Session Information

REGISTER
EVENT ANNOUNCEMENT
SPONSORSHIP
AGENDA
SESSION INFORMATION
SPEAKERS
HOTEL ACCOMMODATIONS
CALL FOR PRESENTATIONS
HIGH SCHOOL CYBER CHALLENGE

Session Information

Featured Sessions

Diamond/Platinum Panel Discussion: Emerging Trends in Cybersecurity

Join our experts as they discuss how their companies are keeping up with cyber trends and innovating to address emerging threats.

Moderator: Chris DeRusha, Chief Security Officer (CSO), State of Michigan

Speakers:
Ron Bushar, Vice President & CTO - Government Solutions, FireEye, Tim Li, Principal, Cyber Risk, Deloitte and Bryan Charles Kissinger, PhD, Trace3

Panel Discussion - Fireside Chat with Congressional Members

DTMB Director Tricia Foster will lead a Fireside Chat with members of the U.S. House of Representatives to learn more about their priorities for cybersecurity, discuss national and local efforts to develop the workforce of tomorrow, and more.

Moderator: Tricia Foster, Director of the Department of Technology, Management and Budget (DTMB), State of Michigan

Panelists:
Congresswoman Debbie Dingell, 12th District of Michigan, U.S. House of Representatives
Congresswoman Haley Stevens, 11th District of Michigan, U.S. House of Representatives

The Global Threat Landscape: Why it Matters Locally

Global threat actors don’t just target big companies and governments, so it’s important for organizations of all sizes to have an awareness of nefarious activities in other world theaters. This session will discuss how destructive cyber threats have been tested and deployed across the globe, targeting much more than just states, municipalities, and local entities. In addition, the session will look at the importance of awareness around cyber security events are tied to geopolitical activities, and how to develop a strategy for readiness, prevention and response.

Tom Guarente, VP, External Affairs & Alliances, US Public Sector, FireEye
Earl D. Matthews, Maj Gen, (Ret), CISSP, Chief Strategy Officer, Verodin, Inc.
Ron Bushar, Vice President & CTO - Government Solutions, FireEye

 

Breakout Sessions

CISO in the NEW - Priorities and Perspectives

As the Threat Landscape evolves and becomes more sophisticated, CISOs will have to think outside the box and prioritize the areas that pose the highest risk to the organization. What does that mean for the CISOs of tomorrow? What should be their highest priorities? What should be their top security initiatives that bring the most ROI and get funding & support for the investments? How will they shift their focus to the “executive” aspects of their roles and build out their teams? How will they interact with and communicate to the rest of the organization, whether it is the board, the C-suite, their own teams or the rank and file.

Lalit Kumar Ahluwalia, Managing Director - North America Security Lead (Health & Public Sector) Accenture
Sol Bermann, CISO, University of Michigan
Laura Clark, Deputy CISO, State of Michigan
Michael Stone, Senior Counsel, Warner, Norcross & Judd

Creating a Defensible Position

Information Security leaders are responsible for leading the charge when it comes to “protecting the organization from cyber threats.” Sometimes those same leaders are responsible for physical and product security.  Understanding WHAT is in your scope is essential not only for your organization but also for your career.

Chris Burrows, Chief Strategy Officer, CBI

Creating Cyber Safe Culture in Your Small Business

This session focuses on establishing a solid foundation for a cybersafe culture by addressing 3 key elements: People, Process and Technology. Attendees will learn of different policies needed for success, different must haves for the technology to protect the small business, and what owners, management, and employees need to do and require to be successful in implementing and creating this culture.

Scott Taber, Cybersecurity Awareness Program Specialist, Michigan Small Business Development Center
Latchezara (Zara) Smith, Strategic Programs Manager, Michigan Small Business Development Center

Cybersecurity in the Era of Connected Electric Vehicles

In the modern era of connected vehicles including trends leading to fully autonomous drive capabilities, the specter of terrorist attacks on one or more classes of vehicles is a general public safety concern. This has the potential of impacting both humans as well as homeland infrastructure including the power grid in the case of Electric Vehicles. Today’s discussion covers topics specific to cybersecurity for connected electric vehicles.

Damon Mark, VP of Sales and Business Development, Trillium Secure, Inc.
Vishal Bhushan, Senior Embedded Engineer, Trillium Secure, Inc.

Demonstrations by Kibbey The Michigan State Police Cyber Dog

Kibbey is a Labrador trained to locate electronics. Her services are used during search warrants for child exploitation, murder, narcotics and fire investigations. Join us for a demonstration of Kibbey in action and see what she can do for you!

FBI Insider Threat Case Trends

The FBI Detroit will share insights from a recent study of Insider Threat cases conducted to identify trends in the methods, motivations, and impact of cyber insider threat actors on US businesses and organizations.

Ben Simon, Supervisory Special Agent (SSA), Federal Bureau of Investigation (FBI) Detroit
Matthew Schwieger, Intelligence Analyst, Federal Bureau of Investigation (FBI) Detroit

Fraud Prevention, the Future Is Cyber Threat Intelligence

Online fraud affects the customers of banks, financial services companies, retailers, utility companies, telecommunications service providers and any other companies that have a significant online presence. Being successful in the fight against account takeover in the cyber age requires new types of analytical and technological capabilities. This session will present actual use-cases on what can happen when cyber threat intelligence is utilized to stop fraudsters in their tracks.

Daniel Shepherd, Director, CSIS Security Group
Patrick Westerhaus, CEO, Co-Founder, Cyber Team Six

Growth of the CyberPatriot and Other Michigan Department of Education Cybersecurity and STEM Education Programs in the State

According to CyberSeek, funded by the National Initiative for Cybersecurity Education (NICE), the United States faced a shortfall of almost 314,000 cybersecurity professionals as of January 2019. Join us for a session about all the Cybersecurity and STEM programs the Michigan Department of Education is supporting across the State.  And learn how you and your company can “Pay it forward” by supporting these programs and becoming a mentor for CyberPatriot, one of the fastest growing programs in the country.

Elaina Farnsworth, CEO, The NEXT Education & Lead Consultant MADCAT Cyber Career Pathway Project
Tamara Shoemaker, Director, Center for Cyber Security & Intel Studies and Founder of the MI CyberPatriot Program, University of Detroit Mercy and MCISSE
Amanda Stoel, Department Specialist, Michigan Department of Education

Lessons Learned from Operating a Collective Cybersecurity Operations Center

This presentation will bring participants along the journey of building and operating the Michigan Healthcare Security Operations Center (Mi|HSOC). Hear the experiences and lessons learned from inaugural participant Michigan Medicine and operating partner CyberForce|Q. The first year of actualizing this innovative concept of collective security capability provides valuable insight into how other critical infrastructure sectors can benefit from operations that scale to benefit participant organizations of any size.

Eric Eder, Founder & President, Mi|HSCO powered by Cyberforce|Q
Jack Kufahl, Chief Information Security Officer, Deputy Chief Information Officer, Michigan Medicine

Our ThreatHive Experiment and the Challenges of IoT

For several months, we have gathered data from “decoy automobile electronic control units (ECUs)” that our engineers set up in four different countries - Japan, the United States, Germany, and Israel. This presentation will describe how our “decoy ECUs” are set up, how we track would-be automobile attackers, and what types of attacks the ECUs face (so far 11 different types have been recorded, and each ECU receives more than 300k such attack attempts each month), and how such deep forensic information can help tier-1s and OEMs find the best methods for reinforcing their system security.

Ami Dotan, CEO & Co-Founder, Karamba Security

Securing Your Journey in the Hybrid Cloud

As organizations become dependent upon cloud services for innovation and growth, that success itself depends heavily on their security teams. As the perimeter has dissolved, a new approach to security is critical, needing it to be integrated into every phase of strategy, development, operations and threat management. Join this session to see what such a program should look like, and where to start to get your biggest immediate reductions in risk.

Patrick Vowles, Product Manager, IBM Security NA

Security Cyber-Physical Products in a Connected World

Automotive, Aerospace, and Consumer tech industries, among many others, are seeking new ways to advance the technology of their products in order to keep pace with an ever-connected consumer. This talk will highlight the responsibility businesses have in integrating solid security practices in both the development of their technology-driven products, and the security maintenance throughout the lifecycle of a product. Join Matt Carpenter, Sr. Principal Researcher, and Jennifer Tisdale, Associate Principal at GRIMM, a cybersecurity research firm, as they share insights and anecdotes from their experience helping secure the modern connected world. This discussion will be half presentation, half interactive Q&A.

Matthew Carpenter, Sr. Principal Researcher, GRIMM Cyber Research
Jennifer Tisdale, Associate Principal, GRIMM Cyber Research

Social Engineering and Phishing Attacks - Real World Examples

The MC3 will discuss current threats and tactics used by malicious actors via social engineering and phishing attacks. The presentation will cover recent real world examples to emphasize how victims are being exploited and what steps can be taken to prevent future compromises.

Luke Thelen, Cyber Incident Response Specialist, Michigan State Police
Brian Laskowski, Threat Analytics Team, Michigan Security Operations Center

State-as-a-Service: How States are Assisting with Locals with Cybersecurity

As the old adage goes, if you’ve seen one state, then…you’ve seen one state. This concept holds true for the cyber services that states are offering localities but there are some commonalities. Some states have little to no engagement with their local counterparts where 100% of state resources are directed towards state agencies only. Still, many other states are providing a limited amount of services or have advanced engagement with and support of local agencies. Hear about the services states are providing and why some feel that increased engagement with locals has increased overall state cyber posture.

Chris DeRusha, Chief Security Officer (CSO), State of Michigan
Nancy Rainosek, Chief Information Security Officer (CISO), State of Texas
Meredith Ward, Director, Policy & Research, National Association of State Chief Information Officers (NASCIO)

The Artistry of CyberSecurity

CyberSecurity is the art of balancing psychology with technology. It is the impossible art of making IT usable and securable. The art of enabling the car to race by providing brakes and airbags. Yet the CISO has a lot on his plate. There’s managing risk, getting budget, providing cover for his team. There’s work configuring existing technology, selecting and purchasing new technology. Basically, this is the science of cybersecurity. Yet so much depends on what the CISO’s users do, on organizational culture, on outcomes and results. In this presentation, we’ll explore lessons from industrial design and art that apply to building and running cybersecurity programs. We’ll identify ways for the CISO to become the artist, conveying secure behaviors in a way that people listen and enjoy.

Wolfgang Goerlich, Advisory CISO, Duo Security

Why Are We Still Getting In?

This presentation characterizes how vulnerable the modern-day security posture is based upon our experience from years of Penetration Testing, Exploitation, and Red Teaming performed by our team. The synopsis of the talk covers topics ranging from understanding the fundamentals of an attack, the basics that are still not being mitigated, the increasing attack surface with new technologies (IoT, AI/ML, Quantum Computing) and more. Following a detailed view of the problems, we describe an approach to building a solid security program which mitigates the fundamental security issues.

William Kimble, Chief Executive Officer, Cyber Defense Technologies
Steven Lackey, Chief Technology Officer, Cyber Defense Technologies

Zero Trust Access: Five Steps to Securing the Extended Enterprise

The perimeter-based security approach of the last century is no longer adequate for securing the modern enterprise. Today, organizations must secure a mobile workforce that uses a mix of corporate-owned and personal devices to access cloud-based applications and services, often from outside corporate networks. The zero trust access model delivers security without cumbersome and antiquated technologies. Attend this session to learn how the zero trust access model works, how leading organizations use this approach to secure access to their critical applications and data, their lessons learned, and how you can implement this model in your organization in five logical steps.

Patrick Garrity, Head of Product Marketing, Duo Security

Special Hands-On Sessions

 

High School Cyber Challenge

Teams of high school students from around the state will compete against each other in a unique cyber competition. These students have completed Round 1 of the competition and have scored high enough to be invited to go head-to-head in a fast-paced cyber challenge. Students will complete the challenge from 8:00 am until 12:00 pm with the top 3 teams receiving awards. Each student in Round 2 of the Challenge will receive a voucher to take a Security + Bootcamp course and certification exam voucher. Upon passing the exam this certification qualifies students for direct entry into first level cyber personnel job positions. For students who have already taken the Security + Bootcamp an alternative course will be offered.

Cyber Range - Annual International Invitation Cyber Competition

The International Cyber Exercise (ICE) develops cyber security team skills and fosters greater collaboration through the State Partnership Program. This force on force cyber exercise has previously involved over 20 teams and covered 13 time zones, simultaneously. The exercise, called Paintball, pits multiple teams in the same, network-accessible training environment providing a scenario to test both offensive and defensive cyber skills using unclassified, open source tools.