2018 ICC Speakers

Dr. Johannes M. Bauer

Modeling the Diversity of Cyberattacks

Abstract: Economic models have provided a powerful framework for understanding the information security problems in the Internet ecosystem. Research has shown that misaligned incentives of service providers, equipment manufacturers, software developers, and users go a long way to understand security breaches. As information security has positive cost, this research has also argued that accepting some level of vulnerability is economically rational. One potential weakness of these approaches is that they are based in a narrow view of the motives of attackers as primarily financially motivated. This presentation will explore whether the findings of the economics of cybersecurity hold for other types of attackers, such as ideologically motivated players. Based on a framework rooted in institutional economics, it will develop a typology of attackers and discuss its theoretical and practical implications.

Bio: Johannes M. Bauer is a Professor in the Department of Media and Information at Michigan State University. Since January 2013 he also serves as the Department Chair. He is trained as an engineer and economist, holding MA and PhD degrees in economics from the Vienna University of Economics and Business Administration, Austria. His experience at MSU is complemented by extended stays as a visiting professor at the Technical University of Delft, Netherlands (2000-2001), the University of Konstanz, Germany (Summer 2010), and most recently the University of Zurich, Switzerland (2012). His research covers a wide range of issues related to innovation in information and communication technology industries (ICT), business models of national and global players, as well as the public policy and governance challenges of harnessing the full benefits of ICT for society. He has developed and used computational methods to examine the effects of governance on advanced communications infrastructure and applied big data analytical methods to problems of information security. He currently serves as member of the boards of the Research Conference on Communication, Information and Internet Policy (TPRC) and the International Telecommunications Society (ITS). He is a frequent speaker at international conferences and has served as an advisor to public and private sector organizations in North and South America, Europe, and Asia.

Adam Bossler

Examining the Impact of Deterrence Perceptions on the Willingness to Commit Politically Motivated Cyber Attacks

Abstract: The Internet connectivity of critical infrastructure systems presents opportunities for attackers living in the United States or abroad to cause significant physical and financial damages. Although these concerns have been raised by scholars for several decades, cybercrime scholars in the social sciences have focused much of their efforts on studying cybercrimes against persons, such as online harassment, rather than cybercrimes against entities. The field has also surprisingly focused little on empirically examining the effect of deterrence in cyberspace rather than speculating on it. In one of the few studies on the topic, Holt and Kilger (2012) examined the factors that affected why college students may engage in politically motivated cybercrime attacks but did not examine deterrence perceptions. We build upon their work by examining whether perceptions of the certainty and severity of sanctions, participation in online personal violence, and peers affect college students’ willingness to participate in politically motivated cybercrime attacks, including attacks against critical infrastructure.

Bio: Dr. Adam Bossler is an Associate Professor in the Department of Criminal Justice and Criminology at Georgia Southern University. He earned his doctorate in criminology and criminal justice from the University of Missouri – St. Louis. His current research primarily focuses on examining the application of traditional criminological theories to cybercrime offending and victimization and how law enforcement responds to cybercrime. He is also currently completing a BJA grant exploring innovative correctional programs and a BJA Smart Policing grant in Evans County, GA evaluating the implementation of technology in rural law enforcement agencies. Finally, he is also currently working with collaborators on a NSF funded grant using real Internet usage data to examine computer deviance in a college sample.

George Burruss

Mirror Mirror: The Promise of Shared Data for Understanding Cybercrime

Abstract: While networked computing devices generate vast amounts of data, the sharing of breach and attack data with academics is rare. The reasons are understandable — such data are often classified, proprietary, or confidential. But until information about victimization and cyberthreats are provided to academics and among cybersecurity professionals, our understanding of the causes and correlates of cybercrime will remain limited. This presentation will consider how social scientists might analyze such data and what it could tell us about the nature of cybercrime. The implications for cybersecurity policy are discussed.

Bio: George W. Burruss is an Associate Professor in the Department of Criminology at the University of South Florida and the Florida Center for Cybersecurity. His main research interests focus on criminal justice organizations, cybercrime, and white-collar crime. He received his doctorate in criminology and criminal justice from the University of Missouri St. Louis. His research has been published in Crime & Delinquency, Justice Quarterly, and Social Science Computer Review.

David E. Connett

Automotive Incident Response

Bio: Not Yet Available

Cassandra Cross

Is online fraud just fraud? Examining professional perspectives on the digital divide

Abstract: Fraud is certainly not a new offence. However, the recent evolution and proliferation of technologies (predominantly the internet) has seen offenders increasingly use virtual environments to target and defraud victims worldwide. Much academic study into this crime type has examined the ways that fraud is perpetrated with a clear demarcation between terrestrial and cyber offences. There are numerous studies which target online fraud (or cyber fraud) specifically and usually exclude more traditional fraudulent approaches. However it is important to consider if there is any utility or benefit to categorising fraud separately depending on the type of environment it is perpetrated in.

This presentation will share insights from thirty professionals who work within the “fraud justice network” across London (UK) and Toronto (Canada). It highlights both the realities faced by professionals in seeking to ether maintain or collapse such a differentiation in their every day jobs. Overall, the presentation considers whether there are benefits to the current digital divide, or whether this actually hinders ongoing work in the area.

Bio: Dr Cassandra Cross is a Senior Lecturer in the School of Justice, Queensland University of Technology. Previously, she worked as a research/policy officer with the Queensland Police Service, where she commenced research on the topic of online fraud. In 2011, she was awarded a Churchill Fellowship to examine the prevention and support of online fraud victims worldwide. Since taking up her position at QUT in 2012, she has continued her research into online fraud, across the policing, prevention and victim support aspects. With colleagues, she has received highly competitive Criminology Research Grants, the first in 2013 to conduct the first Australian study into the reporting experiences and support needs of online fraud victims, and another in 2016 to examine the policing of cybercrime in Australia. She is co-author (with Professor Mark Button) of the book Cyber frauds, scams and their victims published by Routledge in 2017.

Cassandra Dodge

A New Profile of Cybercrime: An Application of Statistical Profiling on Computer-Related Crime

Abstract: This research creates a new criminal profile for computer-related crime by establishing the link among certain offender traits and crime features. Utilizing NIBRS data from 2007 to 2014, a sample of 9,233 computer-related crimes were analyzed using latent class analysis (LCA) to identify underlying groups within the offender and offense characteristics.

Bio: Cassandra Dodge, M.S., is a doctoral student from the University of South Florida with a research focus on cybercrime and technology. She also completed a graduate certificate in Digital Forensics from USF in December of 2017.

Aric Dowling

Overview of the Michigan State Police Cyber Section, Cyber Services, Trends, and Threats with case examples.

Bio: Detective Lieutenant Aric Dowling became a trooper for the Michigan State Police in 2000. He spent the next 12 years in various positions in southeast Michigan, including undercover work as a Detective Trooper in Detroit. He has served as a Sergeant in various technology areas within the Michigan State Police and now serves as an Assistant Commander of the Michigan State Police Cyber Section, overseeing the Computer Crimes Unit, the Internet Crimes Against Children task force and the Michigan Cyber Command Center.

Seth Edgar

Collaborative Security

Abstract: Several groups have attempted shared security models and indicator sharing several times over, but with little to no adoption. This presentation explores workable models for mutually-beneficial security collaboration while incentivizing participation.

Bio: Seth Edgar is the Chief Information Security Officer for Michigan State University. Prior to coming to Michigan State, Seth worked as a security researcher and engineer for the MITRE Corporation and Naval Postgraduate School. Seth’s research work and interests are focused on reverse engineering, malware trends, penetration testing, and digital forensics.

Richard Frank

Hackers hedging bets: A cross-community analysis of online hacking forums

Abstract: Cybercriminals use online discussion forums to learn their illicit trade, purchase the necessary tools and information and conspire to commit offences, like credit card fraud, identity fraud and money laundering. For researchers, capturing and analyzing the content from these hacking forums helps understand how virtual black-market economies work so that this knowledge can be used to disrupt them. In this project, we study the greater hacking community to find prominent players and identify emerging threats by capturing data from multiple online discussion forums simultaneously, merging the data into a single cohesive searchable database, then apply cross-community analysis to understand community overlap. This analysis allows us to identify prominent users across multiple communities, their role and significance in the greater community, and any threats that they pose. By studying users across communities, and not just within a single community, we aim to more clearly understand more accurately the roles these communities in facilitating cybercrime.

Bio: Richard Frank is Assistant Professor in the School of Criminology at Simon Fraser University (SFU), Canada and Director of the International CyberCrime Research Centre (ICCRC). He is also Associate Editor-in-Chief of Security Informatics. Dr. Frank completed a PhD in Computing Science (2010) and another PhD in Criminology (2013) at SFU. His main research interest is Cybercrime. Specifically, he’s interested in hackers and security issues, such as online terrorism and warfare.

Joshua Gembala

Why technical support can be the best friend or worst enemy of Incident Response

Abstract:Once, not so long ago, it was common for an organization to have a dedicated IT department responsible for all the company’s technology (see The I.T. Crowd). Those days are gone now, and even small businesses have found themselves having to reorganize their teams based on functional roles and specializations. Whether utilizing internal resources, managed services, contractors, or Fiverr, we have become an often-disconnected collection of groups with different, and sometimes conflicting goals. Even if your organization is lucky enough to have an internal incident response (CIRT) they can quickly find themselves at odds with other teams such as the help desk, deployments, or project services teams. Everyone in an organization plays a role in incident response, and it is your job to make them aware of their role, responsibilities, and ensure they have the training and tools to perform it.

Bio: Josh Gembala manages a talented and dedicated team of Security Specialists at ASK. He is passionate about information security and committed to developing cybersecurity services for businesses of all sizes. Josh’s unique approach and attention to detail continues to be instrumental in establishing ASK as a leader in the Cybersecurity Marketplace. In 2014, Josh joined ASK and was the driving force behind the establishment of ASK Enhanced Security Services (ESS). He has established a team of analysts, developers, researchers, and consultants that serve ASK clients through proactive and managed cybersecurity services. ESS process control, operational excellence, and ingenuity has led to ASK’s reputation as an emerging leader in cybersecurity. In addition to cybersecurity, Josh has many years of experience in IT system administration and integrated security.

Dr. Thomas Holt

Examining the factors associated with web defacements

Bio: Dr. Thomas Holt is a Professor in the School of Criminal Justice at Michigan State University specializing in cybercrime, policing, and policy. He received his Ph. D. in Criminology and Criminal Justice from the University of Missouri-Saint Louis in 2005. He has published extensively on cybercrime and cyberterror in outlets such as Crime and Delinquency, Sexual Abuse, the Journal of Criminal Justice, Terrorism and Political Violence, and Deviant Behavior. He has also received multiple grants from the National Institute of Justice and the National Science Foundation to examine the social and technical drivers of Russian malware writers, data thieves, and hackers using on-line data.

Dr. Thomas Hyslip

The challenges of International Cybercrime Investigations and the innovation of law enforcement and criminals.

Abstract: In 2012, a hacktivist group calling themselves Team Digi7al hacked dozens of government and private computer systems, and posted the stolen information online. The victims included the National Geospatial-Intelligence Agency, the U.S. Navy, Los Alamos National Laboratory, Harvard University, the Toronto, Canada Police Department, and the World Health Organization. The crimes were primarily SQL injections, but also included Cross-site Scripting (XSS) attacks. This case study will highlight the challenges faced by law enforcement as cybercrimes become increasingly international in scope, as well as the innovation of both law enforcement and criminals.

Bio: Dr. Thomas Hyslip is currently the Resident Agent in Charge of the Department of Defense, Defense Criminal Investigative Service (DCIS), Cyber Field Office, Eastern Resident Agency. Prior to joining the DCIS in 2007, Dr. Hyslip was a Special Agent with the US Environmental Protection Agency, Criminal Investigation Division, and the US Secret Service. Throughout his 19 years of federal law enforcement, Dr. Hyslip has specialized in cybercrime investigations and computer forensics. Dr. Hyslip has testified as an expert witness on computer forensics and network intrusions at numerous federal, state, and local courts. Dr. Hyslip is also an adjunct Professor at Norwich University. Dr. Hyslip received his Doctor of Science degree in Information Assurance from Capitol College in 2014.

Jay Kennedy

The Role of Technology in Insider White-Collar Crime Commission and Prevention.

Abstract: The increasing scope of technology within the workplace creates a number of opportunities for crime, as well as opportunities for innovative crime prevention initiatives. This presentation will discuss the impact of technology-assisted insider white-collar crimes, as well as the ways in which organizations can increase formal and informal control through existing and emerging technology.

Bio: Dr. Kennedy completed his Ph.D. in Criminal Justice at the University of Cincinnati, where he was Graduate School Dean’s Distinguished Fellow, as well as a Yates Scholar. While at the University of Cincinnati Jay was awarded a Graduate Minority Fellowship from the American Society of Criminology, and received several research grants and awards. A graduate of the MBA program at the Carl H. Lindner College of Business, University of Cincinnati, his research focuses upon the multi-level antecedents of corporate crime, deviance within corporations, employee theft, the role business ethics plays in decision-making, product counterfeiting and intellectual property theft. Prior to attending graduate school, Jay spent just over 8 years working for a number of corporations in the metro Detroit area, including a major non-profit organization, a family-owned automotive supplier, and a Fortune 100 corporation.

Christian Kopacsi

ATT@CKing for better Defense: An Introduction to the MITRE ATT@CK Framework

Abstract: The time before an adversary is detected continues to be excessive, on average, between 6 months to a year. Think about that, 180 days for an adversary to be pillaging your data and doing whatever they want without being detected. While the Information Security community is getting better and has created different frameworks and maturity models, a different approach is needed. The MITRE ATT&CK framework was created to help aid defenders and significantly reduce dwell time (the time an adversary is on the network before being detected). The framework takes an “Assume Breach” stance meaning you’ve already been compromised you just haven’t discovered it yet and introduces detection methods to detect post-compromise tactics and techniques. This talk will focus on an introduction to the MITRE ATT&CK Framework and integration of open-source tools to increase cyber defenses and ensure your Blue Team can detect post-compromise techniques.

Bio: Christian Kopacsi, CISSP, CISM, GCFE, GMON, GCFA, GCIH, CEH

Mr. Kopacsi, Cyber Security Incident Response Team Manager at Consumers Energy has over 20 years’ experience in Information Security. He received his bachelor’s degree from Davenport University in Information Assurance and his master’s degree from Fort Hays State University in Information Security Management.

As part of an Executive on Loan program Christian served as the Chief Security Officer, Deputy Director of Cybersecurity and Infrastructure Protection for the State of Michigan. Prior to joining Consumer’s Energy, Christian was the AVP, IT Security and Architecture at Chemical Bank. Previous to this Christian held various leadership positions in Information security in the Healthcare and financial industries.

In addition Christian has been an adjunct professor at Walsh College and Davenport University teaching in the areas of Information Security and Digital Forensics.

In his spare time Christian enjoys reading, watching movies and home improvement projects. He currently resides in Lansing, MI with his wife and two dogs.

Tim Lauster

The Evolving Cybercrime Threat: An FBI Perspective

Abstract: Technological advances have provided a new toolset to both the cybercriminal and the cyber investigator. SA Lauster will describe how the Federal Bureau of Investigation addresses this evolving cybercrime threat through case studies of recent investigations.

Rutger Leukfeldt

Financial cybercrimes and situational crime prevention

Abstract: Cybercrime poses a serious threat to internet users in current, digitized society. Therefore, it is important to find means by which cybercrimes can be combatted effectively. One possibility for reducing (criminal opportunities to commit) cybercrime is situational crime prevention.

This paper focusses on situational crime prevention measures against financial cybercrimes (i.e., phishing and banking malware). These measures are developed based on 5 years of empirical research by the two authors, including an analysis of police investigations (n = 40), incidents registered in a fraud database of a financial institution (n = 600), interrogations of money mules (n = 190), a victim survey (n = 10,416), two survey studies on internet users (n = 1,200; n = 1,201), and victim interviews (n = 30), which led to 20 peer-reviewed publications.

This paper takes an holistic view on the results and conclusions from these publications. Unique to this endeavor is that the findings are integrated and translated into measures that can be used to create barriers against cybercriminal networks committing financial cybercrimes.

The paper starts by giving a brief overview of processes and actors involved in phishing and banking malware attacks. We first describe the processes of origin and growth of cybercriminal networks; where and how do cybercriminals meet and how do they recruit new members. Second, the crime scripts of networks involved in financial cybercrimes are covered; how do criminals select their targets, how are money mules used to steal money. Third, the behavior of users and suitable targets are studied; are some users more at risk than others?

The paper continues by applying the five strategies of situational crime prevention of Cornish and Clarke (2003) to cybercriminal networks. Examples of situational crime prevention measures against cybercriminal networks that commit financial cybercrimes include: making users more cyber aware (increase the effort of crime); extending guardianship to financial institutions (increase the risk of crime); frustrating online crime markets (reduce the rewards of crime); preventing online hacking subculture from emerging (reduce provocations that invite criminal behavior); and educating potential money mules about their role in the crime script (remove excuses for criminal behavior). Although not all of the five strategies seem to be perfectly suitable to create barriers against cybercriminal networks, our analyses clearly show that situational crime prevention provides a useful framework for cybercrime.

Tom Lintemuth

You Stole My Password, So What?

Abstract: Fraud utilizing Account takeover is increasing in prevalence, time to detect, and expense for consumers as well as financial institutions/corporations. Properly deployed technology helps businesses and consumers take steps to combat and prevent ATO fraud.

David Maimon

Environmental Cues and their Impact on Public Wi-Fi Users’ Privacy Behaviors

Abstract: The recent growth of Wi-Fi in public places (public Wi-Fi) has facilitated users accessing the Internet from virtually anywhere, anytime. In most cases, to facilitate ease of use these wireless networks do not require any form of user authentication or identification to use them. This dearth of both virtual (access to a protected network) and physical (access to a protected building) security provisions expose users of these public networks to a wide range of both online (for example man-in-the-middle attacks) and offline (for example shoulder surfing) attacks. Therefore, security experts encourage users of these networks to employ different methods to protect their computers and their data from abuse. One way to nudge people into applying self-protective behaviors when using these public networks is through the introduction of relevant security cues in the physical environment. However, scant research exists that provides evidence to show that users are even aware of either their surroundings or the cues that exist in those surroundings, when using public Wi-Fi. This paper addresses this gap in the literature and examines whether public Wi-Fi users are aware of the presence (situational awareness) of other people when using public Wi-Fi networks. It then investigates whether this situational awareness is associated with computer users’ decisions to use public Wi-Fi, and if so, whether this awareness determines public Wi-Fi users’ adoption of both offline and online self-protective behaviors on these networks. We use both survey and experimental methodologies to answer these questions.

Bio: David Maimon is an Associate Professor in the department of Criminology and Criminal Justice at the University of Maryland. He received his Ph.D. in Sociology from the Ohio State University in 2009. David’s research interests include theories of human behaviors, cyber-enabled and cyber-dependent crimes and experimental research methods. In 2015 he was awarded the “2015 Young Scholar Award” from the “White-Collar Crime Research Consortium of the National White-Collar Crime Center” for his cybercrime research. His current research focuses on computer hacking and the progression of system trespassing events, computer networks vulnerabilities to cyber attacks, and decision-making process in cyber space. He is also conducting research on intellectual property and cyber fraud.

Fatima Mawani

Designing the Canadian Survey on Cyber Security and Cybercrime

Abstract: Despite a trend of declining police-reported crime rates, little is known about cybercrime as offences typically go unreported to police. Indeed, The Cost of Cybercrime to Canadian Businesses: Measurement Feasibility Study confirmed that most people report cybercrimes to businesses instead of the police. Building on this work, Public Safety has partnered with Statistics Canada to develop the Canadian Survey of Cyber Security and Cybercrime (CSoCC), to collect data on the impact of cyber incidents to Canadian businesses and their activities to mitigate the effects for reference year 2017. This survey will sample approximately 12,000 Canadian businesses across industries to report on themes of business characteristics and resiliency; cyber security environment, readiness, incidents, reporting, and costs. As an emerging issue, data of this type has not been collected by the Government of Canada previously on this scale. Data from this survey is intended to support the development of evidence-based policy in Canada, better understand the impact of cybercrime on Canadian businesses, and for the study of cyber security and cybercrime within industries. The survey methodology will be discussed in the presentation.

Bio: Fatima Mawani is currently a Senior Research Analyst with Public Safety Canada. She earned her Masters of Arts in Public Administration, in collaboration with the Women’s Studies program from the University of Ottawa in 2006. She also holds her Bachelor of Arts (Honours) in Criminology, with a specialization in Sociology from Carleton University. She has research experience in a range of law enforcement and policing areas, including leading projects related to cybercrime and cyber security metrics and cannabis seizure data collection. Other research areas she has contributed to include sexual assault investigations, human trafficking, child sexual exploitation, and marginalized advocacy coalitions. When Fatima is not busy researching, she can be found playing hockey, bodybuilding at the gym, or posting pictures of her cat on social media.

Rob McCurdy

Collaborative Security

Abstract: Several groups have attempted shared security models and indicator sharing several times over, but with little to no adoption. This presentation explores workable models for mutually-beneficial security collaboration while incentivizing participation.

Bio: Rob McCurdy is the Chief Information Officer (CIO) of Michigan State University (MSU), responsible for primary leadership of strategic, financial, and policy initiatives affecting information technology (IT) at the university. MSU IT provides technology solutions that enable MSU to excel in research, education, and outreach.

McCurdy has achieved improvements in security, operations and academic technology, including the design and construction of a new data center, the implementation of a new electronic health record system and deployment of a university-wide collaboration platform. Through partnerships with university stakeholders, McCurdy accelerated adoption of standard IT services and integrated dispersed IT teams across the university.

McCurdy previously served as the first Chief Information Security Officer (CISO) of MSU, leading the development of a cohesive IT security strategy, standing up a team of IT security specialists and rapidly deploying security services across the organization.

Prior to joining MSU, McCurdy served as the CISO of Farmers Insurance. McCurdy focused on consolidating dispersed business aligned teams into a single security team, providing a higher level of business service through global information security functions and technology. McCurdy also consulted with Fortune 100 companies on the design, build, and assessment of security solutions and programs.

McCurdy earned his Bachelor of Science from Michigan State University in Computer Science and Engineering. He also has completed courses for Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Information Technology Infrastructure Library version 3 Foundations (ITILv3), Courion Identity and Access Management, CA Identity Management, HIPAA and PCI.

Tim Mielak

Innovating in Spite of Oneself – Using progressive thinking and technology to transform conventional cyber security paradigms in the financial sector.

Abstract: Every day, security professionals race the clock as exploits are handed down from sophisticated actors to commodity actors at faster and faster rates. How can we get an edge when everything about our security programs is dictated to us by regulators and conventional wisdom? How can we build an effective defense as control costs rise and qualified people become harder to find?

Bio: Timothy Mielak serves as the Chief Information Security Officer (CISO) at Michigan State University Federal Credit Union (MSUFCU). As CISO, he is responsible for developing and executing strategies to protect the Credit Union from internal and external information security threats and ensures the integrity of member and organizational data. Joining MSUFCU in 2016, Dr. Mielak was previously the Enterprise Security Officer at Alaska USA Federal Credit Union as well as an Adjunct Professor at the University of Alaska, teaching Computer and Network Security.Dr. Mielak received a Bachelor of Arts (BA) in Liberal Arts and Sciences from the University of Illinois, a Master of Arts (MA) in Music from Washington State University, and a Doctor of Musical Arts (DMA) in Computer Music Composition from the University of Missouri at Kansas City. His professional memberships include: InfraGard, Information Systems Security Organization (ISSA), and the Information Systems Audit and Control Association (ISACA).

Jason Miller

Visible and Invisible Attack Vectors.

Abstract: A criminal hacker can use attack vectors, a path or means by which to gain access to a computer or network server or endpoint in order to deliver a payload or malicious outcome. These attack vectors are both visible exploitable system vulnerabilities, and invisible vectors, including the human elements.

Bio: Jason Miller began his IT career in 1998 and has spent the last 19 years focusing on network, system administration and cloud technologies. Miller is passionate about helping businesses embrace the next generation of technology including cloud adoption and high performance scaling software. Miller was part of a successful cloud ERP start-up and has additional experience with solution architecture, virtual CTO leadership, innovation direction and software defined architecture. His ability to reinvent and articulate the necessary steps for creating a dynamic environment has made him a sought out leader in his field. With the constant technical changes organizations face, Miller knows that empowering the people who power the software is the most effective tactic. Miller accomplishes this by listening and helping adopt innovative methods so businesses can make proper decision.

Specialties include: public/private cloud, datacenter, lean operations, DevOps, cyber security, software-as-a-service, infrastructure-as-a-service and digital business transformation.

Steve Motts

ATT@CKing for better Defense: An Introduction to the MITRE ATT@CK Framework

Abstract: The time before an adversary is detected continues to be excessive, on average, between 6 months to a year. Think about that, 180 days for an adversary to be pillaging your data and doing whatever they want without being detected. While the Information Security community is getting better and has created different frameworks and maturity models, a different approach is needed. The MITRE ATT&CK framework was created to help aid defenders and significantly reduce dwell time (the time an adversary is on the network before being detected). The framework takes an “Assume Breach” stance meaning you’ve already been compromised you just haven’t discovered it yet and introduces detection methods to detect post-compromise tactics and techniques. This talk will focus on an introduction to the MITRE ATT&CK Framework and integration of open-source tools to increase cyber defenses and ensure your Blue Team can detect post-compromise techniques.

Bio: 20+ years of IT experience, with the last 15+ dedicated to cyber-security. Coder, red/blue-teamer, and a passion for cyber-security, by no means an expert but will give my 2 cents on anything cyber (right or wrong).

Kevin Steinmetz

Subverting Security with a Smile: An Exploration of Social Engineering

Abstract: Social engineering is concept that emerged from the hacker and security communities. It describes a process of manipulating, deceiving, or influencing the people involved in information security as a means to gaining access to otherwise secure information or computer systems. This presentation briefly traces the history of social engineering and discusses initial findings from an NSF-funded study of social engineering. Specifically, results from interviews with social engineers and security auditors will be presented. Cursory conceptual and theoretical ruminations on social engineering and information security will also be explored.

Bio: Kevin F. Steinmetz is an Associate Professor of Sociology at Kansas State University. He earned his Ph.D. in Criminal Justice from Sam Houston State University in 2014. While he works in multiple areas, most of his research has been centered on cybercrime. His most recent research involves a National Science Foundation-funded study of social engineering. His work has appeared in multiple peer reviewed journals including Theoretical Criminology, The British Journal of Criminology, and Deviant Behavior. He has also published two books including Hacked: A Radical Approach to Hacker Culture and Crime (NYU Press) and a co-edited volume entitled Technocrime and Criminological Theory (Routledge).

Shawn Swartout

Bio:Shawn Swartout,, CISSP, is the Director of TIAA’s Cyber Investigation’s function where he leads a team that aims to protect TIAA resources, employees and customers from cyber related threats. Shawn has over fifteen years of security and risk management experience within the financial services, department of defense, and technology industries. Prior to joining TIAA, Shawn evaluated, managed, and evolved clients’ security programs, as a member of Leviathan Security Group, by developing strategic plans, threat models, and assessments of organizational security posture. As a security director, Shawn formally directed and executed the security, fraud, Bank Secrecy Act (BSA), and anti-money laundering compliance programs within Sterling Bank, a former super-regional financial institution. Shawn presented at a number of conferences, client briefings and professional chapter meetings including the American Bankers Association Risk Forum, Association for Financial Professionals and the Association of Certified Fraud Examiners. Shawn holds a Bachelor of Science in Business Information Systems and is a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM).

Andrew Woodard

Case Study: Carving out a NIST 800-53 High Compliant System within a Shared SaaS Environment

Abstract: Within the healthcare market, customers often require more security restrictions than are mandated by State or federal regulations (such as HIPAA). Certain customers, such as federal agencies, may require even higher levels of security, on par with the U.S. Department of Defense. Such requirements can be expensive enough in a dedicated environment devoted solely to those customers. It can become cost-prohibitive, however, when these requirements must be applied throughout the organization’s environment across multiple customers. When this happens, the security team must collaborate with the prospective customer to realistically refine the system boundaries.

Bio: Andrew Woodard, Director, Chief Information Security Officer. Mr. Woodard joined Delta Dental in February 2015. He is the HIPAA Security Officer and is responsible for the overall IT security program, including strategic direction and day-to-day operations. Prior to joining Delta Dental, Mr. Woodard spent almost 12 years at Truven Health Analytics (formerly Thomson Reuters, currently an IBM company), with a focus on compliance and security, with promotions to Manager and then Director of Security Management. Prior to joining Truven Health Analytics, Mr. Woodard spent five years at EDS (now HP). Mr. Woodard holds an MBA from the New York Institute of Technology, a Graduate Certificate in Information Systems from Eastern Michigan University and a bachelor’s degree from Lake Superior State University. Mr. Woodard also holds two industry security certifications – Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).