Pre-Conference Bonus Workshops
Saturday, March 21 9:00 AM – 5:00 PM
Technical Level: Medium
One Day 8 CPEs
W1 Developing, Deploying and Consuming Secure SaaS-Based Services. Don’t SaaS me, unless…
George Gerchow, Director Center for Policy and Compliance, VMware
Most enterprise consumers of cloud technologies are getting the ball rolling first with SaaS offerings. IaaS and PaaS are still relevant but being consumed in small doses by LOB and App\ DEV. The low hanging fruit and big wins in Cloud are with SaaS, as these are purpose built solutions that eliminate the need for heavy infrastructure and management. With that being said, InfoSec still has legitimate concerns about how data is being protected in the cloud. Throughout this workshop you will gain insight as to how to better select SaaS solutions that are right for your organization and protect data goes off premise and what happens with that data should you choose to end your subscription and move to another provider. This workshop will cover:
•The Politics behind SaaS
•A historical view of SaaS and where the space is headed
•Behind the scenes look at SaaS based Architecture
•Reverse Proxy
•Managing a Secure Connection
•SCAP (Security Content Automation Protocol)
•Encryption Options
Saturday, March 21 and Sunday, March 22
9:00 AM – 5:00 PM
Technical Level: Medium
Two Days 16 CPEs
W2 ISC2 Workshop: Introduction to Cloud Forensics Techniques
Melvin Greer, Senior Fellow & Chief Strategist, Lockheed Martin
The rise in cyber-attacks, nation state cyber terrorism and the breach of consumer data has led to a heighten awareness of the enterprise and personal responsibilities associated with cyber security. The adoption of cloud computing and the associated mobile and social technologies has increased the challenges associated with digital forensics and incident response. Melvin Greer, Senior Fellow and Chief Strategist, Lockheed Martin will detail the role of cloud service providers and organizations adopting cloud in establishing and well-defined forensic capability. This workshop defines the new area of cloud forensics and analyzes it challenges and opportunities.
Prerequisites:
Students should have the following training/experience:
•Intermediate understanding of networking concepts
•Basic understanding of incident response and computer forensics concepts
• Laptop Requirements: Laptop capable of running VMware Player required. 4GB RAM minimum.
Two Days 16 CPEs
Technical Level: Medium
W3 HANDS ON Penetration Testing
Jerod Brennen, CISSP, CTO & Principal Security Consultant, Jacadis
This workshop is designed to prepare students to conduct actual penetration tests, whether as part of an internal enterprise penetration team or as an external third party hired to conduct independent tests.
It includes multiple hands-on labs where students are taught how to apply specific penetration testing techniques, aligned with the Penetration Testing Execution Standard (PTES). These techniques can be applied to tests against external networks, internal networks, wireless networks, web applications, physical locations, and people (social engineering).
This workshop will cover:
1)The Penetration Testing Execution Standard
a.Pre-engagement interactions
b.Intelligence gathering
c.Threat Modeling
d.Vulnerability analysis
e.Exploitation
f.Post exploitation
g.Reporting
2)Survey of Penetration Testing Tools
a.Pen testing platforms
b.Native OS commands
c.Intelligence gathering tools
d.Web application tools
e.Exploit tools
3)Network Penetration Testing
a.External network pen test process
b.Internal network pen test process
4)Wireless Network Penetration Testing
a.Wireless attack framework
b.Defeating wireless encryption
c.Rogue wireless access points
d.Effective wireless security controls
5)Web Application Penetration Testing
a.Scanning vs. pen testing
b.OWASP testing process
c.Web app security tools
6)Social Engineering
a.Social engineering attack methods
b.Exploits
c.Looking ahead
d.Defeating social engineers
7)Physical Penetration Testing
a.Goals of a physical pen test
b.Physical intel
c.Tools
d.Techniques
e.Countermeasures
8)Vulnerability Management
a.Vulnerability management lifecycle
b.Managing network vulnerabilities
c.Managing host vulnerabilities
d.Managing application vulnerabilities
e.Managing physical vulnerabilities
f.Managing human vulnerabilities
g.Internet threat data
h.Assessments
Requirements: Students will be provided a virtual image that has been prepared specifically for this workshop. Students must bring their own laptop running Windows 7 or Apple IOS, with a VMware Player or VMware Workstation installed (Fusion for Mac). The laptop must have a USB port and bring a USB thumb drive. Students must have a working knowledge of VMware and be comfortable configuring the imported image. Students must have a working knowledge navigating the Microsoft Windows operating system.
Sunday, March 22
9:00 AM – 5:00 PM
Technical Level: Medium
One Day 8 CPEs
W4 Insider Threats “Protecting Your Crown Jewels… OOPS! Too Late! What Now?"
Antonio A. Rucci, President, /Root Technology and CSO, Ghost Systems, LLC
Your Corporate “Crown Jewels” are the Keys to Your Kingdom. How are you managing them? ARE you managing them? Do you trust who has them? Have you vetted them? …REALLY? This workshop will focus on the key indicators of insider threat and how to detect them. It will draw from some real-world case studies, lessons learned and mitigating factors. Additionally, it will focus on specific hiring practices to minimize risk to your organization and expose you to some of the industry concerns in doing so. Let’s take a look at some new OSINT capabilities and swarm some data to find out if you’re introducing additional risk to your organization through hiring practices, and/or just not managing people well. While not an all-in-one solution, an important aspect is security education awareness and training to thwart opportunistic individuals. During this workshop, you will receive an effective, methodical counterintelligence screening process you can use to integrate into your company's pre-screening process. The workshop will wrap up with current case studies that serve as pertinent examples of insider threats and how to prevent them.
This workshop will cover:
•A methodical, multi-pronged screening approach to minimize the insider threat in your organization
•New Open Source Intelligence (OSINT) research techniques and resources
•Security awareness training, investigative resources and education to thwart opportunistic individuals
•Using Tools such as Maltego and Others as investigative resources
•Specific hiring and screening processes designed to thwart the criminal element throughout employment cycle
•Exit Strategy Management
•CASE STUDIES, CASE STUDIES, and MORE CASE STUDIES!!! Recent Case Studies, and Lessons Learned
Post-Conference Bonus Workshops
Wednesday, March 25
12:45 PM – 5:00 PM
Training Level: Medium
Half Day 5 CPEs
W6 Why Do You Need a Data Loss Prevention Program?
Tracey Brand-Sanders, Director, Information Protection Officer, Prudential Group Insurance
Punit Setia, Manager, Information Security, Prudential Financial, Inc.
Data Loss Prevention programs remain one of the top security strategies. However, with the increase rise of data breaches, increased mobility and advanced threats, the need to have a Data Loss Prevention Program is no longer a security strategy, it has become a business strategic imperative. Data Loss Prevention Programs are emerging to help companies stay out of the media, but also to help companies win business. As companies look for opportunities to remain competitive, the staffing model looks very different because associates are working across the globe. As technology advances, hackers are finding creative ways to steal information. With the demands around productivity, associates may not be considering the level of protection that is needed to maintain confidentiality and the integrity of the data, especially when data may not be personal identifiable information. This workshop will have hands-on exercises to help you build your business case as to why a Data Loss Prevention Program is essential within your company.
This workshop will cover:
•Cost
•Breaches
•Data Escaping
•Life Cycle Process
Information Classification
•Accountability
•Awareness
Half Day 5 CPEs
Technical Level: Low
W7 Third Party Risk Management
Doug Davidson, CISA, CEO & Principal Security Consultant, Jacadis
As outsourcing and internetwork enabled business relationships explode, organizations must manage the risk of working with third parties. Trends across supply chain, legal, ethics, security, privacy and compliance fields drive organizations to require assurance of how their partners operate. Organizations using third parties in their business model are being held responsible for the actions of those third parties and their processes by governments, contracts and customers.
Sharing organizational data to enable third parties to provide services poses many security-related challenges, privacy exposures and compliance obligations. A structured, risk-based approach is necessary to build and maintain the required levels of trust.
This one-day seminar is designed to provide the knowledge you need in order to enable your organization to build a consistent, risk-based third party management program that meets organizational, regulatory and customer obligations. We will range from the theoretical aspects of organizational trust, through trends in 3rd party business relationships, through the risks posed by conducting business with and through 3rd parties to how to structure a program that assess risk in a way that builds two way trust.
Half Day 5 CPEs
Technical Level: Low
W8 Threat Modeling for Fun, Fear, Strategy and Position
James Robinson, Director, Office of the CISO, Accuvant
Rafal Los, Director, Solutions Research, Office of the CISO, Accuvant
Threat modeling is something enterprise security organizations must learn to master if they are to have a chance at defense. Unfortunately, because they’re busy playing whack-a-mole, enterprise security professionals don’t have the time to learn appropriate threat modeling tactics and techniques. This workshop will provide guidance and directly usable techniques for threat modeling in an enterprise setting.
This workshop will cover:
•Fundamentals of threat modeling
•Leveraging threat modeling to understand your attacks
•Identification of green field solutions to defend against the threat
•Identification of your position against the threat
Thursday, March 26
9:00 AM – 5:00 PM
Technical Level: Low
One Day 8 CPEs
W9 Worldwide Companies, Worldwide Threats: Asset Protection in Diverse Environments
Michael Podszywalow, CISSP, CISM, CISA, CEH, Security Consultant, SpyByte, LLC
Global organizations face compound threats from insiders, external attackers, and other threat agents who target critical information for gain. To stay a step ahead of the attackers, global organizations must continually develop and deploy innovative solutions that deter, prevent, detect, and respond to cyber threats and incidents. Preserving the confidentiality, integrity, and availability of customer data, computer systems, and other assets is especially challenging in diverse environments. This workshop will cover best practices and challenges for managing information security risk and technology compliance in a global organization. Attendees will participate in a scenario-based activity to facilitate learning and reinforce the material presented. The workshop will emphasize a holistic approach to security that protects customer-related information as well as organizational intellectual property.
This workshop will cover:
•How to implement a security program to protect intellectual assets beyond a security program focused on meeting compliance requirements
•Effective communication and collaboration strategies with executive management and global team members for bridging security controls with business initiatives
•Building a global knowledge support structure and threat intelligence capability relative to information security governance
•Developing and maintaining global enterprise security policies
•Insights into technical, administrative, operational, and physical security recommendations for a holistic security program (one that encompasses protection strategies for all types of information
•Cultural implications and consequences of information security and ways they are exploited to target people to obtain sensitive information in a global workplace
•How to creatively tap people assets to leverage an information security program and help employees recognize a potential threat
•Recommendations for security training and awareness programs to build up resiliency against information leakage and inform policies to a diverse audience
•Review of foreign travel and outsourcing considerations to reduce the risk of information theft
•Influencing user behavior to meet a global organization’s information security needs.
•Incident Response Management considerations in a global organization
•Considerations for an organizational counter-Intelligence program
One Day 8 CPEs
Technical Level: Medium
W10 Mobile Forensics – Tools for Investigation in a BYOD World
Warren Kruse, CISSP, CFCE, EnCE, DFCP, CCLO, CCPA, Vice President, Data Forensics, Altep Inc.
In today’s technology-rich environment, it is rare to conduct a digital forensic investigation that does not include at least one smartphone or mobile device. This workshop will present a practical approach to preservation, collection, and analysis of mobile devices. The presenter will demonstrate various commercially available software applications and tools which can be used for forensic acquisition and analysis of mobile devices, along with tips and tricks investigators often employ during real-world engagements in mobile forensics. Attendees will receive a sample template for obtaining consent to search personal devices, which can be modified to fit the needs of their organization.
This workshop will cover:
•Things to consider before acquiring data from a mobile device
•Mobile device security and how it affects mobile forensics
•Mobile Memory basics
•Wear-leveling/garbage collection and their impact on the forensic process
•Mobile specific anti-forensics
•Mobile acquisition methods
•Popular commercial tools
•Mobile backup artifacts
•Mobile search methods
•How to determine whether a device has been jail broken or contains mobile malware
•Lessons learned from mobile investigations
Thursday, March 26 and Friday, March 27
9:00 AM – 5:00 PM
Technical Level: High
Two Days 16 CPEs
W11 HANDS-ON Malware Hunting – Learning Techniques To Find What Others Miss
Ronald Shaffer Jr., CTO and Co-Founder, Maddrix
Advanced threat actors are proficient at targeting organizations to conduct highly tactical operations, which go undetected for extended periods of time. They establish a presence in your network to steal information or do damage to the environment, often times with privileged level access. Most organizations have not kept up with the adversary’s tactics, techniques, and procedures, and rely on their organization’s legacy architecture to find and contain advanced threat actors. This workshop will discuss some better-than-best practices and mitigation strategies to help an organization better detect, respond, and mitigate incidents. Finally, we will teach techniques to find malware that traditional signature based security applications and devices do not detect. We will use common operating system and open source utilities, and apply the techniques learned to build a tool that can monitor your system for suspicious or malicious activity.
This workshop will cover:
•Recognizing advanced threat actor tradecraft
•Techniques used in an enterprise incident response
•Techniques used to hunt and find advanced malware
•Applying hunting techniques to leverage across several IR tools
•Identifying actionable indicators of compromise
•Using common operating system commands to find threat actor tradecraft
Requirements: Students will be provided a virtual image that has been prepared specifically for this workshop. Students must bring their own laptop running Windows XP Pro (SP2+), Windows 7 or Apple IOS, with a VMware Player or VMware Workstation installed (Fusion for Mac). The laptop must have a USB port and bring a USB thumb drive. Students must have a working knowledge of VMware and be comfortable configuring the imported image. Students must have a working knowledge navigating the Microsoft Windows operating system.