UNC Charlotte Logo
SESSIONS
8:30 - 9:20
McKnight Auditorium
Kunal Anand, Keynote
Beyond the Perimeter: Moving Fragmented Security to Business Security

Between Hollywood movies and real-world attacks, we're living in an era where security is on everyone's mind, By the time you finish reading this abstract, there's a good chance that a company was just breached or its customers exploited. From an adversary's perspective, the attack surface has never been more tantalizing. Cyber security has come a long way in the last decade and is now at an interesting set of cross-roads.

This talk covers today’s fragmented security market and how we need a comprehensive vision of business security to get to the future beyond the perimeter. Specifically, the keynote will cover:

  • New processes and technologies to defend organizations from being another security headline
  • Next generation firewalls, virtualization/containerization, runtime application security, and much more
  • Organizational impact on security in the coming year
  • Gaps across builders, applications, defenders, and infrastructure with some potential solutions

9:20 - 10:10
McKnight Auditorium
Ira Winkler, Keynote
The Phishing Kill Chain

The common perception is that phishing attacks are successful because of user awareness failings. While there is some truth to that statement, successful phishing attacks compromise up to a combined nine layers of technology and user awareness. Only two or three of these layers involves a user. This presentation provides a taxonomy of successful phishing attacks and how to prevent them.

10:40 - 11:30
McKnight Auditorium
VMWare NSX Security Crash Course

VMware NSX brings the concepts of virtualization to the datacenter network. In this crash course, you will get an overview of what NSX is, how it works, and how it affects security implementations. We'll cover the changes NSX brings to the way we implement multi-tenancy, security policy, and network segmentation in the virtual datacenter.

10:40 - 11:30
Cone 210
"Securing the Evolving Network" Strategy

This session will cover the changing Security Market landscape, Security challenges faced by customers, and how Juniper’s “Secure Networks” Strategy, innovation, and leadership portfolio solves the challenges across Enterprise, Service Provider, and Cloud infrastructures. Topics to cover will include: Open Threat Intelligence Platform, Security Analytics, Cloud-based Security Services, Public/Private/Telco Cloud SDN/NFV Security Services, full suite of NGFW/UTM functionality, next-generation Physical and Virtual hyper-converged platforms, and complete Automation at all levels. You will also have the opportunity to provide your feedback to the Juniper development team for its joint success in this market.

10:40 - 11:30
Cone 113
Another Bug Bites the Dust

Heartbleed, Shellshock, and how many more security bugs will we find in open source code that hasn't been evaluated? We continue to see widespread adoption and use of code from all manner of unproven sources. What should your enterprise do? Take control of your software supply chain, and build resilient architectures for specific applications, not general purpose architectures.

10:40 - 11:30
Cone 112
Cybersecurity Education, Training, and Workforce Development

At a time when cyber security prevention, detection, and response are becoming increasingly important for organizations we are in short supply of a qualified cyber security workforce. The National Initiative for Cybersecurity Education (NICE) at the National Institute of Standards and Technology (NIST) is a public-private partnership working to promote an integrated ecosystem of cyber security education, training, and workforce development. The NICE National Workforce Framework can be leveraged across a variety of enterprises to bring focus, structure, and consistency to workforce development efforts relative to cyber security. This session will provide an overview of NICE and its emerging national strategy along with insights on how the NICE Framework can be linked to enterprise risk management, operational best practice, and considerations for enterprise workforce management.

10:40 - 11:30
Cone 112
Developing and Managing a Cyber-Secure Workforce

This presentation will provide guidelines for how to make the enterprise workforce more cyber-secure, from frontline employees to executives. Guidelines include alignment of the workforce with operational best practice, integrating workforce planning into cyber security strategy, essential tasks for every employee, and deployment of dedicated cyber security professionals for maximum effect.

2:40 - 3:30
McKnight Auditorium
Finding Hackers Faster Using Big Data Analytics

Hackers are already in your network, you just don't know it yet. At least, that’s the assumption you need to make. Organizations have implemented layers of security solutions to protect themselves against hacking, so why does it seem like we hear about cybercrime more and more? The answer lies in these solutions’ limited ability to see all interactions within the network – making it difficult to accurately assess and predict abnormal system behavior. This session will explore why and how the confluence of big data and Hadoop, coupled with behavioral analytics, can help organizations take a more proactive and efficient approach to detecting and responding to cyber threats and mitigating attacks before they have a significant financial or reputational impact.

2:40 - 3:30
Cone 210
Dynamic Application Security Testing

Dynamic Application Security Testing (DAST), or "black-box" testing, is performed while the code is executed. It analyzes the properties of the running program. This presentation is an overview of the DAST program, and the benefits this type of testing can bring to an organization.

2:40 - 3:30
Cone 112
Vulnerability Risks in the Healthcare Industry

Protecting critical assets from cyber threats has never been as challenging as it is in today's environments. What was once a discussion only in the data centers is now at the top of the priority list at the highest level of management. From state sponsored attacks to individual attacks from disgruntled employees, the threats are coming from everywhere. As investment is made in securing the traditional Information Technology (IT) infrastructure, risk exposure is now becoming more and more prevalent in a totally different class of asset. Embedded technology in Operational Technology (OT), and vulnerabilities in personal devices (Bring-Your-Own-Device) such as mobile phones, notebooks, tablets, and "wearables" have become the next battleground. In this presentation, we will discuss the current risk landscape; how we got here; present a LIVE DEMO of an example device attack; and what can be done moving forward to reduce risk exposure for a more secure operating environment.

3:35 - 4:25
McKnight Auditorium
AppSensor: Real-Time Event Detection and Response

AppSensor is an OWASP project that defines a conceptual framework, methodology, guidance, and reference implementation to design and deploy malicious behavior detection and automated responses directly within software applications. The AppSensor idea was first conceived in 2008 and is the leading reference point in this area. More recently "application self-protection" has become a hot topic. There are many security protections available to applications today. AppSensor builds on these by providing a mechanism that allows architects and developers to build into their applications a way to detect events and attacks, then automatically respond to them. Not only can this stop and/or reduce the impact of an attack, it gives you incredibly valuable visibility and security intelligence about the operational state of your applications.

3:35 - 4:25
Cone 210
DSMASH: Securing and Maintaining Android with System Hacking

SMASH is a new research effort that MITRE is conducting in partnership with Dr. Bill Chu at UNC Charlotte. The goal of the project is to explore new ways to secure and maintain software on embedded systems, by building a prototype framework using the Android platform. Motivation for this research lies in the past year's flood of vulnerabilities and the alarming rate of devices which have not received timely security updates. This presentation will cover some of the worst Android vulnerabilities in 2015 and the SMASH research approach.

3:35 - 4:25
Cone 112
Security & The Internet of Things

What’s the big deal about the Internet of Things, and why is securing it important? In this presentation we’ll talk about the growth of IoT and why security is critical.

4:30 - 5:10
McKnight Auditorium
PANEL SESSION
Conspectus Insights Panel

The symposium is offering participants an opportunity to ask a panel of experienced information assurance/security leaders your most burning questions. During the symposium, just text your question to iaadvisory101@gmail.com. The panel moderator, Roger Callahan, Information Assurance Advisory, LLC, will select a representative set of questions from participant submittals for the panel to address. Panelists: Tom Bartolomeo, Wells Fargo, Peter Murphy, Cardinal Innovations Healthcare, Sam Phillips, Samsung Electronics, Inc., and moderator, Roger Callahan, Managing Director, Information Assurance Advisory, LLC.