RSS:2024 Training/Show and Tell Track (Day 1) :: Rochester Security Summit

RSS:2024 Training/Show and Tell Track (Day 1)

Towards a Quantum-Resistant Future: Experiences in Post-Quantum Cryptography Education

T.J. Borrelli, Monika Polak, Stanislaw Radziszowski, and Sumita Mishra
10:00 am - 10:50 am

With recent progress in the development of large-scale, general-purpose, fault-tolerant Quantum Computing (QC), significant effort is being made in the cryptography community to create viable long-term solutions against the threat of QC breaking classical public-key security schemes. The current Post-Quantum Cryptography (PQC) standardization process led by the NIST has made some selections and is about to recommend new cryptographic protocols resistant to QC. This talk reports our experiences from teaching a first-in-kind module-based course in Quantum-Resistant Cryptography (QRC) at two universities. The subject of QRC will take on additional importance as the U.S. and other countries start to transition to QRC-based solutions.

T.J. Borrelli

T.J. Borrelli is a dedicated educator with over 17 years of teaching experience. He is a Principal Lecturer in the Department of Computer Science in the Golisano College of Computing and Information Sciences at RIT. He is affiliated with the RIT ESL Global Cybersecurity Institute at RIT. He holds a Master’s degree in Computer Science from RIT. He teaches classes in Cryptography, Quantum-Resistant Cryptography, Computer Science Theory, Artificial Intelligence, and Computational Music Theory. Current research focuses on approaches to teaching a course in Post-Quantum and Quantum-Resistant Cryptography.

Monika Polak

Monika Polak is an Assistant Professor of Computer Science (Instruction) at the University of Rochester (UofR). She earned her doctoral degree in Mathematics with honors from the University of Maria Curie Sklodowska in Lublin, Poland, in 2016. In 2017, she was an Assistant Professor at the University of Information Science and Technology in Ohrid, Macedonia. Monika worked at Rochester Institute of Technology’s (RIT) Computer Science department from 2017 to 2023, where she was promoted to Senior Lecturer in 2023. She has been involved in initiatives to broaden participation in computing at RIT and UofR and has taught introductory computer science, computer science theory, and cryptography courses.

Sumita Mishra

Sumita Mishra is a professor and the graduate program director in the Department of Cybersecurity at Rochester Institute of Technology. She earned her doctoral degree in Electrical Engineering at the University at Buffalo in 2001 and has served as a faculty member at RIT for 17 years. She has led and co-led several NSF-funded projects focused on computing and cybersecurity education. She teaches cryptography at the graduate level and is an active member of IEEE and ACM. She has published over 70 articles in reputed journals and academic conferences in her field.

Stanislaw Radziszowski

Stanisław Radziszowski is a Professor in the Department of Computer Science since 1995. He earned Ph.D. from the Institute of Informatics at the University of Warsaw. During the years 1980-1984 he worked in IIMAS at the National Autonomous University of Mexico in Mexico City, and since 1984 at the RIT. In the 1990's he held three times 6-week visiting positions at the Australian National University in Canberra, and maintained collaborations with universities in Poland.

His main research interest is in combinatorial computing - solving classical problems in combinatorics, graph theory and design theory, usually with the help of massive computations. Bounds on Ramsey numbers are his favorite. His survey titled ‘Small Ramsey Numbers’, which is a regularly updated living article at the Electronic Journal of Combinatorics, became a standard reference in this area. He teaches mostly theory oriented courses, including very popular courses on cryptography, both at undergraduate and graduate levels. His recent work on applied cryptography led to joint projects with Computer Engineering Department.

Streamlined SIEM Migration and Daily Cost Optimization

Joe Cicero
11:00 am - 11:50 am

Migrating from a legacy SIEM can be complex and costly. In this 20-minute session, Joe Cicero from Security Risk Advisors will explore advanced data routing and transformation techniques to streamline this process. By leveraging innovative data management solutions, attendees will learn how to efficiently partition data between various platforms, significantly reducing daily ingestion costs. This technical presentation will provide practical insights and examples to help security professionals manage SIEM migrations effectively while optimizing daily operational expenses.

Joe Cicero

Joe, Director of Strategic Alliances at SRA, stands out for his pivotal role in security solutions and strategic partnerships. At Microsoft, he was instrumental in scaling EDU device management from under 1 million to over 10 million devices and played a key role in building Microsoft's first-party managed security service, Defender Experts. In prior roles, Joe has been the advisor for Fortune 100 companies, international firms, governments, and law firms on cybersecurity trends to active incidents. Joe is renowned for "having his customers' back." His extensive experience, combined with a deep commitment to customer support, positions him as a crucial asset to SRA's managed security services.

Building a Sawmill: Processing Logs With Security Onion

Matthew Gracie
1:00 pm - 1:50 pm

One of the best things you can do to improve visibility in your environment is have a central point to ingest and analyze logs - in this talk you will learn how to use the free and open Security Onion platform to gather, normalize, investigate, and alert on logs from your endpoints, network devices, and cloud infrastructure.

Matthew Gracie

Matthew Gracie is a defensive security specialist with fifteen years of Blue Team experience in higher education, manufacturing, financial services, and healthcare. He is currently a Senior Engineer on the professional services team at Security Onion Solutions, as well as an adjunct professor of Cybersecurity in the graduate school at Canisius University. Matt is also the lead organizer of Infosec 716, a monthly meetup for security enthusiasts in Western New York, and the BSides Buffalo technology conference. He enjoys good beer, mountain bikes, open source security tools, and college hockey, and can be found on Twitter as @InfosecGoon.

Level Up Your Security: The Power of Gamification

Ben Meyer-Crosby
2:00 pm - 2:50 pm

"Level Up Your Security: The Power of Gamification" explores how game-design elements can revolutionize security awareness and training in organizations.

This presentation addresses the shortcomings of traditional security training and demonstrates how gamification can enhance engagement, retention, and proactive behavior among employees. We will delve into techniques such as points, leaderboards, and interactive challenges, supplemented with real-world stories. Attendees will leave with actionable insights on designing and implementing gamified security programs to strengthen their organization's security posture.

Ben Meyer-Crosby

Ben is a dedicated cybersecurity professional with over 10 years of experience in the field. He has spent his career empowering organizations to protect their assets and information by providing them with essential tools and knowledge. Ben has extensive expertise in cybersecurity training and awareness programs, where he emphasizes the integration of innovative strategies to enhance learning and engagement. His work is focused on clarifying complex security concepts, making them both accessible and actionable for a wide range of audiences.