2016 Symposium Speakers

Three Rivers Information Security Symposium will be held on Friday, October 28, 2016.  In conjunction with Cyber Security Awareness Month, TRISS will be held at Robert Morris University from 8:00 am to 3:30 pm.

Morning Keynote

 Getting a Security Program from 0-60 by Omar Khwaja, VP & CISO at Highmark Inc. The evolution of the security program at Highmark Health is unquestionably a long-term undertaking, but in the course of the past couple years, the security organization has managed to address compliance, awareness, metrics, organizational culture and much more. But Highmark CISO Omar Khawaja recognizes that the betterment of a security posture — and the work of a security leader — is never done. Join this session to learn about the risks and advantages of taking an agile approach to security, and the challenges and opportunities for Highmark that wait just down the road.

Morning Speaker 1

Penetration test preparation that focuses your team to think like a hacker by David Kane, Managing Director and co-CEO at Ethical Intruder Ethical Intruder has been performing Ethical Hacking evaluations for seven years and typically we find that the same issues come up at almost every organization regardless of size or the maturity of their security program. The first impression you provide to a company performing a penetration test is very similar to the impression that a hacker would have when they are investigating if you are a good target for them to mount a deeper more sustained attack. So if a company can change that first impression, they may divert the attention of the pen tester or hacker and decrease their overall threatscape. The core issues we see at local charitable non-profits up to fortune 50 health care providers can be addressed fairly easily by following some basic guidelines and without having to buy new tools or spending extended amounts of time or money to achieve this more secure impression. The talk topic will cover several steps an organization can quickly change that first impression and make the hacker look maybe the other way. Stop focusing on the next tool or log when instead you can focus your teams’ perspective and behaviors to think like a hacker when they are protecting your core assets. The talk will cover a range of targets from external networks, web applications, internal networks, and physical corporate office spaces.

Morning Speaker 2

Mobile Security Threats: How Safe Is Our Data? by John Weingartner, Sarah Pfabe & Brendan Adams at RMU Top Secret Colonials Mobile phones have become ubiquitous within our society, and many would now consider them a necessity rather than a convenience. We are living in a world where people are staying connected via mobile technology more than ever before. Technology which was once only found on desktop computers can now be carried in the palm of our hands. The number of mobile devices, at the end of 2015, exceeded 7.9 billion users. This noticeable constant connection to our mobile devices is bringing to the forefront an area of concern in regard to security. The majority of vulnerabilities are caused by the user error and lack of understanding and training of the implications associated with using a mobile device. In order to protect our mobile devices, it is imperative that end users and can answer the following questions among others. What security mechanisms do we have in place to deal with mobile security threats? What are the biggest risks associated with mobile devices? How secure are the mobile apps? In order to be able to address the risk factors associated with mobile malware, it is imperative to first understand the threats [3]. Mobile devices are becoming a new target to gain user information, as mobile device security has not kept up with traditional computer security. Cyber criminals are beginning to attack mobile devices due to the lack of security measures in place. Such information includes email accounts, phone numbers, calendar information, network or login credentials, confidential notes or files, and contact lists to name a few. Mobile devices can be used on both secure and unsecure environments.

Afternoon Keynote

Fifth Generation CyberDefenses: Can We Win an Unfair Fight? by Ray Watson, VP of Global Technology at Masergy Cyber security has evolved through four major generations, and the recent DNC and NSA hacks are indicative that a fifth generation is now emerging. This presentation will discuss some of the challenges, advantages and pitfalls of fifth generation cyber security, including:  

• What is the history and evolution of the five generations of cyber defense and security?
• How can global enterprises possibly hope to defend themselves from Advanced Persistent Threats?
• What are some best practices for enterprises around security?
• How can CIO’s and CISO’s prepare their corporations to face the onslaught of new threats?
• What are four things that you can do right now to mitigate the damages potentially done to your organization?

Afternoon Speaker 1

How Litigation and E-Discovery Interrupt the Life Cycle of Data by Mike Joyce & Kevin Wiggins, attorneys at Saul Ewing, LLP This presentation is designed to be a primer for IT Security Professionals.  The speakers will first discuss one accepted model of the life cycle of data: create, grant access, process, analyze, preserve, re-use, and destroy.  The speakers will then discuss how litigation and e-discovery impact the different stages of that life cycle, including the duty to preserve, when the duty to preserve arises, security concerns over the preservation and production of data during discovery, and basic tips to ensure compliance with litigation-related mandates.  They will also discuss the application of the CIA triad to litigation and e-discovery. 

Afternoon Speaker 2

Threat Modeling and Risk Analysis for Developers and Testers by Matt Trevors at CERT@SEI/CMU Let’s face it, security is hard! Part of the reason why it’s hard is because sometimes we don’t address security concerns early enough in the development process, if at all. Identifying and prioritizing security gaps in a design can be mitigated through the use of threat modeling and risk analysis. In this talk I will show you how to use the OWASP Top 10, STRIDE threat modeling and OCTAVE Allegro risk analysis to generate meaningful design changes that will have a major impact on the security of your application or system.

Afternoon Speaker 3

Get Involved – InfoSec Careers by Rick Farina at Pwnie Express I am a very active member of the hacker community and through that I have built not only a strong career but a very impressive list of friends which I can rely on for personal and professional help.  I feel very strongly that being actively involved in security outside of normal work hours is critical to launching a successful career in infosec.  This is especially important for students who are trying to differentiate themselves from all the others in their graduating class to get not just high paying jobs but meaningful careers in their chosen field.]]>