About Our 2015 WTA Cyber Security Speakers and Sessions

Transcription

1 About Our 2015 WTA Cyber Security Speakers and Sessions The constant threat of cyber security attacks is the number one concern for most businesses today. Weaknesses in networks and data security can expose businesses to significant losses in brand and market value. Learn from industry leaders how to take a proactive and preemptive approach to protecting your systems and improving your security for today s every changing threats. David Cagigal Chief Information Officer for the State of Wisconsin Opening Keynote: The Persistence of Cyber Threats and Attacks Session Description: In David s keynote, he will provide a briefing on our State, our top security concerns and long term security initiatives. About David: David Cagigal was appointed CIO for the State of Wisconsin in November, As the CIO, he also serves as Division Administrator for the Division of Enterprise Technology (DET). DET manages the state s IT assets and provides technology to state agencies such as computer services, voice, data, video telecommunications, print and mail services. The division also provides geographic information systems (GIS) services to state agencies, organizations and local governments. David is a seasoned executive with over 25 years of experience in information technology visioning, strategic planning and management. He is experienced in converging business strategies with everchanging and innovating information technologies. He also identifies and implements the appropriate change management processes and risk mitigating strategies for each unique culture. David has held executive IT positions at Alliant Energy, DeVry University, DePaul University, Maytag and Amoco that crosses multiple industries and business functions. He is also passionate about education reform and 21st Century Learning Strategies through technology innovations in collaboration with teachers, administrators, parents, communities and most importantly students.

2 His specialties are strategic planning, budget management, program management, business intelligence, data analytics, risk analysis, quality management, business continuity, disaster response, technology analysis / implementation, security operations, and training / development of personnel Nicholas Davis Chief Information Security Officer for UW Systems Session: The Higher Education IT Security Jungle Session Description: Implementing a corporate information security program has become more or less a template, which most IT security professionals are accustomed to; from event monitoring, to firewall configuration, to BYOD policies and endpoint management, it has all become familiar territory. However information security in the higher education environment is a much different world. With decentralized management structure, faculty governance, and consensus building being the norm, implementing and maintaining a comprehensive IT security framework is often more art than science. With an understanding of the unique challenges, and willingness to approach IT security in equal parts (technical and sales) it is possible meet the IT security needs of this demanding environment, which hosts a diverse range of systems, even including the occasional Commodore 64 or Atari 800. This presentation will focus on what a typical higher education IT security environment looks like and how to build out an IT security program and infrastructure in absence of a corporate directive, with little funding, using the tools of motivation rather than obligation. About Nicholas: Nicholas Davis is the Chief Information Security Officer (CISO) of the UW-System. In this capacity, Nick has the responsibility for creating and implementing a risk based IT Security framework based on National Institute of Standards and Technology (NIST) guidance. He helps in creating IT policy and the corresponding security assessments that are necessary to assure that UW System deploys and uses IT systems in the most secure manner possible, while continuing to meet the mission of the UWS. Nick was most recently employed by the University of Wisconsin at Madison in the IT Security Office. His responsibilities included the deployment of certificates and implementing encryption. Most recently he created and launched the IT Security awareness program at UW- Madison. He was involved in the identification and developing approaches to configure application security to address requirements, including access controls, authentication, encryption, data transport, monitoring and incident

3 management. He also teaches a course at UW-Madison in the School of Business in Information Security Management and Strategy. He is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA). Nick holds an MBA in Information Systems from the University of Wisconsin, Madison. James Gomon Director of Telecommunications at WPS Health Insurance Session: Everything you need for a Security and Compliance Program Session Description: Over the course of the last decade security has taken on increased importance. Telecom systems that were once on a private wired telephone network have become more complex with VoIP, third party integration, SIP, wireless, BYOD, hosted services, cloud services, and work from home staff all on a shared network infrastructure. If not architected correctly this provides access through or to critical telecom infrastructure and corporate data. This session will touch on what to consider, how to get started, and some best practices around developing a security and compliance program. About James: Currently the Director of Telecommunications at WPS Health Insurance with responsibility for all equipment, services, applications, and security related to telephony for multi-state operations with regional contact centers. Prior to WPS a diverse career including information technology, contact centers, and telecom in the retail and internet space integrating telephony equipment with various corporate and third party systems. Alex Holden Founder and Chief Information Security Officer at Hold Security Closing Keynote: Information Security Defending Against Unknown Session Description: Over the past decade information security failures are not only discussed in IT meetings, they also became hot topics in boardrooms and are on the front pages of media. We will take

4 first-hand stories from the high profile breaches, and discuss successes and failures of information security to understand the current trends and react to the new ones. Are we fighting a losing battle? No, we are winning. So there must be winning strategies and we will discuss how IT defenses are changing with times. About Alex: Alex Holden is the founder and Chief Information Security Officer of Hold Security. His experience unites work from leadership positions within the corporate information security practice and security consulting experience. Mr. Holden works with clients to address their IT security, investigative, and forensics issues, ranging from penetration testing and critical incident response to full-scale security solutions. A nationally-recognized expert in designing, maintaining, and auditing information security solutions; Mr. Holden has over 15 years of experience in computer security and networking, including development of several award-winning security systems and enterprises. By designing, implementing, and maintaining company-wide, end-to-end security solutions, Mr. Holden works with all the areas of a company to assess security risks, design policies to comply with HIPAA, PCI, SOX, and SEC/FINRA regulations, identify and fix security issues, as well as successfully lead the enterprise to pass internal and external IT security audits. Prior to joining the consulting world, Mr. Holden worked for over 10 years as the Chief Information Security Officer for a large brokerage firm in the United States. He also has extensive experience in Windows, Unix, and network administration along with corporate information security governance. He has conducted over 200 security audits of companies in the financial, medical, retail, manufacturing, legal, and other fields. These audits yielded an exceptional 100% success rate in penetration testing from data access to full system control and prevented ongoing and potential losses estimated at $12 Billion. During his career, Mr. Holden has evaluated over 800 commercial software solutions and identified and reported to vendors over 1,600 vulnerabilities. He holds a number of IT certifications, including but not limited to: Certified Information Systems Security Professional (CISSP). Mr. Holden is a frequent speaker on IT security issues, teaches IT and business security education programs, along with consulting extensively for vendors, open-source projects, and major media on data security and cybercrime.

5 Daniel Baily - Director Usher Product Security for MicroStrategy Session: Threat Modeling & Securing Your Assets with Identity Access Management Solutions Session Description: 76% of cyber breaches are caused by weak or compromised passwords. Administration of password based systems, tokens, fobs and badges are resource intensive and a costly burden for help desk and security operations. Federal regulations and new innovations are disrupting the traditional user authentication and access management market place. In this session, you will learn a basis for Threat Modeling to identify areas of potential risk and how to secure them via Identity Access Management (IAM) solutions that eliminate the use of passwords and dematerialize the use of physical forms of ID. MicroStrategy s Dan Bailey will present a mobile identity platform that can replace traditional passwords with biometric mobile identity and 5 factors authentication, and offers enhanced, streamlined security administration capabilities. About Dan: For more than 15 years, Dan has led widely-deployed security engineering efforts implemented in billions of artifacts (designed mycokerewards customer loyalty scheme) and protecting billions in revenue (designed new one-time password scheme for EMC Symmetrix). He has applied for more than 35 patents, with 22 issued to date. His research papers have appeared in Crypto, Journal of Cryptology, Security and Cryptography for Networks, and others. In industry standards bodies including IETF, IEEE, ZigBee, and EPCglobal, he has designed and specified secure-networking protocols. At MicroStrategy, Dan is Director of Product Security, reporting to the Executive Vice President for Usher.

6 Kevin Thompson Threat Analyst at FireEye Session: The Importance of Strategic Intel Session Description: In the presentation, Kevin will discuss a variety of industries and give an overview of how threat intel is being used and why it is so important. About Kevin: Kevin is a Threat Analyst for FireEye, educating FireEye customers and partners on the latest cyber threats to their infrastructure. Before joining FireEye, Kevin worked as a cyber analyst for the Central Intelligence Agency in Washington DC. As an analyst, Kevin used digital exploitation and all source analysis to educate multiple agencies of the US Government on current and future cyber threats. Kevin's analytic work has been included in Presidential Daily Briefings and became a case study used in multiple training classes. Kevin has also presented at numerous technical workshops and cyber threat conferences around the United States and Canada.