2023 Cybersecurity Conference

Day 2 - June 7, 2023

9:00 - 10:30 A.M.

Keynote: "Breaking Hearts and Taking Tether"

SAC Janeen DiGuiseppi, SA David Hinsdale and CS Roderick Link, Albany FBI

11:00 - 11:50 A.M.

The Importance of Incident Response Testing: This is NOT a Drill

Daniel J. Altieri, Harter Secrest & Emery, LLP

Laura K. Schwalbe, Harter Secrest & Emery, LLP

The ever-present danger of ransomware incidents, phishing attacks, and hacking demand strong preparation practices. It is difficult to prepare for incident response in a vacuum, as many incidents involve issues that an organization may be seeing for the first time. This workshop demystifies the incident response process and includes abbreviated, real-world scenarios. Attendees will engage in realistic real-time discussion of important issues, such as Incident Response Plan structure and content, insurance concerns, communications strategies, and best practices for leveraging necessary stakeholders. The goal of the workshop is to provide you with tools to promote and inform incident response planning within your organizations.

Resilience in a Cyber World—Three Critical Steps Towards a Mature Cybersecurity Program

Ryan Ettl, Infoblox

Many organizations are often faced with “staying ahead” of the latest cyber threats, understanding the most recent alerts, impacts of governmental compliance, and balancing operational priorities. With all these ever-present concerns, Security teams are rapidly overburdened with challenges that result from overlooking the foundational elements of cybersecurity. Attendees will learn how organizations can set the path to cyber success that’s flexible and endures dynamic cyber adversaries.

We Need a Compliance Control for Retaining Cybersecurity Professionals

Deidre Diamond, CyberSN

Organizations must examine risk through the lens of our dire talent retention issues. Organizations have control over retaining talent, and yet the statistics are horrifying. Cybersecurity professionals are not happy with their current employment and move jobs regularly. Talent retention controls seem greatly necessary, being that organizations are not following best practices for retaining and or hiring cybersecurity professionals. This negligence puts an organization in a higher risk bracket, and therefore compliance control is greatly needed.

How Organizational Culture Impacts Compliance!

Robert Adams, iSECURE, LLC

This is a presentation for Cybersecurity professionals including C-level and administrative stakeholders. attendees will learn the impact of culture on the approach to compliance that organizations take. We will compare and contrast two organizations that are widely different in their approach to managing risk, due diligence and enforcement. Join us as we explore the Healthcare and Financial industry markets.

Cloud Security...On the Cheap

Randy Wheeler, NYSTEC

Christie Hall, NYSTEC

Cloud computing has changed the IT landscape for the better by providing access to elastic resources that can fit your budget, even if your organization is quite small. But’s let’s face it, cloud computing is complicated, and it can be difficult to know who is responsible for what and how to provide assurances that someone did not accidently permit unauthenticated access to your sensitive data. Each cloud vendor does things differently and getting a handle on where to focus security compliance efforts on a small budget can be overwhelming. We like to say that "cloud security is easy to get right but also easy to get wrong". These challenges begin with procurement and end with how to know your data was deleted when it needs to be, and all the computing in between. 

In this session, attendees will receive an overview of the abundance of free resources available from organizations like NIST, CISA, CIS, CSA and cloud vendors themselves that will arm you with control baselines, share responsibility guidance, assessment methods and favorite adversarial attack points that can inform your procurement approach as well as cloud security responsibilities. You will learn how to leverage these resources in your organization and the only thing it will cost you is time. This presentation will include a take-home "cloud security on the cheap" reference guide.

Download the Cloud Security...On the Cheap presentation.

Download a handout for Cloud Security...On the Cheap.

ASIA: Vulnerability Assessments

Paper: Reliability of CVSS Scores in influencing security decisions

1:00 - 1:50 P.M.

DevSecOps Explained

Neil Pathare, Synopsys

DevSecOps is a trending practice in application security that involves introducing security earlier in the software development life cycle. It expands the collaboration between development and operations teams to integrate security teams in the software delivery cycle. DevSecOps needs to be risk-based like your application risk indicator. It needs to be able to optimize security testing based on your policies. It should be efficient so not every code change requires a full security analysis. In this talk, attendees will learn actionable insights into what DevSecOps is, what DevSecOps is not, and how DevSecOps works from build to production.

Download the DevSecOps Explained presentation.

Building Stronger Cybersecurity Communities: Driving Awareness and Training for a More Secure Digital World

Kiran Bhujle, SVAM International Inc.

Shahryar Shaghaghi, SVAM International Inc.

Cybersecurity is a critical concern for individuals and organizations alike, and building awareness and providing training is essential to creating a secure digital environment. Attendees will learn the importance of community-building in driving cybersecurity efforts, as well as the benefits of creating a security culture and leveraging a community's collective knowledge and skills. You will also examine effective strategies for increasing cybersecurity awareness and providing training, such as conducting regular security assessments, implementing security protocols, and creating user-friendly training programs.

Download the Building Stronger Cybersecurity Communities presentation.

Methods and Tools to Help Grow and Keep Current Cyber Employees

Susie Kendis, Deloitte

Mara Patashnik, Deloitte

State and local cybersecurity organizations compete in a war for talent, as demand outpaces supply and private sector companies offer candidates enticing work options. In November, New York's Empire State Development (ESD) reported that "New York State ranked the #3 U.S. market for cybersecurity jobs, with New York City in second place," based on LinkedIn data. With limited resources and overburdened HR support teams, we help cyber teams be purposeful in how they retain and develop existing talent.
Attendees will learn methods and tools for cyber teams and employers to develop and engage current employees in order to help grow and keep them, to enhance their effectiveness, and to convert them into brand ambassadors. Recognizing the challenges of hiring, we focus on the other parts of the hire/retain/develop framework, including the employee experience, internal communications, and organizational culture. You will walk away with tangible, low-budget tactics which can be implemented to support and maximize the experience of your existing employees - all to supplement ongoing recruiting activities. 

Number One Risk: Not Knowing your Asset Inventory

Aaron Sanderson, JANUS Associates

Number One Risk: Not Knowing your Asset Inventory will focus on Attack Surface Discovery (ASD). ASD can help an organization address the growing shadow IT problem by identifying rogue assets, and by significantly reducing cost, waste and cyber risk all while ensuring compliance and improving overall asset awareness. Today, organizations struggle to manage their IT assets with 30-40% of all deployed technology spending not appropriately managed or secured in accordance to the organizations policy. ASD addresses this concern by gathering intelligence on the organizations public facing assets, and by assessing the organizations exposure to attack and data leakage.

Attendees will learn about Shadow IT and how to identify external facing assets that are unknown to the organization. In addition, you will also take home expert advice on how to reduce the attack surface and associated asset waste and blind spots.    

Download the Number One Risk: Not Knowing your Asset Inventory presentation. 

Trends in Cloud Security

Sailesh Gadia, KPMG LLP 

While it may seem that cloud security has matured, the reality remains that this space is constantly evolving. Inherent benefits of cloud have led organizations to seek new ways to leverage it, from use of Cloud for Disaster recovery to Artificial Intelligence models. Attendees will learn of the latest tools and techniques for designing and operating cloud security in a multi-cloud environment. This session will also include a discussion on the learnings from Cloud migrations based on our work with large complex organizations.

ASIA: Phishing and Deception

Paper: Too Much of a Good Thing: Examining Politeness Cues on Phishing Email Detection

Paper: Beyond the Human Eye: Comprehensive Approaches to AI Text Detection

2:10 - 3:00 P.M.

Making Sense of The Wild West of Digital Identity

Ames Fowler, ForgeRock

Marcin Zimny, ForgeRock

This session will provide attendees with a lighthearted yet informative look into the world of digital identity, using a wild west metaphor to explain important concepts to cybersecurity team members and other roles across the IT organization. By the end, you will have a basic understanding of the core elements of digital identity and a foundation for further exploration. This session will illustrate concepts that support the main pillars of digital identity, including trust, authority, delegation, and federation, and their role in the typical user login experience. This unique presentation takes a metaphorical look into digital identity following the adventures of a newcomer to the wild west town of “El Dap,” where the town is being challenged by a gang of bad actors. Parallels are drawn between the relationships of the townsfolk and trusted establishments (bank, town hall, sheriff, saloon, and others). In this construct of the wild west, we simplify the notions of registration, authentication, multi-factor authentication, authorization, trust, privileged access management, and the associated technologies behind them: tokens, certificates, SSL, SAML2, OAuth 2.0, OIDC, and others.

Cyber Defense Lessons From Ukraine

Anita Biernat, Utica University

The Russian invasion of Ukraine in 2022 has tested under real-world conditions many best practices in cyber defense. For the better part of a decade, government executives, industry professionals, and researchers have all emphasized the importance of public-private sector cooperation, international partnerships, and flexible, timely intelligence sharing in cybersecurity, for example. Attendees will learn how these ideas have been evident in the conflict in Ukraine and demonstrate that the past decade's conventional wisdom has held up remarkably well in the midst of this ongoing war.

How Organizations "Stay Ready So You Don't Have to Get Ready"

Erik Gaston, Tanium

For CIOs & CISOs, the current IT landscape is challenged by lack of visibility and no clear understanding of what is required to get in a constant state of readiness to manage more proactively. Attendees will learn of practical ways to help their IT organization “stay ready so they don’t have to get ready,” a proactive approach to dealing with cybersecurity and operational management/risk issues. You will learn how to establish key programs and the critical questions that every leader needs to ask and answer daily.

Download the How Organizations "Stay Ready So You Don't Have to Get Ready" presentation.

Cyber Crime — Challenges and Solutions

Carl Mazzanti, eMazzanti Technologies 

Cybercrime is big business. In 2022, the FBI’s Internet Crime Complaint Center (IC3), recorded more than 800,000 complaints, with losses totaling $10.3 billion. Attendees will receive an incisive overview of this critical topic, with highlights that include:

  • What is cyber crime (sociology of hacking, and monetization of the hack); and cloud security (protection that the cloud can, and cannot offer)  
  • A brief look at some additional legal exposures that can be triggered by a hack (Regulatory and Compliance Requirements: HIPAA, PCI, other)  
  • Tips to design systems, policies and configurations that are so tight that a cyber insurance policy will hopefully never be needed  
  • Step up your business’ protection with contingency planning and testing (Business Testing/Disaster Recovery/Incident Response)

Download the Cyber Crime — Challenges and Solutions presentation.

Privacy Primer: Tips for Building, or Updating, Your Privacy Program

Michele Warner, NYSTEC

Jeffrey Wilson, NYSTEC

That organizations will continue to collect, use, and retain personal information that could be used to identify us as specific individuals is a fact of modern life. This information allows an organization to fill orders, pay employees, and conduct all aspects of business. But when such information is misused  either intentionally or accidentally —  it can cause irreparable harm. Because of this, the rules governing what information organizations may collect, and how they may use and retain it, are evolving quickly, as governments across the globe move to give people more control over their own information. The broad reach of the European Union’s General Data Privacy Regulation (GDPR) has affected privacy around the world. The California Consumer Protection Act (CCPA) may provide clues about future domestic privacy policy. While New York State and the federal government have not yet passed comprehensive privacy laws, they surely will. How will these anticipated changes affect individuals and businesses? Attendees will receive some insight to help you and your organization read the tea leaves, and design a new or update your existing privacy program to support your business and its customers, understand how to think about the evolution of privacy laws and regulations, and determine a sensible approach for implementation.

ASIA: Covert Channels

Paper: Introducing a Novel Covert Channel Into Backgammon

Paper: Covert Channels in Cryptic Crosswords

3:20 - 4:15 P.M.

How to Secure Active Directory: Best Practices for Detection, Remediation, and Recovery

Steve Walker, Semperis

Cyberattacks are the most critical threat facing modern information technology. Most attacks start with identity compromise. For the past quarter century, identity in the enterprise has been synonymous with Microsoft Active Directory (AD). Therefore, AD is almost always involved in a cyberattack—either as the target or as a route to the target. AD is a marvelous service. But its age, as well as vulnerabilities that accumulate over time, make it highly vulnerable to threat actors. Once compromised, AD is extraordinarily difficult to recover. Attendees will: 

  • Learn the top vulnerabilities encountered in AD, how to mitigate them with free tools, and the complications of AD recovery. 
  • Discover the most common AD vulnerabilities and misconfigurations.  
  • Learn why AD is the cyber kill chain’s weakest link, exploited in virtually every modern attack. 
  • See how new cyber-first disaster recovery technologies automate the recovery of complex systems, facilitate recovery to the cloud, and eliminate the risk of reinfection from system state and bare-metal backups.  
  • Learn how to use free tools to reduce your AD attack surface.
The Three Pillars of Email Authentication

Joseph Maltino, Spruce Technology

Mark Sanchez, Spruce Technology

Email authentication through SPF, DKIM, and DMARC is important to prevent email fraud, phishing attacks, and email spoofing. These three protocols work together to authenticate the sender's domain and ensure that only authorized mail servers can send emails on behalf of the domain. This layered defense helps to build trust between email senders and recipients, reducing the risk of falling victim to scams and malicious attacks. DMARC also provides visibility into email authentication failures and helps to prevent phishing and spoofing attacks by allowing domain owners to specify what actions should be taken when an email fails authentication checks.

Download The Three Pillars of Email Authentication presentation.

Creating a Cybersecurity roadmap for schools to protect K-12 Students, Teachers and Parents

Richard Cocchiara, CxO Expertise 

TToday's data in any organization is at risk, but even more so for schools where students may not know their data has been stolen for years to come. Most parents don't even think about cybersecurity protection for their children. However, there are criminals and sexual predators that are always looking to get into any K-12 school system. Using his over 25 years of consulting experience, Richard Cocchiara was tasked with taking over as Chief Information Security Office to help put the NYC Department of Education on a path to cybersecurity protection. 

In this session, attendees will learn of the steps taken to protect the largest school system in the country, including the steps he took to analyze, design and plan for improved cybersecurity. You will hear practical, real-life lessons from someone who has been there and done it.

Anatomy of a Cyber Attack

Dennis O’Connell, Custom Computer Specialists

Andrew Garbarino, Ruskin Moscou Faltischek, P.C.

Using real-life examples, attendees will walk through cyber attacks that have occurred in our region and we'll review how the organizations responded and recovered. You will learn of the difference responses required for not-for-profit and for-profit entities. You will also learn the importance of a well-defined plan, along with tips on how best to handle an attack, because while we may not always be able to prevent an attack, we can always be prepared.

Download the Anatomy of a Cyber Attack presentation.

What Do the New FTC Safeguard Rules Require You to Do in 2023?

John Bruggeman, CBTS

The FTC has established new safeguards for organizations that are significantly engaged in financial activity with their customers, but what does that mean? Attendees will learn the new rules below and how they apply to organizations.  

  1. Designate a qualified individual to supervise the Information Security Program.
  2. Create, maintain, and manage an Information Security Program.
  3. Create and maintain a written Risk Assessment of the environment.
  4. Establish and maintain a written Incident Response Plan.
  5. Design and implement safeguards to control the risk.
  6. Train and educate staff.
  7. Oversee and monitor service providers.
  8. Regularly test or monitor the effectiveness of safeguards, like test access controls, vulnerability management and penetration testing. 

Download the "What Do the New FTC Safeguard Rules Require You to Do in 2023?" presentation.

ASIA: Covert Channels

Paper: Pragmatic Study of MQTT 5.0 Network Covert Channels