Former FBI special agent Chris Tarbell is one of the most successful cybersecurity law enforcement officials of all time. So successful, in fact, that books and movies are being made about his legendary career. Dubbed “the Eliot Ness of online crime” by Newsweek, he is the man responsible for infiltrating the hacker group Anonymous and taking down the notorious dark web drug trafficking site Silk Road, called “the most sophisticated and extensive criminal marketplace on the Internet.” He led the tracking and arrest of two of the most infamous figures in cyberspace: Sabu, who was at one point the most influential hacker in the world, and Dread Pirate Roberts, who was later convicted for his involvement with Silk Road.
Chris will share adrenaline-pumping stories detailing growing cyber threats and challenges modern businesses face. His hair-raising anecdotes prove that just because you cannot see your adversary, or maybe even know his or her real name, it doesn’t mean you can’t protect yourself.
Neil R. Wyler (a.k.a. Grifter) is currently with RSA Security as a Threat Hunting and Incident Response Specialist. He has spent over 16 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black Hat Security Briefings for over 14 years and is a member of the Senior Staff at DEF CON where he is the Department Lead for Contests/Events/Villages/Parties and the Demo Labs. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. Neil is also a member of the DEF CON CFP Review Board and Black Hat Training Review Board.
In his talk, Neil will cover the basics of Tor, Darknets, Darknet Market places, and Bitcoin. He'll share concerns you will want to be aware of and his recommendations for making their use more secure.
Raj Samani is a computer security expert working as the Chief Scientist and Fellow for cybersecurity firm McAfee. Raj has assisted multiple law enforcement agencies in cybercrime cases, and is special advisor to the European Cybercrime Centre (EC3) in The Hague.
Raj has been recognized for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe hall of Fame, Peter Szor award, Intel Achievement Award, among others. Raj is also the co-author of the book Applied Cyber Security and the Smart Grid, CSA Guide to Cloud Computing, as well as technical editor for numerous other publications.
The growth in the “as-a-service” nature of cybercrime is fueling the exponential increase in cyber-attacks, and this flexible business model allows cybercriminals to execute attacks at considerably less cost than ever before. In this talk, Raj will provide insight into the cybercrime marketplace, including pricing schemes for the services offered. This snapshot of the cybercrime market will show how its service-based nature supports new entrants who do not require technical expertise, leading to a whole new breed of cybercriminal. As a result, the volume of cyber-attacks is likely to continue to increase.
Microsoft’s Chief Security Advisor, Jonathan Trull provides thought leadership and strategic direction on the development of Microsoft security products and services, as well as deep customer and partner engagement around the globe. Jonathan has more than 15 years of public and private sector experience, previously serving as CISO for several companies and government agencies.
Microsoft's Incident Response teams investigate major breaches week after week and almost always see the exact same pattern of attacks and customer vulnerabilities. In his presentation, Jonathan will share step by step recommendations to defend against these attacks, including information on cybersecurity solutions that Microsoft has open-sourced to protect their customers.
Regina Phelps is an internationally recognized thought leader in the field of emergency management, pandemic and contingency planning. Since 1982, she has provided consultation and speaking services to clients in four continents. She is founder of Emergency Management & Safety Solutions (EMSS), a consulting and training firm that is 100% woman owned. A partial listing of clients include: Northern Trust, LexisNexis, Whole Foods Market, McAfee, Duke University, the World Bank, International Finance Corporation, Microsoft, Liberty Mutual, AEGON, Wellmark, Stanford University, VISA, Principal Financial, Caltech Institute, Wells Fargo, Sentry Insurance, MasterCard, PG&E, International Paper and American Express.
Regina's publications include:Cyber Breach: What if your defenses fail? Designing an exercise to map a ready strategy and Emergency Management Exercises: From Response to Recovery: Everything you need to know to design a great exercise.
This super-interactive session will include audio, video, lots of props, and external participants. You'll gain the knowledge you need to prepare your organization for a national or regional event. Every attendee will leave with a license to use the exercise at their organization. This turn-key package will include scripts, injects, videos, instructions and more.
Summer Fowler is the Technical Director of Cybersecurity Risk & Resilience in the CERT Program at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). Summer is responsible for a research and development portfolio focused on improving the security and resilience of the Nation’s critical infrastructure and assets.
Summer has 17 years of experience in software engineering, cybersecurity, and technical management. Prior to joining the SEI, Summer was a Technical Member at Johns Hopkins University Applied Physics Laboratory and a software engineer at Northrop Grumman Corporation.
Summer teaches two graduate level courses on Information Technology Project Management and Cybersecurity Policy at the CMU Heinz School. She is also the Technical Sponsor of the CISO Executive Certificate Program, the lead for Cyburgh, PA – an initiative to bring recognition to Pittsburgh as a leader in cybersecurity, and a Cybersecurity Fellow for the Center for Strategic and International Studies as part of a cohort focused on identifying and solving policy issues at the national level.
It is often the case that the most difficult aspect of cybersecurity is in communicating progress and impact to the business / organization. The challenge is exacerbated when the communication comes during a time of crisis or cybersecurity incident response. This session examines the results of a study on communication between security teams and senior management (including C-suite and Board of Directors).
Highlights include using effective measures and metrics, how to convey cybersecurity posture, and communicating key messages. Attendees will learn best practices used by cybersecurity experts across multiple sectors and walk through a case study on crisis communication to provide a practical lesson.
Robert Mayer is Vice-President of Industry and State Affairs with the United States Telecom Association (USTelecom) with responsibility for leading cyber and national security policy, State relations and coordinating various regulatory initiatives for the wireline broadband industry. He is the current chairman of the Communications Sector Coordinating Council (CSCC) which represents the broadcast, cable, satellite, wireless and wireline industries in connection with the DHS public-private partnership. Mayer currently co-leads the Multi-Association Framework Development Initiative that represents over 30 major U.S trade associations on cybersecurity risk management policy issues and regularly engages with top government leaders on cyber policy. In June 2015, Mayer was appointed to the FCC Communications Security Reliability and Interoperability Council (CSRIC V) after having led a 100 person team of cybersecurity professionals that produced a landmark report to adapt the NIST Cybersecurity Framework to five industry segments within the sector. Mayer serves as a “senior” industry official on the U.S Government’s Unified Cyber Coordination Group (UCG) which coordinates national incident responses for major cyber events.
This session will provide an overview of major cybersecurity policy initiatives that are being undertaken by the current Administration. We will review the roles, responsibilities and projects set forth in a new Cybersecurity Executive Order and initiatives that are underway at the Department of Homeland Security, the Department of Commerce, and at the Department of Justice and with the FBI. We will discuss the status of current initiatives around information sharing, botnet takedowns, ransomware exploits and incident response coordination involving law enforcement entities at the national, regional and local levels.
Matthew O’Neill won the Department of Homeland Security Silver Medal in 2014 and the USSS Special Agent of Year Award in 2013 for his efforts in investigating complex transnational cyber-crime investigations including network intrusions, point of sale terminal compromises, bulk online sale of stolen personally identifiable information, money laundering, bank fraud, counterfeit currency cases, wire fraud, and insurance fraud cases. SA O’Neill joined the U.S. Secret Service in December 1998. Since 2007, he has been assigned to the Manchester, New Hampshire, office.
The Secret Service is committed to safeguarding the nation’s critical infrastructure and financial payment systems from cyber criminals. SSA Matt O’Neil will brief us on recent New England cases and investigations and invite questions and observations from attendees.
Don Anderson is the Senior Vice President and Chief Information Officer (CIO) at the Federal Reserve Bank of Boston. In this capacity, he is responsible for the Federal Reserve System’s Internet Cyber and Network Security services and Financial Management Technology services, the Bank’s IT functions, Real Estate Services, and Law Enforcement units. Don is currently a member of the Bank’s Executive Committee and represents the Bank on the System’s CIO committee.
He holds a BS degree from the University of Connecticut and an MBA from Bentley University, is a founding member of the Advanced Cyber Security Center (ACSC), a Board Member of the Boston CIO Leadership Association and Wall Street Technology Association (WTSA) and is an active member of the Dana Farber Leadership Council (DFLC).
Quincy Jackson “QJax” (CISSP, C|EH, GCIA, GWAPT, GREM), is a Red Team & Global Assessment Consultant with over 15+ years of InfoSec experience. Quincy recently served as a technical specialist focusing on Defense Systems design and customization in response to high profile cyber threats against the oil & gas industry.
The time is now to step up from boardroom round-table simulations and into actively simulating well-known attacks on your network before they actually happen. Join us in a presentation that will demonstrate attack scenarios to effectively measure your cyber defense position. The presenter will demonstrate the Red Team full engagement process, as well as, secrets to SOC readiness and defense testing techniques. The audience will discover new Red Team tools that are safe to use for your active simulations. Additionally, the presenter will share his approach to effectively producing metrics and measurements for active hacker drills.