Dwayne Melançon - ISSA|Pittsburgh Chapter

advertisement
Security Forum Presenter Bio
Patrick Gray, Senior Security Strategist for Cisco
Patrick Gray joined Cisco Systems as its Senior Security Strategist after serving
as the Director of X-Force Operations, Office of the Chief Technology Officer,
Internet Security Systems, Inc. (ISS). Gray also comes to Cisco Systems after
twenty years of service with the Federal Bureau of Investigation. Upon his
retirement from the FBI in November 2001, he joined Internet Security Systems
and created the X-Force Internet Threat Intelligence Center and thereafter was
Director of the Penetration Testing and Emergency Response Teams until his
promotion to the X-Force R & D Team. As a result of his service with the FBI,
and the Internet Threat Intelligence Center, he has first-hand knowledge of the
hacking community, its aims and methodologies as they attack government,
ecommerce, energy and financial entities relentlessly.
Prior to joining Internet Security Systems, Gray served as a Special Agent with
the Federal Bureau of Investigation for twenty years and has served in Baltimore,
Maryland, Daytona Beach, Florida, Washington, D.C. and Atlanta, Georgia. Gray
was also assigned as a Supervisory Special Agent at FBI Headquarters,
Washington, D.C. in the Intelligence Division where he was responsible for global
counterintelligence investigations. While serving in the Washington, D.C. area,
Gray was seconded to the National Security Agency where he was responsible
for an FBI group that provided operational support to the Intelligence Community.
He was transferred to Atlanta in 1988 to assume Supervisory Duties for the FBI’s
Drug and Violent Gang Program in Georgia. In 1994, he assumed the duties as
the Supervisor of the Technical Services Squad and served as the Acting
Assistant Special Agent in Charge of the FBI in Georgia in 1996 and 1997 during
the time of the spree of terrorist bombings at Centennial Olympic Park and two
subsequent bombings at two women’s clinics in Alabama and Georgia.
Gray was assigned as Supervisor of the Special Operations Group in 1994 which
ultimately morphed into one of the FBI’s first regional Cyber Crime Squads; and
was a member of the FBI’s elite Computer Assistance Response Team as a
ForensicExaminer. He has investigated cases involving financial institutions,
government agencies, commercial businesses and colleges and universities. He
was also assigned to the investigation of the September 11 attacks. He was the
Coordinator of the Atlanta Chapter of InfraGard, an alliance between the public
and private sectors for the sharing of information regarding technology security
issues. He grew the Atlanta Chapter of InfraGard into the largest chapter
nationally. He continues to work closely with the FBI, other U.S. Government
agencies, the Department of Homeland Security and the White House.
Gray is also a board certified Homeland Security professional by the American
College of Forensic Examiners International; is a member of the Association of
Certified Fraud Examiners; the Information Systems Audit and Control
Association; InfraGard Atlanta; the Atlanta Chapter of the Information Systems
Security Association, and the International Information Systems Forensic
Association. He has lectured at Colleges and Universities around the country. He
has spoken at numerous technology events around the world to include Gartner
Sector 5, Networld Interop, the IT World Congress, CIO Summit, GE Access,
Forbes and others. He has been quoted in numerous newspapers, magazine
articles and periodicals and makes regular cable television appearances.
Gray is a former Marine having served in Vietnam.
Security Forum Presentation and Presenter Bio
Attack and Penetration Testing and Automating Difficult Testing
Techniques – by David Kennedy
David Kennedy, Practice Lead for SecureState’s Profiling Practice, will present
penetration testing and automating difficult testing techniques with Fast-Track.
Fast-Track is an open source tool that helps security professionals automate
penetration testing to identify and exploit weaknesses within an organization’s
networks. This popular security testing framework automates the testing of
several different attack vectors, some that are new and unique to Fast-Track.
During this presentation David will demonstrate features of Fast-Track showing
how to use it within your organization to identify and exploit security weaknesses.
During this presentation you will see several live demonstrations showing FastTrack in action against live systems. This presentation is intended for a technical
audience and will be diving into the widely popular BackTrack 3 security
distribution which comes pre-installed with Fast-Track.
David will also present an overview of the current state of Anti-Virus software and
how easy it is to bypass anti-virus detection. Live demonstrations will be given on
how a malicious user can actually rewrite known viruses to pass all anti-viruses
systems available to-date.
David Kennedy - Practice Lead, Profiling and e.Discovery
CISSP, GSEC, MCSE 2003
As the Practice Lead for Profiling & e.Discovery, Dave Kennedy has been
providing security solutions to companies for over three years at SecureState.
His team focuses on the technical side of security, performing penetration tests,
source code review, web application security, data forensics, electronic discovery
and wireless assessments.
Before joining SecureState, Dave spent over five years working with elite security
groups and the National Security Agency. He was also in the United States
Marine Corp’s Intelligence Agency, serving in Iraq and Afghanistan where he
worked with the National Security Agency to combat terrorism and eventually
become an instructor for wireless security and data forensics.
Security Forum Presentation and Presenter Bio
Computer Forensics: Unlocking the Mystery – by Larry Kucera
Larry is the Executive Vice President of E Safe Technologies and Managing
Director of the Business Resilience Practice which includes the discipline of
computer forensics.
Litigation where information technology is involved in some way is increasing. In
many criminal and civil cases there is usually some type of evidence related to
the situation that can be discovered and/or recovered from a computing device.
At a basic level, computer forensics is the analysis of information contained
within and created with computer systems and computing devices, typically in the
interest of figuring out what happened, when it happened, how it happened, and
who was involved.
This can be for the purpose of performing a root cause analysis of a computer
system that had failed or is not operating properly, or to find out who is
responsible for misuse of computer systems, or perhaps who committed a crime
using a computer system or against a computer system. This being said,
computer forensic techniques and methodologies are commonly used for
conducting computing investigations - again, in the interest of figuring out what
happened, when it happened, how it happened, and who was involved.
Computer forensics techniques and methodology is used in two primary types of
investigations. The first is when the computer(s) was/were used as an instrument
to commit a crime or involved in some other type of misuse.
The second is when the computer is used as the target of a crime - hacked into
and information stolen for example. When computer forensics techniques and
methodology are used in this situation to figure out what happened, we typically
call this incident response.
70% of security issues come from the inside, be prepared to address the risk and
attend this session.
Larry Kucera, Executive Vice President, E-Safe Technologies:
Larry offers breadth and depth of experience in all aspects of IT management
and has a comprehensive understanding of today's mandate to enhance and
protect a company's IT infrastructure, and can effectively communicate this
message. As an IT professional with nearly three decades of experience, Larry
has helped hundreds of companies in 44 states and 6 countries with the
challenges of risk exposure and regulatory compliance.
Larry has fathered several products that have assisted companies in automating
their systems for better control, and those products have been recognized by
both Forrester Research and Gartner Group as best in class.
Larry maintains the following certifications:
 Business Continuity Certified Professional
 Digital Forensics Professional
 Sarbanes Oxley and HIPPA Domain Expert
 Certified Ethical Hacker
 Certified Penetration and Vulnerability Testing Expert
Security Forum Presentation
Combating the International Threat of Cyber Crime – Presented by the FBI
The increase in sophisticated attacks against US business and government
networks are not only impacting the economy, but threatens our national
security. The threats are as simple as cash advance schemes that cost our
economy millions of dollars, to complex bot-nets that spread viruses and carry
out data-theft. There have even been some nations that have taken an
aggressive interest into penetrating our networks and stealing our sensitive data.
Building strong relationships with law enforcement agencies worldwide is key to
combating this threat. Some cases involve victims in the US while the criminals
are from multiple continents. The criminals may be using hidden servers in
different countries while utilizing ex-filtration techniques that change every day.
Effective partnerships are essential to combat these types of cases.
The FBI will provide on overview of its Cyber program, discuss cases such as the
transnational criminal network that was buying and selling stolen financial
information through the online forum known as "Dark Market," and discuss other
trends that are prevalent in the Cyber Crime world.
Download