Day #1- Wednesday, September 30
Securing the Virtual Workforce
Morning Plenaries and Keynote
9:00-9:10 | Welcome
Eric D. Darr, Ph.D. President, Harrisburg University of Science and Technology
Kelly Powell Logan, Vice President of Strategic Workforce Development and University Centers, Harrisburg University of Science and Technology
9:10-9:20 | Opening Comments
John MacMillian, Deputy Secretary for Information Technology and Chief Information Officer, Commonwealth of Pennsylvania
9:20-10:20 | Keynote: Securing the Virtual Workforce- Technology and Psychology
John Dolmetsch, Chief Information Officer, Business Information Group
Biography: John has spent the last 20 years leading a nationwide wireless specialized practice and has become a recognized leader in the industry. Starting with municipal wireless in the early 2000s, he has led his team as the Executive Architect on leading-edge wireless initiatives including Comcast/Xfinity nationwide Wi-Fi deployment and strategy, Exelon ConEdison and PPL Smartgrid Wireless Initiatives, State of Maryland Microwave and Edge Device Deployment, Siemens, Nokia, IBM and Johnson Controls Wireless SME Advisor, Comcast Stadium, Venue, Transit, and Multi-Tenant Wi-Fi Strategy.
John has extensive experience in converged technology solutions and leads a team of SMEs in all functions of technology solutions including advanced routing, cybersecurity, IoT, wireless, application development, building automation, and mobility. In addition to Executive Architect and business leader, he provides guidance to the Economic Development Department for the State of Pennsylvania, York County and York City, on the implementation of technology for business development. John also sits on the York College Advisory Council for Technology Curriculum Development.
Presentation Abstract: The move towards a virtual workforce, up until 2020, was a slow and contentious one. While businesses and society were well aware of the economic, environmental, and social benefits of a virtual workforce, few adopted or embraced the concept due to long-standing beliefs that a workforce needed to be contained in a central office building or campus. The COVID-19 pandemic forced the world to adapt to a remote work world and embrace the technologies that had already been developed, years ago, to enable organizations to function and thrive in a non-centralized environment. Adapting to a virtual workforce requires the implementation of technology at many entry and exit points for remote workers, a movement to more cloud-based solutions, and the implementation of collaboration tools. However, there is a psychology and social component of security that must be considered that overshadows the technical component. During this presentation, we will explore the mix of technology and psychology required to make the virtual workforce safe, productive, and effective.
10:20-10:45 | Morning Break
Break for 15 minutes before starting Session #1.
Session #1- Solutions and Tools: Work
10:45 - 11:30 | Track #1: COVID-19 Pandemic for Fraudsters: A Once- In- A- Lifetime Opportunity
Shaun Barry, Director, SAS
Biography: Shaun Barry is a renowned expert in fraud and analytics, with a specific focus on government. Shaun has worked for and with governments around the world for the past twenty-five (25) years to foster innovation through technology. He is a frequent speaker at industry events, and he has testified before legislative bodies for numerous governments. At SAS, he oversees a team of 20 experts who use data and analytics to help government work better. Prior to joining SAS, Shaun was the Global Fraud Solutions Executive for one of the world’s largest technology firms. In this capacity, he led a global team of fraud and technology experts to implement anti-fraud solutions for both public sector and private sector organizations. He also has worked as a public servant for US state government agencies in Ohio and South Carolina. Shaun holds a Bachelor of Arts degree in American Studies from the University of Notre Dame and a Master of Public Policy degree from Duke University. He and his wife Kristen have two children and reside in Rockville Centre, NY.
Carl Hammersburg, Manager, SAS
Biography: Carl Hammersburg brings nearly 30 years of experience and passion for the prevention of fraud and tax evasion in government and healthcare programs. He joined SAS in 2012 and worked with government officials and private industry in a dozen countries on fraud and risk in health care, tax, unemployment, workers’ compensation, and a range of other programs. An expert on issues of employee misclassification, tax evasion, and the underground economy, Carl has testified before numerous task forces, commissions, and elected officials on addressing those issues through data sharing, analytics, and proper use of enforcement tools. Prior to joining SAS, Carl spent 22 years in government programs, starting in Medicaid, then tax collection, auditing, and claimant and provider fraud prevention in a multi-billion dollar workers’ comp program at the Department of Labor in Washington State. As the Division Head of Fraud Prevention and Compliance, he served as executive branch lead on a Joint Legislative Task Force on the Underground Economy, driving significant legislative change in data sharing and enforcement. Carl holds a Bachelor of Arts in Business Administration from the University of Washington and resides in Seattle with his wife and two cats.
Presentation Abstract: Governments are creating new recovery programs to fight the economic consequences of COVID-19. These programs get needed relief quickly to impacted citizens and businesses. Unfortunately, the pandemic has given fraudsters a once-in-a-lifetime opportunity to attack and defraud government programs. Recovery programs are susceptible to fraud and integrity issues. A rapid roll-out often means foregoing the usual fraud checks. Perhaps more concerning, crime rings are mounting organized attacks on some programs. What’s at stake? Billions of dollars that are siphoned away from those who need it most. This session will focus on how analytics and technology can give government leaders a needed boost to protect the integrity of benefit programs. We will focus on unemployment insurance, the Paycheck Protection Program (PPP), and general identity theft.
10:45-11:30 |Track #2: Emerging Threats in a Remote World
Tony Hubbard, Principal – Government Cybersecurity Services, KPMG
Biography: Tony Hubbard is a Principal in KPMG’s McLean office. He has 28 years of experience in providing advisory services to United States Government entities, notably in the realm of cybersecurity. He has also supported commercial clients that have programs linked to Federal Government cybersecurity initiatives (e.g., FedRAMP, FISMA, and NIST).
Tony’s experiences have entailed improvement in business processes and internal controls, with a focus on assisting clients in complying with laws, standards, and guidelines such as ITIL, COBIT, FISCAM, FISMA, FFMIA, CFO Act, NIST, and OMB.
Presentation Abstract: In the face of a global pandemic, workers have moved from the office to the home, taking their corporate assets and sensitive data with them. Companies now rely heavily on remote work capabilities, some of which are new or untested. Malicious cyber actors have taken note and are working harder than ever to take advantage of this new environment. While their tactics might look familiar, they’ve shifted focus to the new weak points of work-from-home. Technology and security leaders need to do the same. This session will explain the emerging threats that companies face in the new work-from-home world and the steps your organization can take to stay secure.
11:30-1:00 | Lunch Break
Break for lunch before starting session #2
Session #2- Understanding New and Different Threats: Work
1:00-1:45 | Track #1: A Different Approach to Intrinsic Security Makes Things Easier
David Balcar, Security Strategist, VMWare
Biography: David Balcar is a Security Strategist at VMware. David is a security veteran with over 18 years’ experience in conducting Security Research, Network Penetration Testing, Incident Response, and Computer Forensics. David is a regularly featured speaker at Security Conferences worldwide, presenting on subjects including security trends, penetration testing, top threats, and network security hardening. He is a member of the HTCIA (High Technology Crime Investigation Association), and ISSA (Information Systems Security Association).
At VMware Carbon Black, David is responsible for the presales activities of the VMware Carbon Black portfolio that includes: VMware Carbon Black EDR, VMware Carbon Black App Control, VMware Carbon Black Cloud Endpoint, VMware Carbon Black Cloud Enterprise EDR, VMware Carbon Black Cloud Audit, and Remediation & VMware Carbon Black Cloud Managed Detection.
Presentation Abstract: There has never been a more challenging or exciting time in security. The sophistication of attackers, security threats, breaches, and exploits are becoming more prevalent with no end in sight. With the adoption of cloud, new applications, mobile digital workspace, IoT, compute, and data at the edge, the problem is only getting harder to solve. But this also represents an opportunity for a new approach.
1:00-1:45| Track #2: Understanding New and Different Threats: Panel Discussion
Speaker #1:Scott Major, CISSP, CISA , ITIL v3,Chief Information Officer, Berks County IU
Speaker #1 Biography: Scott Major is the Chief Information Officer for the Berks County Intermediate Unit (BCIU), where he is responsible for planning, administering, and supervising all areas including cybersecurity and compliance, infrastructure and operations, software services, grant and funding development, and the development and delivery of technology services for BCIU programs, constituent school districts and the community at large. Scott has served as a technology leader in education for 21 years. During that time, he served as the Director of Technology at the Boyertown Area School District, Director of Technology at the Lancaster County Career & Technology Center, Director of Network Services at Elizabethtown College, and Network Manager at Dickinson College. Scott is currently finishing his Doctoral research in IoT Security Practices in K12 at Walden University.
Speaker #2: Richard Svesnik, Deputy Director of Information Systems, Westmoreland County IU
Speaker #2 Biography: In a county just outside of Pittsburgh, Pennsylvania, Richard Svesnik, has been building his career for the past 14 years within the Information Systems Department of Westmoreland County. His journey began in 2006 as a Technical Support Specialist, but quickly moved into an administration position with the county’s IBM Power System in 2008, and again in 2012, transitioned to Director of Information Technology. In 2018, with a departmental reorganization, Rick moved into the Deputy Director of Information Systems role, combining his prior oversight of the physical infrastructure of Westmoreland County’s IS department with that of the Applications division as well. Rick has been with the county through various large scale deployments such as the migration to a robust VDI environment, implementing a Cisco VOIP phone solution, and the 2013 construction of an all new on premise Data Center. To unwind from the daily stresses of IT, Rick can be found with his wife, Kelly, two sons, Jackson and Tyler, and dog, Lilly, somewhere deep in Forbes State Forrest, as an avid rock climber, hiker, and mountain biker.
Moderator: Michael Sage, CGCIO, ITLv3, Chief Information Officer, County Commissioners Association of Pennsylvania
Moderator Biography: Michael Sage is the Chief Information Officer for the County Commissioners Association of Pennsylvania (CCAP), where he provides services to county government and serves as a voice for Pennsylvania counties. Prior to joining CCAP in 2019, Michael was with the Commonwealth of PA for over 15 years. During that time, he served in various roles including Chief Security Officer and Deputy Chief Information Officer for the Department of Labor & Industry. He also served as Chief Technology Officer for the Employment, Banking, and Revenue Delivery Center. Michael is passionate about collaborating, strategizing and fostering relationships across all levels of government. He has lead reorganizations, budget analysis, shared service implementations, security initiatives, strategic planning, technology and application modernizations, service optimization, and many other strategic and operational initiatives.
Christopher P. Dressler, Information Security Officer, PA Office of Administration | Enterprise Information Security Office
Employment, Banking and Revenue Delivery Center, Commonwealth of Pennsylvania,
Presentation Abstract: Join panelists from the Berks County IU, Westmoreland County IU, Commonwealth Commissioners Association of Pennsylvania, and the Commonwealth of Pennsylvania as they discuss threat intelligence, cybersecurity, new threats, and changes due to COVID-19 on their positions and the field as a whole
1:45-2:00 | Afternoon Break
Break before the endnote address.
2:00-3:00 | Endnote: Cybersecurity Threats, Mitigation Strategies, and Resources
Speaker #1: Andrew Dolan, Director of Stakeholder Engagement, MS-ISAC
Speaker #1 Biography: Andrew is the Director of Stakeholder Engagement for the Multi-State Information Sharing and Analysis Center, a division of the Center for Internet Security. The MS-ISAC has been designated by the U.S. Department of Homeland Security as the focal point for cyber threat prevention, protection, response and recovery for the nation’s state, local, territorial and tribal (SLTT) governments. Under Andrew, the MS-ISAC has greatly expanded its membership since 2012, and now boasts approximately 10,000 members across the country. Prior to arriving at the MS-ISAC in 2012, Andrew spent years working for the Department of Homeland Security and Emergency Services in New York State. It was here that he developed a passion for working with local governments all over the country, in an effort to help them prepare for the challenges they face both in the physical world and cyberspace.
Speaker #2: Eugene Kipniss, Members Program Manager, MS-ISAC
Speaker #2 Biography: Eugene Kipniss is the Member Programs Manager for the MS-ISAC and EI-ISAC. He works managing the Nationwide Cybersecurity Review (NCSR), a no-cost self-assessment that allows State, Local, Tribal, and Territorial (SLTT) Government entities to measure their cybersecurity maturity against the NIST Cybersecurity Framework (CSF). He and his team strive to turn SLTTs’ individual NCSR results into actions and roadmap planning for improvement by connecting them with federally funded services and information products that support security posture. Additionally, he co-chairs the MS-ISAC’s Metrics working group that focuses on the NCSR assessment’s design and analysis as well as on developing best practices for SLTT users of the assessment.
Presentation Abstract: Cybersecurity has emerged as one of the most important issues facing public and private organizations today. The worldwide reach of the internet means that cyber threats can come from anywhere, and with these threats, come horror stories. Join us, as Andrew Dolan of the MS-ISAC, brings us through real life examples of cybercrimes and emerging threats to the government sector and the steps we can take to minimize and mitigate these threats. Additionally, Eugene Kipniss will be giving an overview of a no-cost cybersecurity self-assessment, the Nationwide Cybersecurity Review (NCSR), that government/public entities can leverage to measure their own strengths and weaknesses, and to chart out a roadmap toward improvement.
Day #2- Thursday, October 1
Securing the Virtual Marketplace
Morning Plenaries and Keynote
9:00-9:10 | Welcome
Kelly Powell Logan, Vice President of Strategic Workforce Development and University Centers, Harrisburg University of Science and Technology
9:10-9:20 | Opening Comments
Erik Avakian, CISSP, CRISC, CISA, CISM, CGCIO™, ITILv3s, Chief Information Security Officer, Commonwealth of Pennsylvania
9:20-10:20 | Keynote: Post-COVID Reboot- The Human Effect
Matthew Newfield, Corporate Chief Security Officer, Unisys
Biography: Mathew Newfield joined the Unisys leadership team as the Corporate Chief Information Security Officer in March 2018. He leads the Unisys Corporate Information Security team with responsibility for the design, development, and implementation of the company’s corporate information security and risk programs across all regions and functions. Newfield has over 19 years of experience in Information Technology with a focus on Security, Software as a Service Operations, Risk Auditing and Management, and International Mergers and Acquisitions. Prior to joining Unisys, he was the Director of Global Managed Security Services for IBM where he had responsibility for delivery services in 133 countries and managed a staff of nearly 1,500 security professionals. Newfield led the Managed Security Practice that performed Device Management, Threat Intelligence, Managed Security Information and Event Management, Account Governance, Project Management, Deployment Services, New Service Integration Business Operations, Compliance/Governance, and Architecture Services. Newfield was also the Business Unit Information Security Officer and Global Process Officer for IBM’s Security Services Organization.
During his time at IBM, Newfield streamlined operational processes and developed cost reduction methodologies that improved cost control, profitability, and client delivery. Prior to IBM, Newfield held senior security leadership roles at Cybertrust, RSA, and DCC Advocacy. Newfield is on the Board for National Technology Security Coalition (NTSC), a published author on topics related to security, a speaker on cybersecurity, and an instructor at the SANS Institute. In addition, he holds a Bachelor of Science degree in Industrial and Organizational Psychology from George Mason University.
Presentation Abstract: People all around the world will forever remember the COVID-19 pandemic, its rapid spread, and the devastating impact on the health of our society and the global economy. Many of the 7.5 billion people across the globe have experienced the loss of lives, jobs, and businesses. In times like these, people are struck with strong emotions caused by fear, uncertainty, and doubt. That is when we are driven most by the Human Effect. As leaders of our organization and as cyber professionals, the challenges are many.
In addition to supporting and securing our virtual workforce, we also see a growing number of cyber-attacks against our digital marketplace of products and critical services. Too often we focus on technology and less about the human factor. In the new normal, IT Leaders and others need to lean in and embrace the human factor when connecting and communicating with their internal and external stakeholders. So, in times of crisis let us explore the hidden lessons that can serve as a catalyst for change and allow us to reboot and create the new normal.
Explore Lessons Learned During COVID-19:
• What did your team do to effectively manage and respond to the crisis?
• What actions did your team take to best engage and support your stakeholders internally and externally?
• What changes will you make across your people, process, and technology to help accelerate a rebound?
• How will you manage and evaluate the impact of the implemented changes?
• What enhancements have been made to your business continuity strategy and execution plan to minimize business disruption in the future?
10:20-10:45 | Morning Break
Break for 15 minutes before starting Track #1.
Session #1- Solutions and Tools: Marketplace
10:45 - 11:30 | Track #1 - Understanding New Threats
Brandon Keath, Cyber Security Practice Lead, Appalachia Technologies LLC
Biography: Brandon joined Appalachia in 2018 as a Cyber Security Practice Lead. With prior experience in both private and public-sector IT consulting, Brandon has served in various roles in cybersecurity over the past 11 years specializing in ethical hacking, cybersecurity strategy, regulatory compliance, and cyber defense. Brandon has taught cybersecurity classes for a world-leading Cyber Security Bootcamp based out of Chicago and is active in the local Cyber Security community currently chairing the PAHackers Cyber Security group that meets monthly to discuss various issues facing the industry and holding various cybersecurity-related workshops and events. Brandon has most recently presented at the Harrisburg University of Science and Technology 2018 Cybersecurity Summit, and the Security BSides Delaware and BSides Long island conferences. Brandon has a Master’s degree in Cyber Security and Information Assurance from Western Governor’s University and a Bachelor of Science from Central Penn College in Information Technology along with numerous security-related certifications such as EC-Council’s Certified Ethical Hacker (CEH) and Certified Hacking Forensics Investigator (CHFI) certifications.
Presentation Abstract: In this fast-paced presentation, we will review some of the newest cyber threats we see against organizations. Covid-19 has rapidly changed the landscape for threats, and we continue to see an increase in sophisticated threats utilizing machine learning and advanced persistent threats. In this presentation, we will offer practical steps organizations can take to contain and stop these kinds of risks.
10:45-11:30 |Track #2: Microsoft Endpoint Configuration Manager / SCCM and Cloud Management
Brant Kenny, Manager of IT Services, Lincoln Intermediate Unit 12
Biography: Brant Kenny is the Manager of IT Systems for the Lincoln Intermediate Unit and has over 14 years of experience in the field of educational technology. Brant holds a Bachelor of Science in Music Education from Messiah College and a Master of Science in Learning Technologies with Instructional Technology Specialist Certification from the Harrisburg University of Science and Technology. After teaching music for 5 years, he transitioned into the role of Technology Coordinator for a local charter school. From there, he moved to the Lincoln Intermediate Unit 12 where he currently serves as the Lincoln Intermediate Unit 12’s Manager of IT Systems. He is responsible for managing LIU’s server and network infrastructure, asset inventory/replacement cycle, Enterprise IT Services consulting arm, the Lincoln IU 12 Educational Technology Services Help Desk, and providing technical leadership for LIU’s Lincoln Learning Network RWAN Consortium. Brant has also provided professional development to multiple school districts focusing on Microsoft Endpoint Configuration Manager (MECM) and presented at Tech Talk Live on “Inexpensive Network for Schools featuring Ubiquiti Networks”.
Presentation Abstract: The need to secure our devices, regardless of their physical location, has always been a priority item in many organizations. The COVID-19 pandemic and the ensuing closures have created a need for every organization to review their security posture with regards to devices in the field. Join us to learn how Microsoft’s Endpoint Configuration Manager, in concert with Intune, can be easily deployed to your workstations in a short period of time!
11:30-1:00 | Lunch Break
Break for lunch before starting Session #2.
Session #2- Understanding New and Different Threats: Marketplace
1:00 - 1:45 | Track #1: Epic Fails in Data Security and How to Address Them
Richard Swain, Senior Cybersecurity Architect, IBM Security
Biography: Richard Swain is a Senior Security Architect with over 30 years of broad IT and leadership experience and 11 years in Information Security. He holds the industry certifications CISSP, CCSP, CRISC, and CIPM and is a certified IT Architect. Richard is also a volunteer Director for the ISACA Sacramento chapter. Richard has been supporting IBM North America Clients since 2008 and has been the lead solution architect for many engagements across state government.
Victoria Guido Koutsoubos, Security Portfolio Sales Executive: Public/Fed NE, IBM Security
Biography: Victoria Guido Koutsoubos joined IBM in 2018 and graduated top of her class in Global Sales School. She then joined the MaaS360 sales team. As a seller, Victoria averaged 150% of quota attainment during her time with MaaS360. She has now transitioned into the Software Security Portfolio selling role for the NE Public/ Federal Markets. Victoria spent most of her life moving 33 times internationally and has some of her fondest memories in Europe. Her adaptability has turned these experiences into her love for trying new things.
Presentation Abstract: Ultimately, data is the target of cybercrime and the average cost of a data breach is $3.92M (2019). More data is being created, changed, shared, and stored than ever before – being able to collect and process data is critical to running a digital organization, but it can also create liabilities if it is mismanaged. Further, new regulations are creating more stringent requirements on how to handle data. As of April 2020, 18 U.S. states have enacted or were reviewing proposed bills targeting citizen privacy.
Recently, The International Association of Privacy Professionals reported on the impact of COVID-19. They found that 50% of organizations had adopted new remote working technology and that 60% of those new projects accelerated or bypassed security and privacy reviews. We will discuss the typical EPIC fails in securing critical data and how to avoid them. We will also walk through IBM’s point of view in addressing data security and the related privacy challenges.
1:00 - 1:45 | Track #2: Securing the New Normal: 6 Tools for Success
David Beidelman, Senior Security Solutions Architect, SHI
Biography: David Beidelman brings more than 20 years of technology and security expertise to his role as Senior Security Solutions Architect for SHI. He helps organizations develop and maintain proactive security programs by working to understand their assets, identify vulnerabilities, and define the processes and technologies that will enable them to reduce risk. He has extensive vulnerability assessment and incident response experience and has worked with clients across a variety of industries.
Presentation Abstract: 27 billion data records were exposed during the first half of 2020; more than four times higher than any previously reported time period. This session will highlight tools that can help you keep up with threats across all aspects of your security program:
- Identity & Access Management
- Application Security
- Data-Centric Security
- Data Center & Cloud Security
- Threat & Vulnerability Management
- Program Strategy & Operations
You’ll learn about privileged access management, DevSecOps, data classification, secure access service edge (SASE), defensive deception, and security automation solutions you can leverage to safeguard critical data and reduce risk during COVID-19 and beyond.
1:45 - 2:00 | Afternoon Break
15 minute break before the Endnote
2:00-3:00 | Endnote: How to Hack a Human
Luis Carvajal-Kim, Senior Manager, Risk and Financial Advisory Cyber Risk Practice, Deloitte & Touche LLP
Biography: Luis Carvajal-Kim is a Senior Manager with Deloitte Risk and Financial Advisory’s Cyber Risk Practice. Luis manages Deloitte’s U.S. Cyber Wargaming and Cyber Risk Quantification practices, and also serves as a cyber incident lead in Deloitte’s Cyber Incident Response (CIR) practice. Luis joined Deloitte in May 2015 after a twelve-year tenure in the Federal Civilian Service and helps clients prepare for, respond to, and recover from significant cyber incidents.
Presentation Abstract: Securing a network requires technical security, threat awareness, and regular training to protect users and data. Despite our best efforts, we are often challenged to secure the most tricky of all OSI Layers: Layer 8. In this presentation, the speaker will:
- Describe a high-level overview of types of two human cyberattack vectors, and two human intelligence models that can be used to identify and exploit them
- Present an open-source intelligence targeting methodology that focuses on four “identifier” categories
- Walk the audience through a cyber targeting use case focused on humans as threat vectors, based on a project focused on a North American public sector organization