|
The NEbraskaCERT Conference:
at the Peter Kiewit Institute'sAugust 8 - 10, 2006 Scott Conference Center Omaha, NE USA |
Keynoters
Abstracts
Attacking and
Defending Web Services - Green, DaveApplying Military Strategies to Application Security: Threat Modeling - Manohar, Deepak In this presentation Deepak will outline the Threat Modeling methodology used by the Application Consulting & Engineering Team at Microsoft. The Application Consulting & Engineering Team's Threat Modeling approach differs significantly from existing approaches as we focus primarily on Line-of-Business applications. The audience will gain an insight into this approach that allows Microsoft to perform better application security. Just as web applications have redefined the way businesses interact with people, web services and service-oriented architectures are redefining the way businesses interact with each other. By approaching web services security from an attacker's point of view, we can address the assumptions in application-to-application communication that can lead to vulnerabilities in a web service. In this presentation, Security PS will demonstrate common attacks and evaluate methods and best practices to defend against them. We will also discuss the need for a policy-based approach to web services security that can be applied across an organization to reduce exposure and decrease the emergence of new risks. Auditing Linux - Hoesing, Michael As Linux penetrates more of the business transaction landscape, the need for assessment of this operating system (OS) grows. An OS assessment audit scope typically covers user access, authorized services, authorized connections, file access, recording and logging (AKA auditing), security parameters and authorized applications. These topics can be covered by two methodologies-specific metric comparison as found in the CISecurity assessment script and LSAT, or an enumeration of the current state, found in the speaker's script. The two approaches will be compared based upon the scope and objectives above. Automating Risk Assessment - Zivic, Predrag Vulnerability Assessment vendors claim to provide risk data. Log Consolidation and Correlation vendors claim to provide risk data. Compliance requirements dictate risk analysis to demonstrate organization's due diligence. However, in reality a little is done to understand what impact those vulnerabilities actually expose within the context of the organization's network and what threats and log correlation information applies within the same network context. Lack of statistical threat information is another factor that mystifies risk assessment and analysis. This presentation will address these issues and introduce the approach to automating infrastructure risk analysis. Integration of VA and Log consolidation tools will be introduced to achieve automated risk analysis. Benefits of presented approach will be reviewed. Attendees will learn infrastructure risk analysis components and proper risk assessment process automation approach. The bright future of the Extensible Configuration Checklist Description Format (XCCDF) and its friends - Payne, Matt The Extensible Configuration Checklist Description Format (XCCDF) and associated standards and tools are part of a growing movement. This movement of semi automation and vendor neutral interoperable smart data will positively impact many security professionals in the next few years. Early adopters will help shape the movement and have more to gain than those that become involved later. Get on the bandwagon early for a good seat. This talk is targeted at a multi-level audience. There will be something for seasoned security professionals, people new to IA, and those who have worked with XCCDF or Open Vulnerability and Assessment Language (OVAL) before. This talk will cover basics of XCCDF& OVAL, introductory and advanced use cases of these standards, and discuss upcoming developments in the XCCDF & OVAL communities. CobiT and IT Governance -- Elements for building in security from the top, down and bottom, up. - Kohrell, Dave A 3 prong exploration of:
Do those best practices, standards and regulations translate into a more secured IT and Corporate environment? If they do, are they worth the effort and cost involved? Is there a danger of losing agility and market reaction time for the sake of smothering process? Finally even if they do ensure a more secured environment and they are worth the up front cost, how can those best practices, standards and regulations be implemented in a way that supports bottom up engagement as well as top down direction? This presentation will present some though provoking ideas and answers to those three questions. The delivery will be candid and audience participation will be encouraged. Confronting the Threat Inside the Castle Walls: Addressing the Growing Insider Threat - Christofferson, Debbie Statistics show the insider threat rising, up to 50% of security incidents that cause monetary loss. But the number increases when you consider unreported incidents or those that create damage without direct financial loss, such as to branding and reputation, or those related to non-business web-surfing or serving up porn or illegal music download sites. Damage can also occur from malicious behavior or mistakes. Insiders wreak the most damage because of their trusted position. These can include employees, contractors, service providers or vendors--anyone with trusted access to your facilities or computer network. CompTIA's 2005 survey said that mistakes by people were behind four of every five security breaches. This session creates a realistic and cost-effective focus for managing this rising insider risk. Cyber Forensics - Hands On - Vidas, Tim This is a Hands On lab utilizing some of the lecture material from the other CyberForensics sessions: The Basics, Intermediate Topics, and Windows Remnants. Attendees will be able to use both free products (like Autopsy and Helix) and industry leading products (like EnCase and FTK) to process contrived forensic situations in a protected lab environment. THIS SESSION WILL BE LOCATED IN PKI / STEAL2 (Room 361 on the third floor of the Peter Kiewit Institute). The lab will hold approximately 28 people. First come, first serve. Attendees will be required to sign an ethics statement. Cyber Forensics - Intermediate Topics - Vidas, Tim A continuation of The Basics. This session builds on the understanding of the forensic process. This session will focus on disk structure and file systems (primarily IDE and FAT due to the ease of discussion academically) and media duplication. Time and audience interest permitting, EXT and/or NTFS may also be explored. Cyber Forensics - The Basics - Vidas Tim & Wilson, Joe As the name implies, this session will cover the basics: Hashing, the forensic process, the hexadecimal numbers system, , simple incident response, etc. The term forensics (and similar terms) will be defined, debated, etc. For brevity, this session is MS Windows centric. This session requires no previous knowledge of forensics, but basic computer science and programming experience may prove to be helpful. Cyber Forensics - Windows Remnants - Vidas, Tim This session covers basic analysis techniques and common ‘places’ to look and ‘things to look for’ in MS Windows operating systems. Additionally some popular tools of the trade and their respective strengths and weaknesses will be discussed. Fiddling with Fiddler - Testing web applications with Fiddler and other free tools - Woerner, Ron Fiddler is one of the many free tools available for assessing the security of web applications. It logs all http traffic between the web browser and server and allows you to inspect all http traffic, set breakpoints, and "fiddle" with incoming or outgoing data. This presentation will demonstrate Fiddler and many other web application security testing tools. Participants will see these how these tools can test for Cross Site Scripting, buffer overflows and SQL injection. This way you can leverage them for testing in your web environment. Forensic Analysis of Volatile Memory Stores - Vidas, Tim The advent of more witted threats against typical computer systems demonstrates a need for forensic analysis of memory resident data in addition to the conventional static analysis common today. Some tools are available to duplicate various types of volatile data stores. Once the data store has been duplicated, current forensic procedures have no vector for extrapolating further information from the duplicate. This session is focused on providing some groundwork for performing forensic investigations on the data that typically stored in a volatile data store, such as system RAM, while creating as small of an impact as possible to any potential evidence. Forensics and Electronic Discovery: Investigations, Litigation Support and More... - Hartley, Bruce When most security practitioners think about forensics, we are usually focused on analyzing the data associated with a specific event, such as a system penetration and trying to assess what happened, how it happened, and what, if anything was compromised. However, the application of forensics technology and processes is not limited to the information security community. Within Corporate America, and especially the Legal Community, forensics technology and the processing of large quantities of data (Electronic Discovery)in support of investigations is more the norm. In fact, in virtually any large merger, acquisition, or litigation, whether a class action lawsuit claiming discrimination or an intellectual property dispute, there is data that must be harvested, analyzed, and reviewed. The failure to preserve, collect, and produce data can have significant consequences including court sanctions and fines. In fact, many cases are won and lost based on data produced during the e-discovery process. To preserve data integrity and ensure the proper chain of custody, computer forensics technology, tools and processes are deployed. Once harvested, the data must be processed to support the specific case matter. This processing, known as e-Discovery, includes sunch technologies as hashing (MD5, SHA-1, etc.), text and metadata extraction, and imaging (TIFF, pdf, etc.). This session will describe the process, technology, and tools used in forensic invetigations and e-discovery processing. Real life case studies and references to various cour decisions wil also be included. Google Hacking - Payne Matt An overview of Google hacking: what it is, how it can be used for Good or for Evil, and what can be done about it. Google indexes a surprising amount of information that organizations may not intend to make public. Expert Google users can use that information for penetration testing, or purposes less commendable. The Information Security Management Process based on ISO 27001 - Garcia, Leonardo During this session we will learn how to deal with information security efficiently and define the information security standards as ISO 27001 and the code of practice ISO 17799 as a capability of Information Assurance of the organization. Define the strategic level of Information Security: Vision and Mission, Risk Analysis, BIA, Security Policies, Controls Lifecycle, DRP/BCP Program, Risk Management Program and Audit program. Define the tactic layer: Training & Awareness Programs, Guidelines, Standards, First Response Incident Teams, Forensics Techniques, monitoring and measurement information security controls performance. And finally define enough information that help the operation to obtain records traceable and also to be able to demonstrate the relationship from the selected controls back to the results of the risk assessment and risk treatment process, and subsequently back to the ISMS policy and objectives InfraGard: Guarding the Nation's Infrastructure - JungKuntz, Ted - FBI SA, InfraGard Coordinator, Bradbury, Dyann - President INMA (InfraGard Nebraska Members Alliance), Elfering, Dave - Vice President INMA At its most basic level, InfraGard is a partnership between the FBI and the private sector as well as an association of business, academic institutions, state and local law enforecement agencies and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. It provides an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. The goal of Infragard is to improve and extend information sharing between private industry and the government, particularly the FBI, when it comes to critical nationalinfrastructures. This session introduces and explains the critical role Infragard plays in protecting our National Infrastructure. Attendees will hear from key members of the Nebraska Infragard chapter including the FBI Special Agent representative, the chapter President, and at-large board members. They will see how they can benefit from the local Infragard chapter and will learn how they can become involved in helping protect not only their organization, but also our nation's critical infrastructure. By working together, we make ourselves, each other, and our nation stronger. Integrated, Holistic Threat Detection - Prouty, Scott There are more than 100 messaging security vendors offering point solutions, which can be difficult to deploy, update and manage across various interfaces. Organizations are looking to vendors with a complete product family for comprehensive protection, which otherwise might require 30+ modules from multiple providers to address. Without a common architecture, point solutions cannot share information, making them less effective and leaving enterprise e-mail and IM systems vulnerable to a wide variety of threats. This presentation explores how organizations can implement a holistic approach to protecting enterprise messaging systems with an integrated, scalable architecture for ease of deployment and management, common policy enforcement, notification and archiving. Leadership Management - Hayes, Bob Developing the next generation of security organization leadership is considered by some to be security's most daunting challenge. Degree programs and management executive development programs are plentiful but where will our next leaders learn the security content knowledge? The Council members and staff develop tools and methodologies for effective succession planning, to meet regulatory challenges of the future, to assist with the convergence of security disciplines in the enterprise and to aid in planning for future security strategies. Linux Security Basics - Haeder, Adam What all Linux users should know about basic security. Covers password options, process monitoring, port scanning, basic firewalling, audits and more. Making IT Security Accountable Through Risk Management - Kenyon, Brian IT security attacks can impact a business at every level. The reliance of all areas of a business on the IT systems that support them means that a single attack can disrupt business continuity and ultimately result in lost revenue. For this reason alone, IT security should be a board level issue. And yet it is the paradox of IT security that the sign of a successful investment is nothing happening. Whereas a business would expect to see cost savings, better customer service or improved efficiency following a major IT investment, the success of IT security lies in the ability of the IT infrastructure to operate as normal. The key lies in ensuring that senior executives at board level within an organisation have adequate visibility of their company's IT security. This visibility should be over three key areas: how secure key business assets are, the outcome of investments in IT security and compliance with government regulation. This presentation will introduce attendees to the Risk Management Lifecycle and ways in which to use Security Metrics to benchmark the successes and failures of a security program. Managing and Securing Windows Service Accounts - McCoy, Bob Services accomplish a great many things under the covers in Windows. Are yours running with the least privileges to accomplish what they need to do? This session looks as enterprise management of service accounts, where they're needed, and how to use them in a way that minimizes your threat exposure. Microsoft Windows XP Hardening - Nugen, Steve Presenter will discuss and demonstrate methods for hardening the configuration of standalone clients running Windows XP, SP2. The presentation will reference Microsoft advice, presenter's experiences and suggestions, unexpected findings, and potential problems. Outsourcing Authorization and Authentication - Burchell, Dave Management of auth and auth (authorization and authentication) can impose a burden on the manager of a Website. The overhead of maintaining a password file for proving the user is who he says he is (authentication) and the list of resources he is permitted to access (authorization) can be enough of a chore to prevent Web programmers from implementing innovative features. However, by offloading auth and auth to other Web-based resources, through the use of helpful, well-known Websites and Web Services, the Webmaster can achieve the desired effect without ever updating a permission list or keeping any lists of passwords. In this talk, we'll explore two methods of outsourcing authentication, one using PayPal's Website and another employing Web services from StrikeIron. Next, we'll see how to let other sites do your authorization using Flkr and StrikeIron. OVAL & XCCDF tutorial - Payne, Matt You do not need to attend the talk "The bright future of the Extensible Configuration Checklist Description Format (XCCDF) and its friends" in order to get a lot out of this tutorial (but it couldn't hurt...). This tutorial will cover the basics of the Extensible Configuration Checklist Description Format (XCCDF) Open Vulnerability and Assessment Language (OVAL) with the focus being on OVAL version 5 and using the open source licensed OVAL interpreter from MITRE corporation. Bring your laptop (windows or Linux) and try out the interpreter during the talk -- or just follow along with our live examples. Learn how to write both OVAL and XCCDF definitions to programmatically assert specific things about a given computer system. The ability to understand and write OVAL definitions and benchmarks will become increasingly important in 2006 and the years ahead. Come get a head of the curve! Learn how you can use these no cost solutions in your enterprise today and tomorrow! For upto the minute information about our group's work with OVAL and XCCDF visit www.OVALTools.org. Protecting Users from ID Theft - Woerner, Ron Helping our user community understand privacy, laws and how to protect their online identity. The Pursuit of ISO 27001 Certification - Ross, Joan The evolution of the BS 7799/ISO 17799 standard to the revised and recently published BS ISO/IEC 27001:2005 specification establishes the critical components for Information Security Management Systems, and a highly desired, if not necessary, certification. We'll examine the roadmap and requirements for an organization to achieve compliance, including how to appropriately define, document and review controls and practices in preparation for an independent audit. Reading Hex Packets - O'Gorman, Jim Ever get curious as to what is going over the wire, what is being sent from machine to machine on your network? If so, chances are you have ran a packet sniffer. Even though many sniffers will interpret the data for you, odd are you have also seen the packet represented in hex as well. These hex dumps show up a quite a bit, and anyone using an IDS is sure to be very familiar with them. But do you know how to read them? We will use tcpdump and packet crafting tools to build packets and interpret the hex dumps. By chopping the packets up into the separate fields, and learning what is expected and unexpected we will gain a greater appreciation as to what is happening behind the scenes with the various applications we use on a day to day basis. It is suggested that the audience be familiar with hex and ip networking. Scanning for dollar$" - Hayes, Bill There's more to scanning than just pressing a button. This talk will cover commonly available scanning tools with a few handy hints to keep you from crashing machines while scanning them. Security Overview for Windows Vista - McCoy, Bob This is an overview of the changes in the Windows security model for the new Windows client, codenamed Vista. Emphasis will be placed on enterprise deployment, extensions to Group Policy, and locked-down user scenarios. "The sky is falling: surviving an external PCI audit" - Hayes, Bill The Payment Card Industry (PCI) security standards represent best-practices for protecting credit card related data. This talk will help the listener to understand the PCI security standards and ensure that credit card data is safeguarded. "Spyware removal for fun and profit" - Hayes, Bill Spyware has become more sophisticated and its removal presents the technician and end user with unique challenges. This talk will acquaint the listener with common anti-spyware tools. A demonstration will walk through spyware removal step-by-step, using a live spyware specimen. The State of Messaging Security: Defenses are Getting Stronger as Evil Doers Morph - Moore, Gene The state of messaging security is strong, as the security industry has made the environment a difficult one for spammers and propagators of malware, who are always looking for ways to derive revenue from their efforts. But the industry must not get complacent, as spammers are already capitalizing on messaging standards that present new opportunities. In this discussion, Alex Hernandez, CipherTrust’s Director of Advanced Product Development will discuss the following: A. The State of Various Messaging Threats
PRUDENT ACTION to COMBAT TERRORISM - Ellsworth, Douglas The world's most dangerous people possess the world's most dangerous weapons. They also possess absolute commitment, cunning, and a thorough understanding of our institutions. Moreover, the Jihadists consider the "Everyday" American to be weak, uncommitted, and caring only about their own comfort-level. This is the essence of the Global War on Terror. The enemy in the GWOT is committed to a long war and has publicly articulated his goals for decades. The GWOT is larger than any personality. Events have been placed in motion that will not be soon-reversed. Everyday individuals “ members of the Public-at-Large have a role to play in securing our homeland; this role is non-partisan and non-political. Public engagement in educational programs and instructional exercises instills the protective power of responsible perception and judgment. This objective will additionally strengthen the Public's emotional endurance“ the primary target of any terrorist strategy. Moreover, an active, widespread Public effort can contribute to the overall counter terrorist strategy. This role, on a collective - individual level, manifests itself as a totally passive reagent to increase the chances that extremely large-scale, massively lethal and destructive attempts do not succeed. USSTRATCOM Combating Weapons of Mass Destruction Architecture and Analysis - Stewart, Susan In 2002 the President signed the National Strategy to Combat Weapons of Mass Destruction (CWMD) and in January 2005 the Secretary of Defense assigned The United States Strategic Command (USSTRATCOM) as the lead Combatant Command for integration and synchronization of Department of Defense-wide efforts in CWMD. This presentation shows the current mission and a draft vision for CWMD in 2015-2025 and discusses how USSTRATCOM is leveraging operational and system architecture to integrate and synchronize the community to meet national objectives. Value Equation - Hayes, Bob Securing the enterprise is a value proposition. Cost consciousness and proactive management is a fundamental expectation of shareholders. What measures and metrics best convey security's value? Council members and staff engage in benchmarking and common practice documentation, case studies demonstrating security ROI, building a comprehensive library of security-related metrics and measures, and helping to document programs' contributions to managing risk and enhancing internal influence and corporate value. Virtualization - Hoesing, Michael Virtualization - The efficient use of computing resources has always been an organizational topic. While virtualization is not a new topic to the mainframe world, the advancement of x86 based system processing capabilities has enabled virtualization to become effective at the server and even workstation levels. In addition to cost savings, additional benefits of testing in different operating systems on one host, the ability to run application versions parallel, business continuity opportunities.and other opportunities exist when one can run multiple operating systems on one machine simultaneously. This session will compare and contrast current choices in x86 virtualization, Zombies - Moore, Gene Today millions of zombies, innocent home and business computers that have been taken over by highly organized, interconnected criminal groups, are the biggest IT threat to organizations and individuals. These machines increasingly are being employed with devastating impact for profit-generating activities such as launching denial of service attacks and spewing phishing scams to empty bank accounts and engage in identity fraud. Dmitri Alperovitch, research scientist at CipherTrust, sees first hand billions of global messages per month and will provide a view into zombie networks, an analysis of attacker methods and techniques, an overview of phishing and how phishing attacks propagate and what organizations can do to protect themselves. Presenters
The NEbraskaCERT Conference is very
fortunate to get some of the best
speakers to present at our conference. Here is the Class of 2006:
Atteberry, Mick Mick Atteberry is the Manager of Enterprise Information Security at ConAgra Foods. His team provides IT risk assessments and security consultations on processes, services, systems, and implementations supporting business initiatives. He comes to ConAgra Foods with a depth of Information Security experience dealing with information threat and vulnerability management, regulatory compliance, system security engineering, and engineering fault analysis. Prior to joining ConAgra Foods in 1998, Mick worked for the Boeing company and the Cessna Aircraft company. Mick earned his bachelor?s degree in Information Systems from Kansas State University. He was awarded the Certified Information Systems Security Professional (CISSP) certificate in 2000. Burchell, Dave Dave Burchell got his start with computers by programming the Radio Shack TRS-80 in BASIC and the Commodore 64 in 6510 assembly. Currently, Dave's favorite programming languages are Perl and XSLT. A fervent proponent of XML, Dave enjoys solving content-management problems with markup and open source software. His other interests include American history and Hellenistic philosophy. Dave lives with his wife, Renee, and children, Max, Gus, and Samantha Grace, in Lincoln, Nebraska. His web site is http://www.heroicmarkup.com/~burchell/. Christofferson, Debbie Debbie Christofferson, CISSP, CISM. Debbie knows security from the ground up, based on 20 years first hand Fortune 500 experience across the U.S., Europe, and Asia with Intel Corporation. She currently manages her own business, Sapphire-Security Services LLC, which focuses on increasing the effectiveness and results of your organization's security through management consulting, program leadership, workshops and speaking. Debbie is a SA published co-author of two books, and writes a column on technology careers and trends. She is a board member of local Information Systems Security Association, and is a member of ISACA, ATW, AZ Tech Council, OWIT, and NSA. Ellsworth, Doug Doug is highly regarded among the leading TSCM practitioners nationwide. Doug began his TSCM career 16 years ago while serving as president of a small Midwestern defense contractor. In that position, Doug administered the maintenance and repair of TEMPEST-certified microcomputer systems at (then) Strategic Air Command Headquarters (55SRW/HQSAC) at Offutt AFB. Secure Communications Corporation was conceptualized and formed at that time. Garcia, Leonardo Leonardo has worked for a Mexican Oil Trading Company, Phibro Energy Division of Salomon Inc., Banamex (National Bank of México), Pemex Gas y Petroquimica Básica, Hypercom Inc., the National Security Program. As a professional he has been worked with ITIL, BS15000 (ISO 20000) in the daily work, and hold the certifications: PMP, CISSP, CISM, CISA, ISMS LA, ISO 9000LA. Haeder, Adam Adam Haeder is the Vice President of Information Technology for the AIM Institute. His responsibilities include management of the development team and the IT department, and all related technology ventures. Adam has been the lead instructor in AIM's Cisco Regional Networking Academy, and is the Vice President of the Omaha Linux Users Group. He has written two books about the IT job market, "Conducting the UNIX Job Interview" and "Conducting the Network Administrator Job Interview". Adam was also a contributing author for the O'Reilly book "LPI Linux Certification in a Nutshell". He has been a featured speaker at many area events, including the annual Infotec conference, the Nebraska CERT conference, the IBM/First National Bank high school programming contest and many high school and college events. Adam is a member of the Omaha Public School's technology advisory council, the University of Nebraska at Omaha technology advisory council, the University of Nebraska at Lincoln technology advistory council, the Millard Public Schools technology advisory council, and the Linux Professional Institute technology advisory council. Adam has a Bachelor of Science degree in Computer Science from the University of South Dakota in Vermillion. Hartley, Bruce Dr. Hartley has over 25 years of technical and managerial experience in systems, software, and security engineering. He is currently a Firm Director at Deloitte FAS, LLP. Prior to Deloitte, he was the Chief Technology Officer at Cricket Technologies, a leading e-Discovery and Forensics firm headquartered in Reston, VA. In addition, he was the Co-founder, President and CEO of Privisec, Inc., a security consulting company. Before Cricket, he was the IT Sector Director at bd Systems, Inc., and the Co-founder, President and Chief Executive Officer at PoliVec, Inc. Prior to PoliVec, Inc. he was the Executive Vice President and Chief Technology Officer at DMW Worldwide, Inc., as well as Senior Vice President, Chief Technology Officer and Chief Information Officer at Trident Data Systems. Dr. Hartley has preformed expert forensics analysis in support of numerous court cases. In addition, he has acted as an Expert Witness on cases involving such issues as electronic mail fraud and data destruction. Dr. Hartley is recognized by the National Computer Security Center as a Vendor Security Analyst and has been certified by the ISC2 as a Certified Information System Security Professional (CISSP). Hayes, Bill Bill Hayes has worked nearly four years for the Omaha World Herald Company corporate security department as an information security specialist where he conducts security audits for the World Herald's nationwide firms. For the past 18 years, he has performed a variety of information technology and information security duties in the corporate and academic environments. Bill has a Bachelors degree in Journalism from the University of Nebraska Lincoln. He also does freelance writing for computer magazines and web sites. His byline has appeared most recently in Processor Magazine and the SecurityFocus web site. Hayes, Bob Bob Hayes is the Managing Director of the CSO Executive Council, a cross–industry professional organization of chief security officers (CSOs) devoted to advancing strategic security practices and founded by IDG’s CSO magazine. He also serves as chief security officer (CSO) of CXO Media Inc. and its parent company, International Data Group (IDG). Hayes possesses more than 25 years of experience developing security programs and providing security services. Prior to joining CXO Media/IDG, Hayes spent eight years as the CSO at Georgia Pacific, and nine years as security operations manager at 3M. Hayes’ vast experience and the respect he has earned among security and law enforcement executives across the United States uniquely qualifies him to lead, manage and continuously evolve the CSO Executive Council. As council GM, Hayes is responsible for program vision, identification of member needs, and the creation and execution of programs and tools to help CSOs effectively lead and manage the security function at their organizations. A recognized innovator in the security field, Hayes is a frequent speaker at key industry events, including those produced by ASIS International, The Government Security Expo & Conference (GOVSEC), The Brookings Institute and the National Crime Prevention Institute. He is a leading expert on security issues and quoted by such major media outlets as The Wall Street Journal, Forbes, CSO magazine (prior to joining the company) and countless security and legal newsletters. Hayes was one of the first security executives to successfully implement unified management of corporate security, computer security, and business conduct and compliance programs in a Fortune 100 company. His security experience spans the manufacturing, distribution, research and development, and consumer products industries as well as organizations that are part of the nation’s critical infrastructure. Hayes has more than 10 years of successful law enforcement and security training experience in Florida and Michigan. Hoesing, Michael Michael T. Hoesing CISA CISSP CIA CCP CMA CPA Information Systems Audit & Information Assurance Manager First National Nebraska Inc. Mike has over 30 years of experience in the areas of information systems audit, information systems implementation, and financial audit. His experiences span a variety of industries during his years with public accounting firms and his last 15 years has focused on the financial services with firms such as First National Nebraska Inc.,Pricewaterhouse Coopers, First Data Corp, and American Express. Mike has been involved in both the external and internal audit processes and also has served as a systems integrator, software trainer, conference speaker, and a university instructor. Currently Mike leads the Information Systems Audit & Information Assurance groups for First National Nebraska Inc. assessing risk and helping to improve the control environment for technology sectors at the bank and the related non-banking subsidiarie McCoy, Bob Bob is a Technical Account Manager for Microsoft. He manages the support relationship between Microsoft and several of its large customers in the Omaha area. He has also been a Microsoft consultant where he specialized in infrastructure and security consulting. Bob a member of the NEbraskaCERT Board of Directors and serves on the Microsoft internal InfoSecurity Force. Bob's credentials include: BS in Computer Information Systems, Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional (ISSAP), and Microsoft Certified Systems Engineer (MCSE). Moore, Gene Gene Moore currently serves as a Senior Systems Engineer for CipherTrust, Inc., the global market leader in messaging security. In this role, he is responsible for recommending, designing and implementing messaging security solutions for Fortune 1000 companies. Mr. Moore has over 10 years of consulting experience in the security industry. Nugen, Steve Stephen (Steve) Nugen is a Senior Technical Research Fellow at the Nebraska University Consortium on Information Assurance (NUCIA) and the founder of NuGenSoft, a provider of information security services since 1998. Steve's teaching and work experience includes Harris Corporation, Iowa State University, GTE Government Systems, Hughes/Raytheon, NuGenSoft, College of Saint Mary, and UNO's College of Information Science and Technology. His interests include vulnerability discovery and methods to mitigate them. Steve sits on the NEbraskaCERT Board of Directors and Omaha InfraGard Executive Board. His credentials include: BS, MS, CISSP, IAM, and IEM. O'Gorman, Jim Jim O'Gorman has over 7 years experience in information security and has worked with such companies as AOL, Sun, General Motors, Sprint, and the Department of Defense. Jim currently resides in Nebraska and be be reached online at http://www.elwood.net/. Payne, Matt Matt Payne, CISSP, is a Senior Technical Research Fellow at the Nebraska University Consortium on Information Assurance (NUCIA), University of Nebraska at Omaha (UNO) in Omaha, Nebraska. Matt's day-to-day activities focus on Information Assurance and Computer Security research and instruction. His academic research interests include Information Assurance, the Semantic Web, Collaboration, and Open Source Development. Prouty, Scott As CipherTrust’s Regional Manager of the Great Plains Region, Scott Prouty brings an extensive knowledge of application technology, sales and customer relations to the e-mail security market. For the past three years, Scott has been a member of the CipherTrust team and is responsible for working closely with customers on understanding the intricacies of the CipherTrust’s award-winning e-mail security appliance. Additionally, Scott communicates with sales engineers to ensure that the technical needs of customers are met and with channel partners on a continual basis ensuring strong representation and sales for the Company. Prior to joining CipherTrust, Scott spent time with both Bond International Software (Richmond, VA) and VCG Software (Atlanta, GA) working in sales. Scott is a graduate of the Virginia Polytechnic and State University (Virginia Tech) with a BS in Biology. Stewart, Susan Susan served over 21 years in the United States Air Force (USAF) as a linguist and communications officer. Notable experience includes drafting NATO and Deliberate communications plans for the USAF in Europe, creating and implementing a network security program for the Offutt base network, and ensuring the wing's communications and networks remained operational throughout preparations for and during Y2K. Since December 2000, Susan has been creating operational and systems architecture products for the United States Strategic Command. In April 2006, Susan was selected to lead a team of architects and analysts to explore the Command's new Combating Weapons of Mass Destruction mission. Vidas, Tim Tim Vidas is a Senior Technology Research Fellow in the Nebraska University Consortium for Information Assurance, in the College of IS & T. In addition to teaching at UNO, for the past several years Tim's main focus has been in the private sector with System / Network Security, Defense in Depth, and Systems Integration. His interests include Automation, Information Assurance, Education, Digital Forensics, Integration, OSS, and wireless technologies and lately gnireenigne. Tim is locally associated with ACM, NEbraskaCERT, Infragard, OLUG, SANS, and the Omaha Perl Mongers. Tim's credentials include: MS/BS in Computer Science, EnCase Certified Examiner / Trainer (ENCE), Security+, Certified Information Systems Security Professional (CISSP), etc. Woerner, Ron Ron Woerner is currently a Senior Security Analyst with ConAgra Foods, Inc. In the past 15 years, he has been an Air Force Intelligence Officer, the Information Security Officer for the Nebraska Department of Roads, a UNIX administrator for the Mutual of Omaha Companies, and the Lead Security Engineer for CSG Systems. Ron earned a Bachelors degree from Michigan State University and a Masters degree from Syracuse University in Information Systems. He was awarded the CISSP security certification in August of 2001 and the NSA IAM certification in August of 2003. Zivic, Predrag Mr. Predrag Zivic, with over 19 years of information technology experience is in charge of defining the strategy of Scienton's development and service. His vision enabled Scienton to work closely with its clients to implement information risk, operation risk and security management solutions using the Information Security Model®, Risk Cube® and Trust Model Router®. Mr. Zivic, as the management and technical leader for Scienton, managed large projects and provided leading risk and security solutions to Fortune 1000 clients. In an effort to learn and contribute, Mr. Zivic has achieved CISSP, CISA, CISM and he was one of the first 100 ISO17799/BS7799 certified practitioners in the world. Mr. Zivic also wrote papers on risk and security metrics and management. He chairs the Canadian ISO17799 User Group and he has presented at the CIO Summit®, Managing IT Security Risk, SANS 2000, EICAR, World Congress on Risk, ISACA, ISO17799 User Group, ISSA, Atlantic Council DataSecurity, InfoSecurity Canada, Nebraska CERT, SPIE Defense & Security and CISSP forum conferences. |