CyberMaryland Conference 2016

October 20-21, 2016 • Baltimore Hilton Hotel • Baltimore, MD

Tracks



Day One- October 20

  • Track A: Cyber Risk
    • Navigating the evolving threat landscape and complexity of hacker adaptability in a world consumed with connectivity and data gathering is a critical undertaking for the cybersecurity community. As industry and government prepare for hard to detect cyber-attacks it is essential to examine best practices for protecting critical cyber infrastructure through technical and regulatory strategies derived from top-tier technologists, industry leaders and policy-makers. Hear from cyber experts and C-level executives on ways to mitigate risks, protect networks and safeguard vital government and industry high-value assets.
  • Track B: Cyber Education & Workforce Development
    • The demand for cybersecurity talent is expected to rise to six million globally by 2019. This year alone, one million cyber jobs are opening and over 200,000 jobs in the U.S. are unfilled. The case has been made for why cyber education and workforce development are high-stake missions in the fight against cyber-crime. Learn why a thriving U.S. cyber workforce is at the helm of effective STEM initiatives, college/university curriculum development, cyber training, and alternative educational methods for preparing our nation’s heavily sought-after cyber leaders.
  • Track C: Cyber Science, Analytics & Threat Intelligence
    • Understanding sophisticated cyber adversaries, specifically how they threaten government and industry assets, help network protectors make informed decisions. The science behind cybersecurity strategies allow experts to build a blueprint for how to identify, conceptualize, and defend against malicious malefactors. Learn how threat intelligence is used, and misused, to guard critical data and what cyber science and data analytics teach us about cyber threats in the 21st century.

Day Two- October 21

  • Track A: Cyber Innovation & Technology
    • If technology changes at the speed of light the need for cybersecurity R&D, new venture funding and accelerated go-to-market strategies are detrimental to protect America’s prosperity and national security in cyberspace. Hear from the nation’s top cyber industry scientists/engineers and government cyber R&D leaders as they discuss and define the technologies they have, the technologies they need and the urgency to discover and bring-to-market new cyber innovations.
  • Track B: Insider Threats
    • Detecting and deterring cyber threats that come from within an organization poses a major challenge that requires a socio-technical defense strategy. Understanding human behavior that leads to the illicit access to confidential information is important to determining ways to deter cyber crime. Learn how organizations are addressing insider threats by identifying controls and indicators for preventing, detecting and responding to insider incidents from both technical and behavioral prospectives.
  • Track C: Government Cyber Opportunities
    • The influx of government spending on cybersecurity generates immerse opportunity for commercial IT companies and cyber workforces. The acquisition and deployment of existing and emerging technologies coupled with the training of a robust cyber workforce strategically positions the government’s national security interests. Hear directly from federal government agencies and contractors on the cybersecurity partnership opportunities available now and in the future.
  • Track D: Cyber Education & Workforce Development
    • The demand for cybersecurity talent is expected to rise to six million globally by 2019. This year alone, one million cyber jobs are opening and over 200,000 jobs in the U.S. are unfilled. The case has been made for why cyber education and workforce development are high-stake missions in the fight against cyber-crime. Learn why a thriving U.S. cyber workforce is at the helm of effective STEM initiatives, college/university curriculum development, cyber training, and alternative educational methods for preparing our nation’s heavily sought-after cyber leaders.

Agenda


Thursday October 20, 2016
7:30 AM -
9:00 AM
Registration
9:00 AM -
10:00 AM

View from the Trenches: Are Cybersecurity Graduates Job Ready?
  • Abstract

    This panel is a hard-hitting evaluation of the readiness of new computer science and cybersecurity graduates for operational positions in cyber.


10:00 AM -
10:15 AM
Break / Visit Exhibits
10:15 AM -
10:25 AM
General Session/ Welcome
10:25 AM -
11:00 AM
Opening Keynote
11:00 AM -
11:15 AM
Break / Visit Exhibits
11:15 AM -
12:15 PM
OPM One Year Later: Lessons Learned, Identity Protections & Next Steps
  • Kevin Lancaster, CEO, Winvale

    Abstract

    Protecting the identities of more than 4.2 million current and former government employees who were impacted by the Office of Personnel Management (OPM) cyber incident demands thorough solutions, this session will look at the correlation between organizational and personal identity monitoring based on analytics, byproducts and lessons learned from managing the response. Join Kevin Lancaster, CEO of Winvale, a credit and identity monitoring service awarded the contract by OPM to protect the identities federal employees.

Inspiring a New Generation of Computer Science and Cybersecurity Professionals
  • Abstract

    The panel focuses on key government and private initiatives to engender more interest in computer science and cybersecurity among young students, women and minorities.

A Cyber Success Story - Moving NSA Technology to the Marketplace
  • Linda L. Burger, Director, Technology Transfer Program at National Security Agency

    Abstract

    Network breaches and data loss are cyber threats that impact everyone. But not everyone knows that something as common as an external device port can be your biggest cyber vulnerability. Technology invented and patented by the National Security Agency and licensed by Padjack, Inc. has been commercialized to address this issue, providing consumers with port protectors and other devices that provide a layer of cyber security - at the physical level.

    In this session, the National Security Agency Technology Transfer Program (TTP) will take you through the process of successfully licensing its data port protection and tamper detection technologies. You will hear first-hand how NSA developed these devices and then partnered with Padjack to commercialize a viable suite of products.

    NSA has nearly 200 patented technologies available for license. The NSA TTP provides a single point of contact for companies interested in accessing some of the agency's technology to achieve market differentiation. Patent License Agreements create win-win partnerships that can help the agency accelerate mission solutions while your company gains a competitive edge in the commercial marketplace. These agreements also advance science, grow technology, and promote economic growth. The NSA's TTP may have the technology you have been looking for. Join us!

12:15 PM -
12:30 PM
Break / Visit Exhibits
12:30 PM -
1:30 PM
Lunch Keynote
1:30 PM -
1:45 PM
Break / Visit Exhibits
1:45 PM -
2:15 PM

Cybersecurity Students: Getting Them Through and Getting It Right
  • Abstract

    The shortage of graduates with the skills to fill cybersecurity workforce needs is a constant theme. This raises three key questions: What are recent enrollment trends in CS related college and university degree programs? Are there unnecessary barriers to degree completion in STEM fields? What are discipline accrediting bodies doing to help ensure that graduates in cybersecurity are ready for operational roles?

If Breaches are Inevitable, What’s Next?
  • Lance Dubsky, CISSP, CISM, is Chief Security Strategist, Americas, FireEye

    Abstract

    Organizations around the world are faced with cyber attackers that constantly evolve their appearance and tactics to fulfill an array of objectives from the economic to the political. But why are organizations getting compromised? Is it because they lack an effective cyber security strategy to mitigate the risk of significant breaches within their environment? Over the last year we've continued to see a large amount of breached companies that were unable to detect an ongoing compromise. Is this problem going to continue to get worse and if so, how are we going to stop it? Or can it be stopped?

    In this talk Lance will provide some insight into why organizations continue to experience significant breaches by a range of different threat actors. He will provide examples of actual incidents detailing how organizations have been compromised, and how by combining technology, intelligence and expertise they can ensure they are protected against cyber-attacks of the future.

2:15 PM -
2:45 PM

2:45 PM -
3:00 PM
Break / Visit Exhibits
3:00 PM -
4:00 PM

Cybersecurity Education for the Board and the C-Suite: What Should the Syllabus Look Like?
  • Abstract

    Stories about corporate cybersecurity compromises of one sort or another are frequently in the news. Yet, how high a concern is cybersecurity among officers and directors? What do they need to know in order to manage prudently in a world where business risk from cyberspace continues to grow?




Friday October 21, 2016
7:30 AM -
9:00 AM
Registration
9:00 AM -
10:00 AM
Evolution of the CISO
  • Dr. JR Reagan, Global Chief Information Security Officer, Deloitte Touche Tohmatsu Limited

    Abstract

    When companies first created the position of chief information security officer, the person who filled it was the "geek-in-charge," rising through the ranks of the information systems department to become its leader. Often beginning in IT and rising to the upper echelon of security and risk departments, CISOs in recent years have seen information security take on a crucial role in business operations. This discussion will focus on the recent dramatic shifts in the responsibilities of a CISO through the lens of a Global CISO and discuss the Top 10 lessons learned.

10:00 AM -
10:15 AM
Welcome
10:15 AM -
11:00 AM
Keynote
11:00 AM -
11:15 AM
Break / Visit Exhibits
11:15 AM -
12:15 PM
Cyber Defense ToolBox
  • Facilitator
  • Avi Rubin, Professor, Computer Science, Technical Director, Information Security Institute, Johns Hopkins University
  • Panelists
  • Lance James, Chief Scientist, Flashpoint
  • David Barton, CISO, Forcepoint
  • Gregg Smith, CEO, Optio Labs
  • Chris Morgan, Cofounder and Chief Technology Officer, IKANOW

    Abstract

    The recent onslaught of cyber-attacks has left many organizations re-evaluating what's in their toolbox to help combat cyber-crimes. Having the right armor for pre- and post-cyber-attack strategies is the key to survival. Learn how these five innovative products can help you defend your network in real-time. Hear a panel of product development experts and technologists provide insight on next generation tools designed to protect business and personal assets.

Expanding the Blue Team by Building a Security Culture Program
  • Masha Sedova, Senior Director of Trust Engagement, Salesforce

    Abstract

    Often, attackers only need one employee to fall for an attack before gaining a foothold in an organization. The defenders on the other hand have to continuously catch all attacks to keep an organization secure. In 2012, Masha Sedova began a new approach to Salesforce's security awareness program aimed at increasing the difficulty of a successful attack on their employees. The goal was not only educate the company's employees about security, but also to make them invested in their part of securing the company by reporting suspicious activity. After a multi-step approach, the company continues to see increasingly promising results on detecting simulated and real phishing emails and defending against red team exercises. In this talk, Masha will talk about the steps she's taken to increase the reporting of suspicious activity by her employees and the measurable impact it has had in helping keep Salesforce's employees and customers secure.

Federal Government's Cyber R&D Needs, Wants and Expectations
  • Moderator TBD
  • Enidia Santiago-Arce, Technology Transfer Manager, NASA Goddard Space Flight Center
  • Curtis Arnold, Sustaining Base Network Assurance Branch Chief, US Army Research Lab
  • Matt Scholl, Chief of the Computer Security Division, NIST
  • Ed Ryhne, Program Manager, Cyber Security Division, Department Homeland Security Advanced Research Projects Agency (HSARPA), DHS S&T

    Abstract

    Learn about the federal government's approach to R&D and the procurement of new innovative solutions to complex cybersecurity problems. Hear about up-coming cybersecurity projects, funding opportunities and best practices to build sustainable relationships with federal agencies.


12:15 PM -
12:30 PM
Break / Visit Exhibits
12:30 PM -
1:30 PM
Lunch Keynote
1:30 PM -
1:45 PM
Break / Visit Exhibits
1:45 PM -
2:45 PM




2:45 PM -
3:00 PM
Break / Visit Exhibits
3:00 PM -
4:00 PM
The Cyber Alpha Index (CAI): A Model for Making Profitable Cybersecurity Investments
  • Principal Investigator
  • Dr. Timothy C. Summers, University of Maryland College Park, College of Information Studies
  • Student Researcher
  • Sanjna Srivatsa, University of Maryland College Park, College of Information Studies

    Abstract

    Cybersecurity is a complex and multifaceted challenge that is continuously growing in importance. It is a concern that not only affects banks and government agencies, as it constantly revealed through the media, but its implications expand beyond. It comes as no surprise that Wall Street would push efforts to cash in on the opportunity that is cybersecurity. In fact, cybercrime is fueling a worldwide cybersecurity market which is expected to grow from $75 billion presently to $170 billion by 2020. Hundreds of billions of dollars are being spent by consumers, businesses, governments, and the rest of the world to secure our ever-changing catalog of technology including, PCs, personal and corporate networks, the Internet of Things (IoT), and mobile devices. Despite a tumultuous stock market and poor venture capital returns, cybersecurity companies are raising large rounds of financing from investors. Due to the nascent nature of this field, the highly data driven investment methodologies of old are not effective in guiding investment decisions. Investors complain that these methods are not agile and fall short when keeping up with current trends in the cybersecurity market. Our research utilizes principles of business intelligence and the latest research in hacker cognitive psychology to present a comprehensive, informative and easily digestible indicator for investors that is agile and self-optimizing. We present a model that considers blogosphere sentiment, relevant news, trend data, and real-time cyber-attack tools, techniques, and procedures to produce an investment indicator that will assist investors in their decision making.




Cyber Shark Tank
4:00 PM -
5:00 PM

Beyond Silk Road: Recent Developments in Anonymous Marketplaces
  • Nicolas Christin, Assistant Research Professor, Electrical and Computer Engineering, CyLab, and Engineering and Public Policy

    Abstract

    Founded in 2011, Silk Road was the first online anonymous marketplace, in which buyers and sellers could transact with anonymity guarantees far superior to those available in online or offline alternatives. Business on Silk Road, primarily involving narcotics trafficking, was brisk and before long competitors appeared. After Silk Road was taken down by law enforcement, a dynamic ecosystem of online anonymous marketplaces merged. Presenter Nicolas Christin, Assistant Research Professor, Carnegie Mellon University will describe longitudinal measurements that help us better understand this ecosystem. In the process, I will highlight the scientific challenges in collecting such data at scale.