CyberMaryland Conference 2016

October 20-21, 2016 • Baltimore Hilton Hotel • Baltimore, MD

Agenda



Day One- October 20

  • Cyber Risk Forum (CRF) – presented by Deep Run Security -- Room 1/4
    • Navigating the evolving threat landscape and complexity of hacker adaptability in a world consumed with connectivity and data gathering is a critical undertaking for the cybersecurity community. As industry and government prepare for hard to detect cyber-attacks it is essential to examine best practices for protecting critical cyber infrastructure through technical and regulatory strategies derived from top-tier technologists, industry leaders and policy-makers. Hear from cyber experts and C-level executives on ways to mitigate risks, protect networks and safeguard vital government and industry high-value assets.
  • Cyber Education Forum (CEF) – presented by UMUC and NCMF -- Room 2
    • The demand for cybersecurity talent is expected to rise to six million globally by 2019. This year alone, one million cyber jobs are opening and over 200,000 jobs in the U.S. are unfilled. The case has been made for why cyber education and workforce development are high-stake missions in the fight against cyber-crime. Learn why a thriving U.S. cyber workforce is at the helm of effective STEM initiatives, college/university curriculum development, cyber training, and alternative educational methods for preparing our nation’s heavily sought-after cyber leaders.
  • Cyber Threat Intelligence Forum (CTIF) - presented by BAE Systems -- Room 3
    • Sponsored by:
    • Understanding sophisticated cyber adversaries, specifically how they threaten government and industry assets, help network protectors make informed decisions. The science behind cybersecurity strategies allow experts to build a blueprint for how to identify, conceptualize, and defend against malicious malefactors. Learn how threat intelligence is used, and misused, to guard critical data and what cyber science and data analytics teach us about cyber threats in the 21st century.

Day Two- October 21

  • Cyber Innovation Forum (CIF) - presented by Cisco -- Room 1
    • If technology changes at the speed of light the need for cybersecurity R&D, new venture funding and accelerated go-to-market strategies are critical to protect America’s prosperity and national security in cyberspace. Hear from the nation’s top cyber industry scientists/engineers and government cyber R&D leaders as they discuss and define the technologies they have, the technologies they need and the urgency to discover and bring-to-market new cyber innovations.
  • Insider Threats Forum (ITF)- presented by Convergence -- Room 2
    • Detecting and deterring cyber threats that come from within an organization poses a major challenge that requires a socio-technical defense strategy. Understanding human behavior that leads to the illicit access to confidential information is important to determining ways to deter cyber crime. Learn how organizations are addressing insider threats by identifying controls and indicators for preventing, detecting and responding to insider incidents from both technical and behavioral prospectives.
  • Government Cyber Opportunities Forum (GCOF) -- Room 3
    • The influx of government spending on cybersecurity generates immerse opportunity for commercial IT companies and cyber workforces. The acquisition and deployment of existing and emerging technologies coupled with the training of a robust cyber workforce strategically positions the government’s national security interests. Hear directly from federal government agencies and contractors on the cybersecurity partnership opportunities available now and in the future.
  • Cyber Workforce Forum (CWF) – presented by The MD Department of Commerce -- Room 4
    • The demand for cybersecurity talent is expected to rise to six million globally by 2019. This year alone, one million cyber jobs are opening and over 200,000 jobs in the U.S. are unfilled. The case has been made for why cyber education and workforce development are high-stake missions in the fight against cyber-crime. Learn why a thriving U.S. cyber workforce is at the helm of effective STEM initiatives, college/university curriculum development, cyber training, and alternative educational methods for preparing our nation’s heavily sought-after cyber leaders.
Meet the Forum Sponsors

Thursday October 20, 2016
7:30 AM -
8:00 AM
Registration
8:00 AM -
9:00 AM
Senior Leader’s Breakfast (Invited Guests)
  • Abstract

    Former DHS Secretary Tom Ridge, The CyberMaryland Advisory Board, special guests from our UK Delegation "The Midlands Engine" Conference sponsors, As well as other dignitaries and invited guests

Registration Continued
9:00 AM -
10:00 AM

Cyber Risk Forum

Top Cyber Concerns in the C-Suite
  • Moderator
  • Tom Sadowski, Vice Chancellor for Economic Development, University System of Maryland
  • Panel Members
  • Bruce Brody, CISO, PricewaterhouseCoopers
  • Malcolm Harkins, Global Chief Information Security Officer, Cylance Inc.
  • Joanne Martin, CISO Advisory Practice Lead, Hartman Executive Advisors
  • Gary Merry, CEO, Deep Run Security
  • Christopher Helmrath, Managing Director, SC&H Capital

    Abstract

    Hear executives and cyber experts discuss the top cyber concerns driving their network security strategies and the cost and vulnerabilities associated with failing to thwart cyber-crimes.

Cyber Education Forum

View from the Trenches: Are Cybersecurity Graduates Job Ready?
  • Panelists
  • Marianne Bailey, Principal Director, Deputy CIO for Cybersecurity, Department of Defense
  • Major General Jim H. Keffer (USAF, Ret), Director, Cyber, Lockheed Martin
  • Bill Varner, President, ManTech Mission, Cyber & Intelligence Solutions Group
  • Geoffrey Bloom, President and CEO, Intelesys Corporation

    Abstract

    This panel is a hard-hitting evaluation of the readiness of new computer science and cybersecurity graduates for operational positions in cyber.

Cyber Threat Intelligence Forum

Restoring Data Integrity After a Destructive Malware or Ransomware Attack
  • Introductions
  • Shannon Landwehr, President & CEO, Economic Alliance of Greater Baltimore
  • Speaker
  • Donald Tobin, Senior Security Engineer, National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology

    Abstract

    Businesses face a near-constant threat of destructive malware, ransomware and other malicious activities that can alter or destroy critical data. Information such as financial and transaction records, customer data, and even the system and application software used to analyze and manipulate the data are typically targets. These types of data integrity attacks, especially when they target an entire organization, can have a catastrophic impact on an organization's credibility and ability to operate.

    This presentation will cover the work being done at the National Cybersecurity Center of Excellence (NCCoE) to demonstrate methods to effectively recover and restore systems to normal operations after a data corruption attack. The project will illustrate the importance of identifying the following information before recovery can occur:

    1) altered data, including date and time of the alteration

    2) impact of the data alteration

    3) correct backup version for data restoral, free of malicious code and corrupted data

    Participants will learn more about this challenge, how to participate in building a solution, and ways to keep abreast of the research and innovation in malware and ransomware.

Cyber Risk (cont'd)

Cognitive Capabilities - The Future of Cyber Security
  • Introductions
  • Ursula Powidzki, Ursula Powidzki Consulting
  • Speaker
  • Andras Szakal, VP and CTO, IBM US Federal

    Abstract

    In this session learn how the next era of computing will be cognitive and how Watson will be used to mitigate cyber risk. Presenter will discuss how Watson can enable human cognitive thinking to perform cyber security intelligence and reduce time to incident response.

    1. Understand and make sense of unstructured data and natural language text. This includes the ability to ingest and process information through "reading" books, reports, blogs and relevant industry data, "seeing" images and "hearing" natural speech within its context.

    2. Reason based on the ability to interpret and organize information and offer explanation and implication of an incident or threat, along with a rationale for conclusions and potential course of actions.

    3. Learn continuously as security data accumulates and insights are derived from interaction with Watson.

Announcing "CyberUSA"
  • Session Leader
  • Former DHS Secretary Tom Ridge, Honorary Chairman of CyberUSA

    Abstract

    Session to discuss the launch of the newly formed " CyberUSA" program to unite cyber communities across the country.

10:00 AM -
10:15 AM
Break / Visit Exhibits
10:15 AM -
11:00 AM
Welcome & Opening Keynote
  • David Powell, COO, FBC & Co-Founder, The CyberMaryland Conference
  • Rick Geritz, CEO LifeJourney & Co-Founder, The CyberMaryland Conference
  • Andrew Stehman, Student, Loyola Blakefield High School
  • Steve Morrill, Director of Information Technology, Loyola Blakefield High School
  • Opening Keynote
  • Admiral Michael S. Rogers, US Navy, Commander, US Cyber Command, Director, National Security Agency, Chief, Central Security Service
11:00 AM -
11:15 AM
Cyber Job Fair
Holiday Ballroom
11:15 AM -
11:30 AM
Break / Visit Exhibits
11:30 AM -
12:30 PM

Cyber Risk Forum

Managing Cybersecurity Risk on a Limited Budget
  • Introductions
  • Ellen Hemmerly, Executive Director and President , bwtech@UMBC Research and Technology Park
  • Speakers
  • April F. Doss, Saul Ewing LLP, Partner and Chair, Cybersecurity and Privacy, CIPP-US, CISSP & Former Associate General Counsel for Intelligence Law at NSA
  • Sloane Menkes, Forensics Principal, PwC Global Crisis Center Coordinator

    Abstract

    Cybersecurity attacks continue to increase, resulting in compromise of privacy-protected information, theft of intellectual property, and disruption to business operations. The risks aren't limited to large, multinational institutions. On the contrary, the cost of cyber risk management and incident response can have a disproportionate impact on the small and mid-size companies that have to be most cost-conscious and disciplined in their approach to managing these issues. The panelists will discuss and examine: current trends in cyberattacks across sectors including (but not limited to) manufacturing, healthcare, and retail; current trends in types of cyberattacks, including the rise of ransomware attacks; an overview of the legal liability that can arise under state laws and sector-specific laws; how business entities can carry out a cyber risk assessment and develop an effective cybersecurity plan without breaking the bank; and what steps to take if you discover a cybersecurity incident but don't have a cyber incident response plan in place. The program will encourage participation from attendees, and will take a practical approach to assessing and managing cybersecurity risk in a tailored and cost-effective manner.

Cyber Education Forum

Inspiring a New Generation of Computer Science and Cybersecurity Professionals
  • Panelists
  • Brigadier General Bernie Skoch (USAF, Ret), National Commissioner of CyberPatriot, the Air Force Association's Youth Cyber Education Program
  • Rodney Peterson, Director, National Initiative for Cybersecurity Education (NICE), National Institute of Standards and Technology (NIST)
  • Pat Yongpradit, Chief Academic Officer, Code.org
  • Karen Evans, National Director, US Cyber Challenge, Center for Internet Security

    Abstract

    The panel focuses on key government and private initiatives to engender more interest in computer science and cybersecurity among young students, women and minorities.

Cyber Threat Intelligence Forum

A Cyber Success Story - Moving NSA Technology to the Marketplace
  • Linda L. Burger, Director, Technology Transfer Program at National Security Agency
  • Jim Bolain, President, PadJack, Inc.
  • Gary Mosholder, Engineer, National Security Agency

    Abstract

    Network breaches and data loss are cyber threats that impact everyone. But not everyone knows that something as common as an external device port can be your biggest cyber vulnerability. Technology invented and patented by the National Security Agency and licensed by Padjack, Inc. has been commercialized to address this issue, providing consumers with port protectors and other devices that provide a layer of cyber security - at the physical level.

    In this session, the National Security Agency Technology Transfer Program (TTP) will take you through the process of successfully licensing its data port protection and tamper detection technologies. You will hear first-hand how NSA developed these devices and then partnered with Padjack to commercialize a viable suite of products.

    NSA has nearly 200 patented technologies available for license. The NSA TTP provides a single point of contact for companies interested in accessing some of the agency's technology to achieve market differentiation. Patent License Agreements create win-win partnerships that can help the agency accelerate mission solutions while your company gains a competitive edge in the commercial marketplace. These agreements also advance science, grow technology, and promote economic growth. The NSA's TTP may have the technology you have been looking for. Join us!

Cyber Risk (cont'd)

How Personal Identity & Stolen Credential Monitoring bolsters your cyber defenses
  • Introductions
  • Ursula Powidzki, Ursula Powidzki Consulting
  • Speaker
  • Kevin Lancaster, CEO, Winvale

    Abstract

    More than 60% of all data breaches reported in 2015 were the result of a stolen or compromised credential. Winvale CEO Kevin Lancaster will demonstrate how deploying an OPM style identity monitoring program along with pro-active stolen credential monitoring can more quickly identify specific threats for your organization. Learn how companies are leveraging the byproducts of these solutions to detect the origination of potentials compromises within their employee populations and supply chain.

12:30 PM -
1:30 PM
Visit Exhibits/Lunch
1:30 PM -
1:45 PM
Break / Visit Exhibits
1:45 PM -
2:15 PM

Cyber Risk Forum

Good, Bad or Wacky? Recent Changes in Global Privacy & Security Laws
  • Introductions
  • Dr. Mansur Hasib, CISSP, PMP, CPHIMS, Author/Professor/Program Chair, Cybersecurity Technology, The Graduate School, University of Maryland University College (UMUC)
  • Speakers
  • Keith Moulsdale, Partner, Whiteford, Taylor & Preston, LLP
  • Howard Feldman, Partner, Whiteford, Taylor & Preston, LLP

    Abstract

    Keeping track of the latest changes in privacy and data security law can be a full time job. This panel of full-timers will provide an overview of key changes in state, federal and foreign privacy and security laws since last year's event, and let you know why each change is good, bad or downright wacky.

Cyber Education Forum

Cybersecurity Students: Getting Them Through and Getting It Right
  • Mr. John C. (Chris) Inglis, Venture Partner, Paladin Capital Group; Distinguished Professor, US Naval Academy; and former Deputy Director, NSA
  • Dr. Eugene Spafford, Executive Director, CERIAS, Purdue University
  • Diana Burley, Ph.D, Executive Director and Chair, Institute for Information Infrastructure Protection, The George Washington University, and Co-chair, Joint Task Force on Cybersecurity Education
  • Dr. Shirley Malcom, Head of Education and Human Resources Programs, AAAS

    Abstract

    The shortage of graduates with the skills to fill cybersecurity workforce needs is a constant theme. This raises three key questions: What are recent enrollment trends in CS related college and university degree programs? Are there unnecessary barriers to degree completion in STEM fields? What are discipline accrediting bodies doing to help ensure that graduates in cybersecurity are ready for operational roles?

Cyber Threat Intelligence Forum

If Breaches are Inevitable, What’s Next?
  • Introductions
  • Latoya Staten, STEER Tech
  • Speaker
  • Lance Dubsky, CEO, Cyber Oak Solutions

    Abstract

    Organizations around the world are faced with cyber attackers that constantly evolve their appearance and tactics to fulfill an array of objectives from the economic to the political. But why are organizations getting compromised? Is it because they lack an effective cyber security strategy to mitigate the risk of significant breaches within their environment? Over the last year we've continued to see a large amount of breached companies that were unable to detect an ongoing compromise. Is this problem going to continue to get worse and if so, how are we going to stop it? Or can it be stopped?

    In this talk Lance will provide some insight into why organizations continue to experience significant breaches by a range of different threat actors. He will provide examples of actual incidents detailing how organizations have been compromised, and how by combining technology, intelligence and expertise they can ensure they are protected against cyber-attacks of the future.

Cyber Risk (cont'd)

Software Supply Chains and the Illusion of Control
  • Introductions
  • Patrick Wynn, Vice President, Cyber Business Development, Howard County Economic Development Authority
  • Speaker
  • Derek Weeks, VP and Rugged DevOps Advocate, Sonatype

    Abstract

    Every software development organization on the planet relies on a software supply chain -but most can't see it and don't understand the volume of components flowing through it. In the 2016 State of the Software Supply Chain Report, I detailed the practices of over 35,000 software development organizations who consumed billions open source and third-party components in 2015. Across billions components downloaded, I found that 1 in 17 had a known security vulnerability. I also found a similar ratio of components flowing through these software supply chains into finished applications.

    Those leading AppSec and DevOps practices who have pursued improved visibility, supplier choices, and control mechanisms across their software supply chains have boosted developer productivity by as much as 30%, crumbled mountains of security debt, and shifted millions of dollars from sustaining operations to accelerating innovation. Yet the vast majority of organizations developing software are blind to their free-for-all consumption volume, patterns, and velocity. Their software supply chain practices are silently sabotaging efforts to accelerate development, improve efficiency and maintain the integrity of their applications.

    Results from the report will be shared with attendees, including:

    - Using one of the latest versions of a software component can cut vulnerability ratio in half.

    - 75% of organizations lack policies that control the use of open source and third-party components

    - 97% of development organizations lack any vetting process for components being electively procured for use in applications.

    This discussion is not intended to simply shed light on bad practices. It is about making your software supply chain visible. Attendees will learn how those on the forefront of Development and Application Security are improving the quality and security of components used across their software supply chains.

2:15 PM -
2:45 PM

Cyber Risk Forum

Data Breach Response: You Told them So, but Now what? The 1st 60 minutes in the life of a Data Breach
  • Jennifer G. Smith, ESQ, SHULMAN, ROGERS, GANDAL, PORDY & ECKER, P.A.

    Abstract

    You warned them, but "it" happened anyway. What happens next? Who do we call? How do we pay for this? Hear from industry experts in data breach notification, response and insurance recovery on how IT, Ops, Finance and Legal come together to navigate internal politics, protect the organization, its customers, and the bottom line.

Cyber Threat Intelligence Forum

Cyber Intelligence- The Business Value and Technical Execution
  • Mr. Geoff Hancock, CEO,, Advanced Cybersecurity Group & CW Walker, The Cyber Intelligence Institute

    Abstract

    There is nothing more necessary than good Intelligence to frustrate a designing enemy. No business leader enters a market without identifying the major competitors and their strengths and weaknesses.

    No professional sports team takes the field without scouting its opponent and training the team to be better.

    No general launches a military exercise without studying the battlefield and the capabilities of the opposing forces. And when it comes to cybersecurity, organizations operate from a compliance mindset. They do not understand what is most valuable to them and why an adversary would want it or the tools and tactics that will be used to steal it.

    If you do not understand the motivations, intentions and competencies of your opponents, then you cannot understand the risks to your enterprise or focus your defenses.

    The most serious data breaches result from well-planned, complex attacks that target specific companies or industries. Adversaries have raised the stakes by targeting their victims most valuable information assets and business systems.

    Cyber intelligence is in two parts. 1) Knowing what is most important in your organization and 2) knowledge about adversaries and their motivations, intentions, and methods.

    Together these elements, the business and the technical are combined in ways to help security and business staff at all levels protect the critical assets of the enterprise.

    Our discussion will outline what it takes to develop a Cyber Intelligence Program. The key foundational aspects, roles and responsible and the business impact and value of creating such a program. And help to define what intelligence_ means for cybersecurity.

Cyber Risk (cont'd)

Inside the World of Mobile Surveillance: How to Protect Organizations and End Users on the Move
  • Nigel Jones, CEO, KoolSpan

    Abstract

    Surveillance threats to mobile communications and devices around the world are at unprecedented levels, as nation states, industrial rivals and profit-motivated criminals increasingly use commonly-available equipment and knowledge to compromise calls, intercept mobile messaging and harvest data from smartphones. In this session, Nigel Jones, CEO of KoolSpan, will describe the type of mobile communications threats facing government, commercial and other organizations required to do business around the world from their mobile devices.

    In an objective and vendor-neutral format, attendees will learn:

    • The security features and limits of safeguards built into today's popular smartphones, like iPhones, BlackBerry and Android devices

    • How different types of surveillance actors exploit specific cellular network vulnerabilities, smartphone settings and user behaviors to compromise mobile communications and phones' contents

    • An overview of available countermeasures and tactics proven to shield users of popular devices from espionage

    • Practical advice for individuals, whether you are and end-user looking to improve your mobile security at home and abroad or an administrator responsible for setting policies and securing fleets of corporate, government or employee-owned devices

    Presenter Nigel Jones brings decades of hands-on experience protecting sensitive communications for demanding organizations across the public and private sectors. Nigel advises leaders and organizations around the world on mobile security challenges and has an extensive leadership background across the defense, aerospace and federal technology sectors. He has also served in secure voice and data communications roles as a U.S. Marine Corps officer.

2:45 PM -
3:00 PM
Break / Visit Exhibits
3:00 PM -
4:00 PM

Cyber Risk Forum

Cyber Risk - The Business of Things
  • Introductions
  • Kenneth B. Chodnicki, COO, Deep Run Security
  • Speaker
  • Gary Merry, CEO, Deep Run Security

    Abstract

    In keeping with the Ethos of Deep Run Security Services, of which Mr. Merry is the founder and CEO, this presentation will establish with the audience the position that, "the cyber security industry has many well-provisioned technologists winning individual battles, but lacks effective tools available to business leadership giving them the ability to win the cyber war."

    Sections of the presentation:

    - How big is this Cyber problem?

    - Walking Past: The standard you walk past, is the standard you accept.

    - The language of security

    - It takes a community to survive

    - It takes a commitment to be secure and a community to survive.

    - Cyber risk cannot be successfully managed as an island of risk.

    - What can be done?

    - The two most powerful words in fighting cyber risk?

Cybersecurity Education for the Board and the C-Suite: What Should the Syllabus Look Like?
Cyber Education Forum
  • Lieutenant General Harry D. Raduege, Jr. (USAF, Ret), Chairman, Center for Cyber Innovation, Senior Advisor & Managing Director, Deloitte Advisory, Deloitte & Touche LLP
  • Dmitri Alperovitch, Co-Founder and CTO, CrowdStrike Inc.
  • Bob Gourley, Partner, Cognitio Corporation
  • Richard Spires, CEO, Learning Tree

    Abstract

    Stories about corporate cybersecurity compromises of one sort or another are frequently in the news. Yet, how high a concern is cybersecurity among officers and directors? What do they need to know in order to manage prudently in a world where business risk from cyberspace continues to grow?

Cyber Threat Intelligence Forum

Shedding Light on the Dark Web: Threat Intelligence Enabled Workforce
  • Moderator
  • Bree Fowler, Tech Writer, Associated Press
  • Panelists
  • Jonathan Couch, Vice President of Strategy, ThreatQuotient
  • John J. Prisco, CEO and Co-Founder, Triumfant a Nehemiah Security Company
  • Dr. Daniel J. Rogers, CEO, Terbium Labs
  • John Shearer, CEO and co-founder, DarkLight

    Abstract

    In the gloomiest shadows of the cyber world, an enemy has been permitted to grow and gain momentum. Over time, the Dark Web has become a vessel on which malicious actors have built empires by stealing and selling IP information from the largest enterprises across all industries. All the while, it seems we have been addressing this seemingly uncharted territory by asking all the wrong questions.

    Right now, the IP information of any given company could be at large and at risk on the Dark Web. The question is, what is the largest potential impact of this fact and how can we prepare? This panel will explore the often overlooked effects of the Dark Web on proprietary information, financials and acquisitions. In addition, it will discuss how organizations can and should leverage the Dark Web in order to better equip their security operations for every type of potential threat; no matter how far off the grid it may seem.

Cyber Risk (cont'd)

ICS Security Panel Discussion: the Headlines, Headaches, and How to’s
  • Speaker
  • Kirsten Davies, VP Enterprise Security Strategy, Hewlett Packard Enterprise
  • Panelists
  • Edward Goetz, VP and CSO, Exelon Corporation
  • Vince Arnold, Sr. Manager, PKI, Credentialing and ICS/IOT, HPE Cyber Security
  • Roger Hill, CTO and Co-Founder, Veracity Security Intelligence
  • Jeff Hahn, Product Cyber Security Director, GE Grid Solutions

    Abstract

    As enterprise and public sector security focus continue to revolve around traditional IT and Information security, Industrial Control Systems have grown increasingly attractive to attackers. Vulnerabilities have grown at an alarming rate since the 2000s, and are spread across a wide range of devices, built by scores of manufacturers, which are embedded into nearly every industry in the private and public sectors. ICS Security has emerged as a crucial field of research, in dire need of rigor and standards, and a vital arena requiring surgical response and remediation.

    Join a lively discussion and behind-the-scenes view of ICS Security headlines, headaches, and history-making wins with a panel of experts from

    the public and private sectors.

4:00 PM -
4:15 PM
Break / Visit Exhibits
Networking Reception
Exhibit Hall
  • Visit the Oriole Bird and the Exhibitors!!
4:15 PM -
5:00 PM
Cyber Liability Insurance - Demystified
  • Introductions
  • Kenneth B. Chodnicki, COO, Deep Run Security
  • Speaker
  • Dante Disparte, Founder and CEO, Risk Cooperative

    Abstract

    The topic of Cyber liability insurance has been making headlines for the past few years -- as the potential of lawsuits stemming from cyberattacks, data breaches and incidents are becoming a reality for organizations of all sizes and across industry sectors.

    Despite the coverage, there is an overall lack of understanding of who needs it, what type of policy and coverage are required, and how to navigate the underwriting process.

    Dante Disparte, founder and CEO of Risk Cooperative, will walk the audience through the various types of cyber liability policies, what to consider when determining coverage and how to navigate the complexities with practical advice from a seasoned insider.

5:00 PM -
6:00 PM
6:00 PM -
10:00 PM
The National Cyber Security Hall of Fame Dinner
  • (Separate Registration Required)
  • Abstract

    The National Cyber Security Hall of Fame inducts a new class of industry pioneers each year. The Cyber Security Hall of Fame will be held on the first evening of the conference and provides an opportunity for the cyber community to honor those who provided a foundation for others to build on, or otherwise paved the way for future successes.

    Location: Hilton Baltimore

    Reception from 6:00pm - 7:00pm

    Dinner from 7:00pm - 10:00pm

    CLICK HERE TO REGISTER



Friday October 21, 2016
7:30 AM -
9:00 AM
Registration
9:00 AM -
9:50 AM

Cyber Innovation Forum

Courting Catastrophe or Protecting to Enable?
  • Introductions
  • Andy Williams, Cyber Envoy UKTI Defence and Security Organisation, British Embassy
  • Speaker
  • Malcolm Harkins, Global Chief Information Security Officer, Cylance Inc.

    Abstract

    The business of cyber security is here today and growing. Innovations in technology have provided organizations with numerous opportunities for new products, markets, and distribution channels. At the same time these innovations have dramatically increased the risk profiles for companies of all sizes and across all industry segments. The biggest vulnerability we face today and in the future is the misperception of risk. A perfect storm of risk has been brewing for decades and has hit with full force the past few years. It has moved from a backroom issue to the boardroom and many have not been prepared. Many more still aren't prepared. This discussion will be about cyber risk leadership exploring the threat and vulnerability cycle and the potential future trends as they related to Information and Technology risk. We will discuss the risks so that a non-security person that is in the c-suite can comprehend cyber risks. It will be communicated not from the doom and gloom that many in the security industry so readily create to scare people in to purchases but in the context of the enterprise risk and the top 10 universal business risks. We will also discuss what everyone needs to look for in security solutions to ensure they meet what is required to achieve the goals of the business. The lessons from this interactive session will allow you to not only provide ideas on how to capitalize on technology to improve your business but also offer practical ways to protect the business so that you can survive and thrive in this new environment.

Millennial Rising - Do Cracks in the Government’s Generation Dam Signal a Cybersecurity Tsunami
  • Moderator
  • Bree Fowler, Tech Writer, Associated Press
  • Panelists
  • Ed Hammersla, Chief Strategy Officer, Forcepoint
  • Jeff Six, Vice President Enterprise Security, T. Rowe Price
  • Hamilton Turner, Senior Director of Research and Engineering, OptioLabs
  • Lisa Dorr, Senior Cybersecurity Workforce Development Advisor, HHS Office of Information Security (OIS)

    Abstract

    The Millennial workforce is poised to revolutionize the workplace. In fact, by 2025, Millennials are projected to make up 75% of the total workforce. Employers have been adapting their processes, policies, and environments to match the Millennial culture, but are they prepared to handle technology practices?

    Compared to their generational predecessors - Generation X and the Boomers - Millennials (or Generation Y) engage in more risky behaviors online. Numerous studies have been commissioned in the past to identify just what these risky behaviors are. From using non-secure public WiFi to sharing passwords, applications, and other personal information with non-family members, Millennial's 'adjust to us' mentality could have significant security implications to their employers.

    Forcepoint launched a commissioned study with LaunchTech in June 2016 to specifically identify millennial patterns and behaviors as they relate to the use of technology in the workplace and beyond. This diverse expert panel will discuss the recent findings and whether or not the government is taking the appropriate steps to audit and monitor the actions of their workforce in efforts to minimize the impact of risky Millennial behavior, or if their lack of awareness, understanding or action will lead to disaster.

    Forcepoint launched a commissioned study with LaunchTech in June 2016 to specifically identify millennial patterns and behaviors as they relate to the use of technology in the workplace and beyond. This diverse expert panel will discuss the recent findings and whether or not the government is taking the appropriate steps to audit and monitor the actions of their workforce in efforts to minimize the impact of risky Millennial behavior, or if their lack of awareness, understanding or action are leading them towards disaster.

9:50 AM -
10:00 AM
Break / Visit Exhibits
10:00 AM -
11:20 AM
Morning Keynotes
  • Introductions
  • Ken McCreedy, Division of Cyber and Aerospace, Maryland Department of Commerce
  • The Imperative of Pervasive Security in the Digital Era
  • Graham Holmes, Senior Director, Advanced Security Initiatives Group, Cisco Systems

    Abstract

    In today's threat environment and with the growing touch of technology in every aspect of our lives, security must be part of everything we do. Ensuring pervasive security across your business - protecting your products, data, operations, and privacy is mission critical. It entails not only how you build defenses, but how you build defensively. Learn what Cisco is doing to build-in security, why we attack our own products to strengthen our security posture, why open source software introduces new opportunities and risks, and what we all can be doing to make security pervasive.

    Graham Holmes, a Senior Director at Cisco Systems with a broad industry and military security background, has co-authored Cisco's Secure Development Lifecycle. He will highlight what Cisco has learned in building in security into all aspects of an organization.

  • DISA's efforts to Build, Shape and Defend DOD Information Networks
  • Lieutenant General Alan R. Lynn, Director, Defense Information Systems Agency, Commander, Joint Force Headquarters - DODIN
11:20 AM -
11:30 AM
Break / Visit Exhibits
11:30 AM -
12:00 PM

Cyber Innovation Forum

Cyber Defense ToolBox
  • Facilitator
  • Avi Rubin, Professor, Computer Science, Technical Director, Information Security Institute, Johns Hopkins University
  • Panelists
  • Lance James, Chief Scientist, Flashpoint
  • Earl Eiland, Senior Cyber Security Engineer, Emerging Technologies, root9B
  • Gregg Smith, CEO, Optio Labs
  • Ofer Amitai, CEO, Portnox
  • Keith Moore, Senior Product Manager, SparkCognition

    Abstract

    The recent onslaught of cyber-attacks has left many organizations re-evaluating what's in their toolbox to help combat cyber-crimes. Having the right armor for pre- and post-cyber-attack strategies is the key to survival. Learn how these five innovative products can help you defend your network in real-time. Hear a panel of product development experts and technologists provide insight on next generation tools designed to protect business and personal assets.

Insider Threats Forum

Leverage and Scale for a Defensible Cyberspace
  • Introductions
  • Lt. General John Campbell (USAF, Ret), Chairman, Government Advisory Board, Iridium, and Cyber Education Consultant, UMUC
  • Speaker
  • Jason Healey, Senior Research Scholar, Columbia University's School for International and Public Affairs

    Abstract

    Cyberspace has favored attackers for decades. Unless we flip this around, so the defenders have the advantage, then all we are doing are working on the symptoms. There is an increasingly rich set of research on actions that are `defense advantage' which seek to raise the costs of the attackers and enable cost-effective risk management through defensive investments. This talk is rooted in the work of an ongoing New York Cyber Task Force, to answer "what technology, operational, and policy actions have we made to date which have given the defenders the most impact in degrading the effectiveness of attackers?" The session will explore how lessons from these successes can drive the next defensive innovations of tomorrow.

Government Cyber Opportunities Forum

Cyber Research and Development Needs and Wants: Perspectives from the Federal Government
  • Moderator
  • Debora A. Plunkett, Former Director of Information Assurance, NSA/CSS and Adjunct Faculty, UMUC, Principal, Plunkett Associates LLC
  • Panelists
  • Enidia Santiago-Arce, Technology Transfer Manager, NASA Goddard Space Flight Center
  • Curtis Arnold, Sustaining Base Network Assurance Branch Chief, US Army Research Lab
  • Lee Badger, Group Manager, Computer Security Division, Information Technology Laboratory, NIST
  • Edward Rhyne, Program Manager, Cyber Security Division DHS S&T

    Abstract

    Hear from federal researchers on the USG's cybersecurity needs, their approach to R&D, and the procurement of new innovative solutions to some of the nation's toughest cybersecurity challenges. Gain insights into upcoming cybersecurity projects and potential opportunities for collaboration and funding. Hear from practitioners on best practices to build sustainable relationships with federal departments and agencies.

Cyber Workforce Forum (CWF)

Preparing for the Next Generation of Cyber Warriors: Collaboration is Key
  • Introductions
  • Patrick Wynn, Vice President, Cyber Business Development, Howard County Economic Development Authority
  • Speaker
  • Willian (Bill) J. Weber, President and CEO, KEYW Corporation

    Abstract

    Today's cyberspace environment is a competitive forum where economic, political and human interests of every nation, business and person are increasingly pursued and realized. In fact, over the past two decades, we have accelerated toward full dependency upon cyberspace as we build, connect and automate critical components of our military, financial and utility systems. Ultimately, cyberspace has become a core national interest for our country-one which we must protect, nurture and leverage. So, how do we prepare for this?

    Maintaining cyberspace at this level will require a cyber workforce that aligns to the challenges and the stakes involved with operating in this contested domain. Any comprehensive cyber workforce solution begins with a unique blend of initiatives born from a collaboration of our nation's educational systems, government and industry. This talk will highlight specific steps each entity can take toward creating a proficient cyber workforce using specialized methods which leverage people, processes, and technologies into a speed-to-competency advantage over our adversaries in cyberspace.

12:00 PM -
12:30 PM

Cyber Workforce Forum (CWF)

Harvesting Brilliance: Israeli Technical and Cyber Workforce Development
  • Adam Firestone, Senior Vice President, Solutions Engineering for Secure Channels, Inc., President, Secure Channels Government Solutions, Inc.

    Abstract

    Following the 1973 Yom Kippur War, the Israeli government realized that creating and maintaining technical superiority was essential to the battlefield dominance that ensured the nation's survival. In response to this need, a program was created through which the most talented youth were recruited and provided with the best education the country had to offer. In return they devoted their talents to military technical and cyber research and development, and, following their military commitments, many of these students created the businesses that have caused Israel to be known as the "startup nation." This session will explore the drivers behind the Israeli program, its elements, the reasons for its success, how attempts to emulate it in other countries have fared and how it might inform a similar program in the US.

12:30 PM -
1:00 PM
Visit Exhibits/Lunch
1:00 PM -
1:45 PM
Lunch Keynote
  • Keynote Introduction
  • Ira E. Hoffman, Of Counsel, Butzel Long
  • Where We Should Focus Our Security Investments
  • The Honorable Michael Chertoff, Former United States Secretary of Homeland Security and Executive Chairman and Co-Founder, The Chertoff Group

    Abstract

    Current events have highlighted the potential impact of cyberattacks on the fabric of our business and political systems. From the ongoing viability of Yahoo's proposed merger with Verizon, to the integrity of our Nation's voting systems, cybersecurity is increasingly seen as necessary to ensuring the foundation of trust in society. Driven by the frequency of high-profile attacks, increased regulation and litigation, and stronger attention on cyber risk and operational impacts, we see further focus and growth in the cybersecurity market. Michael Chertoff, former Homeland Security Secretary and Executive Chairman of The Chertoff Group, will discuss where we need to drive this focus and evidence we are seeing today for how we can enhance cybersecurity in this age of digital transformation for the greater public good in a safe and secure way.

1:45 PM -
2:15 PM
Break / Visit Exhibits
2:15 PM -
2:45 PM

Cyber Innovation Forum

Cyber Crime Unmasked
  • Introductions
  • Shannon Landwehr, President & CEO, Economic Alliance of Greater Baltimore
  • Speaker
  • Joseph Muniz, Technical Solutions Architect - Americas Security Sales Organization, Cisco System

Insider Threats Forum

Will You Be the Next Health System Held for Ransom?
  • Moderator
  • Zuly Gonzalez, Co-founder and CEO, Light Point Security
  • Panelists
  • Chad Wilson, CIO, Children's National Medical Center
  • James Parren Courtney, Courtney Consultants LLC
  • Darren Lacey, Chief Information Security Officer, Johns Hopkins University
  • Chris Panagiotopoulos, Chief Technology Officer, LifeBridge Health

    Abstract

    All healthcare organizations should have anti-virus and firewalls in place - but that's just not enough in today's ever evolving world. As attackers grow more and more sophisticated, and ransomware becomes the new normal, healthcare organizations are struggling to keep up.

    Staying out of the headlines requires an investment in security. But where does one begin? And given a limited budget, where should you invest to give you the biggest bang for your buck?

    Hear from an expert panel of healthcare CIOs and CISOs on best practices for keeping ePHI out of the wrong hands, as well as innovative technologies that can be used to avoid becoming the next ransomware victim. Together they have decades of experience managing and securing healthcare networks, and will share practical ways you can secure yours.

Government Cyber Opportunities Forum

They Know Who You Are: Enhancing National Security in the Wake of the OPM Breach
  • Moderator
  • Bree Fowler, Tech Writer, Associated Press
  • Panelists
  • Richard Helms, CEO, Ntrepid Corporation
  • David Shedd, Visiting Distinguished Fellow, The Heritage Foundation and Adjunct Professor, Patrick Henry College
  • Brig Gen (Ret) Guy Walsh, US Cyber Command
  • Will Ackerly, CTO, Virtru

    Abstract

    The OPM breach is clearly the largest and worst breach of its kind considering the content and volume of personal information that exposed the US' most sensitive assets - cleared/formerly cleared and friends and family of cleared/formerly cleared individuals. As a result, we have to assume our adversaries know who we are and are positioned to take advantage to whatever end they desire. The government's answer to issue and expand an identity protection program will undoubtedly fall short of affording actual protection. We are all targets, they know who we are, what can we do to enhance National Security when nation state aggressors have details to carry out very sophisticated social engineering attacks - because they will come knocking.

    This distinguished panel will discuss the tactics our adversaries are willing and able to use and what we should be prepared to do in order to ensure we are not turned into a compromised target.

Cyber Workforce Forum (CWF)

If You Always Do, What You Always Did, You Always Get, What You Always Got
  • Introductions
  • Dr. Mansur Hasib, CISSP, PMP, CPHIMS, Author/Professor/Program Chair, Cybersecurity Technology, The Graduate School, University of Maryland University College (UMUC)
  • Speakers
  • Maxwell Shuftan, Interim Director of CyberTalent Solutions, SANS Institute
  • Drew Fearson, Chief Operating Officer, NinjaJobs

    Abstract

    Hiring managers continue to go to the same wells for cyber talent, yet are surprised when innovation runs dry. Creating an effective cyber talent pipeline requires plumbing new sources for diverse talent. Successful innovation strategies start with a deliberate plan to invest and invite in skilled talent whose background and experience falls outside your current norms.

    In this session, we'll:

    - explore the key staffing challenge enterprises today face

    - affirm the importance of creating a program of deliberate diversity

    - identify new sources for diverse talent

    - discuss means for attracting and retaining skilled, vetted cyber talent.

2:45 PM -
3:15 PM

Cyber Workforce Forum (CWF)

How to Join the Infosec Community
  • Micah Hoffman, Information Security Professional, Booz Allen Hamilton, Certified SANS Instructor, and NoVA Hacker

    Abstract

    In 2005, I was happy. I'd earned my CEH and CISSP certifications and was content in a job performing security testing. I'd heard about "hackers" and their "0-days" but had never met one nor developed an exploit myself. It was at my first Defcon in 2006 where I learned that hackers did more at conferences than merely attend talks. They participated. They shared. They picked locks! OMG THEY PICKED LOCKS! This was a community that I wanted to join but I didn't know how.

    If this sounds like you (or your friend), I encourage you to join me for this talk. We'll laugh. We'll cry. Oh and I will share my top strategies for joining the infosec community to maximize your career and personal goals.

    I like this talk because it is all about empowering people to go further and enhance their career through taking positive actions. The audience is EVERYONE in cyber be they policy people, attackers, defenders, senior people or people just breaking into the field.

3:15 PM -
3:30 PM
Break / Visit Exhibits
3:30 PM -
4:30 PM

Cyber Innovation Forum

Israel Innovation Exploration Roundtable
  • Robert Katz, Executive Director, Innovation Intelligence Institute
  • Amos Stern, CEO/Co-Founder, Siemplify
  • Sam Friedman, Regional Director, Cyberbit
  • Scott Dubin, Director, OurCrowd
  • Aaron Dubin, Investment Team, Innovation Endeavors

    Abstract

    Welcome the Israel Cyber Innovation Delegation to Maryland - while we together ask some of the most critical questions for both countries:

    - What fuels the engine of the Israeli Start-Up Nation cyber-machine?

    - Where do its elite cyber innovations receive their inspiration?

    - Who nurtures the start-up lifecycle - from concept to commercialization?

    Join this hyper-interactive audience-driven deep dive into the minds of some of Israeli's top cyber start-up innovators . Let's discover what makes them "tick" - and how we can all work together with them and the entire Israeli Cyber Ecosystem to strengthen our bilateral cyber cooperation bonds, even further..while increasing everyone's cyber-posture - together.

Insider Threats Forum

The Most Overlooked Cyber Threat to Organizations The Insider Threats
  • Greg Cullison, Chief Operating Officer, Big Sky Associates

    Abstract

    If you are thinking about Cyber Threats in the traditional way, your program is doomed to fail. This is not a "check the block" exercise or a situation where you plug in a cyber tool to make the problem go away.

    Threats can be both internal and external. The threat to data security does not solely exist outside the borders of the organization. Today's modern and convoluted enterprises have become breeding grounds for Internal data security breaches.

    Even unintentional breaches can be the source of harm. Although security breaches may not be malicious, the risk of accidental breaches present a credible risk. As critical information and sensitive data within the business continues to grow, managing the potential threats internal to the organization is an important priority.

    Insider threat exists across the whole organization. However, certain areas of the enterprise are more vulnerable than others. Attempting to cover the waterfront on internal security will leave your security resources too diluted to be effective, and will waste your precious time as you chase false leads.

    To be successful in this endeavor, companies need to be able to step back and ask two key questions:

    Where are the biggest business risks?

    What data is most important and how it is used and accessed across the organization?

    From there companies can begin to understand their most sensitive data, who has access and what are the threats and risks to that information. Companies can use this information to build a threat model that is dynamic and can respond to changing threats, rather than a dyed-in-the wool static security solution that is easily circumvented.

Government Cyber Opportunities Forum

Beyond Silk Road: Recent Developments in Anonymous Marketplaces
  • Introductions
  • Gary Merry, CEO, Deep Run Security
  • Speaker
  • Nicolas Christin, Assistant Research Professor, Electrical and Computer Engineering, CyLab, and Engineering and Public Policy at Carnegie Mellon University

    Abstract

    Founded in 2011, Silk Road was the first online anonymous marketplace, in which buyers and sellers could transact with anonymity guarantees far superior to those available in online or offline alternatives. Business on Silk Road, primarily involving narcotics trafficking, was brisk and before long competitors appeared. After Silk Road was taken down by law enforcement, a dynamic ecosystem of online anonymous marketplaces merged. Presenter Nicolas Christin, Assistant Research Professor, Carnegie Mellon University will describe longitudinal measurements that help us better understand this ecosystem. In the process, I will highlight the scientific challenges in collecting such data at scale.

Cyber Workforce Forum

Developing a well-rounded cyber workforce: The need for law and policy expertise
  • Michael Greenberger, Law School Professor, University of Maryland Francis King Carey School of Law, Founder and Director, University of Maryland Center for Health & Homeland Security
  • Peter "Pete" Tseronis, Founder and CEO, Dots and Bridges LLC (former CTO, U.S. Department of Energy)
  • Markus Rauschecker, Cybersecurity Program Manager, Center for Health and Homeland Security (CHHS), Adjunct Faculty, University of Maryland Francis King Carey School of Law
  • Simon Hartley, VP of Sales, Principal 202 Partners

    Abstract

    The importance of developing a skilled cyber workforce is widely recognized. Government and the private sector need well-trained people who have the right skills to address cyber threats. As the National Cybersecurity Workforce Framework illustrates, a multitude of roles, knowledge, skills, and abilities are required. The development of an effective cyber workforce demands that organizations address current as well as future needs. Moreover, an effective cyber workforce needs both technical and non-technical skills. This panel will discuss why a well-rounded cyber workforce is critical and provide a special focus on the importance of legal and policy expertise in the cyber field. Familiarity with legal and policy issues, and the ability to address these issues, is becoming ever more critical for the future of cybersecurity.