skip to Main Content

2018

SECURITY SUMMIT

JOIN THE COMMUNITY

SECURITY SUMMIT 2018: CONVERGENCE

POWERED BY THE MICHIGAN CYBER RANGE

Attention to individual disruptors in an era of technological evolution is vital to the success of every business and nonprofit. As complex issues are systematically improved, fusing individual solutions in the areas of policy, security, budgeting, governance and management to create a holistic organizational compass is critical. 
 
This event will provide CIOs, CTOs, CISOs, analysts, and networking and IT professionals a blueprint to build cross-departmental and industry-wide security keystones to optimize resources and maintain a robust security posture. 
KEYNOTE SPEAKERS
_Keynote_JohnVerboncoeur2

John Verboncoeur

Associate Dean for Research, College of Engineering Professor, Electrical and Computer Engineering Professor, Computational Mathematics, Science, and Engineering, Michigan State University

_Keynote_ScottLathrop

Scott Lathrop

Ph.D., CISSP of Cyber and Secure Autonomy, Soartech

KEYNOTE AND SUMMIT AGENDA
Time
Title
Presenter
Organization

8:45-9:00am
Opening Remarks
Joseph Sawasky, Dr. Joe Adams, Pierrette Dagg
President & CEO,Vice President Research & Cybersecurity; Director of Marketing and Communications, Merit Network

9:00-9:45am

KEYNOTE PRESENTATION: The Convergence of AI and Cybersecurity: Where are we going?

Read Abstract

Cybersecurity is poised to take advantage of recent advances in Artificial Intelligence (AI); there are mountains of data, growing attack surfaces, and a demand for continuous security coupled with a severe IT workforce shortage. So why hasn’t there been the surge of AI thinking in cybersecurity as there has been in image recognition, speech recognition, finance, and driver-less cars? Or has there been and we simply don’t recognize it amongst all the hype? My talk will explore the current state of AI and its applicability to cybersecurity. We will cover what AI is, what AI is not, what are the challenges of AI in cybersecurity, and what is considered state-of-the-art. My goal is that you walk away with an understanding and appreciation of AI and its current and future application to cyber-related problems.

Scott Lathrop
Ph.D., CISSP of Cyber and Secure Autonomy, Soartech

10:00-10:50am

Phishing for Shells: Reducing the Attack Surface

Read Abstract

DDEs, HTAs, Macros- Windows is plagued with different ways to execute code through attachments and Microsoft ‘features’. This talk dives into different techniques used from a red team perspective to execute command and control payloads through phishing campaigns, all while bypassing the latest ‘Next-Gen AV’ solutions. Then, with an understanding of the techniques, we will discuss how organizations can reduce their overall phishing attack surface through smart configuration changes.

Aaron Herdon
Security Consultant – Penetration Tester, Rapid7

Capture The Flag Unplugged

Read Abstract

Capture the Flag competitions give participants the opportunity to gain experience in securing a machine, conducting research and reacting to cyber attacks that can be found in the real world. This “unplugged” version developed by the NSA and NSF is designed to help non cybersecurity experts understand the concepts behind Capture the Flag security exercises. Test your reconnaissance skills, forensic abilities, code breaking and more in this interactive activity.

Zak Montville, Pierrette Dagg
Senior Manager of Cyber Range Development, Director of Marketing and Communications, Merit Network

CIS Critical Security Controls – Security for Compliance vs. Compliance for Security

Read Abstract

Attendees will learn how to dispel the “Fog of More” by implementing an effective cybersecurity improvement program using a concise, prioritized set of cyber practices. These were derived from the CIS Controls that will set out the core, foundational steps a CISO can take to get the most out of their security value and stop real-world attacks.

Anthony Rodgers
Service Manager for Enterprise Data Management, State of Michigan DTMB

Cybersecurity Invisible and Visible Attack Vectors
Jason Miller
CEO, BitLyft

10:50-11:05am
Snack Break
Snack Sponsor: Western Michigan University

11:05-11:55am
Be An InfoSec Rock Star: Implementing Basic CIS Controls Cheaply, Quickly, and Effectively
Kevin Hayes
Chief Information Security Officer, Merit Network

Live Takedown -Hacking A Site in Real Time

Read Abstract

Hacking a WordPress or Drupal website live! This will replicate a real attack with the presenter narrating the actions and explaining the thought behind each step. Take away the knowledge of how to protect your own environment.

Michael Hess
Solution Architect Lead and Adjunct Lecturer in Information, University of Michigan

Disruptive Academic Collaboration to Meet Business and Nonprofit Cybersecurity Needs

Read Abstract

Universities have long been known for their “ivory towers” or “silos.” In contrast, we will present how faculty from two different disciplines worked with three colleges to deliver a professional Information Security graduate certificate, Master’s program, and are currently planning a bachelor’s program, all delivered online.

We will outline our framework for the graduate programs, an ABET accredited B.S. in Information Security, and our partnership with Merit to offer professional certifications. Our approach takes the Merit materials and infuses them with additional components so that students not only can pass the exams but also understand how they should approach various information security challenges.

Most important to the discussion is feedback from industry so that we may continue to improve our offerings. We will solicit feedback both during and after our presentation, welcoming suggestions so that our degrees and programs can best meet Michigan’s organizations’ cybersecurity needs.

Dr. Alan Rea, Professor; Jason Eric Johnson, Faculty Specialist
Dept. of Business Information Systems, Haworth College of Business; Dept. of Computer Science, College of Engineering and Applied Sciences, Western Michigan University

SPONSOR PRESENTATION: Proofpoint Panel Discussion/Q&A with Cybersecurity Experts

Read Abstract

Bring your recent security sightings, experiences, and questions to a panel and audience led discussion with some of the top technical minds in cybersecurity. Fundamentally, the threat landscape has evolved from network based attacks to financially motivated / socially engineered techniques that your faculty and staff, students, alumni, and donors are all struggling to remain protected against. With your experiences and insight, this panel intends to shed light on some industry best practices your organization can work towards implementing to secure important communication channels, such as email, SaaS applications, and social media. If compromised accounts, lookalike domains, ransomware, credential phishing, or business email compromise are challenges or concerns your organization faces, this session is for you. We invite you to join our panel of experts to discuss the current threat landscape and debate best practices that will help us all remain more secured in the Merit community.

Curtis Wray, Dave Kitt, Stephen Verrilli
Sr. Cybersecurity Engineering Manager, Americas, Sr. Cybersecurity Engineer, SLED, Sr. Cybersecurity Engineering Manager, Proofpoint

12:00-12:30pm
Lunch

12:30-1:15pm
SmartAg: Technology Applied to the Agrofood Supply Chain – From Soil to Table
John P. Verboncoeur
Associate Dean for Research, College of Engineering
Professor, Electrical and Computer Engineering
Professor, Computational Mathematics, Science, and Engineering, Michigan State University

1:25-2:10pm
Cybersecurity: A Team Sport
Sarah Tennant, Cyndi Millns, Pierrette Dagg
Strategic Advisor – Cyber Initiatives, MEDC; Lead Cybersecurity Faculty, Washtenaw Community College; Director of Marketing and Communications, Merit Network

Hacking and Protecting IoT Devices

Read Abstract

Code is now running on just about everything. Threats from around the world, would like to damage our data, reputation, finances, and more. As such, we need to be as secure as possible. There’s lots of arrows to that quiver. One of them is application security. But more broadly we need to look at the whole product and ecosystem. We need to find security bugs in the products and systems we build, before bad actors do. In this presentation, cyber expert, Dr. DeMott, will walk us through the process of how developers and security pros should be conducting product pentests. In particular, DeMott will guide us through the tools and techniques VDA engineers used to quickly find multiple zero-day vulnerabilities in a common IoT device.

Dr. Jared DeMott
Founder, VDA Labs

Who is Helping the Cybercrime Victims?

Read Abstract

The impact of cybercrime on the economy, personal lives and our critical infrastructure is growing exponentially each year. Loss estimates are in the trillions worldwide. Two questions are not being address on a national level in the US. Where does a consumer or small business call to report a crime and get help? And, what coordinated resources are available from federal, state and local law enforcement and consumer protection agencies? The Cybercrime Support Network is providing a voice for the victims and building a national program to improve victim services and response for consumers and small businesses.

Barb Heimstra
Privacy Engineer, Steelcase

SPONSOR PRESENTATION: Understanding Email Authentication – The Journey to Becoming DMARC Compliant

Read Abstract

Bring your recent security sightings, experiences, and questions to a panel and audience led discussion with some of the top technical minds in cybersecurity. Fundamentally, the threat landscape has evolved from network based attacks to financially motivated / socially engineered techniques that your faculty and staff, students, alumni, and donors are all struggling to remain protected against. With your experiences and insight, this panel intends to shed light on some industry best practices your organization can work towards implementing to secure important communication channels, such as email, SaaS applications, and social media. If compromised accounts, lookalike domains, ransomware, credential phishing, or business email compromise are challenges or concerns your organization faces, this session is for you. We invite you to join our panel of experts to discuss the current threat landscape and debate best practices that will help us all remain more secured in the Merit community.

Dave Kitt
Sr. Cybersecurity Engineer, Proofpoint

SPONSOR PRESENTATION: Secure Your School: Never Be Without a Phone or Internet Connection Again
Jim Pixley, Tim Carr
Solutions Engineer, Telnet

2:20-3:05pm

Defending Against the 1% – Strategies for Defending Against Attacks Security Tools Miss

Read Abstract

Cyber-criminals leverage multi-vector approaches to attack and compromise a network. An attacker might leverage email or web to get in, endpoints to move laterally, and network-aware malware to gain control of systems, update itself, and go undetected. Many organizations still rely on disconnected security systems that don’t work together or share real-time data about threats traversing the network. Gaps in visibility and control allow attackers to gain a foothold and dwell in an environment. Come learn how Cisco Talos and Cisco Security solutions address these gaps by sharing exceptional threat intelligence across endpoint, network, and web with a global integrated community. Additionally, we’ll take a look at Cisco Threat Response – a new Cisco offering delivering a unified interface to ask questions about the environment, understand the impact of an intrusion, and take action across the entire security architecture.

David Morris
Cisco Advanced Threat Solutions Specialist, Cisco Networks

MITN: Cheap and Easy Implementations for Actionable Threat Intelligence

Read Abstract

It is easy to download lists of bad IP addresses or bad domain names, but how can a resource-constrained IT security team make effective use of the data? We will discuss how the University of Michigan has implemented “Michigan Intelligence for Threat Negation” (MITN), A framework for consuming, generating, sharing, and using threat intelligence. We will demonstrate the value of generating local threat intelligence data with “Modern Honey Net” (MHN) honeypots and log data from systems & security devices, and how this has amplified the value of existing security protections for U-M IT infrastructure as well as providing value to peer institutions across the Big Ten.

Session participants will walk away from the talk with knowledge how to:

– Use threat intelligence to improve your organizational security posture

– Identify cost-effective ways to use threat intelligence in existing security systems

– Share threat intelligence with peers in an automated way

 

Matt Coons
Incident Responder and Threat Analyst, University of Michigan

SPONSOR PRESENTATION: Access Interactive/Carbon Black
Access Interactive/Carbon Black
Access Interactive/Carbon Black

SPONSOR PRESENTATION: Cryptomining Trends in the Current Threat Landscape
Mike Drummond
Systems Engineer, Carbon Black

Go Fast, Stay Secure – Security For Public Clouds

Read Abstract

Maintaining holistic cloud security and compliance isn’t easy. If you thought it was just you…it’s not.

Organizations around the world struggle with implementing the various aspects of cloud security, such as threat detection, misconfiguration management and risk remediation, all while complying with industry standards.

RedLock, now part of Palo Alto Networks, will now add critical security analytics capabilities across multi-cloud environments to our extensive cloud security offering. RedLock adds functionality and visibility to your cloud security capabilities providing you:

Cloud adoption while maintaining security

Comprehensive visibility

Threat Detection

Rapid Response

 

Jeff MacLean
Systems Engineer, Palo Alto Networks


3:15-3:40pm
Closing Remarks
Dr. Joe Adams, Pierrette Dagg
Vice President Research & Cybersecurity; Director of Marketing and Communications, Merit Network

QUESTIONS?

SPONSORS

CarbonBlack Logo Primary Black  PRINT
Millennia Logo
Carahsoft Logo
WesternMichiganstack Gold Black
Acess Interactive HiRes
5a8ab84154ea7a000146cda3 Logo Large P 500
TelNet Logo – 2c
IT In The D Logo
Proofpoint Logo Reg K

COMMUNITY SUPPORTERS

Amerinet Logo 1
JuniperNetworks
ADVA
Cisco Logo No TM Cisco Blue RGB 264px

We live in a time of disruptive technology, constant connectivity, and information overload. Managers, technicians, and analysts have to address the impacts of these influences on their organizations, their employees, and their business information. Security Summit, powered by the Michigan Cyber Range, is the place to learn from subject matter experts, share experiences and network with peers and other professionals. Join us on November 13, 2018 at the Henry!