cybersecurity: past, present & future - · pdf filecybersecurity: past, present &...

4

Click here to load reader

Upload: vanlien

Post on 22-Mar-2018

212 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Cybersecurity: Past, Present & Future - · PDF fileCybersecurity: Past, Present & Future. ... Information security problems have become a routine ... Chuck Benson leads IT strategy

Cybersecurity: Past, Present & Future ISACA Puget Sound Chapter 2016 Spring Seminar Sessions run from 8:30 AM to 4:30 PM both days

Monday, April 18, 2016 Tuesday, April 19, 2016

8:30 AM Keynote: 30 Years of Computer Security

Cliff Stoll

8:30 AM Keynote: Updates from the Office of

the Attorney General Bob Ferguson 9:00 AM 9:00 AM

9:30 AM How Seriously Do We Want to Take Cybersecurity?

Jack Jones

9:30 AM Estimating Exposure to IoT Systems

Chuck Benson 10:00 AM 10:00 AM

10:30 AM Maturing from Security Risk Management to Cyber

Threat Intelligence Michael Boyd

10:30 AM Cybersecurity in Healthcare: From the Sidelines to the

Headlines Sean Murphy 11:00 AM 11:00 AM

11:30 AM LUNCH The Breach Kill Chain and a

Layered Security Model Dan Hansen

11:30 AM LUNCH

Noon Noon

12:30 PM Be Afraid – Be Very Afraid

Jenny Durkan

12:30 PM Security in the Wild

Beth Scott 1:00 PM 1:00 PM

1:30 PM TBD

Dwaine Oymer

1:30 PM Security and Compliance OF the Cloud vs. IN the Cloud

Kevin Tam 2:00 PM 2:00 PM

2:30 PM Cybersecurity 2.0

Aravind Swaminathan

2:30 PM Seven Habits of Highly Effective Security Leaders

Sean Cordero 3:00 PM 3:00 PM

3:30 PM Managing Risk at Expedia

Nicholas Muy

3:30 PM CSX Overview

Jack Champlain 4:00 PM 4:00 PM

This seminar made possible by generous support from:

Page 2: Cybersecurity: Past, Present & Future - · PDF fileCybersecurity: Past, Present & Future. ... Information security problems have become a routine ... Chuck Benson leads IT strategy

KEYNOTE Monday, 8:30–9:30 AM

30 Years of Computer Security: Looking at Trouble Both Backwards and Forwards Clifford “Cliff” Stoll Counter-intuitive Tech Thinker

Biography: Cliff Stoll gained worldwide attention as a cyberspace sleuth when he

wrote his bestselling book, The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. He has become a leading authority on computer security. Cliff is a commentator for MSNBC, an astronomer at UC Berkeley, and an energetic and entertaining lecturer.

Monday 9:30–10:30 AM

How Seriously Do We Want to Take Cybersecurity? Jack Jones Executive VP, R&D, RiskLens, Inc.

The media says cyber security is a big deal, boards of directors are (finally)

beginning to think it is a big deal, and we as an industry have been saying for a long time that it’s a big deal, but how serious about it are we? Are we willing to take the necessary steps, and do we even know what those are? Jack will discuss the (sometimes controversial) things that need to take place for our industry to mature.

Biography: Jack Jones has worked in technology for over 30 years, and information security and risk management for 25. He has over 9 years of experience as a CISO with three different companies. In 2006 he received the ISSA Excellence in the Field of Security Practices award, and in 2012 he was honored with the CSO Compass award for leadership in risk management. Jack is the creator of the Factor Analysis of Information Risk (FAIR) framework.

Monday 10:30–11:30 PM

Maturing from Security Risk Management to Cyber Threat Intelligence Michael Boyd Chief Information Security Officer, Providence Health & Services

Information security problems have become a routine headline in mainstream news, with many breaches striking large and well-heeled companies. Can we really improve security in an era of more numerous and more advanced

adversaries in cyberspace? The answer may lie in moving away from the historical model of trying to manage risks and instead becoming more intelligent about the ever-changing threats that face us all.

Biography: Mike Boyd has been with Providence for eight years. He has more than fifteen years of experience in information security, serving the diverse security needs of healthcare, media and entertainment, insurance, financial services, and higher-education organizations.

Monday 11:30–12:30 PM LUNCH

The Breach Kill Chain and a Layered Security Model Dan Hansen Director, Protiviti Security & Privacy practice

The Breach Kill Chain model presents the different activities that a cyber attacker

must complete in order to successfully steal data. Dan will discuss how this model can help us think differently about how to effectively prevent, detect, and stop a data breach using the right layered security approach.

Biography: Dan Hansen has over 15 years of experience delivering high-value projects in information security, compliance, business continuity and IT audit. He has broad industry experience with a particular focus in High Tech, Healthcare, and Consumer Products organizations.

Monday 12:30–1:30 PM

Be Afraid – Be Very Afraid Jenny Durkan Partner, Quinn Emmanuel

Jenny will discuss cybersecurity threats, breaches, and approaches.

Biography: Jenny Durkan has over 25 years of experience resolving and litigating complex civil and criminal matters and is nationally recognized for her leadership in the areas of cybercrime, complex litigation, governmental policy, and legislative strategy. She serves as Global Chair of the Cyber Law and Privacy Group. As a United States Attorney, Jenny was the chief federal law-enforcement officer for Western Washington.

Monday 1:30–2:30 PM

TBD Dwaine Oymer T-Mobile

Page 3: Cybersecurity: Past, Present & Future - · PDF fileCybersecurity: Past, Present & Future. ... Information security problems have become a routine ... Chuck Benson leads IT strategy

Monday 2:30–3:30 PM

Cybersecurity 2.0 Aravind Swaminathan Partner, Orrick

As the cyber threat landscape continues to evolve, so do responses from regulators, customers, media, and the public. The

basics are simply not going to be enough. Organizations must anticipate the regulatory, compliance, litigation, and enforcement future, and develop programs and strategies for meeting those demands. Leave Cybersecurity 1.0 behind, and take an in-depth look at what tomorrow holds.

Biography: Aravind Swaminathan serves as co-chair of Orrick’s Cybersecurity & Data Privacy team. He is an accomplished trial lawyer, litigator, and former federal prosecutor, with extensive experience in cybersecurity and data breaches. Aravind advises clients in proactive assessment and management of internal and external cybersecurity risks, breach incident response planning, and related corporate governance responsibilities.

Monday 3:30–4:30 PM

Managing Risk at Expedia—Information Security in a Global eCommerce Company Nicholas Muy Security Engineer, Expedia, Inc.

Information security is already fast-paced and constantly evolving, now consider managing information security risk in a globally dispersed and technologically diverse company, with thousands of developers, in an extremely competitive industry that waits for no one. Ultimately, the only way we can be successful is to have focus and speed.

Biography: Nicholas Muy leads the Information Security Risk Management practice at Expedia, where he leads the continuous development of risk management, enterprise security strategy, and security due diligence for mergers and acquisitions. Nicholas previously worked in Washington, D.C. on national cybersecurity policy and strategy. A Seattle native, Nick would hike and/or snowboard every weekend if he could.

KEYNOTE Tuesday 8:30–9:30 AM

Updates from the Office of the Attorney General Bob Ferguson Washington State Attorney General

Biography: As the State of Washington’s chief legal officer since 2012, Bob

Ferguson directs 500 attorneys and 600 professional staff in providing legal services to state agencies, the governor, and the legislature. Prior to being elected Attorney General he was a longtime member of the King County Council. Bob is an enthusiastic mountain climber, birder, and back-packer, as well as an internationally rated chess master.

Tuesday 9:30–10:30 AM

Estimating Exposure to Internet of Things (IoT) Systems Using Publicly Available Data Chuck Benson Assistant Director for IT, Facilities Services, University of Washington

Publicly available device and network data via websites such as Shodan.io offer an opportunity to help you profile and estimate your organization’s risk stemming from IoT systems. Of course, the challenge is that the same data can be used by those with malicious intent.

Biography: Chuck Benson leads IT strategy & operations, information risk management, and information security for Facilities Services, SmartGrid, & building and space automation systems at the University of Washington. He chairs the University's IT Service Management Board as well as the Task Force on Industrial Control Systems & Internet of Things risk. He is also a former Marine Corps helicopter pilot. He maintains a blog on managing IoT systems risk at http://longtailrisk.com.

Tuesday 10:30–11:30 AM

Cybersecurity in Healthcare: From the Sidelines to the Headlines Sean Murphy VP & Chief Information Security Officer, Premera Blue Cross

Over the last decade, in response to the digitization of healthcare data, healthcare organizations have made cybersecurity professionals (and the tools they use) part of their fabric. Even so, up until recently many took comfort from the idea that the biggest risk they faced

Page 4: Cybersecurity: Past, Present & Future - · PDF fileCybersecurity: Past, Present & Future. ... Information security problems have become a routine ... Chuck Benson leads IT strategy

was user error. Now, cybercriminals have found ways to monetize healthcare information, and healthcare organizations have become specific targets. Sean will suggest ways healthcare can integrate best practices from other industries, and alternatives when those practices are not a good fit in a healthcare organization.

Biography: Sean Murphy has more than 20 years of experience in healthcare information security, both in the military and the private sector. He’s an adjunct professor and Fellow at Saint Leo University, and past chairman of the HIMSS Privacy and Security Committee. His book Healthcare Information Security and Privacy was published in 2015. His proudest professional accomplishment was serving as a senior mentor to the Afghan National Police Surgeon General’s Office in 2008-2009.

Tuesday 11:30–12:30 PM LUNCH

Tuesday 12:30–1:30 PM

Security in the Wild Beth Scott IS Cloud & Enterprise Security Program Manager, Microsoft

Incident Response is often perceived as just that: Response. At Microsoft, IR is a cradle-to-grave concept, often associated with the phrase "Protect, Detect, Respond."

Microsoft Protects customers with best-in-class software practices and outreach programs, Detects issues through anti-virus programs and partnerships, and Responds through Security Bulletins and a global IR process. Beth will discuss how these programs keep your systems up-to-date and secure, and introduce outreach programs you may not have heard about.

Biography: Beth Scott has been in the software industry for more than 20 years, and the security industry for 11. She’s loved security from the beginning, but wasn’t excited about phone hacks: Once security became more relevant, she jumped in with both feet. Beth works primarily in incident response, and has lots of stories to tell.

Tuesday 1:30–2:30 PM

Security and Compliance OF the Cloud vs. Security and Compliance IN the Cloud Kevin Tam Managing Director, Coalfire

As a citizen of the cloud you inherit a great

deal of security and compliance coverage; however, you cannot ignore your own individual responsibilities. This session will help you decipher your responsibilities as they pertain to security and compliance when you move to the cloud, and optimize your overall security and compliance posture when working in the cloud.

Biography: Kevin Tam has 15 years of experience in security and compliance, including IT governance, program development and management, risk management, audit and assessment, and training. He has deep experience in developing controls and compliance programs across numerous industries. Kevin leads a team of professionals providing advisory and compliance assessment services to a range of organizations and industries.

Tuesday 2:30–3:30 PM

7 Habits of Highly Effective Security Leaders Sean Cordero Director, Information Security, Optiv

The growing importance of the senior security leader role requires the shedding of ineffective habits that undermine the role of a security-minded business leader. This session provides insights gained through firsthand experience as a CISO and executive advisor, as well as the wisdom shared by other leaders on how to drive a resonant security message and become a force for change within your organization.

Biography: At Optiv, Sean Cordero provides executive-level advisement, strategy development, and relationship management for the company’s Fortune 100 clients. Sean serves as chair of the Cloud Security Alliance’s (CSA) Cloud Control Matrix working group, and was awarded the CSA’s 2013 Ron Knode Service Award for his contributions to cloud research.

Tuesday 3:30–4:00 PM

CSX Overview Jack Champlain Treasurer, Academic Relations Liaison & CSX Liaison, ISACA Puget Sound Chapter

A quick update on ISACA’s Cybersecurity Nexus (CSX) program.