The SUMMIT 2019 CLEVELAND – Program Information

The SUMMIT 2019 – Full Program Agenda

MONDAY OCTOBER 21, 2019 – Xcelerate Your Career Training Day

Monday 10/21; 8:00 am – 5:00 pm:  Open Source Intelligence (OSINT) Gathering Essential Training. 
This workshop is designed for both non-technical folks who have some basic Internet skills, as well as seasoned penetration testers who want to shore up their OSINT gathering skills. For the demos and exercises, I’ll be partnering non-technical students with technical students so that everyone can benefit from the exercises.Classes will be posted as they are confirmed.

Monday and Tuesday 10/21-22; 8:00 am – 5:00 pm:  Introduction to Malware Analysis.  Due to the prevalence and business impact of malware, security professionals increasingly need the skills necessary to analyze ransomware, trojan horses and other computer viruses. This two-day course teaches attendees the proven concepts, techniques and processes for analyzing malware. Students will take multiple “from-the-wild” malware samples in a hands-on environment and learn how to analyze their characteristics and behavior to determine what they do and what risk they present. The course culminates in an analysis that utilizes all of the tools and techniques that have been learned.  No previous malware analysis experience is necessary as this course is designed for those who have never performed malware analysis before.  Students will be required to bring their own laptops for the class. Laptops will need a VMWare Workstation or VirtualBox installation with an install of Windows (7 or higher) as the guest OS prior to the class. All other tools will be provided.

Monday and Tuesday 10/21-22; 8:00 am – 5:00 pm: Oracle Database Security Master Class.  The class curriculum is completely non-commercial and does not promote or recommend any products, services, or companies. Rather, it is based upon maximizing security by properly configuring capabilities native to the product and already covered by existing licensing.  The Oracle Database Security Master Class is a practicum using lecture and live demo to turn oft repeated phrases such as “Least Privileges” into specific actionable items and syntax that will address issues and bring measurable benefits. Topics covered include: Creating user, profiles and roles, Database and Listener configuration, blocking known exploits, Preventing the Database from becoming an attack tool, SQL Injection, Revoking unnecessary privilege, secure coding practices, and understanding when an audit requirement does not enhance security.

Following the class, security and database professionals will know how to analyze databases, not just Oracle, for vulnerabilities and understand specific steps they must take to develop processes, procedures, and configurations to prevent misuse by outsiders that have penetrated the network and insiders that have escalated privileges.

TUESDAY OCTOBER 22, 2019 – Career Connection
Information Coming Soon

WEDNESDAY-FRIDAY OCTOBER 23-25, 2019 – 17th Annual Information Security Summit
Our featured speakers include:
WEDNESDAY – HARRISON SCHMITT
Harrison Schmitt.  Details on Schmitt’s talk will be posted soon.

 

WEDNESDAY- JOSEPH WEISS  PE CISM CRISC ISA Fellow
Joseph is a Control Systems Cybersecurity Expert and an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more through his blog – Unfettered. Joseph’s career accomplishments include:  40+ years in industrial instrumentation controls, and automation, authored Cyber Security Chapter Electric Power Substations Engineering, authored Cyber Security Chapter Securing Water and WasteWater Systems, Patent: Steam Turbine Fuzzy Logic Turbine Controller, testified to 5 Congressional Hearings, ISA Fellow, IEEE Senior Member, Ponemon Fellow and US Expert to IEC TC45A – Nuclear Plant Cyber Security

THURSDAY – JACK JONES CRIC, CISM, CISA, CISSP
What Does a Mature Cybersecurity Program Look Like?
Jack Jones has worked in technology, information security, and risk management for over thirty years.  He has ten years of experience as a CISO with three different companies, including five years at a Fortune 100 financial services company.  His work there was recognized in 2006 when he received the ISSA Excellence in the Field of Security Practices award at that year’s RSA conference.  In 2012 Jack was honored with the CSO Compass award for leadership in risk management.  He is also an adjunct professor at Carnegie Mellon University, where he teaches risk measurement and management in the CRO program.  Jack is also the creator of the “Factor Analysis of Information Risk” (FAIR) framework adopted by the Open Group as an international standard.  Currently, Jack is the Chief Risk Scientist at RiskLens, Inc., and Chairman of the FAIR Institute, a non-profit organization dedicated to evolving risk management practices.  He has also co-authored a book on FAIR entitled “Measuring and Managing Information Risk, a FAIR Approach” which was inducted into the Cyber Security Canon in 2016.

THURSDAY – GRANT ASPLUND, Cloud Evangelist
My CEO Told Me We Have to Move Our Datacenter to the Cloud…So, What’s the Big Deal?

Grant was Principal Evangelist for Dome9 when Check Point made the acquisition. Grant has held worldwide evangelist roles at Check Point Software Technologies and more recently Blue Coat Systems, Inc. where he was Director of Evangelism.  Grant has also held the Head of Market Development and Sales for Altor Networks, and was Vice President, Enterprise Sales for NeuStar. Additionally, he was President and CEO of MetaInfo before successfully selling the company to NeuStar. Grant brings his unique story-telling style mixed with high energy and passion, representing Dome9 at public events and conferences worldwide. Grant has also been a featured speaker and panelist at numerous industry trade shows, conferences and several radio blogs which include RSAC, Next100 CIO’s and BlogTalkRadio.

FRIDAY – EDDIE DOYLE, Global Security Strategist
The Ethics of A.I. & the DNA of Malware
Humanity is reaching a critical turning point where a machine, controlling an autonomous vehicle, will soon decide who will live & who will die, in a fraction of a second, without human supervision. Machines are also making critical security decisions that impact real-world events & potentially decide the fate of your company’s assets. Cyber-criminal syndicates have evolved beyond simply changing hashes in code & they’re outsmarting sandboxing technologies, by advancing their automated re-packing services into a new generation of evasion techniques, via a complete scramble of malicious programming to effectively fool security systems into thinking their code is a new zero-day attack. But if you look closely enough, you can find the DNA of their Malware. By teaching machines to recognize the DNA of criminal groups, we can reduce false-positives & block malicious code before it arrives at our gateway.