The NEbraskaCERT Conference:
was held in August
at the Peter Kiewit Institute's
Scott Conference Center
Omaha, NE USA
talks
Code
TITLE Presenter
TIME ROOM
TC-2
Advanced Open-Source/Free Solutions for Home and Small Business Owners - Part 1
Baldi, Robert
Tuesday - 10:00 PM
C
TC-3
Advanced Open-Source/Free Solutions for Home and Small Business Owners - Part2
Baldi, Robert Tuesday - 02:00 PM
C
TB-3
Advanced Windows Exploits
O'Gorman, Jim
Tuesday - 02:00 PM
B
WA-3
A Practical Approach to an Endless (and Thankless) Game (Vulnerability Management)
Kalhoff, Justin
Wednesday - 02:00 PM
A
TB-2
Basic Windows Exploits
O'Gorman, Jim
Tuesday - 10:00AM
B
TC-1
Beginner Open-Source/Free Solutions for Home and Small Business Owners
Baldi, Robert
Tuesday - 09:00 AM
C
WB-3
Beyond BlackHat. What we saw. What we should do about it Metzler, Greg Wednesday - 02:00 PM B
WA-5
Breaches in the Banking Industry
McCaslin, Marty
Wednesday - 04:00 PM
A
WC-4
Building a Forensic Framework
Churchill, Matt
Wednesday - 03:00 PM
C
WC-5
Building the Perfect Backtrack 4 USB Thumb Drive
Riggins, Kevin
Wednesday - 04:00 PM
C
TC-4
CTF From the Last ICDW Training - Part 1
Wentz, Luke
Tuesday - 03:00 PM
C
TC-5
CTF From the Last ICDW Training - Part 2
Bender, Jonathan
Tuesday - 04:00 PM
C
WA-4
Cyber Threat Innovation
Work, Joshua
Wednesday - 03:00 PM
A
TA-4
eDiscovery 101 – Myth Busting
Gerrol, Olivia
Tuesday - 03:00 PM
A
TA-3
Electronic Discovery Workflow
Kohtz, Don
Tuesday - 02:00 PM
A
WC-3
Forensic Incident Response
Churchill, Matt
Wednesday - 02:00 PM
C
TA-2
Interfacing with IT Auditors: A Recipe for Success
Nelson, David
Tuesday - 10:00 AM
A
WC-1
Introduction to Windows Computer Forensics - Part 1
Baldi, Robert
Wednesday - 09:00 AM
C
WC-2
Introduction to Windows Computer Forensics - Part 2
Baldi, Robert
Wednesday - 10:00 AM
C
TA-5
LawHacker - Shades of Grey Computing
Marsh, Matthew
Tuesday - 04:00 PM
A
WC-5
Managing Incident Response Teams and Events
Leighton, Johnson
Wednesday - 04:00 PM
C
TB-1
Metasploit: Beyond Point, Click, Root
O'Gorman, Jim
Tuesday - 09:00 AM
B
WA-2
Securely Architecting your Private Cloud
Randell, Robert
Wednesday - 10:00 AM
A
WB-4
Secure Software Development: Assessing and Managing Security Risks in the Software Development Life Cycle
Ashbaugh, Douglas
Wednesday - 03:00 PM
B
WB-2
Security and Project Management - Hand in Hand
Woerner, Ron
Wednesday - 10:00 AM
B
WB-1
Security Operations in a multi-vendor world
Errett, Jerry
Wednesday - 09:00 AM
B
TB-4
Spear Phishing: Real Cases, Real Solutions
Belani, Rohyt
Tuesday - 03:00 PM
B
TA-2
Understanding the FAIR Risk Assessment
Dixon, Bill
Tuesday - 09:00 AM
A
WA-1
Visions of Clouds and Cloud Security
Randell, Robert
Wednesday - 09:00 AM
A
TB-5
When Vulnerability Management Turns into Action
Dixon, Bill
Tuesday - 04:00 PM
B

Abstracts

Title: Advanced Open-Source/Free Solutions for Home and Small Business Owners
Presenter: Robert Baldi

Abstract: This presentation will review open-source/free solutions that the above average or advanced user can use to keep themselves secure in their households and/or businesses.  The presentation will provide a variety of multimedia resources as well as in-depth video tutorials covering the configuration and implementation of the open-source applications and tools being covered. This presentation will review all different kinds of encryption solutions, backup solutions, group policy management, anti-root-kit solutions, SAN solutions, and network tools.  In addition we will be reviewing ongoing risks and the importance of implementing security in an IT environment.  We will allow ample time after the presentation for questions about the application suites covered as well as handling out a free DVD including all the tools covered.

Title: Advanced Windows Exploits
Presenter: Jim O’Gorman

Abstract: Windows based systems have built in a lot of protection and it has gotten a lot more difficult to create. We will examine a Windows based exploit that  has to bypass modern protection mechanisms that have been put in place. Live Demo - No Slides.

Title: Basic Windows Exploits

Presenter: Jim O’Gorman

Abstract: Back in the good old days, it used to be pretty easy to create a exploit for a Windows based system. We will examine a basic Windows based exploit, covering how they are found, to getting a crash, to obtaining code execution. Live Demo - No Slides.

Title: Beginner Open-Source/Free Solutions for Home and Small Business Owners
Presenter: Robert Baldi

Abstract: This presentation will review open-source/free solutions that the “average joe” can use to keep themselves secure in their homes or small businesses.  This presentation will use a variety of multimedia sources, to include in-depth video tutorials covering configuration and implementations of open-source/free tools.  The solutions covered will include things such as software firewall configuration, password security, security audits, spyware control, virus protection, browser security, and event log management.  In addition, the ongoing risks and importance of implementing security in an IT environment will be covered.  We will allow ample time after the presentation for questions about the application suites covered as well as handing out a free DVD including all the tools covered.

Title: Beyond BlackHat. What we saw. What we should do about it
Presenter: Greg Metzler

Abstract: Beyond BlackHat: You went to the Con (or at least read about it). You saw the exploits. Now what? Where do we go from here? This talk will give an overview of what came out of BlackHat and present a few ideas on what to do about it. It is specifically intended to spark your thoughts, ignite your passion and drive conversation on the important issues we are facing every day as security professionals.

Title: Breaches in the Banking Industry

Presenter: Marty McCaslin

Abstract: More than ever, U.S. Banks are being compromised by a sophisticated array of methods.  With the preponderance of online banking for commercial clients, cybercriminals are able to represent themselves as legitimate commercial clients and siphon funds from vulnerable banks.  This discussion will cover different methods being used by these malcontents, and also talk about ways that banks can better protect themselves today.”

Title: Building a Forensic Framework
Presenter: Matt Churchill

Abstract: There are several dedicated software tools available for incident response information gathering and forensic analysis. The problem with available tools is that none work together and each tool has to be individually run. This presentation publicly launches a framework that allows these tools to run in conjunction and create a unified report.  The forensic framework allows user created modules to be installed with minimal effort. The user can create modules to run against a live machine, a dead machine, or against information gathered from either. Attendees are encouraged to learn about the framework and are invited to give suggestions for improvement.

Title: CTF From the Last ICDW Training
Presenters: Jonathan Bender and Lucas Wentz

Abstract:  Didn't make this year's DefCon CTF team?  Ever wanted to participate in a CTF?  Here's your chance...  Jonathan Bender and Lucas Wentz will be conducting a short introduction into a popular Information Assurance (IA) exercise known as a Capture the Flag (CTF).  The introduction will give participants a brief overview of how to play, the type of application(s), and some basic attack instructions.  Participants will be split into teams and connected into a virtualized network environment.  Teams can learn, refresh, and hone skills by taking advantage of exploits in opposing team applications and protecting their own.  Healthy competition is encouraged, however, this is also a learning opportunity.  NUCIA staff and students will be present to help guide new participants.  This exercise is modeled after the October 2008 and June 2009 International Cyber Defense Workshop CTF exercises hosted by NUCIA.

Title: Cyber Threat Innovation

Presenter: Joshua Work

Abstract: The contemporary cyber threat environment is increasingly witness to ever more rapidly evolving levels of adversary sophistication and the increasing  commercialization of attack and intrusion tactics, techniques, procedures, and tools.  Understanding the rapid evolution of the threat environment demands new analytic approaches based on recognition of the driving forces at work within the underground market of tools, services, and expertise which enables adversary action.

Anticipating and characterizing innovation within this threat marketplace is among the most difficult of warning intelligence challenges faced by today's intelligence professionals. We present an analytic framework for discussion of this challenge, and explore specific examples of innovation behavior drawn from recent open source and proprietary intelligence.

Title: eDiscovery 101 – Myth Busting
Presenter Olivia Gerroll

Abstract:
  • Litigation Support
  • eDiscovery
  • What is it
  • Why do I care
  • What is the language and how do we translate between tech and non-tech speakers
  • Understanding the data volume
  • What is the timeline
  • What questions do we have to ask
  • What does this mean to me
Title: Electronic Discovery Workflow
Presenter: Don Kohtz

Abstract: Sometimes its more about the journey than it is the destination.  Depending in your viewpoint, the standard eDiscovery workflow is a journey.  There is a lot of detail wrapped around each component of the workflow. The worlds of IT and Legal collide head-on in the arena of electronic discovery.

Electronic discovery has its own language, and requires collaboration and cooperation between IT and legal. In this session, attendees will learn and become aware of the following components of a standard eDiscovery workflow:
  • Global assessment
  • ESI roadmap/data map
  • Preservation plan (legal hold)
  • Collection/data acquisition
  • Processing (filter/cull)
  • Review/analysis
  • Production
Title: Forensic Incident Response
Presenter: Matt Churchill

Abstract: Whether there is a potential hacked system or an employee suspected of downloading inappropriate content, responding to a computer incident can be a high-pressure and intense activity. Knowing what tools to use and steps to take can help you prepare and eliminate potential roadblocks. Gathering information in a forensically sound manner will increase chances of being able to use the information in court or other proceedings. Discussion will take place on when to gather information from a running machine and when to shut it down first. Demos will be shown and attendees will be able to go back to work and make their own incident response toolkit.

Title: Interfacing with IT Auditors: A Recipe for Success
Presenter: David Nelson

Abstract: The audit process is one of the most misunderstood and loathed processes in the IT world.  A lot of this comes from the fact that the process is not embraced by IT staff or management as an opportunity for a partnership.  Once managers realize they can utilize the audit process to highlight some of their own business concerns and objectives, the audit process becomes less adversarial and more about building relationships.

This session will provide an overview of the audit process and how IT management can insert themselves into this process in order to benefit from the exercise.

Title: Introduction to Windows computer forensics
Presenters:  Robert Baldi & Robert Clauff

Abstract: This presentation will provide in-depth knowledge over the basic and advanced uses for computer forensics software applications.  The presentation will use a variety of multimedia sources, to include in-depth video tutorials covering configuration and implementations of open-source/free forensic utilities.  We will cover subjects including, but not limited to Autopsy, FTK Imager and Harlan Carvey’s Windows Forensic software suite.  We will also review data recovery, stenography, and cell phone forensics.  After the presentation we will open the floor to any questions about the presentation or other forensic questions.  We will allow ample time after the presentation for questions about the application suites covered as well as handing out a free DVD including all the tools covered.

Title: LawHacker: Shades of Grey Computing
Presenter: Matthew Marsh

Abstract: In this session we will apply 'lex parsimoniae' ("law of parsimony") and Occam's razor to eDiscovery in an attempt to elucidate LawHacker, the discordant competition between human logic and scientific logic inherent when combining Law and Science. We start with a definition of LawHacker touching especially on the requirement of "destroy to understand". We then apply the tenets of LawHacker to eDiscovery and related InfoSec and Legal intersections. We finish with a discussion of ways to use this knowledge to better safeguard our systems, networks, and societies.

Title: Managing Incident Response Teams and Events
Presenter:  Leighton R Johnson III
 
Abstract: The concepts and principles the security professionals and their managers need to know to conduct or participate in an incident response event investigation will be presented. Ensuring that proven policies and procedures are established and followed are manager level responsibilities, along with personnel certifications and levels of expertise. These will be discussed along with Incident Response Team Management. Critical chains of evidence collection and custody in each investigation is explored. The laws, ethics, regulations and boundaries for investigations and the investigators are next presented to help clarify positions and policies. Finally, the needed relations for the incident response team manager are presented; these include technical, management, law enforcement and civil relationships with professionals and organizations

Title: Metasploit: Beyond Point, Click, Root
Presenter: Jim O’Gorman

Abstract: Metasploit has always been a nice easy to use tool, but that is where most users stop. We will examine some of the deeper uses of the tool. From meterpreter, to pivoting to the ruby shell, we will examine why it is a framework and not just a hack tool. Live Demo - No Slides.

Title: Secure Software Development: Assessing and Managing Security Risks in the Software Development Life Cycle
Presenter: Douglas A. Ashbaugh

Abstract: Application security is a relatively new, yet very exciting field.  It is being driven by a number of open source, government, regulatory, and industry organizations, but the need for application security is, sadly enough, the fact that software continues to be developed that isn’t secure.  For example, buffer overflows continue to plague software development despite the fact that buffer overflows and the methods for preventing buffer overflow have been known about for more than twenty years.  Two of the primary factors that software isn’t developed securely include:                                                                  
  1. Software development teams have not been sufficiently educated in how to identify security vulnerabilities associated with their software development projects                                                                              
  2. Often, software development teams falsely believe that if perimeter security controls are in place, then the software they develop will also be secure, or at least will not affect the perimeter security                                  
At one time, both software and network architectures were structured so that as long as perimeter security (i.e. firewalls, intrusion detection and prevention, anti-virus, etc.) was properly implemented and maintained, then flaws in application code could not possibly affect the security of that perimeter.  However, the paradigm has shifted with the introduction of web-based applications.
Traditional firewalls must let web-based traffic through the perimeter in order for web-based applications to function.  Therefore any attacker who can exploit flaws in the code of a web-application is already within the perimeter!  There are additional controls which may be added to secure this perimeter including application and database firewalls, but many organizations have not yet recognized the need for such controls, as headlines sadly continue to point out.  When you couple this with the fact that organizations are often slow to adopt new security controls because security is often seen as another expense, it becomes even more imperative for software development teams to understand the vulnerabilities associated with their software development efforts.
To counteract this trend, education is the key.  Software development teams, including project managers, technical analysts, business analysts, business managers, developers, quality assurance analysts, and testers must all be aware of the coding vulnerabilities which could plague any software development effort – as well as ways of discovering those vulnerabilities.

Title: Security and Project Management - Hand in Hand
Presenters: Laura Linhart, PMP and Ron Woerner, CISSP

Abstract: This presentation will cover the following areas:
  1. Using PMI standards to assist in implementing security within projects.
  2. Providing tools and techniques for Security Professionals to partner with projectmanagers within their organization.
Attendees will benefit by improving their knowledge of project management and the role of security in projects.

Title: Security Operations in a multi-vendor world
Presenter: Jerry Errett

Abstract: There are great open source security solutions for intrusion detection, vulnerability management, access control, and audit logging.  This presentation shows you how to use them together to provide an overall security picture for environments containing up to 100,000 devices.


Title: Spear Phishing: Real Cases, Real Solutions
Presenter: Rohyt Belani

Abstract: This presentation will discuss the evolution of phishing from being a means of stealing user identities to becoming a mainstay of organized crime. Today, (spear) phishing is a key component in a "hackers" repertoire. It has been used to hijack online brokerage accounts to aid pump 'n dump stock scams, and as a means of creating covert channels from compromised user machines to the Internet. During this talk, I will present the techniques used by attackers to execute such attacks and real-world cases that I have responded to that will provide perspective on the impact. This will be followed by a discussion on what works and what doesn't in building and testing user awareness to thwart such attacks against your organization.

Title: Understanding the FAIR Risk Assessment
Presenter: Bill Dixon

Abstract: Risk assessment frameworks seem to be plentiful, yet in many organizations a consistent gap exists in the frameworks applicability to the business and the risks that face its information. The Factor Analysis of Information Risk (FAIR) risk assessment framework is one that markets itself as a paradigm shift from traditional risk assessment frameworks.

This session will provide an overview of the methodology along with a case study of the results of a risk assessment utilizing FAIR versus other risk management methodologies.

Title: When Vulnerability Management Turns into Action
Presenter: Bill Dixon

Abstract: Many organizations have gone down the path of implementing vulnerability management programs and cycles. The common elements of asset inventory, base lining, monitoring, and mitigating only can take a program so far. This session will not only outline the elements of a vulnerability management program, but move into turning vulnerability management into actionable steps to show improved security and efficiencies overtime.


Presenters

The NEbraskaCERT Conference is very fortunate to get some of the best speakers to present at our conference.  Here is the Class of 2009:

Ashbaugh, Douglas

Douglas A. Ashbaugh, CISSP, CISA is the Manager of Information Assurance for Software Engineering Services (SES) where he leads a team of dedicated information security analysts in providing security strategy and solutions, evaluation and assessment services, application security services and security remediation services to both corporate as well as various federal, state and municipal government clients.  A dedicated information security professional, Mr. Ashbaugh has extensive experience in Project Management, Software Development and Testing, and Information Security.  His 18+ years of Information Systems experience in both government and commercial environments provides a solid foundation to achieve outstanding results in various environments.  He has a Bachelor of Science in Engineering Operations from Iowa State University.  He served eight years in the United States Air Force as an acquisition project officer performing project management duties on a number of different development projects ranging in size from $50,000 to $3 Billion.  He has also worked as a software developer/analyst/tester for the financial services industry for a period of more than six years.  For the past five years, Mr. Ashbaugh has been providing information security services to a number of clients for SES.  SES provides leading-edge IT solutions to DoD, government, state agencies and the private sector.

Baldi, Robert

Robert Baldi is a CISSP, ISSEP, CEH and CIW Security Analyst with ten years of experience in Information Assurance with the Department of Defense. He is currently a security engineer for USSTRATCOM and NSA, employed by Booz Allen Hamilton.  He is a graduate of Bellevue University and previously worked for the US Air Force and Raytheon in security engineering positions.  Robert is also an adjunct instructor for information security courses at ITT Technical Institute in Omaha, NE and a network defense analyst in the USAFR.

Bender, Jonathan

Jonathan Bender is the Systems Programmer for NUCIA. Jonathan works with NUCIA faculty and students on research projects that require development of technical systems. He was worked on projects in academia and industry in the areas of Bioinformatics, Information Assurance, Web/Service Oriented, Visualization, and Gaming. Jonathan has lead NUCIA's participation in the Capture the Flag (CTF) exercises.  He has developed an in-house Capture the Flag exercise for use during the International Cyber Defense workshop in 2008 and 2009.

Jonathan has a BS in Computer Science from University of Nebraska and is an Associate of ISC2.

Churchill, Matt

Matt Churchill is the Director of Digital Forensics and Cyber Investigations for Continuum Worldwide.  Matt is a former member of the FBI's Cyber Crimes Task Force and former Deputy Douglas County Sheriff of ten years, where he conducted digital forensic examinations.  Matt is a graduate of UNO and has earned the professional designations of Certified Forensic Computer Examiner (CFCE), Certified Computer Examiner (CCE), Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH).  Matt is a founding member and current President of the Nebraska Chapter of the High Technology Crime Investigation Association (HTCIA) and he is a member of the International Association of Computer Investigative Specialists (IACIS), the International Society of Forensic Computer Examiners (ISFSE)and Infragard.

Clauff, Robert

Robert Clauff is a graduate of the CNSS Information System Security bachelor of science program at ITT Technical Institute in Omaha, NE.  He is a network security administrator with CAS in Omaha.  Robert has been the lead penetration analyst on IA tiger team audits in addition to working with small and medium businesses to help intiate information security programs from the ground up.

Dixon, Bill

Bill is a Managing Consultant for Continuum Worldwide.  He has over 7 years of experience, in the field of information security and risk assessment.  Bill has worked with clients in the insurance, financial services, banking, manufacturing, software development, and higher education industries.  Bill has assisted clients with development and assessment of risk management programs, technical controls review, policy development, and regulatory compliance with focus on PCI, HIPAA, GLBA, FISMA, and SOX 404.  Bill also has experience in information security risk assessment, application security assessment, system architecture and design, and project management.

Johnson, Leighton

Leighton is the COO and senior security consultant for Information Security and Forensics Management Team (ISFMT), a provider of computer security and forensics consulting & certification training. He most recently was the CIO for a 450 person directorate within Lockheed Martin IT covering 7 locations within the Eastern and Midwestern parts of the U.S. He recently served as Security Operations Program Manager for a DOD Field Agency, based in Arlington, VA. He has over 30 years experience in Computer Security, Software Development and Communications Equipment Operations & Maintenance. Primary focus areas have included computer security, information operations & assurance, software system development life cycle focused on modeling & simulation systems, systems engineering and integration activities, database administration, business process & data modeling. He holds CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CIFI (Certified Information Forensics Investigator), CISA (Certified Information Systems Auditor), CSSLP (Certified Secure Software Lifecycle Professional) and CMAS (Certified Master Anti-Terrorism Specialist) credentials.

Kohtz, Don

Don Kohtz is the Managing Director of Legal Solutions at Continuum Worldwide.  He was formerly an Assistant Attorney General for the State of Nebraska, the Fraud Bureau Chief at the Nebraska Department of Insurance, and provided legal counsel and litigation services to insurance companies and financial institutions while practicing with the law firm of Locher Cellilli Pavelka & Dostal.

Don has presented and/or published on the topics of electronic discovery (eDiscovery) and electronically stored information (ESI) matters; digital/computer forensics; best practices for first responders collecting electronic evidence; cell phone forensics; insurance fraud; risk mitigation; and compliance matters.  He has investigated and consulted on matters involving insurance fraud; theft; impersonation; other white collar crimes; and unethical behavior.

Don holds a Bachelor of Science degree, a Doctorate of Jurisprudence, and is certified as a HIPAA Professional (HIPPAP).  He is a member of the Nebraska and Missouri state Bar Associations.  He is also licensed and practices in the state and federal U.S. District Courts in the states of Nebraska and Missouri, the Eighth Circuit Court of Appeals and the Supreme Court of the United States of America.

Don is a founding member of the Nebraska Chapter of the High Technology Crime Investigation Association (HTCIA).  He is a former executive board member of the Nebraska Crime Stoppers, Inc., and the Heartland Chapter of the Association of Certified Fraud Examiners. He is a recipient of the Distinguished Achievement Award from the Association of Certified Fraud Examiners for his efforts in the fight against fraud.

Marsh, Matthew

The computerization of our daily lives drives the interactions and mechanisms that underpin our economy and society. This discordant clash between human logic and technical logic creates the vast rifts in knowledge and understanding exploited daily. As a highly certified security and computing professional I saw the ramifications of not thinking through the inherent soft structure wherein people and technical methods collide and decided to complete my approach using Law.

I remain fascinated with both the logic of human interactions and the logic of science. Early in life I pursued disparate courses of action, publishing a book of Poetry, becoming sound engineer for several types of band, and starting several service businesses. A growing fascination with the logic of science I obtained a degree in electronic technology followed a few years later by a Bachelors in Experimental Physics. Graduate school in GeoPhysics led me to discover my dislike for locking down into a solitary thread of thought. Experiences with early ARPAnet, BITnet, and related interconnection systems at school led me into computer networking. Knowledge is not complete without the ability to destroy and so I developed an interest in the vulnerability of systems, at first from a technical standpoint and then the human aspects. I came to realize that the true nature of vulnerability lies less in arcane technical manipulation than in the way such manipulation ultimately compromises a human being.                                                                                                              

I founded the NEbraskaCERT and then spent a decade as their Chief Scientist. Coming from a technical and scientific background, I firmly believed that security problems rarely required negotiation and that the intent of a policy was never separated from execution. But thinking about and working through intention versus
 technical reality in InfoSec opened a new vista regarding the importance of negotiation and policy in support of the hard technical reality of implementation. Seeking an understanding of the "soft structure" led me to realize that "Law" encapsulated the methods of manipulating this structure. I realized the legal point of view dealt with the human logical realm that I struggled to integrate into my work in security. And so I became a student of Law and in May of 2009 I received my JD. Now complete in both viewpoint and training, I seek to integrate human logic and scientific logic.                                                  

Metzler, Greg

Greg Metzler is a Lead Systems Engineer for The MITRE Corporation where he supports US Strategic Command in the execution of its cyberspace, space and deterrence mission areas. A retired Naval Officer, he has spent over 17 years in network warfare operations, mission continuity and application development. He has served in numerous technical and leadership roles to include Navy Reserve’s Deputy CIO for Information Assurance as well as Deputy Director for Command, Control, Computers and Communications (C4) for the US FIFTH Fleet in the Middle East. Before retiring, Greg authored the Cyberspace Challenges section of the Department of Defense’s Quadrennial Roles and Missions Review (QRM), a forward-looking study enumerating the defense challenges facing the Nation. Greg is a graduate of Boston University, the Naval Postgraduate School and National Defense University and holds numerous technical certifications. He is currently a graduate student at the University of Nebraska at Omaha. His research interest areas include adversary attribution, assured design and persistent access (development, deployment, detection and mitigation).

Nelson, David

Mr. Nelson is a Certified Information Systems Security Professional with 15 years of experience.  He has lead technology organizations in both the public and private sector.  Mr. Nelson most recently was the Chief Information Security Officer for a leading Health Informatics company.  Prior to that he managed an information security group for a top 5 U.S. banking organization, was the CIO for a higher education institution and served as the information security officer for one of the largest municipal governments on the east coast.  Mr. Nelson received his Bachelor of Science degree with a major in Computer Information Systems from Excelsior College.  He has also taught and developed information technology curriculum at the post secondary level, is a published author and speaker at national conferences.  Mr. Nelson is the founder and current president of the Des Moines chapter of the ISSA.  He lives in the Des Moines, IA area with his wife and 4 children.

O’Gorman, James

 James O'Gorman is a consultant with Continuum Worldwide. In his over 10 years of working in information technology, James has worked in consulting, support, and managerial positions at companies across a spectrum of industries. Specializing in information security, James has made contributions in to the industry in the way of speaking engagements, papers, tool and process development that have been made available to the community. A member of the GIAC advisory board and the Omaha ISSA chapter, James holds OSCP, CISSP, GCIA and GCFA certifications

Riggins, Kevin

Kevin leads the team responsible for performing risk assessments and providing information security consulting services to the diverse set of business units that make up Principal Financial Group. He has 20+ years experience in information technology and over 9 years experience in the information security field. He a member of ISSA and Infragard and maintains a blog called InfoSec Ramblings at http://www.infosecramblings.com

Wentz, Lucas

Lucas Wentz received his Bachelors degree from University of Nebraska in May 2007. After graduating, Lucas was hired on as NUCIA's Lab Manager and Systems Administrator. His responsibilities as Systems Administrator include maintaining NUCIA's file server, e-mail server and web servers. As Lab Manager his responsibilities include maintaining and creating images used within the lab for classes. Along with creating the images for classes, he is also responsible for creating any special images need for research projects, special projects, and demonstrations. He is also responsible for the day to day operations of the labs.

Woerner, Ronald

Ron Woerner is a CISSP, IAM, CEH and CHFI with over 17 years experience in multiple industries. He graduated from Michigan State and Syracuse Universities and has worked for the US Air Force, State of Nebraska, Mutual of Omaha, ConAgra Foods, and AmeriTrade. He has spoken at the RSA Conference, the CSI Conference, CERT, Infotec and Information Security Decisions.  He is also on the Information Security Magazine Advisory Board.

Work, Joshua

Joshua Work leads iSIGHT Partners' threat intelligence efforts. He has more than a decade of service in both the government and private sector, including six years overseas experience throughout Europe, Russia, Asia, Latin America, and the Middle East. His assignments have covered a variety of transnational issues and homeland security areas, including information operations, terrorism, narcotics, organized crime,
transportation security, and critical infrastructure protection accounts. Mr. Work has also developed and taught analytic tradecraft on behalf of a number of academic and government institutions.

The NEbraskaCERT Conference was brought to you by NEbraskaCERT
*CERT is a servicemark of Carnegie Mellon University. Used with permission.