Click a block to view session details
Jerry Archer delivers one of the most compelling looks at where the 175 Billion Dollar Cyber Security market is in its maturity lifecycle
In 1960's, the Space Race inspired our country's journey to the moon. It spawned new technologies and launched a workforce explosion for STEM careers . Now, Cyber Security has become the new space race creating millions of career opportunities. Four (4) of the US's Top Cyber Security leaders will discuss what they are doing to create the cyber workforce for tomorrow.
Pisces Lounge -15th Floor
Continuous advancements in technology coupled with increased dependency has given rise to an abundance of cybersecurity threats with the potential of dramatically impacting the lives of citizens around the world. From the patient room to space, the threat is real! Our lives are encapsulated into a collection of ones and zeroes which continue to drive an increasingly digital world. Keeping pace with demands to protect our data and critical infrastructure requires a transformational mindset that can not only deploy sophisticated protection technologies, but that can engender trust and bring about easy to "accept" cyber defensive controls. Engineering cybersecurity protection strategies that can withstand the test of technological growth and the continuum of time can be challenging but can be aided by a few magical ingredients. We will study some of these ingredients and discuss how they have been implemented at NASA GSFC to produce a winning formula.
Vice Admiral Nancy A. Norton
This session will focus on how the Registered Apprenticeship model represents an opportunity for government, industry and education to address collectively workforce development challenges and to spur job creation in the cyber security industry. Specifically, this joint presentation will feature a representative from the Maryland Apprenticeship and Training Program and a representative from the UMBC Training Centers, a postsecondary education institution that sponsors a cyber-security Registered Apprenticeship program. Attendees will learn how the apprenticeship earn and learn model, which connects on-the-job learning with related technical instruction, can prepare job seekers as they enter full-time employment in the cyber security industry.
Topic areas include: 1) a brief overview of the apprenticeship model, 2) a review of the workforce shortages facing employers in the cyber security industry, 3) how Registered Apprenticeship allows business to "grow their own" by working with the state and higher education to build a training program relevant to the needs of business, and 4) a review of the benefits of apprenticeship for employers working in the cyber security industry.
We believe that this topic would be of interest to the attendees of the 2019 Cyber Maryland Conference. In conversations with cyber security employers, staff of the Maryland Department of Labor hear time and time again that a shortage of skilled workers is a significant factor that impacts the future growth potential for businesses in this field and that a traditional college degree isn't always needed for these careers. Cybersecurity talent gaps exist across the Mid-Atlantic region. Closing these gaps requires detailed knowledge of the cybersecurity workforce and the unique needs of Maryland-based employers. By expanding awareness of how Registered Apprenticeship can help to address these needs, attendees can learn how they can take action to build a more robust talent development pipeline.
In my presentation, I will make the case for the use of Apprenticeship as a tool for developing a Cybersecurity workforce.
Degrees are important but competence is what is needed. Competence is gained faster and more efficiently if education, training and experience are coordinated. In a multi-year pilot we have proven that apprenticeship works in developing Cyber talent. During my presentation I will explain how to screen, educate, train and mentor cyber talent.
There are a set of foundational knowledge and skill that can be taught quickly to get a person to be productive to an organization. Once this level is reached experience, if coordinated properly, additional education and training can advance the students on-the-job competence quickly. Work-based learning combined with a rigorous, competency-based academic program has been proven to produce motivated highly-skilled professionals.
We have proven that apprenticeship develops Cybersecurity skills quickly and efficiently.
Organizations have an imperative to protect the data that has been entrusted to them, as well as securing their digital borders against business-interrupting intrusions. The legal landscape regarding accountability for data breaches continues to develop, but it has become clear that regulators, lawmakers, and the public will hold the breached entity responsible for a cyber event and the loss of data. This trend means that a cyber event of any type has the potential to negatively affect an organization's revenue and reputation.
Experts agree that no one solution will resolve any organization's cyber risk, but combining technology and insurance can make significant strides to improving the chances that an organization can more quickly recover from a cyber event.
The approach proposed for this talk explores the use of Comprehensive Attack Surface Evaluation (CASE) assessments with scenario modeling and statistical estimation risk quantification techniques to justify strategic investments, establish tactical priorities, and quantify cyber risk in financial terms to make risk transfer decisions. This approach leverages existing technology to improve defensive readiness assessments and perform them continuously against different attack scenarios.
CASE assessments are multi-tiered assessments conducted remotely against a device that mimic a real-world attacker assessing the system for vectors of attack. CASE validation checks are based on a collection of public and proprietary strategies used by malware, pen-testers, exploit toolkits, and real-world attacks that are verified using simple validation checks provided by existing scan results or custom scans. CASE is intended to assist administrators and security teams with identifying strategies and attacker trends that could be used to compromise systems or their users. When applied to cyber risk quantification techniques, decision makers are provided with a means to proactively respond to cyber-related issues and events.
This presentation discusses why Capture the Flag tournaments matter afterward observing the Maryland Cyber Challenge, whose final round will be taking place during, and at, the Cyber Maryland Conference! Why Capture the Flag Matters is a non-technical in nature talk meant as an introductory primer discussing the benefits of gamified events. By the end of the presentation, audience members will identify capture the flag styles, understand how to capture the flag competitions enhance cognitive performance and diversity. Capture the Flag Tournaments are growing in popularity and Point3 Security has evidence to prove it! Capture the Flag tournaments are meant for all ages and skill levels allowing individuals to use these tournaments for continuous learning, talent measurement, talent retention, recruitment, and pre-hire screening. The presentation will exemplify the skill levels of all ages by showcasing the talented high school and college teams competing at the 2019 Maryland Cyber Challenge. Audience members will witness the Maryland Cyber Challenge hosted by Point3 Security's gamified learning platform, ESCALATE. Point3 will highlight the live performance of the tournament through ESCALATE's leaderboard showcasing Maryland's finest talent. Here you'll on look the live Maryland Cyber Challenge where students have accessibility to earn points from over 100 challenges showcasing their skill sets from defensive hunting to exploitation.
Cyber-attacks are on the rise with unprecedented frequency, sophistication and scale. Traditional Network security or Point solutions alone cannot fully address the issue-no security system is impenetrable. There is need for breed of cyber security solutions that bridge major aspects of people, process and technology. This session will delve into some of the key aspects of enterprise due diligence in selecting cyber security solutions.
Participants from government, industry and academia will address key questions including:
-What are the key challenges in balancing user experience and enterprise security requirements?
-What are the evolving considerations for next gen cyber solutions?
-What investment is required to address critical vulnerabilities/gaps/whitespaces?
-What is holding enterprises back because they are using "old guard" thinking?
-What is the smart way to monitor in the highly mobile environments we have today?
The CERT National Insider Threat Center has collected and analyzed over 2500 cyber/physical incidents perpetrated by insiders (malicious and accidental) and has used the empirical data to develop threat profiles describing how insider incidents tend to evolve overtime. These models allow for the identification of technical and behavioral potential risk indicators (PRIs) upon which tools can automate the detection of concerning activity. This presentation will identify the difference between insider incidents, insider threats, and insiders; provide actionable guidance on how to develop and evaluate an effective insider threat program (while protecting the privacy and civil liberties of insiders); walk you through an insider threat control framework; review recommended best practices for insider threat mitigation; and provide links to numerous insider threat mitigation resources. Throughout the presentation, multiple case examples will be provided to highlight the financial, operational, and health and safety impacts of insider incidents.
The CERT Insider Threat Control framework will be discussed:
1. Identify insider threats to critical assets
2. Establish an insider threat control baseline
3. Fill critical gaps in control baseline
4. Measure effectiveness of insider threat controls
5. Refine and refresh insider threat controls
The intended audience for this presentation is information technologists, physical security practitioners, general counsel, human resource specialists, or other involved in the enterprise-wide assessment and mitigation of internal threats to organization's critical assets.
Rita J. Moss
As cyber threats evolve, the nation's protection against them relies on a steady stream of qualified cybersecurity professionals entering the workforce. The Cybersecurity and Infrastructure Security Agency (CISA) is committed to developing and educating this workforce. CISA has tools and resources to help organizations respond to workforce needs and to equip workers with the skills needed in an evolving cyber threat landscape.
The Governor's Workforce Development Board (GWDB) is the Maryland State Governor's chief policy-making body for workforce development. The GWDB brings together workforce development partners and stakeholders with two goals-a properly prepared workforce that meets current and future demands of Maryland employers, and opportunities for all Marylanders to succeed in the 21st century workforce. In 2010, Prince George's Community College (PGCC) became one of the first six community colleges in the United States designated as a Center of Academic Excellence (CAE) by the National Security Agency (NSA) and Department of Homeland Security (DHS). Today, there are more than 250 CAE institutions across the United States and Puerto Rico.
This presentation will educate participants about the National Cybersecurity Workforce Framework, which help organizations: (1) gauge the current state of their employees' cyber capabilities; (2) assess gaps that need to be filled; (3) determine the types of cybersecurity workers needed to supplement their security; (4) and understand how to maintain and grow their cybersecurity staff. Participants will also come away with an understanding of the National Initiative for Cybersecurity Careers and Studies (NICCS) Training Catalog, as well as the Federal Virtual Training Environment (FedVTE), which is a free, on-demand cybersecurity training website that offers certification courses such as Network +, Security +, and Certified Information Systems Security Professional.
This talk examines edge data security vulnerabilities through recent survey findings, which identify troubling knowledge gaps between federal IT leaders and their technical staffs. It will explore ways to close these gaps and better safeguard edge data, matching the right tools with the right environments. For typical edge endpoints, like mobile workstations, the right solution includes a flexible backup and recovery tool with AI-based, anti-ransomware protection. For more challenging environments, like sensitive/classified settings or `no internet' deployed tactical elements, where data is critical but access to networks is limited or not possible, an air-gapped solution designed to reduce attack surfaces and restore systems without connectivity is the most resilient and cost-effective choice.
Dr. Deepinder Sidhu
Dr. Charles Johnson-Bey
Robert C. Smith
As Maryland grows in stature of becoming the Cybersecurity Capital of the World, it is imperative to finds ways of meeting the demand for cleared employees. Maryland Community Colleges offer a unique approach to work with government contractors, as well as government agencies, in developing curriculum and processes to enable students enrolled in Cybersecurity studies to begin the process of obtaining security clearances.
Methods and standards to be explored for consideration include:
_ Working directly with contractors, agencies and other employers to identify students academically prepared to begin the security clearance process. Specifically, these students may have obtained the necessary industry certifications - such as, Certified Ethical Hacking, Security +, Network + and Operating Systems Security - required to work on government networks.
_ Developing a panel of employer contractor, agencies and academic leaders to guide the process.ensuring that proper protocols are in place leading to mutually beneficial outcomes at all levels.
_ Sponsorship of small groups of students (5 - 10) to work together with contractors or agencies to obtain security clearances over a particular time frame.
The Maryland workforce is in need of expediting the security clearance process, if only to meet the demands of employers in their collective efforts of hiring individuals with clearances and to counteract the continuing assaults on our nation's vital infrastructure.
This presentation offers optional approaches for meeting the cybersecurity employment workforce pipeline in Maryland:
1. Initially, those challenges employers face in hiring individuals requiring security clearances, which likely may be undertaken through classroom studies and processes in the classrooms of Maryland's community colleges, particularly those granted certifications as Centers of Academic Excellence for Two-Year Schools by the National Security Agency and the Department of Homeland Security, as well as those awarded the Certificate of Designation in Digital Forensics by The National Centers of Digital Forensics Academic Excellence.
2. Secondarily, through a creative partnership of employers, Maryland's community colleges, and Federal agencies in developing the protocols to grant fast track security clearances for students who are close to completing their studies in Cybersecurity.
Diane M. Janosek
Dr. Gregory Von Lehman
Dr. Matt Turek
This session provides an overview of women in leadership roles within different stages of their careers.
The goal of this panel is to emphasize the role women play in the cybersecurity field.
Panelists will discuss their careers, and what led them to their current leadership roles, answer questions about mentors, challenges they have faced and how they were able to overcome them, as well as give advice to young women starting their careers in the cybersecurity profession.
Dr. Mansur Hasib
Navigating the the startup world and extremely competitive cybersecurity market is no easy feat! As the Maryland area looks to foster the growth of emerging entrepreneurs and a growing cohort of cybersecurity companies, we need leadership to provide guidance, direction and support. Join this conversation with several Cybersecurity Titans that have answered the call and continue to make a transformational impact on the startup community. Bring your questions or concerns and challenge this panel with providing insight that will help you take the next step!
Professor William (Bill) Butler
NSA and DHS jointly sponsor the National Centers of Academic Excellence in Cyber Defense (CAE-CD) program, a program that strives to reduce vulnerabilities in our national infrastructure by promoting higher education and research in cyber defense. CAE-CD designated schools are given the opportunity to apply for grants through various programs in order to impact the local, state, and national communities.
The proposed panel discussion will feature Maryland institutions that are a part of the CAE-CD program and have received grants. Panelists will provide a summary of their grant efforts and discuss how it has benefited Maryland or their local community, as well as how involvement in the CAE-CD program has benefited their institutions, their students, and helped grow the cybersecurity profession as a whole
Anthony "Tony" Pernasilice
Now more than ever, threat intelligence and information sharing has become a requirement to achieve successful security operations throughout every industry sector. Unfortunately, organizations continue to struggle with responding to attacks for lack of incident response plans and budget. This has created a multidimensional threat intelligence scale problem that if left unaddressed, will expand the attack surface for organizations across the globe. This panel of industry experts will dissect the tried and true methods for executing on threat intelligence in a meaningful way. Join this session to uncover how existing network security controls have hindered enterprises' ability to scale; debate the challenges for operationalizing threat intelligence and ensuring threat feeds are up to date; and unpack the human scale problem - will it take an army?
Dr. Melissa Dark
Mark S. Loepker
There is a shortage of qualified candidates for cybersecurity positions in the United States. Although more and more colleges and universities are creating programs that produce graduates, those programs need to attract interested students. Students need to become aware and interested in cybersecurity prior to selecting a major. To spark that awareness and interest, high school students need exposure to cybersecurity principles and concepts. In order for high school teachers to effectively plan properly sequenced activities that provide sound learning opportunities in cybersecurity, a curriculum framework is needed. A curriculum framework helps to ensure that students across the country develop a base of knowledge, skills, attitudes, beliefs and values that will enable them to function successfully in cybersecurity college programs and careers. A curriculum framework is essential for developing a K-12 to career pipeline in cybersecurity.
This presentation will outline the large-scale undertaking of creating a high school cybersecurity curriculum framework designed for a stand-alone cybersecurity course. The design and development of the high school cybersecurity curriculum framework will be described. An iterative process was undertaken to draft the curriculum framework, which included drawing from the expertise and input of several cybersecurity content experts, college and high school educators, and industry representatives. The resulting cybersecurity curriculum framework organizes and manages the content for a high school cybersecurity course in a systematic way. The rationale and process for creating the framework will be presented, as well as the future next steps needed to further refine the framework with the goal of making it a national standard.
Ellison Anne Williams
The needs of today's workforce have evolved exponentially, and organizations must be prepared to efficiently and securely facilitate the completion of critical tasks that could require execution from any corner of the world. This requirement is made more complicated by the lack of qualified cybersecurity professionals in the job market and the ever increasing requirement of business employees to text, email, and communicate globally around the clock. This panel will discuss three different case studies and the security considerations that should be made by organizations in order to stave off cyber threats.
- Managing device connectivity within the office
- Balancing productivity/security while working remotely
- Securely transmitting data from "the field"
These situations are likely to be encountered by a company who will have to respond to the needs of their workforce while also implementing safeguards that keep the business secure.
As part of its public-private partnership model, the Federal government works with IT Sector leaders to develop cybersecurity strategies and guidance for stakeholders across the IT Sector, as well as the Federal government; State, local, tribal, and territorial (SLTT) governments; and the private sector.
During this presentation, representatives from the Cybersecurity and Infrastructure Security Agency (CISA), the Government Services Administration (GSA), and the IT Sector will discuss their joint cybersecurity initiatives related to the Internet of Things (IoT). This panel presentation will highlight the benefits and security challenges of IoT, as well as best practices to help non-technical procurement personnel make risk-informed acquisition decisions and to help drive demand for secure IoT products and services.
Federal agencies and private sector owners and operators of critical infrastructure are highly dependent on information and communications technology (ICT) and IoT technologies to accomplish their missions. Attendees will come away with a better understanding of risks posted by ICT and IoT technologies, as well as resources and best practices for purchasing and managing those technologies throughout the lifecycle.
Dr. Gregory Conti
"Cybersecurity innovation" is easy to say, but a lot harder to do. Done well, innovation efforts tap the full power of your workforce, increase job satisfaction, build organizational and personal reputation, and give organizations a competitive edge. Done badly, it creates frustration and wastes scarce time, money, and talent.
This talk will cover lessons learned from running innovation efforts and organizations in four contexts: an ad hoc overlay approach in a 200 person start-up, a collaboration based approach via a small innovation center in academia, a classroom approach for U.S. Cyber Command, and a well-resourced, stand-alone institute with 75 people, including 25 PhDs. The talk will include: how to identify and select the right problems, scoping efforts, running projects, resourcing on a shoestring, communicating results, success stories and failures, and much more.
Whether you are part of a large or small organization, through this talk you will learn how to implement formal and informal cybersecurity innovation efforts which maximize results at minimal cost, while avoiding pitfalls.
Pam Van Meter
Jim Christy, Special Agent (Ret)
Retired Special Agent Jim Christy will discuss first-hand cyber crime investigations and digital forensic watershed cases to include homicide (cutup diskette), espionage, cyber intrusions (Hanover Hacker Case), child pornography, and his participation in his current cold case investigation of D.B. Cooper, the only unsolved skyjacking in American history (1971).
He will discuss the power of digital forensics today and the real-world challenges, including a discussion of the need for education and training. The evolving discipline of cyber crime investigations and the critical role cyber crime investigators and digital forensics examiners play in all crimes today.
Fidelis' Threat Research Team (TRT) currently monitors various spaces for new and developing threats, and how it may impact a large group of our customers. However, in addition to staying current with new threat campaigns and techniques, our intelligence team feels it's also imperative to ensure we don't lose focus on previously identified and existing threats. We are proponents of this approach because we are keenly aware that threat actors continue to leverage older and pre-existing exploits and vulnerabilities, not only from external observations but also though our customer telemetry and data. By keeping tabs on new patterns and tactics while maintaining visibility and situational awareness of older threats, we ensure our threat intelligence operations adhere to the core intelligence fundamentals of being timely and relevant.
In reviewing our quarterly statistics and trends research, one of the key findings we identified was that over 27% of the alerts in Q1 2019 were related to exploits, vulnerabilities, or malware that came out in 2017 or earlier. From these, we observed that many of them consisted of old tools and malware families including Conficker, PlugX, H-W0rm, and njRAT. We believe njRAT has been extremely popular since it is customizable, and observations on deepweb forums even suggest a possible collaboration and cooperation between the developers of njRAT and H-W0rm (hence the large number of events for both). In addition to older tools and kits observed, Fidelis TRT also observed multiple vulnerability compromise attempts and alerts, many from 2017 or earlier.
This session will educate the audience on how telemetry data informs events we see in client environments and helps track down threat activity promoting, leveraging, or weaponizing older and pre-existing exploits and vulnerabilities.