Abstract

CFAA, CAN-SPAM, HIPPA, and CADRA are just a few of the many alphabet-soup acronyms that make up the legal rubric in the United States that govern information security, privacy, and technological issues- information security professionals need to understand the patchwork of laws in the United States (and Florida in particular) to be truly effective in their endeavors.  New state laws appear every day with different standards for what data is considered sensitive and how an organization is dealt with if they disclose protected information. What laws should you be aware of when engaging your organization about risk and data disclosure? This talk will focus on the CFAA, the Computer Fraud and Abuse Act, as well as CADRA, Florida’s Computer Abuse and Data Recovery Act. Adam Losey, an internationally recognized attorney working in Central Florida will discuss information security and privacy law, what it means to information security professionals, and how to approach data privacy laws. The talk will include 20-30 minutes of round table style discussion allowing the audience to ask questions regarding matters of law and data privacy.

Bio

Adam Losey is an internationally recognized attorney, author, and educator in the field of technology law. He represents a number of Fortune 100 companies in high-stakes complex litigations across the country involving challenging issues at the intersection of law and technology. In addition to his litigation practice, Mr. Losey routinely advises clients large and small on a variety of sophisticated information security, incident response, privacy, electronic discovery, and data management matters. Inside and out of the courtroom, he efficiently and creatively solves problems for clients in a variety of situations.

Abstract

A recent study titled, “Battling the Big Hack” by IT professional network Spiceworks found that that 80% of organizations experienced an IT security incident in 2015, with 53% of respondents having a concern for ransomware in 2016. But how did we get here? And how can we avoid these growing attacks in the coming year and beyond? In general, all ransomware pretty much works the same in that it tries to extort money from a user, but each variation of it does something slightly different. This presentation will discuss the history of ransomware – from the first known ransomware, which hit the scene back in 1989 (the “AIDS” or “PC Cyborg” Trojan), to Gpcode (RSA encryption schemes), CryptoLocker (Bitcoin transactions), and Cryptowall (targeting Windows), with many others in between. We’ll close out the discussion with 2016 ransomware predictions, as well as how users can mitigate these attacks in the future.

Bio

Dodi is VP of CyberSecurity for PC Pitstop with 10+ years’ experience in the cyber security industry, specializing in security risk assessment, programming, firewalls, malware/targeted attacks, antivirus, & more. Previously, he led several initiatives in malware research, software development, software testing, and product management for ThreatTrack Security, Sunbelt Software, & GFI Software.

Abstract

Bio

Abstract

Do you ever feel like your resume is holding you back? I can help you translate your work experience to paper and help you land that dream InfoSec job. From the basics of resume no no’s to highlighting your security skills. Please bring a copy of your resume!

Bio

Emori Medeiros has been on both sides of the recruiting world. She was an internal recruiter for a tech company in San Francisco and now she is a technical recruiter at BlueWave. Her experience has taught her the ins and outs of perfecting resumes so that YOUR resume is the one that stands out. BlueWave is a Technology Boutique Firm that specializes in Information Security and Software Development Recruiting.

Abstract

The Simulated Physics And Embedded Virtualization Integration (SPAEVI, rhymes with gravy) methodology is designed for industrial control system (ICS) cybersecurity research. The cost of hardware-based industrial control system testbeds often limits entire categories of vulnerability analysis, testing, malware analysis, and etc. Specifically memory corruption vulnerability analysis often risks bricking ICS embedded systems. The SPAEVI methodology is proposed for software-based ICS/SCADA testbeds via embedded system virtualization, where the inputs and outputs are integrated within a physics simulation. The challenges of implementing the methodology are nontrivial, and one must rely on reverse engineering, virtual machine development, exploit development, engineering experience, and embedded system design experience. Foremost, the virtualization of an embedded system will pose unique, non-trivial challenges per target system, due to the wild variation of microprocessor architectures in ICS/SCADA.

Bio

Aside from his mohawk and beard, Owen is renown for creating and teaching the Offensive Computer Security Courseware, which has been used in some form at over a dozen universities around the world. He earned his BS in CS from Georgia Tech, MS in CS from FSU, and is finishing his PhD dissertation on Cyber Physical Systems Vulnerability Research & Sandboxing.

Abstract

Taking things apart to figure out how they work is great fun at any age. It can also be the first step in building a great new product. But reverse engineering software and systems can be a legal minefield that takes care and planning to traverse.

In this talk, Mitch Stoltz, Senior Staff Attorney with the Electronic Frontier Foundation, will discuss how to explore and modify hardware and software, and use the knowledge you gather, while avoiding common legal problems. He will also share stories about the latest efforts to preserve the freedom to tinker with everything from phones to cars to medical implants.
I’m a copyright lawyer at EFF, once a software engineer and security specialist at Netscape/AOL/Mozilla. I’ve done some corporate litigation too, mostly for consumer technology companies.

Bio

Mitch is passionate about free speech, coders’ rights, and letting innovation thrive wherever it grows.

Abstract

This talk will cover how to social engineer or persuasively position yourself to be the best candidate for the job of your dreams. We will cover reconnaissance and open-source intelligence gathering, developing phishing emails that help you get people to open your resume, and how to reach your target audience “Recruiters” & “HR Managers” I have trained 1,000’s of college graduates on how to find the right job when it is needed, and this talk can help a student, recent graduate, or a seasons IT professional find their next step in their careers, in a funny and witty presentation where you’ll leave with a road map on how to social engineer your way to success… and stuff.

Bio

Jason is a professional Social Engineer… a dreaded marketer that ruins everything in life that was once free, and good, and easy to use. But… He also has some serious skills of persuasion, that can be used for the forces of good – your good.

Abstract

This talks starts out by looking at how companies have tried to authenticate people using public information. It then looks at current authentication practices, and finishes by discussing how companies try to determine who you are without letting you know.

Bio

Samuel is a Senior QA Engineer testing XenDesktop performance at Citrix. Prior to that he worked on the One Laptop per Child project, and at Secure Computing & McAfee on the Sidewinder (McAfee Firewall Enterprise) product line.

Abstract

Dissolving the stigma surrounding SELinux and discussing how important SELinux is to hardened and trusted systems. The talk will describe what SELinux is and its purpose, briefly touch on its history, explain its current functionality with some high-level examples, and provide tips on first tackling SELinux implementation. This is intended as a “introduction” or “beginner” talk into the world of SELinux for those with some experience with *nix systems.

Bio

White-hat hacker, tinkerer, and Linux user since epoch time was 9 digits. Currently a Cybersecurity Engineer supporting the defense sector.

Abstract

Billions of dollars are spent globally on technical controls for information security. Most, if not all, of these controls can be overridden by the implicit trust that someone with physical access has to a system. Yet, physical security is often the easiest control to circumvent.

This talk will focus on ways a legal, ethical, and authorized penetration tester can prepare themselves to inspire trust in those protecting their target allowing them to gain access to protected areas.

This talk will look at the physical signs that someone doesn’t belong in an area and how to create a persona that “belongs”. During the talk we will compare different outfits and uniforms used by workers who would be expected to be in controlled areas. The talk will also look at paralanguage and body language that can be used to put people at ease.

The talk will cover:

Why physical access controls are critical
Tales of “Physical Access Gone Wrong”
Uniforms, attire, and details that give away an imposter
Paralanguage – What to say to put people at ease
Body language – What to do to put people at ease
“The Getaway” – How to get out gracefully
Preventing Interlopers – What can you do to stop attackers using these techniques

By the end of the talk the audience should be able to leverage these techniques to test their own security program, bolster their approved penetration testing program, and develop new controls to prevent physical attackers.

Bio

Ean Meyer is an information security professional working in Central Florida. Ean’s current focus areas are PCI, FERPA, HIPAA HITECH, Intrusion Detection and Prevent Systems, Information Security Program Management, Penetration Testing, and Social Engineering/User Awareness Training. Ean has a BS in Information Security and an AS in Computer Network Systems. Ean also holds a CISSP certification. He runs the blog www.thetheaterofsecurity.com.