November 5 Virtual Presentations

Thursday, November 5th, 2:00 PM

F. Paul Greene, Esq. & Daniel Altieri, Esq.
The Essential Legal Toolkit for Surviving Your Next Ransomware Attack
2:00pm ET

F. Paul Greene is a partner and the Privacy & Data Security practice group leader at Harter Secrest & Emery LLP. Paul represents clients in a wide range of industries concerning all aspects of proactive preparation and risk management, including security and vulnerability assessments, policy and procedure review, breach response planning and drills, as well as board and management education on cyber risk and privacy issues. Post-breach, Paul and his team provide a full array of reactive services, including breach coaching and response, crisis management and communication, internal and governmental investigations, breach notification, and potential litigation or regulatory action including under the EU’s General Data Protection Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA), and the upcoming California Consumer Privacy Act (CCPA).

Dan advises clients on all aspects of commercial litigation from pretrial matters through trial and appeal. He has tried several cases to verdict and successfully argued before the Supreme Court of the State of New York Appellate Division. Clients trust Dan to resolve disputes swiftly—both in and out of the courtroom—to achieve their business and legal objectives.

As an integral part of HSE’s growing privacy and data security team, Dan quickly identifies any potential security issues and addresses them before they become a serious problem for the client. He provides guidance on best practices to avoid a data breach, security and vulnerability assessments, post breach response, due diligence in acquisitions, potential litigation or regulatory action, and more.

Matt DeMatteo
The Future of Cybersecurity: The Real Ways Data Science Will Transform SecOps
2:30pm – 3:30pm ET

Data science is already transforming many aspects of our business and personal lives, but many in the cyber security do not know how it will change the industry. In this brief talk, I explain how data science is being used to bridge the gap between the threat intelligence typically leveraged by security platforms and the threat intelligence that human experts use. I quickly explore what makes data science-based detection logic different from Boolean-based detection logic, why practitioners will move away from the SIEM event funnel, and how frameworks like MITRE ATT&CK are critical to creating efficiencies for people and machines.

Matt DeMatteo is a Sr. Principal Engineer focused on Secureworks’ Security Products and Services. Matt joined Secureworks in 2007 as a Security Analyst in the Providence, RI SOC. Matt has been working directly with customers for the past ten years as a Presales Engineer, Principal Engineer, Account Manager, and Global Solution Lead for MSS and MDR. His goal is to help customers protect their organizations by aligning threat actor risk with modern SecOps practices. Matt works with Secureworks’ global sales force, product development teams, and partners to promote best practices in solution design. Matt has a passion for understanding customers’ business needs and unique risks. Matt holds a BS in Computer Science from the University of Rhode Island, where he also was the Director of the Digital Forensics Lab.

October 29 Virtual Presentations

Thursday, October 29nd, 2:00 PM

William Malik
The Zero Trust Challenge for Hybrid Cloud
2:00pm – 2:30pm ET

The hybrid cloud now handles much that was formerly done by the in-house IT organization. From an infrastructure and operations perspective however, oversight and management are more challenging than ever. During this talk, we will discuss the elements of conventional I&O that must remain – although transformed – when migrating increasing portions of an organization’s workload to hybrid cloud. We will focus on information security, and in particular the architectural challenge that zero trust places on conventional information security architectures, procedures, staffing, and audit. We will close with some hints and tips to smooth the passage to this superior cybersecurity approach.

Bio:
William Malik is VP of Infrastructure Strategies at Trend Micro. As a founder of Gartner’s Information Security Strategies service, Bill has deep expertise in information security matters. He has spoken internationally on information security, identity management, privacy, business continuity, and enterprise architecture. During his IBM career he guided the mainframe operating system zOS (then MVS) through the process leading to a NIST/NSA B1-level security rating. He taught a graduate class on Information Security Policy at Georgia Tech and authored the chapter “Information Security Policy in the US National Context” for the text “Information Security: Policy, Processes, and Practices,” Detmar Straub, et al., editors. M. E. Sharpe, 2008.

Joe Testa
Hardening HTTPS and SSH
2:30pm – 3:30pm ET

We will talk about the inner workings of the TLS and SSH protocols and the security properties they offer. Attacks against the TLS protocol versions will be analyzed, along with weak ciphersuites and other options. Similarly, attacks on SSH and various common cryptographic settings will also be discussed. Open-source and free tools will be demonstrated to audit TLS & SSH services. Hardening techniques for achieving optimal security settings for both protocols will be covered in detail.

Bio:
As a seasoned security consultant, Testa brings over 15 years of experience to the business. He specializes in penetration testing, server & network hardening, source code auditing, and social engineering. A strong supporter of open-source technology, he is the author and maintainer of the Rainbow Crackalack, SSH-MITM, and Bitclamp projects.

Prior to founding Positron Security, Testa excelled as a security researcher and vulnerability test programmer for Rapid7. He holds a Master of Science degree in Computer Security and Information Assurance from the Rochester Institute of Technology, along with a Bachelor of Science degree in Psychology and Computer Science from the University of Maryland at College Park.

October 22 Virtual Presentations

Thursday, October 22nd, 2:00 PM

In lieu of the annual Rochester Security Summit, please join us for the first in our series of Fall 2020 virtual events.

Angel Grant
Delving into Digital Fraud – Report Reveals Trends
2:00pm – 2:30pm ET

Digital transformation is making it easier not only for legitimate organizations to expand their reach but also for fraudsters and other bad actors to expand theirs. Hear the results of a research study into the digital developments, market forces and regulatory pressures that are driving this shift in how fraudsters and others commit their crimes, as well as how anti-fraud forces fight them. The session will cover three key trends gleaned from this research and provide an understanding of how digital transformation becomes both a critical contributing factor in the problem of growing cyber risks today.

Bio:
Angel Grant is CMO, RSA Fraud and Risk Intelligence at RSA Security and current member of the Board of Advisors at the PCI Security Standards Council. Before that, she served as the Director of Product Marketing for the Identity, Fraud and Risk Intelligence at RSA. Grant has more than 20 years of experience in the security, eCommerce and financial services industries and is a visionary leader with a passion for developing security solutions to protect against cybercrime and make our digital world a safer place. She attended Bentley University and holds the CISSP certification.

David Frier
Data Protection for the Work-From-Home Era
2:30pm – 3:30pm ET

Remember five or more years ago you were scoffing at the people who said the perimeter was gone? Well, now (almost) all your employees work from home, and guess what? Your “perimeter” encloses almost none of where your work gets done. So today we’ll have a survey of methods to protect data that don’t assume or require a perimeter in the traditional sense. DLP, DRM, and Cloud approaches that keep data movement controlled but flexible.

Bio:

• Manager of IT Governance & Compliance at Constellation Brands …but I speak only for myself, not for my employer!
• Been doing Information Security for fifteen years, in IT of one sort or another for two score plus one
• Avid player of poker, enthusiastic-if-slow rider of a Trek.
• [masked] — also semi-findable on LinkedIn