CEU Eligible Sessions
As a reminder, local area Department of the Navy attendance at AFCEA/USNI West 2013 has been approved by Under Secretary of the Navy Robert Work. |
Attend designated West 2013 sessions to help sustain DoD 8570.01-M mandated certifications. Federal agencies have agreed that ever-changing cyber security threats lead to the need for a continuous learning process to help keep our workforce up to date. In response, industry certification bodies adopted a continuous education model to address the requirement. AFCEA has partnered with Cypherpath, a cyber security training and education company, on a Continuing Education Unit (CEU) program to train and document relevant critical knowledge and skills-related activities which meet DoD 8570.01-M requirements. West 2013 attendees may receive CEUs by attending qualified sessions to support CE requirements for sustaining DoD 8570.01-M certifications. Please stop by the AFCEA booth (#1619) on the exhibit floor to obtain a flyer with answers to frequently asked questions about CEUs.
Tuesday, January 29
Cyber Theater: Compromised Insiders 101
(1 CEU: A+, Network + or Security+)
Mr. Robert Rachwald
Director of Security Strategy
Impervia
Engagement Theater: Information Assurance: The Common Criteria - An Evolution
(1 CEU: A+, Network +, Security+ or CASP)
Mr. Paul Mansfield
National Information Assurance Partnership
NSA/CSS Commercial Solutions Center
Synopsis:
This presentation will explore the Common Criteria Recognition Arrangement (CCRA) Management Committee’s (MC) Vision Statement that charts a course towards robust protection profile (PP) development aimed at increasing the level of standardization in order to reach reasonable, comparable, reproducible and cost-effective Common Criteria evaluation results. We will discuss the US approach to meeting this vision and the way forward for Industry and our National Security Systems consumers.
- 10:45 a.m. - 11:45 a.m.
Cyber Theater: Zero-Day Exploits and Cyber Weapons: How They are Used and Policy Issues
(1 CEU: A+, Network +, Security+ or CASP)
Dr. Clay Wilson, Director
UMUC, Cybersecurity Policy Graduate Program
Synopsis:
The presentation will provide background for discussion of several policy issues: will nonproliferation for cyber weapons improve global stability; will traditional policies for nonproliferation of CBRN work for cyber weapons; should sales of Zero-Day Exploits be subject to export controls; and should we engage or restrict highly-skilled, and highly-paid researchers as they develop ZDEs?
USCYBERCOM Cyber Training Track: Continuous Monitoring
(1 CEU: A+, Network +, Security+ or CASP)
Mr. Kevin M. Dulany
Chief, Risk Management Oversight Division
DIAP Office of the Deputy CIO for Cybersecurity
Department of Defense
Synopsis:
The DoD CIO Committee on National Security Systems (CNSS) and Information Security Oversight Office (ISOO) are jointly working on US Government (USG) standards for continuous monitoring of government information systems. In addition standards, they are developing the concept of operations for implementation uniformly across the USG. Mr. Dulany is the lead for the DoD and CNSS and will discuss the progress to date, expectations for the near future and how it will transform the DoD.
- 1:30 p.m. - 2:30 p.m.
Cyber Theater: Threat Intelligence to Defend Your Enterprise
(1 CEU: A+, Network + or Security+)
Mr. Phil Exel
Federal Solution Architect
HP Enterprise Security Products (ESP)
Synopsis:
Attackers do not knock on the door and ask permission to enter your enterprise. They simply tag along with legitimate employees and visitors to your information and mission systems. Using a variety of tools and techniques like DDOS, phishing, malware, zero day exploits, time and more, your adversary has the advantage every day. But what if you had the security intelligence to proactively defend your enterprise?
Cyber Theatre: Cyber 101
(1 CEU: A+, Network +, Security+ or CASP)
Mr. Dominic A. Cussatt
Deputy Director Cybersecurity Policy
Office of the Deputy CIO for Cybersecurity
Department of Defense
Mr. Mark Nehmer
Division Chief
Risk Management/C4 Analysis & Strategy
U.S. Cyber Command
Synopsis:
The DoD CIO and US Cyber Command will jointly present strategic updates to key DoD Cybersecurity policies and how they relate to new and updated Committee on National Security Systems (CNSS) and National Institute of Standards & Technology (NIST) issuances and policies. Then they will discuss how that enables the CYBERCOM mission. Finally they will discuss how these policy updates are likely to affect DoD IT professionals’ every day activities and what will be expected of everyone going forward.
(Will be held again 8:30 a.m. - 9:45 a.m., Wednesday, January 30)
USCYBERCOM Cyber Training Track: Cyber 101
USCYBERCOM Cyber Training Track: Trusted Platforms
(1 CEU: A+, Network +, Security+ or CASP)
TBD
Information Assurance Directorate
National Security Agency
Synopsis:
The Information Assurance Directorate (IAD) of the National Security Agency (NSA) is widely known for its expertise in the exploration, development, validation and testing of next generation secure technologies. This team within IAD has been working on trusted platforms (aka Supply Chain Risk Management) for many years. They are assisting the DoD in the continuous development of strategies to acquire trusted COTS products. This will be an unclassified discussion of the state of that work.
- 3:30 p.m. - 4:30 p.m.
Cyber Theater: Low Tech Solutions for a High Tech World
(1 CEU: A+, Network + or Security+)
Mr. Jeff Moulton
Director, Program Development and Information Operations
Georgia Tech Research Institute
Synopsis:
Identity Theft is now a way of life. Studies indicate that 1 in 25 American's had their identities stolen last year. This session presents simple, common sense actions that even the most "technologically challenged" people can use to significantly reduce their exposure.
Wednesday, January 30
Cyber Theater: Anatomy of an Attack
(1 CEU: A+, Network + or Security+)
Dr. Jeffrey Starr
Managing Partner and co-Founder
Neo Prime Solutions, Inc. in collaboration with Cypherpath LLC
Synopsis:
This presentation will address topics including the following: anatomy of attack and the changing nature of advanced persistent threats; risks of mobile technology vulnerabilities and how they can be used to penetrate VPNs, corporate networks, etc.; discussion examples, such as Stuxnet, Flame, Gauss; and, innovations in network defense.
- 9:30 a.m. - 10:30 a.m.
Engagement Theater: Interoperability Standards/Coalition Data Exchange
(1 CEU: A+, Network +, Security+ or CASP)
Mr. Robin Murray, Chief of the Tactical Data Link Branch
Joint Interoperability Test Command
Synopsis:
JITC deployment in support of coalition exercises such as Combined Endeavor and RIMPAC has provided invaluable lessons learned to both US and coalition participants that has yielded advancement in interoperability during peacetime and wartime operations
- 10:00 a.m. - 11:15 a.m.
Cyber Training Track: U.S. Government 's Cyber Risk to Data in the Possession of Cleared Contractors
(1 CEU: A+, Network + or Security+)
Ms. Vickie Michetti
Defense Industrial Base Cyber Security and Information Assurance (DIB CS/IA) Task Force
Office of the Deputy CIO for Cybersecurity
Department of Defense
Mr. Richard T. Naylor
Chief, Cybersecurity Division
Defense Security Service
Synopsis:
A discussion on how the realities of the Cyber domain impact the execution of the National Industrial Security Program with Counter Intelligence and information assurance teaming to move ahead of the threat instead of behind the vulnerability. Also, an overview of the U.S. Government's expectations of and assistance to cleared contractors to mitigate risk..
Cyber Theater: The Insider Threat: Lessons Learned by CERT® from Actual Attacks
(1 CEU: A +, Network +, Security + or CASP)
Mr. Randall Trzeciak, Technical Team Lead, Insider Threat Research
Carnegie Mellon University
Synopsis:
Insider threats are influenced by a combination of technical, behavioral, and organizational issues and must be addressed by policies, procedures, and technologies. The CERT Program’s current analysis recognizes many unique patterns of insider threat behavior, such as: intellectual property (IP) theft, IT sabotage, fraud, espionage, and accidental insider threats. Randall Trzeciak, a senior member of the CERT Insider Threat Team will discuss how organizations can effectively mitigate the potential of insider threats.
- 2:15 p.m. - 3:15 p.m.
Cyber Theater: Spectrum Supportability Risk Assessments: An Emerging Requirement
(1 CEU: A+, Network + or Security+)
Matthew Grenis, Defense Spectrum Office E3 Program Manager
Brian Farmer, EMC Management Concepts
Synopsis:
Spectrum Supportability Risk Assessments are a relatively new requirement mandated by DoD Instruction 4650.01, DoD Policy for Management and Use of the Electromagnetic Spectrum–This session provides a one hour in-depth look at the data requirements, format and content of the SSRA.
Synopsis:
This presentation will demonstrate the effective use of online cyber security tools and techniques to probe for vulnerabilities, perform enumeration (active probing of systems and coming up with a list of potential vulnerabilities (from a system) to be exploited) on target systems and investigate methods of compromise within a virtual environment.
Thursday, January 31
Currently only 30% of survey respondents felt confident or very confident in their mobile security programs and solutions, leaving a big window of opportunity for attackers. Find out how policies are improving and what controls are working and not working to securely facilitate a more mobile workforce with multiple employee-owned devices.
Engagement Theater: Security and Surveillance
(1 CEU: A+, Network +, Security+ or CASP)
Mr. David Humphrey
Chief Technology Officer, Virage Surveillance
Autonomy, an HP company
Synopsis:
Today’s security threats can occur anywhere and at any time. And it is not just a policing challenge—even agencies with no law enforcement mission must ensure the security of their workers, assets, and citizens. Government agencies must deploy technologies to monitor and protect at-risk installations and automatically identify suspect activities. It is imperative for organizations to have multichannel interaction analysis and yet still engage with their customer.
Engage in discussion with a panel of experts, solution providers and actual companies/end-users as they discuss their own real-world experiences in developing and implementing mobile policies and solutions.
(1 CEU: A+, Network +, Security+ or CASP)
TBD
Information Assurance Directorate
National Security Agency
Synopsis:
The Information Assurance Directorate (IAD) of the National Security Agency (NSA) is widely known for its expertise in the exploration, development, validation and testing of next generation secure technologies. This team within IAD has been working on “cloud services” for many years and is assisting the DoD in the development and practical implementation of Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) for the Enterprise. This will be an unclassified discussion of the state of that work.
|
