Title: New York State's New College of Emergency Preparedness, Homeland Security and Cybersecurity: Training a New Generation of Leaders
This presentation will describe the creation, rapid growth, structure, and function of the new College of Emergency Preparedness, Homeland Security and Cybersecurity (CEHC) at the the University at Albany. With this new institution, and the hundreds of students who have flocked to it, New York and the State University of New York (SUNY) have embarked on a new chapter in the education, training, and professionalization of undergraduate and graduate students in these important areas. Curriculum, experiential learning, focus on practice and professional engagement, research, and the quality and qualities of the diverse student body will all be covered in this presentation.
Dr. Brian Nussbaum is an assistant professor in the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University at Albany. He also serves as a fellow of the Cybersecurity Initiative at New America, an affiliate scholar at the Center for Internet and Society (CIS) at Stanford Law School, and a senior fellow with the Center for Cyber and Homeland Security (CCHS) at George Washington University. Dr. Nussbaum formerly served as senior intelligence analyst with the New York State Office of Counter Terrorism (OCT), a part of the New York State Division of Homeland Security and Emergency Services (DHSES).
Title: The Road to Hiring is Paved in Good Intentions
The information security field is in desperate need of people with the technical skills and capabilities to fill a myriad of roles within organizations around the world. However, hiring managers and leadership are doing horribly when it comes to hiring and interviewing for these roles. Organizations are doing poorly trying to communicate expectations for a job, conducting interviews that make it impossible for candidates showcase their (limited or vast) experience, and some managers posture themselves so poorly that the candidates want nothing to do with the opportunity.
This talk takes the experiences of the speaker as both interviewer and interviewee, as well as from others within the scene in order to let the people making hiring decisions know what they can do to get the people and experience they need for their teams. In addition, this allows for candidates to learn the limiting factors and challenges of hiring mangers face in hopes to prepare for and 'hack the system' to work around them.
Tim O'Brien is a 17-year information security professional and a subject matter expert in risk and incident management, intrusion and data analysis and secure architecture design. Tim is well versed in developing technical solutions, determining the best options for the business and its goals, and creating comprehensive implementation plans that minimize risk for the organization. His excellent analytical and problem-solving skills, with emphasis on understanding relationships among technical problems, result in sound and effective business solutions while reducing risk. He enjoys mentoring others and helping them develop their skills through supervisory positions, coursework development, mentoring, presenting at and helping run InfoSec conferences as well as instructional roles. Having progressed through the ranks to hiring manager and director level, he has experienced the pain from both sides of the hiring process and desires to improve the situation for the InfoSec/hacker community.
Title: Hold my Red Bull: Undergraduate Red Teaming
In this talk Jon covers the pros and cons of Undergraduate Cyber Security Programs, including what they lack when it comes to Offensive Security. It will then touch on the ethics of teaching College Students hacking and then go on to lay out recommendations and guidelines that educators can utilize or incorporate into their CS programs. It ends with an explanation of why it is so important to start producing white-hats before they graduate and some suggestions/tips for current students pursuing higher education that want to enter the field of Offensive Security. This talk is an opportunity for students and professionals alike to peer into the mindset, skill set, and knowledge required to get hired and be successful as a Penetration Tester aka Whitehat Hacker.
Jonathan Gaines is a Security Consultant, Penetration Tester, Indepdent Researcher, and full-time student. He has earned a Associates Degree in Criminal Justice:Cyber Security as well as a COMPTIA Security+ certification. Currently, he is working full-time at Leet Cyber Security and is just about finished with his bachelor's degree in Networking & Cyber Security from Champlain College. He has considered himself a cyber security professional and researcher since 2012 and holds an overwhelming passion for all things relating to Information Technology and especially Information Security which extends back to his childhood
Title: Whose Idea Was That? Comparing Security Curriculums and Accreditations to Industry Needs
Security is hard but security education may be harder. Few academic institutions have the skills or resources to dedicate solely to security education. Rather, most security programs in higher education have grown out of or have been welded on to other technology programs. The resulting fractured educational ecosystem has created a disparity in the skill sets of graduating students and has it challenging to develop standards to ensure consistency across educational programs.
This talk will take a look at how security curricula have traditionally been developed and continued to be shaped by a variety of forces. We will examine some of the proposed solutions for accrediting programs and analyze their strengths and weaknesses. Subsequently we will try to determine which type of student each model designed to produce and provide our own recommendations about how to standardize security education.
Robert Olson is currently a lecturer at the Rochester Institute of Technology, where he teaches courses in programming, mobile security, and web application security. In a prior life, he developed courses in the fundamentals of information security, penetration testing, and exploit development as a lecturer at the State University of New York at Fredonia. He holds a Masters of Science in Interdisciplinary Studies (Cognitive Science), a Masters of Science in Management Information Systems, along with some industry certifications (CEH, CISSP, OSCP). When not doing cybery things, he enjoys studying machine learning, catching Pokemon, and bumming around Twitter (@nerdprof).
Chaim Sanders is a professional security researcher, lecturer, and tall person. When he is not busy being overly cynical about the state of computing security, he teaches for the computing security department at the Rochester Institute of Technology. His areas of interest include eating food bathed in butter and web security. Lately, his research has been focused around defensive web technologies. Chaim’s sarcasm driven approach to security provides a unique vantage point that helps him to contribute to several Open Source projects including ModSecurity and OWASP Core Rule Set where he serves as the project leader.
Title: So You Want To Be A H6x0r, Getting Started in Cybersecurity
Russ and Doug, co-hosts of Secure Digital Life and with a combined, MANY years working the Cybersecurity community, talk about how you can break into the world of certs, rootkits, and advanced degrees. This talk is primarily focused on attendees who are interested in learning more about what skills, certifications, and training should be pursued to enter the Cybersecurity workforce with a focus on reality.
Doug White, Chair, Cybersecurity and Networking, Roger Williams University, Time Lord
Russ Beauchemin, Director of Instructional Support & Learning Innovation
Cybersecurity, Network Security, & Digital Forensics Program Advisor
Title: Hacks, Lies, & Nation States
A hilarious and non-technical skewering of the current state of Cybersecurity, the Cybersecurity "industry", the US Government's ACTUAL capabilities and the surrounding media circus it creates and what actually happened during the last election... All from the perspective of a Hacker and the State of Connecticut's #1 Cybersecurity expert.
Mario is currently the CIO of Spectrum Virtual and has been recently recognized by the FBI as the top cyber security and incident response expert in the state of Connecticut.
Title: InfoSec Career Building through Reserve Military Service
While not often thought of as a fast track to building a career in Information Security military service in the Reserves provides a multitude of benefits to building a professional portfolio. From obtaining much sought after United States Government security clearances and commercial certifications to practical experience and training in the technical and
leadership domains the Reserve Military offers a vehicle towards launching an InfoSec career (no prior experience required). Learn what it takes to be a part of something bigger than yourself while at the same time establishing career skills that will last a lifetime.
Dan Van Wagenen, CISSP, GCIH, is an information security professional and manager at the New York National Guard's Division of Military and Naval Affairs.
Title: Career Advice From an Awesome Tech Woman
Join Devi Momot, CISSP, GISP, GSLC, CEO of Twinstate Technologies and some friends to discuss types of career opportunities in IT Security and conventional and unconventional ways to get there. Not sure how to get started or where to go from where you are? There will be plenty of time for Q and A too.
Devi Momot, CISSP, GISP, GSLC, CEO of Twinstate Technologies
Title: A Day in the Life of a Security Analyst
A day in the life of a Security Analyst can start out calm or start out on fire. Security Analysts have to work in several different modes depending on the day. Whether it be responding to alarms and information from their security tools, proactively hunting for suspicious activity they think deserves attention, or educating end-users on security best practices. Protecting a Healthcare company's network and the information of its members takes on many different facets. This session will outline some of the key activities performed by Security Analysts on a daily basis
Marc Payzant –
Title: Lead Analyst, Cybersecurity
Marc has been with MVP Healthcare for almost 9 years. He started as a consultant working on merging a SAS70-Type 1 and Type 2. After successfully managing and implementing several high profile IT projects, Marc was hired on as the Manager of the Intel Services team. Marc has had several roles in MVP IT group and is currently the Lead Cybersecurity Analyst. Marc is a 30+ year Information Technology professional with extensive background in Microsoft Windows Active Directory, Identity and Access Management, IT and Business process General Controls, Business Continuity and Disaster Recovery, and Information Security.
As the Lead Cybersecurity Analyst, Marc is responsible for protecting the organization and associated IT infrastructure from both external and internal attacks. Marc works with the cybersecurity and IT security teams to build proper security controls, detection capabilities, and develops alerts that warn of suspicious activity to help prevent the theft of sensitive information (including financial, personal, and company confidential). Marc is a key member of MVP’s Incident Response Team (IRT) where he leads and coordinates incident response efforts associated with a breach, system disruption, and/or disaster. Marc, along with other members of the security team, is responsible for ensuring aspects of the business remain operational in the midst of disruptive events.
When not working, Marc enjoys winter hiking (ADK W46r, Saranac 6r Ultra Winter, Catskill W31 (just 4 more to go!), Fire Tower Challenge) and camping, Obstacle Course Racing and riding his motorcycle. Marc served in the US Navy as a Quartermaster, QM2/SS, aboard the fast attack submarine USS Glenard P. Lipscomb, SSN-685.
Ken Oliver –
Title: Cybersecurity Analyst
Ken has spent the last two years as a Cybersecurity Analyst at MVP Health Care, focused on intrusion prevention and security awareness training.
Prior to his career in cybersecurity, Ken served twelve years in the United States Marines. Throughout his tour, he was assigned various duties to include: administrative chief, manpower analyst, staff secretary, career retention specialist, marksmanship instructor. In 2013, Ken left active duty at the rank of Staff Sergeant.
In his downtime, Ken enjoys being a foster parent, traveling, and mentoring.
Ken Oliver holds a B.S. in Information Science with a concentration in Cybersecurity, M.S in Information Science, and a graduate certificate in Information Security from SUNY Albany. Ken is currently pursuing his Certified Information Systems Security Professional certificate.
Aneesa Hussain –
Title: IT Security Analyst
Aneesa has been with MVP Health Care for almost one year as an IT Security Analyst focused primarily on User Access Management and Privileged Access Management. Aneesa recently graduated from the University at Albany in 2016 with a B.S. in Informatics/Cyber-Security and Communications. Throughout college, Aneesa had many internships ranging from Jr. Security Administrator, Student Assistant on the SUNY Helpdesk, a Technical intern, and even a Ceramic Assistant!
In her time at MVP, she has streamlined Annual Recertification processes to maximize efficiency. Aneesa is responsible for maintaining communication with the Compliance team when updates to systems are made in the MVP environment and ensuring constant compliance with Audit requirements. She also works to lock down access to secure areas on our network that house sensitive data. In addition to fulfilling her duties as a Security Analyst, Aneesa has recently become a Community Ambassador at MVP to give back to the community.
In her spare time, Aneesa likes to volunteer at local shelters, play with kids, try cooking new things, and taking pictures. Aneesa loves elephants, loves to travel and to spend time with her family and friends. Being the only female on the Security Team at MVP Health Care has also driven her to raise awareness among girls pursuing a career in the technology field.
Title: Cyber First Response: What it Takes to be CFR Certified
Are you certified in cyber incident response? The CyberSec First Responder (CFR) certification from Logical Operations is designed primarily for cybersecurity practitioners who protect information system, whether before, during, or after a breach. The training course developed to help prepare IT professionals for the certification focuses on the knowledge, ability, and skills necessary to provide for the defense of those information systems in a cybersecurity context, including protection, detection, analysis, investigation, and response processes.
During this session, Logical Operations will provide an overview of the material covered within the CyberSec First Responder training course. At the end of the session, all participants will receive a coupon for 40% off a CyberSec First Responder (CFR) exam voucher, or 10% off a CyberSec First Responder (CFR) training class and exam voucher package from Logical Operations.