agenda

2019 Annual Information Technology Security Conference

2019 Annual Information Technology Security Conference

Commonwealth Charter Academy
1 Innovation Way | Harrisburg, PA 17110
Wednesday, September 18, 2019 | 8:30 am to 3:15 pm
Print Agenda

8 a.m.

Registration - Continental Breakfast, Exhibits Open

8:30 a.m.

Welcome and Opening Comments

  • Gene Barr, President and CEO, Pennsylvania Chamber of Business and Industry
8:35 a.m.

Keynote Speakers:  The Most Serious Threats Today and The Biggest Mistakes Companies Are Making in IT Security

  • William R. Evanina, Director, National Counterintelligence and Security Center
  • Josh Shapiro, Pennsylvania Attorney General, Office of Attorney General

The National Counterintelligence and Security Center (NCSC) is led and staffed by a cadre of professionals with decades of national security and law enforcement expertise and varied analytic, investigative and policymaking backgrounds. The Attorney General is Pennsylvania’s top law enforcement official, with a wide range of responsibilities to protect and serve the citizens and agencies of the Commonwealth.  The speakers will provide their unique perspectives on the most serious threats today and the biggest mistakes companies are making in IT security:

  • The latest developments on the most serious and widespread IT security threats aimed at business, including ransomware, data breaches and compromised stolen data
  • The biggest and most common mistakes companies are making in IT security
  • What companies should have done to protect their information and trade secrets – possible solutions
  • Case studies: real world examples of insider and outsider attack incidents:  what went right and what went wrong
  • Enforcement actions and penalties that both the Attorney General and NCSC can use to go after the “bad guys”
  • When a company should contact the Attorney General’s Office/NCSC and let them know that they have a problem
10 a.m. Refreshment Break – Exhibits Open
10:15 a.m.

Offensive Security & Defensive Tactics (Hands-on Workshop)

  • Charles Sgrillo, CISSP, Red Team Analyst, Vanguard’s Global Risk & Security Division; Professor, Cyber and Information Security, Drexel University

In this workshop attendees will learn the basics of offensive security and how attackers leverage tools and techniques to discover vulnerabilities in an organization. Attendees will leverage widely used, free, and open source tools to learn how to better protect their organizations. In completing this three hour workshop attendees will learn:

Offensive Security:

  • Applying the Cyber Kill Chain
  • Open Source Intelligence (OSINT)
  • Principles of vulnerability assessments and penetration testing
  • An introduction to weaponization and exploit development

Defensive Tactics:

  • How business decisions can create vulnerabilities
  • Designing technical solutions and business policies to better counter attackers
  • Applying controls and metrics to evaluate and baseline your cyber posture
  • Road mapping and strategic planning

Attendees participating in this lab should bring:

Noon Lunch – Exhibits Open
1 p.m.

Offensive Security & Defensive Tactics (Hands-on Workshop) (cont’d)

  • Charles Sgrillo, CISSP, Red Team Analyst, Vanguard’s Global Risk & Security Division; Professor, Cyber and Information Security, Drexel University
2 p.m. Refreshment Break – Exhibits Open
2:15 p.m.

The Many Layers of the Dark Web and Protecting Your Company

  • Connie G. Mastovich, Senior Cybersecurity Analyst, Reclamere

This presentation will provide fascinating information regarding the little-understood Dark Web portion of the internet.  If someone is accessing the Dark Web on a business network, there could be any number of compromises to the network.  And, if a business is not adequately securing their sensitive, confidential, or proprietary information, that information could end up for sale on the Dark Web.  We will discuss:

  • The Dark Web—how it works, what to look for, what all can go on there
  • Why it is important for security professionals to understand the Dark Web
  • How people find and access it
  • What law enforcement is doing to combat the activities there
  • How criminals try to avoid capture by using both technology and other methods
  • Recent evolution of Dark Web markets
  • Demos of actual Dark Web sites
  • Suggestions that security specialists can use to protect the information they handle on a daily basis from being exploited on the Dark Web.
3:15 p.m. Adjourn

Although some of the presenters are attorneys, nothing in this program should be construed as legal advice or as pertaining to specific factual situations.

Register to attend