Cyber Security Symposium 2013
Speaker: Lt. Col. Rob "Waldo" Waldman, The Wingman Lead with Courage, Build Trusting Partnerships, and Reach New Heights in Business Flying solo? You might think so. But take a good look around. You have support staff and managers. You have suppliers, vendors, and distributors. And you have colleagues, family members and significant others. Today in our super charged, highly competitive world of rapid and constant change, those who build trust and work as a team will dodge the missiles and win. By committing yourself to excellence and placing your trust in those around you, you can overcome obstacles, adapt to change, and break performance barriers during adverse times. By placing your trust in your wingmen and by being a wingman to your customers and team, there is no mission you can't complete! Lt. Col. Rob "Waldo" Waldman, The Wingman, overcame a lifelong battle with claustrophobia and a fear of heights to become a combat decorated Air Force fighter pilot and highly successful businessman, entrepreneur, and New York Times bestselling author. His motto is Winners Never Fly Solo! Through his captivating personal stories and high energy videos, learn how you, like a fighter pilot, can succeed in highly competitive and demanding environments. Discover how to prepare diligently for every mission; employ loyal wingmen to promote integrity and mutual support; and lead your team with courage, compassion and conviction. Be inspired to take to the skies knowing that you have wingmen to help you face challenges and change with confidence while maximizing your potential in all aspects of your life.
Introduction and Opening Remarks
Introduction of the 13th Annual Cyber Security Symposium by:
Carlos Ramos, Director & Chief Information Officer, CA Dept of Technology
Michele Robinson, Chief Information Security Officer, CA Dept of Technology, Office of Information Security
Joanne McNabb, Director of Privacy Education and Policy, Office of the Attorney General, California Department of Justice
South-Carolina-DOR-Video (21374 KB)
Speaker: Dave DeWalt, Chairman of the Board and CEO, FireEye, Inc. Presented by FireEye Threat and Response: Combating Advanced Attacks and Cyber-Espionage With 94% of countries containing malware communication servers, cyber attacks are a serious threat facing organizations today. DeWalt's talk will cover how well-funded criminals and nation-states are targeting government and industry with sophisticated malware to steal, compromise and even destroy information with increasing frequency. DeWalt will then explore how the United States and individual organizations can better protect themselves and shift the paradigm from reactive to proactive cyber defense.
Speakers: Debbie Castanon, Chief Privacy Officer, CA Dept of Motor Vehicles Mary Morshed, Security Manager, CalPERS New technologies and business practices based on the use of data create privacy risks for organizations and for the individuals whose data they collect and retain. In this session, you will receive an overview of how companies are using the privacy impact assessment (PIA) process to manage privacy risks. You will also learn how a PIA can help you uncover privacy risks in proposed IT projects and business process changes and determine ways to eliminate or mitigate them, while meeting project objectives.
C13_S2_PIA Cyber Security Presentation (1748 KB)
Speakers: Jamie Butler, Technology Executive Director, College of Engineering, UC Davis Chris Clements, Network Operations Manager, Communications Resources, Information and Educational Technology, UC Davis Today's network based threats are more sophisticated than ever. Universities must adapt to these threats with a new unified approach to network security. UC Davis College of Engineering and IET Communications Resources are partnering to explore opportunities for Next Generation Firewalls and comprehensive user focused network security. This session will review the current and long-term plans for this project.
Speaker: Preston Hogue, Security Product Manager, F5 Security of Web applications has become increasingly important over the last decade. Web applications are now ubiquitous, spanning all verticals including public sector, healthcare, financial and commercial sectors. More and more Web-based applications deal with sensitive personal, financial and medical data, which, if compromised, in addition to downtime can mean millions of dollars in damages. Additionally websites without sensitive data are being attacked to deface or load malware. Yet, to date, more attention has been given to network-level attacks, even though about 75% of all attacks target layer 7 web-based applications. Traditional defense strategies, such as firewalls, struggle to protect against web application attacks. Join us for an educational session on how a web application firewall can help you protect your sites and web applications from vulnerabilities, bots, and zero day attacks as well as the negative publicity that comes with data loss.
Speaker: Wade Williamson, Senior Security Analyst, Palo Alto Networks Preparing for the "Cyber Pearl Harbor" - How to safely enable business applications in the face of modern threat. From the Presidential State of the Union address to speeches from the secretary of defense cyber security and its threats are mainstream realities. At the center of that reality are highly evasive networked applications called malware, enabling attackers to gain a foothold in an enterprise which they can use to dig deeper into the network, control their attack, and steal information over a period of weeks, months, or even years. Organizations can gain an advantage by safely enabling business applications, identifying all known threats, and systematically managing unknowns. Join us to better understand and break the lifecycle of the modern threat.
Speaker: Dale Jablonsky, Vice President " Executive IT Strategist, Performance Technology Partners Executives hesitate to fund Information Security improvement projects unless an embarrassing breach has occurred and made public. This session will show you a remarkably simple way to illustrate Organizational Risks that are due to Security holes in your IT environment and how Executives can measure real progress as your security projects gradually improve your risk posture.
Speaker: Marianne Chick, Enterprise Risk Management and Privacy Program Manager, California Department of Technology, California Information Security Office Join us as we discuss what they are and the requirements within each, and walk away with a road map of how to logically follow them to ensure Information Security.
Speaker Panel: Tye Stallard, IT Security Manager, UC Davis Sophon Im, Security Administrator, UC Davis Russell Jones, Partner, Deloitte & Touche Monte Ratzlaff, Security Manager at UC Davis Health System One of the challenges faced by privacy and information security officers is finding the sensitive personal information they are charged with protecting. Such information resides not only on servers in the data center, but may also lurk on employee PCs and laptops or even hide in metadata on mobile devices. In this session, you will learn about tools and strategies for locating sensitive data. You will also hear about what metadata can reveal and how to control it in your mobile implementations.
Speakers: Kevin Mazzone, Security Programmer, Information and Communication Services, UC Davis Health System Sean Cordero, President, Cloud Watchmen, Inc. Facebook, Twitter, Instagram " what do they have in common? They all are social networks that revolve around communication and relationships. An effective security and compliance program is required to do the same. This session covers the roles, the communications, and the relationships needed in order to build and maintain an effective security and compliance program.
Speaker: Gary Osland, Business Development Manger at Cisco Systems Inc. Given the vast scope of Cybersecurity, and the current threat landscape, developing a comprehensive framework for government IT enterprises is extremely complex. To help simplify this effort, Cisco has built a framework based on Visibility, Intelligence, and Control of the network. This framework includes an integrated approach addressing four important areas of Cybersecurity: Secure Identity and Mobility, Cyber Threat Defense, Malware Detection and Defense, and Cloud/Data Center Security. This approach will ensure information assurance and compliance with Federal and State guidelines and regulations. It also supports cost-saving and mission enhancing initiatives, such as cloud computing, telework, and citizen self-service.
Speaker: Jeff Schilling, Director for the Incident Response Practice, Dell SecureWorks Aside from death, loss and taxes, businesses have one more inevitable situation to worry about: a computer incident. And when it strikes, you'd better be prepared. If you've ever wondered what you would do if your computer network were attacked or your entire website went down, and didn't know, you probably don't have an effective tried-and-true Computer Incident Response Plan (CIRP). Having a CIRP in place to help organizations stop the incident and repair the damages as quickly as possible could mean the difference between losing hundreds of dollars and tens of thousands of dollars. And conducting forensics after the incident could let you know who the hacker was and how to prevent future attacks. In this session, attendees will learn: 1) How to prepare an Incident Response Plan tailored to their organization 2) Which people in the organization need to be involved in the planning and become a member of the Community Emergency Response Team 3) What constitutes an "incident" ? 4) How to decide what systems are most critical to get back online first 5) What the best ways are to stop an incident before it spreads 6) How to conduct a tabletop exercise to test the organization's ability to respond to an incident.
C13_S12_CA Cyber Security Symposium 2013 (1566 KB)
Chad Hodges, Enterprise Networking Solutions, Inc. (ENS, Inc).
Scott MacDonald, Agency Information Security Officer, CA Dept. of Corrections and Rehabilitation
Gary Coverdale, CISO, County of Napa
It is imperative that your IT security policies be a critical part of any Business Continuity/Disaster Recovery (BC/DR) plan; even heightened security may be called for in a disaster event. In this interactive panel discussion, we will explore the development of your BC/DR strategies and the security integration pieces.
Issues to be addressed include:
Should your BC/DR plan involve a cloud solution?
Critical establishment of Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO)
Classifying data for protection levels
Effective testing and restore
Documentation and procedures
Speaker: Andy Sulak, Solutions Specialist, Entisys Solutions, Inc. The pervasive use of virtualization, the consumerization of IT, and the adoption of Cloud solutions to support IT service delivery are drivers of "new infrastructure" innovation that require public sector technology managers to better identify and mitigate associated security risks. By leveraging a holistic approach to vulnerability, strategy and cost, IT managers can formulate sound plans and operative decisions relative to security and its management. This session will explore these considerations for new infrastructure, workforce mobility, and end-point application security. The goal is to encourage a deliberate, cohesive approach to this important subject. Though specific product examples and case studies may be discussed, this session will explore these issues from an objective, manufacturer agnostic perspective.
Speakers: Joanne McNabb, Director of Privacy Education and Policy, Office of the Attorney General Michele Robinson, Chief Information Security Officer, California Information Security Office Ten years and 46 states after California's landmark law on data breach notification, breaches continue to make news on a daily basis. The Attorney General's Privacy Enforcement and Protection Unit and the California Information Security Office both review and analyze the breaches reported to them. In this session, you will learn about trends and lessons learned from data breaches affecting Californians in the past year. You will also get a preview of legislative and policy approaches to address some of the vulnerabilities revealed in breach analysis.
Speaker: Vincent Stoffer, Cyber Security Engineer, Lawrence Berkeley National Lab Bad guys are increasing their agility by using techniques of rapidly changing IPs, domain names and name servers. We see more and more malware using domain generated algorithms as well as the registration of thousands of unique domains for command and control, phishing and spam. In this talk we discuss our implementation of Bind response policy zones (RPZ) as well as some other DNS protections and how they have helped Berkeley Lab get a handle on modern malware.
C13_S17_Turning Back the Hordes (1587 KB)
Speaker: Chris Novak, Global Director, Verizon Investigative Response Unit, Verizon The first recommended step in nearly every organizational risk assessment is to identify all assets under your control that might contribute to unacceptable risk. For cyber risk, it is natural to only include cyber-centric items such as computers, routers, printers, firewalls, filesystems, and information being stored and processed. Unfortunately, two important assets are often overlooked: the people using those systems, and the data that the machines and the people create about themselves. In this talk, we will discuss how organizations can leverage the many tools available for continuous monitoring of event logs, network flows, employee actions, and other observable occurrences in order to build a better picture of the overall health and/or security of an organization.
Speaker: Tony Cole, FireEye Techniques and Tactics of the Cyber Adversary " What are the tools and techniques being used to infiltrate your network Today's cyber-attacks have changed radically from just a few years ago. Broad, scattershot attacks designed for mischief have been replaced with attacks that are advanced, targeted, stealthy, and persistent. The next generation of attacks are focused on acquiring something valuable" sensitive personal information, intelligence on critical government infrastructure, authentication credentials " and each attack is often conducted across multiple threat vectors, web and email, and across multiple stages, with premeditated steps to get in, to signal back out of the compromised network, and to get valuables out. How are these tools designed, who is designing them and how do you make sure you have the proper defenses in place to protect yourself from the adversaries.
Speaker: Lewis Carr, HP Traditionally, SIEM technology has focused on information security" perimeter security, user monitoring, internal threats, threat intelligence, and so forth. Hear business-enablement use cases outside the realm of information security. Topics include assisting HR with corporate policy monitoring and enforcement, monitoring internal Chinese firewalls, finding fraud within call centers, detecting pharmaceutical waste and theft, monitoring for inappropriate access to corporate and patient records, and teaming with physical security staff to provide a higher level of corporate security.
Speaker: Mark Seward, Senior Director of Security and Compliance Solutions, Splunk Inc Security Leadership: Decision-makers that will prevent and respond to Future Cyber Attacks Do you know what IT security threats are trying to get into your organization, or even worse, are already inside? Do you need to speed up security investigations from days to seconds? Today's security teams are being strained to the limit, doing more with less while defending against threats that are more numerous, advanced, and difficult to detect. Empower your security team with solutions that provide better insight and visibility into your organization's machine data to identify threats, investigate security violations, and discover outliers before systems are compromised. A comprehensive Security program will ensure all relevant data is available for investigations and threat detection, resources are appropriately allocated, as well as improve departmental collaboration and limit exposure. Compliance frameworks are also a critical component of any Security program.
C13_S21_Security Leadership (10832 KB)
Speaker: Lee Klarich, Senior Vice President, Product Management, Palo Alto Networks Next-generation security: eliminating today's silos to minimize cyber risks. Today's reality for many security teams is a plethora of security tools bolted on to their network infrastructure over the years to address new threats and a constantly evolving application landscape. The resulting silos have made your network security ineffective and costly. Join us to learn how a new approach to network security can put the power back in the hands of your teams, and break the current cycle of cyberthreats.
Patrick McGuire, Special Advisor, California Department of Technology, California Information Security Office
Katrina Yang-Fuentes, Information Security Analyst, California Department of Technology, California Information Security Office
Join us as we discuss what the latest updates to State Administrative Manual Chapter 5300 means to state agencies, the new process of acknowledging compliance reporting, and learn what you can do now to prepare your agency.
Speakers: Joanne McNabb, Director of Privacy Education and Policy, Office of the Attorney General Debbie Castanon, Chief Privacy Officer, DMV State law, and more recently SAM, require state agencies to post privacy policies on their web sites and in their offices, and put privacy notices on data collection forms. In addition to meeting compliance goals, drafting such policies and notices provides an excellent opportunity for a privacy coordinator to uncover (and in some cases change) implicit privacy practices, educate key players in the agency on current policies, and improve transparency to the public. In this session you will receive tools and tips on using them to update your agency's privacy policies and notices as required in SAM 5310 and SIMM 5310-A.
Speaker: Monte Ratzlaff, Security Manager, UC Davis Health System How do you know whether the newly purchased budget software keeps sensitive data secure? Evaluating the security of new technologies is imperative to understanding and mitigating risks to data and the university. This presentation focuses on information security issues related with new technologies and strategies to mitigate those risks.
C13_S24_IT Evaluation Process (1002 KB)
Speaker: Matt Ulery, Director of Product Management, NetIQ Bring Your Own Identity (BYOI) " strategies for organizations and their impact BYOI is the enabling of employees, customers, and constituents to use their own defined identities to access organizational resources and or entitlements. This trend is being embraced and extended to use individual social media identities. Organizations that embrace BYOI save on identity management costs as well as enable better directed marketing and communications. As all new trends, the question must come up " Does BYOI come with hidden costs or exposures?'. This session will discuss the items you need to consider in order to move forward, including: 1) " Benefits of BYOI and why 2) " Potential downsides of blending organizational and personal identities? Ie: What is the potential privacy impact of using BYOI 3) " Issues that may arise with the use of non-organizational / personal identities while accessing information and entitlements? 4) " What can happen if a social identity is compromised? 5) " How can we use them securely?
C13_S25_Bring Your Own Identity(BYOI) (1378 KB)
Speaker: Raleigh Rhodes, Sr. Manager-Cyber Security & Special Programs, CenturyLink Government Discussion and presentation will provide an overview/update on the Department of Homeland Security (DHS) Enhanced Cybersecurity Services (ECS) program that was expanded in February of 2013 by Presidential Executive Order (PPD-21). ECS is a voluntary information sharing program that assists critical infrastructure owners and operators as they improve the protection of their systems from unauthorized access, exploitation, or data exfiltration. DHS works with cyber security organizations from across the federal government to gain access to a broad range of sensitive and classified cyber threat information. DHS develops indicators based on this information and shares them with qualified Commercial Service Providers (CSPs), thus enabling them to better protect their customers who are critical infrastructure entities. CenturyLink Government is an original and fully approved operational Commercial Services Provider for the Department of Homeland Security's ECS program. CenturyLink will share information and hold a discussion in this session on ECS and provide details on services such as advanced email and DNS security designed to approved critical infrastructure protection for entities utilizing government-furnished threat and technical information.
Speaker: Nasser Azimi, Senior Partner, Teranomic New cyber threats and malicious attacks are emerging every day and government agencies must take the necessary measures to protect their customer data and confidentiality within Social Media applications against persistent threats. As the cloud use to run government systems expands and social media integration grows within government applications, Social Media Security issues must be considered and resolved as legitimate threats to data and confidentiality. This session will use case studies to demonstrate various categories of Social Media cyber threats, current measures to protect against such threats during system design and implementation and how to protect against such threats on a day to day basis within operational systems. Attendees will leave this session with a roadmap for implementation of Social Media Security Measures.
Speakers: Neils Johnson, Principal Evangelist, Symantec Laurie Rhea, Privacy & Disclosure Officer, CA Franchise Tax Board Dan Manson, Computer Information Systems Dept Chair and Professor at CA State Polytechnic University, Pomona , Cal Poly Pomona/Cyber Watch West The volume and sophistication of security threats are rising at an unimaginable rate. Government organizations need to protect their most value asset, an overwhelming amount of information. At the same time that information must be made available to those authorized to use it. There is a tension between making information available and keeping it secure. That tension is better defined as RISK. In this session, you will learn from " real life' examples of how information sharing can be implemented to maximize business output and STILL protect sensitive and confidential information, as well as discuss the steps necessary to develop an Information Centric approach to better work in a world of Mobility, Cloud Computing and Big Data.
C13_S28_Privacy is Why, Security is How (2475 KB)
Speaker: Scott Saunders, SMUD There are two enterprise risk management documents that the electricity subsector has developed that can easily be leveraged by other entities. The first is the Department of Energy (DOE) Risk Management Process (RMP) which is adapted from the National Institute of Standards and Technology Guideline for Managing Risk in an Organization. This provides a repeatable methodology to engage from the executive layer of the organization down to the information technology and industrial control system practitioner. Building on the RMP, we have developed the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) which can be used to measure the effectiveness of a cybersecurity program across 10 domains. While both of these documents carry electricity subsector titles, their concepts are not sector specific.
Speakers: Bill Harrod, Cybersecurity Advisor, CA Technologies Scott MacDonald, Agency Information Security Officer, CA Dept of Corrections and Rehabilitation (CDCR) Laurie Rhea, Privacy & Disclosure Officer, CA Franchise Tax Board Privacy is why, Security is how; protecting personal information and providing security in an environment where our traditional security boundaries are less and less effective, and yet where we are encouraged to provide greater access to more information.
C13_S32_Identity is the New Perimeter (1178 KB)
Speaker: Chris Eng, Vice President, Research, Veracode, Inc. Often times, when developing new systems and software, security takes a back seat to functionality and rapid development. Additionally, the use of third-party code in internally developed applications makes ensuring security even more difficult. During this presentation, Chris Wysopal, co-founder and CTO, Veracode, will discuss strategies government agencies can use to work with system designers in an effort build security testing into their development lifecycle in order to improve the security of internally developed applications.
Speaker: Paul Laurent, Public Sector Director of Cybersecurity Strategy, Oracle Public Sector sits in a precarious position: Every day we face more functional requirements and greater security risks with less money and fewer resources than ever before. Government on all levels tries to provide new and proactive services (online, mobile, social, etc.), while sharing resources and cutting costs, and maintaining compliance with some of Public Sector's most stringent laws and regulations. The key to preparing for these new security & privacy constraints has been re-architecting IT services with open, standards-based identity federation models for security, privacy, and interoperability. This session will discuss how Federal, State, and Local governments are architecting new, agile citizen/government services.
Speaker Panel: Russell Jones, Partner, Health Sciences & Government " Security & Privacy Services, Deloitte Cathy Cleek, CIO Ca Franchise Tax Board, Jorge D. DeCesare, Chief Information Security Officer, Dignity Health The Evolving Information Security Officer (ISO): Trends from the Public & Private Sector Participants will learn about the current trends in the development and evolution of the Information Security Officer role " and of the responsibilities, expectations and importance of this critical role from a cross sector perspective. More specific to California, participants will hear about cybersecurity and privacy trends and events both in the public sector and Federal government that highlight the importance of having a dedicated individual that ensures that a Department or Agency has the "minimum" appropriate security and privacy controls and IT Risk Management framework in place to effectively deal with the world that we live in today: a world where the threat is not a teenage hacker but organized crime, nation states and sophisticated hacker coalitions (e.g. Anonymous). Topics will include the types of skill sets and education/training needed, the essential attributes & characteristics that senior leadership are seeking, first-hand accounts from ISOs from other states/Federal government and strategies for becoming more effective in working with CIOs, Department and Agency leaders, and the Legislature.