Chris is one of the most successful cybersecurity law enforcement officials of all time. Books and movies are being made about his legendary career. Dubbed “the Eliot Ness of online crime” by Newsweek, he is responsible for infiltrating the hacker group Anonymous and taking down the notorious dark web drug trafficking site Silk Road, called “the most sophisticated and extensive criminal marketplace on the Internet.” He led the tracking and arrest of two of the most infamous figures in cyberspace: Sabu, who was at one point the most influential hacker in the world, and Dread Pirate Roberts, who was later convicted for his involvement with Silk Road.
Chris will share adrenaline-pumping stories detailing growing cyber threats and challenges modern businesses face. His hair-raising anecdotes prove that just because you cannot see your adversary, or maybe even know his or her real name, it doesn’t mean you can’t protect yourself.
Neil R. Wyler (a.k.a. Grifter) is currently with RSA Security as a Threat Hunting and Incident Response Specialist. He has spent over 16 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black Hat Security Briefings for over 14 years and is a member of the Senior Staff at DEF CON where he is the Department Lead for Contests/Events/Villages/Parties and the Demo Labs. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. Neil is also a member of the DEF CON CFP Review Board and Black Hat Training Review Board.
In his talk, Neil will cover the basics of Tor, Darknets, Darknet Market places, and Bitcoin. He'll share concerns you will want to be aware of and his recommendations for making their use more secure.
Raj has assisted multiple law enforcement agencies in cybercrime cases, and is special advisor to the European Cybercrime Centre (EC3) in The Hague. He’s been recognized for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe Hall of Fame, Peter Szor Award, Intel Achievement Award, among others. Raj is also the co-author of the book Applied Cyber Security and the Smart Grid, CSA Guide to Cloud Computing, and technical editor for numerous other publications.
The growth in the “as-a-service” nature of cybercrime is fueling the exponential increase in cyber-attacks, and this flexible business model allows cybercriminals to execute attacks at considerably less cost than ever before. In this talk, Raj will provide insight into the cybercrime marketplace, including pricing schemes for the services offered. This snapshot of the cybercrime market will show how its service-based nature supports new entrants who do not require technical expertise, leading to a whole new breed of cybercriminal. As a result, the volume of cyber-attacks is likely to continue to increase.
Sean is both an experienced Chief Information Security Officer and Chief Information Officer, adept at managing enterprise cyber risk using people, process, and technology. Sean works with customers on cybersecurity strategy, how Microsoft sees the threat landscape, how we are investing in the future of security at Microsoft, and how organizations can take advantage of Microsoft’s security solutions to help improve their security posture and reduce costs.
A frequent author and speaker on cybersecurity, he also served on the EDUCAUSE IT GRC Advisory Board, the Higher Education Information Security Council, and the governing body of the Pittsburgh CXO Executive Summit. Originally from Northern Virginia, and an avid boater; Sean has resided in Pittsburgh, PA for the last 11 years.
Microsoft's Incident Response teams investigate major breaches week after week and almost always see the exact same pattern of attacks and customer vulnerabilities. In his presentation, Sean will share step by step recommendations to defend against these attacks, including information on cybersecurity solutions that Microsoft has open-sourced to protect their customers.
Regina is an internationally recognized thought leader in the field of crisis management, exercise design, and pandemic and business continuity planning. Since 1982, she has provided consultation and speaking services to clients in four continents. She is the founder of Emergency Management & Safety Solutions Inc. (EMSS), a consulting firm that is 100% woman owned.
Regina's publications include:Cyber Breach: What if your defenses fail? Designing an exercise to map a ready strategy and Emergency Management Exercises: From Response to Recovery: Everything you need to know to design a great exercise.
This super-interactive session will include audio, video, lots of props, and external participants. You’ll gain the knowledge you need to prepare your organization for a national or regional event. Every attendee will leave with a license to use the exercise at their organization. This turn-key package will include scripts, injects, videos, instructions and more.
Summer Fowler is the Technical Director of Cybersecurity Risk & Resilience in the CERT Program at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). Summer is responsible for a research and development portfolio focused on improving the security and resilience of the Nation’s critical infrastructure and assets.
Summer has 17 years of experience in software engineering, cybersecurity, and technical management. Prior to joining the SEI, Summer was a Technical Member at Johns Hopkins University Applied Physics Laboratory and a software engineer at Northrop Grumman Corporation.
Summer teaches two graduate level courses on Information Technology Project Management and Cybersecurity Policy at the CMU Heinz School. She is also the Technical Sponsor of the CISO Executive Certificate Program, the lead for Cyburgh, PA – an initiative to bring recognition to Pittsburgh as a leader in cybersecurity, and a Cybersecurity Fellow for the Center for Strategic and International Studies as part of a cohort focused on identifying and solving policy issues at the national level.
It is often the case that the most difficult aspect of cybersecurity is in communicating progress and impact to the business / organization. The challenge is exacerbated when the communication comes during a time of crisis or cybersecurity incident response. This session examines the results of a study on communication between security teams and senior management (including C-suite and Board of Directors).
Highlights include using effective measures and metrics, how to convey cybersecurity posture, and communicating key messages. Attendees will learn best practices used by cybersecurity experts across multiple sectors and walk through a case study on crisis communication to provide a practical lesson.
Robert Mayer is Senior Vice President of Cybersecurity with the USTelecom Association (USTelecom) with responsibility for leading cyber and national security policy, state relations and coordinating various regulatory initiatives for the wireline broadband industry. He is the current chairman of the Communications Sector Coordinating Council (CSCC) which represents the broadcast, cable, satellite, wireless and wireline industries in connection with the DHS public-private partnership. Mayer currently co-leads the Multi-Association Framework Development Initiative that represents over 30 major U.S trade associations on cybersecurity risk management policy issues and regularly engages with top government leaders on cyber policy. In June 2015, Mayer was appointed to the FCC Communications Security Reliability and Interoperability Council (CSRIC V) after having led a 100 person team of cybersecurity professionals that produced a landmark report to adapt the NIST Cybersecurity Framework to five industry segments within the sector.
Prior to USTelecom, Mayer served as the top telecommunications official for New York State as Telecom Director of the New York Public Service Commission. In that capacity, he led several major initiatives including regulatory reform efforts and he created a new agency department that focused exclusively on network reliability and public safety matters. Prior to this appointment, Mayer was the lead regulatory practitioner in the Telecommunications and Cable Group at KPMG Consulting and was a consultant with Deloitte Consulting. Before that Mayer worked as a financial analyst in the international telecommunications divisions of Chase Manhattan Bank and JP Morgan. Mayer served in the US Air Force supervising intelligence and communications operations at NATO Headquarters, Southern Europe in Italy. He received his B.A from Albany State University, his MA in Information Management from Central Michigan University, his MBA from Boston University, and his J.D from New York Law School.
Robert will provide an overview of major cybersecurity policy initiatives that are being undertaken by the current Administration. We will review the roles, responsibilities, and projects set forth in a new Cybersecurity Executive Order and initiatives that are underway at the Department of Homeland Security, the Department of Commerce, and at the Department of Justice and with the FBI. We will discuss the status of current initiatives around information sharing, botnet takedowns, ransomware exploits and incident response coordination involving law enforcement entities at the national, regional and local levels.
Don Anderson is the Senior Vice President and Chief Information Officer (CIO) at the Federal Reserve Bank of Boston. In this capacity, he is responsible for the Federal Reserve System’s Internet Cyber and Network Security services and Financial Management Technology services, the Bank’s IT functions, Real Estate Services, and Law Enforcement units. Don is currently a member of the Bank’s Executive Committee and represents the Bank on the System’s CIO committee. In 2017, Don was recognized by the Boston CIO Leadership Association and Boston Business Journal as CIO of the Year.
The last 5 years have been all about cyber security and what organizations and individuals must do to protect themselves. But now, it’s all about digitizing, leveraging big data, crowd sourcing with the unknown, and putting a sensor (IOT) on everything. Did we forget about cybersecurity?
Quincy “QJax” Jackson, CISSP, C|EH, GCIA, GWAPT, GREM, currently works as a Red Team Lead with over 20 years of IT experience. His primary responsibilities include programs to evaluate and measure the actual effectiveness of the Security Operations Center. His SOC Readiness and Defense Capability Testing Programs were created to reduce uncertainty and give assurance regarding detection, analysis and cyber defense capabilities. Quincy also specializes in web application security, penetration testing, mobile device hacking, and cyber threat defense techniques.
The time is now to step up from boardroom round-table simulations and into actively simulating well-known attacks against your network before they happen. QJax will demonstrate attack scenarios to effectively measure your cyber defense position. He’ll show the Red Team full engagement process, as well as secrets to SOC readiness and defense testing techniques. You’ll learn his approach to effectively producing metrics and measurements for active hacker drills, and discover new Red Team tools that are safe to use for your active simulations.