Defending Data: Are You Doing Enough?
This event is sold out.
ISACA-RI is pleased to announce that we have assembled an all-star lineup of speakers that will provide you with a wide range of perspectives on Security topics. These include consultants from GuidePoint Security, Tenable Network Security, and Varonis.
Scheduled Guest Speakers Include:
Ruth Reiss, Senior Security Consultant – GuidePoint Security
Rich Roberson, Managing Security Consultant – GuidePoint Security
Speaker and Session Abstracts
Title: Data Governance Within a Comprehensive IT Security Strategy
Ruth Reiss, Senior Security Consultant – Ruth brings over 30 years experience in software development and information technology best practices. Over the past 10 years, she led efforts in the IT regulatory space, building compliance programs at Fortune 500 retail and pharmacy companies. Prior to joining GuidePoint, Ruth was responsible for all IT regulatory compliance programs including Sarbanes Oxley, PCI DSS and Federal Trade Commission at Designer Shoe Warehouse (DSW). Ruth holds the PCIP, PCI QSA, CRISC and CISM certifications.
Session Abstract: Everyone wants to manage IT Security by managing IT risk. Information, also known as data, impacts the risks to an organization just by its very nature. System vulnerabilities are exploited almost always to get to data that the abused organization has. A Data Governance Framework is the first step to understanding and managing an organization’s data risk. This presentation discusses the impact that data has to the overall risks that organizations face. It further examines the needed elements of a Data Governance Framework and the considerations for each of the elements.
Title: Mobile Payment Hacking
Rich Roberson, Managing Security Consultant - Rich has over 12 years of working experience in the information security field, primarily focusing on security engineering. Before joining GuidePoint Security, Rich was the senior technical security and compliance lead for the Parks & Resorts Division of The Walt Disney Company. His business knowledge, systems engineering skills, and security focus allowed him to fill multiple roles within the organization. He holds both a Bachelors and Masters degree in Business Administration from Webber International University. Rich also holds QSA and CISSP certifications as well as several SANS certifications, including the GCIH, GPEN, GWAPT, and GCUX.
Session Abstract: Mobile payments have gained traction in the last several years. You can use your credit card at many places that were once “cash only” such as local restaurants, barber shops, flea markets, community events, and even buying Girl Scout cookies. With all of these new markets opening up, have you ever wondered how all of those little gizmos that you attach to the mobile device actually work? The vendors tell you they are secure, but how can you confirm? This presentation discusses and demonstrates how mobile payment solutions work starting at the swipe, and delving into the internal processing and data manipulation going on inside of your mobile iOS device. Additionally, the presentation will cover various creative testing methods of how you and/or your team can do your own mobile application testing without expensive software or even a jailbroken device.
Title: Maltego in the Enterprise
J. David Bressler, Senior Security Consultant - David Bressler is a Senior Security Consultant at GuidePoint Security. Bressler’s main concentration has been on penetration testing, incident response, and malware analysis, for his over six years of experience in the Information Security field. Prior to joining GuidePoint, Bressler was a Senior Information Security Analyst for Boston Children’s Hospital, where he led the application security, vulnerability management, and incident response programs. Bressler developed numerous tools and Maltego integrations including NWMaltego, CuckooforCanari, and Nextego. He has also been a speaker at Bsides Boston, MassHackers, and RSA’s Security Analytics Summit events. Bressler holds the Offensive Security Certified Professional (OSCP) and Microsoft Certified Systems Administrator certifications as well as several COMPTIA certifications, including the Security+, Network+, and A+.
Session Abstract: Organizations face an overwhelming amount of data on a day to day basis, the analysis of this data can be an overwhelming task to large information security teams, never mind medium to small teams. Having the ability to conduct a visual high-level analysis on specific threats detected within an organization can point security teams to the exact data that should be further analyzed or issues such as vulnerabilities that should be validated and remediated. Maltego is a well-known information-gathering tool used to gather information from external data sources about specific organizations, domains, people, etc. This talk will highlight the advantages of leveraging Maltego within an enterprise internal network environment and the benefits of integrating existing security tools into Maltego. In addition, several use cases on how to leverage Maltego within an enterprise infrastructure to identify threats, vulnerabilities, and exploits within an organization based on the collection of internal data from existing security tools will be presented.
Title: The State of Cybersecurity Today: How Far We’ve Come & Where We are Going
Jeff Man, Security Strategist and Evangelist at Tenable Network Security. He has more than 30 years of experience working in all aspects of computer, network, and data security, including risk management, vulnerability analysis, compliance assessments, and attack and penetration testing. Prior to joining Tenable, Jeff served as a certified QSA, first with TrustWave, then with VeriSign (which was acquired by) AT&T Consulting Services. In this role he has provided PCI consulting and advisory services to some of the nation’s best known brands. Earlier in his career, Jeff held security research, management and product development roles with the NSA, DoD and private-sector enterprises.
Session Abstract: This session will provide a little history based on the presenters 20 years’ experience in network/internet security, exploring how far we’ve come, the new and emerging challenges we face, and why old challenges continue to haunt security operations across the public AND private sectors. It will dig into the reasons why we’re plagued by persistent issues, the factors driving cyber threats and what we can do to minimize their impact. This will incorporate a look at the need for an information security policy, documented and repeatable processes, and how no amount of “silver bullet” solutions are a substitute for sound practices that help increase the effectiveness of an organization’s cybersecurity practices.
Title: Insider Threats – Malice, Mistakes and Mountain Lions
Dana Tannatt - Manager Sales Engineering New England - Varonis
Dana has over 20 years of experience in the IT industry. He has experience working with a range of customers from Fortune 100 to SMB. Dana has worked with Varonis for over 3 years and prior to that he was the VP of Customer Solutions at HI Software, Sales Engineer at AltaVista, FilesX and managed large datacenter environments for email marketing platforms. Dana holds a Bachelor of Science degree from University of Massachusetts at Lowell.
CPEs: 6
Seminar Registration & Continental Breakfast: 8:30AM - 9:00AM
Seminar Time: 9:00 AM - 4:30 PM
Cost: $10 (yes thats right - $10!)
Continental Breakfast and Lunch Included
Plan to network with your fellow attendees after the session (offsite from AMICA). Location and start time TBD.
Registration is limited to 90 persons - register early!
Due to the low registration cost, no volume discounts.