Lee Waskevich – Leveraging Threat Intelligence to enhance Cyber Security Programs in Education
A new approach to operational security models is needed. Too much sensitive data is being lost or held for ransom and schools are being plagued by disruptions in service caused by amplified internet attacks. The most common security controls deployed by schools are often still letting malware onto users’ machines, or are not outfitted to detect and protect themselves from attacks that can take institutions offline and disrupt vital external communication. This session will focus on how the introduction and utilization of threat intelligence feeds and services can sharpen an organization’s security focus. We will learn how these sophisticated attacks bypass traditional defenses and how leveraging the ever growing data set of threat intelligence can help augment existing information security operations.
Dan Adams – How Enterprise Mobility Management Programs and Technology Can Support Security While Attaining a ROI with Mobile Applications and Content Collaboration
Moving into a hyperconnected world in which everything is computing, new business models and scenarios will emerge that challenge how organizations provide their employees with new secure tools for productivity and collaboration. This will drive a people-centric computing model, whereby the lines of whether a technology solution targets the enterprise or consumer won’t matter as much as technologies revolve around the problems people want to solve.
Organizations can derive maximum benefits from their investments in mobility initiatives while fully instituting and integrating new levels of mobile security. This session will review different strategies to accomplish this including:
– Return on Investment (ROI) methodologies for both security and application investments
– Data governance and Content Management programs that address value-add aspects of the data accuracy, accessibility and meeting regulations but also how the data and content can be stored, archived, backed up, and protected from mishaps, theft, or attack.
– Finally, how the ongoing deployment of Mobile Applications can be governed with cross-enterprise curation and targeting of productivity goals for different end user groups
Gerard Shockley – Cloud Security First at BU
The presentation will provide a glimpse into cloud security strategies unfolding at Boston University. Topics include an overview the Shared Security Model in use today by cloud service providers and how adaptation is occurring for current and future cloud deployments.
Renault Ross – The Key Capabilities of Today’s Cyber Bounty Hunter
This presentation will educate the audience on essential tools that every cyber warrior should have to identify, defend and respond to cyber thieves attempting to drill into their networks and systems.
Roy Wattanasin and Ming Chow – Computer Science’s Curricula Failure – What to do now?
We are still facing the same security vulnerabilities from over a decade ago. The problems are not going away anytime soon and a reason is because Computer Science curricula are still churning out students who are not even exposed to security. This talk will address the lack of emphasis on information security in Computer Science curricula, how CS curricula have an obligation, how to gradually fix the problem by integrating security into many Computer Science undergraduate and graduate classes, and success stories from students. This talk will also discuss what Tufts and Brandeis are currently working on to further address the security education problem by creating a joint cyber security and policy program that spans multiple departments. Additional points and feedback from the audience are encouraged to help with the issue.
Pat Cain – Finding Little Things In Big Data
Over the past few years I have been experimenting with different log collection systems with the goal to be one of: highly complex, easy to build, or cheap. The end result is to find something that is useful, can handle large amounts of data, but also searches very fast. This talk will introduce the technologies that we examined, talk about our research activities, and explain what is currently being used. A liberal dose of guidance and humor will be included lest you get the idea to implement any of this yourself.
Justin Pagano and Julian DeFronzo – Breaking Out of the Silo: The Need for Broad Security Automation
Information Security teams are trying to manage increasingly complex IT and cloud environments at their organizations while also keeping pace with an ever-changing threat landscape. At the same time, there’s a well-documented issue of unfilled security positions around the world.
For many teams this has inevitably led to security control gaps, operational failures, and, overall, insufficient security across virtually all industries.
A critical and necessary part of the solution to this problem for any organization is broad automation of disparate technologies and processes across the entire InfoSec lifecycle (protect > detect > remediate). There are a number of potential benefits of automating to this extent: more maintainable, auditable, maturable, predictable, and effective security programs.
In this presentation and the Q&A, the speakers will cover:
1. InfoSec programs’ current state of affairs with fragmented, siloed automation
2. Strategy for approaching broad security automation
3. Examples of broad automation, including some at Rapid7 (current and future state)