Lightning Talks: Thinking Different

Presented at BSidesLV 2017, July 26, 2017, 11 a.m. (55 minutes)

Beau Woods, Deputy Director of the Cyber Statecraft Initiative and core contributor to I Am The Calvalry, will host discussions on multidisciplinary approaches to solving some of the most important and complex problems in security today.  Join him for this session at 11 am and the Red/Blue Q&A session that follows at noon. *** Significant Soft Skills - It Takes a Village Security requires more than just technical solutions. There's a difference between knowing how to solve a problem and being able to effectively communicate that to someone else whose buy-in is needed to move things forward. Real impact and change require people to agree to an action plan and put processes in place to ensure the right things happen in a coordinated and repeatable manner. Caroline Wong, VP of Security Strategy at Cobalt, will share key stories from her career where effective communication was critical to getting the job done (including an e-commerce firm's response to an international security incident and one CISO's approach to justifying a 15x information security budget for his team). She will also discuss an approach that any security professional can use to easily talk about risk tolerance with a non-security expert. *** Healthcare Data Protection Hazards - The Big Picture is Key Protecting medical data is one of the cyber security industry's top challenges today. Banks and credit card companies now have processes and technology in place to protect customers from financial fraud, but stolen medical records can directly affect someone, potentially for the rest of their life. Robert Wood, Director of Trust at Nuna, will discuss approaches to identifying and talking about risk effectively; creating stories around various technical and process-related scenarios to communicate what needs to be done to get buy-in for appropriate controls. *** Cyber Mutual Assistance - Bringing Mutual Assistance to Electric Utility Operators Owners and operators of the electric grid in the United States are facing an unprecedented number of physical and cyber security risks. This session will discuss the methods that electric utilities are using to address the wide variety of risks, with special focus on a new program called "Cyber Mutual Assistance" Based on lessons learned from major destructive cyber incidents overseas, and from exercises in North America, the Cyber Mutual Assistance program was developed. It is an extension of the electric power industry's longstanding approach of sharing critical personnel and equipment when responding to emergencies. David Batz, Senior Director of Cyber & Infrastructure Security at Edison Electric Institute, will be providing information about the Cyber Mutual Assistance program, one example of a variety of industry initiatives developed by the Electricity Subsector Coordinating Council (ESCC) to provide resilience and restoration capability to entities in the electricity sector. *** Stopping a Cyber Hurricane - A Call for Proactive National Cybersecurity A hurricane and malicious cyber activity are analogous based on their ability to affect our nation's critical infrastructure, our safety, and our security. But, hurricanes are unpredictable, natural events in a domain no human can control, while significant malicious cyber activity starts in a human's mind and exists in a domain humans exert some control over. Current US government efforts to counter significant malicious cyber activity are focused on using existing agencies to prepare for and react to these threats. Steven Luczynski, Deputy Director of Cyber Plans and Operations for the Under Secretary of Defense for Policy at the Pentagon, will discuss methods for the government and private industry to take a more proactive approach to counter these threats before they can affect our nation. The potential exists to build upon the model used in the fight against drug trafficking to synchronize capabilities across a wide-range of government agency authorities, in conjunction with improved private industry participation. While there are numerous legal and regulatory concerns to address, it will take leadership from all levels, particularly from the bottom up, to initiate the effort required to solve these complex issues.

Presenters:

• Steven Luczynski - Deputy Director, Cyber Plans and Operations - Office of the Secretary of Defense (Policy)
  Steve Luczynski currently serves as the Deputy Director, Cyber Plans and Operations for the Under Secretary of Defense for Policy at the Pentagon. He works with national policymakers, interagency counterparts, and combatant command staff to support the Department of Defense mission to defend the nation in cyberspace. His interest in cybersecurity began 10 years ago developing innovative warfighting concepts for the Navy's future cyberspace operations. Over his 24-year career, Steve has flown the F-15C and F-22 around the world, and he looks forward to beginning a new career in the information security industry.
• Robert Wood - Director, Trust and Security - Nuna
  Robert Wood runs the trust and security team at Nuna, whose core directive is to protect one of the nation's largest collective healthcare data sets. Previously, Robert was a Principal Consultant at Cigital where he founded and led the red team assessment practice and worked with strategic clients across the United States in an advisory capacity.
• David Batz - Senior Director, Cyber & Infrastructure Security - Edison Electric Institute
  Leveraging over 20 years of utility experience, David Batz brings significant industry knowledge in understanding and applying appropriate security solutions to address emerging threats and issues. In addition to providing technical knowledge of security and network issues, Mr. Batz leverages a decade of energy regulatory compliance as well as physical and cyber security policy experience and engagement with federal agencies including Department of Energy (DoE), and the Department of Homeland Security (DHS). Mr. Batz is a member of InfraGard, and serves on the SANS Institute Advisory Board. He has served on the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection Committee (CIPC) and the CIPC-Executive Committee. Batz has authored various articles and presented at numerous events on securing critical infrastructure, industrial systems and standardization topics for prominent industry associations including NIST, National Association of Regulatory Utility Commissioners and the American Society Civil Engineers to name a few.
• Caroline Wong - VP of Security Strategy - Cobalt
  Caroline is a dynamic cybersecurity expert with more than a decade of industry experience as a day-to-day manager at eBay and Zynga, product manager at Symantec, and managing consultant at Cigital (now Synopsys). She is currently VP of Security Strategy at Cobalt, a company that connects SaaS companies who want to improve their cybersecurity posture with hackers who can help find their problems before the bad guys do. Caroline received a 2010 Women of Influence Award in the One to Watch category and authored the popular textbook Security Metrics: A Beginner's Guide, published by McGraw-Hill in 2011. She graduated from U.C. Berkeley with a B.S. in Electrical Engineering and Computer Sciences.

Links:

• https://bsideslv2017.sched.com/event/BNFd/lightning-talks-thinking-different
• https://infocon.org/cons/Security BSides/BSides Las Vegas/Bsides Las Vegas 2017/Lightning Talks Thinking Different - David.mp4
• https://infocon.org/cons/Security BSides/BSides Las Vegas/Bsides Las Vegas 2017/Lightning Talks Thinking Different - David.eng.srt (subtitles)
• https://www.youtube.com/watch?v=hVHvjqYz4rI

Similar Presentations:

• Black Hat Europe 2020 Virtual / Hacking Government Cybersecurity
• DEF CON 30 (2022) / Taking Down the Grid
• DEF CON 19 (2011) / An Insider's Look at International Cyber Security Threats and Trends