isaca security day - information security mangold, guidepoint senior security engineer ... •in...
TRANSCRIPT
ISACA CyberSecurity
All Day Event
October 17, 2014
Agenda7:30 AM – 8:00 AM
8:00 AM – 8:15 AM
Registration, Hot Breakfast Buffet and Networking
Introductions8:15 AM – 10:00 AM Session 1 Preparing for Cybergeddon: Building a Risk Based Cybersecurity Program
Key Note Speaker: Shawna M Flanders CRISC, CISM, CISA, CSSGB, SSBB
10:00 AM – 10:15 AM Break 110:15 AM – 11:05 AM Session 2 Shellshock
Lee Mangold, GuidePoint Senior Security Engineer 11:05 AM – 11:55 AM Session 3 This is Not a Compliance Checkbox …
Mark Stanford, Senior Sales Engineering Manager, FireEye, Inc12:05 PM – 1:15 PM - Lunch Lunch Buffet and break1:15 PM – 2:05 PM – Session 4 Responding to Cyberattacks: The Hidden Costs of a Large Data Breach
Hayden McKaskle - Director - Cyber Security and Data Breach Notification2:05 PM – 2:55 PM -- Session 5 Speaker Panel: Shawna Flanders, Lee Mangold, Mark Stanford, Hayden McKaskle
2:55 PM – 3:10 PM Break 3
3:10 PM – 4:45 PM – Session 6 Vendor Demos – FireEye; Apcon; CO3; Proofpoint
Closing Session - 4:45 PM – 5:00 PM Closing Remarks
Session OverviewKey Note Speaker - Shawna M Flanders CRISC, CISM, CISA, CSSGB, SSBB
Session 1 - Preparing for Cybergeddon: Building a Risk Based Cybersecurity Program
• A Typical Day
• What is Cybersecurity
• How does it differ from traditional security
• Cybersecurity Prevention 101: What can companies do to reduce the impact of cyber attack
• Tools and Associations
• CSX - by ISACA
Session OverviewSpeaker - Lee Mangold, GuidePoint Senior Security Engineer
Session 2 - Shellshock
• "Shellshock “ is the latest surprise to come along in computer security, affecting nearly every IT-enabled
organization to some degree.
• In this talk, GuidePoint Senior Security Engineer Lee Mangold, will show how Shellshock might affect
your organization through live exploitation and example. The talk will conclude with a discussion on the
best-practices that should be employed to limit the effects of Shellshock, and future undiscovered or
undisclosed software bugs."
Session OverviewSpeaker - Mark Stanford, FireEye, Inc
Session 3 - This is NOT a compliance checkbox
• Abstract: Often times, in the great rat race of enterprise IT, checkboxes are the quickest way to measure efficiency/effectiveness, and plans are laid around these checkboxes to ensure a framework that the industry has embraced. While IT Security regulations/compliance can be more complex and cover larger topics, it’s no different…these guidelines are there to help steer enterprises in the right direction, and they offer good “pointers”. Compliance speaks of things like firewalls, anti-virus, IPS/IDS, etc…but when it comes to protecting against zero days and the sophisticated methods attackers use to penetrate high value, drive by and springboard targets, those measures of compliance, when deployed alone, have been known to allow companies to land on the front page of the evening breach news.
• In this presentation, we’ll discuss some examples of this breach news and how FireEye can, by identifying the unknowns, looking for the knowns, containing the threat and utilizing the industry’s best intelligence, help mitigate risks, operationalize security practices and provide piece of mind.
Session OverviewSpeaker: Hayden McKaskle, Kroll Director - Cyber Security and Data Breach Notification
Session 4 - Responding to Cyber-attacks - The Hidden Costs of a Large Data Breach
• Many organizations do a good job with incident response planning. Table top exercises also go a long
way toward helping an organization prepare for the dreaded large event. Unfortunately, until your
organization experiences such an event, the old adage “You don’t know what you don’t know”
applies. This presentation will explore real world experiences with large PII and PHI data breaches and
the hidden and unexpected impacts on the affected organizations.
Session Overview
Session 5 - Speaker Panel – CyberSecurity Discussion
• Shawna Flanders
• Lee Mangold
• Mark Stanford
• Hayden McKaskle
Session Overview
Session 6 - Vendor Demonstrations
• FireEye
• Apcon
• CO3
• Proofpoint
Presenters Biographies
Presenter BIOsShawna M Flanders CRISC, CISM, CISA, CSSGB, SSBB
ISACA West Florida Chapter CISM & CRISC Coordinator, Research Director and CSX Liaison
• Founder and CEO, Business Technology Guidance Associates, LLC., a consulting firm that believes in collaborative innovation between business and technology - offering your technology and business partners with a unique collection of real world training and consulting services tailored to your organizations unique needs and expectations.
• My passion rests firmly on three pillars: 1. Enriching companies in building and improving their strategies, programs and underlying processes (primarily within technology, Technology Internal Audit, IT GRC, Technology Related Risk Management, Information Security, BCP/DR, Project Management and Process Reengineering); 2. Mentoring individuals: both in the topics above as well as aiding in their quest for ISACA certifications; 3. Enhancing and developing curriculum and other publications to improve the profession.
• With nearly 29 years of experience in the financial services sector, Shawna brings her real world experience to every engagement. Shawna has completed certificate programs in Risk Management from Kaplan University and Six Sigma Green & Lean/Black Belt from Villanova University, and has earned the Life Operations Management Association –Associate of Customer Service designation as well as holding certifications in CRISC, CISM, CISA and CSSGB.
• Shawna has been a chapter, conference and onsite trainer for various organizations since 2008. She designs her own course content and also has contributed and/or reviewed multiple publications including ISACA CRISC and CISM Review Manuals; Risk IT and COBIT 5 for Risk. She has also participated in development of the Risk Management and Assurance ISACA Training Week courses.
Presenter BIOs
Lee Mangold, GuidePoint Senior Security Engineer
• Lee Mangold is a researcher, author, student, entrepreneur and self-professed information security
evangelist. Through his work in both private and public organizations, Lee has built a diverse profile of
high-tech projects and security solutions. He currently a senior researcher and network operations
manager for a US Department of Defense contractor, the vice-president of the Central Florida Cyber
Security Community of Practice, and a private security consultant.
• As a researcher and a doctoral student, Lee is interested in methods of effectively training information
security to the masses. His research explores the concepts of adaptive training in which the student
receives information security training that is automatically tailored to their position and experience.
Presenter BIOs
Mark Stanford, Senior Sales Engineering Manager, FireEye, Inc
• Mark has worked in the security space for over 17 years, having held roles not just in the vendor space, but also on the customer and channel side. Cryptography is his official “trade”, having cut his teeth as a crypto engineer for F-Secure, Inc.
• He’s led Southeastern/Mid-Atlantic teams at Blue Coat Systems (where he was also a Sr. Engineer), f5 (Southeast, Mid-Atlantic and for a time strategic) and WebSense (Southeast & Federal). Mark is no stranger to startups either, having been at Top Layer, Mirage Networks and 8e6 (now TrustWave). Building communication/collaboration platforms specifically for SE orgs, training/enabling teams (partner and internal), and working with customers and company leadership strategically to ensure success, enablement and growth are things that Mark has focused on over the past several years in management, but his heart has always been in pure security: malware analysis, building better security architectures and methodologies, and security-focused education for the masses.
• At FireEye, Inc., Mark leads a team of 11 extremely skilled, well-rounded engineers. He enjoys the privilege of speaking at security events about APTs/advanced threats, listening to customer challenges and keeping track of emerging threat trends…when he’s not doing that, he’s spending time with his wife and four children doing any number of things in the great city of Atlanta!
Presenter BIOs
Hayden McKaskle, Director Kroll
• Hayden is Director of Cyber Security and Breach Notification Services in the Southeast for Kroll. He
also provides commercial leadership for the healthcare channel nationally for the company and is based
in Nashville, TN.
• Hayden brings over 25 years of experience in business development, consulting, and management
within Healthcare and other industries including positions at IBM, Siemens, and HealthStream. While
most of his career has been IT centric, Hayden has also consulted with hospital and system leadership
on such areas as Value Based Purchasing, physician alignment, nurse engagement, and patient
satisfaction or HCAHPS.
• Hayden comes from a healthcare family and is passionate about helping hospitals and making a
difference in Healthcare. He has served on the boards of a number of charitable organizations
including Patient Advocate Ministries, Community Health Charities, and other groups.
CyberSecurity Day Sponsors
• GuidePoint Security
• FireEye - Visit the Vendor Table
• CloudPassage - Visit the Vendor Table
• Fortinet - Visit the Vendor Table