Northeast Ohio Information Security Forum

Resilience is the ability an organization has to quickly adapt to disruptions while maintaining continuous, effective business operations and safeguarding people, assets and overall brand equity.  In this session we will discuss business and IT resiliency and try to determine if it is just another buzzword or catchphrase to be used at social gatherings and company meetings, or if it is a strategic objective in response to the needs of an organization to be adaptable and competitive.  What do you think?

BIO:
Gary Sheehan is the Chief Security Officer and Director of GRC Services for ASMGi.  ASMGi provides a variety of IT, security and business solutions that enable organizations to meet their goals and objectives.  Gary has over 30 years of experience in information technology with over 25 years of experience in information security, specializing in GRC integration, security management, compliance, policy and awareness development, and security program governance.  Throughout his career Gary has worked for and with a number large companies in the banking, insurance, diversified industrial, healthcare, manufacturing and chemical industries.  He has successfully executed large, global security projects and implemented enterprise-wide security programs at a number of companies.

Gary is a past President of the Northern Ohio Members Alliance of InfraGard and Founder of Information Security Summit.  Gary has a Bachelor’s degree in Business Administration from Baldwin-Wallace College and is a 2006 graduate from the FBI Citizens Academy.

“The Domain Name System – Operation and Security”
by Tom Kopchak from Hurricane Labs

The Domain Name System (DNS) is a critical service for the operation of the Internet as we know it. Although the process of resolving human readable domain names into Internet-routable IP addresses may seem simple, this process is backed by a massive, globally-distributed database. The reliable functioning of this system impacts all users – from end users, to system administrators, to security professionals and event entire countries. Because of behavior and ubiquity of DNS, it has recently become a focus for attackers, especially as both a source and target for distributed denial of service (DDoS) attacks.

In this presentation, Tom will provide an overview of the operation and design of the Domain Name System, focusing on both the global structure along with best practices for a local deployment. Security considerations will be a core component of the presentation, including an overview of recent attacks leveraging the fundamental operation of DNS along with improperly configured resolvers resulting in significant interruptions in Internet service.

BIO:
Tom Kopchak is a Senior Security Engineer and Operations Team Lead at Hurricane Labs, an Information Security Firm in Cleveland, Ohio who specializes in Splunk design and implementation, network integration, and firewall and network security. Tom is an alum of the Rochester Institute of Technology, with a background in Computing Security and Information Security (MS) and Applied Networking and System Administration (BS). His research areas include computer forensics and data storage technologies. When he is not working with computers, Tom enjoys composing, music improvisation (Acts of Music), and playing both the piano and organ.

Repetition is a proven successful way to bridge the gap of compliance, teaching our users real life skills, and helping secure the infrastructure that we are responsible for protecting. This is best implemented with a comprehensive hands-on security phishing and awareness rewards program. A full program design will provide a maturity that the CBTs have not. While they are a good value add and can be used to reinforce the real life scenarios, relying on them as a primary means of security awareness training will not provide the value or insight to the first line of defense. By consistently reinforcing the CBTs with a custom built awareness program you increase the end user’s skills and boost the organization’s immunity to phishing and social engineering threat factors.

We all know that the end user is the weakest link. With all the talk around how broken user education is. I’ll be going over the user education by phishing and rewards program I put into place in an enterprise environment.

Tracked Metrics:

I’ll share what I did, learned, screwed up, and would change.

BIO:

Amanda Berlin is currently a Network Security Engineer at Hurricane Labs. She has been working in the IT industry for around 10 years and has worked in both public and private sector as well as spending a decent time in healthcare. She managed the internal phishing campaign at a medium size healthcare facility to promote user education about phishing and hacking through an awards based reporting program. She is a lead organizer for CircleCityCon, volunteers at many other conferences, and enjoys writing and teaching others. Amanda lives at home with her three boys and “Rabbit” the cat.

“Moving Over to the Dark Side:  What Do You Need to Move From Technical Over Into Management”
by Kenyon Mau

BIO:
Kenyon Mau is a successful human resources expert with over twenty years of experience as well as a passion for positively influencing an organization’s bottom line through the recruitment, retention, and development of talent.  He possesses a zest for innovation and creativity and has demonstrated these attributes in a variety of organizations of varying sizes, cultures, and needs.

Kenyon is currently Manager for Recruiting and Human Resources for SecureState; a management consulting firm specializing in information security.

Previously, Kenyon owned his own human resources consulting firm for five years, was a human resources manager for a local consumer product manufacturing company.  He also headed up information technology staffing for a local Fortune 200 employer where he staffed half of a 1,000-person Information Technology department in positions ranging from interns up to executives.  Kenyon has team leader position with an international staffing firm; he has been a region- leading recruiter for an international I.T. consulting firm as well as being an hr generalist for a Midwest-based oil company.