Presentation Abstracts & Presenter Information
Welcome and Introductions - Paul Howell, University of Michigan
Paul Howell (CISSP) is the Chief Information Technology Security Officer at the University of Michigan, and he directs the Information Technology Security Services office. He is a graduate of the University of Michigan in Computer Science, with a Master's degree in Information Security from Eastern Michigan University. Paul has over 20 years of computer and network security experience.
The Changing Threat Landscape - John McCumber, Symantec Corporation
John McCumber is the strategic programs manager in the Public Sector Group of Symantec Corporation. He is currently involved in research and development activities in support of leading edge government information assurance initiatives. John is a retired US Air Force officer and former Cryptologic Fellow of the National Security Agency. During his military career, John also served in the Defense Information Systems Agency and on the Joint Staff at the Pentagon as Information Warfare Officer during the Persian Gulf War. In addition to his professional responsibilities at Symantec Corporation, John is a Professorial Lecturer in Information Security at The George Washington University in Washington, D.C., and is technical editor and a monthly columnist for Security Technology and Design magazine. John is the author of Assessing and Managing Security Risk in IT Systems: a Structured Methodology from Auerbach Publications.
This presentation will discuss the dramatic shift from viruses and denial of service attacks to the next generation of targeted attacks for financial gain. John will present the numbers that expose this troubling trend, and show what risk management processes are necessary to stay vigilant in the face of this dynamic threat environment.
State of Network Security and Changing Nature of Threats - Marc Maiffret, eEye
Marc Maiffret is Co-Founder and Chief Hacking Officer of eEye Digital Security. eEye originally coined the title "Chief Hacking Officer" to describe Mr. Maiffret's role in leading eEye's product development and vulnerability research efforts. Mr. Maiffret is quoted regularly in the media and is regarded as an industry expert regarding network security issues. Additionally, Mr. Maiffret has testified before Congress on several occasions regarding the state of computer security.
The Security Development Lifecycle - Steve Lipner, Microsoft
Steven B. Lipner is Senior Director of Security Engineering Strategy in the Security Technology Unit at Microsoft Corporation. He is responsible for the definition and updating of the Security Development Lifecycle that Microsoft applies to improve the security and privacy of its products. Mr. Lipner is also responsible for Microsoft's policies and strategies for the security evaluation of its products, and for the development of programs to provide improved product security to Microsoft customers. Mr. Lipner has over thirty years' experience as a researcher, development manager, and general manager in IT security. He is named as co-inventor on 11 patents in the field of computer and network security. Mr. Lipner holds B.S.and M.S. degrees from the Massachusetts Institute of Technology and attended the Harvard Business School Program for Management Development. He is a Certified Information Systems Security Professional and a member of the ISC2 Americas Advisory Board.
Beginning in late 2001, Microsoft undertook a series of steps with the objective of improving the security of the software it shipped to customers. Those steps began with the "security push" efforts of late 2001 and early 2002 and have now led to the Security Development Lifecycle (SDL), which introduces requirements for improved security to each stage of the product development process. This presentation will introduce the motivations for the SDL, describe the current requirements of the SDL, and outline the process by which the requirements of the SDL are changed in response to evolving threats and security technologies.
Lockpicking - Deviant Ollam, deviating.net
Deviant Ollam's first and strongest love has always been teaching, while paying the bills as a network engineer. Employed periodically at schools in the greater Philadelphia area, he recently tacked some actual letters to his name at the New Jersey Institute of Technology and Rutgers University in the hopes of doing the professor gig full time. A fanatical supporter of First Amendment rights who believes that the best way to increase security is to publicly disclose vulnerabilities, Deviant has given lockpicking talks at DefCon, ShmooCon, HOPE, and West Point Military Academy.
Physical security isn't just a concern of the IT world. Besides securing server rooms, locks of all sizes and styles are scattered throughout our lives. However, much of the general public is unaware of the insecurities present in many lock designs. Through discussion and direct example, Deviant Ollam will address the strengths and weaknesses present in a wide variety of security hardware. Discussion of effective tools, advanced theories, and lesser-known bypass techniques will also be covered. Many styles of practice locks and picks will be made available for hands-on attendee participation.
Overview of US-CERT and Real World Cyber Incident Trends - Reginald McKinney, US-CERT
Reggie McKinney is the Chief of Staff for the United States Computer Emergency Readiness Team (US-CERT) at the National Cyber Security Division, the national focal point for addressing cyber security issues in the United States. Prior to assuming this position, Mr. McKinney held various cyber security positions with the Federal Bureau of Investigation, Defense Intelligence Agency, Joint Task Force for Global Network Operations (JTFGNO), and the Department of the Army.
What is the United States Computer Emergency Readiness Team? How do they coordinate and respond to nationally significant incidents? How are they staying on top of emerging cyber threats, and to whom are they communicating this information? Lastly, what can your information security teams do to protect critical business systems or applications?
Botnet Case Study: United States vs. Christopher Maxwell - David Farquhar, Federal Bureau of Investigation
David Farquhar received his undergraduate degree in Industrial and Operations Engineering from the College of Engineering, University of Michigan, Ann Arbor, and then pursued a career in Information Technology, first as a software programmer and consultant, and later as a database administrator and data architect. In 2003, he became a Special Agent of the Federal Bureau of Investigation. He was assigned to the Seattle Field Office's Cyber squad, where he has investigated computer intrusions for the past three years. SA Farquhar has investigated numerous Internet worms and botnets including Blaster, MyDoom.B, Sasser, Netsky, and MyTob/Zotob.
Between July 2004 and July 2005, Christopher Maxwell and two co-conspirators operated several IRC botnets, through which they surreptitiously installed adware, netting them more than $100,000 in illicit proceeds. Among the thousands of victim computers were several computers at the Northwest Hospital in Seattle, WA. This presentation outlines the year-and-a-half investigation and prosecution that resulted in a guilty plea by Maxwell. Some of the technical, legal, and practical challenges unique to cyber crime investigations are also addressed.
Anti-Phishing - Scott Vowels and Ken Schaeffler, Comerica
Kenneth P. Schaeffler is a first vice president in charge of the Corporate Information Security Services Department of Comerica Incorporated. As the director of Information Security for the Detroit-based bank, he manages a staff of twenty five professionals and is responsible for the following security areas: architecture and technical standards, infrastructure support, design and engineering, monitoring systems, vulnerability assessments, consulting and project support, intelligence, risk assessments, awareness programs, compliance related to laws and regulations. He is also responsible for computer incident response, forensics and investigations; information security policy & standards; and provisioning security credentials. Schaeffler joined Comerica in 1965. His information technology experience spans forty years and multiple technology disciplines including systems management/technical support, data center operations, application development, performance management/capacity planning, and corporate disaster recovery. His prior experience includes systems programming, planning multiple data center consolidations, modeling of data networks and large computer systems, transitioning technology infrastructures to be eBusiness capable, and enabling the secured delivery of Comerica's business products and services. Schaeffler is involved in several financial services, security and privacy organizations.
K. Scott Vowels is a vice president in the Corporate Information Security Services Department of Comerica Incorporated. As the officer-in-charge of Security Architecture and Engineering for the Detroit-based bank, he manages a staff of nine professionals and is responsible for the following security areas: architecture and technical standards, infrastructure support, design and engineering, monitoring systems, vulnerability assessments, consulting and project support, and intelligence. He is also responsible for computer incident response, forensics and investigations. Vowels joined Comerica in 2001. Previously, he served as a network and security engineer for M-CARE Inc., of Ann Arbor, MI. While with M-CARE, he was responsible for the security of host systems, network infrastructure and acted as the liaison to the University Health System's Security and Privacy committee. His prior experience includes service as a computer systems administration and consultant, the latter with the University of Michigan's Department of Surgery. Vowels is a Certified Information Systems Security Professional (CISSP) and is involved in several security and privacy organizations.