October 18th-21st, 2010    Private Workshops


October 22nd, 2010 [schedule subject to change]

Sinclair Community College’s Frederick C. Smith Auditorium

7:00AM - 8:30PM           Registration & Check In

8:30AM - 9:00AM           Opening Remarks (Angus Blitter)

9:00AM - 10:00AM         Keynote (Bruce Potter)

10:00AM - 10:15AM       Break

10:15AM - 11:15AM       Should Critical Infrastructure Be “Smart”? (Jason Stradley)

11:15AM - 12:00PM       Uncovering a Criminal Infrastructure (Alex Cox)

12:00PM - 1:00PM         Lunch

1:00PM - 1:45PM           Supply Chain Insecurity (Enno & Graeme)

1:45PM - 3:00PM           Beyond Embedded (Sergey, Craig & Steve)

3:00PM - 3:15PM           Break

3:15PM - 5:30PM           Mega Panel: “Oh My!”

5:30PM - 6:00PM           Closing Remarks (Angus Blitter)
6:00PM - 7:30PM           Cocktail Reception - Featuring Dual Core


October 23rd, 2010 [schedule subject to change]

Dayton’s C{SPACE

10:00AM - 6:00PM       HackSec PacketWars Invitational

6:00PM - 8:00PM         Dinner Break/Open Mic

8:00PM - TBD              After Party Featuring Etcha Skratch


-------------------------------------------------------------------------------------------------

SPEAKERS:



Angus Blitter - Your host and resident media whore. Angus is the founder of Hack Sec Klahn, a like-minded group of technologists. Angus is also the creator of PacketWars™ (packetwars.com) the World's first Cyber Sport. Angus believes diversity is good for the species and hackers are a national resource. Old school, grey hat and previously plump, Angus still likes to eat, drink and hack.



Bigezy -  Has a day job as security analyst at a Fortune 500 Electric Utility and is responsible for border defense of scada networks and policy enforcement. He has also done his part protecting the economy spending 5 years securing a mutual fund transfer agency that wired the money around for 54 percent of NASDAQ. Before that he founded one of the first Internet service providers in the Midwest.



Sergey Bratus - Is a Research Assistant Professor of Computer Science at Dartmouth College. His research interests include designing new operating system and hardware-based features to support more expressive and developer-friendly debugging, secure programming and reverse engineering; Linux kernel security (kernel exploits, LKM rootkits, and hardening patches); data organization and other AI techniques for better log and traffic analysis; and various kinds of wired and wireless network hacking. Before coming to Dartmouth, he worked on statistical learning methods for natural text processing and information extraction at BBN Technologies. He has a Ph.D. in Mathematics from Northeastern University.



Susan W. Brenner - Is a NCR Distinguished Professor of Law and Technology at the University of Dayton School of Law in Dayton, Ohio. Professor Brenner has spoken at numerous events, including two Interpol Conferences on Cybercrimes, the Middle East IT Security Conference, the American Bar Association’s National Cybercrime Conference and the Yale Law School Conference on Cybercrime She spoke on cyberthreats and the nation-state at the Department of Homeland Security’s Global Cyber Security Conference and participated in a panel discussion of national security threats in cyberspace sponsored by the American Bar Association’s Standing Committee on Law and National Security.  She has also spoken at a NATO Workshop on Cyberterrorism in Bulgaria and on terrorists’ use of the Internet at the American Society of International Law conference.  She was a member of the European Union’s CTOSE project on digital evidence and served on two Department of Justice digital evidence initiatives.  Professor Brenner chaired a Working Group in an American Bar Association project that developed the ITU Toolkit for Cybercrime Legislation for the United Nation’s International Telecommunications Union. She is a Senior Principal for Global CyberRisk, LLC.



Alex Cox - MSIA, CISSP, GPEN, GSEC - Principal Research Analyst, NetWitness Corporation. Over 10 years in the IT/Security industry in the Financial Services sector Responsible for providing use-case consulting in network forensics and studying existing and emerging information security events to develop content for the NetWitness solution. Background in desktop architecture, emerging threat research, network

forensics and behavioral malware analysis. Former Officer in the U.S. Army Military Police Corps. Former Police Officer B.S. in Administration of Justice from Virginia Commonwealth University M.S. in Information Assurance from Norwich University.  



Michael Hamelin - As Chief Security Architect, Hamelin identifies and champions the security standards and processes for Tufin. Bringing more than 15 years of security domain expertise to Tufin, Hamelin has deep hands-on technical knowledge in security architecture, penetration testing, intrusion detection, and anomalous detection of rouge traffic. He has authored numerous courses in information security and worked as a consultant, security analyst, forensics lead, and security practice manager. He is also a featured security speaker around the world widely regarded as a leading technical thinker in information security. Hamelin previously held technical leadership positions at VeriSign, Cox Communications, and Resilience. Prior to joining Tufin he was the Principal Network and Security Architect for ChoicePoint, a LexisNexis Company. Hamelin received Bachelor of Science degrees in Chemistry and Physics from Norwich University, and did his graduate work at Texas A&M University.



Jim Hansen has over twenty-two years experience in sales, operations and executive management primarily focused in information security. His eleven years as a federal agent provided the opportunity to work a variety of highly publicized cases both in the United States and globally. Jim specializes in helping early to mid-stage companies develop revenue though services and product sales, build effective sales organizations and manage explosive growth.


Previously, Jim held executive and management positions in both sales and consulting organizations to include Trident Data Systems (acquired by Veridian), Veritect (acquired by General Dynamics), Foundstone (acquired by McAfee) and Oakley Networks (acquired by Raytheon). Jim's last Law Enforcement position was serving as the Deputy Director of Computer Crime Investigations for the Air Force Office of Special Investigations. In this role, he provided oversight and onsite investigation into the penetration of the Department of Defense's systems around the globe. He appeared as an expert witness in both the United States and the United Kingdom on highly publicized cases. Jim's field experience includes numerous undercover operations in counter-narcotics and specialized operations as a part of the national surveillance team.


Jim holds a B.S. in computer Science from St. Michaels College and is a regular presenter and guest lecturer on proactive information security and incident response. Jim authored a chapter in Hacker Challenge, and numerous articles in IT security publications.



Steve Lackermann - will be graduating from the U. of Cincinnati this Spring and hopes for a reverse engineering or information security job.



Graeme Neilson - Is a security consultant / researcher for Aura Software Security based in Wellington. He has worked in security for over ten years with a focus on network infrastructure and reverse engineering. Previously he has presented at Kiwicon (Wellington, New Zealand), Ruxcon (Sydney, Australia) and BlackHat (Las Vegas, USA).



Bruce Potter - Founder of The Shmoo Group of security professionals. TSG has lots of neat-o tools, a conference, and some other random things. He’s the founder and CTO of Ponte Technologies, a company focused on advanced IT security technologies.



Enno Rey - Loves playing around with network protocols and devices since the early 90s. Prior to founding a specialized team of security researchers (aka building his own company) in 2001 he worked as a sysadmin and network operator. He has vast experience in designing, operating, troubleshooting and securing large networks and regularly contributes to the security community as a writer of whitepapers and articles, conference speaker or just as a pentester and protocol scientist.



Craig Smith - Is a security expert that specializes in reverse engineering software and hardware protections.  He has developed several public and private tools used for circumventing DRM and other advance intellectual property protection schemes.  He works closely with the open source community and is a founding board member of Cincinnati's Hive13 Hackerspace.



Jason Stradley, the US & Canada Security Practice lead for BT, is a visionary security executive with an entrepreneurial spirit and the ability to execute against his vision. Known for strong organizational and thought leadership he combines those qualities to communicate his vision to motivate others to excellence.

Jason has more 25 years of experience in providing solutions for complex enterprise environments in the following areas; Multi-platform, Multi-protocol network architecture, design and implementation, information protection and network security, as well as, business continuity and disaster recovery planning.

Mr. Stradley is a frequent speaker at such venues as SANS, MISTI, Gartner, DRII, IANS and others and has been featured in several industry publications.

Mr. Stradley currently holds the CISSP, CGEIT, CBCP, CISM, SANS GSLC certifications as well as numerous technical certifications

-------------------------------------------------------------------------------------------------


ABSTRACTS:


NECESSARY BUT NOT ENOUGH (Bruce Potter Keynote) - Considering where the practice of information security started, the industry has certainly progressed over the last several decades.  Forty years ago, only a handful of individuals understood the core concepts regarding keeping computer systems secure.  Today there are universities with degree programs based on computer security, US federal mandates regarding security of IT systems, and a wide variety of industry specific guidelines and auditing bodies.  However, the unfortunate truth is even when you follow all the guidelines, check all the checkboxes, and pass every audit, your systems can (and will) be compromised.  Doing information security right is necessary but not sufficient when it comes to securing your enterprise.


This talk will examine our current defenses and show how they are inadequate in the face of modern attacks.  I will discuss how organizations need to deal with this reality of compromised systems and targeted attacks.  Finally, I'll provide insight in to some new technologies that are on the horizon that may provide some relief from our current situation.


UNCOVERING A CRIMINAL INFRASTRUCTURE (Alex Cox) - The news is full of stories of cyber criminals hacking into various networks on an almost daily basis, but have you ever wondered what a criminal infrastructure looks like behind the scenes?  Join Alex Cox, Principal Research Analyst with the NetWitness Corporation, for a look inside an exploitation system used by criminals to make money in a variety of ways. During the talk, Alex will lead the audience through the investigative steps used to uncover a system that has world-wide implications as well as document the criminal's attack methodologies, money-making schemes and obfuscation attempts.


MEGA PANEL - Embedded Systems, Advanced Persistent Threat and Cyber War. Panelists TBA