OISC2010
   Ohio Information Security Conference

Home
Event
Agenda
Call For Papers
Conference Committee
Archives

Event Information and Registration:

Note:

  In addition to the keynote addresses and presentations, the O-ISC Conference will include three product demonstrations and two "Birds of a Feather" sessions.

Registration:

Registration Information can be found at this link.

Presentations:

Breakfast Keynote: Now They Own You

A fascinating look into system exploitation and attacks. In this presentation we will introduce the audience to the world of exploitation with live demonstrations of real world attacks against firewall, Antivirus solutions and more.

Moderated by Deral Heiland.

Deral Heiland CISSP, serves as a Senior Security Engineer for an IT company where he is responsible for security assessment and consulting for corporations and government agencies. In addition, Deral is the founder of Layered Defense Research and co-founder of Ohio Information Security Forum a not for profit organization that focuses on information security training and education. Deral has also presented at numerous conferences including ShmooCon, Defcon, AFCEA InfoTech, Ohio Digital Government Summit and University of Wisconsin lockdown conference. Deral has over 18 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst for a global Fortune 500 manufacturer where he was responsible for delivering security guidance and leadership in the area of threat and vulnerability management.

Luncheon Keynote: State of the Hack

Rohyt Belani, Intrepidus Group

  The security landscape has evolved significantly in the last couple of years. The typical hacker is no longer a teenage prankster, but more likely a member of organized crime or a government sponsored expert.

  How do these adversaries perform their reconnaissance? How to they break into government agencies and large corporations that have millions of dollars of shrink-wrapped technology protecting their systems?

Join me in answering some of these questions.
This presentation will include the following:
•Discussion of Internet-based reconnaissance techniques. How we used the same techniques to:
  ­Uncover the Chinese gymnast age scandal
  ­Pin point Gov. Schwarzenegger’s whereabouts
•Case study that will walk through a real world attack that was executed by international criminals to aid pump n’ dump stock scams
•Presentation of the results from a research study about human susceptibility to common cyber attacks
  ­How vulnerable are we as a corporate workforce?
  ­Are men more vulnerable than women?
  ­And more…

   Rohyt Belani is CEO and co-founder of the Intrepidus Group, and Adjunct Professor at Carnegie Mellon University . Prior to starting the Intrepidus Group, Mr. Belani has held the positions of Managing Director at Mandiant, Principal Consultant at Foundstone, and Researcher at the US-CERT. He is a contributing author for Osborne's Hack Notes – Network Security, as well as Addison Wesley's Extrusion Detection: Security Monitoring for Internal Intrusions.Mr. Belani is a regular speaker at various industry conferences including Black Hat, OWASP, ASIS, SecTOR, Hack in the Box, Infosec World, TechnoSecurity, CPM, ISSA meetings, and several forums catering to the FBI, US Secret Service, and US Military. He has written technical articles and columns for online publications like Securityfocus and SC magazine, and has been interviewed for CNBC, CNN, BBC, Fox News Forbes magazine, eWeek, ComputerWorld, TechNewsWorld, InformationWeek, Information Today, IndustryWeek, E-Commerce Times, SmartMoney, and Hacker Japan.

Mr. Belani holds a Bachelor of Engineering in Computer Engineering from Bombay University and a Master of Science in Information Networking from Carnegie Mellon University . He currently leads the OWASP Java Project a world-wide consortium of Java security experts and is also on the board of the Government Technology Research Alliance.

Business and Continuity Roles: Getting More Business Value from Identity Management

Kevin Kampman, Burton Group

In the perspective document “Roles and Business Continuity: A Fertile Exchange,” Burton Group explored the challenges of identity management, business continuity. The recent research identifies, based on conversations with senior business executives, how Identity Management and roles can best demonstrate business synchronization.

In this interactive discussion, Alice Kaltenmark, Reed Elservier Service Continuity Manager and Kevin Kampman, Burton Group Senior Analyst, will discuss how to effectively communicate the business calue of identity mamagement and business continuity planning to business management. They will address challenges such as attestation and compliance, privileges and entitlements, relationships and responsibilities, incident management, and identifying the overlap between people, business continuity, and strategic goals.

Kevin is an expert in information security, focusing on identity management issues. Recently he led a global architecture initiative for identity services that is transitioning to the Kantara Initiative. Kevin has developed identity, privacy, and governance research, and presents internationally on identity and security topics.

Alice is a nationally recognized expert in business continuity with a focus on disaster recovery. Alice has delivered several presentations at various continuity professional group regional group meetings, keynote presentations and general session presentations at regional data center and security conferences.

Data Leakage in the Enterprise

Jigar Kadakia, Deloitte & Touche

With the advent of mobile technologies that collect, store, use, and transfer data, companies are facing new challenges in the protecting sensitive electronic data from leaking from the organization. The changing landscape and the increased regulatory requirements have changed the way companies protect sensitive data. We will discuss different approaches and methods to prevent data leakage from the Enterprise.

Jigar is a Senior Manager with Deloitte with more than 11 years of security and privacy experience focusing on Privacy and Data Protection. Jigar has presented on privacy related topics throughout the Midwestern area. Jigar is a Certified Information Privacy Professional (CIPP) and a member of the International Association of Privacy Professionals (IAPP). He also is a Certified Information System Security Professional (CISSP) and a member of ISC2. Jigar earned a B.S. Chemical Engineering with Honors from University of Cincinnati and an MBA from Xavier University.

Responding to Potential Litigation: Dealing with Search/Seizure Laws and Rules of Evidence

Jeff Gilcher, Reynolds & Reynolds

With changing technology, new rulings are handed down that affect how you search, collect, store and present evidence. Knowing how search and seizure laws, as well as rules of evidence, affect you will help if an investigation goes to court.

Jeff Gilcher has been in law enforcement and IT for 15 years with the last year in information security. During this time, he has attained his CCNA, CCSP and CEH certifications as well as being a computer forensics examiner.

Attacking Enterprise Wireless Networks

Matt Neely, SecureState

This presentation covers different attacks that can be leveraged against wireless networks using Enterprise (802.1x) authentication. Attendees will learn about and see demonstrations of these attacks, many of which can be used to reveal the credentials used to join the wireless network. The presentation concludes with recommendations on how to defend against these attacks.

Matt Neely (CISSP, CTGA, GCIH and GCWN) is the Profiling Team Manager at SecureState, a Cleveland Ohio based security consulting company. At SecureState, Matt and his team perform traditional penetration tests, physical penetration tests, web application security reviews and wireless security assessments. His research interests include the convergence of physical and logical security, cryptography and all things wireless. Matt is also a host on the Security Justice podcast.

Risk Analytics: How Organizations Should Evaluate Evolving Risks and Threats

Hicham Chahine, Crowe Horwath, LLP

The presentation will address the approach to risk analysis and threat analysis in a pragmatic fashion. The goal being to articulate what has been seen as successful approaches to the interpretation of risks and threats to an organization and the impact on the integrity of its operational functions. Generic examples observed by Crowe professionals will be shared and discussed.

Hicham Chahine has over 22 years of experience in Information Technology. He was responsible for the data processing and accounting divisions for the Stouffer Hotels & Resorts property in Houston, TX. Prior to joining Crowe Horwath, he was a Financial Institutions Examiner at the Department of Commerce specializing in the Information Technology area. Mr. Chahine currently is involved in all aspects of information systems reviews, including Third Party Financial Service Center Audits, supervising and working with staff to perform detailed general applications and security reviews, working with clients to establish internal audit programs relative to all Information Systems Activities, and working with public organizations to help them establish and validate their IT key controls to meet Sox requirements.

If You Thought H1N1 was bad …

Dave Russell, CDW

If Conficker has taught us anything, it is that widespread, enterprise-trashing malware outbreaks can still happen, though there is typically a lot of confusion as to why. "But I run antivirus!" "We use a proxy to the Internet!" "Our firewall rules are ultra-restrictive!" Yet last year was the busiest year I can remember in terms of responding to malware outbreaks; this despite the plethora of products that purport to make us safe.

This presentation will focus on what you can do should you find yourself on the receiving end of one of these charming programs. The suggestions provided are not universal, of course, but experience has shown these techniques to be highly valuable. There will be a discussion of contributing factors, what can be done to minimize damage and help cleanup, as well as steps that can be taken to reduce the likelihood of something similar in the future. Real-world examples will be cited, though names have been changed for fear of triggering a post-traumatic stress response in the affected individuals.

Dave Russell (CISSP, CSSLP) is a senior security engineer with CDW, and a former application developer. He has created several open-source tools widely used in the security community, and sometimes even manages to update them. His focus is primarily application security these days, and has given presentations to a variety of customers on application security topics. He has experience disassembling malware and reverse engineering all manner of code as well. When he's not head-down in front of a computer, you may find him slaving over a hot pot of boiling wort in an attempt to craft the perfect homemade beer.

Management for Dynamic Infrastructure

Jeff Laskowski, IBM

Discuss the modern day challenges of identity management such as cloud computing, mobile employees, and so on. Discuss agile approaches to implementing identity management. Discuss the need for modern role based access control policies and automating separation of duty policies. Finally, the need for self-service and other identity management concerns.

Jeff Laskowski a Senior IT Specialist with IBM's Software group, author of Agile IT Security Implementation Methodologies, and freelance author for IBM Developer Works. He brings almost 15 years of IT experience with a strong focus on Security. During his tenure Jeff was a principal consultant with Compuware for application security enabling businesses across the globe to proactively integrate effective security practices into their software life cycles and security practices. Jeff joined the IBM team in 2006 as the Lead Engineer for the Great Lakes Business Unit.

Symantec Report on Rogue Security Software

Jeff Warson, Symantec Corporation

New ways to conduct Internet fraud continue to be unleashed on the unsuspecting public. One of the growing trends is the use of misleading software programs. The Symantec Report on Rogue Security Software is an in-depth analysis of rogue security software programs and how they affect users. The report includes an overview of these programs, how they work, their risk implications, various distribution methods and innovative attack vectors.

Jeff Warson has been in the IT field for over 20 years since his graduation from Ferris State University in 1990 (B.S Finance and B.S. Insurance with a minor in Computer Science).
During that 20 years Jeff has primarily served as a network and security architect designing and implementing solutions for large enterprises. During the last 5 years within Symantec Jeff’s primary role has revolved around security, disaster recovery and business continuity solutions for large enterprises, where he has lead the financial and health care verticals within the Great Lakes Area (MI, OH, KY,PA).

Jeff currently serves as the Principal Security Strategist for Symantec’s Great Lakes Area, where is responsible for presenting Symantec’s security strategy and vision to it’s customers.

Jeff is a frequent public speaker for both Symantec customer events and also security industry events.

Event Registration:

  Registering for the event can be done at Technology First's website:  http://www.technologyfirst.org/events.html?view=event&did=5