cybersecurity suggestion to COTSecurityWatch@ky.gov in the month of October 2021. 

 
CYBERSECURITY AWARENESS PRESENTATIONS
All presentations occurred in the past.
​​​

             
  Broadcom.jpg                            
   

Broadcom presents "Selling the Brooklyn Bridge"

WHEN:  Tuesday, October 5th from 2:00 to 3:00 EST

Every seemingly brand new twist in the threat landscape is actually an evolution of what came before it.  This talk will trace a current threat back to its origins in the 1600s.  It will also teach you how to sell someone the Brooklyn Bridge and why this 100-year-old scam provides a lesson in preventing future cybercrime.

SPEAKER:  Kevin Haley, Senior Director

Kevin Haley is Senior Director in Symantec's Security Response group where he is responsible for ensuring the security content gathered from Symantec's Global Intelligence Network is actionable for its customers.  This includes educating customers on security issues and incorporating the security content into security solutions of Broadcom Software.  ​


 

   Elastic.jpg            

Elastic presents "Stacking the Deck in Your Favor"

WHEN:  Thursday, October 14th from 2:00 to 3:00 EST

In a cat vs mouse game of one upsmanship, we will go over how to stack the deck in our favor for security and overall IT monitoring.  Basics can go a long way.  Let's look at what we have to work with and use it to its fullest.

SPEAKER: Neil Desai, Principal Security Strategist

Neil Desai has over two decades of information security experience. In past roles, he built Security Operations Centers (SOCs) and architected defensible and monitorable infrastructures for Fortune 500 US financial institutions. Outside of work he was a part of 1@stPlace, winners of DEFCON's CTF in 2006 and 2007, and is a current member of C3X (https://www.thec3x.com/).



 Proofpoint.jpg
      

ProofPoint presents ““Becoming a Phish-Spotting Superstar”

WHEN:  Thursday, October 21st from 2:00 to 3:00 EST

Abstract: Over 99% of attacks are human-activated threats— meaning attackers are relying on each of you (end users) to take actions in favor of them. Join us as we show you the common tactics used that you can help spot for COT and reduce our people-centric risk. 

SPEAKER:
  Sara Pan, Senior Product Marketing Manager at Proofpoint

Bio: Sara has been a product strategist in the cybersecurity industry for more than 8 years. She has presented at industry events and webinars- topics spanning across endpoint security, data security, GDPR, and email security. Sara's on top of the new wave of email threats, such as business email compromise, account takeover, and supply chain risk. 


 


       TrendMicro.JPG

TrendMicro presents "Bug Bounties and Exploit Intelligence"

WHEN:  Wednesday, October 27th from 2:00 to 3:00 EST

Nearly every organization claims to do vulnerability research and threat intelligence, but what does that really mean? As the world's largest vendor agnostic bug bounty program, the Zero Day Initiative (ZDI) is uniquely positioned to understand the latest exploits and techniques. Various marketplaces exist for such security research, and the current gray and black markets can be as robust as their white market counterparts.  At each stage of this process, information about a vulnerability equates to a monetary value, and, depending on how this information is disseminated, that monetary value can drastically change. Like any open market, various factors can spur changes in supply and demand, and market actors can shape what types of research either becomes public – or finds its way into an active exploit.

This talk will also show how bug reports submitted to the program allowed the ZDI to effectively crowd-source vulnerability intelligence by showing industry trends and state-of-the-art exploitation methodologies. It will include case studies on how these reports have influenced the broader ecosystem.  Understanding the source of threat intelligence and the exploit economy are vital for getting proactive with your network defenses rather than merely reacting to threats.

SPEAKER:  Dustin Childs

Dustin C. Childs is a part of Trend Micro's Zero Day Initiative (ZDI), which is the world's largest vendor agnostic bug bounty program. Dustin began his IT security journey in the late 1990's at the Air Force Information Warfare Center. He then transitioned from active duty to defense contractor. Following this role, Mr. Childs worked in the Microsoft Trustworthy Computing group, where he served as a case manager in the Microsoft Security Response Center (MSRC) with a focus on addressing vulnerabilities in the Windows operating system and in Microsoft's developer tools. In his current role, Mr. Childs creates, implements, and oversees communications programs, both internal and external, that promote the work of ZDI and its researchers.


​​
This page was last modified 11/24/2021 12:03 PM

    

 

 

             ​speaker.png 

Questions:

Please contact:
  
Commonwealth Office of Technology
Office of the CISO
Security Administration Branch
500 Mero Street
Frankfort, KY 40601