SecurliCon

NEW CYBERSECURITY CONFERENCE FOCUSES ON REAL-WORLD THREATS
It’s FREE … and you don’t even have to wear shoes.

 
 

EVENT SUMMARY

Netswitch’s first virtual International Cybersecurity conference SecurliCon, scheduled for January 27, 2017, provides vital help in understanding and defending against evolving and advanced external and internal security threats based on hard-earned experience in the real world.

The agenda will cover topics ranging from security analytics to encryption, SCADA and Critical Infrastructure Protection to public key cryptology, behavior baselining and analytics, active detection and response and the role of vulnerability assessments and penetration testing in today’s cybersecurity environment.

Recently added topics include the application of secured sensors and smart systems in B2C and B2B2C businesses, cyberthreat resistance techniques, data privacy through masking and obfuscation, legal protection (Legal Hardening) against security breaches, employment and recruiting issues in cyber-security markets and an update on biometric authentication. The conference is sponsored solely by Netswitch and no vendor presentations, agendas or exhibits will be allowed.

“Netswitch recognizes its role in driving cybersecurity awareness,” Stanley Li, CEO of Netswitch said. “We felt that as the industry leader in managed detection and response it was our responsibility to deliver useful, real-world information in an effective and efficient way so information technology professionals can do their jobs even better and make an even greater impact on cybersecurity and safety.”

ABOUT NETSWITCH

Netswitch is one of the world’s leading Managed Security Service Providers (MSSP) serving businesses of all sizes through Securli®, its award-winning Managed Detection and Response platform. Securli® Integrated Security Technologies are in use at over 3,000 client sites around the world providing managed intrusion detection and prevention, advanced behavioral analytics, preemptive breach detection, monitored and managed web firewalls and gateways, 24x7 SOC and security information and event management (SIEM), managed incident response and remediation and complete audit-ready regulatory compliance.

Netswitch is headquartered in South San Francisco, California and serves the Middle East and APAC markets through its ASIA Pacific Headquarters in Hongkong.

For more information about Netswitch and SecurliXF®, please visit www.netswitch.net.

SESSIONS


It Takes a Village: Insights on Building a Successful Cyber Program

Phil  Ferraro
As security incidents accelerate in both frequency and severity, the transparency of the aftermath increases as well. Employees, Boards of Directors, and even the public are more aware of the potentially devastating nature of cyber attacks, and they want to know exactly what you're going to do about it. In this session, Phil Ferraro shares insights gleaned from almost two decades working in cyber security for enterprise companies and the federal government. He explores the critical lessons learned over the course of a remarkable career, including his tips on building a world-class global Cyber Security program.


The Riskiness of Risk Framework Selection

Fred  Doyle
COBIT. OCTAVE. FAIR. ISO. NIST. AIE-IT. These are just six of the innumerable competing frameworks that have been developed in an attempt to manage the risk associated with Information Technologies.

Each of these frameworks has its own strengths and weaknesses, but none of them are applicable to all organizational levels of a typical governmental or commercial entity. In this presentation, Frederick Doyle reviews some of these common frameworks, compares their praxis and fidelity to risk theory, and assesses their relevance to the Executive, Strategic, Operational, and Tactical organizational levels.


Cybersecurity: Why We Can’t Get It Right

T. Casey  Fleming

  • The U.S. is losing the Cybersecurity battle - one-third of U.S. GDP every year
  • One-third of attacks are successful (only the breaches we are aware of)
  • $1 trillion industry 2017-2021 - Cybersecurity Ventures
  • Our adversaries have the upper hand and are winning - but why?
  • The “new” global competitive model changed long ago - we never caught on
  • What every organization must do immediately to survive


The Hole in your Data Security Strategy

Allan  Martin
In today’s marketplace, IT leaders spend a significant amount of time and money ensuring that their company’s data is secure. Even so, breaches are commonplace. In 2015 alone, the Identity Theft Resource Center reported that in the U.S. there were 781 large-scale data breaches.

The biggest reason? Access to data in non-production test environments. Test data is necessary to support application development, quality assurance, and other mission-critical activities. If this data is not secured internally and from external partners, it poses a huge security and compliance risk, not to mention significant costs.

In this discussion we will outline the essential steps that corporations should include within their overall security strategy to ensure all data; structured and unstructured, is protected.


Looking For A Job In a “0% Unemployment” Industry

Deidre  Diamond
With cyber security having a reported unemployment rate of zero percent, one might assume it’s easy to find a dream job in our industry. That’s not the case: job seekers face tremendous struggles navigating the interviewing and hiring processes, and companies struggle finding candidates with skills who also fit their budgets.

How does one attract, hire and retain cyber security talent? How can someone find a position they want to stay in for more than 18 months? What is really going on in the cyber security staffing space? CyberSN CEO and Founder Deidre Diamond will answer these questions and more.


Privacy, Compliance and Cyber-Liability - How One Influences the Other

Don  Cox
Jeanne Morain
Every week news media posts information about a hacked company or one experiencing a ransomware event. In 2015, Intellectual Property Theft increased by 53%!

Jeanne Morain and Don Cox will partner to discuss this complex topic and how it impacts businesses.

Laws and regulations have been legislated throughout the world to protect the privacy of citizen's personal identifiable information. Jeanne Morain will discuss Compliance (Security/Business/Regulatory), Export Approvals, HIPAA, NIAP, PCI, SOX, Privacy Shield (formerly Safe Harbor) and other regulatory requirements related to Privacy.

From a cyber liability point of view, what is your company's exposure? What impacts the determination of liability? Don Cox will discuss industry cyber related controls, employee / customer training, cyber protection solutions, and the cyber staffing.


Insider Threats and the Dark Web

Liam  Bowers
Providing an understanding of how malicious employees can use the dark web to sell and transfer sensitive corporate data and Intellectual Property.

This talk will offer an overview of terminology and concepts like Corporate Counterintelligence, dark web, insider threats, amount of intellectual property stolen each year, etc., and two vignettes on Insider Threat:

  1. Volunteer Insider Threat – describing the case of a disgruntled employee selling Intellectual Property on one of the Dark Web forums dedicated to such trade. I will discuss the type of IP stolen, the approximate value to the company and how the theft was discovered. I will also provide recommendations to prevent, deter, and identify potential malicious employees.
  2. Recruited Insider Threat – this will detail the case of an insider threat who was recruited from someone outside the company to provide sensitive data. This type of interaction often uses Peer-to-Peer communication platforms which can make the communications and data transfer difficult to trace. I will describe the scenario and offer recommendations to identify external recruitment of employees, explain how P2P communications can be monitored and highlight the importance of restricting access to sensitive data within a corporate network.


Privacy in the Internet of Things: Protection Today & Expectations for the Future

Jessica  Groopman
The world is growing ever more connected, but as this trend expands from our laptops and smartphones to our stores, cars, homes, even bodies, businesses will not be able to use existing templates for addressing (or not addressing) privacy.

As customer data becomes your core asset, what do your customers expect from you? What does this mean for companies leveraging sensors and connected products?

This talk explores implications for privacy that impact both consumers and businesses in the Internet of Things. In this presentation, you will learn:

  • Drivers and differentiators for why the Internet of Things transforms traditional notions of privacy
  • Risks, rewards, challenges, and opportunities for addressing privacy head-on


Role of Vulnerability Assessments and Penetration Testing in Today's Cybersecurity Environment

Mary  Siero
Vulnerability management, and a key component of any good vulnerability management - penetration testing, makes up the foundation of an effective cybersecurity program. They are also one of the most mis-understood elements of these programs. Mary Siero discusses why running a vulnerability scan and conducting penetration testing are not by themselves, enough for a comprehensive and meaningful vulnerability management program.


"Legally Strengthening" Your Company For the Eventual Cybercrime Attacks

Jack  Russo
This talk will examine the emerging and growing body of Federal and State laws protective of corporate assets subject to cyberattack. The sources of such laws are many, from intellectual property to tort to privacy laws. Given the newness and complexity of the known and foreseeable threats, attention will be paid to the application of new federal statutes and new case interpretations and how to position to best take advantage of both.


Hacking Hospitals

Ted  Harrington
In this session, we present findings from a long term security research study in healthcare, in which we discovered that adversaries can deploy cyber-attacks that result in harm or fatality to patients. Over the course of 24 months, we investigated 12 hospitals, 2 healthcare data facilities, 2 medical devices and host of supporting applications and technologies. Our focus was to (a) determine the feasibility of attacks against patient health, (b) determine the contextual is- sues from both technical and business perspectives, and (c) articulate the solution.

We discovered that the healthcare industry is pursuing the wrong security mission, with an almost exclusive focus on protecting patient data, yet almost no consideration of protecting patient health. We identified a number of security vulnerabilities which, if exploited, would result in patient harm or fatality. We also identified a very wide range of business and industry shortcomings, which lead to the introduction of such security vulnerabilities. Notably, we also published a blueprint, which is an actionable, step-by-step guide to help a healthcare organization of any size migrate to a more robust defense posture.

The presentation will resonate with the audience by exploring issues from their perspective (i.e., that of healthcare business executives and IT managers responsible for protecting digital assets, including patient health and patient records). The content of this talk is calibrated to a high level, intended to be easily digested by an executive audience.

This session provides a high level analysis of what we did, what we discovered, and what we recommend. The source study data can be found here: https://www.securityevaluators.com/hospitalhack/


Operational – Threat Driven Security Program

Mischel  Kwon
Unfortunately, many security programs today are driven by compliance. Monitoring is a rote process driven by unknown vendor content and success is an increase in malware detection. This talk will discuss how a program driven by threat intelligence, an understanding of both what is detected and the health and well-being of the network, can drive both a stronger defensive posture and inform a compliance program. Using a data driven approach we will show the discuss how to detect, remediate and report on a system where metrics are less about the number of malware incidents detected and more about time to remediate.


The Matrix as metaphor for Security Frameworks

Bruce  Bonsall
The universe of cyber security is vast, and ever expanding. Every dimension, every plane, and every vector is in play. Tracking all the relevant objects, the millions of pertinent bits of security information cannot possibly be collected and analyzed in any meaningful way without automation. The management of cyber security controls is a herculean journey requiring persistence, deep insight and infinite diligence. It requires machines … and it requires a Matrix, a governance matrix… a framework that enables an organized approach to maintaining control.

This session will explore the governance of security controls with an emphasis on leveraging frameworks and employing disciplined methodology to free organizations from the overwhelming chaos of controls required to protect the typical information age enterprise.


SPEAKERS

Bruce Bonsall

Known for both his forward thinking and practical approach to risk management, Bruce Bonsall has been a leader in the information security field for nearly 30 years. Bonsall is an independent security consultant and member of the IANS Research Executive Faculty advising clients on their strategic security needs. He has assessed the information security postures and coached the CISOs for well over a hundred organizations and across most industries. His extensive experience and astute insights have helped to kick-start fledgling security programs and helped tune up mature programs as well.

Prior to forming his consulting practice, Bonsall served as the CISO at MassMutual where he led a high-performance team responsible for all aspects of information risk management. A Certified Information Systems Security Professional (CISSP) since 1997, Bruce has been a winner of the National Information Security Executive of the Year Award and his security team won the Information Week 500 #1 ranking in Information Security for Innovation as well as the TechForum #1 ranking for Security Best Practices. He has been named by Security Magazine as one of the top 25 most influential people in the security industry.

Bonsall earned his Bachelor of Science degree from the New York Institute of Technology

Liam Bowers

Liam Bowers is the Founder and CEO of Bluestone Analytics, LLC. Liam comes from a background in U.S. Army Special Operations where he specialized in counterintelligence and security program implementation and management. Liam also has experience as a security and management consultant with Booz Allen Hamilton where he worked in the U.S. Intelligence Community. Liam is passionate about preventing corporate espionage, mitigating insider threats, and improving the cybersecurity of SMBs. Bluestone Analytics is based in Charlottesville, VA where Liam lives with his wife and two dogs.

Don Cox

Donald Cox has over 30 years of security technology, cyber investigation and cyber security related experience. He has served as the Chief Information Officer and Deputy architecting, managing and securing geographically dispersed technology systems in the defense, energy, international affairs, public safety, and pharmaceutical industries.

Don has managed the creation of governance and policy for enterprise networks that handle highly sensitive data, served as a member of the United States Secret Service Electronic Crimes Task Force, developed and managed the Security - Network Operations capabilities for the Department of Energy, enhanced the Intelligence Fusion system and Decision Support Systems used by the Department of Homeland Security and served on a special cyber-security Board enacted by the United States Congress.

Don holds a Master's Degree with a focus on the Management of Information Technology, a Master's in Business Administration with a concentration on Information Technology; Chief Information Officer Certification, and numerous security and forensics industry related certifications.

Deidre Diamond

Deidre Diamond is Founder/CEO of national cyber security staffing company CyberSN (cybersn.com) and the Founder of #brainbabe (brainbabe.org.) Deidre was previously the CEO of Percussion Software, the first VP of Sales at Rapid7 (NYSE:RPD) and the VP of Sales at Motion Recruitment.

Fred Doyle

Frederick Doyle, CISSP is the President and CEO of CubicPrism Enterprises, Inc. (CPE) and has been at the leading edge of Information Technology and Cyber Security since 1984.

Fred specializes in Four-Fidelity-Level Risk Management, Optimization Consulting, Pareto Facilitated Problem Solving, Product Architecture and Management, Rapid Application Development and Process Development.

Before leveraging his insights and talents for CPE and its clients, he was Director of Technical Intelligence at iSIGHT Partners, a leading cyber-Intelligence provider recently acquired by FireEye, where he was a significant contributor to the iSIGHT risk management system (iRIS), the product management team (ThreatScape App for Splunk), and ThreatScape Enterprise Team ("From the Labs" thought pieces).

Phil Ferraro

Phil Ferraro is the Global Chief Information Security Officer for Nielsen. As the Global CISO, he is responsible for developing, implementing and monitoring a strategic, comprehensive global enterprise Cyber Security and Risk Management Program to ensure the confidentiality, integrity, and availability of information owned, controlled or processed by the organization.

Phil is also the author of the best-selling cyber-security book entitled, "Cyber Security: Everything an Executive Needs to Know"

Ferraro previously served as an advisor to C-suite executives and board-level directors. He provided extensive and demonstrated knowledge on Cyber Security risk management, and developed and implemented world-class Cyber Security programs designed to protect and defend against the world's most sophisticated attackers.

Phil has also served as the Global CISO for multiple Fortune 500 organizations. Ferraro served the U.S. Federal Government for 30 years including positions as the CISO for the Federal Communications Commission, and in similar roles with the Department of Defense for the U.S. Army, Europe and the U.S. Southern Command in Miami.

Phil retired from the U.S. Army in 1995 following a distinguished career in the U.S. Army Special Forces. Throughout his Special Operations career he served numerous overseas tours in Southeast Asia, Central and South America, and Southwest Asia.

Ferraro holds a Master's Degree in Information Technology from City University of Seattle.

T. Casey Fleming

T. Casey Fleming serves as Chairman and Chief Executive Officer of BLACKOPS Partners Corporation, the leading intelligence, think tank, strategy, and cybersecurity advisors to senior leadership of the world’s largest organizations in all sectors. Mr. Fleming is widely recognized as the top thought-leader, leading expert, and speaker on intelligence, strategy, national security, asymmetrical hybrid warfare, and cybersecurity. The Cybersecurity Excellence Awards recently named him Cybersecurity Professional of the Year. Mr. Fleming led organizations for IBM Corporation, Deloitte Consulting, and Good Technology. He served as the founding managing director of IBM’s highly successful Cyber division. Mr. Fleming earned his Bachelor of Science degree from Texas A&M University and has participated in executive programs with Harvard Business School and The Wharton School.

BLACKOPS Partners
Website: www.blackopspartners.com
Email: contact@blackopspartners.com

Jessica Groopman

Jessica Groopman is an independent analyst and IoT advisor specializing in consumer-side Internet of Things.

Jessica Groopman's research and analyst practice concentrates on the application of sensors and smart systems in B2C and B2B2C businesses, with an emphasis on use case design, automated service, Blockchain, and privacy.

Jessica is a regular speaker, moderator, and panelist at IoT industry events. She is also a frequent contributor to numerous 3rd party blogs and news/media outlets.

Jessica is also a principal analyst with Tractica Research, contributing member of the International IoT Council, the IEEE's Internet of Things Group, IoT Gurus, and FC Business Intelligence's IoT Nexus Advisory Board. Jessica was also included in Onalytica's list of the 100 Most Influential Thought Leaders in IoT.

She has served as research director and principal analyst with Harbor Research, Altimeter Group, and Focus Research, and has extensive experience advising clients on developing research-informed customer-facing strategies in the face of technological disruption.

Based in the San Francisco Bay Area, she works with both research firms as a contract analyst and supports clients across Retail, Smart Home, Wearable, and Tech verticals.

Ted Harrington

Ted Harrington drives thought leadership initiatives for Independent Security Evaluators, the elite organization of security researchers and consultants widely known for being the first company to hack the iPhone.

Mr. Harrington was recently named Executive of the Year by the American Business Awards, an international body that receives thousands of nominations from around the world. He has also been named 40 Under 40, where he was both one of the youngest inductees in the class as well as the only honoree from the field of information security. He is one of the organizers of popular hacking concept IoT Village, as well as one of the organizers of SOHOpelessly Broken, the first ever router hacking contest at esteemed security conference DEF CON.

Mr. Harrington holds several special appointments, including to the California Governor’s Cyber Security Task Force, University of Southern California, and several others. He holds a bachelor’s degree from Georgetown University.

Mischel Kwon

Mischel Kwon is a recognized IT security leader with 35 years of experience in technical security operations, incident response and information assurance as well as building and managing organizational and national level SOC, CERT and IR Teams. Kwon currently serves as the President and CEO of MKACyber, a security consulting firm specializing in Technical Defensive Security, Security Operations and Information Assurance.

Kwon has held senior roles in the U.S. Government, including Director of US-CERT where she coordinated national-level IRactivities and at the U.S. Department of Justice where she established and managed the Justice Security Operations Center (JSOC).

Kwon holds an M.S. degree in computer science and a graduate certificate in Computer Security and Information Assurance.

Allan Martin

Allan Martin, CTO of ABMartin LLC, is an expert in data privacy and security. Over 20 years’ experience working with IBM architecting and delivering successful data privacy and test data management solutions within several Fortune 500 organizations.

A long time member of INCOSE (International Council Of System Engineers), Allan has helped to establish competitive, scalable and professional standards in the practice of systems engineering. He has provided vision and leadership for key technologies, including database management systems, grid computing, data privacy and encryption processes.

During the 90's Allan joined IBM to lead a team in developing software and solutions to manage heterogeneous environments by combining disparate sources like DB2, Oracle, XML, flat files into a single virtual view. Allan has successfully designed and implemented archiving and decommissioning strategies for numerous fortune 100 companies, including IBM.

In 2009 Allan formed a SWAT team in consulting for government and commercial companies, leveraging skills in database design and access, developed processes for Data Privacy/Obfuscation across federated environments establishing a practice to protect companies’ classified sensitive data.

Jeanne Morain

Jeanne Morain, is a leading security industry catalyst in digital transformation, author, workshop leader, strategist, development operations, product management and compliance expert and well-known private/public/hybrid cloud security consultant. She has conducted research in the cognitive impact on technology to meta-cognition, has presented at DevOps Summit, Velocity, IAITAM, various other events and hosts a monthly webcast around Cloud, DevOps, and Digital Enterprise.

Jeanne is a best-selling author on cloud computing, configuration management and security, is a serial entrepreneur with 2 decades of product portfolio leadership experience specializing in convergence and emerging technologies, and has successfully launched products leading to IPO or acquisition from Centigram/Mitel, Selectica (IPO), Marimba/BMC, Thinstall/VMware.

Jack Russo

Jack Russo is the Managing Partner of Computerlaw Group LLP (www.computerlaw.com), a Silicon Valley firm specializing in the emerging law of the Internet on a nationwide and global basis. Jack teaches cyberlaw courses both nationally and internationally and his talk will cover steps that should be considered for added protection for e-commerce and other Internet-based businesses.

Mary Siero

Mary Siero, CISSP, CRISC,CISM, is the President of Innovative IT and former CIO and CISO in Healthcare, Government, Gaming and Hospitality, Consumer Products, Manufacturing and Education, is a sought after speaker and recipient of the CISO of the Year Award and an Advisory Board member for the University of Nevada at Las Vegas Cybersecurity Education Committee.