Networking Check-in with Continental Breakfast

Please check in at our registration table and enjoy a complimentary breakfast with a side of networking.

KEYNOTE - Mr. Terry L. Carpenter Jr., Program Executive Officer, National Background Investigation Services (SES Tier 2) at DISA

Building the foundation for AI; NBIS Enterprise Architecture and AI Approach

Detecting insider threats is particularly challenging and requires analysis of cyber and non-cyber information.  The Defense Security Service and the National Background Investigation Services (NBIS) Program Executive Office (PEO) are pursuing a project to improve insider threat detection by leveraging AI to search for anomalous employee behaviors. Partnering with the Army Analytics Group, we’re building machine learning models that include security clearance, background investigation, security records, and personnel records (if / when available).  The goal is to give context to the artificial intelligence capability as it seeks to interpret anomalies in user monitoring cyber data.  If successful, we will be able to detect changes in behavior much earlier and with greater granularity while keeping the identity of the individual masked unless and until absolutely necessary.  If unmasked, we’ll put supervisors in a position to have a positive impact on the individual’s future through early intervention.
 

Nat Bongiovanni, Chief Technology Officer at NTT Data Services

Integrated Access Management – Decisions at the Speed of Machines

Role based access control (RBAC) has its shortcomings but RBAC risk can be mitigated with attribute based access control (ABAC). Effective control of insider threat occurs at the intersection of knowledge and trust and limiting access to sensitive information based on subject attributes is an effective means of reducing insider threat risk. In the future organizations will leverage existing enterprise systems as both the source of subject attributes and object attributes thus providing a paradigm where enterprise business systems provide the information (attributes) for access control and a centralized policy server becomes the decision point. 

The next step in a securing your enterprise is implementing, technologies for monitoring behavior of users and processes that can either automatically restrict or grant access based on what users are doing or attempting to do. Those decisions can happen in real-time fundamentally changing the threat paradigm. In this session we’ll discuss how to develop a framework for implementation of access control in the context of behavior. It will include a brief discussion of technologies that can identify anomalous behavior including artificial intelligence. The approach for making decisions, integrating those decisions into access control using attributes, and leveraging an Integrated Access ManagementSMsolution that provides real time protection for sensitive data. Thus mitigating the risk of information loss due to insider threat.

Antonio "Tony" Rucci, Director, InfoSec & Threat Intelligence for GRIDSMART Technologies, Inc.; Counterintelligence Special Agent (Retired)

Crawling Through the Trenches

“The Insider Threats We Find During Pentests and Incident Response”

Penetration Tests, Passive Network Assessments and Self Assessments are important elements to your proactive security strategy for your company and clients, providing a LOT of value in a short period of time. We’ll address how these play out as we take a brief tour through a series of data breaches and network assessments with which we were engaged, where both malicious and unintentional Insider Threats played a significant role. We’ll address the Third-Order Effects and impact on things you may never be able to control and maybe some which you can. Regardless, transparency is paramount and, in this day and age of social media engagement coupled with corporate culture, your “Bad Day In the Office” is going to get out one way or another. The world is getting smarter while business continues to struggle with the basics. Are you ready to step up and “Own It” when things go sideways?

Data Breaches Will Happen… How You Respond Defines Your Company! #InsiderThreats

BREAK

Please visit our sponsors, without them ITS5 would not be possible.

Charlie Sowell, Chief Operating Officer at iWorks

 Keeping Your Insiders from Becoming Outsider Threats

Most insider threat activities rightly focus on detecting and mitigating threats from insiders. As three recent counterintelligence cases demonstrate, the threat insiders pose is not limited to their time with your organization. Former employees can still cause damage years beyond their last day with you. This discussion explores ways to reduce the likelihood of former insiders becoming outsider threats. For example, some IC agencies provide formal after-care programs for their employees. Companies and government agencies can reduce the former-insider threat with a few simple actions.

Dustin R. Burns, Ph.D., GStat at Exponent

Demystifying AI in Cybersecurity

he goal of this talk is to demystify the application of artificial intelligence in the security industry. I will address common misconceptions and detail several common use cases, while attempting to cut through the hype and inflated marketing claims for AI systems. In addition to discussing the revolutionary benefits, I will also discuss potential pitfalls and challenges. Members of the target audience have foundations in the security industry and a curiosity about how AI methodologies are applied, but need not be experts.

Andree Rose, Project Director at the Defense Personnel and Security Research Center (PERSEREC), DoD’s Office of People Analytics (OPA)

TBD

LUNCH BREAK

Please visit our sponsors, without them ITS5 would not be possible.

Matthew J. St. Sure, Stanislaus County

Phishing Awareness - After Action Report: Presenting the lessons learned from a Phishing Awareness Program of 1,300 users 

  Spear Phishing has firmly been established as the preeminent method of breaching a network; we search for ways and controls that ultimately prove to be inadequate as any well-crafted phishing attack is challenging to distinguish from business email. 
What path forward can be used to mitigate this common component of the attack chain? 
Is the traditional awareness program working, what could be improved and what should we throw out altogether? 
How can we create a culture of security awareness that is sustainable and adopted from the C level to line staff of an organization? 
Striving to go beyond a compliance checkbox we will learn from an after-action report,  exploring the possibilities for building a better phishing awareness program.

BREAK

Please visit our sponsors, without them ITS5 would not be possible.

Bill Baz, DoD Account Executive at Radiant Logic

Federated Identity & Virtualization:  Removing Identity Integration as a Roadblock For Security and Digital Transformation 

Data can be both our greatest Achilles’ heel and the most powerful tool for building innovative and secure defense solutions. To be successful, we need to understand attributes of identities (both structured and unstructured) across the enterprise and harness this data to be interoperable across multi-domains for decision making. We must also deal effectively with the complexity associated with a wide variety of evolving data sources.

Identity is the new boundary. Breach is assumed and focus is applied in a different place: identity data and integration.Our approach to solving this dilemma involves abstracting identities from underlying repositories into a flexible, scalable infrastructure built on virtualization and big data technology. Without disrupting existing identity sources, RadiantOne builds a future-state, reusable unified identity layer for consuming applications.

The result: identity becomes an enabler, not a security bottleneck, allowing you to build on your legacy and accelerate your future identity objectives.

David Wilcox, Vice President, Federal at Dtex Systems

How to Understand and Detect the Insider Threat

The insider threat continues to be one of the most difficult security problems the public and private sectors face. Government has a complex set of challenges. The information employees and contractors need access to in order to do their jobs is often highly sensitive. When it becomes exposed, it can bring on extreme consequences. To be effective, insider threat strategies have to be holistic. They must account for malicious insiders such as Edward Snowden, negligent humans who expose data accidentally and by failing to follow secure procedures, and compromised users who unknowingly give up credentials to cybercriminals. By drawing on his 38-plus years of government security experience, David will demonstrate how insider threat programs built on strategies and innovation that achieve visibility over human behaviors can reduce significantly the level of insider risk within organizations.

BREAK

​

J.T. Mendoza, Deputy Director, United States Air Force (USAF) Insider Threat Hub

Three Major Pillars of Insider Threat: Espionage, Violence, Data Leak 

(Case Studies of Mallory, Manning, & Alexis)

Today, organizations face the complex challenge of insider threat but, often address it with inadequate solutions - primarily, failing to sufficiently meet a program’s true intent – to detect and prevent an event from occurring.  This presentation will review three cases that will cover major aspects of insider threat concerns: data loss event; espionage; and work-place violence.  It will also highlight similar indicators which permeate all three cases.  It concludes by providing broad recommendations on how to formulate a successful insider threat program. 

Closing Comments and Networking Reception in the Ferrantes Room

​

Brian Walsh, Special Agent at FBI

TBD