ISSA New England Annual Sponsor Expo and Chapter Meeting
Wednesday, August 2, 2017 from 8:00 AM to 4:30 PM EDT
You are invited to ISSA, New England Chapter's Annual Sponsor Expo and Chapter Meeting.
Compete in the Security Bee (questions from the CISSP exam) and bring home a cash prize and award (win and place), fame and your place in history.
Verizon
60 Sylvan Rd
Waltham, MA 02451
Wednesday, August 2, 2017 from 8:00 AM to 4:30 PM EDT
You are invited to ISSA, New England Chapter's Annual Sponsor Expo and Chapter Meeting.
Compete in the Security Bee (questions from the CISSP exam) and bring home a cash prize and award (win and place), fame and your place in history.
Verizon
60 Sylvan Rd
Waltham, MA 02451
Agenda: (speaker bios and topics below)
8:00 AM to 9:00 AM Registration | Breakfast (Distribute CPE receipt)
9:00 AM to 9:30 AM Welcome from Chapter
9.10AM to 9.30 AM Sponsor introductions
9:30 AM to 10:00 AM Dr. Kelley Misata - A Wake-Up Call - Information Security for Non-Profits, Foundations, and Charities
10:00 AM to 10:30 AM Platinum Sponsor presentation – ProtectWise
Detecting Threats in the Cloud with the Cloud
10:30 AM to 10:45 AM Break | Booth Visitation
10:45 AM to 11:15 AM Sandy Carielli - What’s Happening in Crypto Land?
11:15 AM to 11:45 AM Platinum Sponsor presentation – Check Point
Cloud and the challenges of shared architecture between physical, cloud and virtual.
11:45 AM to 1:30 PM Lunch | Sponsor ‘what’s my line’, Booth Visitation
1:30 PM to 2:15 PM Ken van Wyk - How well do you know your incident response?
2:15 PM to 2:30 PM Break | Booth Visitation
2:30 PM to 3:00 PM Ming Chow The Really Hard Problems in Security (or How Big of a Hole Have We Dug Ourselves Into)
3:00 PM to 3:30 PM Break (Ice Cream Bar)| Booth Visitation; Raffle Announcement
3:30 PM to 4:30 PM Security Bee ($250 Winner Prize)
8:00 AM to 9:00 AM Registration | Breakfast (Distribute CPE receipt)
9:00 AM to 9:30 AM Welcome from Chapter
9.10AM to 9.30 AM Sponsor introductions
9:30 AM to 10:00 AM Dr. Kelley Misata - A Wake-Up Call - Information Security for Non-Profits, Foundations, and Charities
10:00 AM to 10:30 AM Platinum Sponsor presentation – ProtectWise
Detecting Threats in the Cloud with the Cloud
10:30 AM to 10:45 AM Break | Booth Visitation
10:45 AM to 11:15 AM Sandy Carielli - What’s Happening in Crypto Land?
11:15 AM to 11:45 AM Platinum Sponsor presentation – Check Point
Cloud and the challenges of shared architecture between physical, cloud and virtual.
11:45 AM to 1:30 PM Lunch | Sponsor ‘what’s my line’, Booth Visitation
1:30 PM to 2:15 PM Ken van Wyk - How well do you know your incident response?
2:15 PM to 2:30 PM Break | Booth Visitation
2:30 PM to 3:00 PM Ming Chow The Really Hard Problems in Security (or How Big of a Hole Have We Dug Ourselves Into)
3:00 PM to 3:30 PM Break (Ice Cream Bar)| Booth Visitation; Raffle Announcement
3:30 PM to 4:30 PM Security Bee ($250 Winner Prize)
Speaker Bios and Topics:
A Wake-Up Call - Information Security for Non-Profits, Foundations, and Charities
Kelley Misata - Ph.D. , Purdue University, Faculty, Emerson College
The last time you gave money or time to your favorite charity did you think about their information security? Did you wonder what measure they were taking to protect you or the people they serve? Like any business, today’s digital landscape and the influx of technology walking around is forcing non-profits of all sizes to take a new look at protecting the organization from surveillance, intrusion, and cyber attack. However, they are often overlooked by vendors, researchers, and the security industry for a variety of reasons. This talk will walk you thru the unique challenges facing non-profits, foundations, and charities and will present an approach to truly helping them improve their security for themselves, their donors, and they people they serve. Brought from a unique view of a survivor of cyberstalking turned Ph.D., Dr. Misata will spotlight her research and strategies for non-profits stay safer online.
Kelley Misata is a Strategic Thought Leader who combines over 15 years in business leadership roles with a passion for facilitating critical conversations around responsible digital citizenship, digital safety and free of speech online. Her current work with the Open Information Security Foundation and recent work at Tor spans across fundraising, advocacy, policy discussions, marketing and outreach activities with a wide array of stakeholders. Misata combines success in strategic business development, training and consulting with a unique perspective as a survivor of cyberstalking, bringing to the table a fearless and unique perspective. She holds a bachelor’s in marketing, a master’s in business administration and Ph.D. in information security at Purdue University.
What’s Happening in Crypto Land?
Sandy Carielli - Security Technologies Director, Entrust Datacard
Join us on an adventure into the world of modern cryptography as we explore some of the issues and questions facing security teams. What challenges have become apparent as organizations have migrated away from algorithms like SHA-1? How are researchers looking at cryptography for constrained devices? What’s the latest with quantum computing, and what will it mean for my products … and when? Finally, what tips and best practices are your peers sharing to help manage all of this?
Sandy Carielli has spent over a dozen years in the cyber security industry, with particular focus on identity, PKI, key management, cryptography and security management. As security technologies director for Entrust Datacard, Sandy guides the organization’s next generation security and technology strategy. Prior to Entrust Datacard, Sandy was Director of Product Management at RSA, where she was responsible for SecurID and data protection. She has also held positions at @stake and BBN. Sandy has been a speaker at RSA Conference, SOURCE Boston, the NYSE Cyber Risk Board Forum and BSides Boston. She has a Sc.B. in Mathematics from Brown University and an M.B.A. from the MIT Sloan School of Management. More info is here: https://www.linkedin.com/in/sandra-carielli-251599/
How well do you know your incident response?
Ken van Wyk, internationally recognized information security expert and author of three popular books, including Enterprise Security: A Confluence of Disciplines (Pearson, 2014), Secure Coding: Principles and Practices (O’Reilly, 2003), and Incident Response (O’Reilly, 2001). He is also a monthly columnist for Computerworld. Among his numerous professional roles, Ken is a Visiting Scientist at the Software Engineering Institute at Carnegie Mellon University, where he is a course instructor and consultant to the CERT® Coordination Center. More info is here: http://www.krvw.com/
Almost every organization has an incident response plan these days, as well they should. But, has it really been put to the test under fire? Hopefully, it will never need to be, but if it does, understand that your organization’s success or failure will be largely determined by people outside of the immediate computer security incident response team (CSIRT). How do you know how they’ll actually perform under pressure? One very effective way of putting that to the test is to do tabletop drills. The drills should be serious and representative of your business and IT environment, and they should stress your multi-discipline enterprise-wide CSIRT to its limits. In this session, Mr. Van Wyk will present guidelines for building and conducting an effective set of tabletop drills that push your CSIRT and how they’ll respond under real pressure.
The Really Hard Problems in Security (or How Big of a Hole Have We Dug Ourselves Into)
Ming Chow: Tufts University, Senior Lecturer
The really hard problems in Security are hardly related to cool exploits. Too often, they are the focus in the community and at security conferences. Case-in-point: phishing and stolen credentials are still the top attack vectors and are still very successful. The policy and educational aspects of security are a disaster. The attack surface is only getting larger. This will be a very sobering and thought-provoking discussion where you will question how far we have really progressed --or not.
Ming Chow is a senior lecturer in the Tufts University Department of Computer Science. His areas of work are in web and mobile security and web and mobile engineering. He teaches courses largely in the undergraduate curriculum, including Data Structures, Web Programming, Web Engineering, Music Apps on the iPad, Mobile Medical Devices and Apps, Senior Capstone Project, and Introduction to Computer Security. He was also a web application developer for ten years at Harvard University. Chow has spoken at numerous organizations and conferences, including the HTCIA, OWASP, InfoSec World, Design Automation Conference (DAC), DEF CON, Intel, SOURCE, and BSides. More info is here: https://engineering.tufts.edu/people/faculty/ming-chow
A Wake-Up Call - Information Security for Non-Profits, Foundations, and Charities
Kelley Misata - Ph.D. , Purdue University, Faculty, Emerson College
The last time you gave money or time to your favorite charity did you think about their information security? Did you wonder what measure they were taking to protect you or the people they serve? Like any business, today’s digital landscape and the influx of technology walking around is forcing non-profits of all sizes to take a new look at protecting the organization from surveillance, intrusion, and cyber attack. However, they are often overlooked by vendors, researchers, and the security industry for a variety of reasons. This talk will walk you thru the unique challenges facing non-profits, foundations, and charities and will present an approach to truly helping them improve their security for themselves, their donors, and they people they serve. Brought from a unique view of a survivor of cyberstalking turned Ph.D., Dr. Misata will spotlight her research and strategies for non-profits stay safer online.
Kelley Misata is a Strategic Thought Leader who combines over 15 years in business leadership roles with a passion for facilitating critical conversations around responsible digital citizenship, digital safety and free of speech online. Her current work with the Open Information Security Foundation and recent work at Tor spans across fundraising, advocacy, policy discussions, marketing and outreach activities with a wide array of stakeholders. Misata combines success in strategic business development, training and consulting with a unique perspective as a survivor of cyberstalking, bringing to the table a fearless and unique perspective. She holds a bachelor’s in marketing, a master’s in business administration and Ph.D. in information security at Purdue University.
What’s Happening in Crypto Land?
Sandy Carielli - Security Technologies Director, Entrust Datacard
Join us on an adventure into the world of modern cryptography as we explore some of the issues and questions facing security teams. What challenges have become apparent as organizations have migrated away from algorithms like SHA-1? How are researchers looking at cryptography for constrained devices? What’s the latest with quantum computing, and what will it mean for my products … and when? Finally, what tips and best practices are your peers sharing to help manage all of this?
Sandy Carielli has spent over a dozen years in the cyber security industry, with particular focus on identity, PKI, key management, cryptography and security management. As security technologies director for Entrust Datacard, Sandy guides the organization’s next generation security and technology strategy. Prior to Entrust Datacard, Sandy was Director of Product Management at RSA, where she was responsible for SecurID and data protection. She has also held positions at @stake and BBN. Sandy has been a speaker at RSA Conference, SOURCE Boston, the NYSE Cyber Risk Board Forum and BSides Boston. She has a Sc.B. in Mathematics from Brown University and an M.B.A. from the MIT Sloan School of Management. More info is here: https://www.linkedin.com/in/sandra-carielli-251599/
How well do you know your incident response?
Ken van Wyk, internationally recognized information security expert and author of three popular books, including Enterprise Security: A Confluence of Disciplines (Pearson, 2014), Secure Coding: Principles and Practices (O’Reilly, 2003), and Incident Response (O’Reilly, 2001). He is also a monthly columnist for Computerworld. Among his numerous professional roles, Ken is a Visiting Scientist at the Software Engineering Institute at Carnegie Mellon University, where he is a course instructor and consultant to the CERT® Coordination Center. More info is here: http://www.krvw.com/
Almost every organization has an incident response plan these days, as well they should. But, has it really been put to the test under fire? Hopefully, it will never need to be, but if it does, understand that your organization’s success or failure will be largely determined by people outside of the immediate computer security incident response team (CSIRT). How do you know how they’ll actually perform under pressure? One very effective way of putting that to the test is to do tabletop drills. The drills should be serious and representative of your business and IT environment, and they should stress your multi-discipline enterprise-wide CSIRT to its limits. In this session, Mr. Van Wyk will present guidelines for building and conducting an effective set of tabletop drills that push your CSIRT and how they’ll respond under real pressure.
The Really Hard Problems in Security (or How Big of a Hole Have We Dug Ourselves Into)
Ming Chow: Tufts University, Senior Lecturer
The really hard problems in Security are hardly related to cool exploits. Too often, they are the focus in the community and at security conferences. Case-in-point: phishing and stolen credentials are still the top attack vectors and are still very successful. The policy and educational aspects of security are a disaster. The attack surface is only getting larger. This will be a very sobering and thought-provoking discussion where you will question how far we have really progressed --or not.
Ming Chow is a senior lecturer in the Tufts University Department of Computer Science. His areas of work are in web and mobile security and web and mobile engineering. He teaches courses largely in the undergraduate curriculum, including Data Structures, Web Programming, Web Engineering, Music Apps on the iPad, Mobile Medical Devices and Apps, Senior Capstone Project, and Introduction to Computer Security. He was also a web application developer for ten years at Harvard University. Chow has spoken at numerous organizations and conferences, including the HTCIA, OWASP, InfoSec World, Design Automation Conference (DAC), DEF CON, Intel, SOURCE, and BSides. More info is here: https://engineering.tufts.edu/people/faculty/ming-chow
| ||||
Vendor Presenter Bios and Topics:
ProtectWise Sponsor Talk: Detecting Threats in the Cloud with the Cloud
The need to manage security threats in the cloud will only grow - IT execs expect 60 percent of workloads to run in the cloud by 2018. While many concerns about cloud security have abated, a huge stumbling block remains: cloud visibility. Lack of visibility into cloud activity has been the #1 cloud security problem plaguing cloud-focused IT organizations, according to the SANS institute.
ProtectWise™ can help with a new utility model for enterprise security. Running entirely from the cloud, ProtectWise delivers pervasive visibility, automated threat detection and unlimited forensic exploration for enterprise activity wherever it occurs - in the cloud, of course, but also in hybrid environments, within the enterprise or on industrial control systems.
Wes Robertson has over 20 years of experience in application delivery networking and security. Based in Boston, he is currently a Principal Security Architect with ProtectWise, Inc. His previous roles include stints at Palo Alto Networks, where he was an SE covering major accounts. Prior to that he was a Solutions Architect with F5 Networks. A native of Tennessee, Wes lives in New Hampshire with his wife and 3 children. In his spare time he enjoys bicycling, fishing, hiking, and skiing.
Check Point Sponsor Talk: Cloud and the challenges of shared architecture between physical, cloud and virtual.
Process efficiencies and increased network agility are driving IaaS and SDN technology adoption at a rapid pace. But this new infrastructure is also presenting businesses with a unique set of security challenges. Protecting assets in the cloud from the most sophisticated threats with dynamic scalability, intelligent provisioning and consistent control across physical and virtual networks, ensuring you can embrace the cloud with confidence.
Mark Ostrowski is Regional Director Security Engineering for East Coast. Mark has over 20 years’ experience in IT security and has helped design and support some of the largest security environments in the country. As regional director of engineering for the east coast at Check Point Software, Mark provides thought leadership for the IT security industry outlining the current threat landscape and helping organizations understand how they can pro-actively mitigate and manage risk.
The need to manage security threats in the cloud will only grow - IT execs expect 60 percent of workloads to run in the cloud by 2018. While many concerns about cloud security have abated, a huge stumbling block remains: cloud visibility. Lack of visibility into cloud activity has been the #1 cloud security problem plaguing cloud-focused IT organizations, according to the SANS institute.
ProtectWise™ can help with a new utility model for enterprise security. Running entirely from the cloud, ProtectWise delivers pervasive visibility, automated threat detection and unlimited forensic exploration for enterprise activity wherever it occurs - in the cloud, of course, but also in hybrid environments, within the enterprise or on industrial control systems.
Wes Robertson has over 20 years of experience in application delivery networking and security. Based in Boston, he is currently a Principal Security Architect with ProtectWise, Inc. His previous roles include stints at Palo Alto Networks, where he was an SE covering major accounts. Prior to that he was a Solutions Architect with F5 Networks. A native of Tennessee, Wes lives in New Hampshire with his wife and 3 children. In his spare time he enjoys bicycling, fishing, hiking, and skiing.
Check Point Sponsor Talk: Cloud and the challenges of shared architecture between physical, cloud and virtual.
Process efficiencies and increased network agility are driving IaaS and SDN technology adoption at a rapid pace. But this new infrastructure is also presenting businesses with a unique set of security challenges. Protecting assets in the cloud from the most sophisticated threats with dynamic scalability, intelligent provisioning and consistent control across physical and virtual networks, ensuring you can embrace the cloud with confidence.
Mark Ostrowski is Regional Director Security Engineering for East Coast. Mark has over 20 years’ experience in IT security and has helped design and support some of the largest security environments in the country. As regional director of engineering for the east coast at Check Point Software, Mark provides thought leadership for the IT security industry outlining the current threat landscape and helping organizations understand how they can pro-actively mitigate and manage risk.