Technology consulting firm Gartner projects that 6.4 billion connected things will be in use worldwide this year, up 30 percent from last year. And Gartner forecasts that number will grow by more than three times, to nearly 21 billion by the year 2020. Attend our conference to to set your security strategy for scalable, secure and efficient IoT implementation.
The ISACA GWDC Board of Directors and Officers would like to give a big “Thank You” to Thycotic for being an Event Sponsor for the IoT Security Conference!
The Disappearing IT and IoT Divide
ICS and specialized IoT networks (such as the 'Industrial Internet of Things') are traditionally viewed as isolated networks with limited connectivity to business networks, with this isolated state producing a unique and more constrained security environment. Unfortunately, if this situation ever held true, it no longer does in an environment featuring ever greater levels of connectivity and interaction between allegedly 'airgapped' networks and everyday IT environments. Recent security developments in the form of the latest wormable infections - from exploit-based events such as WannaCry to credential capture and replay fueled infections such as NotPetya and OlympicDestroyer - provide an automated, robust, and dangerous mechanism to quickly circumvent the traditional IT-ICS or IT-IoT divide resulting in disastrous consequences. This talk will review not only the unique threat profile of these attacks with respect to isolated and embedded networks, but will also discuss strategies for hardening and defending vulnerable networks from their effects. In addition to the wormable infection vectors identified previously, this discussion will also examine recent targeted attacks and how similar techniques are leveraged to gain access to vulnerable embedded systems networks.
Inside the MIND of a Hacker – How a lightbulb almost stopped Christmas
It is critically important to know how cyber criminals target their victims, what you can do to reduce the risk and make it more challenging for the attackers who steal your information, your identity or your money. This session explains how outside attackers or malicious insiders can exploit vulnerabilities using examples such as a compromised email account password that escalates into a full-blown breach of network security and how a light bulb almost stopped Christmas from happening.
Today, every organization is at risk of cyber attacks. It is no longer the question of if, but when. Attackers are motivated, sophisticated and not limited by national borders. With IoT devices increasing in adoption and becoming intrinsic elements in our smart city infrastructure, industrial control systems and transportation systems, improving cybersecurity is essential.This panel will discuss the latest trends in cyber attacks, hacks and breaches in an increasingly IoT world, and the recommendations on how to strengthen the security of our most critical assets. Moderator: - Fred Wilmot, CTO of PacketSled Panelists: Chris Roberts, Chief Security Architect at Acalvio - Sushila Nair, Principal Consultant at NTT Security and Joseph Carson, Chief Security Scientist at Thycotic
This presentation will focus on the overall architecture developed and implemented at the application level of the protocol stack and propose some design principles that can assist in the effective operational use of IoT enabled devices as they are introduced into the daily environment. These technologies not only employ a vast number of sensors (audio, video, RF, and environmental) but also may have in- and out-of-band signaling and control of individual components using the nascent IoT technology. Security enhancements are possible and, just as importantly, data integrity and validation assures QA/QC functions required of a robust customer service. Most of these new technologies are available as vertically implemented point solutions. We believe these products can be effectively folded into a common logical architecture for symbiotic transfer of information among the systems and subsystems permitting efficient use of resources and lowered operating costs. If implemented within a unified architecture, it may be possible to increase the level of security, integrity and continuity of service of all applications that rely on the combined solution.
Chris Roberts is considered one of the world’s foremost experts on counter threat intelligence and vulnerability research within the Information Security industry. At Acalvio Roberts helps drive innovation and product strategy for Deception 2.0 – which has a rich palette of digital deceptions to trick threat actors of all kinds. Roberts also directs Services at Acalvio, which are designed to improve the physical and digital security posture of enterprise, industrial and government clients.
Roberts’ unique methods for addressing the evolving threat matrix and experience with a variety of environments, from enterprise to industrial and the Internet of Things (IoT), make Roberts and his team an indispensable partner to organizations that demand robust protection in a world with increasingly sophisticated attack vectors.Roberts is credentialed in many of the top IT and information security disciplines and as a CyberSecurity advocate and passionate industry voice, Roberts is regularly featured in national newspapers, television news, industry publications and several documentaries. He can typically be found waving arms on a stage somewhere on this planet…or hacking into whatever’s taken his fancy…
Sushila Nair is a cybersecurity principal at NTT. NTT is one of the world’s largest technology services companies, ranked 65 in the Fortune 500 and is one of the most valuable brands in the world. Sushila owned and managed a consultancy organization for many years, designing and architecting solutions that delivered security solutions to large financial organizations, the legal sector and Manufacturing. Sushila has twenty year's experience in computing infrastructure, business and security and has worked in a number of diverse areas — risk analysis, threat modeling, credit card fraud, mobile security and real time security monitoring. Sushila worked with the insurance industry in Europe and America on methods of underwriting e-risk insurance based on ISO27001. She volunteers with several non-profit organizations, notably serving as the Marketing Director of the ISACA Greater Washington DC Chapter. She has published numerous articles in the computing press, and has spoken at CACS, Seguruinfo, BrightTALK, FinSec and many other global technical events. Sushila is a qualified lead auditor in BS 17799, CISA, CISSP, CISM, CRISC, MCSE
Joseph Carson is a cyber security professional and ethical hacker with more than 25 years’ experience in enterprise security specializing in blockchain, endpoint security, network security, application security & virtualization, access controls and privileged account management. Joseph is a Certified Information Systems Security Professional (CISSP), active member of the cyber security community frequently speaking at cyber security conferences globally, often being quoted and contributing to global cyber security publications. He is a cyber security advisor to several governments, critical infrastructure, financial, transportation and maritime industries. Joseph is regularly sharing his knowledge and experience giving workshops on vulnerabilities assessments, patch management best practices, the evolving cyber security perimeter and the EU General Data Protection Regulation. Joseph serves as Chief Security Scientist at Thycotic and author of Privileged Account Management for dummies.
Joe Slowik currently hunts ICS adversaries for Dragos, pursuing threat activity groups through their malware, their communications, and any other observables available. Prior to his time at Dragos, Joe ran the Incident Response team at Los Alamos National Laboratory, and served as an Information Warfare Officer in the US Navy. Throughout his career in network defense, Joe has consistently worked to ‘take the fight to the adversary’ by applying forward-looking, active defense measures to constantly keep threat actors off balance.
Currently the CTO at PacketSled, Fred is driving their vision for automated network visibility, insight and response. Fred previously built Security Operations Centers for Federal, Civilian and foreign organizations as the founder of Splunk’s security practice, professional services offerings, and product research and innovation. He has worked on-site during breach response and remediation at many of the major breaches over the last few years.
As a security consultant, Fred developed ICS/SCADA protocol signatures and ran vulnerability assessments on power distribution systems with DoE labs, and wrote signatures for mobile virii in US at large wireless carriers, including the first one in the US.
Fred firmly believes in lowering the security skills poverty line by democratizing Security Operations, Analytics, Digital Forensics and Incident Response. He has spoken at conferences around the world in support of the cause. He Attended the US Naval Academy, and Florida State with a degree in Mathematics and History.
Susie Adams is the Chief Technology Officer for Microsoft’s Federal Government business and brings with her over 30 years of IT experience. Susie joined Microsoft in 1999 and has held several leadership positions in Microsoft including the Director of the Microsoft Reston Virginia Technology Center and most recently the CTO of the Federal Civilian Business. Prior to joining Microsoft, she spent 16 years in the consulting arena working with customers in both the commercial and government sectors. She held a variety of management and leadership roles including practice manager, systems analyst and software developer. Susie was named as a Fed100 award winner in 2011 and has authored several books on the
topics of software integration and web development. Susie is a graduate of George Mason University where she received a BS in Information Systems.
Mr. Nair is the President and CEO of Nair and Associates, LLC. This entity was formed by re-organizing of the operations of Project Management Enterprises, Inc. (PMEI). Since 1985 Mr. Nair has been president of PMEI, a Bethesda-based business focused on various areas of energy management and aviation data communications. He provided system integration, engineering and consulting services to Federal Government and the private sector, including Department of Energy, Federal Aviation Administration, National Aviation and Space Administration, General Services Administration, Library of Congress, Architect of the Capitol and a number of large and small commercial organizations. Nair is co-inventor of U.S. Patent 6,477,359 B2, Diversity Reception for Aeronautical Packet Data Communications Systems, and also is co-inventor identified on more than a dozen communication patent applications.
Dr. Charles Li leads cyber security and biometrics integration and innovation at IBM Global Business Service in Cyber Security and Biometrics Business. He is responsible for Cyber security strategy and technology in support of the public sector. Dr. Li provides deep industry and technical expertise necessary to address complex government challenges in cyber security, analytics and identity intelligence. Dr. Li joined IBM from General Dynamics IT where he was a senior director focusing on Data Management, Identity Analytics, Cyber Analytics and Cognitive Computing. Before that, Dr. Li was a Tech Director and an Engineering Fellow focusing on Full Motion Video Analytics and the Capture Lead for Analytics Research. Dr. Li was also the Chief Engineer of Border Security Management, International ISR and Identity Management solutions for Raytheon Company’s Intelligence and Information Systems (IIS). Dr. Li also served as the chief biometrics architect for the Homeland Security US-VISIT Program to manage the Biometrics Architecture Team and the lead of Federal Enterprise Architecture area for program investment alignment.
Derek Smith is a cybersecurity expert, professor, author, and speaker. He’s an IT Program Manager at the IRS and owner of Cautela Cybersecurity Solutions. Smith has worked for a number of IT companies including Computer Sciences Corporation and Booz Allen Hamilton for many years. He spent 18 years as a special agent for various government agencies and the military. Derek is an Associate Professor at the University of Maryland, University College and the Virginia University of Science and Technology and has taught business, education and cybersecurity courses for over 25 years. He retired from the Army and served in the Navy and Air Force. He is currently in the Coast Guard Auxiliary. Derek authored several cyber-security books, “Cyber Sense: The Leader's Guide to Protecting Critical Information,” and its companion Action Guide, Conversational Digital Forensics Analysis, and Conversational User Behavior Analytics. He completed an MBA, MS in IT Information Assurance, Masters in IT Project Management, and a B.S in Education. Derek holds the Certified Chief Information Security Officer, Certified Information Systems Security Professional, Certified Ethical Hacker, Certified Hacking Forensic Investigator, Security+, Computer Network Defense Architect, Certified Authorization Professional, Certified SCADA Security Architect, & Certified EC-Council Instructor (CEI) certifications.
All Students: Please bring your Student ID.
ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.
Conference presentations are posted to the Presentations Library when permission is received from the presenter and their organization. In some cases, permission is not received.
Earn up to 7 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.
CPE's will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day to receive full CPE credit.