October 2nd, 2020
- Keynote: 8:30 AM – 9:20am
Kevin Hyde, President and Co-Founder, Layer 8 Security
Kevin will be addressing how the market continues to calibrate for a ‘new normal.’. Organizations have a renewed need to address information security and privacy obligations. What were companies doing pre-pandemic, and where are they now taking their information security and data privacy in a post-pandemic business environment?
Break 9:20 – 9:30
Breakout Sessions 9:30 – 10:20
Scott Schober, President/CEO, Berkeley Varitronics Systems, Inc.
Scott will contrast the importance of good hygiene and staying healthy in this covid-19 pandemic to the importance of good cyber hygiene. He will share how cyber criminals are preying on individuals using fear and uncertainty during this pandemic stealing personal information. He will dive into how criminals are marketing stolen credentials on the dark web and how they are effectively using technology to their advantage to conduct cyber crime. Throughout the presentation Scott will provide practical actionable tips to help the audience firm up their own cyber hygiene.
Mark Finlayson, Senior Security Advisor, Candoris
Organizations operate under constant cyberattack. SOC-as-a-service delivers comprehensive, end-to-end security for organizations on limited budgets. It enables you to outsource your needs while enjoying the benefits of a security service focused on threat detection and incident response. Plus, it’s an affordable alternative for many organizations since it doesn’t require investment in additional hardware, software, or staff. Easy to deploy and manage, it offers the people, process, and technology needed for running a SOC without the human and capital investment of building one from the ground up.
Kevin Langston, Principle Enterprise Systems Architect,
IBM Power Systems Academic Initiative
Kevin will introduce the program and explain how we came to work with Prelude Institute to solve some of their cyber security issues. Kyle Pellett , who was the student leading the project last October, will discuss the elements contained in Kevin's note below.
Current threats to data centers, what they look like, what are their impacts,
- Phishing (mal docs, social engineering)
- Malware (banking trojans, ransomware, worms, rats)
- Physical Security
- Shadow IT
Detection strategies and mitigations.
- Security frameworks
- Network & EDR products
- Cloud services
- Security personnel and training
- Day in the life of a SOC analyst
The current market demand for cyber security hopefuls and their routes of entry.
- Statistics on growing market
- Identify the need for security folks specifically, not tasking other teams with security
- On-going Training and development & resources
Cindy Casey, Instructor and Program Coordinator, Computer Information Sciences, Gwynedd Mercy University
Website vulnerabilities are weaknesses or misconfigurations in websites or web applications that can be exploited by malicious actors to disrupt services, gain some level of control, attain unauthorized access to data, steal money, or propagate malware. According to the 2020 Verizon Data Breach Investigations Report (DBIR), web applications remain the top hacking vector accounting for 43% of all breaches surveyed. This presentation will discuss emerging and current web vulnerabilities and how to identify, circumvent, and mitigate web application exploits. Web-scraping attacks, cross-site scripting (XSS), cross-site request forgery (CSRF), path traversal, URL redirections, and SQL injection attacks will be discussed.
Joseph Walsh, MA. Assistant Professor of Criminal Justice; Director, Master of Arts in Criminal Justice (MCJ), DeSales University
Have you heard about the Dark Web but you aren’t really sure what it is? This presentation will help shine some light on the Dark Web. Attendees will learn about the differences between the surface web, deep web, and dark web. We will take a look at how individuals access the Dark Web and review some of the criminal activity that is occurring.
Break 10:20 – 10:30
Breakout Sessions 10:30 – 11:20
Mark Finlayson, Senior Security Advisor, Candoris
We spend a small fortune on firewalls, SIEMs, IDS/IPS solutions, DLP’s, etc. yet so often it is the low-cost solution of Fortifying the Human Firewall (our users’ security knowledge) that gets overlooked. During this presentation we will highlight how you can leverage Security Awareness Training solutions like KnowBe4 and ProofPoint’s Security Awareness Training (PSAT) to make this process easy and quantifiable. KnowBe4 and PSAT are the top two Leaders in Garter Magic Quadrant.
- IPv6 and Email Investigations
Pamela King, Director, Cybersecurity & Digital Forensics Program, Computer Science & Information Technology, Center for Data and Societ
Incident response and digital forensics often involves the analysis of email traffic. As networks migrate from IPv4 to IPv6, many times email headers contain IPv6 address. IPv6 is a very different from IPv4. This lecture will explain IPv6 address notation, how a resource obtains or is assigned an IPv6 address, identify key IPv6 addresses in email headers, and how to lookup the owner of an IPv6 address.
Michael Cavanaugh, RPLU, CEH, Vice President, Director of Production Apogee Insurance Group, a Berkshire Hathaway Company
For the last 30 years the Insurance industry has remained largely unchanged at a high level. In 2010, it became clear that there were areas of this industry that could be changed, improved or adapted to embrace the technology being adopted by the Finance industry in the prior 10 years. The startup influence in that time period led to the development of an Insurtech industry designed to improve efficiency, accessibility and speed of an otherwise traditional industry that relied on face-to-face interactions in all things. The most recent wave of Insurtech companies have focused on the newest exposures including Cyber Security through Cyber Liability Insurance by leveraging technology to assess a Company’s actual Cyber Security exposure as opposed to a basic application. By partnering with Technology firms and, in some cases, developing proprietary technology these Insurtech organizations have been able to join the traditionally analog Insurance Industry with the entirely digital Technology Services Industry to better serve Insureds and, in the case of Cyber Liability Insurance, impact Cyber Security Risk Management at the same time.
Dan Lezoche, Supervisor of Technology Services, Bucks County Intermediate Services, Bucks County Intermediate Unit.
"Congratulations, you've successfully scheduled your first cybersecurity audit. Now what? Skip the anxiety driven resume polishing and attend this session for insight into how these audits work and provide value to your organization. We'll cover how to prepare, what to expect, and how to map the findings (there will be findings, relax!) to actionable changes within your environment."
- Insider Threats: Stories from outside the cubicle / Dealing with the Attacks That Can Cause the Greatest Harm
David Balcar, Security Strategist, VMware
Turn off your mobile phone, put down your tablet and learn about the real-world insider threats causing the greatest harm (not just the big ones that make the 5 o’clock news). How quickly could your organization be breached by malicious insiders? How can your team help find them? Threat hunters are often tasked with looking for attackers’ TTPs. But how can they look for malicious insiders? Please join our special guest, David Balcar a globally recognized security professional, as he shares his personal, real-world experience of sniffing out insider threats.
Break 11:20 – 11:30
Breakout Sessions 11:30 – 12:20
Matthew J. Frederickson, CISSP, CISA, CASP+, ECSA, CEH, WCNA, PenTest+, Dept. of Science, Technology, Engineering & Mathematics (STEM), Bucks County Community College
In this presentation, attendees will learn why an Information Security Risk Assessment is not only a good thing for the organization, but a good thing for employees. The right type of audit can demonstrate what the organization is doing well, and areas where things can be improved. It shouldn't be dreaded - it should be welcomed with open arms. Audits are about educating organizations, strengthening processes, and improving workflow for everyone. They can also help inform budget decisions, training goals, and even identify those areas that suffer from a lack of critical resources.
- Who goes there? Threat Hunting on your home network
Scott Lynch, Manager, Security Operations Swedish Space Corporation, Adjunct Instructor, Bucks County Community College, CCNP Security, GCIH, GNFA
Ever wondered what is happening on your home network? What happens on your network when your asleep but your devices are still online? In this talk we will look at ways to utilize Open Source Software (OSS) to build, deploy and monitor your home network utilizing Network Security Monitoring (NSM) tools like Security Onion. Security Onion is an OSS tool that when deployed can monitor and collect network packets and intrusion data and display it in human readable format in a Security Incident and Event Management (SIEM) platform graphical user interface. We will discuss how you can use this to get visibility into your networks traffic, internal and external threats and how you could scale this to support enterprise networks at work.
John Leible, Territory Account Manager, InfoBlox
DNS is fundamental to all network communication from peer to peer on your intranet to communicating with the internet as well. This communication can easily be exploited for nefarious means. This session will cover the basics of the DNS protocol, why it is so well suited for exploits, common exploits and paths to protect a network against such exploits.
The IT Academy at Bucks County Community College offers affordable training for advanced technology certification programs, as well as other technology courses, with knowledgeable instructors that bring real-world experience into the classroom.