Northeast Ohio Information Security Forum

10 Reasons Your Security Education Program Sucks
by Kris French

Cynicism at the intentions and questionable competency of our users is rampant in information security.  We all know that a defense system is only as strong as its weakest point.  This point is too often our people.  It’s not right to blame them for this.  Security is our job, and if we recognize a weak point and don’t protect it, we’re not doing our jobs.  In this talk, I’ll walk you through the part of your job you’re ignoring, and how to do it better. 

Kris’s Bio:
Kris is the manager of application security, risk, and compliance at Hyland Software where he leads security training efforts for both technical and non-technical departments.  He is also founder of local information security group CleveSec which aims to bring security awareness outside of the echo chamber while still helping to sharpen the skills of those in the know.

Don’t forget to come early, starting at 6:00 PM, for pizza and pop.

Untitled Second Talk
by Alex Hamerstone from TrustedSec

Alex’s, BIO:
During his career, Alex has developed literally thousands of policies and procedures for organizations of many sizes. With a solid understanding of business processes, human resources, finance, security, and technology he is uniquely positioned to provide a great deal of value to any organization.

Don’t forget to come early, starting at 6:00 PM, for pizza and pop.

Let’s face it – data breaches have become a fact of life. However, when things go wrong for companies, like the theft of personal data or the circulation of damaging email conversations, the resulting damage to a business’s hard fought reputation can be massive. In addition to the technical issues that should be considered in preparing for a breach, there are legal, compliance, and insurance issues that must be taken into account as well. This discussion will assist attendees in understanding how to find and review insurance policies, navigate legal liabilities resulting from a breach, and undertake measures to prevent a company’s employees or vendors from being its largest liabilities.

“Blue Team 101”
by Jamie Murdock & Josh Pachmayer from Binary Defence

When you think of Information Security, most people think red team. But lets face it, blue team is where it’s at. We’re going cover the basics of what the blue team is and why we need more focus on defending.

Jamie, BIO:
For over 15 years, Jamie has specialized defending, securing, and protecting corporate networks. During this time, he has built security operation centers for Fortune 500 companies, providing expert guidance in all areas of security operations. He has built incident response and threat intelligence programs, including assisting federal agencies on cyber-crime investigations. Jamie has presented at regional and national conferences on the topics of security operations centers and threat intelligence.

Don’t forget to come early, starting at 6:00 PM, for pizza and pop.

Resilience is the ability an organization has to quickly adapt to disruptions while maintaining continuous, effective business operations and safeguarding people, assets and overall brand equity.  In this session we will discuss business and IT resiliency and try to determine if it is just another buzzword or catchphrase to be used at social gatherings and company meetings, or if it is a strategic objective in response to the needs of an organization to be adaptable and competitive.  What do you think?

BIO:
Gary Sheehan is the Chief Security Officer and Director of GRC Services for ASMGi.  ASMGi provides a variety of IT, security and business solutions that enable organizations to meet their goals and objectives.  Gary has over 30 years of experience in information technology with over 25 years of experience in information security, specializing in GRC integration, security management, compliance, policy and awareness development, and security program governance.  Throughout his career Gary has worked for and with a number large companies in the banking, insurance, diversified industrial, healthcare, manufacturing and chemical industries.  He has successfully executed large, global security projects and implemented enterprise-wide security programs at a number of companies.

Gary is a past President of the Northern Ohio Members Alliance of InfraGard and Founder of Information Security Summit.  Gary has a Bachelor’s degree in Business Administration from Baldwin-Wallace College and is a 2006 graduate from the FBI Citizens Academy.

“The Domain Name System – Operation and Security”
by Tom Kopchak from Hurricane Labs

The Domain Name System (DNS) is a critical service for the operation of the Internet as we know it. Although the process of resolving human readable domain names into Internet-routable IP addresses may seem simple, this process is backed by a massive, globally-distributed database. The reliable functioning of this system impacts all users – from end users, to system administrators, to security professionals and event entire countries. Because of behavior and ubiquity of DNS, it has recently become a focus for attackers, especially as both a source and target for distributed denial of service (DDoS) attacks.

In this presentation, Tom will provide an overview of the operation and design of the Domain Name System, focusing on both the global structure along with best practices for a local deployment. Security considerations will be a core component of the presentation, including an overview of recent attacks leveraging the fundamental operation of DNS along with improperly configured resolvers resulting in significant interruptions in Internet service.

BIO:
Tom Kopchak is a Senior Security Engineer and Operations Team Lead at Hurricane Labs, an Information Security Firm in Cleveland, Ohio who specializes in Splunk design and implementation, network integration, and firewall and network security. Tom is an alum of the Rochester Institute of Technology, with a background in Computing Security and Information Security (MS) and Applied Networking and System Administration (BS). His research areas include computer forensics and data storage technologies. When he is not working with computers, Tom enjoys composing, music improvisation (Acts of Music), and playing both the piano and organ.