Presentations are now available for download. Scroll down to see which presentations are available.
Governance Track | Room 20–21
The Rise of Privacy: Complying with GDPR in the United States
Introduction: Mauritz Plenby, Vice Consul, Information Economy & Creative Industries with the British Consulate-General Miami
Moderator: Mark Lotito, ConnectWise (pictured)
Panelists: Gene Geiger, A-LIGN; Loni Hagen, PhD, University of South Florida; Thomas Hofer, Medved Consultants; M. Lisa Shasteen, Shasteen & Percy, PA
The European Union’s General Data Protection Regulation (GDPR) has changed the legal landscape for cybersecurity globally. US businesses are not immune to this regulation or its penalties. This panel of GDPR experts will examine what it means for your business and explore the latest developments. You will learn to recognize when GDPR applies, to identify areas that could be risks, and how to implement a new legal framework in your organization to mitigate those risks.
12:15 pm Optional Lunchtime Session
Bridging the Skills Gap: An Examination of Competencies Needed for Cybersecurity Professionals
Gena Cox, IBM Talent Management Solutions
It is estimated that almost 2 million Cyber positions will be unfulfilled by 2022. This is largely due to a skills gap for the necessary technical skills needed for these roles. This optional lunchtime session focuses on the identification of other areas outside of technical skills (e.g., competencies and aptitudes) that are appropriate for a number of cyber roles. Explore how to identify the behavioral competencies needed for these roles as well as solutions to help assess them.
Train Like You Will Fight: Improving Cyber Crisis Management
Andy Zolper, Raymond James Financial
Leaders may not control the adversary, but they can control how their organization responds to cyber events. This session will discuss best (and worst) practices in preparing for and managing serious cyber incidents, including techniques for improving organizational readiness as well as key requirements for effective crisis response.
Practical Cybersecurity Risk and Control Maturity Assessments
Brian Fricke, Bank OZK
Learn about a new tool developed using the Critical Security Control (CSC) Framework’s 149 sub-controls that empowers an assessor to communicate with control owners to document how control objectives are being met within the organization. The tool goes further, asking four key measurement questions to establish the overall maturity for each control family. The output of the exercise provides an executive dashboard for reporting over all status, as well as a road map of what is needed to get to higher maturity levels. A secondary outcome is a dashboard of the overall risk posed in each control family, considering Inherent and Residual Risk.
An Ounce of Prevention is Worth a Lot: Cybersecurity from a Lawyer’s Point of View
David Gurwin, Buchanan, Ingersoll & Rooney PC
Doing business in a hyper-connected world means being held to state, national, and even international cybersecurity laws. When does a security breach become a legal problem? What does Florida law require and how does it compare to other states? You have technical security measures in place, but do you have a legally effective security program in place for your organization? Get the answers to these questions and more as two cyber law experts examine the legal ramifications of a data breach.
Human Aspects Track | Room 22–23
Levers of Human Deception: The Science & Methodology of Social Engineering
Stu Sjouwerman, KnowBe4
No matter how much security technology we purchase, we still face a fundamental security problem: people. This session will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding.
Join Stu Sjouwerman, CEO at KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life: from the tactics used by oily car dealers to sophisticated social engineering and online scams. Additionally, we’ll look at how to ethically use the very same levers when educating users.
Panel: Understanding and Addressing Cybersecurity from Different Angles: Computer Science, Education, and Social Science
Moderator: George Burruss, PhD, University of South Florida (pictured)
Panelists: Nathan Fisk, PhD, University of South Florida, and Sriram Chellappan, PhD, University of South Florida
This panel of three scholars will examine the problem of IoT (Internet of Things) security from three different academic disciplines: computer science, criminology, and education. After discussing how each scholar would approach the problem, the panel will discuss how a unified approach would better address the problem.
Gamification, AI and the Cyber Workforce Gap
Brad Wolfenden, Circadence Corporation, and Dr. Daniel Manson, Cal Poly Pomona
Gamification—applying rules, engaging teams, and scoring—are widely accepted as effective methods for attracting and developing cybersecurity talent. Recent studies show that gamification is a key element in training an effective cyber workforce. A McAfee April 2018 report, “Winning the Game,” surveyed almost 1,000 cybersecurity managers and 500 employees, focusing on current threats, challenges, and investments needed. The survey found 40% of organizations already host some kind of gamification exercise at least once a year and 77% of senior managers said their organization’s cybersecurity would be much safer if they implemented more gamification. In this session, three experts will explore how we can make awareness training more compelling and provide better, more measurable results (hint: they’re big fans of gamification) and how AI/ML has incredible potential to both augment and automate the work and training/education of cyber professionals.
The New Cybercriminal Syndicate
SSA Paul Vitchock, Federal Bureau of Investigation
Hear the word “cybercriminal,” and it often conjures the image of a solitary hacker working in the shadows. Not so anymore. A new dynamic has emerged: large, sophisticated, international organizations that are earning millions through savage, coordinated attacks. Learn more about the tactics and behaviors of these new cybercriminal syndicates.
Community Track | Room 24–25
From Lawyer to Cybercrime Fighter: How I Learned to Reinvent Myself
Shelley Westman, EY
Cybersecurity has a huge skills gap and is an area where you can put other skills to work. This field is not a purely technical field; we need people with good analytical skills, communication skills, and people who can turn technical speak into business speak for the client. Shelley Westman shares her unique career path from law into the field of cybersecurity as well as lessons she learned along the way.
- What you think you want may not be what you ultimately want. Don’t be afraid to course correct.
- Say yes and learn the job later…try new things and take on new responsibilities.
- There will be times in your life where you feel as if everything is falling apart. The only choice is to move forward one step at a time.
- Everyone has something going on in their life. Don’t let that define who you are.
Come see why it is never too late to reinvent yourself and choose cyber (or another STEM field) as your career path.
Growing and Sustaining the Nation’s Cybersecurity Workforce
Rodney Petersen, National Initiative for Cybersecurity Education (NICE)
The United States’ vision of a cybersecurity workforce that safeguards and promotes America’s national security and economic prosperity requires collective action from the public and private sectors. To prepare, grow, and sustain the nation’s cybersecurity workforce, we must align education and training with the cybersecurity workforce needs of employers and prepare individuals for lifelong careers.
Threat at Your Doorstep: Cybersecurity for Executives
Joe Adams, PhD, Merit Network, Inc.
Explore the current threat landscape, social engineering, critical controls, common attack vectors, and more. Dr. Adams will provide an in-depth overview of the various types of hackers, the nature and role of training programs, and the warning signs of an attack.
Apprenticeships: Flexible Solutions to Attract & Retain a Talented Workforce
John Duff, PhD, and Susan Biszewski-Eber, St. Petersburg College
Explore a long-term solution to creating and retaining a skilled workforce: the apprenticeship model is a cost-effective way to keep top talent and fill hard-to-fill positions. Examine how industry and education can work closely together to ensure relevance and rigor and discover the economic advantages of applying this traditional training model to the technology industry. Add to the discussion by sharing your ideas on how educational institutions and industry can collaborate to develop a skilled workforce. Key takeaways include information on the benefits of the apprenticeship model, potential economic resources, and an understanding of the components of an apprenticeship and the advantages of being a registered apprenticeship program.
Practitioner Track | Room 14–15
Cyber Event Forecasting
Robert Rahmer, IARPA
Explore the latest challenges and advances in cyber event forecasting research through IARPA’s Cyber-attack Automated Unconvential Sensor Environment (CAUSE) program.
Panel: Current Issues in Cryptography
Moderator: Ed Giorgio, Bridgery Technologies (pictured)
Panelists: Rainer Steinwandt, PhD, Florida Atlantic University; Jean-Francois Biasse, PhD, University of South Florida; and Margaret Salter, RBC
Cryptography has always been the cornerstone of computer security, but the explosion of new applications in recent years has brought new opportunities and new challenges. From blockchain, digital currency, and post-quantum cryptography to more nefarious uses such as ransomware and dark web applications, cryptography is evolving rapidly. At the same time, progress with privacy and law enforcement access remains in a quagmire. Led by one of the world’s leading cryptographers, this panel of experts will examine the emerging issues stemming from this cryptologic renaissance.
Securing & Monitoring Cloud Platforms
Joe Partlow, ReliaQuest
Most enterprises have at least some applications or portions of their infrastructure in the cloud, but very few have visibility into the platform from a security standpoint. This session will review the various security components and configuration options available in these cloud platforms and how to ensure you are monitoring and alerting on the critical events. We will cover topics such as AWS, GCP and Azure reference architecture examples; known risks with storage permissions and API access; logging and alerting best practices; and compliance concerns that many corporations have had to address.
Learning and Reasoning with Imperfect Data
Kamal Premaratne, PhD, University of Miami
The practical utility and effectiveness of machine learning algorithms for reasoning and inference depend on how well one may extract the relevant parameters from training data. However, adequate representative statistical training data are often unavailable and, when available, real-world training data are often mired in incomplete/missing data. This is particularly true in the detection of cybersecurity threats. Imputation of such data must be guided by how different variables are related to each other and/or by the underlying distribution which dictates data ‘missingness’. Interval-valued probabilities are better suited to deal with situations when such information is unknown or indeterminate and when one is called on to harness the more qualitative subjective human-based information; they are also what arises naturally from incomplete or partial elicitation. In this presentation, we illustrate a framework that allows for parameter learning and reasoning with interval-valued probabilities in much the same manner as one would reason with probabilities (as, for example, in a Bayesian network). For datasets where attribute values could be unknown/missing or are known to lie within a set of values, we show that an intuitive frequency counting method can be employed to learn interval-valued parameters. Importantly, the probabilities associated with an arbitrary imputation strategy, including the underlying ‘true’ probabilities, are guaranteed to be contained within these intervals. Experimental results demonstrate the utility of the proposed framework.
Emerging Technologies Track | Room 16–17
The Dawn of the Internet of Value
Steven Lubka, Private Blockchain Consultant
Join blockchain expert Steven Lubka as he builds a framework for understanding the fundamental value of what cryptocurrencies and blockchain technology have brought to the digital landscape. The creation of Bitcoin was the birth of the first truly scarce digital asset, something which was previously impossible due to the ease at which computer data is copied and replicated. Mr. Lubka will explore what it means to be able to create true digital assets which can actually possess tangible value as real-world assets do.
Advanced Data Correlation Beyond the Tool or Third-Party Platform
Brian Murphy, ReliaQuest
To keep up with the data-driven demands of the business, security teams have to expand their visibility into many new and non-traditional sources of data. Security tools or third-party platforms have traditionally been the only place to get a consolidated view of the data, but more and more teams are leveraging internally owned data lakes, data pipelines and other big data methodologies to use in their data analytics and logging strategies to leverage across the enterprise. This session will present a road map to efficiently ingest, parse and filter logs at scale; examine the advanced use cases possible with this expanded visibility and capability (inside and outside of the security tools); and review how to leverage security tools more effectively by segmenting actionable vs. non-actionable log events.
The New Security Frontier: Threat Hunting, Augmented Intelligence & Automated Response
Michael Melore, IBM
New methods are required to address threats increasing in frequency, sophistication, and impact in an increasing climate of cost constraints and resource and skills shortages. Traditional security controls and response can’t possibly keep pace. Private and state-sponsored dark web actors are well orchestrated, using innovative AI technologies, leveraging digital currencies—their R&D producing wares designed to circumvent traditional security practices have changed the game. You now require innovative security approaches.The art of effective threat hunting, advanced analytics, incident response, and the value of cognitive security are the new frontier. Learn how to determine threats before your fences are tested, investigate non-obvious related offenses, obtain near-real-time insight, and effectively trigger incident response as a single strategy.
Insecurities in IoT
Shane Hartman, SpecterLabs and RSA
There are now more mobile and embedded devices represented as the Internet of Things on the planet than people. These devices support multiple forms of connectivity, communication, and data storage. Trust, privacy, and security are central to IoT, and awareness of these issues among the public is central to keeping it secure. RSA’s Shane Hartman will examine the explosion of IoT devices—including smart locks, light bulbs, and thermostats—and how these devices work and communicate on the network. He’ll review some known vulnerabilities and exploits and talk about devices and manufactures as well as how to protect yourself if you have these devices or plan to buy them. Lastly, he’ll discuss what the industry itself can do to improve the security of the product.
Please note: speakers and schedule subject to change.