Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, October 14
 

8:00am

Attendee Check-In / Information Desk
Make sure you check in at Registration Desk II so you receive your name tag and conference swag! If you have conference-related questions, this is the place to get answers, as well.

Wednesday October 14, 2015 8:00am - 3:00pm
Registration Desk II The Penn Stater Conference Center Hotel

9:00am

Welcome and Opening Remarks
Dr. Andrew Sears, Interim Chief Information Security Officer, professor and dean of the College of Information Sciences and Technology, and Kevin Morooney, Vice Provost for Information Technology and Chief Information Officer, welcome all attendees to the 2015 Penn State Security Conference.

Speakers
avatar for Kevin Morooney

Kevin Morooney

Vice Provost for Information Technology and Chief Information Officer, The Pennsylvania State University
Kevin Morooney, Vice Provost for Information Technology and Chief Information Officer, holds a Bachelor of Science from Virginia Tech in engineering science and mechanics specializing in biomedical engineering. He came to Penn State in 1988 to provide support for faculty using the various supercomputer centers across the country. Through the years, Kevin came to lead many efforts in the support of research until his duties were expanded... Read More →
avatar for Andrew Sears

Andrew Sears

Interim Chief Information Security Officer, Professor and Dean of the College of Information Sciences and Technology, The Pennsylvania State University
Dr. Andrew Sears is the Interim Chief Information Security Officer in the Office of Information security, as well as a professor and Dean of the College of Information Sciences and Technology at Penn State. Dr. Sears’ research explores issues related to human-centered computing and accessibility. His research projects have addressed issues associated with mobile computing, health information technologies, speech recognition, and assessing... Read More →


Wednesday October 14, 2015 9:00am - 9:30am
Presidents Hall 3 & 4 The Penn Stater Conference Center Hotel

9:30am

Keynote | A Call to Action – But What Action?
Improving Information Security practices sounds complicated – not just for IT staff, but for everyone at the university.

The good news is, it doesn’t have to be difficult – it just needs to be consistent.
A focus on basic, transparent, repeatable procedures, incorporated into everyday activities of teaching, learning, research and administrative processes, can do more to protect Penn State (or any other school or company) than only investing in sophisticated cyber security tools. We’ll discuss:

  • Knowing your data – how it’s classified, how it’s used, where it’s stored

  • Knowing your business processes – why you do what you do

  • Knowing your access – how to intentionally give access to your data, and to

    verify it

  • Knowing your systems – hardware and software inventory

By the end of this session, you will learn why the nature of higher education lends itself to superior information security, if only we have the appetite to pursue it.


Speakers
avatar for Helen Patton

Helen Patton

Chief Information Security Officer, The Ohio State University
Helen Patton is the chief information security officer at The Ohio State University (OSU), where she manages the Security Operations and Services team, as well as oversees Information Risk and Control Governance across university units. Patton also chairs the University Information Security Advisory Board, which governs the execution of the university’s Information Security Standard. With more than fifteen years of experience in the... Read More →


Wednesday October 14, 2015 9:30am - 10:30am
Presidents Hall 3 & 4 The Penn Stater Conference Center Hotel

10:30am

Morning Break
Enjoy the Penn Stater's celebrated break-time offerings! Aside from our scheduled break, beverage service will be available from 7 a.m. until noon, and food service will be available from 8 a.m. until 11 a.m.

Wednesday October 14, 2015 10:30am - 10:50am
Break Area - Banquets The Penn Stater Conference Center Hotel

10:50am

Birds of a Feather Discussions / Networking
Wednesday October 14, 2015 10:50am - 11:50am
Room 218 The Penn Stater Conference Center Hotel

10:50am

Risk Management and Analysis - Not Sexy, But Just as Important as Technical Skills

Risk analysis and management done from the everyday, rubber-meets-the-road perspective is the best way to examine and address the "but-whatabout-but-whatabout" and WIBHI (Wouldn't it be Horrible If?) thought experiments and tail-chasing exercises that hinder progress and glaciate projects.

We'll discuss how to integrate these practices into daily operating functions and how decisions and resource requests can be explained and justified plainly and succinctly using the universal results reporting medium understood by all of upper management - MONEY.


Speakers
avatar for Mark Zimmerman

Mark Zimmerman

33 years of IT experience. US Navy Crypto Technician. Database Administrator, System and Network Administrator and IT Department Manager in Manufacturing, Government, Higher Education and Healthcare organizations including Hershey Medical Center. Technical Program Manager for Verizon Business, CISSP (Certified Information Systems Security Professional) and PMP (Project Manager Professional).


Wednesday October 14, 2015 10:50am - 11:50am
Room 207 The Penn Stater Conference Center Hotel

10:50am

Managing Local Administrator Passwords with LAPS

Maintaining unique local Administrator passwords, and rotating them frequently, is one of the most effective means of mitigating Pass-the-Hash (PtH) attacks in a Windows network. However, doing this by hand quickly becomes unmanageable, and many scripted solutions fall short in their security or effectiveness. In this session, we'll look at a new tool from Microsoft called the Local Administrator Password Solution (LAPS). We'll cover some background on PtH attacks and then examine how the LAPS tool operates, how to control access to passwords, and how to deploy it in a typical AD environment.


Speakers
avatar for Dan Barr

Dan Barr

Systems Administrator, Penn State ARL
Dan Barr is a Systems Administrator with the Applied Research Laboratory. He is part of the team responsible for design, implementation, and operation of the central IT infrastructure supporting ARL's research mission. His primary areas of focus currently include the Lab's authentication, virtualization, and storage infrastructure.



Wednesday October 14, 2015 10:50am - 11:50am
Presidents Hall 1 The Penn Stater Conference Center Hotel

10:50am

Windows 10: Security

Upgrade to Windows 10 to protect your data and devices from the major security threats we see today. Multi- factor identity protection, data loss prevention capabilities and threat resistance are three main components of Microsoft's active commitment to address modern security threats. In this session, get an overview of Windows 10 and see how these components can work in a variety of situations to secure data and resources.


Speakers
avatar for Jill Sitnick

Jill Sitnick

Account Technology Strategist, Microsoft Corporation
Jill recently joined Microsoft as the Pennsylvania Account Technology Strategist after 20 years in the K-12 space. For the last 10 years she worked in technology and curriculum departments to integrate classroom technology and align district systems to ensure data integrity.


Wednesday October 14, 2015 10:50am - 11:50am
Room 208 The Penn Stater Conference Center Hotel

12:00pm

Lunch
Buffet lines will be set up in the Presidents Hall Pre-Function area, with seating in Halls 3 & 4. Make sure to leave room for dessert!

Wednesday October 14, 2015 12:00pm - 1:30pm
Presidents Hall 3 & 4 The Penn Stater Conference Center Hotel

1:30pm

Keynote | What is Old is New
This talk shows examples of Internet attacks of the past 25 years. It sadly points out that the root causes of the successful attacks of the 1990s, 2000s and 2010s have not changed and worse, have not been fixed. We ask the question "what have we, the security researchers and practitioners, been doing the past 25 years?"

Speakers
avatar for Randy Marchany

Randy Marchany

Chief Information Security Officer, Virginia Tech IT Security Office
Randy Marchany is the information technology security officer and director of the IT Security Lab at Virginia Polytechnic Institute and State University (Virginia Tech). | | Marchany has been involved in the computer industry since 1972 and has made many contributions in the field of cyber security on a national level as well as within higher education. | | As coauthor of the original SANS Top 10 and Top 20 Internet Threats documents... Read More →


Wednesday October 14, 2015 1:30pm - 2:30pm
Presidents Hall 3 & 4 The Penn Stater Conference Center Hotel

2:30pm

Afternoon Break
Enjoy the Penn Stater's celebrated break-time offerings! Aside from our scheduled break, food and beverage service will be available from 2 to 4 p.m.

Wednesday October 14, 2015 2:30pm - 2:50pm
Break Area - Banquets The Penn Stater Conference Center Hotel

2:30pm

Afternoon Break
Enjoy the Penn Stater's celebrated break-time offerings! Aside from our scheduled break, food and beverage service will be available from 2 to 4 p.m.

Wednesday October 14, 2015 2:30pm - 2:50pm
Break Area - 2nd Floor The Penn Stater Conference Center Hotel

2:50pm

Birds of a Feather Discussions / Networking
Wednesday October 14, 2015 2:50pm - 3:50pm
Room 218 The Penn Stater Conference Center Hotel

2:50pm

Designing Services for Security: Information Security Management Throughout the Service Lifecycle

Teaching, research and service are at the core of the University's mission; yet services to support these pillars have lagged behind demand when they involve the use of sensitive data or information. With the recent push toward the adoption of IT Service Management (ITSM), driven by the IT Transformation (ITX) Program, Penn State has the opportunity to fill this need by proactively designing secure services. This presentation will introduce the basic concepts of ITSM, address how existing security practices fit into the ITSM framework, and discuss the benefits of proactively designing security into services.


Speakers
avatar for Craig Haynal

Craig Haynal

Service Delivery Manager, Penn State
Craig Haynal works for Information Technology Services as a Service Delivery Manager and focuses on improving the way Penn State designs and delivers IT services. He has been with the University for over 16 years and worked for Information Technology Services since 2010. He specializes in IT Service Management and has a broad background in customer service, systems and network administration, software development, and project management.
SI

Sarah Irwin

Sarah Irwin works for Information Technology Services as a Service Delivery Manager and has been with Penn State for 6 years. She has experience managing contracts for restricted use research data and applies this expertise to improving the design and delivery of services.



Wednesday October 14, 2015 2:50pm - 3:50pm
Room 207 The Penn Stater Conference Center Hotel

2:50pm

Five Cyber-Security Lessons from Quality Management’s Sometimes Painful History

The 1970’s gas crises, and associated images of long gas lines, shined national attention on the poor state of automobile design and manufacturing. Frozen in time, these images helped motivate change in the production of automobiles and other items. From this transformation comes lessons for needed change in cyber-security. Perhaps the U.S. Government’s Office of Personnel Management (OPM) hacks will serve as the “gas crisis” wake-up call for cyber- security?


Speakers
avatar for Dr. Edward J. Glantz, P.E.

Dr. Edward J. Glantz, P.E.

Professor of Practice, Penn State College of IST
Dr. Edward J. Glantz has been with the College of IST faculty since 2009. Prior to joining IST, Dr. Glantz spent ten years as a faculty member with Penn State’s Smeal College of Business, where he earned the 2008 Brand-Paiste Teaching award recognizing outstanding faculty. Dr. Glantz brings to Penn State thirty- years experience managing technology, research, and marketing in the manufacturing and telecommunication industries, including... Read More →


Wednesday October 14, 2015 2:50pm - 3:50pm
Presidents Hall 2 The Penn Stater Conference Center Hotel

2:50pm

Encryption - Getting Beyond the Starting Blocks

Many units have enrolled to use the central encryption tool, but are hesitant to fully roll-out implementation. This presentation will be geared towards alleviating many of the concerns associated with device encryption. We will focus on the four different installation options to help you get a better understanding of how each one functions and where it makes the most sense to deploy them in your environment. We will elaborate on how components, such as Control Center and the web console, are tied together and in what scenarios you would need to use those tools.

If you have enrolled to use the tool, but are stuck on implementation, join us for a discussion on how to get to the next level.


Speakers
KC

Kyle Crain

Systems and Network Security Analyst with the Office of Information Security for 4 years. Prior to OIS, worked in the College of Education and Dickinson School of Law for 4 years. Current responsibilities include administration and support of the central encryption tool and the university's Data Loss Prevention initiatives, as well as serving on various committees.
CR

Chris Ritzko

System and Network Security Analyst, Information Technology Services, Security Operations and Services
Systems and Network Security Analyst with the Office of Information Security (OIS) for 3 years. Prior to OIS, Network Manager at PSU Hazleton for 16+ years. Current responsibilities include administration and support of the central encryption tool, lead analyst for IT security assessments, process liaison for several service management processes.


Wednesday October 14, 2015 2:50pm - 3:50pm
Presidents Hall 1 The Penn Stater Conference Center Hotel

2:50pm

Apple iOS Security

At Apple we care deeply about security, both for the user and for protecting corporate data. We built advanced security into our products from the ground up to make them secure by design. And we’ve done this in a way that’s in balance with a great user experience, allowing individuals the freedom to work. Only Apple can provide this comprehensive approach to security because we create products with integrated hardware, software, and services.

Attendees of this session will learn about:

  • The advanced security features of iOS
  • System security, network security and app security
  • Balancing security with user experience as the key to productivity gains
  • How the iOS ‘secure by design’ approach addresses traditional mobile risk factors

Speakers

Wednesday October 14, 2015 2:50pm - 3:50pm
Room 208 The Penn Stater Conference Center Hotel

4:00pm

Birds of a Feather Discussions / Networking
Wednesday October 14, 2015 4:00pm - 5:00pm
Room 218 The Penn Stater Conference Center Hotel

4:00pm

Fostering a Risk-Based Approach to Information Security
Institutional functions must go on but how do we create a secure environment that will not interrupt or stop the business, research or information side? There are many demands, processes and procedures around protecting the University's information assets. Some University-wide risk and security procedures may be obvious, whereas others are less obvious.

Join an interactive information risk panel discussion with various representatives from Identity Services, Internal Audit, Legal, Risk Management and the Office of Information Security. The panel will offer several real-life scenarios that required risk decisions to be made when the answer or process was not clear or obvious. Throughout the discussion, participants will have an opportunity to ask questions and learn more about how each area functions, both individually and collectively. Participants will also have the opportunity to:
  • Gain a better understanding of the relationship between Internal Audit, the Office of Information Security, Identity Services, Risk Management and Legal
  • Learn about available resources to make better risk-decisions
  • Understand the legal ramifications and enforcement behind non-compliance
  • Discover risk mitigation techniques

Moderators
JS

Jenn Stewart

System and Network Security Analyst, Penn State, Office of Information Security
Jennifer (Jenn) A. Stewart is a system and network security analyst within the Office of Information Security. Jenn leads the security office efforts related to the development, implementation, training and communication of a University-wide Governance Risk and Compliance tool and interacts with stakeholders in the University community to further the efforts. | | Jenn has worked with the University for over 15 years and holds the designation... Read More →

Speakers
AH

Andrea Harrington

Director, Operations, Penn State Identity Services
Andrea Harrington works with Service and Technical Operations in Identity Services at Penn State. Prior to joining Penn State, she held programming positions in the corporate sector. She is in her 18th year at Penn State, having held various programming and management positions previously. She joined Penn State Identity Services more than two years ago.
CM

Chuck Moore

Business Relationship Manager, Penn State Identity Services
Chuck Moore is a Business Relationship Manager in Identity Services at Penn State. Prior to his current role, he was the IT Director for the Penn State Student Health Center and adjunct instructor in the College of Health and Human Development. He also held several positions at the University of Pennsylvania Health System.
ES

Ed Smiley

IT Project Manager (Compliance), Penn State, Office of Information Security
Ed Smiley is the manager of Compliance and Assessments within the Office of Information Security. Ed leads the PCI compliance, vulnerability and web application assessments, and penetration-testing programs related to enterprise compliance at the University. Ed is currently enrolled in the Information Technology Leadership Program (ITLP), a program to enhance the professional and personal development of Information Technology (IT) Professionals... Read More →


Wednesday October 14, 2015 4:00pm - 5:00pm
Room 207 The Penn Stater Conference Center Hotel

4:00pm

Big .GOV meets Big .EDU

A briefing on the Federal government's Continuous Diagnostics and Mitigation (CDM) program and our experience as DHS.GOV contractors. We will engage our audience in a lively Birds of a Feather (BoF) style discussion (sans beer) on how PSU.EDU might leverage the CDM CONOPs and tool suite.


Speakers
SF

Steve Fast

Steve Fast is a Research Engineer and Principal Investigator for the Applied Research Laboratory.
JG

John Groenveld

John Groenveld is an Associate Research Engineer for the Applied Research Laboratory.


Wednesday October 14, 2015 4:00pm - 5:00pm
Presidents Hall 2 The Penn Stater Conference Center Hotel

4:00pm

Advanced Threat Protection with Tripwire Enterprise

With the spike in advanced, zero-day and targeted attacks, it’s more difficult than ever to detect them quickly and respond in time—and no one has unlimited resources to address the large number of malicious incidents. It’s now a problem of scale: how do you quickly focus your resources on the greatest risks to your most critical assets?

The solution to the unprecedented cyberthreat problem that organizations face today is Advanced Threat Protection, which provides the necessary context to help organizations detect and respond faster—and with more precision—to threats and vulnerabilities, reducing the cyberthreat gap. Advanced Threat Protection is based on real-time intelligence and analysis—including endpoint intelligence, vulnerability intelligence, log and event intelligence and threat intelligence—combined in an integrated and automated manner. This threat protection solution enables highly granular threat analytics and forensics capability as well as the ability to detect and adaptively respond to zero-day and today’s advanced threats

Attendees will learn the basics of threat intelligence and how Tripwire Enterprise can work with existing security infrastructure through automation, providing rich context to threats and better visibility without burdening your teams with unnecessary complexity


Speakers
avatar for Robert Temple

Robert Temple

System and Network Security Analyst, Auxiliary & Business Services
Retired United States MarineAssociate of Science in Business Administration (World Campus)Bachelor of Science in Security and Risk Analysis - Information and Cyber Security (College of IST) Certified Tripwire EngineerCertified INFOSEC (CNSS\NSA)12 years at Penn State University


Wednesday October 14, 2015 4:00pm - 5:00pm
Presidents Hall 1 The Penn Stater Conference Center Hotel

4:00pm

Microsoft InTune - Mobile Device and Application Management from the Cloud

Microsoft InTune is your solution to secure and manage more devices. With a centralized management construct, IT can streamline projects for PCs, tablets, smartphones and embedded devices. Proactively monitoring devices and managing updates that enforce institution policies enable IT to provide secure devices to protect against threats. In this overview, learn how Microsoft's InTune provides desktop and mobile device management to allow IT departments to scale while providing them tools to protect data assets.


Speakers
RM

Richard McBrine

Rich McBrine is a 15-year veteran at Microsoft, originally starting out in Microsoft Consulting Services and currently working the U.S. Education Team, driving Azure adoption. Rich specializes in Azure infrastructure services & management technologies, with a specific focus on architecting cross-premises (hybrid) solutions. His current role puts him in the field with Education customers, evangelizing, demonstrating, and leading chalk talk... Read More →
avatar for Jill Sitnick

Jill Sitnick

Account Technology Strategist, Microsoft Corporation
Jill recently joined Microsoft as the Pennsylvania Account Technology Strategist after 20 years in the K-12 space. For the last 10 years she worked in technology and curriculum departments to integrate classroom technology and align district systems to ensure data integrity.


Wednesday October 14, 2015 4:00pm - 5:00pm
Room 208 The Penn Stater Conference Center Hotel

5:00pm

BoF / Networking / Informal Gathering
Relax after a busy conference day with fellow attendees and members of the conference planning committee at Legends, on the lower level of the Penn Stater. While this is not an official conference event, it is an excellent opportunity to continue discussions from earlier in the day in a relaxing atmosphere. More information about Legends, including their menu, may be found at http://www.thepennstaterhotel.psu.edu/ThePennStaterHotel/dining/legends.cfm.

Wednesday October 14, 2015 5:00pm - 8:00pm
Legends Pub The Penn State Conference Center Hotel
 
Thursday, October 15
 

8:00am

Attendee Check-In / Information Desk
If you've yet to do so, make sure you check in at Registration Desk II so you receive your name tag and conference swag! If you have conference-related questions, this is the place to get answers, as well.

Thursday October 15, 2015 8:00am - 3:00pm
Registration Desk II The Penn Stater Conference Center Hotel

8:30am

Keynote | Today’s Threat Landscape: Higher Education
Speakers
avatar for Grady Summers

Grady Summers

Senior Vice President and Chief Technology Officer, FireEye, Inc.
As senior vice president and chief technology officer (CTO) at FireEye, Inc.—a company that provides automated threat forensics and dynamic malware protection against advanced cyber threats—Summers oversees the global CTO team that supports research and development and product engineering. He has more than fifteen years of experience in information security, both as a chief information security officer (CISO) and consultant to many... Read More →


Thursday October 15, 2015 8:30am - 9:30am
Presidents Hall 3 & 4 The Penn Stater Conference Center Hotel

9:30am

Morning Break
Enjoy the Penn Stater's celebrated break-time offerings! Aside from our scheduled break, beverage service will be available from 7 a.m. until noon, and food service will be available from 8 a.m. until 11 a.m.

Thursday October 15, 2015 9:30am - 9:50am
Break Area - Banquets The Penn Stater Conference Center Hotel

9:50am

Birds of a Feather Discussions / Networking
Thursday October 15, 2015 9:50am - 10:50am
Room 218 The Penn Stater Conference Center Hotel

9:50am

The Future of IT Auditing @ PSU

Penn State's IT Audit function is modifying audit procedures as the University's IT governance, infrastructure and security processes are changing. This presentation will cover both audit requirements and plans for changes in the way that ITS, Enterprise Applications, Colleges, Campuses, Research Institutes and Administrative Units will be audited in the future. The role of Internal Audit versus that of external auditors such as Deloitte & Touche and DCAA will also be discussed.


Speakers
GG

Gary Grgurich

Gary Grgurich manages the University's IT Audit function. He joined Penn State in 2005 after working for MedStar Health as Director of Information Security and previously as Manager of Computer Assurance Services for Deloitte & Touche in Pittsburgh. He has a B.S. in Accounting from Penn State and an MBA from Duquesne University. Gary is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor... Read More →


Thursday October 15, 2015 9:50am - 10:50am
Room 107 The Penn Stater Conference Center Hotel

9:50am

Towards Addressing the Flawed Trust Assumption in IaaS Cloud Platforms
IaaS cloud has revolutionized they way we consume computing resources. Instead of maintaining a locally administered data center, businesses and individuals can simply purchase compute, storage, and network resources on demand from a public IaaS cloud utility. While this new model has increased access to affordable resources, it comes with challenging security risks. Specifically, IaaS cloud platforms comprise of a variety of cloud services running on many cloud nodes. Current cloud platforms often assume a Trusted Computing Base (TCB) that includes each and every cloud service and all the cloud nodes. Consequently, compromise of a single cloud service or a node may lead to the compromise of the entire cloud. This is evidenced by the increasing number of vulnerabilities found in cloud services and new types of attacks found in cloud platforms, some of which we will discuss in this talk in order to draw community’s attention to the security of IaaS cloud platforms.

In this talk, we explore methods that address the flawed trust assumption in IaaS cloud platforms. We will present two systems we built at Penn State: Pileus, a mandatory access control system for cloud platform that confines the trust placed on individual cloud services/nodes and CloudArmor, a system framework that detects and blocks abnormal behaviors of cloud platforms.

Pileus adopts a least-privilege model for cloud services where a chain of cloud services are dynamically spawned and destroyed according to the cloud operations performed by cloud customers. Each cloud services are run with specific labels that represents privileges that a cloud service is designated by the cloud customer. Based on labels, Pileus mediates the resource access performed by cloud services as well as the communication between cloud services and nodes. Consequently, even if one cloud service/node is under control of adversary, it is still confined by Pileus in terms of the cloud resource that it can access and its effect on other cloud services/nodes. CloudArmor framework complements the Pileus by detecting abnormal behaviors of cloud services. It models and enforces the system calls (i.e., system call order and arguments) issued by cloud services when performing a cloud operation. Consequently, if a cloud service is deviating from its normal behavior (e.g., it is controlled by adversary), CloudArmor will abort such cloud operation to prevent potential damage that the cloud service would make to cloud resources.

Speakers
YS

Yuqiong Sun

Yuqiong Sun is a 5th year PhD student in the Department of Computer Science and Engineering at Penn State University, advised by Dr. Trent Jaeger. He is now a member of the Systems and Internet Infrastructure Security lab at Penn State, and his current research focuses on security issues in cloud computing, virtualization, and operating systems as well as distributed systems. | | Yuqiong has been involved in several research projects related... Read More →


Thursday October 15, 2015 9:50am - 10:50am
Presidents Hall 2 The Penn Stater Conference Center Hotel

9:50am

SELinux: Basics and common configurations
SELinux (Security-Enhanced Linux) is an additional security control enabled by default in Red Hat Enterprise Linux (RHEL) and CentOS, and available in other linux distributions. This presentation will cover a basic overview and understanding of what SELinux is, how to use it effectively, and the benefits to security. We will also discuss common configurations for commonly used applications at Penn State and even how to create your own SELinux policies when, and if necessary.

Speakers
avatar for Jason Heffner

Jason Heffner

Systems Administrator, Penn State ITS - Teaching and Learning with Technology
Jason Heffner has been a Systems Administrator for Teaching and Learning with Technology at Penn State University for the last 15 years. He is responsible for enabling technology in the pursuit of teaching and learning. This includes enabling development and pilot projects aimed at learning the benefits of these technologies, and transitioning these when deemed useful to production environments. He always strives to find that balance... Read More →


prezi pdf

Thursday October 15, 2015 9:50am - 10:50am
Presidents Hall 1 The Penn Stater Conference Center Hotel

9:50am

Software Test Engineers and Hackers: A Look at Technical and Non-technical Skill Sets Shared by Both Groups

Product development Test Engineers, a.k.a. quality assurance engineers, or simply “testers,” and bad actors, a.k.a. “hackers” (in the negative/criminal/adversarial sense of its meaning), share common threads in terms of technical skills (e.g. programming, debugging, tools) and non-technical skills (e.g. persistence, creativity). This presentation focuses on the technical and non-technical similarities between testers, who seek to identify and report on issues before a product is released, and hackers, who seek to find and exploit issues in products after they are released.


Speakers
CD

Christopher DeRobertis

Christopher V. DeRobertis is Senior Technical Staff Member (STSM) and Secure Engineering in Test/cybersecurity subject matter expert for the Server & Storage System Test organization, IBM Systems. STSM is a prestigious position within IBM and represents one of the highest technical roles within the company. | | To date, Christopher has over 24 years of information technology experience, with an emphasis on security and platform/systems... Read More →


Thursday October 15, 2015 9:50am - 10:50am
Room 207 The Penn Stater Conference Center Hotel

11:00am

Birds of a Feather Discussions / Networking
Thursday October 15, 2015 11:00am - 12:00pm
Room 218 The Penn Stater Conference Center Hotel

11:00am

Litigation Holds and Data Security Incidents
Speakers
avatar for David Dulabon

David Dulabon

Associate General Counsel, Penn State Office of General Counsel
David W. Dulabon is Associate General Counsel at The Pennsylvania State University. Prior to joining the Office of General Counsel, David served as a staff attorney at the Federal Trade Commission (“FTC”). He began his FTC career in the East Central Regional Office in Cleveland, Ohio and then transferred to the Northeast Regional Office in New York City. During his time at the FTC, David litigated consumer protection matters... Read More →


Thursday October 15, 2015 11:00am - 12:00pm
Room 107 The Penn Stater Conference Center Hotel

11:00am

Apple Pay, EMV, and Google Wallet – Is it finally safe to use credit cards?

In 2012 the US lost $5.3 billion dollars in credit card fraud largely attributed to the continued use of magnetic stripe credit/debit cards that most of the rest of the world has abandoned in favor of the more secure Europay-Mastercard-Visa (EMV) electronic chip equipped cards. The US is now converting to EMV technology, but most reports now suggests that most merchants and businesses will not be ready by the October 2015 deadline. But there are alternatives that are making some headways into the marketplace. But how secure is the move to these alternate payment methods such as EMV credit/debt cards and electronic payment methods such as Apple Pay and Google Wallet?


Speakers
GG

Galen Grimes

Associate Professor of IST; has been teaching IST and SRA at Penn State Greater Allegheny since 1999; prior to career in academia 15+ years in IT industry; research interests include risk management, intrusion detection, mobile device security, and spam.


Thursday October 15, 2015 11:00am - 12:00pm
Presidents Hall 2 The Penn Stater Conference Center Hotel

11:00am

Public Cloud Security - Concerns and Approaches

So you want to use a Cloud service, and the first thing that the CSO says is: "All our jobs are on the line, what about security? Is the Cloud really secure? Well, I can connect that machine over internet? How do we handle firewalls? How do we handle DDoS attacks? Well, how about isolation? What if some other Cloud subscriber can access data in one of our VMs??" Every organization is facing these same challenges; if you've dealt with questions like these, please attend this session to talk through solutions.


Speakers
RM

Richard McBrine

Rich McBrine is a 15-year veteran at Microsoft, originally starting out in Microsoft Consulting Services and currently working the U.S. Education Team, driving Azure adoption. Rich specializes in Azure infrastructure services & management technologies, with a specific focus on architecting cross-premises (hybrid) solutions. His current role puts him in the field with Education customers, evangelizing, demonstrating, and leading chalk talk... Read More →


Thursday October 15, 2015 11:00am - 12:00pm
Room 207 The Penn Stater Conference Center Hotel

12:00pm

Lunch
Buffet lines will be set up in the Presidents Hall Pre-Function area, with seating in Halls 3 & 4. Make sure to leave room for dessert!

Thursday October 15, 2015 12:00pm - 1:30pm
Presidents Hall 3 & 4 The Penn Stater Conference Center Hotel

12:30pm

Remarks from the Executive Vice President and Provost
During lunch, Dr. Nicholas Jones, Penn State's Executive Vice President and Provost, will address conference attendees with his thoughts on information security and its importance for the University.

Speakers
avatar for Nicholas Jones

Nicholas Jones

Executive Vice President and Provost, The Pennsylvania State University
Dr. Nicholas Jones assumed responsibilities as Executive Vice President and Provost of the Pennsylvania State University in July 2013. As Provost, he is the chief academic officer of the University, responsible for the academic administration of the University’s resident instruction, research, and continuing education, and for the general welfare of the faculty and students. In his role as Executive Vice President, he serves as the chief... Read More →


Thursday October 15, 2015 12:30pm - 1:00pm
Presidents Hall 3 & 4 The Penn Stater Conference Center Hotel

1:30pm

Keynote | Activating Security Through Resilience

I propose discussing the core Gartner Point of View on effective cybersecurity: the six principles of resilience with a focus on the challenges unique to higher education. We believe every successful digital enterprise will have to adopt these six principles:

From Check-Box Compliance to Risk-Based Thinking: While this idea is not new, the urgency to embrace it is. New regulations are inevitable, but following a regulation, or a framework, or just doing what your auditors tell you to do, has never resulted in appropriate or sufficient protection for an organization. “Risk-based thinking” is about understanding the major risks your business will face and prioritizing controls and investments in security to achieve business outcomes.

From Technology to Outcomes: We must move from a singular focus on protecting the infrastructure, to a new focus on supporting organizational outcomes. For the last two decades, our investment decisions have been heavily focused on protecting the infrastructure. But now we need to elevate security strategy to protect the things the business actually cares about. You CAN connect these outcomes to the work you do in IT risk and security.

Defender to Facilitator: As part of the transition to supporting the business outcome mindset, we must move from being the righteous defenders of the organization to acting as the facilitators of a balance...a balance between the needs to protect the organization and the needs to achieve our desired business outcomes. This is particularly challenging in the higher ed environment, where decision making is diffused.

From Controlling Information to Understanding Information Flow: Next, we must move from trying to control the flow of information to understanding how information flows so we can improve its resilience and the outcomes it supports. Digital business will introduce massive new volumes and types of information that must be understood and appropriately protected. In the world of digital business every enterprise will be a link in a global chain. We can’t do this alone.

From Technology Focus to People Focus: We must understand the limits of security technology......and recognize that properly motivated people—properly engaged and educated people—can be the strongest links in our chain. So we need to shape behavior and motivate people to do the right thing, not just try to force people to do what we want.

From Prevention Only to Detect and Respond: The sixth principle requires the most profound shift in focus. It begins by understanding that compromise of our systems is inevitable. We must move from a singular focus on trying to “prevent” compromise to acknowledge that we will never have perfect prevention: we need to be able to detect compromise and react faster. The disparity between the speed of compromise and the speed of detection is one of the starkest failures discovered in breach investigations. In the digital world, the pace of change will be too fast to anticipate and defend against every type of attack.

We must invest in capabilities—technical, procedural and human—to detect when a compromise occurs. We must provide the tools for first responders to react quickly and investigate the source and impact of the breach.

Resilience is our new standard of success. Applying these six principles will help conference attendees gain a seat at the planning table and propel Penn State to a successful digital business future.


Speakers
avatar for Mary Wujek

Mary Wujek

Director, Global Security and Risk Management, Gartner, Inc.
Mary Wujek has extensive expertise in information security, portfolio and program management, business continuity, strategic planning, and product management. As Director of Global Security and Risk Management at Gartner, Inc.—a leading information technology research and advisory company—she has led many IT/Business product, service, and culture change projects, establishing new services in identity management, financial services... Read More →


Thursday October 15, 2015 1:30pm - 2:30pm
Presidents Hall 3 & 4 The Penn Stater Conference Center Hotel

2:30pm

Afternoon Break
Enjoy the Penn Stater's celebrated break-time offerings! Aside from our scheduled break, food and beverage service will be available from 2 to 4 p.m.

Thursday October 15, 2015 2:30pm - 2:50pm
Break Area - Banquets The Penn Stater Conference Center Hotel

2:30pm

Afternoon Break
Enjoy the Penn Stater's celebrated break-time offerings! Aside from our scheduled break, food and beverage service will be available from 2 to 4 p.m.

Thursday October 15, 2015 2:30pm - 2:50pm
Break Area - 1st Floor The Penn Stater Conference Center Hotel

2:30pm

Afternoon Break
Enjoy the Penn Stater's celebrated break-time offerings! Aside from our scheduled break, food and beverage service will be available from 2 to 4 p.m.

Thursday October 15, 2015 2:30pm - 2:50pm
Break Area - 2nd Floor The Penn Stater Conference Center Hotel

2:50pm

Birds of a Feather Discussions / Networking
Thursday October 15, 2015 2:50pm - 3:50pm
Room 218 The Penn Stater Conference Center Hotel

2:50pm

FERPA and PSU
  • FERPA overview (brief, what does it mean to the average faculty/staff member?)
  • FERPA data protection requirements by Feds, PSU
  • Impact of non-compliance (for employee, for PSU as a whole)
  • Records retention (best practices, appropriate use, etc.)
  • Online learning tools (i.e. using third-party or online tools)
  • FERPA in the Cloud (storing/sharing data)

Speakers
BK

Bob Kubat

Bob Kubat is Penn State's University Registrar.


Thursday October 15, 2015 2:50pm - 3:50pm
Room 107 The Penn Stater Conference Center Hotel

2:50pm

Security Features of OneForest Active Directory Deployment

The presenters will discuss the “Pass the Hass” attack in order to highlight the practices and technology they are using to protect privileged domain accounts. They will also cover the use of Microsoft’s Local Administrator Password Solution (LAPS), which can be used to increase the security of the local administrator account on domain joined Windows computers.


Speakers
KB

Keith Brautigam

Active Directory Team Technical Manager, Penn State ITS - Identity Services
Keith Brautigam is an IT Manager with ITS Identity Services. His primary focus is the ONEForest project, which is an enterprise implementation of Microsoft Active Directory. Prior to joining Penn State Keith worked at The University of Iowa where he held team lead and assistant director positions within the Directory & Authentication Services unit and VP for Research organization.
avatar for Jake DeSantis

Jake DeSantis

Systems Administrator, Penn State ITS - Identity Services
Jake DeSantis is a Systems Administrator with ITS Identity Services. Jake’s primary assignment is building and securing the ONEForest Active Directory service for all units at Penn State. From his previous role as Systems Administrator in Penn State’s Office of the President, Jake has experience with Microsoft technologies, such as System Center, Hyper-V-based virtualization and VDI, and Active Directory configuration, maintenance and... Read More →



Thursday October 15, 2015 2:50pm - 3:50pm
Presidents Hall 1 The Penn Stater Conference Center Hotel

2:50pm

Using Math to Beat Malware
In order to keep up with modern attackers, security technologies need to evolve at the same pace without cumbersome human involvement. When taking full advantage of mathematical risk factors and machine learning, we can identify and classify “good” files and teach the machine to recognize and react to “bad” files by segregating them away in real time.

We will show you how a math and machine learning approach to computer security will fundamentally change the way we understand, categorize, and control execution of every file. In other words, how to keep you and your data safer.

Speakers
avatar for Meg Stiles

Meg Stiles

Marketing Coordinator, Account Executive, Connectivity Communications Inc.
Meg Stiles has been in the IT Networking and Security industry for only 4 years, but has been in the problem-solving industry for her lifetime! She is a certified Gal Friday due to her varied experience that spans many different industries and talents, including customer service, theatre, trainer, advisor/consultant, and management.


Thursday October 15, 2015 2:50pm - 3:50pm
Room 207 The Penn Stater Conference Center Hotel

4:00pm

Birds of a Feather Discussions / Networking
Thursday October 15, 2015 4:00pm - 5:00pm
Room 218 The Penn Stater Conference Center Hotel

4:00pm

The Power of Trust

Based heavily on the book “The Speed of Trust” by Stephen M.R. Covey, this presentation focuses on what Trust is and how we engender it. Many have shared that this is one of the top leadership books that they have read. Two quotes from the book define the focus and purpose of this session — “Trust – a key leadership competency in the new global economy" and "what is your ability to establish, grow, extend and restore trust.”


Speakers
TS

Timothy Shortall

Timothy Shortall is Director of Transmission Facilities and Operations in ITS' TNS for nearly two years. He was formerly Assistant Director of Design and Development at the University of Maryland for nine years. In addition, Tim has worked at several government agencies and a Tier 1 Internet Service Provider over a twenty-five year IT career. Tim received a BS in Computer Science from SUNY New Paltz, an MS in Telecommunications from University of... Read More →


Thursday October 15, 2015 4:00pm - 5:00pm
Room 107 The Penn Stater Conference Center Hotel

4:00pm

Aggregate Attack Graphs from Real-World Vulnerability Definitions
An attack graph is a bipartite set consisting of vertices that represent either vulnerabilities or logical conditions, and directed edges that represent pre- and post-conditions of exploit. An attack graph is often used to comprise multi-step attacks on a given network and thereby make the security of that network amenable to graphical analyses. We mitigate two limitations of attack graphs regarding application to real networks. By doing so, we are able to 1) develop attack graphs that encompass the entire NVD database, providing coverage comparable to that from a vulnerability scanner and 2) form longitudinal judgments of the hardness of networks that feature realistic provisioning and thereby provide decision support for IT provisioning. The first limitation in applying attack graphs to real networks is that the pre- and post-conditions that are necessary to chain vulnerabilities are generated by hand because these are not part of standard vulnerability definitions. We demonstrate a semi-automated method to populate attack graph vertices from NVD definitions and to group these vertices into supernodes. Conditions are annotated for only these supernodes, such that the manual effort to annotate conditions is minimized. The second limitation is that an attack graph represents a single configuration of a network and the results of any analysis of this graph apply specifically to this configuration. In the real world, network configurations change daily but provisioning decisions are made in the long term. We extend the attack graph concept to support aggregation across configurations.

Speakers
CS

Caleb Severn

Caleb Severn is a PhD student in computer science and works in the Applied Research Laboratory at the Pennsylvania State University. In addition to basic research in network simulation and evaluation, Caleb performs data collection and modeling of supply chain security. Over the previous decade, Caleb worked in control networks and industrial security.


Thursday October 15, 2015 4:00pm - 5:00pm
Presidents Hall 2 The Penn Stater Conference Center Hotel

4:00pm

How Cloud is Changing the Log Analysis Challenge

Come to this session to learn how next-generation hybrid cloud management services can help an organization collect massive amount of logs and machine data, explore and search them quickly, visualize results in rich dashboards, and get ready-made operational solutions for modern IT operations. Specifically, we will show how cloud-based solutions can help you reliably collect security events and use them to perform ad hoc forensic/exploration of unknown breach patterns.


Speakers
RM

Richard McBrine

Rich McBrine is a 15-year veteran at Microsoft, originally starting out in Microsoft Consulting Services and currently working the U.S. Education Team, driving Azure adoption. Rich specializes in Azure infrastructure services & management technologies, with a specific focus on architecting cross-premises (hybrid) solutions. His current role puts him in the field with Education customers, evangelizing, demonstrating, and leading chalk talk... Read More →


Thursday October 15, 2015 4:00pm - 5:00pm
Room 207 The Penn Stater Conference Center Hotel