List of Presentations


Breakfast Keynote - CISO Panel

Panelists to be announced.

 

Lunch Keynote - The State of Security

With data breaches making headlines and with new and growing threats coming from disgruntled insiders, viruses/worms, corporate espionage, cyber-terrorism, and information warfare, there is a heightened concern over information assurance. Today, largely invisible enemies launch daily attacks on nearly every major corporation and government agency, and rapidly adapt their tactics to address countermeasures. As the threat model evolves, traditional "perimeter" security measures are no longer adequate to protect sensitive information. It's time for enterprises to consider a number of time-tested techniques and principles to prepare for such electronic warfare. This session will present the newest techniques that help address evolving computer security threats.

In this session attendees will learn:

  • How to apply time-tested techniques to address evolving computer security threats, including multi-level security, compartmentalization, need-to-know, cryptography, layered defense, concentration of data flow, role separation, two-factor authentication, key rotation etc.
  • How to evaluate your security infrastructure to identify the most appropriate protection measures for your organization.
  • How to deploy a security model that ensures that mission-critical data is backed up, replicated, and accessible, and enables organizations to completely retrieve data after such unplanned events as system failures, operational outages, and cyber threats.
  • A list of common vulnerabilities and the newest attack techniques along with recommendations on addressing these issues to effectively protect sensitive information.

Gordon Arnold (IBM and Chair of SNIA's Storage Security Industry Forum)

Gordon defines strategy and roadmaps for storage software including Information on Demand, security, compliance, data governance, and archive/backup products.

Gordon joined IBM through acquisition in 1994. Prior to joining IBM he worked in a variety of technical and development management positions for e-mail and directory integration company Soft-Switch. His focus in IBM has been on large scale Internet deployments, security (including an early firewall), and for the last years storage. He was part of the core team which brought to market our storage virtualization offerings. . More recently he managed IBM’s approach to encryption and key management including the IBM TS1120 and LTO tape offerings.

Gordon has a BA in Liberal Arts and Sciences from the University of Illinois, over 25 years experience in IT products development, and holds the Senior Technical Staff Member grade in IBM. He has a number of security patents related to anonymous but secure internet commerce. He is currently on the board for the Data Management Forum.

 

...But the Information was Encrypted!

The costs associated with lost or stolen information represents a serious vulnerability; bad publicity may be the more significant consequence. This talk will examine approaches to preventing unauthorized disclosure if media is lost or stolen, including.

Kevin Kampman (Burton Group)

Mr. Kampman is a senior analyst with Burton Group, covering Identity Management and Privacy. He has over 20 years of industry experience and is a recognized industry expert and speaker on identity management and security related topics. He has recently authored reports on role management from an industry and project implementation perspective.

 

FPGA Hardware Acceleration to Enhance Data Security

In addition to stopping malicious content from entering networks, administrators must prevent sensitive data from exiting. Traditional systems aren’t effective at data security, as leaks can be transmitted over channels such as web-mail, FTP and instant messaging. This presentation introduces a combined hardware/software platform to enhance data security.

Joe Leonard (Global Velocity)

Joe Leonard is currently a Director of Technology at Global Velocity, responsible for bringing to market an advanced Deep Packet Inspection device focused on Information Leak Prevention and other leading edge security applications. He has spent over 25  years in Communications Technology, with experience ranging from Military systems to global fortune 100 networks to modern day internet solutions.  Previously Joe held a Director’s role in the Chief Technology Office of Nortel Networks where he was responsible for Enterprise Data and VoIP technology direction. Prior to Nortel, Joe was Director of Principal Engineering with a Successful Silicon Valley startup, Shasta Networks which was acquired by Nortel Networks in 1999. Joe has also held various technical and management positions with Compaq Computer, and MCI Communications focused primarily on wide area and local area data networking solutions.

 

Beyond TableTop: More Hands-On Incident Response Testing

This session is a follow-up to the presentation given at the Dayton conference in 2006 on the same topic. This presentation provides a summarized overview of the process used to create and conduct a simulated security incident using real computers involved in a real-time situation. From there, we move into the details of the test we conducted in year 2 of our IR Test program. Audience members will enjoy the interaction of the presentation as they are asked questions about what they would do, then compare their answers to what the IR Team did. The session wraps up with a discussion of the post mortem meeting and a comparison against our first test.

Keith Fricke (Cleveland Clinic Health System)

Keith Fricke is the Data Security Administrator for The Cleveland Clinic Health System’s 8 Community Hospitals. He is responsible for Regional and Enterprise-wide Information Security initiatives and has worked for CCHS for almost 6 years. His 22+ years of IT experience includes network engineering and systems administration on a variety of platforms, with a primary focus on Information Security the last 8 years.Keith Fricke is the Data Security Administrator for The Cleveland Clinic Health System’s 8 Community Hospitals. He is responsible for Regional and Enterprise-wide Information Security initiatives and has worked for CCHS for almost 6 years. His 22+ years of IT experience includes network engineering and systems administration on a variety of platforms, with a primary focus on Information Security the last 8 years. Keith holds a Bachelor's Degree in Electronic Engineering Technology from Cleveland State University, is a CISSP, and frequently gives security presentations at the national, state and local level. He also maintains memberships in Infragard, ISSA, and the NEO InfoSec Forum.

C. Matthew Curtin (Cleveland Clinic Health System)

C. Matthew Curtin is a Columbus-based technologist, writer, and entrepreneur. He founded Interhack in 1997 and in 2000, Curtin organized Interhack Corporation and its professional service practices in Forensic Computing and Information Assurance. Curtin was an integral part of a distributed computing project that broke a DES-encrypted message for the first time in open research. Curtin maintains a regular academic appointment as a Lecturer at The Ohio State University's Department of Computer Science and Engineering, Additionally, he has guest lectured for the Privacy Foundation at the University of Denver's Sturm College of Law, Otterbein College, Franklin University, the Keller Graduate School of Management at DeVry University.

 

Bridging Information Security and Business Objectives

The presentation will take a look at information security in light of meeting business objectives and goals. I will discuss the disconnect between the two and ways to bridge the gap between business and security professionals and how information security should facilitate critical business processes effectively.

Virgil Vaduva (WinWholesale Inc.)

Virgil Vaduva (CISSP) is a Romanian-born security consultant, trainer and analyst with experience in architecture, design and implementation of controls and processes.

 

Security Considerations when Implementing ERP systems

Discussion will focus on security issues and considerations when implementing ERP systems to address compliance with regulations, protection of sensitive information, user authorization and authentication, administration, security monitoring and maintenance and infrastructure hardening to decrease an organization’s exposure to security risks.

William E. Lovell (KPMG LLP.)

Mr. Lovell is a Manager in KPMG’s Advisory Services practice in Columbus, Ohio focusing on assessing the design and operating effectiveness of IT controls within both the infrastructure and application layers of the IT stack.

 

Injection Attacks

Hackers use injection attacks against web applications to bypass firewalls and grab sensitive data. Increasingly common, injection attacks target web applications using SQL, PHP, ASP, LDAP, SMTP, and XPath. We will demonstrate step by step how injection attacks work and show how to stop them with secure programming techniques. There will be a demonstration.

James Walden (Northern Kentucky University)

James Walden is a professor of computer science at NKU. He received his Ph.D. from Carnegie Mellon University in 1997, and then worked at Intel for five years. He is the author of several papers on software security and gives regular talks and workshops on developing secure applications.

 

Making people aware of information security

It seems that more and more regulations and frameworks require information security awareness training. This presentation will explore various audiences, approaches, and messages to consider in awareness training and communications. Additionally, example awareness materials and messaging will be shown and discussed.

Jerry L. Echternacht (NCR Corporation)

Jerry L. Echternacht, CISSP, CISA, is a Manager of Global Information Security at NCR Corporation. Jerry has been employed at NCR for over 14 years, where he is currently involved with Sarbanes-Oxley testing, risk assessment and analysis, awareness programs, and information security policies and standards. Before this, he provided information technology consulting to a wide variety of companies and industries.

 

The State of Encryption and Data Protection

Businesses today are placing a higher value on information than ever before as evident in data breaches and compliance making front page news. This session will discuss the evolution of encryption and present how organizations are responding by describing tactical and long term approaches for holistic data protection.

Kevin Flanagan, CISSP, CISA (RSA, The Security Division of EMC)

Kevin Flanagan is Manager of Technical Consulting for RSA. Kevin has over 14 years experience including services such as implementation of security policies, risk assessment methodologies, secure application design, and data protection. Kevin is President of the Central Ohio ISSA and a frequent industry speaker.

 

Database Security-The Last Line of Defense

Every year, IT security concerns become increasingly important to organizations around the globe. Database security is mandatory and it is the last line of defense before data is breached. For Oracle databases, there are many security features for a company to take advantage of. This presentation looks at these security features and provides recommendations. There will be a demonstration.

Ron Shaffer (Ross Group Inc)

Ron Shaffer joined the Ross Group in 2001. Since then, Ron moved his way up to Manager of Database Services within Ross Group. Currently, Ron is an MCSE as well as an Oracle 8, 9i, and 10g Certified Professional. His specialties include RAC and performance tuning.

 

Security Strategy: Planning the Next 3 to 5 years

Information Security is a critical component in every organization. However, few have successfully established procedures to effectively manage their security environment, often times creating overly complex security environments, decreasing productivity and increasing costs. The discussion will examine the business drivers pushing security and how to effectively manage security within this complex landscape.

Mike Del Giudice (Crowe Chizek and Company LLC)

Mike Del Giudice is a Manager with Crowe’s Security practice. He has over seven years of information security experience within multiple industries, helping organizations strengthen their security posture from a people, process, and technology perspective. He has presented and published articles on security and compliance.

 

Open Source Information Security Infrastructures for Small Business

Small businesses represent 99.7 percent of all employer firms and employ more than 50 percent of all private sector employees. Yet, because of a lack of IT resources and security skills and little funding to spend on IT efforts, small businesses are increasingly becoming the targets of cyber-thieves and other cyber-criminals. Here we present a framework and methodology for small businesses to use open source software in a layered approach as a cost effective solution to reducing their vulnerability footprint.

Eric Baenen (Infoscitex Corp)

Mr. Baenen has over 18 years of IT project management experience creating and managing secure networks and secure collaboration and information sharing systems for the Department of Defense including the Virtual Distributed Laboratory for the Office of the Deputy Under Secretary of Defense for Science and Technology. In the last 8 years he has focused on using open source software and the Linux operating system to support the research mission of various Air Force Research Laboratory facilities at Wright Patterson AFB.

 

Hacking the Mobile Workforce

Companies spend millions of dollars implementing security technologies to protect their corporate networks. Laptop computers and other mobile devices lose this protection once they leave the confines of the corporate office. This presentation will define mobility-related threats, show live hacks and define best security practices to address these risks, with a particular focus on NAC and NAP technologies. There will be a demonstration.

Daniel V. Hoffman, CISSP, CWNA, CEH, CHFI (Fiberlink Communications Corporation)

Daniel V. Hoffman is a the author of two books by Wiley Publishing “Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise,” released in April and “Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control”, due out in May. He is a regular speaker at events throughout the world and has been interviewed as a security expert by numerous media outlets including Forbes, Network World, Clear Channel Communications and NewsWeek.

 

Threats and Countermeasures for Cross Site Scripting

OWASP has ranked cross site scripting as the number one vulnerability against web applications today. This vulnerability can expose your customers to a number of threats including identity theft. This course will explain cross site scripting, will describe the different forms this vulnerability can take and will provide information to counter the vulnerability. This presentation will be beneficial for anyone who works for any company providing web applications to their customers. There will be a demonstration.

Blaine Wilson (Citi)

"Blaine Wilson has 14 years experience in information technology. He started as a consultant to the medical industry focused on network infrastructure, software development, and data exchange. In 2000, he joined a Dayton company to work on scaling and troubleshooting web applications for the automotive industry. In 2007, Mr. Wilson joined a large financial institution as an information security officer, where his role is to manage information security through the software development lifecycle."

 

Securnomics: Viewing security through a different lens

As with traditional economics, Securnomics studies how IT and InfoSec managers allocate the limited resources they have to combat the seemingly unlimited threats they face.

Apolonio Garcia (CAPC Group, LLC)

Apolonio Garcia is the President and CEO of CAPC Group, an IT Security consultancy located in Cincinnati, OH. Prior to starting CAPC Group in 2001, Apolonio held both technical and leadership roles in the private sector and in the US Navy.

 

Securing Identities and Information for the Enterprise: Strong Authentication and Network Shared Folder Encryption (Vendor Presentation)

This session will focus on multifactor user authentication technologies for identity protection and riskmanagement. We'll also discuss encryption solutions for network-shared datathat balance the need for employees to collaborate with the requirement toprevent data breaches. Entrust is an international leader in solutions thatsecure identities and information.

Debs Debs-Faouzi (Entrust and Horizon Systems)

Debs Debs-Faouzi is a leader in the encryption and certificate community. While at Entrust, Debs has played an integral part in developing and implementing public key infrastructure, strong authentication, secure messaging and encryption solutions for governments and enterprise organizations. As the Entrust Director of Engineers, Debs manages the US team of Security Engineers while still playing a key role in implementing Entrust’s solutions.

 

Using Cisco's Self Defending Network to provide Data Loss Protection (Vendor Presentation)

"It is every organization’s nightmare that confidential information such as health records, intellectual property, or social security numbers will get into the wrong hands. Whether it is e-mail, instant messaging, or a file transfer, it can easily happen with the press of a button. A great deal of attention is given to protecting sensitive data and electronic assets from outside threats, often overlooking an obvious security hole: the internal user.

Discussion topics

  • Potential risk areas within your environment
  • Considerations when architecting a DLP solution
  • Using technology to prevent security breaches via e-mail or Web traffic
  • How other CSOs are protecting their sensitive data

Art Martinez (Cisco Systems and CFA Networks)

Art Martinez, from Cisco Systems is a Security Product Sales Specialist. Art has been in the Information Technology industry for over 25 years and has worked at companies like Prime Computer, Unisys Corporation, Hewlett Packard, and others. Just prior to joining Cisco Systems in August of 2005, Art was employed by United Airlines for 12 years and was responsible for United Airlines’ Network Security Infrastructure.

 

Hiding Files in Alternate Data Streams

A demonstration of one of the ways attackers hide malware on your computer systems.

George Pauwels (New Horizons Computer Learning Center)

Mr. Pauwels has nearly twenty years of experience in the computer industry, eight as a technical instructor. He has been employed by New Horizons for almost one year. He currently holds the following technical certifications:CISSP, Certified Ethical Hacker, Security Plus, MCSE, MCSA, MCT, CCNA, CCENT.

 

I Know My Security Challenges, How Do I Take Action?

The hot topics in security are data encryption and data loss prevention (DLP).  At this presentation,  we will discuss how you incorporate these things into your security and compliance strategy, leverage technologies you already own, and make investments that provide a solid foundation to build on in the future.   Additionally, this presentation will discuss some products, key implementation considerations, and maximizing the impact of your technology investments.

Toby Penn (Forsythe Solutions Group)

Toby has over 18 years of industry experience as a technical professional, the last 10 in IT Security.  Before coming to Forsythe, he worked at the Washington State Department of Health and National City Bank.  Toby’s been in his current position for 3 years leveraging his experience and education to help customers take a strategic approach to security and compliance solutions.