Archives: Seminar

How to Keep Social Engineers from Choo-Choo-ing Through Your Defenses

  Presented by Karla Carter • Associate Professor; College of Science & Technology, Bellevue University

Social engineering will be a cybersecurity threat as long as we have people (as opposed to Skynet) making decisions. The human, as opposed to the machine, is the preferred platform for the social engineer to conduct their nefarious plans to derail your business. Come learn how to spot the signal flags of the social engineer, train yourself how to not get railroaded into a breach and put the brakes on confusion and delay.

Karla Carter is an associate professor in the College of Science and Technology at Bellevue University, in Bellevue, NE. Drawing on more years than she should be admitting of information technology experience, she teaches cybersecurity, information technology ethics, and general information technology and history/civics courses. In addition to being Vice Chair for the Nebraska Chapter of the IEEE Computer Society, Chair of ACM SIGCAS, and a member of the ACM Committee on Professional Ethics (COPE), she is curious, intense, and irreverent, and cannot resist puns.

ComPriSec: The Combining of Compliance, Privacy and Security Is the New Normal

  Moderated by INTERFACE Advisory Council

Many Compliance, Privacy and Security Professional’s are struggling to find their role in the ecosystem. They wear many hats, often in conflict with each other. Compounded by executives trying to find the right staffing level for these roles without fully understanding what they do. As compliance and privacy get more visibility, organizations are facing new challenges. This panel will discuss the complications companies face defining the separation of duties between compliance, privacy and security. What is the difference between them and why. When security will not do it then compliance becomes the catch all, is that appropriate? This panel of security, compliance and privacy experts will give you guidance to address these issues for companies of all sizes along with other common issues that compliance, privacy and security professionals are now facing.

Moderator:

  • Ron Woerner • Information Security Professor, Bellevue University

Panelists:

  • Lisa McKee • CEO, Securikee Dr
  • Rob LaMagna-Reiter • CISO, First National Technology Solutions
  • Warren Fish • Principal Consultant

Administering Responsibly

  Presented by Quest Software

Managing elevated and shared access credentials is one of the biggest challenges facing complex heterogeneous organizations today. Administrators must be able to access the systems they manage with sufficient rights to do their jobs, but organizations must control that access to ensure security and regulatory compliance. The days of administrators sharing accounts and passwords and operating without auditing are gone (or they should be).

Large enterprises face unique challenges. They too must control the use of elevated privileges, but they need to find ways to enhance authentication for these accounts to meet mandates while still enabling administrators to administer. Even with multifactor authentication to “check out” a privileged account or session, we still need to take steps to mitigate potential account compromises – making sure the admin that authenticated today is still who they say they are. We’ve come to the point where we need to continuously analyze administration by watching normal behavior and comparing it to current behavior – with real-time in-line remediation to add a powerful layer of risk mitigation.

Cloudy with a Chance of Breach

  Presented by Check Point Software

As organizations implement their cloud adoption strategy, there are several factors that will either ensure success, or lead to undesirable outcomes. This session explores the opportunities and pitfalls of moving to the could by examining the threats and responsibilities that a cloud presence incurs. Through examination of actual threat surface, and cautionary tales from the real world, we will understand the factors that we need to consider when building a cloud adoption strategy.

7 Simple Steps to Cut Your Security Risk

  Presented by Matt Morton • Board Member, NEbraskaCERT

Ever wonder why we rarely reach our security goals? In this presentation we will go over and identify the key steps to get operationally secure so that:

  • Risk is reduced
  • Security of your assets is improved
  • Cost is optimized
  • Value is measured
  • Results are communicated

This workshop not only outlines these steps but identifies key resources that are either free or low cost that can assist you in getting to your security program goals.

Easiest Catch: Don’t Be Another Fish in the Dark ‘Net

  Presented by Mark Lanterman • Chief Technology Officer for Computer Forensic Systems

You’ve read the headlines. Unfortunately, the question now is not if
your information is going to be accessed or stolen, but when. To inform
the attendees of current developments in the digital underground as
well as provide realistic advice for cyber protection, Mark Lanterman
will be discussing recent high-profile cybercrime events, including
website breaches impacting courts, law firms, and government
agencies. Mark will discuss particularly dangerous types of threats that
might affect individuals involving the Dark Web, the Internet of Things,
phishing, and Wi-Fi attacks; additionally, Mark will demonstrate the
value of leveraging digital evidence and ESI in the courtroom.

Be Agile or Be Slow! Agile Transformation Experience

  Presented by Riaz Yusuff • CIO, Office of HR, University of Minnesota

The IT team in the Office of HR at the University of Minnesota has transformed from waterfall to Agile scrum methodology. While the transition went smoother than expected, it also brought some good lessons to light.

This presentation will cover the background and motivation behind the transition into Agile, key lessons learned, metrics on the outcome and best practice suggestions.

Information Technology and Cybersecurity Certifications Road Map

  Presented by Bob Weiss • CEO, WyzCo Group, Inc.

Are certifications worth it? Do they help with professional advancement and employment opportunities? This presentation looks at some pf the popular certification tracks, including those with a cybersecurity focus. The presenter will discuss the best ways to prepare for a certification exam, and how to keep certification in force using continuing education credits.

How an Information Security Controls Assurance Program Adds Value to an Organization

  Presented by Steve Means • Director IT, Information Security GRC

Today’s organizations face heightened state, federal and international regulatory expectations. Increasingly, internal and external stakeholders are requiring greater assurance that IT controls are designed and operating effectively to meet regulatory demands and reduce their risk. This session will share one Information Security team’s journey to establish and enhance their controls assurance program to increase value to the organization.

Supersize Your Security Teams

  Presented by Rohit Tandon • Deputy CISO, State of Minnesota

Security teams are over worked and have long lead times for work submitted to provide security guidance. No matter how hard the security team works, they continue to stay buried under a mountain of work. The team is a victim of its own success: the better work they do, the more demand there is for their time. This magnifies the problem by negatively impacting lead time and potentially could reduce the quality. Rohit will discuss how you can supersize your security team within your organization on the same budget. The approach will help your small and underfunded security teams avoid burnout and achieve the mission of securing the organization.

Rohit Tandon is the Deputy Chief Information Security Officer of the State of Minnesota. Rohit has 15 years of information security industry experience in both the public and private sector. Rohit has worked for Mayo Clinic Rochester to build secure systems for Electronic Health Records and championed Medical Device security. Before he joined the State of Minnesota to protect his fellow Minnesotan’s data, Rohit served as the Information Security leader at Strategic Education Inc (SEI) where he merged the information security departments of Capella Education Company and Strayer Education, Inc. into a combined post-merger organization.

Rohit received his Bachelor of Science in Computer Science from Winona State University and completed his Master of Business Administration from University of Minnesota. He is also an adjunct instructor for the past eight years at Metropolitan State University where he enjoys sharing his knowledge to build the nation’s future cyber workforce.