8:00 AM
Registration & Breakfast
8:30 AM
Introductions & Kick-off
9:00 AM
Modern Security Strategy using Zero Trust
James Ringold
A discussion of the foundation and architectural components of a zero-trust architecture. We will talk about the journey we are all on with Zero Trust, including a review of the Zero Trust Maturity Model and strategies to approach zero trust even if all of the pieces are not in place. A pragmatic approach allows any organization to begin to enhance security, including approaching the program and recommendations for beginning and maturing zero trust initiatives at all stages.
10:00 AM
Break
10:15 AM
Why Security Scanners Fail and What You Can Do About It
Brad Dixon
Why Security Scanners Fail and What You Can Do About It Brad Dixon Engineering teams turn to security scanners to test applications for common security issues in an attempt to shift security “left”. Not every security scanner works the same and in this technical and vendor neutral talk I will discuss the types of security bugs that can sneak past security scanners. You will learn why scanners can fail to find real security bugs and what can be done about it.
Striking the Balance: Measuring and Managing the Complexity of Cyber Environments
Brett Tucker
Given the continuous flux of cyber environments, let alone the tactics and techniques of threat actors, organizations struggle to make timely risk based decisions in the selection of control strategies. At times, some controls can inhibit the performance of an organization by adding complexity to the environment (e.g., new training needed, configuration challenges, and technical debt). This presentation proposes and explores a novel means to measure cyber environment complexity. By measuring complexity of any given network, organizations can gain appreciation for the benefits and challenges each layer of defense adds to a security stack. This presentation will define "Cyber Complexity" in terms of technical debt, interfaces, and organizational capability. Each of these elements will also be decomposed and examined for possible means of quantification. The audience will gain a better appreciation for risk based decision and the demonstrable need for better measurement of cyber environments to driver those decisions.
11:15 AM
Adversarial Machine Learning
Dan Klinedinst
The rapid adoption of machine learning has opened numerous new attack vectors for adversaries. This presentation will provide an overview of attacks that seek to subvert or take advantage of machine learning techniques. Specifically, we'll cover data tainting, model theft, generative adversarial networks, and the use of deep reinforcement learning to identify potential attack vectors. This talk will provide tools for security practitioners to perform threat modeling and risk analysis of artificially intelligent systems.
Assessing Adversarial Cyber Activity in Operational Technology Environments Using Bayesian Networks
Lee Maccarone
Critical infrastructure and other operational technology (OT) environments face increasing cybersecurity risks from adversarial behavior. The Cybersecurity for the Operational Technology Environment (CyOTE) program seeks to enable asset owners and operators (AOOs) to secure their OT environments. The cornerstones of the CyOTE methodology are the perception of observable cyber-events and the comprehension of these observables in broad context including people, processes, and technologies. By applying the cycle of perception and comprehension to anomalous observables in the OT environment, AOOs can better identify adversary behavior and reduce the likelihood of impact. This research defines a risk-based approach to enhance comprehension of observables and artifacts. Observables are reported in open-source reporting whereas artifacts are potentially observable events that were not reported, but likely occurred based upon digital forensic expertise. The approach leverages the MITRE ATT&CK® for Industrial Control Systems (ICS) framework as a common lexicon for describing potential adversary behavior in the OT environment. As the adversary utilizes techniques and generates observables, the Bayesian network is used to calculate the probability of adversarial behavior. Opportunities for improved comprehension of MITRE ATT&CK® for ICS techniques are also identified through analysis of each technique’s observables and artifacts. This approach is demonstrated using a historical case study of a cyber-attack affecting an OT system.
12:15 PM
Lunch
1:00 PM
IaC Security
Jon Zeolla
Let's talk through the progression of Infrastructure as Code (IaC) in a company that has embraced cloud native practices, and how you can quickly get to the point of having many modular repos, all independently versioned and maintained, while being leveraged by other IaC. Then I will discuss how you can add security into these in a way that respects your development/SRE teams. Allowing teams to manage and configure their tools independently and in a distributed manner, while still having centralized visibility (through logs and metrics extracted from their pipelines, with associated dashboards and SLA/O/Is) and the ability to quickly deploy new IaC-specific security policies. We will also discuss a reasonable onramp – ensuring that teams don't need to triage piles of findings only to discover that most of them are false positives or low-priority noise. This will include a discussion of a real world roll-out, and a method that was developed to add passive security scans into existing IaC pipelines with no changes other than running the existing commands (terraform, ansible, etc.) inside of a new docker container.
Stay brave – How does a non-technical technologist start a cybersecurity adventure?
Hsin Li (Cindy) Kan
Do you want to enter a fascinating cybersecurity career? Wondering how to leverage your past experience in the cybersecurity world? Cindy, with 5-year experience in a Big Four accounting firm, big data startup, and a Fortune 500 company focused on IoT devices and mobile phones in Asia, will share her stories on how she transferred from pure business background to information security. Hope you will be inspired!
2:00 PM
CMMC: A Significant Hurdle for Small Businesses
Nathan Cross
After years of seeing its supply chain get pummeled by cyberattacks and sensitive information lost to foreign adversaries, the Department of Defense (DoD) is taking action. With the up-and-coming Cybersecurity Maturity Model Certification (CMMC), DoD contractors and subcontractors will be required to implement a robust set of cybersecurity safeguards in order to protect the DoD information they handle. Unfortunately, CMMC is presenting serious challenges for small businesses, as for some, the costs to becoming compliant outweigh the benefits to doing business with the Federal Government. Can small businesses overcome the burdensome CMMC requirements and remain part of the nation’s most important supply chain, or will they be forced out?
What can we do to have more career-ready cybersecurity workforce?
Ahmed Ibrahim
Are we preparing enough individuals to join the cybersecurity industry? Are we bringing more people to cybersecurity or pushing people away? What can we do to enable interested individuals to join the cybersecurity workforce and stay in it? This is a roundtable discussion for industry and academia to investigate ways of collaboration to create paths that can make a positive impact on the number of individuals joining the cybersecurity workforce. The discussion will include (but is not limited to) job ads, current successes, as well as investigating training programs that balance theory, hands-on, and practical experiences to produce individuals "ready" to join the workforce.
3:00 PM
Break
3:15 PM
Does a Cyclops Blink, or Wink? The Takedown of a Russian GRU
Mackenzie Monarko
In March 2022, the U.S. Justice Department announced a court-authorized disruption of the Cyclops Blink botnet controlled by Russian Military Intelligence. This disruption operation was accomplished through extensive private sector coordination, and by a remote technical means via a custom implemented FBI toolset.
Addressing TSA Pipeline Directives: Best Practices Learned from the Electric Sector
David Carmona
The Colonial Pipeline is still very fresh in our memories. It carried extreme disruptions to operations across a good portion of the eastern United States and was a pivotal moment in regulators stepping up the attempts to further increase the security postures for all pipeline owners and operators. With the recent release of the latest TSA Security Directives for all Pipeline Owners and Operators, a close look should be taken to understand, not just how to minimally comply with these directives, but how to create a program that can be enhanced to meet changing requirements, and ultimately further increase cyber resiliency. By taking a look at electric utilities and how the North American Electric Reliability Corporation (i.e. NERC - the regulatory body in charge of making sure security directives and compliance are being followed by the electric utilities) has evolved it's directives we can begin to anticipate similar requirements changing and evolving as TSA grows these directives to facilitate maturity in this sector. Not only will we be taking a closer look at the TSA directives, but we will do a deep dive into best practices and lessons learned from the electric sector to help Pipeline Owners and Operators with building out their compliances programs, anticipating additional directives, perform detailed self assessment, and building a robust, resilient, and more mature cybersecurity program.