Click a block to view session details
Vice Admiral Nancy A. Norton
This session will focus on how the Registered Apprenticeship model represents an opportunity for government, industry and education to address collectively workforce development challenges and to spur job creation in the cyber security industry. Specifically, this joint presentation will feature a representative from the Maryland Apprenticeship and Training Program and a representative from the UMBC Training Centers, a postsecondary education institution that sponsors a cyber-security Registered Apprenticeship program. Attendees will learn how the apprenticeship earn and learn model, which connects on-the-job learning with related technical instruction, can prepare job seekers as they enter full-time employment in the cyber security industry.
Topic areas include: 1) a brief overview of the apprenticeship model, 2) a review of the workforce shortages facing employers in the cyber security industry, 3) how Registered Apprenticeship allows business to "grow their own" by working with the state and higher education to build a training program relevant to the needs of business, and 4) a review of the benefits of apprenticeship for employers working in the cyber security industry.
We believe that this topic would be of interest to the attendees of the 2019 Cyber Maryland Conference. In conversations with cyber security employers, staff of the Maryland Department of Labor hear time and time again that a shortage of skilled workers is a significant factor that impacts the future growth potential for businesses in this field and that a traditional college degree isn't always needed for these careers. Cybersecurity talent gaps exist across the Mid-Atlantic region. Closing these gaps requires detailed knowledge of the cybersecurity workforce and the unique needs of Maryland-based employers. By expanding awareness of how Registered Apprenticeship can help to address these needs, attendees can learn how they can take action to build a more robust talent development pipeline.
Organizations have an imperative to protect the data that has been entrusted to them, as well as securing their digital borders against business-interrupting intrusions. The legal landscape regarding accountability for data breaches continues to develop, but it has become clear that regulators, lawmakers, and the public will hold the breached entity responsible for a cyber event and the loss of data. This trend means that a cyber event of any type has the potential to negatively affect an organization's revenue and reputation.
Experts agree that no one solution will resolve any organization's cyber risk, but combining technology and insurance can make significant strides to improving the chances that an organization can more quickly recover from a cyber event.
The approach proposed for this talk explores the use of Comprehensive Attack Surface Evaluation (CASE) assessments with scenario modeling and statistical estimation risk quantification techniques to justify strategic investments, establish tactical priorities, and quantify cyber risk in financial terms to make risk transfer decisions. This approach leverages existing technology to improve defensive readiness assessments and perform them continuously against different attack scenarios.
CASE assessments are multi-tiered assessments conducted remotely against a device that mimic a real-world attacker assessing the system for vectors of attack. CASE validation checks are based on a collection of public and proprietary strategies used by malware, pen-testers, exploit toolkits, and real-world attacks that are verified using simple validation checks provided by existing scan results or custom scans. CASE is intended to assist administrators and security teams with identifying strategies and attacker trends that could be used to compromise systems or their users. When applied to cyber risk quantification techniques, decision makers are provided with a means to proactively respond to cyber-related issues and events.
This presentation discusses why Capture the Flag tournaments matter afterward observing the Maryland Cyber Challenge, whose final round will be taking place during, and at, the Cyber Maryland Conference! Why Capture the Flag Matters is a non-technical in nature talk meant as an introductory primer discussing the benefits of gamified events. By the end of the presentation, audience members will identify capture the flag styles, understand how to capture the flag competitions enhance cognitive performance and diversity. Capture the Flag Tournaments are growing in popularity and Point3 Security has evidence to prove it! Capture the Flag tournaments are meant for all ages and skill levels allowing individuals to use these tournaments for continuous learning, talent measurement, talent retention, recruitment, and pre-hire screening. The presentation will exemplify the skill levels of all ages by showcasing the talented high school and college teams competing at the 2019 Maryland Cyber Challenge. Audience members will witness the Maryland Cyber Challenge hosted by Point3 Security's gamified learning platform, ESCALATE. Point3 will highlight the live performance of the tournament through ESCALATE's leaderboard showcasing Maryland's finest talent. Here you'll on look the live Maryland Cyber Challenge where students have accessibility to earn points from over 100 challenges showcasing their skill sets from defensive hunting to exploitation.
The CERT National Insider Threat Center has collected and analyzed over 2500 cyber/physical incidents perpetrated by insiders (malicious and accidental) and has used the empirical data to develop threat profiles describing how insider incidents tend to evolve overtime. These models allow for the identification of technical and behavioral potential risk indicators (PRIs) upon which tools can automate the detection of concerning activity. This presentation will identify the difference between insider incidents, insider threats, and insiders; provide actionable guidance on how to develop and evaluate an effective insider threat program (while protecting the privacy and civil liberties of insiders); walk you through an insider threat control framework; review recommended best practices for insider threat mitigation; and provide links to numerous insider threat mitigation resources. Throughout the presentation, multiple case examples will be provided to highlight the financial, operational, and health and safety impacts of insider incidents.
The CERT Insider Threat Control framework will be discussed:
1. Identify insider threats to critical assets
2. Establish an insider threat control baseline
3. Fill critical gaps in control baseline
4. Measure effectiveness of insider threat controls
5. Refine and refresh insider threat controls
The intended audience for this presentation is information technologists, physical security practitioners, general counsel, human resource specialists, or other involved in the enterprise-wide assessment and mitigation of internal threats to organization's critical assets.
As cyber threats evolve, the nation's protection against them relies on a steady stream of qualified cybersecurity professionals entering the workforce. The Cybersecurity and Infrastructure Security Agency (CISA) is committed to developing and educating this workforce. CISA has tools and resources to help organizations respond to workforce needs and to equip workers with the skills needed in an evolving cyber threat landscape.
The Governor's Workforce Development Board (GWDB) is the Maryland State Governor's chief policy-making body for workforce development. The GWDB brings together workforce development partners and stakeholders with two goals-a properly prepared workforce that meets current and future demands of Maryland employers, and opportunities for all Marylanders to succeed in the 21st century workforce. In 2010, Prince George's Community College (PGCC) became one of the first six community colleges in the United States designated as a Center of Academic Excellence (CAE) by the National Security Agency (NSA) and Department of Homeland Security (DHS). Today, there are more than 250 CAE institutions across the United States and Puerto Rico.
This presentation will educate participants about the National Cybersecurity Workforce Framework, which help organizations: (1) gauge the current state of their employees' cyber capabilities; (2) assess gaps that need to be filled; (3) determine the types of cybersecurity workers needed to supplement their security; (4) and understand how to maintain and grow their cybersecurity staff. Participants will also come away with an understanding of the National Initiative for Cybersecurity Careers and Studies (NICCS) Training Catalog, as well as the Federal Virtual Training Environment (FedVTE), which is a free, on-demand cybersecurity training website that offers certification courses such as Network +, Security +, and Certified Information Systems Security Professional.
As Maryland grows in stature of becoming the Cybersecurity Capital of the World, it is imperative to finds ways of meeting the demand for cleared employees. Maryland Community Colleges offer a unique approach to work with government contractors, as well as government agencies, in developing curriculum and processes to enable students enrolled in Cybersecurity studies to begin the process of obtaining security clearances.
Methods and standards to be explored for consideration include:
_ Working directly with contractors, agencies and other employers to identify students academically prepared to begin the security clearance process. Specifically, these students may have obtained the necessary industry certifications - such as, Certified Ethical Hacking, Security +, Network + and Operating Systems Security - required to work on government networks.
_ Developing a panel of employer contractor, agencies and academic leaders to guide the process.ensuring that proper protocols are in place leading to mutually beneficial outcomes at all levels.
_ Sponsorship of small groups of students (5 - 10) to work together with contractors or agencies to obtain security clearances over a particular time frame.
The Maryland workforce is in need of expediting the security clearance process, if only to meet the demands of employers in their collective efforts of hiring individuals with clearances and to counteract the continuing assaults on our nation's vital infrastructure.
This presentation offers optional approaches for meeting the cybersecurity employment workforce pipeline in Maryland:
1. Initially, those challenges employers face in hiring individuals requiring security clearances, which likely may be undertaken through classroom studies and processes in the classrooms of Maryland's community colleges, particularly those granted certifications as Centers of Academic Excellence for Two-Year Schools by the National Security Agency and the Department of Homeland Security, as well as those awarded the Certificate of Designation in Digital Forensics by The National Centers of Digital Forensics Academic Excellence.
2. Secondarily, through a creative partnership of employers, Maryland's community colleges, and Federal agencies in developing the protocols to grant fast track security clearances for students who are close to completing their studies in Cybersecurity.
Dr. Matt Turek
Diane M. Janosek
This session provides an overview of women in leadership roles within different stages of their careers.
The goal of this panel is to emphasize the role women play in the cybersecurity field.
Panelists will discuss their careers, and what led them to their current leadership roles, answer questions about mentors, challenges they have faced and how they were able to overcome them, as well as give advice to young women starting their careers in the cybersecurity profession.
Dr. Mansur Hasib
Professor William (Bill) Butler
NSA and DHS jointly sponsor the National Centers of Academic Excellence in Cyber Defense (CAE-CD) program, a program that strives to reduce vulnerabilities in our national infrastructure by promoting higher education and research in cyber defense. CAE-CD designated schools are given the opportunity to apply for grants through various programs in order to impact the local, state, and national communities.
The proposed panel discussion will feature Maryland institutions that are a part of the CAE-CD program and have received grants. Panelists will provide a summary of their grant efforts and discuss how it has benefited Maryland or their local community, as well as how involvement in the CAE-CD program has benefited their institutions, their students, and helped grow the cybersecurity profession as a whole
Anthony "Tony" Pernasilice
Now more than ever, threat intelligence and information sharing has become a requirement to achieve successful security operations throughout every industry sector. Unfortunately, organizations continue to struggle with responding to attacks for lack of incident response plans and budget. This has created a multidimensional threat intelligence scale problem that if left unaddressed, will expand the attack surface for organizations across the globe. This panel of industry experts will dissect the tried and true methods for executing on threat intelligence in a meaningful way. Join this session to uncover how existing network security controls have hindered enterprises' ability to scale; debate the challenges for operationalizing threat intelligence and ensuring threat feeds are up to date; and unpack the human scale problem - will it take an army?
The concepts of poly- and metamorphic malware are well-understood, and have been the subjects of research for decades. Traditionally, morphic viruses are constructed on top of specialized engines which modify code through extension, encryption, or modified implementation. However, as Machine Learning continues to dominate the advancement of computer science, a new type of malware is on the horizon: Decentralized, Morphic Malware managed by AI. In this talk, we'll demonstrate our first-of-its-kind prototype control unit which uses malware samples and AV scanning results to control, construct, and modify malware.
Some of the most common and costly cyber attacks are often preventable. In some cases, malicious actors exploit vulnerabilities that are well known and for which fixes are readily available but are not applied. In other cases, they take advantage of systems administrators or end-users who fail to implement basic best practices, such as allowing weak or default passwords.
The problem is not a failure of technology but a lapse in good cyber hygiene. Cyber hygiene encompasses a broad range of best practices or disciplines that, applied consistently across an organization, provide the foundation for a strong cyber posture, improving the security of core systems and the privacy of sensitive data.
A lapse in basic cyber hygiene can be disastrous. For example, in 2018, one state agency fell victim to a ransomware attack after a malicious actor entered its network through a system that had been brought online temporarily as part of a test before it was fully secured. As often happens, the hacker was able to use that system as a point of entry to the rest of the agency's network. Ultimately, an organization's cybersecurity and privacy policies are only as good as its cyber hygiene.
This session will discuss the key aspects of cyber hygiene and how to incorporate good cyber hygiene into an agency's culture. Topics to be addressed include:
• Considerations for an effective cyber program
• Technologies required to ensure the security and privacy of agency data
• Examples of positive implementations of cyber hygiene best practices
Ellison Anne Williams
The needs of today's workforce have evolved exponentially, and organizations must be prepared to efficiently and securely facilitate the completion of critical tasks that could require execution from any corner of the world. This requirement is made more complicated by the lack of qualified cybersecurity professionals in the job market and the ever increasing requirement of business employees to text, email, and communicate globally around the clock. This panel will discuss three different case studies and the security considerations that should be made by organizations in order to stave off cyber threats.
a_¢ Managing device connectivity within the office
a_¢ Balancing productivity/security while working remotely
a_¢ Securely transmitting data from "the field"
These situations are likely to be encountered by a company who will have to respond to the needs of their workforce while also implementing safeguards that keep the business secure.
As part of the Federal government's public-private partnership model, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) works with IT Sector leaders to develop cybersecurity strategies and guidance for stakeholders across the IT Sector, as well as the Federal government; State, local, tribal, and territorial (SLTT) governments; and the private sector. During this presentation, representatives from CISA and the IT Sector will discuss their joint cybersecurity initiatives related to the Internet of Things (IoT).
Federal agencies and private sector owners and operators of critical infrastructure are highly dependent on information and communications technology (ICT) and IoT technologies to accomplish their missions. Buyers must make well-informed decisions when purchasing IoT technologies, and should apply due diligence for appropriate cybersecurity throughout the IoT technology lifecycle.
In light of the challenges around IoT cybersecurity, this panel presentation will highlight the following CISA and IT Sector initiatives:
• IoT Security Acquisition Guidelines: Alongside leaders from the tech community and Federal partners, CISA has developed IoT Security Acquisition Guidelines. This guidance maps to the acquisition lifecycle and is designed to help non-technical procurement personnel make risk-informed acquisition decisions and to help drive demand for secure IoT products and services.
• SMART Communities: CISA has developed a paper for "SMART community planners" and other stakeholders to provide guidance on the integration of IT and civic functions. The paper focuses on "key characteristics" that need to be considered during the initial, high-level design process of "smart city" projects.
Attendees will come away with a better understanding of risks posted by ICT and IoT technologies, as well as resources and best practices for purchasing and managing those technologies throughout the lifecycle.
Dr. Melissa Dark
Mark S. Loepker
There is a shortage of qualified candidates for cybersecurity positions in the United States. Although more and more colleges and universities are creating programs that produce graduates, those programs need to attract interested students. Students need to become aware and interested in cybersecurity prior to selecting a major. To spark that awareness and interest, high school students need exposure to cybersecurity principles and concepts. In order for high school teachers to effectively plan properly sequenced activities that provide sound learning opportunities in cybersecurity, a curriculum framework is needed. A curriculum framework helps to ensure that students across the country develop a base of knowledge, skills, attitudes, beliefs and values that will enable them to function successfully in cybersecurity college programs and careers. A curriculum framework is essential for developing a K-12 to career pipeline in cybersecurity.
This presentation will outline the large-scale undertaking of creating a high school cybersecurity curriculum framework designed for a stand-alone cybersecurity course. The design and development of the high school cybersecurity curriculum framework will be described. An iterative process was undertaken to draft the curriculum framework, which included drawing from the expertise and input of several cybersecurity content experts, college and high school educators, and industry representatives. The resulting cybersecurity curriculum framework organizes and manages the content for a high school cybersecurity course in a systematic way. The rationale and process for creating the framework will be presented, as well as the future next steps needed to further refine the framework with the goal of making it a national standard.
Dr. Gregory Conti
"Cybersecurity innovation" is easy to say, but a lot harder to do. Done well, innovation efforts tap the full power of your workforce, increase job satisfaction, build organizational and personal reputation, and give organizations a competitive edge. Done badly, it creates frustration and wastes scarce time, money, and talent.
This talk will cover lessons learned from running innovation efforts and organizations in four contexts: an ad hoc overlay approach in a 200 person start-up, a collaboration based approach via a small innovation center in academia, a classroom approach for U.S. Cyber Command, and a well-resourced, stand-alone institute with 75 people, including 25 PhDs. The talk will include: how to identify and select the right problems, scoping efforts, running projects, resourcing on a shoestring, communicating results, success stories and failures, and much more.
Whether you are part of a large or small organization, through this talk you will learn how to implement formal and informal cybersecurity innovation efforts which maximize results at minimal cost, while avoiding pitfalls.
Jim Christy, Special Agent (Ret)
Retired Special Agent Jim Christy will discuss first-hand cyber crime investigations and digital forensic watershed cases to include homicide (cutup diskette), espionage, cyber intrusions (Hanover Hacker Case), child pornography, and his participation in his current cold case investigation of D.B. Cooper, the only unsolved skyjacking in American history (1971).
He will discuss the power of digital forensics today and the real-world challenges, including a discussion of the need for education and training. The evolving discipline of cyber crime investigations and the critical role cyber crime investigators and digital forensics examiners play in all crimes today.
Fidelis' Threat Research Team (TRT) currently monitors various spaces for new and developing threats, and how it may impact a large group of our customers. However, in addition to staying current with new threat campaigns and techniques, our intelligence team feels it's also imperative to ensure we don't lose focus on previously identified and existing threats. We are proponents of this approach because we are keenly aware that threat actors continue to leverage older and pre-existing exploits and vulnerabilities, not only from external observations but also though our customer telemetry and data. By keeping tabs on new patterns and tactics while maintaining visibility and situational awareness of older threats, we ensure our threat intelligence operations adhere to the core intelligence fundamentals of being timely and relevant.
In reviewing our quarterly statistics and trends research, one of the key findings we identified was that over 27% of the alerts in Q1 2019 were related to exploits, vulnerabilities, or malware that came out in 2017 or earlier. From these, we observed that many of them consisted of old tools and malware families including Conficker, PlugX, H-W0rm, and njRAT. We believe njRAT has been extremely popular since it is customizable, and observations on deepweb forums even suggest a possible collaboration and cooperation between the developers of njRAT and H-W0rm (hence the large number of events for both). In addition to older tools and kits observed, Fidelis TRT also observed multiple vulnerability compromise attempts and alerts, many from 2017 or earlier.
This session will educate the audience on how telemetry data informs events we see in client environments and helps track down threat activity promoting, leveraging, or weaponizing older and pre-existing exploits and vulnerabilities.