Houston Security Conference Presentations

Speaker Name Bio Session Title Abstract
Josh Burgess Josh Burgess has more than a decade of cyber threat analysis and mitigation experience serving in multiple positions including in the intelligence community, the Department of Defense, as well as the financial sector. In a majority of his roles he has served as the technical lead Threat Intelligence Officer for a large SOC to advise them of the latest threats and ensure a sound security posture. His main role in his current position at CrowdStrike is to support customers by applying his experience in actioning both short-term tactical as well as long-term strategic intelligence data and reporting. Predicting Instead of Stopping the Attack While cyber incidents and compromises are now regularly making headline news, organizations are more often than not behind the curve and only responding and not predicting the next attack. If the attacker is always ahead of the target, then how can you ever be in a winning position? Employing research and intelligence resources to better understand who the attacker is and how they operate will allow organizations to better understand their risk. The goal of this presentation is to understand the importance of knowing not just the specific attack but a larger perspective on the attacker performing it and the relativity to your own organization.
John Cook John Cook is an applied mathematician working in data privacy. He completed a PhD at University of Texas and was an assistant professor at Vanderbilt University. He worked in biostatistics at MD Anderson Cancer Center for over a decade before starting his own consultancy. Identifying people in supposedly deidentified data It can be surprisingly easy to identify individuals in a data set even after the obvious identifiers have been removed. We will begin by presenting several examples where organizations have been caught by surprise. Then we will discuss methods for protecting individual privacy while retaining the usefulness of data.
Keli Hay After almost 20 years in information technology and living a sedentary lifestyle, I decided that it was time for a change. I was tired of being tired. My weight was impacting my life in several ways. As a certified personal trainer, I am applying my business skills as a certified technical trainer and instructional designer, to the fitness industry. My continued journey of following a program that includes nutrition, supplementation, working out, and coaching while working alongside my own personal trainer has helped me become a trainer who has lived the life. Working for a Living In this talk, Keli will share her journey to a healthier lifestyle which saw her lose over 100 pounds while working in tech. During the 11 month weight loss, she dealt with daily workload changes, weekly product releases, conference travel, and long work days. Having kept the weight off for two years, Keli will also share tips and tricks that anyone in tech can use in their daily routine for a more active and happier lifestyle. Similar to planning a network security strategy, but for less money and an actual decrease in stress, you can plan and implement changes for a healthier life. The results include time for you – and optionally your family, better sleep, and a sense of accomplishment.
Ernie Martinez Ernie Martinez is the Cloud Services Practice Manager with Set Solutions, Inc., a Houston-based cybersecurity integrator and value-added reseller. With over 15 years of experience in Information Technology, Ernie has an extensive background in ASIC design, high performance computing, automation, audit, and risk assessments.  Ernie has held numerous positions over the course of his career at Raytheon, Army Research Laboratory, Rackspace, and Set Solutions. For the past several years, he has specialized in delivering cybersecurity solutions for SMB, Midmarket, and Enterprises across many verticals.  Ernie holds his MS in Computer Engineering and his BS in Electrical and Computer Engineering from the University of Texas at El Paso. He currently holds technology certifications across many IT disciplines.  Ernie holds his MS in Computer Engineering and his BS in Electrical Engineering from the University of Texas at El Paso. He holds CISSP, CISA, and CISM certifications. Canary Modeling: Validating your Security Tools in the Cloud With organizations adopting digital transformation and multi-cloud strategies, risk profiles must be created for each of the Cloud Service Providers (“CSP”). Two methods manifest for CSP protection; adopt the native capabilities or utilize third-party tools to provide visibility across all platforms through a single pane of glass. This is where Cloud Defense Platforms (“CDP”) become part of the security strategy for maintaining operational effectiveness and provide a mechanism to report on risk profiles. This presentation covers the consulting firm’s perspective on CDPs and how to validate their effectiveness as the CSPs continuously update their APIs. The presentation aims to provide the audience with technical guidance on canary modeling and poses the question, “Who watches the watchmen?” The Presenters will address: 1) CDP utilization in a multi-cloud strategy; 2) Building a security ecosystem for remediation driven by telemetry from the CDP; and 3) Validating CDP service delivery in alignment with the CSP changes. Technical guidance is aimed toward the security professional, practitioner, security architect, and SOC analyst and draws upon the consulting firm’s experiences deploying RedLock.,Canary modeling for validation eliminates any false sense of security and provides situational awareness due to changes in CSPs APIs. The Watchmen need to be tested to validate the rules and alerting polices created at the CDP.
Spencer Koch Spencer Koch is an offensive security professional with extensive experience in both consulting and industry, having served as the former North American CISO at a large energy company. His passion lies in AppSec/pentesting, and he s interested in improving the security status-quo while making security less painful for developers/sys-admins/users. He leads large-scale security transformation programs, successfully implementing realistic hardening initiatives, transforming AppSec from  print to PDF  SAST/DAST report generation to  developers come to talk to us for advice,  figuring out what s  good enough  for security to throw  all the things  into the cloud, and automating the heck out of anything possible because who has time? Husband and father of two boy littles, based out of Houston currently, hailing originally from Dallas, and educated in Illinois. Offensive Security Transformation – Starting from Scratch Learn, first-hand, the  common challenges and best practices for implementing a transformative offensive security program within a large enterprise. Understand the key components and  œdos and don ts  required for a successful security program – including hardening, AppSec, how to address application vulnerabilities earlier in the SDLC, DevSecOps, security champions/guild, red teaming, and infrastructure vulnerability management.  Bonus discussion on the impact of the  cloud migration  trend and the impact it has on offensive security programs, as well as how to use it to your advantage.  From risk identification, design & architecture, and development, to testing and deployment best practices, you will gain an understanding of:  –       How to frame the transformation and gain buy-in  –       Who in the organization needs to be involved –       What changes can be expected across the application & information lifecycle –       What changes are required for your infrastructure –       What mentality changes are necessary for security, sysadmins & developers in the organization –       What are commonly required changes to daily operating procedures –       Where automation can be easily implemented
Dan Cornell A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As Chief Technology Officer and Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.   Cornell is an active member of the development community and a sought-after speaker on topics of web application security, speaking at international conferences including RSA Security Conference, OWASP AppSec USA and EU, TEDx, and Black Hat Arsenal. He holds three US patents in the area of application security. Enumerating Enterprise Attack Surface Many organizations have only a passing understanding of the scope of their application portfolios and how these assets are exposed to the Internet and other potentially dangerous networks. This puts them in a risky situation where they have attack surface that is unknown and unmanaged, often resulting in serious vulnerabilities being exposed indefinitely. This presentation looks at several tools and methods that can be used to enumerate enterprise application assets  “ including web applications, mobile applications, and web services. The discussion covers several open source application asset identification tools and compares their effectiveness. Finally, a framework for ongoing application asset discovery and enumeration is presented so that security managers can embark on a structured program to characterize their risk exposure due to their enterprise attack surface.
James Dietle James is a computer enthusiast who started off slinging CAT5, coax and silver satin in exchange for ice cream at the age of eight. As a naval officer in the intelligence community, he worked with NSA across the world and has over 13 years of Information Technology management experience. More recently he has been burning out GPUs, stopping criminals, and spreading comradery through cheap pcb. Building the badge- How you can make small, cheap and custom hardware for function or fashion. Drawn to increase in neck bling that people wear around looking like futuristic disco balls? Curious about the rise of IoT and how you can start making your hardware for tests?  Want to make your own blinking monstrosity that can scare the cat and blind your neighbors. Badgelife offers the ability to make all these oddly specific dreams come true. This talk will cover an overview of how you can get your board designed, printed and distributed for your next event without going broke in the process.
Phillip Wylie Phillip Wylie is a Principal Information Security Engineer on the Penetration Testing Team for a top 10 bank in the U.S., Adjunct Instructor of Ethical Hacking and System Defense at Richland College in Dallas, Texas, Bugcrowd Ambassador and founder of The Pwn School Project a not for profit educational meetup specializing in ethical hacking. Phillip has worked in IT and cybersecurity for over 21 years has worked as a pentester for the past 7 years. His first 5 years were spent as a consultant performing pentests for Fortune 100 Companies across various industries including financial, retail, transportation, energy, healthcare, technology, manufacturing and government. Phillip holds the following certifications; CISSP, OSCP, GWAPT. The Pentester Blueprint: A Guide to Becoming a Pentester Pentesting or ethical hacking as it is more commonly known has become a much sought-after job by people in IT, InfoSec, or those just trying to get into the industry. In this presentation Phillip Wylie shares the blueprint for becoming a pentester. The presentation combines Phillip s experience as a pentester and ethical hacking instructor to give attendees a guide to how to pursue a career as a pentester. Phillip shares what has worked for his students and people that he has mentored over his years as a pentester. This presentation covers the knowledge and skills needed to become a pentester as well as the steps to achieve them.
Asif Awan As Chief Technology Officer for Container Security at Qualys, Asif is responsible for the overall vision, strategy and roadmap of the container security offerings. He came into Qualys through the acquisition of Layered Insight. He was the Founder & CTO of Layered Insight and led the product vision and strategy. He is a passionate cybersecurity entrepreneur with a broad business and technology expertise that spans enterprise, healthcare and financial domains, and cloud, mobile and deep learning technologies.Asif is a pioneer in the Mobile Application Management space. Back in 2011, he identified a serious gap in the enterprise solutions being offered for BYOD, envisioned an innovative user-space virtualization solution, and founded Plursona to build that solution and realize the business vision. Asif has held various technology and business leadership positions at HPE (Aruba Networks), Motorola Mobility, Wells Fargo, Juniper Networks and Boston Scientific (Guidant). Asif has a master s degree in Artificial Intelligence and a bachelor s in Computer Science. Containers to Functions and Beyond: A New Approach to Visibility and Protection The original promise of Cloud was that the customers didn t have to worry about managing their infrastructure. Fast forward 15 years and cloud customers are still managing their infrastructure, and there are new layers, such as Container-as-a-Service, to worry about. Containers have finally brought about a computing model that allows the infrastructure to be very slim and treated as immutable. Functions take that paradigm to the next level, by making the infrastructure a complete second thought. Cloud service providers are now offering Serverless solutions — thereby realizing the original promise of cloud and allowing business innovations to be solely focused on the application layer. In such a new reality of building and deploying business applications, where should the visibility and protection controls go? This talk proposes and evaluates an approach for this new paradigm.
John Dickson John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd. He has nearly 20 years hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors.    Dickson is a popular speaker on security at industry venues including the RSA Security Conference, the SANS Institute, the Open Web Application Security Project (OWASP) and at other international security conferences. He is a sought-after security expert and regularly contributes to Dark Reading and other security publications. A Distinguished Fellow of the International Systems Security Association, he has been a Certified Information Systems Security Professional (CISSP) since 1998.  As a Denim Group Principal, he helps executives and Chief Security Officers (CSO s) of Fortune 500 companies and government organizations launch and expand their critical application security initiatives. AppSec in a World of Digital Transformation The mandate for digital transformation is forcing companies to innovate faster in order to provide more value to customers and bring products and services to the market more quickly.  Technological innovations such as the cloud, microservice architectures, and CI/CD pipelines are being adopted to support the increased pace of development and more easily address scaling requirements. This upheaval presents both risks and opportunities for security leaders. The successful leaders view this transition as a clean-slate opportunity to  œget security right  and will restructure their teams and technologies to deeply-embed security throughout the new tech stack. This session will cover emerging strategies that security leaders are using to ensure they keep up with this massive industry change.
Fred D Avila Bringing more than 16 years experience in the information & telecommunications industry to his role, Fred oversees the development of cyber security products and solutions at RevelSec. With an extensive technical and business background, Fred is active in the IT community throughout the Americas and also serves on the Boards of Directors for various technology advisories and helped co-found RevelSec in 2017 How can protect your users when they are compromised? The weakest link? The browser. Browsers are often the weakest link in application security. Attackers try to compromise users via common phishing attacks embedded in email messages or social media posts. Clicking on malicious links enables attackers to embed malware on the target machine. That malware can be used to enlist the infected machine in a botnet army, to execute an attack. More commonly, the malware takes the form of a Remote Access Trojan (RAT), keylogger, or some other method of data gathering. These methods let the attacker harvest sensitive data such as username & password credentials, contact lists, and other information with potential value on the black market.
A. Page Glave Page Glave is currently a data security analyst with Klein Independent School District. She had 10+ years  experience with analytics and project management in academia before making the transition to infosec. Page is particularly interested in security related to education, healthcare, and industrial control systems, and she enjoys both offensive and defensive aspects of cybersecurity. Page is passionate about infosec and learning and is constantly working to improve her skills. 0 to Splunk in 60 Days – Security Edition Learning new tools is an absolute must for security professionals. However, this can be difficult for students and people shifting into cybersecurity who do not have access to an enterprise environment. Splunk is an incredibly popular SIEM that provides an excellent platform for hands-on learning. The purpose of this presentation is twofold – 1) provide a program for someone to become reasonably proficient in Splunk in 60 days and 2) provide a framework that can be used to learn any new tool or topic. The focus will be on learning Splunk in the context of cybersecurity, including an overview of the free tools and apps available.
Andrew Hay Andrew Hay is a veteran cyber security industry startup Founder, COO, CTO, CISO, industry analyst, security strategist, and international public speaker with more than 20 years of experience related to endpoint, network, and security management technologies. As the Co-Founder, CTO, and COO for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.  Andrew has served in various roles and responsibilities at several companies including DataGravity, OpenDNS (a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).  Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine. Make Your Organization 10% More Secure What if I told you that approaching security with compassion and mindfulness could help you increase the efficacy of your organization s information security program by 10%? In addition to increasing the security of your organization, what if I also told you that a different approach to communicating security needs could make you, and your coworkers, happier at your respective jobs and personal lives? Brain scans show that acts of kindness register more like eating chocolate than, say, fulfilling an obligation. The same pleasure centers light up when we receive a gift as when we donate to charity. Neuroscientists refer to this as  œthe warm glow  effect.  No, this isn t a Tony Robbins or Deepak Chopra life coaching session but rather a talk about how you can wield scientific evidence to entice people to care about something important. This session will explore the benefits of approaching organizational cybersecurity through mindfulness, compassion, and neuroscience versus our traditional heavy-handed methods. Perhaps we can harness this  œwarm glow  effect to collaboratively make our organizations increasingly more secure.  Attendees will learn how to achieve results without blindly forcing adherence to the rule of law, caring about security until it s no longer useful or productive, and how to live your life without agonizing over the results.
Jason Nations Jason Nations is Senior Manager of Enterprise Security at OGE Energy Corp the parent company of OG&E, an investor owned utility headquartered in Oklahoma City, Oklahoma. He has extensive experience across multiple industries including energy, government and healthcare. In his current role he oversees all cybersecurity efforts including both OT and IT. Jason started his utility career as part of OG&E’s award-winning Smart Grid deployment. He has a BA and MS from Baylor University as well as several industry certifications. Keep in mind: “What was the problem” “What was done”, and “What business value resulted, quantified in economic terms as much as possible. OG&E is an investor owned electric utility serving over 750,000 customers in Oklahoma and Arkansas. OGE was looking for visibility into our operating environment across multiple generation, transmission and distribution stations for real-time asset inventory and detection of threat behaviors. After evaluating other IT/SIEM tools that were not feasible – too many false positives or need to deploy agents, OGE chose to deploy the Dragos platform to augment the efficiency and efficacy of our team. The passive network approach maintained the integrity of product warranties from different vendors, and the codified knowledge instilled within the Dragos product quickly enabled our Security Operations team to be more effective at asset identification and threat detection. We will share our experience of selecting and deploying an ICS cybersecurity solution as an electric utility and offer tips for others looking to evaluate different offerings.
Chris Humphreys Chris Humphreys currently serves at the CEO and founder of The Anfield Group,  an Austin TX-based Cybersecurity and Regulatory Compliance Consulting firm. Chris  is an internationally recognized thought leader and evangelist in the industry verticals of Cybersecurity, Critical Infrastructure Protection (CIP), Intelligence Operations, and Regulatory Compliance. With over 18 years of experience, Chris has written National-Level policy on cybersecurity and Critical Infrastructure Protection as well as been solely responsible for the enforcement and implementation of cybersecurity regulation for Electric Utilities within the Texas Region and across North America. Compliance Considerations for Cloud Migrations and how to bridge the gap. One of the key initiatives in the ICS space right now is the migration to the Cloud. With these migrations, maintaining Regulatory obligations continues to be a great hinderance for ICS environments- especially the small/medium ICS end users. Regulatory models such as NERC/FERC aren’t conducive to sustaining emergent technologies and take too long to modify/update regulatory standards so that they can be adopted without being violated.
Steven Romero A native Houstonian and proud Texan by birth, Steven s cultural and technical roots are naturally and irreversibly intertwined within the oil and gas industry. His range of operations, engineering, and major capital project experience spans multiple sectors within this very diverse energy vertical.   Professionally, Steven s 22-year career inside engineering offices, operations centers, control rooms, refineries, chemical plants, shipyards, ports, as well as onshore and offshore oil and gas production facilities around the world provide him with a unique perspective concerning society s fundamental dependency upon resilient critical infrastructure. This insight gives Steven a deep appreciation and love for the culture that defines oil and gas and a thorough understanding of the stringent requirements by which organizations must adhere to ensure safe, reliable, and secure operations under very unforgiving and harsh environmental conditions.  Steven blends information security risk management, industrial control systems (ICS) engineering, safety instrumented systems (SIS) engineering, SCADA infrastructure engineering, maritime navigation and communications facilities installation, terrestrial and wireless telephony design, and management of core IT infrastructure services for the largest oil and gas organizations in the world into an interesting package focused on safety, security and resiliency. Building Resilient SCADA Network Infrastructure Conventional security discussions are often overtly focused on keeping out bad guys or detecting and responding to them once they get in. We IT engineers are often guilty of excluding sound facilities design engineering practice and ignoring provisions required to support SCADA communications up when much more frequent physical and environmental incidents occur. This discussion will focus on high-level lessons-learned as part of the design-integration-build process for SCADA communications infrastructure in the Permian Basin.
Tom Van Norman Tom is the Co-Founder of the ICS Village at night at the Director of Engineering Services at Dragos during the day. The ICS Village is a non-profit educational organization that equips industry and policymakers to better defend industrial equipment through experiential awareness, education, and training. Tom has an extensive back ground in industrial controls and enjoys getting into the field and making things work. Tom has held various roles all focused on the operation, engineering and security of Industrial Control Systems. Tom started his career in the U.S. Air Force eventually retiring with a total of 24 years between Active Duty, Reserves and Air Guard. Tom is also consults with SANS on the construction and operation of OT Cyber Ranges. Securing OT environments Operators of OT environments have a wide range of products available today that to ensure their networks are safe and secure. Do operators really need the latest and greatest or even an industrial version of a product? This talk will review the pros and cons of technology available for OT environments.
Bryson Bort Bryson Bort is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute Fellow. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, Bryson was a tank commander and led a tactical communications platoon. He served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. The I/IOT Threat Landscape Exploitation is a given. Unwanted parties will gain access eventually whether it is through technical, physical, or social means. The only other certainty is they will continue to come up with new ways to innovate. They have to blend in to succeed so how do they balance those two competing influences? More than just the inconvenience of taking over simple I/IOT or the creepiness of your home webcam. We will begin by analyzing the attacks that have happened and how they worked. Then, we will build our own. I will walk through how an attacker doesn’t just attack you, but can easily build a mass attack campaign to take over thousands of devices. Once they do, I show how instead of that inconvenience, they can move laterally to points of interest. The example will be a residential setup, which parallels an industrial environment, to steal interesting things like embarrassing photos, social security numbers, bank account information, intellectual property, and tax returns for profit. If you cannot keep them out, what can you do?
Cecil Pineda Cecil Pineda is currently the Chief Information Security Officer (CISO) and Managing Director at Cyber Watch Systems – one of the fastest growing companies in North Texas. He is also the Vice CISO for a healthcare company based in Dallas.  Mr. Pineda previously served as the CISO of Dallas-Fort Work (DFW) International Airport.He has also held various cyber security and data privacy roles in the last 18 years with E&Y, CVS Health, TXU Energy, and GameStop. Additionally, he has developed various programs, toolsets, and frameworks.   Mr. Pineda also serves as a Member on Advisory Board for various organizations and educational institutions. Is your Cyber Security Program Working? This will cover: 1. Sample security programs we ve seen out there 2. What works and what doesn t 3. How to start from scratch 4. Case study – how this company went from zero to hero)  Zero to Hero for CISOs
Gary Leibowitz Gary Leibowitz is a technology executive with extensive and diversified international experience in helping global companies find solutions to their cybersecurity needs. Currently, Gary is Director, Americas at Claroty.  Previously Gary has held senior roles as GM at Panda Security, VP of Americas Marketing and VP of EMEA Channels and Alliances at BMC Software. Gary is a board member of the Houston InfraGard Chapter, focused on securing critical infrastructure. Co-presenting with Cecil Pineda Co-presenting with Cecil Pineda
Josh Sokol Josh Sokol, CISSP, graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies, including AMD and BearingPoint, spent some time as a military contractor, and is currently employed as the Information Security Program Owner at National Instruments. In his current role, Sokol manages all compliance, security architecture, risk management, and vulnerability management activities for NI. Sokol created the free and open source risk management tool named SimpleRisk, has spoken on dozens of security topics including the much-hyped  œHTTPSCan Byte Me  talk at Black Hat 2010, and recently completed a four year term serving on the OWASP Global Board of Directors. Conducting Table Top Exercises to Get Your Team Battle Ready For this session, we will be conducting a live Security Table Top Exercise (TTX).  We will talk about some free resources that you can use to make your own and give guidance on how they work and can be used for process improvements.  Cyber Incident Response Test For those of you who are unfamiliar with the term, a Table Top Exercise is a small but inclusive exercise that occurs as part of a the Cyber Security Organization s attempt to be better prepared to potential cyber related incidents.  The TTX serves as a means to exercise preparedness, validate plans, test operational capabilities, maintain leadership effectiveness and examine the ways we work with the larger community outside of our company to prevent, protect from, respond to, recover from, and mitigate cyber related incidents.   Larger Focus Cyber incidents are no longer,  œJust an IT problem.  With more and more companies under attack by hacktivists, organized criminals and nation state militaries, incidents are routinely making front page news and will require many different organizations both internal and external to the company to respond- much like you wouldn t ask the communications team to build out a defense-in-depth security program, the IT Security organization shouldn t be interfacing directly with the media. Additionally, many branches of law enforcement have enhanced their capabilities to better assist organizations of all sizes respond to incidents. By including them, and others, in the exercise and/or identifying areas where there may be touch-points, we can be better prepared to reach out and enlist their help in the event an incident occurs.  Cyber Incident Scenario The scenario focuses on the company s ability to coordinate and implement prevention, preparedness, response and recovery plans and capabilities pertaining to a significant cyber event or a series of events. In addition, the process examines response plans and procedures, including the Cyber Incident Response Plan, any response frameworks and more.
Liz Tesch I m an Azure cloud security specialist with almost 2 decades of IT management and consulting experience in the Houston area. I enjoy assisting enterprise clients who need both high-level security strategy and deep technical expertise. I m a CISSP, as well as being certified in both Azure and AWS. Splunking Azure – Getting (Your Data) There is Half the Fun This demo-heavy session will explore processes and architecture for getting O365 and Azure logs to on-premises SIEMs like Splunk, ArcSight and QRadar. We ll discuss the types of data you can get and the analysis you can do with the data once you ve got it.   Outline:  ¢\tLog sources (Azure Monitor, Azure AD, Identity Protection, Azure VM s, etc.)  ¢\tLog integration methods (Azure Blob and Table Storage, Event Hubs, API s)  ¢\tTypes of events and alerts that can be generated from each source  (audit logs, sign-in logs, resource logs, VM diagnostic logs, etc.)  ¢\tSecurity events and alerts that can be queried from this data  Demos   ¢\tSet Azure AD Sign-in and Audit Logs to go to an Event Hub and an Azure Blob Storage Account  ¢\tSet Up 2 types of Azure-to-Splunk connectors – the Azure Monitor Connector from Microsoft and the Splunkbase Connector for Azure Cloud Services. Examine data being pulled in by each.
Charlie Bollom Charlie Bollom has a diverse technology background and is a technologist who enjoys coaching and working with his team to overachieve. He leads by example, collaborates with other leadership to drive process improvement, and has acquired the tools in his background to lead a technical sales organization due to his strategic nature. INTEGRATED SECOPS & NETOPS: Leveraging shared data and tooling to optimize end-user experience, security posture, and overall IT productivity Today security teams struggle with too much data, too many tools, and not enough resources.  Add to that the complexity of today s modern environments and the evolution of hacker techniques and you see why cyber security practitioners have a tough job defending their turf!To make matters worse, the typically siloed nature of IT organizations complicates the implementation of effective detection, investigation, and remediation capabilities for DevOps, NetOps, and SecOps practitioners.Today s session will focus on creative ways in which forward-thinking enterprises have broken down inter-departmental walls using the ExtraHop platform, and drastically improved IT productivity and security posture, while simultaneously reducing their overall vendor/tool footprint.
Chloé Messdaghi Chloe Messdaghi is a Security Researcher promoter @ Bugcrowd. Since entering cybersecurity space, she sees security as a humanitarian issue. Data breaches don t just impact companies, but governments, environments, and people. This can adversely affect lives of the most vulnerable persons as well. Hence, her previous and current humanitarian passion has led her to become passionate about cybersecurity. Humanitarian work includes advising as a UN Volunteer, serving as a board member for several humanitarian organizations. Chloe is also the head of WIST organization, mentor and advocate for inclusion in tech, and founded a nonprofit called Drop Labels. How to Fix the Diversity Gap in Cybersecurity Women make up just 11 percent and minorities are slightly less than 12 percent of the cybersecurity workforce. Coming from a nonprofit background, which is an industry with a high diversity, to one where it is so unbalanced. It s disheartening and disappointing.  I ve connected with persons who are underrepresented in the field, and many after spending years in cybersecurity are leaving the field. From their shared experiences as well as my own, it is clear that the cybersecurity space needs to get real about the lack of diversity in the space, and the necessity to make changes as we approach the estimated shortage of 1.5 million cybersecurity professionals in 2019.  In this talk, we will discuss our brains and how we label and prejudge, hear experiences of underrepresented people in the space, what can be done to fill the gap, and how to increase and retain the number of qualified candidates in cybersecurity.
Andy Bennett Andy Bennett is a boot wearin’ native Texan who serves the State of Texas as the Deputy Chief Information Security Officer. He has a diverse IT background with experience in roles across the enterprise and in a variety of sectors including government, banking, higher education, applied research, oil and gas, law enforcement, Fortune 500 consulting services, and more. Bennett specializes in incident response, investigations, and change efforts and has a passion for security. He is the primary author of the State of Texas’ incident response redbook template and is involved in strategic planning and rulemaking at the statewide level. His professional philosophy is “Show works better than tell, every time.” So you went to the cloud (or are thinking about it really, really, hard)… now what? This will be an engaging session that presents some common business and technical issues when moving or building in the cloud.  From regulatory considerations to costing and competing architectures, threat surface expansion to connectivity and unified tools, we will discuss a wide array of issues confronting every cloud user today.  Whether building a private cloud, a hybrid cloud or a super cloudy cloud cloud, the cloud comes with an equal dose of new challenges for every benefit it can provide.  Cloud is not always he right choice, but when done right, it could be the choice for you.
Justin Hutchens Justin Hutchens ( Hutch ) has a Master s degree in Information Systems and multiple information security certifications to include OSCP, GPEN and GWAPT.  Hutch started his career in the United States Air Force, performed many years of red team operations for both boutique and Big 4 consulting firms, and now leads the internal penetration testing operations for a leading global financial services firm.  He most frequently codes in Python and has been building automated web bots and violating terms of service for over a decade.  Following the Facebook / Cambridge Analytica scandal, Hutch founded a non-profit research organization (Sociosploit) to perform technical research into the security risks associated with social media.  In addition to hacking, Hutch does algorithmic day trading on the Foreign Exchange (Forex) markets using a platform he independently developed to automate market forecasting and trade executions using Python.  Hutch is also a proud father of two kids, a committed subscriber to Rick & Morty, and an avid enthusiast of Virtual Reality. Warfare on the Social Web Social media has become so prevalent in our lives that, with the right level of access, it is now possible to determine nearly everything about someone.  With all of this information now circulating across the web, there are also constant and deliberate efforts by bad actors (rogues, miscreants, and general  ne er-do-wellers) to aggregate and exploit this information.  In this talk, Hutch will demonstrate how many of the largest social networks can be used for highly exploitative purposes to include methods for identifying and targeting personnel of specific companies or government agencies, aggregating technology stack profiles of target organizations for APT-style attacks, cat-phishing to coerce action through enticement and/or blackmail, malware distribution, command & control operations, application access creep, and (of course)  œfake news  dissemination.  This is a technical talk and will include demonstrations of specific proof-of-concepts (with supporting code) related to social media exploitation, but will also appeal to the non-technical audience through a high-level examination of the political, social and business considerations related to social media cyber risks.
Pierluigi Stella After 15 years at IBM, Pierluigi Stella co-founded Network Box USA (the American divi- sion of Network Box Corporation Ltd) in 2003. As CTO, he has extensive knowledge of security issues with emphases on the financial; banking; hospitality and travel; health- care; and education sectors. Stella holds a Master’s Degree (Magna Cum Laude) in Electrical Engineering from the University of Naples, Polytechnic School of Engineering in Naples, Italy. He has re- ceived numerous industry recognitions for notable career achievements in addition to being the recipient of excellence awards for innovative design. Making A Case For Having a Cybersecurity Budget Over the years, cybersecurity has developed into so much more than setting up a fire- wall. Security affects everybody, and within a company, it’s no longer realistic to say it’s solely an IT function simply because it’s done via computers. Security must be viewed for what it is, a necessity, and not an expense. A necessity which greatly im- pacts upon a company’s profitability and its very existence. And in order for this to happen, the mindset must change. In this session, Pierluigi dissects the steps towards making a case for having a budget allocated towards cybersecurity solutions, and how a lack thereof can affect the organization’s bottomline.
Lauren Neely Lauren is a consultant specializing in information security, data privacy, data compliance and information governance. She is particularly interested in the applications of these areas to emerging technologies. Lauren received her law degree from the University of Houston Law Center and is currently pursuing a master s degree in Cyber Security Operations and Leadership from the University of San Diego. She is also devoted to diversifying the tech industry and creating opportunities for those underrepresented in the field. The EU, California, and now Washington? A Survey of the Data Privacy Landscape for 2019 Last year was a busy year for data privacy regulation. We saw the European Union s General Data Protection Regulation go into effect, California passed the California Consumer Privacy Act of 2018, and now Washington has introduced a bill that would regulate data privacy and facial recognition programs by companies and state and local governments. This talk will discuss the outlook for data privacy in 2019 and the likelihood that 2019 will be the year that we see a federal US privacy law.
Bruce Potter Bruce Potter is the chief information security officer (CISO) at Expel. He s responsible for cyber risk management and ensuring the secure operations of Expel s services.  Previously, Bruce co-founded Ponte Technologies, a cybersecurity research and engineering company that worked with organizations ranging from hedge funds to intelligence agencies. Bruce sold Ponte Technologies to the KeyW Corporation where he served as CTO for 2 years.  In another life, Bruce founded the Shmoo Group and helps run the yearly hacker conference, ShmooCon, in Washington, DC. Bruce has co-authored several books and written numerous articles on security (or the lack thereof). He is a regular speaker at conferences including DefCon, Blackhat, and O Reilly Security as well as private events at the United States Military Academy, the Library of Congress and other government agencies. Oh Noes! – Role Playing Your Way to Better Incident Response While many of us have an incident response plan (or maybe just an incident response outline), we often only exercise the plan when things go wrong. But that s not the best time to get familiar with your IR plan and shake out the bugs. Ideally you should be performing some sort of table top incident response exercise to both gain familiarity with the plan as well as find weaknesses in your enterprise as you tabletop some bad event happening.  Enter our IR roleplaying game,  œOh Noes! An Adventure Through the Cybers and $#!7.  As part of my day job, we do quarterly IR exercises. In order to make these exercises more engaging, more fun, and more useful, we turned these exercises into a role playing game called  Oh Noes!   At this presentation, I will talk about gamifying IR exercises and the rules of Oh Noes! I will equip you with dice and your own character sheet and will walk you through the character creating process. That s right, in Oh Noes! you create your own character with specific skills and abilities that you level up as you play. A group of us will play through a short scenario so you can see how the game works. I will provide several sample scenarios, some ripped from the headlines (and some cribbed from @badthingsdaily) as well as provide guidance on what makes successful scenarios as you transition to be your own dungeon master.
Justin Fier Justin Fier is the Director for Cyber Intelligence & Analytics at Darktrace, based in Washington D.C. Justin is one of the US s leading cyber intelligence experts, and his insights have been widely reported in leading media outlets, including Wall Street Journal, CNN, the Washington Post, and VICELAND. With over 10 years of experience in cyber defense, Justin has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Justin is also a highly-skilled technical specialist, and works with Darktrace s strategic global customers on threat analysis, defensive cyber operations, protecting IoT, and machine learning. Beyond the Hash: Unsupervised Machine Learning and the Power of JA3 Encryption isn t just used by the good guys anymore. As the usage of command and control encryption and domain fronting increases, JA3 offers an interesting, and potentially powerful, solution. Up until now, JA3 has largely been used to enhance traditional cyber security approaches, such as whitelisting and blacklisting, but this has numerous limitations. Trying to define good and bad applications, websites, and JA3s simply isn t feasible in an age of innovative attackers.    Instead of looking for good or bad, unsupervised machine learning technology can recognize JA3s which are anomalous for organizations and entire networks. By combining these rare connections with other anomalous activity security teams can identify emerging compromises in the initial stages of command and control communication. In this way, unsupervised machine learning has the potential to unlock the true power of JA3 for threat hunting.   In this session, learn about:  -Where whitelisting, blacklisting and other legacy approaches to JA3s fall short  -How unsupervised machine learning can detect domain fronting and encrypted command and control traffic  -Real world examples of successful threat-hunting enabled by JA3
Tony Bradley I have a passion for technology and gadgets–with a focus on Microsoft and security–and a desire to help others understand how technology can affect or improve their lives. In addition to my day job and my own websites, I do freelance writing and content marketing. I am a regular contributor to Forbes, DevOps.com, and ContainerJournal. I am an experienced information security professional, speaker, author / co-author of 10 books, and thousands of web and print articles.  I ve been awarded the Microsoft MVP (Most Valuable Professional) award for 11 consecutive years, and I ve been a CISSP (Certified Information Systems Security Professional) since 2002.  I also love spending time with my wife, 7 kids, 2 dogs, 5 cats, 3 rabbits, 2 ferrets, pot-bellied pig and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. Don t Believe the Hype (Spoiler Alert: It s All Hype) My session will provide a unique perspective on tech and InfoSec marketing from the perspective of someone who has worked as a network admin and cybersecurity analyst, and now writes about the subject as a tech journalist. I will share my thoughts on the abuse of tech jargon and buzzwords and point out that a person may be sincere when discussing the advantages and benefits of a product or service, but their opinion can flip overnight if they switch companies and start working for a competitor.
Stephen Cravey Stephen discovered computers a couple of years after he discovered Star Wars. A few years after that, he discovered programming. After a couple of years of studying VLSI design, he discovered the Internet and the joys of joining an ISP with no other technical staff and no passwords or documentation to either the servers or the network equipment. He has over 20 years experience in organizational leadership and management as well as over 25 years in various areas of all things security. He s consulted for several government agencies from several governments and is currently the IT Security Manager at a local Oil and Gas company. Elicitation, manipulation, coersion, and countermeasures Recently, we have all seen an increase in discussion about foreign intelligence activity on the Internet. This presentation will introduce you to pre-Internet intelligence concepts that date back decades and sometimes centuries.  I ll provide abstract examples of covert elicitation of information as well as overt coercion and blackmail. Then I ll discuss prevention, countermeasures and possible escape hatches for people trapped in those situations.
Jason Robohm Jason has over twenty years of IT experience identifying and correcting infrastructure security problems and building Information Security Programs. This encompasses the analysis of business compliance obligations along with project planning and implementation of innovative process management techniques aimed at improving information system up-times and capabilities, all while reducing TCO.  He possesses division level P&L experience as well as Six Sigma / ISO 900x process management training. My skill set includes extensive project management, IT Security audit (DIACAP / FISMA / PCI / SOX / NERC), CIPAC, information assurance, risk identification / mitigation, information security policy development and training, vendor negotiation, client proposal, and RFP / IAP creation experience. Is Your Data’s Blind Side Making You Vulnerable? An approach to a well-defined Information Security Program. – Define the Blind Side of Data- Create a well-defined Information Security Program (a plan to overcome vulnerabilities)   – Best Practices to an Information Security Program   – Managing The changing landscape of Data Threats and Motivations   – Common Challenges and ways to Overcome them   – What role does Data Compliance play
Benjamin Brown Benjamin Brown s current research focuses on emerging technology areas where security research is novel such as IoT, AI/ML, cryptocurrencies, the dark web, and new underground digital economies. This leads to speaking engagements, publications, and media interaction to assist in generating new and expanded security insights and knowledge stores. His day job is with CA | Veracode where he integrates his anthropology and international relations degrees with security research into large-scale, internet-level problems. Hobbies include blacksmithing, competitive axe throwing, Software-defined radio (SDR), and hiking. More Than Tor: Shining a Light on Different Corners of the Dark Web When the terms darknet or dark web are invoked it is almost always in reference to the Tor network, but what about the other extant darknet frameworks? A true understanding of the dark web would be impossible and misleading if it only included the Tor network. In this talk I will expand the field of view to include frameworks such as Freenet, I2P, and OpenBazaar. We ll take a quick look at the origins and technical underpinnings of these darknets as well as their actors and offerings. I will also discuss the differentiators that set these networks apart from Tor and highlight why they too should be included in modeling our knowledge of the dark web. Audience members will walk away with a fuller understanding of the internet s hidden corners, the goals of its users, and the technologies that help keep them in the dark.
Sam Denard Sam Denard is a practicing software engineer who was formally trained as a mechanical engineer.  He has been employed in consumer, nuclear energy, petroleum, and space exploration industries; and he spent 25 years as an independent consultant.  In addition, he has been an assistant professor of computer science and an instructor for commercial software development courses.  Each of these experiences involved rigorous software development and analysis.    He is affiliated with a number of technical and business organizations, including the Association for the Advancement of Artificial Intelligence (AAAI), the American Society of Mechanical Engineers (ASME), the Institute for Electrical and Electronic Engineers (IEEE), the MIT Enterprise Forum of Texas, OWASP, and Infragard.  Currently, he is a Senior Security Engineer with Fortify, a division of Microfocus (formerly Hewlett-Packard Enterprise). Static Analysis: Letters From The Front Having spent years writing and reading software, I propose to discuss my experiences and some of the lessons and techniques that I have distilled from those experiences.  I plan to describe the context in which this sort of work is done and to leave the audience with practical techniques and tips for performing this work.  I plan to emphasize the human aspects of the work.  The broad outline for the presentation is below.  I.\t\tWhat is static analysis? II.\t\tWhy do it? III.\t        What can/should be analyzed? IV.\t\tHow is it done? \t\tA.\tWhat are the applicable techniques and methods? \t\tB.\tWhat does one look for? \t\tC.\tWhat should be reported? \t\tD.\tWho should do this work? V.\t\tConclusion  There will be details and examples designed to fit the available time slot.  I would like to have time for Q&A.  I will prepare the presentation slides so that they can be used independently of their in-person delivery.
Clint Bodungen Clint is a recognized industrial cybersecurity expert, public speaker, and lead author of the book Hacking Exposed: Industrial Control Systems. He is a United States Air Force veteran, has been an INFOSEC (now called cybersecurity) professional for more than 20 years, and is an active part of the cybersecurity community, especially in ICS. Focusing exclusively on ICS cybersecurity since 2003, he has provided his services to many of the world s largest energy organizations in the Oil & Gas and Electric Utility industries, and has worked for well-known cybersecurity products companies Symantec, Kaspersky Lab, and Industrial Defender. He has published dozens of technical papers and training courses on ICS vulnerability assessment and penetration testing, threat research, and risk analysis. In what spare time he manages to find, he produces comical, yet somehow still informative, cybersecurity documentaries, and has developed the world s first online multiplayer red team/blue team cybersecurity training game. He hopes to revolutionize our approach to cybersecurity and help usher in the next generation of ICS cybersecurity professionals, by merging advances in computer gaming technology with industrial cybersecurity. What is Consequence-Driven Risk Management? Why Should You Do It, and How. Ok, stop me if you’ve heard this one: A consultant walks into a plant, looks around, runs some tools, throws you a report with 1000 findings and a heat map… and then says, “We can help you fix all that… “. NIST, ISO, RIPE, Bowtie, FAIR, HASOP, PHA, LOPA… “Oh my”! The bottom line is, asset owner/operators want to know: 1. What/where is the risk to their operations, 2. What’s the potential consequence and impact of that risk, 3. What’s the likelihood of it happening, and 4. How do they deal with that risk with the resources they have access to? Unfortunately, the industry is swamped with a convoluted list of risk assessment and management frameworks, standards, and “best practices”. Many of these aren’t focused on industrial environments and most of them don’t provide a comprehensive solution that spans both operational and IT environments, much less a solution that provides pragmatic easy to follow guidance from data collection and analysis to prioritizing mitigation strategies. How do asset owner/operators make sense of all of this? How can they achieve a truly efficient and cost-effective risk management strategy for operations that includes “cyber”?
Bryan Singer Bryan Singer is the Chief Technology Officer at Red Trident, Inc.  He has a long history in the ICS space spanning over 4000 plants worldwide running the gamut of services from industrial network design to cyber vulnerability assessments, penetration testing, and red teaming. Mr. Singer is also the founding and previous chairman of ISA/IEC 62443 (ISA-99), and  a frequent speaker, trainer, and author in the cyber security space.  His career spans over 25 years including US Army Intelligence Corps, Raytheon, Rockwell Automation, IOActive, and now Red Trident. He lives in Birmingham, Alabama, and holds multiple certifications in cyber security, industrial networking, and others. Lies, Damn Lies, and “Risk Mitigation,”  The Need for Operational Cybersecurity “We’re immune from cyber threats, we are disconnected!”  “We have safety systems, they will protect us.”  “We have mitigated all of our cyber risks.”  “We have total security compliance.”  These are the days of our cyber lives as security professionals.  Across these and many others, one truth holds, they are all lies, whether we realize it or not.  If there is one truth that does hold: you never truly remove a risk, you just move it somewhere else.  Experienced professionals understand this, and approach cybersecurity through adding preventative, detective, and reactive controls in a balanced approach to monitor evolving cyber threats.  But this is not the end, and there is a great need for understanding the dynamic threat landscape. This presentation focuses on new approaches to operational security where threat intelligence, internal attack modeling, and both cyber and process KPI’s can be united across the spectrum to provide contextual, dynamic, and threat aware approach to identifying, monitoring, and prioritizing the approach to tackling cyber threats
Michael Radigan Mike Radigan, as Director of OT Strategy for Leidos Cyber, is responsible for the Operational Technology (OT) cyber security strategy and managing the OT partner relationships. Mike came to Leidos from ABB Power Generation where he held the role of Sr. Advisor of Cyber Risk Management providing customers guidance on managing the cyber and compliance risk posed to their operations. Cost-Effective ICS Cyber Risk Management The business objective for operations is to maximize profits and maintain a competitive advantage while managing risks to reliability, quality, health, safety and the environment.  Cyber is one of the many risk domains the operation must manage within a limited risk management budget.  Business leaders need to know how cyber risk stack ranks against these other risk domains in order to make rational and optimal business decisions on budget allocation.  They need to know where they will get the most risk reduction bang for their buck.  They must also have confidence those responsible for cyber risk mitigation are effectively prioritizing and making cost-effective spending decisions.  These objectives can best be achieved by applying a quantitative risk analysis methodology.  This presentation will demonstrate by case study how cyber risk was analyzed, quantified and compared to the top operational risk issues for a power plant and how cost-effective risk mitigation options were evaluated and chosen based on a common financial metric of risk reduced per unit cost.
Art Conklin Wm. Arthur Conklin, PhD, is an Associate Professor and Director of the Center for Information Security Research and Education in the College of Technology at the University of Houston. He holds a variety of security certifications including CISSP, GICSP, GRID, GCIP, GCFA, GCIA, CSSLP, CRISC, and Security+. His research interests include the use of systems theory to explore information security, specifically in Cyber Physical Systems. He has co-authored six security books and numerous academic articles associated with information security. Currently he is working on Smart Grid grants from DOE in the area of workforce development and training. He has an extensive background in secure coding and is a co-chair of the DHS/DoD Software Assurance Forum working group for workforce education, training and development. He is active in the DHS sponsored Industrial Control Systems Joint Working Group (ICSJWG) efforts associated with workforce development and cybersecurity aspects of industrial control systems. A senior member of several professional societies including ISSA, IEEE, ISACA and is a Fellow of National Board of Information Security Examiners. Why we need the Purdue Mode in OT There has been a lot of movement to connect OT systems to IT networks using the internet protocol. This is an important advancement that has improved the business value of these systems. This does not mean you should design OT networks like IT networks, nor that you should just arbitrarily use IT security tools. This talk will examine how OT systems are architected and the why behind these decisions. The architecture choices are based on a foundational decision that needs to be understood before you change it and put your system at risk.
Ron Demery Ron has been in the security space for well over 20 year with a background in Manufacturing, Process Controls, Corporate IT, IT Systems Infrastructure Design / Operation and OEM Product Security. Ron has many certifications, among them are CISSP and the ISA/IEC 62443 Security Expert. ICS Cybersecurity Program Management So how is the ICS Cyber Security Program different from the IT Systems Management Program? Easy, it’s all about the mission. This talk will cover some of the similarities and major differences in the mission of these two programs. I will dig into the Risk Management and development of the IACS Cybersecurity Management System (ISA/IEC 62443) and how you can use the concepts in the SABSA® Methodology to have some common ground. So yes, I will also sprinkle in a little NIST Cybersecurity Framework, SP 800-82, a little SP 800-53 and maybe a little cGMP. I will also discuss the need to share information and knowledge between the two programs. After all, your paycheck depends on it.
Mark Stacey Mark Stacey is a Principal Threat Analyst with the Dragos’ Threat Operations Center. In this role, he delivers Incident Response (IR), forensics, threat hunting, and adversary research for Industrial Control Systems. Mark frequently presents case studies and training through conferences and seminars, provides educational and recruitment support to universities, and supports threat hunting services and community education through joint outreach programs with federal agencies. The Threat Operations Center The Threat Operations Center within Dragos performs proactive (assessments, penetration testing, tabletops) and reactive (incident response) services for industrial control networks world-wide. This talk will review these engagements through 2018 by discussing shared client requests, consistent shortfalls, and collective recommendations. By reviewing Dragos’ previous service engagements, this presentation will analyze current trends and the state of ICS network security as seen by Dragos. This presentation will be vendor agnostic and include no product pitching.
Keirsten Brager Keirsten Brager is a Lead Security Engineer at a Fortune 500 power utility company, @tribeofhackers contributor, and was one of Dark Reading’s 2018 top women in security quietly changing the game. She is also the author Secure The InfoSec Bag: Six Figure Career Guide for Women in Security. She produced this digital book to help women strategically plan their careers, diversify their incomes, and fire bad bosses. Keirsten holds a M.S. in Cybersecurity and several industry certifications, including Splunk, CISSP and CASP. As an active member of the Houston security community, Mrs. Brager has participated in a number of panels and public speaking engagements promoting strategies for success. In her free time, she loves blogging, cheering for her beloved Saints team, and convincing women not to quit the industry. Building a Business Case for Your ICS Security Monitoring Strategy Effective continuous monitoring requires ongoing identification, detection, and response. How do you convince management to pivot from tactical activities to investing in a program when there are competing business priorities, disparate systems, and IT distrust? The speaker will share insights based on experience, including strategy development from an engineer’s perspective, demonstrating time to value of security investments, and overcoming “people” challenges.
Seth Jaffe So you’ve heeded the warnings to put a cyber incident response plan in place. Now what? This session explores, as a model for ICS incident response, NASA’s Mission Control framework related to the International Space Station (ISS), which itself boasts 52 onboard computers, 1.8 million lines of code, 100 data networks, and over 400,000 sensors/signals, all onboard an orbiting space vehicle that can never be shut down. Leading up to a behind-the-scenes Mission Control video of a Space Shuttle launch incident, former NASA flight controller turned cyber attorney, Seth Jaffe, will discuss the use of policies, procedures, and directives to map NASA’s proven framework onto cyber incident response. Topics will include team organizational structure, internal communications, third-party vendor management, post-breach litigation, and satisfying NIST 800.61 recommendations. Securely Controlling 400,000 sensors – Incident Response Lessons from NASA’s Mission Control Seth Jaffe is General Counsel and Vice President of the Incident Response Practice at LEO Cyber Security and the Principal of the Law Office of Seth E. Jaffe.  In his role at LEO, Seth assists clients in the preparation, maturation, testing, and training of all things incident response, leveraging his fifteen years experience in NASAs Mission Control to bring a unique perspective to the industry. Prior to LEO, Seth held the position of technology attorney at a major U.S. airline, where he handled data protection and privacy matters and negotiated contracts related to technology services.  He was also the lead Legal team member on the Incident Response Team, tasked with developing incident response procedures and policies, facilitating effective emergency communication with other team members, and responding to actual incidents.  Seth also sat on an executive steering committee charged with making strategic decisions about the company incident response plan and socializing cyber security issues to executives.  Earlier in his career, Seth worked in Mission Control at NASAs Manned Spaceflight Center, where he was certified on both the Space Shuttle and the International Space Station and served the role of senior flight controller, evaluator, and instructor.  Seth routinely presents on topics of cyber security governance, incident response best practices, cyber security contractual provisions, cyber security laws/regulations/guidance, and crisis management.