Morning Plenaries and Keynote
8:45- 9:00 | Welcome

Eric Darr, President, Harrisburg University of Science and Technology

Kelly Logan, VP Of Strategic Workforce Development and Continuing Education, Harrisburg University of Science and Technology

9:00- 9:10 | Opening Remarks

John MacMillan, Deputy Secretary for Information Technology and Chief Information Officer, Commonwealth of PA

Presentation Video

9:10- 9:15 | Encouraging Caring and Sharing Video

Governor Tom Wolf, Commonwealth of Pennsylvania

9:15-10:00 | Security Challenges Confronting Government and Schools and Benefits to Collaboration & NASCIO’s Cybersecurity State of the States Report

The 2018 Deloitte-NASCIO Cyber Study, the 5th biennial study, has been referred to as the most “comprehensive study of state-level cybersecurity spending” (White House FY19 Budget Request). The 2018 study, in which all 50 state CISOs participated, highlights perspectives and insights surrounding cybersecurity from state CISOs. This joint keynote session with Erik Avakian, Commonwealth of Pennsylvania, CISO and Srini Subramanian, co-author of the study and Deloitte Risk and Financial Advisory Leader will discuss the study’s three bold plays, which are recommendations to disrupt the status quo.

Erik Avakian, CISSP, CISA, CISM, Chief Information Security Officer, Commonwealth of Pennsylvania

Erik Avakian was named Chief Information Security Officer for the commonwealth in 2010. Erik joined the commonwealth in 2005 and became Deputy CISO in 2007. He has over 17 years experience in securing enterprise-level environments and is an expert in reducing risk and mapping security to the business. He has extensive experience in security governance, risk management, compliance and incident response and remediation. As CISO. Erik is responsible for establishing enterprise security strategy, standards, controls, and security policies and lead the Enterprise Information Security Office, which defends against cyber attacks, reduces the commonwealth’s vulnerability to cyber attacks, and minimize the damage and recovery time from attacks if and when they occur. Erik holds numerous industry certifications including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified Government Chief Information Officer (CGCIO) and ITIL v3. He is an active member of the National Association of State Chief Information Officers (NASCIO) Security and Privacy Committee, the International Information Systems Security Certification Consortium (ISC2), the Information Systems Audit and Control Association (ISACA), Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Pennsylvania Criminal Intelligence Center PaCIC).

Srini Subramanian, Risk and Financial Advisory Lead, Deloitte

Srini is a principal in Deloitte & Touche LLP’s Cyber Risk Services practice and leads the Risk and Financial Advisory practice for the SLHE Sector. He has more than 30 years of technology experience, and more than 20 years of cyber risk services experience in the areas of information security strategy, innovation, governance, identity, access management, and shared services.

Presentation Video- Keynote begins at 28:00

10:00- 10:45 |CISA: Cybersecurity Resources for State and Local Governments
The Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to defend critical infrastructure against the threats of today, while working with partners across all levels of government and in the private sector to secure against the evolving risks of tomorrow. This presentation will discuss the new CISA, its role in protecting our Nation’s critical infrastructure, and the many no-cost cybersecurity services and information sharing resources available to state and local governments in order to promote a safe, secure, and resilient cyber infrastructure.

Benjamin Gilbert, Cybersecurity Advisor, Cybersecurity and Infrastructure Security Agency

Mr. Gilbert serves as a Cybersecurity Advisor in the Cybersecurity and Infrastructure Security Agency (CISA). He supports the Cybersecurity Advisor (CSA) program and CISA’s mission through the goal of strengthening the security, reliability and resilience of the Nation’s critical cyber infrastructure and serves in this role across the states of Virginia and West Virginia, as well as the District of Columbia. As a CSA, Mr. Gilbert conducts various cyber preparedness, risk mitigation and incident response coordination activities though public and private partnerships and outreach efforts in support of CISA’s mission. Prior to this appointment, Mr. Gilbert had served as a senior analyst with the CSA program’s headquarters where he led the development of various tools used by the CSA program to measure and strengthen the cybersecurity management capabilities of critical infrastructure organizations. Mr. Gilbert has been with CISA, and the Department of Homeland Security for over 9 years and has over 14 years of experience in cybersecurity spanning the commercial, federal civilian, and DoD communities. He currently holds the Certified Information Systems Security Professional (CISSP) certification, the Certified in Risk and Information Systems Control (CRISC) certification, the Certified Ethical Hacker (CEH) certification and a B.S. in Information Technology. Prior to joining DHS, Mr. Gilbert had served as an IT Specialist with the Virginia Army National Guard, and as an Airborne Infantryman in the U.S. Army’s 82nd Airborne Division.

11:15- Noon | Role of MS-ISAC and Resources to Help Governments and Schools Mitigate Cyber Security Risks

Cybersecurity has emerged as one of the most important issues facing public and private organizations today. The worldwide reach of the Internet means that cyber threats can come from criminals both in the United States and from foreign countries. In this session, Andrew Dolan will speak about emerging cyber threats to the government sector and the steps we can take to minimize and mitigate these threats.

Andrew Dolan, Director, Stakeholder Engagement, Multi-State Information Sharing and Analysis Center

Andrew Dolan is the Director of Stakeholder Engagement for the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). The MS and EI ISAC have been designated by the U.S. Department of Homeland Security as the focal point for cyber threat prevention, protection, response and recovery for the nation’s state, local, territorial and tribal (SLTT) governments and election focused organizations. He is responsible for managing all aspects of member relations, working with government associations, and conducting outreach on behalf of the MS-ISAC. Under Dolan’s direction, the MS-ISAC has greatly expanded its membership since 2012, including representatives from all 50 States, D.C., all 50 state capitals, and over 7,000 local and tribal governments.

Presentation Video 

Track 1: Sharing and Caring- Opportunities to Collaborate

1:00- 1:45 | The Risk and Protection of Cities and Municipalities

Following along keynote I would like to walk the audience through how some of my clients have shored up their defenses to support some of the actual attacks experienced. Using real world examples that did not make it to the press I will state ideas on how to protect against the attacks initially and, barring that, how to respond if an attack occurs.

Mike D’Arezzo, Director of Security Services, ePlus

Michael is responsible for assisting clients in developing transparent and secure programs for Information Technology and developing Governance, Risk, and Compliance programs. Michael joined SLAIT as the Director of Security Services in 2015 and is known for his strong track record of operational excellence, innovative problem solving, and regulatory compliance expertise. He brings with him over 20 years of experience from GE, AMF and MICROS/Oracle where he had a strong focus on driving standards, consistency, performance, compliance and regulatory affairs. Today, Michael leads the team of security consultants and supports clients by developing secure operations, policies, and identifying vulnerabilities in configuration in the network and processes, review of daily operations and existing controls to identify potential risk and resolve, mitigate, or create compensating controls. Other responsibilities include executing penetration testing, vulnerability scans, perform audits against industry developed or internal controls, and review business processes and create security improvements for clients and SLAIT. 

Presentation Video 

2:15- 3:00 | Considerations When Developing a Security Program

What do you do when you don’t have any security staff and little to no budget, but you want to build a more formalized security program in your organization? This presentation will describe how organizations can start from square one utilizing available resources to help prioritize and implement security controls. There is a plethora of free resources available to state and local organizations that will be discussed and resources will be provided to help you keep track of them easier.

Brian Paulhamus, Technical Support, Central Susquehanna Intermediate Unit

Brian Paulhamus has worked in the Computer Services department at the Central Susquehanna Intermediate Unit for approximately 10 years and has been helping to manage the computer services infrastructure and implementations/maintenance of Student and Financial information systems for approximately 300 school districts across the state of Pennsylvania.  He has worked mainly in technology support and has been transitioning into a key player in data center modernization and cybersecurity advancement within the organization.  This has opened the doors for further education for Brian and in 2018 he received a certificate from Harrisburg University’s Chief Information Security Officer (CISO) program and is now working towards obtaining his CISSP.  Brian and the CSIU got connected with the MS-ISAC in 2017 and that resource has provided many open doors for him to present or co-present locally, statewide and recently even nationally on the subject of getting started with building a security program in your organization.


Presentation Video 

3:15-4:00 | Panel Discussion: Cyber Challenges for Local Governments & Schools

Ron Jones, Lecturer in Cybersecurity, Harrisburg University of Science and Technology 

Dave Martin, Director of Technology, Capital Area Intermediate Unit 15

Michael Sage, Chief Information Officer, County Commissioners Association of Pennsylvania 

Moderator: John Wargo, Manager of Computer Services, Central Susquehanna Intermediate Unit Technology Group

Presentation Video 

Track 2: Effectively Dealing With Breaches 
1:00- 1:45 | Panel Discussion: The Role of Office of General Counsel, Attorney General, and State Police in the Orchestration of a Breach Response.

Brian Barnabei, Office of Administration, IT and Data Privacy/Security Counsel, Commonwealth of Pennsylvania 

Dan Egan, Office of Administration, Press Secretary, Commonwealth of Pennsylvania 

 Chris Dressler,  IT Execuative | Commonwealth of PA 

Moderator: Charlie Gerhards, Executive Director of the Government Technology Institute, Harrisburg University of Science and Technology

2:15- 3:00 | Red + Blue = Purple Teaming: The New Standard

In this session, the instructor will review a live simulation of a major breach challenging the defenders to perform the full incident response lifecycle. Will also include a highly collaborative approach between Red Teaming and Blue Teaming.


Ron Plesco, Principal, KPMG

Ron, a former prosecutor, is an internationally known information security and privacy attorney with over 18 years’ experience in cyber investigations, information assurance, privacy, identity management, computer crime, and emerging cyber threats and technology solutions. Ron is a Principal in KPMG’s Cyber Security Services practice. Ron joined KPMG in 2012 after a distinguished career in the private and public sectors and is a frequent speaker nationally. Before joining KPMG, Ron was the CEO of the National Cyber-Forensics and Training Alliance (NCFTA), where he managed the development of intelligence that led to over 400 worldwide cyber-crime arrests in four years and prevented over $2 billion in fraud. Notable NCFTA intelligence-led arrests include Ghost Click, Anonymous, Core flood and multiple online frauds.

3:15- 4:00 | Identifying Breaches and Your Legal Obligations

From a lawyer’s point of view, a data security incident is not a “breach” unless it triggers an obligation to notify. A patchwork of federal, state, and international law determines whether an entity has an obligation to notify individuals of unauthorized access to their data. This presentation will review data breach notification laws in the U.S. and EU, focusing on the categories of information subject to such laws, the trigger (such as “”risk of harm””) that determines whether notification is required, and exceptions or defenses that may allow an organization to determine that notification is not required under the circumstances. This presentation will also review practical aspects of the breach notification process, including to whom notifications must be made, how they may be made, and the contents required to be included in those notifications


Devin Chwasytk, JD, CIPP/US, Chair of Privacy & Data Security Group, McNees Wallace & Nurrick, LLC

Devin Chwastyk is the chair of the Privacy & Data Security Group at McNees Wallace & Nurick, a law firm based in Harrisburg, Pennsylvania.  He has focused his practice on cybersecurity issues since 2005, when he began representing merchants and banks in data breach litigation.  Devin has represented dozens of entities victimized by cyberattacks, helping those clients limit their liability and meet their notification obligations under state, federal, and international laws.  Devin holds the Certified Information Privacy Professional (U.S.) designation from the International Association of Privacy Professionals.

Track 3: Latest In Cyber Tools & Techniques
1:00-1:45 | Transforming Security: The Role of Context in Realizing Simpler, More Effective and More Efficient Workload Production.

Transforming Security: The role of context in realizing simpler, more effective and more efficient workload protection..walking through examples of where this has been implemented and keys to successful implementations. Dennis Moreau is a cyber security architect in the Office of the CTO at VMware. His current efforts focus on designing transformatively simpler, more effective, and more efficient protection in premise, edge and cloud hosting scenarios. He has worked in collaboration with OASIS, the National Institute of Standards and Technology (NIST), the U.S. Department of Defense (DoD) and the Mitre Corporation on the development of security/compliance information and automation standards. Dennis has over 25 years of experience designing security/compliance management solutions.


Dennis Moreau, PhD, Cybersecurity Architect, VMware

Prior to joining VMware he was a Senior Technology Strategist at RSA specializing in utility computing security, advanced threat technologies and trust modeling. He was a co-founder and the CTO of Configuresoft and the CTO for Baylor College of Medicine. He holds a doctorate in Computer Science and has held research and faculty positions in Computer and Computational Sciences. His work has been sponsored by the National Aeronautics and Space Administration, Caltech/Jet Propulsion Laboratories, the US Department of Commerce, the National Institutes of Health, the National Library of Medicine, AT&T Bell Laboratories and IBM. He is a frequent presenter at security conferences globally.

Presentation Video 

2:15- 3:00 |There is No Silver Bullet for Security

With the increasing sophistication of online exploits, cybersecurity risks will never go to zero. No matter what any vendor says, there is no silver bullet for security.

Unisys is one of the most attacked companies, given they are a global IT service provider with extensive Federal Agency involvement in protecting our borders, clients in the financial sector, and their CEO sits on the White House National Security Telecom Advisory Committee. This is an overview of cybersecurity operations that is intended to drive critical thinking.

Discussion Outline:

  • Learning from others
  • How complicated is a robust cybersecurity program
  • Continual improvement
  • Do you do these things / Did you know
  • Automation
  • Q&A

Chris Odom, CCISO, CISSP, Deputy Chief Information Security Officer, Unisys

Chris Odom is the Deputy Chief Information Security Officer responsible for ensuring that “security is in everything we do”. He is responsible for leading a single integrated global cybersecurity organization across the company’s businesses and geographies. This includes threat intelligence, vulnerability management, incident response, identity and access management, end-user training and communication programs, and regulatory compliance across heterogeneous operational environments.

Presentation Video 

3:15- 4:00 | Why Compliance Won't Save You, Focusing on What Matters

With the world moving at such a rapid clip it is only a matter of time before disaster strikes again. While lightning might not strike in the same place twice, cyber-attacks certainly do.In this presentation, we will explore what organizations can truly focus on to reduce their risk and where compliance frameworks often get it wrong. We will discuss new tools such as Bloodhound which can be used to quickly determine issues within your active directory environment, and other techniques to detecting if your system may be compromised.

Brandon Keath, MS, Cyber Security Practice Lead, Appalachia Technologies

Brandon joined Appalachia in 2018 as a Cyber Security Practice Lead. With prior experience in both private and public-sector IT consulting, Brandon has served in various roles in cybersecurity over the past 11 years specializing in ethical hacking, cybersecurity strategy, regulatory compliance, and cyber defense. Brandon has taught cybersecurity classes for a world-leading Cyber Security Bootcamp based out of Chicago and is active in the local Cyber Security community currently chairing the PAHackers Cyber Security group that meets monthly to discuss various issues facing the industry and holding various cybersecurity-related workshops and events. Brandon has most recently presented at the Harrisburg University of Science and Technology 2018 Cybersecurity Summit, and the Security BSides Delaware and BSides Long island conferences. Brandon has a Master’s degree in Cyber Security and Information Assurance from Western Governor’s University and a Bachelor’s of Science from Central Penn College in Information Technology along with numerous security-related certifications such as EC-Council’s Certified Ethical Hacker (CEH) and Certified Hacking Forensics Investigator (CHFI) certifications.

Presentation Video

Track 4: Tips For Creating An Effective Cyber Program For Your Organization

1:00- 1:45 | Understanding Your Adversary: Focusing a Security Program for Maximum Defense.

Defending an environment is a difficult journey, leaving security teams defaulting in to using many of the tools and processes they have become comfortable with over time. We need to change that. This talk will cover methodologies, theories and data analysis methods that can be used to defend in a more scalable and multi-faceted manner. Using those methods against the right actor at the right time can further the effectiveness of network defense, and we will compare actor behaviors throughout the talk, to ensure the most relevant application in defense of your environment.

Michael Benjamin, Senior Director of Threat Research, CenturyLink Black Lotus Labs 

Michael Benjamin is a 22-year veteran of the security and service provider markets. Since the team’s inception in 2014, Michael has led CenturyLink’s Black Lotus Labs, working to track and understand threats facing the internet. His team’s responsibility is to create the technology underpinning all security products at CenturyLink and to track internet threats to help protect CenturyLink and its customers. Michael comes from a strong technology and leadership background, having led all security technology direction at Level 3 Communications, as well as long-term planning for all technologies in his prior role at Global Crossing. His focus has been across network, computing and security technologies throughout his career.

2:15-3:00 | Zero Trust: CARTA, CSF, RMF, CJIS - OMG, How Can I Address All of These?

You may have heard all of these as buzz words, you may have been asked about them, or you may be digging into some or all of these topics in more depth. But why are they important and how can you address them with your limited time and resources? This engaging session provides an overview of all of these topics and more. It shows how a modern information platform can enable Cybersecurity Excellence without busting the budget or throwing out your current investment. “Cybersecurity Excellence” means finding a way to both efficiently and effectively manage cyber risks. It means asking the right questions and focusing investments in the security controls that matter most. Don’t run away from these topics, come learn how to use them to your advantage to make sure your organization is secure and relieve some of the drudgery of keeping it that way.


Peter Romness, Cybersecurity Solutions Lead, US Public Sector Cisco 

Peter Romness is the Cybersecurity Solutions Lead in the US Public Sector CTO Office at Cisco Systems. For over 30 years, he has devoted his deep knowledge and diverse experience to help government agencies securely accomplish their missions. He is laser-focused on mitigating cybersecurity threats, maintaining individuals’ privacy, protecting sensitive information, and securing government intellectual property. Peter brings Cisco’s advanced cybersecurity solutions to departments and agencies at Federal, State, and Local Governments, and Educational Institutions. 

He works with NIST and the National Cybersecurity Center of Excellence (NCCoE) and has contributed their 1800-Series Special Publications. Peter helps the broader IT community understand the very latest cyber capabilities and risk mitigation methods to effectively address cyber threats. His unique combination of a technical background and a passion for clearly conveying high-tech topics to audiences of all levels of understanding makes him invaluable to Cisco and our customers.  Prior to Cisco Systems, Peter held leadership positions at Hewlett-Packard, AT&T and Panasonic. He holds a degree in Mechanical Engineering from Duke University. 

3:15- 4:00 | Targeted Attacks: How to Recognize from a Defender’s POV

Organizations have ethical and legal compliance obligations to secure information. As client demands around vendor risk management are becoming increasingly stringent. A new category of solutions called “managed detection and response” (MDR) is emerging to meet this need. This session shares best practices to understand how organizations can improve their information security posture through monitoring, meet client compliance and security requirements, and control the time and budget to get the job done with MDR solutions.

John Davies, Sr Presales Systems Engineer, Arctic Wolf Networks

John Davies is a Senior Presales Systems Engineer for Arctic Wolf Networks and today he will share best practices to understand how organizations can improve their information security posture through monitoring, meet client compliance and security requirements, and control the time and budget to get the job done with MDR solutions.