Tuesday, May 05, 2015

Insider Threat Panel -- Hartford -- Next week!

Those who know me know I enjoy working insider threat cases.  I worked with the Insider team at Carnegie Mellon, and have paid close attention to the landscape ever since.  From a technology perspective, it's one of the hardest.  From a personnel and management perspective, indicators are often identified but misread, or worse, ignored.... if only HR could talk IT and IT could speak HR ... maybe in a perfect world...I won't hold my breath.

But until then, we'll continue to rely on endpoint solutions and monitoring of watch listed employees --perhaps those below the performance line, those followed by HR problems, employees upset by circumstance, or whatever the motivation --technical indicators at the end point can be an effective means of detection and while I'd hate to say mitigation, there is an opportunity to reduce the risk.

I'll be sitting a panel in Rocky Hill, CT next week on just this subject.

Care to join us? Here's the c-vite. The agenda is shown below.

Interested in insider threat?  We look forward to seeing you!


Invitation Top Banner
"Insider Threat, Incident Response and More..."

The ISACA-GHC Members have spoken and we listened!
Based on your feedback and requests we have assembled the following topics:

Human Side of Data Protection (David Gibson): The most valuable, fastest growing asset a business owns is its human-generated data: documents, spreadsheets, videos, presentations, and emails that people create and share every day. Breaches involving human-generated data happen almost every day. Why? Because employees have far more access than they need, activity is usually not logged or analyzed, and it's difficult to spot abuse. During this presentation you’ll hear how there is a way big data analytics can help lock down overexposed data, prevent breaches, reduce excessive permissions, and enable a sustainable data protection strategy in the face of unprecedented data growth.
Massive Scale Endpoint Incident Response (Neal Creighton): Security teams and incident responders are challenged to prioritize the alerts they receive from network-based devices. Next-generation endpoint detection and response technology is helping these teams more contextually investigate, and verify incidents for faster, more efficient resolution. This session will provide an overview of how new endpoint technologies bring in stealth data collection, Big Data correlation and behavioral threat analysis to augment and even improve the ROI of other security ops platforms.
Insider Threats (David Gibson): The recent spate of highly publicized breaches has drawn attention to one of the issues that keeps security professionals up at night – once an attacker is “inside” the network, their activities are often difficult to spot and recover from. This is true of outside attackers that compromise the credentials and systems of employees, as well as employees that are “breaking bad” or unwittingly exposing sensitive files. This session will review the anatomy of typical outside-in attacks including infiltration, data gathering, and exfiltration, and then discuss methods and techniques for analyzing file analysis records to spot and stop potentially malicious activity from both insiders and external attackers.
Transforming Security Through Distributed Systems and Micro-Segmentation (Colin Ross): With the shift to cloud and mobile computing, security architectures have not kept pace with modern data center architectures. In a world where perimeters have largely disappeared, organizations need to consider security models designed for virtualized and cloud environments. We will discuss how Distributed Systems enable security to scale horizontally, adding capacity dynamically based on need. We will also discuss how Distributed Systems offer a superior architecture for security by providing simplified operations, more effective threat analysis, and better economics.
Breaking Down the Cyber Kill Chain (Ryan Wager): The threat landscape continues to evolve faster than the technologies being built to control it.  In this discussion we will focus on breaking down the parts of the Cyber Kill chain that occur within today's datacenter perimeter and current security best practices.  Specific examples of real attacks will be utilized to illustrate each point.
Panel Discussion
This panel discussion will look at some of the key issues around cybersecurity, threat detection, managed security, next-generation threat modeling and address audience questions on new, innovative ways to effectively counter attackers and eliminate threats. 
Moderator: Steven Harper, Northeast Regional Sales manager for CounterTack. Steven manages the U.S and Canadian business on the East Coast.  He has been in the Internet and Cyber Security industry since 1994 and his background includes companies such as BBN (Bolt, Beranek, and Newman) and Exodus Communications where he was a member of the Cyber Attack Tiger Team. He has worked in the SaaS / Cloud industry, founding Plan 2 Win Software which he sold in 2008. Most recently he has worked at Radware and Corero Network Security, focusing on DDoS Prevention and remediation. Prior to working in the Denial of Service arena, he spent time at Still Secure, a Managed Security Service Provider, specializing in PCI Compliance.
Panelist #1: Jamie Herman, Information Officer at Ropes & Gray, LLP. Jamie has more than 15 years of experience in information security, risk management and information technology. Currently the Information Security Officer for Ropes & Gray LLP, Jamie's expertise covers a diverse range of areas, including implementing information security programs, data privacy, digital forensics, access control, leading innovation initiatives and leading a global team. His passion for assisting law firms improve their security posture in all facets of business has been a key to his success. Having led vulnerability management plan efforts, security strategy and policy design initiatives, Jamie collaborates with a wide network of public and private industry information security experts to deliver forward-thinking security thought leadership to the legal information security industries. Jamie sits on the LegalSec steering committee and has presented at a multitude of ARMA, ILTA and information security events.
Panelist #2: Jeff Stutzman, Co-Founder & CEO of Red Sky Alliance Corporation and Wapack Labs. Jeff served as a Director at the DoD Cyber Crime Center (DC3) where he built and operated the DoD/DIB Collaborative Information Sharing Environment (referred to in the press as the “DIB Program”) and the financial community’s Government Information Sharing Framework (GISF).
Mr. Stutzman is a former US Navy Intelligence Officer and has held positions with Cisco Systems, Northrop Grumman, and the Software Engineering Institute at Carnegie Mellon University, and the DoD Cyber Crime Center. He is a founding member of the Honeynet Project, founded the Healthcare ISAC, and was a first watch stander in SANS GIAC (now the SANS Internet Storm Center). Mr. Stutzman holds a BS in Liberal Sciences from Excelsior College, an MBA from Worcester Polytechnic Institute, and is a Harvard Kennedy School Senior Executive Fellow.
Panelist #3: Brad Howden is the Founder and CEO HIC Network Security Solutions, LLC. Brad has more than 15 years of experience working in security and network focused consultancies, as well as managing global, customer facing technical organizations.  Howden strategically focused HIC’s expertise to lie in both well established and in emerging security technologies designed to address the evolving threat landscape.  Howden and HIC have also developed proprietary firewall migration software, HIC RAPIDFIRE, which has been used within a multitude of organizations across many verticals, and in a large number of fortune 500 companies. Prior to co-founding HIC Network Security Solutions LLC., Brad served as Director of Technical Services for IGX Global.  He received a B.S. in Computer Science from Rutgers University.
Panelist #4: TBD

Attendees are encouraged to send questions in, for our speakers.



05/13/15 8:00 AM - 4:30 PM
CT-CPA Center
716 Brook Street, Suite 100, Rocky Hill, Connecticut 06067, USA
           ISACA Members - $10.00
Non-ISACA Members - $20.00


• 8:00am – 8:30am: Registration (Continental Breakfast)
• 8:30am – 12:00pm: Morning Session
• 12:00pm – 1:00pm: Lunch
• 1:00pm – 4:30pm: Afternoon Session

              Insider Threat Incident Response and More...


Please respond by clicking one of the buttons below
Invitation Bottom Banner
Having trouble with the link? Simply copy and paste the entire address listed below into your web browser:
If you no longer want to receive emails from Education Committee please click the link below.