Day 2 - June 5, 2019

June 5 - 11:00am-11:50am

Securing Identity

Insider Threat Investigations

Matthew J. Lane, Janus Associates

Insider threats are an ongoing concern for any organization, and they present arguably the biggest risks to data security in the Government sector today.  Understanding the fundamentals of an Insider Threat can minimize your downside risk, and preparing a plan of action in advance can shorten the response time and yield better investigatory results.

This presentation will highlight the following areas:

  • How to prepare for the inevitable
  • Chain of Custody - what it is, and how to properly implement and maintain it
  • How to investigate an Insider Threat or Attack

Legal Issues

-ISM in tech.  Racism, Sexism, Ableism, Classism and the Impact on Cybersecurity and Civil Rights

Raj Goel, Brainlink International Inc.  


This talk will explore the global trend for embedding obvious and hidden biases in technology.  The social, civil rights and security impacts of hidden sexism, racism, classism and ableism embedded in technology that surrounds us.  We will cover incidents and case studies from the US, China, India, Google, Microsoft, Tencent, Reddit, etc.

Threat Landscape

The 2019 Verizon Data Breach Investigation Report (DBIR): Understanding the Threats you Face

Neal Maguire, Verizon

All organizations are challenged by the ever-evolving changing cyber threat landscape. The Verizon 2019 Data Breach Investigations Report (DBIR) can help. It's a widely respected report that provides detailed information on the threats governments and other organizations face and how they can mitigate them.     Where many other reports are based on surveys, the DBIR is based on analysis of real security incidents. Neal Maguire will provide insight into current cyber threat trends so your organization can effectively prepare, identify and respond; address moving from a reactive perimeter approach to a proactive asset-centric approach to better protect your organization; and share the results of the 2019 DBIR, now in its 12th edition, and how your organization can learn from the analysis.

Access Management

So what's the buzz around Zero Trust

Alex Kapasouris, Symantec

Popularized by Forrester nearly a decade ago. The premise of promoting a concept of "Default Deny";  allowing only Least Privileged Access.

Zero Trust has grown in its scope and definition, evolved beyond network and becoming a practical framework capable of guiding security practitioners across all IT areas.

What will we cover:

  • Basics of Zero Trust
  • Extended ecosystem model
  • Where to start on your journey of Zero Trust


The Reality of Cloud Security

Garth Whitacre, SHI International

This session will cover the continuously changing topic of cloud security. We will define cloud security for the purpose of the discussion. Coverage will reference Iaas Paas as well as Saas models, considerations and responsibilities for each. The speaker will then provide input on key Iaas players capabilities what to expect in terms of capability and integration. Additionally we will discuss good practices and key areas of focus for security teams as they architect cloud services. Finally a hybrid model and it's complexities will be discussed with overlapping security considerations for good practices.

Cyber Defense

Cyber Incident Response Planning - In 50 Minutes


Robert Zeglen, NYSTEC

Paul Romeo, NYSTEC

In today's threat landscape, it is not a matter of if, but when, your organization will need to respond to a cyber incident. Hold off on buying that shiny new expensive security tool until you learn just how effective your incident response capability can become, simply by implementing the appropriate processes, procedures, and configurations into your existing environment. When it comes to incident response, communication and preparation are everything, because there may not be time to react properly, as things are moving too fast when an incident happens. In this session, we will cover the full incident response life cycle and share with you simple steps to immediately prepare your organization to respond to an incident effectively. We will share best practices and freely available resources that you can use to prepare. It is our goal that after this presentation, you will return to your organization with an approach to plan to prepare your organization in how to respond when a cyber incident happens.


Session 5: Risk Assessment

Paper: Learning Risk Assessment using Jupyter Notebooks

Delbert Hart, University at Plattsburg, SUNY

Paper:  Managing Emerging Risks in Containerized Environments

Prteek Wahi, Manish Gupta, Raj Sharman, Shashank Shekhar and Anupriya Shrivastava, University at Buffalo, SUNY 

June 5 - 1:00pm-1:50pm

Securing Identity

Securing Apps, Data and Infrastructure


Mike Hobbs, Microsoft

The vast majority of security breaches take place when attackers gain access to an environment by stealing a user's identity.  While hybrid identities allow the flexibility of using existing identities for cloud resources alongside on-premises workflows, moving to the cloud also means your traditional perimeter defense isn't able to fully protect your environment from modern threats. In today's world, identity is the new security boundary, influencing how you create policies, use tools, and protect users, devices, data, and citizens.   

 Attendees will learn: 

  • Why user identity is one of your business's most important assets. 
  • Technologies used to secure cloud-based identities.
  • Identity protection capabilities that can help initiate mitigation more quickly.

Legal Issues

Practical Tips to Avoid Data Breaches

CLE Eligible

John Bandler

Preventing cybercrime and data breaches requires knowledge, awareness and good information security decisions, whether at home or in large organizations, even if you are tech savvy.  Everyone needs to protect themselves, their family, their organization, and the data and information kept on behalf of others. For lawyers, reasonable cybersecurity is a professional responsibility where deficiencies can have serious consequences.  Law and regulation are shaping the standards for cybersecurity in business and society, and lawyers and government are playing a positive role in this development and education.  To understand cybercrime and cybersecurity, and make choices that protect us and our organizations, we need knowledge and experience. There are information security principles that apply to home and organization, which can be implemented in a prioritized manner, so come hear them described in this fun and informative talk.

Threat Landscape

Cybersecurity 101:  MS-ISAC and the U.S. Department of Homeland Security

Andrew Dolan, MS-ISAC/ U.S. Department of Homeland Security

Zia Anderson, U.S. Department of Homeland Security

Cybersecurity has emerged as one of the most important issues facing public and private organizations today.  The worldwide reach of the Internet means that cyber threats can come from criminals both in the United States and from foreign countries.  In this session, the MS-ISAC and DHS will speak about emerging cyber threats to the government sector and what the steps and resources are that can minimize and mitigate these threats.

Access Management

What is SDP (Software Defined Perimeter) and why does it matter to security professionals?

Leo Taddeo, Cyxtera Technologies

This session introduces a new, open model for network security: the Software-Defined Perimeter (SDP). This security architecture, published by the Cloud Security Alliance (CSA) and others, provides a "zero trust" model. SDP or the Software Defined Perimeter has recently been the focus of numerous articles, whitepapers and keynote presentations, and is seen by some as the evolution of Network Access Control (NAC) (see Gartner calls the SDP "quite disruptive to traditional network technologies with positive implications for both enterprise networks and cloud deployments of the future."   SDP can reduce or eliminate traditional networking equipment from the infrastructure, reducing IT costs and security professional headaches. The Software-Defined Perimeter specification is a new and different way to approach network security, with rapidly growing adoption.  

 It is critical that security professionals have a solid understanding of this technology, the core standard, the various implementations, and how best to leverage it in their enterprise.    

Actionable Takeaways: Better understanding of Software-Defined Perimeter and Single-Packet Authorization to make informed decisions about the technology.  How SDP  can reduce or eliminate traditional networking equipment from the infrastructure, reducing IT costs and security professional headaches.  Help security professionals become better prepared to begin planning for a deployment or POC of SDP within their organization.  Leo will also discuss breaches and how SDP could have prevented or minimized losses we have seen recently.


Cloud Security Automation


Edward Luna, Red Hat Inc

Maintaining visibility, control, and security, while ensuring governance and compliance remains paramount, but it becomes more difficult and time consuming in a hybrid infrastructure consisting of physical, virtual, cloud, and container environments. You'll learn how to face these challenges in your hybrid infrastructure by automating security and compliance. Specifically, in your hybrid infrastructure, you'll learn how to easily provision a security-compliant host, how to quickly detect and remediate security and compliance issues, how to ensure governance and control in an automated way, how to do proactive security and automated risk management, how to perform audit scans and remediations on your systems, and how to automate security to ensure compliance against regulatory or custom profiles.

Cyber Defense

Make Your SOC Work Smarter, Not Harder

Lee Imrey, Splunk

The volume and complexities of today's security incidents can tax even the largest security teams. This leaves big gaps in threat detection and incident response workflows that can put organizations at great risk. Your team can't scale to manually catch and address every incident, so which ones should you focus on and which ones should you ignore? You shouldn't be forced to make a choice. In this session, find out how leading-edge SIEM technologies combined with automation and orchestration capabilities deliver rapid incident prioritization, increased efficiencies to security teams, eliminate lethargy and reduce overall agency risk exposure.  Learn how to achieve big results from intelligently streamlined incident detection and response workflows--accelerating your actions, scaling your resources, and optimizing your security operations.


Session 6: Intrustion Detection

Paper: The Construction of Cyber Security Testbed for Intrusion Detection

Nick Rizzo, Anthony Capece, and Sanjay Goel, University at Albany, SUNY

Talk: State of the Art in Intrusion Detection

George Berg, University at Albany, SUNY

June 5 - 2:10pm-3:00pm

Security Awareness

Warfare of the Mind--Revolutionizing Cybersecurity Awareness

Alexander Stein, Dolus Advisors

Gopal Padinjaruveetil, Auto Club Group

Using an engaging non-traditional format, they will address such questions as, "Can cybersecurity awareness be trained?" "Does increased awareness catalyze positive behavioral changes for improved security?" "What tools and techniques are available to more effectively decode the underpinnings of human motivation and behavior?" These and other questions will frame a discussion of their inter-disciplinary collaboration in an actual use-case, which also involved an organizational change management team from a global consulting firm, in designing and deploying an innovative cybersecurity awareness program.  

Conventional cybersecurity training involves periodically dispensing modules that present key concepts and recommended actions using technical information, facts, and best practices. There is broad agreement that this is ineffective, especially in an increasingly complex cyber threat landscape. While recognizing that a different approach to enhancing information security is needed, solutions have been elusive.   

They discuss the primary differentiators in this innovative cybersecurity program--from concept, blue-print and development to architecture, execution and outcome. The starting premise: examine the deficiencies of standard methods to develop solutions which actually address the core problems. The answer: leverage state-of-the-art expertise in psychological functioning and organizational psychodynamics which integrate sophisticated models of the underpinning drivers, impedances and complex psychosocial factors in human awareness, decision-making and behavior to effectively facilitate learning and foster behavioral change.  

The presentation also discusses conceptual, logistical, institutional challenges and obstacles, lessons learned and recommendations for over-the-horizon enhancements, and concludes with ample time for Q&A.

Legal Issues

Social Media - Security, Confidentiality and Privacy!

CLE Eligible

Michael Fox

Tarique Collins

This program will delve into the use of social media, discovery of social media in legal matters, and the ethics of using social media - both as an attorney and as a private citizen.  Can you communicate with parties and witnesses over social media?  Can you research parties, witnesses and jurors?  We will answer these questions and consider others, and the answers are more complicated than you may think.  Further, have you ever considered the security risks and dangers for your and your clients' electronic information when you travel internationally?  If not, you should, and this program will address those security concerns for electronic devices and electronically stored information.  Finally, the program will examine storage of client confidential information utilizing the cloud, and will analyze the specific and real ethical concerns before and while engaging in electronic storage.

Threat Landscape

Zero Trust, CARTA, CJIS, CSF - OMG, how can I address all of these (and other Cybersecurity topics)?

Peter Romness, Cisco Systems

You may have heard all of these as buzz words, you may have been asked about them, or you may be digging into some or all of these topics in more depth.  But why are they important and how can you address them with your limited time and resources.    This engaging session provides an overview of all of these topics and more.  It shows how they all are efforts to guide agencies as they protect against modern cybersecurity threats.  It shows how a modern information platform can enable Cybersecurity Excellence without busting the budget or throwing out your current investment.  "Cybersecurity Excellence" means finding a way to both efficiently and effectively manage cyber risks. It means asking the right questions and focusing investments in the security controls that matter most. It means successfully defending critical systems and sensitive information despite persistent threats, ongoing talent shortages, and ever-present budget constraints. 

This session shows how networks and security tools can be automated to create bandwidth for security professionals so they can focus on making operational security enhancements to the environment -- improving overall cyber posture.     Don't run away from these topics, come learn how to use them to your advantage to make sure your organization is secure and relieve some of the drudgery of keeping it that way.

Access Management

Exception Handling for Access Management - Contingent Users & JIT Access

Mark Brooks, Identity Automation

Effective and timely onboarding, offboarding, and lifecycle management is a necessary component of security in today's digital world. But what about temporary access needs for your employees? And how should you handle access for external users--a small but often forgotten subset of any organization's workforce? All too often, these ad-hoc requests are handled manually by the helpdesk or IT personnel. However, this lack of centralized oversight leaves the door wide open to attack. This session delves into the concepts of least privileged access and exception handling with just in time access. Learn how to evaluate your organization's current processes and how they can be automated with modern Identity and Access Management to ensure proper oversight for access management.


Workforce of the Future

MODERATOR: Deb Snyder - State of New York Chief Information Security Officer, Director - New York State Cyber Command Center


Tope Akinyemi - New York State Education Department, Privacy Officer

James L. Antonakos - SUNY Broome Community College, Distinguished Teaching Professor, Emeritus, Computer Science Department, and Optiv

Michael Geraghty - State of New Jersey Chief Information Security Officer, Director - NJ Cybersecurity and Communications Integration Cell

Sanjay Goel - State University of New York, Professor and Chair of Information Security and Digital Forensics Department

Derrick Johnson - AT&T, Cyber Security, National Practice Director for Secure Infrastructure Services

Brian Nussbaum - State University of New York, Assistant Professor, Department of Emergency Preparedness, Homeland Security and Cybersecurity

Forward-leaning organizations must act now to anticipate the impact of technologies that are driving business transformation and shifting skill requirements in the workplace.  This session will explore what will mean for the workforce, and what universities and training providers can do to help organizations retrain existing teams and build the workforce of the future. 

Cyber Defense

The Cyber Forensics Lab Evidence Review:  Insights on Nation State Attacks, Cryptocurrency Hacks, and the "eBay" of the Dark Web

Ondrej Krehel, LIFARS

From evidence and insights from actual cyber forensic cases learn the methodologies, attack vectors, Indicators of Compromise, and most importantly actionable insights for preventing these attacks. 

Cases reviewed will include:    

  • APT10 - Nation States Attacks Using Malware PlugX and RedLeaves     
  • Cryptocurrency Theft of Bitcoins Valued at 75 Million USD     
  • xDedic a Dark Web Business for Buying Access to Compromised Systems


Session 7: Linguistics and Fraud Detection


June 5 - 3:20pm-4:15pm

Security Awareness

Play your way to success: building tomorrow's workforce


Laurin Buchanan, Secure Decisions

Jake Mihevc, Mohawk Valley Community College

Learn how cyber competitions and games can help grow the workforce!   The National Initiative for Cybersecurity Education (NICE) Working Group brings together public and private sector participants to develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development. The Competitions Sub Group promotes the use of competitions in order to nurture and expand a diverse national talent pool by advancing knowledge, skills and abilities. Join members of the NICE Working Group's Competitions Sub Group as they share how organizations of all kinds are now using competitions to both recruit new talent and provide valuable training and practice opportunities for current employees. Using case studies with different types and formats (online/in-person; individual/ team) of competitions and exercises, the presenters will illustrate how these experiences benefit both participants and sponsoring organizations.  

Attendees will get a look into the wide spectrum of new competition activities across different levels of the cyber career pipeline:   attracting interest in cyber careers; as part of formal education; practice training and education for the cyber workforce;  and advanced, professional cyber competitions.   

Presenters will also share information and resources about competitions and discuss how they fit in with certifications and the NICE Workforce Framework. Attendees will have opportunities to ask questions and weigh in on upcoming efforts by the Competitions Subgroup.

Legal Issues

Operationalizing Data Protection and Privacy Legal Requirements (and Ensuring Adoption)

Bob Siegel, Privacy Ref, Inc.

Protecting the personal information of your customers, employees, and other stakeholders has increasingly become the subject of legal oversight and regulation. While cyber controls can help meet some of these requirements, ultimately an organization needs to rely on the behaviors of their employees to successfully met these requirements.    Employees all come with their own perceptions of what privacy (or data protection) means. This is influenced by their cultural background as well as their generational perspective. This begs the question of "how do you get employees to deprecate their own perspectives on privacy in favor of the organization's?"  This session will review the complexities in current privacy and data protection laws / regulations and discuss techniques to ensure the understanding, operationalization, and adoption of these requirements by your organization.

Threat Landscape

The Modern State of Insecurity


Owen Lamb, Varonis

Online security is in a constant state of flux; we face threats today that are entirely new to those we dealt with only a year or two ago. Yet at the same time, we're still dealing with the same fundamental threats we were decades ago with the likes of SQL injection and ransomware dating as far back as the 80's. This dichotomy also plays out in the sophistication of attacks we're seeing today with news headlines announcing nation state backed espionage with equal regularity to Amazon S3 buckets exposing everything to the public due to simple configuration errors.  In this talk, you'll see how these threats are evolving and which are the ones we need to be especially conscious of in the modern era. It looks at real world examples of both current and emerging threats and talks about actionable steps we need to take as an industry to stem the flow of data breaches and other malicious activity. The Modern State of Insecurity is a scary yet necessary lesson on how we're still getting security wrong today.

Access Management

Zero Trust Access: Five Steps to Securing the Extended Enterprise

Sean Frazier, Duo Security

The perimeter-based security approach of the last century is no longer adequate for securing the modern enterprise. Today, organizations must secure a mobile workforce that uses a mix of corporate-owned and personal devices to access cloud-based applications and services, often from outside corporate networks. Attend this session to learn how this model works, and explore practical implementation strategies for your organization in five logical steps.


Using DNS and DHCP strategically in malware, analytics and compliance architectures

Michael Katz, Infoblox

Security architects have a wealth of tools available to solve security and compliance challenges.  The problem is that security tool budgets are constrained and specialized teams that run tools are hard to retain.  As a result, CISOs are forced to look at different ideas to solve security and compliance challenges.  Many CISOs are looking for new ideas from the ground up.   DNS, DHCP and IP Address Management are foundational protocols of e-business that can be used strategically to build more adaptive and efficient security architectures.   This discussion will focus on the benefits of using these foundational protocols in incident response, cyber threat intel, SOAR, analytics and compliance architectures.  Foundational security offers the CISO a great opportunity to do more with less in security architectures.  Learn some new strategies in this discussion.

Data Protection

Data Defined. The Good, the Bad and the Ugly!


Shamlan Siddiqi, NTT DATA

We're at a pivotal moment in the development of the data economy, with big changes in regulations and in public perception of corporate behavior   The rules and expectations keep changing.  Individual consumers have more power than ever before - companies and consumers grapple with this new reality.  Some interesting facts came out of the research that I'll cover further in this presentation but a few highlights include: Consumers:  Will share sensitive data but don't trust the companies they share with, or fully understand how much is collected and used. for example, only 23% don't accept cookies  See value in data sharing but are concerned about the impact of the data economy on daily life.   Worry about privacy--but do not do enough to protect it     Companies, on the other hand:  Underestimate consumer privacy concerns - Just 8%  of consumers strongly agree that they trust businesses to keep personal information safe  They're better at protecting own data than their customers  And, they're investing in emerging technologies like artificial intelligence (AI) to power the next wave of growth .


Session 8: Security Education 

Round Table: "Advances in Security & Forensics Education"

Fabio Auffant, University at Albany, SUNY, Christian Balan, University at Plattsburg, SUNY