Joji Montelibano, Team Lead, Insider Threat Technical Solutions & Standards, CERT

This session will present case studies of data theft by three different attackers – insiders, outsiders and malware.  Our findings reveal that these attackers employed similar techniques that defenders can exploit to mitigate or altogether prevent these attacks from being successful. We will demonstrate how one such defensive strategy, using open source tools, can be used to accomplish this goal.

Joji Montelibano leads the Insider Threat Technical Solutions team at CERT. Montelibano has over 15 years experience in the fields of software development and network engineering. He began his career developing software for the petroleum and chemical industries, where he created simulation programs for companies such as Shell Oil, Sunoco, and Foster Wheeler. Prior to joining CERT, he was a Senior Information Security Analyst for the RAND Corporation, where his main projects focused on securing and ensuring the availability of military networks and communications. He holds an undergraduate degree in Chemical Engineering from Stanford University, and Master’s degrees from Harvard University and the University of Southern California. His certifications include the CISSP, CSTE, CCNP, and ACSA.

Download <09:43>

Lucy Thomson, Senior Engineer - Attorney, CSC

To address the problem of escalating data breaches, nearly all states have passed data breach laws and HITECH covers health records. Using recent massive breaches as case studies, legal and encryption experts sort out the complexities and ambiguities that result in uncertainties for global business and health providers – focusing on both the legal and technical aspects, including encryption.

Moderator:

Lucy Thomson, Senior Engineer - Attorney, CSC

Panelists:

Eric Hibbard, Chief Technology Officer Security & Privacy, Hitachi Data Systems

Thomas Smedinghoff, Partner, Wildman Harrold

Robert Thibadeau, Chief Scientist & SVP, Wave Systems Corp.

Lucy Thomson, J.D., M.S., CIPP/G, focuses her practice at the intersection of law and technology.  As Chair-Elect of the American Bar Association Section of Science & Technology Law, Thomson leads an organization that is widely recognized as the global authority on science and technology law.  She is a Senior Principal Engineer, Information Security, and Privacy Advocate at CSC, a global technology company.

Appointed Consumer Privacy Ombudsman in 11 of the largest federal bankruptcy cases, she has overseen the disposition of 125 million electronic consumer records. A former federal criminal prosecutor, she is Editor of the ABA’s groundbreaking Data Breach and Encryption Handbook (2011).  She holds an M.S. from Rensselaer Polytechnic Institute and a J.D. from Georgetown.

Download <07:26>

Mischel Kwon, President & Chief Executive Officer, MKA

Mobile devices – phones, tablets on cellular, Wi-Fi, government networks are being used to support the mission.  What are the current threats and attacks to the mobile technology?  How do we balance the risk and productivity gained? This panel of Federal Government executives will share lessons learned by early adopters around security strategy, policy, data protection, access control and more.

Moderator:
Mischel Kwon , President & Chief Executive Officer, MKA

Panelists:
Holly Ridgeway , Department of Justice
Thomas Schankweiler , Information Security Officer, Center for Medicare and Medicaid (CMS)
Chris Smith , Chief Information Officer, USDA

Mischel Kwon, President and CEO Mischel Kwon and Associates, LLC, is the former Director of US-CERT, and former Deputy CISO, former Director of the JSOC, and former Chief IT Security Technologist at USDOJ. She has a very balanced approach to cyber security issues, whether technical, defensive, or compliance related. Her experience at DHS and DOJ give her in depth knowledge of the current threat and attack landscape as well as how this affects all sectors of cyber space.

Download <08:27>

Arthur Coviello,  Jr., Executive Vice President, EMC Corporation; Executive Chairman, RSA, The Security Division of EMC

Through a constant and growing flow of digital information, we are living in a hyperconnected world–not just as consumers, or friends on social networking sites, but through our corporate supply chains, the cloud and as trading partners in interconnected global markets. The challenge for us all is that the resulting openness and hyperconnection of our enterprises in an increasingly–digital universe has introduced new vulnerabilities that attackers have learned to exploit. Over the past 18 months, organizations throughout the world have been under attack by nation states, hacktivists and various cyber criminals. What our industry has demonstrated time and time again is an enormous resiliency and ability to innovate that has accelerated the growth and unlimited potential of the digital universe. In his remarks, Art Coviello discusses our roles and responsibilities at an enterprise, industry and geopolitical level to secure the promise of a trusted digital world.

Art Coviello is responsible for RSA's strategy as it delivers EMC's global vision of information-centric security. Coviello was Chief Executive Officer of RSA Security, Inc. prior to its acquisition by EMC in 2006. He joined the company in 1995 and has been a driving force in its rapid growth, increasing revenue from $25 million in 1995 to revenues of over $700 million in 2010. His expertise and influence have made him a recognized leader in the industry, where he plays a key role in several national cyber security initiatives. He has spoken at numerous conferences and forums around the world.

Coviello has more than 30 years of strategic, operating and financial management experience in high technology companies. In addition, he currently serves on the Board of Directors at EnerNOC (a leader in Demand Response Systems for energy conservation). He graduated magna cum laude from the University of Massachusetts.

Download <09:23>

David Adler, Partner, Leavens, Strand, Glover & Adler, LLC

Behnam Dayanim, Partner, Axinn Veltrop & Harkrider LLP

The past few years have witnessed an explosion of legal and regulatory activity involving social and other new media. This session will examine several key areas, including copyright, trademark and related intellectual property concerns; defamation, obscenity and related liability; false advertising and marketing restrictions; gaming; data privacy issues presented by social media; and impacts of social media on employees and the workplace. Attendees will learn how to identify legal risks and issues before they become full-scale emergencies and how to develop appropriate policies and guidelines covering social media activity.

David Adler is an attorney, educator and nationally-recognized speaker in the fields of intellectual property and technology law with a multidisciplinary practice focused on counseling businesses across the interrelated areas of Intellectual Property Law, Media & Entertainment, Information Technology and Corporate Law. He provides legal counsel on trademark and copyright clearance, registration and enforcement, digital and new media licensing, production, finance, regulations, litigation and corporate-commercial transactions. Adler assists interactive and digital marketing and advertising companies, content providers and licensors with advice on affiliate, publisher and partnership agreements, content licensing, syndication, distribution, Social Media and many other related deals.

Behnam Dayanim co-chairs AV&H’s Litigation and Regulatory Practice. Dayanim counsels clients on regulatory compliance, handles internal and regulatory investigations and transactional matters and is an experienced litigator. He advises on data privacy, advertising and marketing, export controls, internet gaming and e-commerce regulation.  He has been named a leading lawyer in Chambers USA, Chambers Global and the Legal 500, and was honored as a BTI Client Service “All-Star” in 2009.  He writes and speaks widely, including several times at RSA Conferences in the past.  Visit his blog at www.caveat-vendor.com.

Download <09:16>

Rob Rachwald, Director of Security Strategy, Imperva Inc.

Amichai Schulman, Chief Technology Officer & Co-Founder, Imperva Inc.

2011 was great if you were a hacker. With mega-breaches at Epsilon and Sony, a massive increase in malicious mobile apps, Lulzsec, Anonymous, APT and the collapse of News of the World, 2011 may well go down as the year of the hacker. What has 2012 got in store for us? In this talk we will present the top ten security trends for 2012 that every security professional should know.

Rob Rachwald is Director of Security Strategy at Imperva.  Rachwald received his BA from UC Berkeley and MBA from Vanderbilt University. He works with Imperva’s security research team, investigating how hackers and insiders steal data, appearing as a security commentator with the BBC, CNN, NBC and USA Today.   He has been in the security industry for six years and in the Silicon Valley for more than a decade.  Before working in the Valley, Robert worked in Washington, DC as a policy analyst.

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Mr. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. The press draws on Mr. Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques, and related technologies. Prior to Imperva, Mr. Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions. Mr. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques.

Download <13:50>

Jeffrey Jones, Director, Microsoft Corporation

Tim Rains, Director, Microsoft Corporation

Windows XP just recently reached end of life. Bill Gates’ TwC is now ten years old. The threat landscape has constantly evolved in dramatic and unexpected ways, changing the character of Internet risk completely. Using data from millions of computers and online services, this session will provide a unique retrospective on how computing has changed over the past 10 years.

Recently listed as one of 25 Most Powerful Voices in Security, Jeff Jones is a 24-year security industry professional that has spent the last several years at Microsoft helping drive security progress as part of the Trustworthy Computing initiative. In this role, Jeff draws upon his security experience to work with enterprise CSOs and Microsoft's internal security teams to drive practical and measurable security improvements into Microsoft process and products.  Among other activities, Jeff contributes research and analysis to the Microsoft Security Intelligence Report.

Prior to Microsoft, Jeff was the vice president of product management for security products at Network Associates where his responsibilities included PGP, Gauntlet and Cybercop product lines (and formerly managed the McAfee corporate antivirus product line). These latest positions cap a career focused on security, managing risk, building custom firewalls and being involved in DARPA security research projects while part of Trusted Information Systems. Jeff is a frequent global speaker and writer on security topics ranging from the very technical to more high level, CxO-focused topics such as Security TCO and metrics. In addition to the Microsoft Security Blog, Jeff is also a contributor on The Security Decode blog on CSOOnline.

Jeff earned a Masters in Computer Engineering at the University of Southern California and a Bachelor of Science in Computer and Electrical Engineering at Purdue University.

Tim Rains leads Product Management in Microsoft’s Trustworthy Computing group. Tim and his team of product managers support the Microsoft Security Response Center (MSRC), the Microsoft Malware Protection Center (MMPC), and the Microsoft Security Engineering Center (MSEC) which includes the Security Development Lifecycle (SDL) and Security Science. Tim’s team is the driving force behind the Microsoft Security Intelligence Report.

Tim has worked in several roles at Microsoft including the Senior Public Relations Manager of Security Response at Microsoft, Senior Product Manager of the Microsoft Malware Protection Center, Program Manager of the Windows Network Diagnostics team, Technical Lead on the Security Incident Response team in the Product Support Services (PSS) Security team and Technical Lead on the PSS Windows Server Networking team.

Tim earned a Masters degree in Business Administration (MBA) at Seattle University and a Bachelor of Arts (BA) degree at the University of Alberta. Tim also holds several technical certifications including CISSP, MCSE, MCSA, including a Computer Systems Technology diploma from the Northern Alberta Institute of Technology.

Download <20:20>