Hosted by:

November 1–2, 2012 Portsmouth Harbor Events & Conference Center | Portsmouth, NH

“Means, Motive & [denying] Opportunity”Mission: Protect Your Data

CyberCrime2012 Symposium

CyberHero

CyberCrime 2012 SymposiumDAY ONE AGENDA: Thursday November 1, 2012

Registration: 11:30 a.m. – 12:00 p.m.

Welcome and Opening Remarks: 12:00 p.m. – 12:15 p.m.

We Need CyberHeroesSpeaker: Sari Stern Greene, Sage Data Security Host Representative

It is time to take back control of our digital world. Time to deny opportunities to those looking to disrupt systems, steal data and profit from the mayhem. We need CyberHeroes willing to stand up and do

what it takes to actively protect and defend our organizations, our communities and our nation.

Sari Stern Greene, CRISC, CISM, CISSP, is the founder of Sage Data Security. She is a recognized leader in the field of information security, and the author of Security Policies and Procedures: Principles and Practices, which is being used in undergraduate and graduate programs nationwide. Sari advises senior management and directors on information security issues and strategic planning. She is chair of the CyberCrime Symposium, a member of several security working groups, a frequent lecturer at colleges and universities and a supporter of regional ISACA and ISC2 organizations.

Lunch Keynote: 12:15 p.m. – 1:30 p.m.

Value of a Hacked PCSpeaker: Brian Krebs, Editor, KrebsonSecurity.com

A major focus of award-winning journalist Brian Krebs’ reporting over the past half-decade has been to highlight individuals, networks and entities that according to multiple sources appear to facilitate or directly participate in illicit activity online. The means may be DDOS, malware, social engineering, botnets or hacking exploit. The motive is financial gain. Brian will take us on an in-depth look at the underworld of cybercrime and the value of a hacked PC.

Brian Krebs is the editor of KrebsonSecurity.com, a daily blog dedicated to in-depth cyber security news and investigation. For the second year running, KrebsonSecurity.com was voted the blog that best represents the security industry by judges at the 2012 RSA Conference. He was also presented with the “Security Bloggers Hall of Fame Award,” alongside noted security expert Bruce Schneier. Krebs worked as a reporter for The Washington Post from 1995 to 2009, where he covered internet security, cybercrime and privacy issues for the newspaper and the website. His stories and investigations have also have appeared in Popular Mechanics, MIT Technology Review, CSOonline and Wired.com.

Afternoon Session I: 1:45 p.m. – 2:45 p.m.

Steal Everything, Kill Everyone and Cause Total Financial Ruin (Or How I Walked In and Misbehaved)Speaker: Jayson E. Street, Author of Dissecting the Hack: The F0rb1dd3n Network

They say one picture is worth a thousand words. Jason will show us how one picture cost a company one million dollars and maybe

even a few lives. The dangers of social engineering are real and can result in the demise of an organization. Jason will share the results of actual engagements, why they were successful and most importantly, what would have stopped them, including theft, espionage and workplace violence countermeasures.

Jayson E. Street is author of the book Dissecting the Hack: The F0rb1dd3n Network. He has worked with the FBI on network breaches, resulting in the capture and prosecution of the criminals involved, and consulted with the Secret Service on the WI-FI security posture at the White House. He has also spoken at DEFCON, BRUCON, UCON, and at several other “CONs” and colleges on a variety of Information Security subjects. Jason is on the SANS GIAC Advisory Board, is a SANS mentor and serves on the Oklahoma “INFRAGARD” Board of Directors.

Afternoon Session II: 3:00 p.m. – 4:00 p.m.

The Story Behind the StatisticsSpeaker: David Ostertag, Global Investigations Manager at Verizon Investigative Response

855 incidents, 174 million compromised records – 2011 boasts the second-highest data loss total since Verizon started keeping track in 2004. Mainline cybercriminals continued to automate and streamline their method du jour of high-volume, low-risk attacks against weaker targets. Much less frequent, but arguably more damaging, were continued attacks targeting trade secrets, classified information, and other intellectual property. The 2012 Verizon Data Breach Investigations Report (DBIR) is more than a recounting of statistics; it is the story of the many faces of corporate data theft, varied tactics and diverse motives.

Dave Ostertag is the Global Investigation Manager for the Investigative Response Unit at Verizon, and has more than 30 years of investigative experience in the government and security arenas. Dave coordinates the forensic investigations conducted by the Verizon investigative response unit worldwide. Dave has taken the lead on many of the highly publicized large data compromise investigations over the past few years. In addition, Dave is considered a leader in criminal and civil investigative techniques, is a certified expert witness, and is a frequent instructor and speaker on the topics of data compromise investigation and international criminal organizations. He also serves on the Board of Advisors for the International Association of Financial Crimes Investigators. Afternoon Session III: 4:15 p.m. – 5:15 p.m.

Ways and Means of the Secret ServiceSpeaker: Special Agent, U.S. Secret Service Matt O’Neill

What happens when you call the Secret Service to report a security incident? Special Agent O’Neill will guide us through the Secret Service Response Protocol and the inner workings of the Cyber Intelligence Section (CIS). He will share with us how the CIS successfully investigates, prosecutes and works to dismantle international and domestic criminal organizations.

Matt O’Neill joined the United States Secret Service in December 1998 and spent five years in the New Haven Resident Office. He was assigned to the Vice President’s Detail from 2003-2007. In December of 2007 he was transferred to the Manchester,

CyberHero

New Hampshire Resident Office. Matt has investigated numerous cases of network intrusions, point of sale terminal compromises, money laundering, bank fraud, counterfeit currency cases, wire fraud, and insurance fraud cases. He travelled to Romania and met with the Romanian Attorney General regarding a specific hacking case of significant community impact. He also met with Moldovan officials in Chisinau relating to another network intrusion matter. He has interrogated hackers from all over the globe.

Cocktails and Networking with Colleagues and Speakers: 5:15 p.m. – 6:00 p.m. Informal Roundtable with Dan Mitchell, Esq., Bernstein Shur / Lead Attorney for PATCO v. OCEAN NATIONAL BANK

Dinner and Dinner Keynote: 6:00 p.m. – 8:00 p.m.

Riches, Ruins & Regulation: Recognize and Capture Security Risk – Brian Kenyon Speaker: Brian Kenyon, Vice President, Solution Architecture, McAfee and co-author of Security Battleground: An Executive Field Manual

Building a strategic security plan begins with an understanding of what needs to be protected. Business leaders need to know how to identify information assets of significant value if stolen, potential attacks that might cause great damage and costs associated with failure to meet regulatory requirements. Unfortunately, all too often they aren’t part of the conversation, either because they haven’t been invited, or they choose to self-exclude for fear that additional security countermeasures will hamper progress on critical projects. Brian Kenyon, co-author of Security Battleground, will introduce us to an exercise called “Riches, Ruins & Regulations” designed to uncover business risks in a compelling, non-threatening and engaging way by focusing on the business theme of creating value and avoiding loss.

Brian Kenyon is Vice President of Solution Architecture at McAfee, where he is responsible for leading an engineering organization focused on developing comprehensive security and compliance. Brian serves as a trusted advisor to industry and government orga-nizations on key cybersecurity issues and best practices to guard against these evolving threats. He is a co-author of Security Battleground: An Executive Field Manual, lead author for Security Sage’s Guide to Hardening the Network Infrastructure, and contributing author of network architecture for Special Ops: Network and Host Security for Microsoft, Unix and Oracle.

Dinner Capstone: Wounded Warrior Project® “I Believe” Video PresentationAll proceeds from Kenyon’s Security Battleground: An Executive Field Manual are being donated to the Wounded Warrior Project. The mission of Wounded Warrior Project® (WWP) is to honor and empower wounded warriors. WWP began when several veterans and friends, moved by stories of the first wounded service members returning home from Afghanistan and Iraq, took action to help others in need. What started as a program to provide comfort items to wounded service members has grown into a complete rehabilitative effort to assist warriors as they recover and transition back to civilian life. Thousands of wounded warriors and caregivers receive support each year through WWP programs designed to nurture the mind and body, and encourage economic empowerment. Wounded Warrior Project® is a nonprofit, nonpartisan organization. To learn more visit www.woundedwarriorproject.org

DAY TWO AGENDA: Friday November 2, 2012

Morning Remarks: 8:00 a.m. – 8:15 a.m.

Breakfast Keynote: 8:15 a.m. – 9:15 a.m.

The CERT Top 10 List for Winning the Battle Against Insider Threats Speaker: Randall Trzeciak – Senior Technical Staff Member of CERT program at Carnegie Mellon University

Criminal enterprises mask their fraud by involving multiple insiders who often work in different areas of the organization and who know how to bypass critical processes and remain undetected. In several cases, management is involved in the fraud. Those insiders affiliated with organized crime are either selling information to these groups for further exploitation or are directly employed by them. The insiders usually were employed in lower level positions in the organization, were motivated by financial gain, and were recruited by outsiders to commit their crimes. The average damages in these cases exceed $3M, with some cases resulting in $50M in losses. The CERT Insider Threat Center has studied insider threat for ten years and has worked closely with federal law enforcement, psychologists, cyber analysts, visionary sponsors, academics and practitioners in government and industry. This session will present the top 10 list for winning the battle against malicious insiders based on a decade of work and the nearly 700 actual insider attacks that have been examined.

Randall is currently a senior member of the technical staff at the CERT program at Carnegie Mellon University’s Software Engineering Institute. He is the technical team lead of the Insider Threat Research team, a team focusing on insider threat research, threat analysis and modeling, assessments, and training. Randy has over 20 years’ experience in software engineering, database design, development, and maintenance, project management, and information security. He is a co-author of the book, The CERT® Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Before joining Carnegie Mellon University, Randy worked for Software Technology Incorporated in Alexandria, VA, as a consultant to the Naval Research Laboratory (NRL). He also is an adjunct professor at Carnegie Mellon’s Heinz College Graduate School of Information Systems and Management. Randy holds an MS in Management from the University of Maryland, and a BS in Management Information Systems and a BA in Business Administration from Geneva College.

Morning Session I: 9:30 a.m. – 10:45 a.m.

Infiltrating Cyber CriminalsSpeaker: Jeff Bardin, Chief Intelligence Strategist, Treadstone71

Clandestine denial and deception, direct communications and data exfiltration are true methods of offensive cyber operations that disrupt the command and control of cyber criminals, hacktivists and terrorists. Learn how to bring the fight to their doorstep with actual steps and methods that protect your identity while exploiting cyber adversaries.

Jeff Bardin, CISSP, CISM, C|CISO has served as the Security Manager for the Centers for Medicare and Medicaid (LMIT), Chief Security Officer for Hanover Insurance, the Chief Information Security Officer for Investors Bank & Trust, and the Director, Office of Risk Management for EMC. In 2007 he was awarded the RSA Conference Award for Excellence

in the Field of Security Practices. Jeff published The Illusion of Due Diligence in 2010 and co-authored the Computer and Information Security Handbook. He has published articles for magazines such as The Intelligencer, CSO, and SC Magazine. Jeff served in the USAF as a cryptologic linguist, and in the USANG as an officer. He teaches masters level courses in cyber intelligence, counterintelligence, cybercrime and cyber terrorism at Utica College.

Morning Session II: 11:00 a.m. – 12:30 p.m.

A Company of CyberHeroesSpeaker: Lori Rosenberg, The Lemonade Stand

Imagine the impact of transforming end-users from weakest links into CyberHeroes, dedicated to protecting and defending your organization’s data. This interactive session is designed to spark your creative juices and provide you with ideas, tools and techniques to develop a compelling awareness program sure to engage even the least security conscious user. Lori has over 20 years of training experience and has designed and delivered a wide range of topics in both classroom learning and eLearning. Prior to starting up The Lemonade Stand (www.compliancelemonade.com). Lori specialized in compliance education and awareness training at WaMu. Lori currently provides Information Security education materials for several clients including eBay.

Lunch Keynote: 12:30 p.m. – 1:45 p.m.

We’ve Done the Easy StuffSpeaker: Marcus Ranum, CSO Tenable Network Security

The computer security industry has done a pretty good job with some parts of the security problem, which may result in a bit of “death by success” down the road if we’re not careful. With constant pressure to get more done with less, we’re confronting a potential asymmetry in the level of effort we will need to respond. Marcus will be challenging us to rethink our security strategy as we prepare for the future.

Marcus Ranum is a world-renowned expert on security system design and implementation. He has been involved in every level of operations of a security product business, from developer to founder and CEO. He is recognized as an early innovator in firewall technology, and the implementer of the first commercial firewall product. Ranum’s work has been cited in at least 15 published U.S. patents. He has served as a consultant to many Fortune 500 firms and national governments, as well as being a guest lecturer and instructor at numerous high-tech conferences. He also serves as a technology advisor to a number of start-ups, established concerns, and venture capital groups. His publications include The Myth of Homeland Security, Host Integrity Monitoring Using Osiris and Samhain and Web Security Sourcebook.

Closing Session: 2:00 p.m. – 3:00 p.m.

US Cyber ChallengeSpeaker: Karen Evans, National Director, US Cyber Challenge

Some experts have reported that we have less than 10% of the highly skilled cybersecurity professionals required to secure our information infrastructure. The mission of the US Cyber Challenge (USCC) is to significantly reduce the shortage in the cyber workforce by serving as the premier program to identify, attract, recruit and place the next generation of cybersecurity professionals. Working with industry and academic institutions all over the country, USCC works to bring accessible, compelling programs including camps, competitions, and scholarships that motivate students and professionals to pursue education, development, and career opportunities in cybersecurity. Learn how your company can be involved in deploying the next generation of cybersecurity professionals.

Karen Evans is serving as the National Director for the US Cyber Challenge (USCC). She recently retired after nearly 28 years of federal government service with responsibilities ranging from a GS-2 to Presidential Appointee as the Administrator for E-Government and Information Technology at the Office of Management and Budget (OMB) within the Executive Office of the President. She oversaw the federal IT budget of nearly $71 billion which included implementation of IT throughout the federal government. Prior to becoming the Administrator, Ms. Evans was the Chief Information Officer for the Department of Energy. Before joining Energy, she was Director, Information Resources Management Division, Office of Justice Programs (OJP), U.S. Department of Justice, where she was responsible for the management and successful operation of the IT program.

Closing Remarks: 3:00 p.m. – 3:15 p.m.

Founded in 2002, Sage serves as a strategic security partner for financial institutions, healthcare providers, government agencies and businesses nationwide. Sage offers an award-winning portfolio of Advisory, Assessment and Incident Detection & Response services designed to protect information assets and ensure regulatory compliance. For more information, visit www.sagedatasecurity.com and www.ndiscovery.com

ProtectingInformation Assets.

EnsuringRegulatory Compliance.

FightingCybercrime.

www.cybercrime2012symposium.com