skip to Main Content






Attention to individual disruptors in an era of technological evolution is vital to the success of every business and nonprofit. As complex issues are systematically improved, fusing individual solutions in the areas of policy, security, budgeting, governance and management to create a holistic organizational compass is critical. 
This event will provide CIOs, CTOs, CISOs, analysts, and networking and IT professionals a blueprint to build cross-departmental and industry-wide security keystones to optimize resources and maintain a robust security posture. 

John Verboncoeur

Associate Dean for Research, College of Engineering Professor, Electrical and Computer Engineering Professor, Computational Mathematics, Science, and Engineering, Michigan State University


Scott Lathrop

Ph.D., CISSP of Cyber and Secure Autonomy, Soartech


Opening Remarks
Dr. Joe Adams, Pierrette Dagg
Vice President Research & Cybersecurity; Director of Marketing and Communications, Merit Network

KEYNOTE PRESENTATION: The Convergence of AI and Cybersecurity: Where are we going?
Scott Lathrop
Ph.D., CISSP of Cyber and Secure Autonomy, Soartech


Phishing for Shells: Reducing the Attack Surface

Read Abstract

DDEs, HTAs, Macros- Windows is plagued with different ways to execute code through attachments and Microsoft ‘features’. This talk dives into different techniques used from a red team perspective to execute command and control payloads through phishing campaigns, all while bypassing the latest ‘Next-Gen AV’ solutions. Then, with an understanding of the techniques, we will discuss how organizations can reduce their overall phishing attack surface through smart configuration changes.

Aaron Herdon
Security Consultant – Penetration Tester, Rapid7

Capture The Flag Unplugged

Read Abstract

Capture the Flag competitions give participants the opportunity to gain experience in securing a machine, conducting research and reacting to cyber attacks that can be found in the real world. This “unplugged” version developed by the NSA and NSF is designed to help non cybersecurity experts understand the concepts behind Capture the Flag security exercises. Test your reconnaissance skills, forensic abilities, code breaking and more in this interactive activity.

Zak Montville
Senior Manager of Cyber Range Development, Merit Network

CIS Critical Security Controls – Security for Compliance vs. Compliance for Security

Read Abstract

Attendees will learn how to dispel the “Fog of More” by implementing an effective cybersecurity improvement program using a concise, prioritized set of cyber practices. These were derived from the CIS Controls that will set out the core, foundational steps a CISO can take to get the most out of their security value and stop real-world attacks.

Anthony Rodgers
Service Manager for Enterprise Data Management, State of Michigan DTMB

SPONSOR PRESENTATION: Millenia Technologies
Millenia Technologies

Merit CISO Presentation
Kevin Hayes

Live Takedown -Hacking A Site in Real Time

Read Abstract

Hacking a WordPress or Drupal website live! This will replicate a real attack with the presenter narrating the actions and explaining the thought behind each step. Take away the knowledge of how to protect your own environment.

Michael Hess
Solution Architect Lead and Adjunct Lecturer in Information, University of Michigan

Disruptive Academic Collaboration to Meet Business and Nonprofit Cybersecurity Needs

Read Abstract

Universities have long been known for their “ivory towers” or “silos.” In contrast, we will present how faculty from two different disciplines worked with three colleges to deliver a professional Information Security graduate certificate, Master’s program, and are currently planning a bachelor’s program, all delivered online.

We will outline our framework for the graduate programs, an ABET accredited B.S. in Information Security, and our partnership with Merit to offer professional certifications. Our approach takes the Merit materials and infuses them with additional components so that students not only can pass the exams but also understand how they should approach various information security challenges.

Most important to the discussion is feedback from industry so that we may continue to improve our offerings. We will solicit feedback both during and after our presentation, welcoming suggestions so that our degrees and programs can best meet Michigan’s organizations’ cybersecurity needs.

Dr. Alan Rea, Professor; Jason Eric Johnson, Faculty Specialist
Dept. of Business Information Systems, Haworth College of Business; Dept. of Computer Science, College of Engineering and Applied Sciences, Western Michigan University

Carbon Black

Keynote Presentation
John P. Verboncoeur
Associate Dean for Research, College of Engineering
Professor, Electrical and Computer Engineering
Professor, Computational Mathematics, Science, and Engineering, Michigan State University

Sarah Tennant, Cyndi Millns
Professor of Business Systems, Haworth College of Business;Professional Faculty-Cybersecurity, Washtenaw Community College

Hacking and Protecting IoT Devices

Read Abstract

Code is now running on just about everything. Threats from around the world, would like to damage our data, reputation, finances, and more. As such, we need to be as secure as possible. There’s lots of arrows to that quiver. One of them is application security. But more broadly we need to look at the whole product and ecosystem. We need to find security bugs in the products and systems we build, before bad actors do. In this presentation, cyber expert, Dr. DeMott, will walk us through the process of how developers and security pros should be conducting product pentests. In particular, DeMott will guide us through the tools and techniques VDA engineers used to quickly find multiple zero-day vulnerabilities in a common IoT device.

Dr. Jared DeMott
Founder, VDA Labs

Who is Helping the Cybercrime Victims?

Read Abstract

The impact of cybercrime on the economy, personal lives and our critical infrastructure is growing exponentially each year. Loss estimates are in the trillions worldwide. Two questions are not being address on a national level in the US. Where does a consumer or small business call to report a crime and get help? And, what coordinated resources are available from federal, state and local law enforcement and consumer protection agencies? The Cybercrime Support Network is providing a voice for the victims and building a national program to improve victim services and response for consumers and small businesses.

Kristin Judge
CEO/Founder, Cybercrime Support Network



MITN: Cheap and Easy Implementations for Actionable Threat Intelligence

Read Abstract

It is easy to download lists of bad IP addresses or bad domain names, but how can a resource-constrained IT security team make effective use of the data? We will discuss how the University of Michigan has implemented “Michigan Intelligence for Threat Negation” (MITN), A framework for consuming, generating, sharing, and using threat intelligence. We will demonstrate the value of generating local threat intelligence data with “Modern Honey Net” (MHN) honeypots and log data from systems & security devices, and how this has amplified the value of existing security protections for U-M IT infrastructure as well as providing value to peer institutions across the Big Ten.

Session participants will walk away from the talk with knowledge how to:

– Use threat intelligence to improve your organizational security posture

– Identify cost-effective ways to use threat intelligence in existing security systems

– Share threat intelligence with peers in an automated way


Matt Coons, Kevin Cheek
Incident Responder and Threat Analyst, University of Michigan

Go Fast, Stay Secure – Security For Public Schools

Read Abstract

Maintaining holistic cloud security and compliance isn’t easy. If you thought it was just you…it’s not.

Organizations around the world struggle with implementing the various aspects of cloud security, such as threat detection, misconfiguration management and risk remediation, all while complying with industry standards., now part of Palo Alto Networks, adds functionality and flexibility to your cloud security capabilities, allow you to easily:

Accelerate cloud adoption while maintaining security
Avoid common cloud security roadblocks
Protect and segment cloud workloads
Securely adopt a cloud-native DevOps model


Greg Kreiling
Named Account Manager – SLED, Palo Alto Networks

Closing Remarks
Dr. Joe Adams, Pierrette Dagg
Vice President Research & Cybersecurity; Director of Marketing and Communications, Merit Network



CarbonBlack Logo Primary Black  PRINT
Millennia Logo
Carahsoft Logo
WesternMichiganstack Gold Black
Acess Interactive HiRes
5a8ab84154ea7a000146cda3 Logo Large P 500


Amerinet Logo 1

We live in a time of disruptive technology, constant connectivity, and information overload. Managers, technicians, and analysts have to address the impacts of these influences on their organizations, their employees, and their business information. Security Summit, powered by the Michigan Cyber Range, is the place to learn from subject matter experts, share experiences and network with peers and other professionals. Join us on November 13, 2018 at the Henry!