University of North Florida

- UNF

myWings

Committee - Cybersecurity OPEN
- Activities

Location

University Center
University of North Florida
12000 Alumni Drive
Jacksonville, FL 32224-2678

Additional Info

Layne Wallace
School of Computing
University of North Florida
1 UNF Drive
Jacksonville, FL 32224

lwallace@unf.edu

2011 Cybersecurity Awareness Showcase - Speaker List

Axford, Kai

Kai Axford, MBA, CPP, CISM, CISSP, ACE, CHFI, MCSE
Affiliation:
Affiliation:	Accretive Solutions
Talk:	How I Pwn Your Network: A Chat with a Social Engineer Do you want to know what real hackers are doing to your infrastructure? Would you like to hear how we are able to evade all of your expensive security controls? Stop wondering and ask! In this highly interactive session, we'll chat with a professional social engineer and facility breach expert, as they discuss what works and what doesn't in protecting your infrastructure. You'll hear what makes his jobs harder....and sometimes easier. Don't miss this rare engagement!
Bio:	Kai Axford (MBA, CPP, CISM, CISSP, ACE, CHFI) is an 18-year security veteran and board certified in security management. In his current role, he leads a team of security engineers that conduct penetration tests, vulnerability assessments, and facility breach exercises. Kai also serves as the lead forensics expert and social engineer. Kai has delivered over 300 security presentations on a variety of topics, including computer espionage, digital forensics, and security management, around the world. He was most recently a Global Security Evangelist and Strategist for the Microsoft Corporation where he conducted Chief Security Officer (CSO) Councils worldwide, recommending solutions to both private and public sector organizations. Kai holds a Master of Business Administration degree in Information Assurance/CyberSecurity, is a Certified Protection Professional (CPP), an AccessData Certified (Forensics) Examiner, a Computer Hacking Forensic Investigator (CHFI), and a graduate of the FBI Citizen Academy. He currently serves on the academic advisory board for the University of Dallas - Graduate School of Management - Cybersecurity program. He is a member of ISSA, ISACA, Infragard, and the North Texas Electronic Crimes Task Force. Prior to joining the world of information security, he served as a leader with the elite 75th Ranger Regiment and participated in several real-world security operations. Kai is based in Dallas, Texas.

Butler, Michael

J. Michael Butler GCFA EnCE GSEC CISA
Affiliation:
Affiliation:	Lender Processing Services
Talk:	Forensic Analysis - An Information Systems Audit on Steroids
Bio:	Since receiving his GCFA in 2003, Mike has been involved in Forensic Analysis regarding everything from litigation hold to discovery related to criminal matters. He has contributed to the SANS community by writing for the SANS Forensics blog site, as well as writing white papers, assisting with SANS curriculum, and with GIAC exam development. Today his work is focused primarily on Forensic Analysis. Prior to moving into the Security realm, Mike has done network support and Information Systems auditing. He has also worked in the past as an independent contractor developing specialized billing and payroll systems. His experience with personal computers spans about 3 decades. Other certifications held include the EnCE (EnCase Certified Examiner), GSEC, and CISA (from ISACA).

Cooley, Russell

Russell Cooley
Affiliation:
Affiliation:	Citigroup
Talk:	The presentation will include, “It’s the Law” presented by Russ Cooley, CISSP, a discussion of the federal and state laws concerning the privacy of a customer’s data. “Protecting your data in the cloud-Ten things you need to know” presented by Bill Crowe, CISA, CRISC, which takes a look at COSO’s Enterprise Risk Management methodology and the last topic “Because I said so”, presented by Carl Terry, CISSP, MCSE, MCP+I, CNE, CNA, looks at the results that unrealistic expectations written in policies and procedures can have on the business.
Bio:	Russell Cooley has 27 years of experience in the Information Technology arena and has worked in the Telecommunications and Financial Industries. His experience ranges from mainframe and open systems platforms and has served in both an operational and management capacity. The past 8 years of his career has been spent in the field of Information Security. The first 3 years were spent as a Lead Information Security Assessor performing security assessments on vendors used by the business divisions within Citi Cards. The last 5 years have been as a Business Information Security Officer providing guidance to the business as it pertains to Information Security policies and processes as well as support during internal and external audits.

Crowe, William

William (Bill) Crowe
Affiliation:
Affiliation:	Citigroup
Talk:	The presentation will include, “It’s the Law” presented by Russ Cooley, CISSP, a discussion of the federal and state laws concerning the privacy of a customer’s data. “Protecting your data in the cloud-Ten things you need to know” presented by Bill Crowe, CISA, CRISC, which takes a look at COSO’s Enterprise Risk Management methodology and the last topic “Because I said so”, presented by Carl Terry, CISSP, MCSE, MCP+I, CNE, CNA, looks at the results that unrealistic expectations written in policies and procedures can have on the business.
Bio:	William (Bill) Crowe is a VP of Technology Risk Management with Citi and is responsible for the Information Security of card embossing, statements and letter printing and payment components of the Transaction Services line of business. He is a graduate of University of Phoenix in Jacksonville for both his Bachelors of Science in Business Management and MBA. He started his instructing and IT career during his 24 years in the Navy and retired as a Navy Chief Petty Officer. Bill spent 5 years in the Boston area as an IT instructor and NT network manager and was a consultant in the telecommunications field. Bill has been with Citigroup for 11 years and he currently develops and provides quarterly Information Security Awareness seminars for 2500 associates in Transaction Services, and on an annual basis participates in the Citi-group IS fair. Bill is an Adjunct Professor with ITT Technical Institute Jacksonville Campus and instructs auditing, risk management and information security essentials in the BS Information Security Management program. He has achieved the Certified Information Systems Auditor (CISA), Certified in Risk and Information Security Controls (CRISC) and is currently working towards his Certified Information Systems Manager certification (CISM).

Desai, Avani Mehta

Avani Mehta Desai
Affiliation:
Affiliation:	KPMG LLP
Talk:	Privacy Concerns within Emerging Technologies
Bio:	Avani M. Desai is a Senior Manager in the IT Advisory Practice located in North Florida. She is a Certified Information Privacy Professional (CIPP), Certified Information Security Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), Project Management Professional (PMP), Certified Internal Auditor (CIA), Microsoft Certified Systems Engineer (MCSE), A+ Certified, as well as a Cisco Certified Network Associate (CCNA). She has a variety of experience and training in general information technology and application controls, attestation and compliance engagements, and controls rationalization. Avani is currently in the process of completing her Certified Public Accountancy (CPA) certification. Avani leads and manages multidiscipline teams to help clients develop and implement strategic solutions that achieve their business and technology objectives. Her areas of focus are risk management, technology, information protection and information systems and their impact on the design and effectiveness of financial reporting, business processes, and compliance/regulatory environment. Avani graduated Summa Cum Laude with a Bachelors of Science in Business Administration from University of Florida. Her area of concentration was in Computer Information Sciences. In addition, Avani graduated with a Master’s in Business Administration in Finance from the Wharton School of Business at the University of Pennsylvania.

Gennaro, Alya

Alya Gennaro, CISA, PMP
Affiliation:
Affiliation:	KPMG LLP
Talk:	Privacy Concerns within Emerging Technologies
Bio:	Alya Gennaro is a Manager in KPMG’s IT Advisory Services practice located in Jacksonville. She is a Certified Information Security Auditor (CISA) and Project Management Professional (PMP). She has over eight years of experience serving US and Global clients and has been involved in a wide array of projects in an audit and risk consulting capacity. Her areas of focus are managing and executing internal/external IT audits, attestation, compliance reviews, and project management assistance for clients in financial services, transportation, retail, and healthcare. Alya graduated with a Bachelors of Science in Business Administration and Masters of Science from University of Florida. Her area of concentration was in Decision and Information Sciences. She currently serves as the At Large Director and Social Network Officer of the ISACA Jacksonville chapter and Webmaster of the ISACA West Florida chapter.

Hanchar, Sheryl

Sheryl Hanchar GCIH, CISSP, CISA
Affiliation:
Affiliation:	Harris Corporation
Talk:	The Pitfalls of Incident Handling and Response Ever try to put together a puzzle only to find pieces missing? Incident handlers and responders deal with this daily. Auditing the components of a system contribute to piecing together the puzzle and figuring out, "What the heck happened?" Accurate validation of components require an understanding of what information they are suppose to provide. In this discussion we'll cover the importance of each auditable component from system logs to entitlement reviews, as well as the important role they play in the steps of recreating an incident. This will be an interactive discussion about the pitfalls of real life investigations through the Incident Handling Lifecycle.
Bio:	Sheryl Hanchar has been living Information Security for over 20 years. In her current role she manages the Threat Mitigation team for Harris Corporation. Her daily activity includes Operational Security, incident Response, Penetration Testing, Vulnerability Scanning, Reverse Engineering and Forensic Analysis. This year she'll complete her Master of Science in Information Security from Pace University, New York City, NY. In addition to her role at Harris, she serves as a reservist with the US NAVY's 4th Fleet, Mayport Florida and was awarded the Army Commendation Medal for Network Design while serving her country in Iraq in 2004.

Johnson, Kevin

Kevin Johnson
Affiliation:
Affiliation:	Secure Ideas
Talk:	Web Application Security Testing
Bio:	Kevin Johnson is a security consultant with Secure Ideas. Kevin came to security from a develop-ment and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

Kreidl, O. Patrick

O. Patrick Kreidl
Affiliation:
Affiliation:	University of North Florida
Talk:	Dissecting a Worm Internet "worms" are arguably the earliest form of a fully-automated cyber-attack, the absent need for human interaction implying that infection may propagate from one machine to another in a matter of seconds. We'll discuss one approach to representing worms when eyes are focused on the problem of their "zero-day" detection and containment. Is tackling this problem even remotely possible?
Bio:	O. Patrick Kreidl is currently a faculty member of the School of Engineering at the University of North Florida. He received his undergraduate education at George Mason University and holds his PhD in Electrical Engineering and Computer Science from the Massachusetts Institute of Technology (MIT). For nearly fifteen years prior to joining UNF, he was a Principal Research Engineer in the Cyber Operations and Networking Group within BAE Systems' Technology Solutions Directorate and a Research Affiliate within MIT's Laboratory for Information and Decision Systems. During this time Dr. Kreidl worked in a variety of technical areas within cybersecurity, including intrusion detection/containment, secure protocol design and covert/anonymous communications. Other past positions were with the Institute for Defense Analyses and the U.S. Naval Research Laboratory. His current research interests lie at the intersections of signal processing, stochastic control and network science with application to computer security, distributed sensing, multi-vehicle planning and macro-economic forecasting.

McAliley, Timothy

Timothy P. McAliley, CISA, CISM, CISSP, PMP, ITIL, MCT
Affiliation:
Affiliation:	Symantec Corporation
Talk:	SharePoint Deployment and Governance Using COBIT 4.1 This session will provide and overview and walkthrough of SharePoint Deployment and Governance Using COBIT 4.1. This course will heavily use the COBIT Scorecard from the SharePoint-COBIT Scorecard from the book, "SharePoint Deployment and Governance Using COBIT 4.1: A Practical Approach" by Dave Chennault and Chuck Strain, ISACA 2010. We will review the SharePoint-COBIT Scorecard which covers everything from the scope and planning phase, to post deployment and sustainment activities. The SharePoint-COBIT Scorecard is built within the context of planning for; Workflow, Monitoring, Permission Management and Configuration Management Tools Antivirus Protection, Migration and Integration Tools, and Rights Management and Backup Tools
Bio:	Timothy is a Team Foundation Server Administrator and Database Administrator on a Business Intelligence Team at Symantec (www.symantec.com, (SYMC)). His particular interests are IT operations, information security, project management, and database/application tier high availability solutions. Timothy is a PMP, a CISA, a CISM, a CISSP, and is ITIL V3 Foundations certified. Timothy also holds MCTS, MCITP certifications on Windows Server 2008, SQL Server 2005/2008, Exchange Server 2010 and SharePoint 2010.

McAllister, Marc

Marc McAllister
Affiliation:
Affiliation:	Florida Coastal School of Law
Talk:	Search and Seizure in the Digital World
Bio:	Professor Marc McAllister is currently an Associate Professor at Florida Coastal School of Law, where he teaches criminal law and criminal procedure courses. Professor McAllister earned his J.D., cum laude, from the University of Notre Dame Law School. Before entering teaching in 2005, Professor McAllister clerked for Judge Charles Wilson of the United States Court of Appeals for the Eleventh Circuit, and practiced corporate litigation at Baker& Daniels in Indianapolis. He has had numerous scholarly works published in law reviews. Professor McAllister's efforts and scholarship focus upon the Sixth Amendment's Confrontation Clause, as well as the Fourth Amendment's application to emerging technologies. He has been recognized for his work in applying legal principles to the digital realm and particularly in the area of digital presence. His current work is in the field of the Fourth Amendment and new technologies.

McKinney, Reggie

Reggie McKinney
Affiliation:
Affiliation:	Department of Homeland Security
Talk:	Homeland Security In 2009, President Obama recognized the need to increase education and dialogue about cybersecurity and issued the Cyberspace Policy Review, which has become the blueprint from which our Nation's cybersecurity foundation will transform into an assured and resilient digital infrastructure for the future. As part of this policy review, the Department of Homeland Security (DHS) was asked to create an ongoing cybersecurity awareness campaign "Stop.Think.Connect." to help Americans understand the risks that come with being online. The Campaign aims at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Stop.Think.Connect. challenges the American public to be more vigilant about practicing safe online habits. DHS also sponsors the National Cybersecurity Awareness Month (NCSAM) Month, which engages public and private sector partners to raise awareness and educate Americans about cybersecurity, and increase the resiliency of the Nation and its cyber infrastructure. Since 2004, NCSAM has guided the Nation to an increased understanding of the threats we face online. As these threats continue to grow, it is important to remember that cybersecurity is a shared responsibility at home, in the workplace, and in our communities.
Bio:	Mr. McKinney has served in several capacities since his arrival to DHS in 2004 and is currently the Director of Operational Integration and Outreach collaborating with federal, public and private sector and international partners in developing efforts for information sharing and stakeholder engagement. Mr. McKinney previously served as the DHS representative to The Office of Director of National Intelligence on a Joint Interagency Task Force. He has also served in the capacity of Acting Director for the Global Cyber Security Management program (GCSM) of the Department of Homeland Security, National Cyber Security Division, overseeing mission critical support functions in protecting the nation's Critical Infrastructure through Cyber Security Education and Workforce Development, Software Assurance, Standards and Best Practices, and Supply Chain. Mr. McKinney also served as Chief of Staff for the United States Computer Emergency Readiness Team (US-CERT). Prior to joining DHS Mr. McKinney held various cyber security positions with the Federal Bureau of Investigation (FBI), the Defense Intelligence Agency (DIA), and The Department of Defense Joint Task Force Global Network Operations (JTFGNO). Mr. McKinney's public service also includes more than 20 years with the US Army.

Rostern, John T.

John T. Rostern, CRISC, PCI QSA, IIA
Affiliation:
Affiliation:	Coalfire Systems
Talk:	Insider Threats
Bio:	Mr. Rostern has more than 29 years of diverse experience in audit, information security and technology. He has led the practice in delivering compliance services in areas such as the Gramm-Leach Bliley Act (GLBA), Sarbanes-Oxley, Health Information Technology for Economic and Clinical Health (HITECH) act and the Payment Card Industry Data Security Standard (PCI DSS). His areas of expertise include IT audit, technology risk assessment & management, IT strategic planning & governance, architecture, information security, operations, applications development, telecommunications, networking, data center design and business continuity planning. Mr. Rostern is a subject matter expert in the areas of data loss prevention, intrusion detection, encryption and incident response.

Saunders, Carol

Carol Saunders
Affiliation:
Affiliation:	University of Central Florida
Talk:	Security: Who is the Decider?
Bio:	Carol Saunders is currently Professor of Management at the University of Central Florida. She is a LEO award winner for lifetime accomplishments to the Information Systems (IS) discipline and an Association of Information Systems Fellow. She served on a number of editorial boards, including a three-year term as Editor-in-Chief of the top-ranked IS journal, /MIS Quarterly/. She also served as General Conference Chair of the premier IS conference, International Conference on Information Systems, as well as Jacksonville-based Telecommuting '96. She recently returned from Austria as the Distinguished Fulbright Scholar at the Wirtschafts Universitaet - Wien (WU), and earlier held a Professional Fulbright with the Malaysian Agricultural Research and Development Institute. She has held research chairs in New Zealand, Singapore, and the Netherlands. Her current research interests include overload, governance, backsourcing, virtual teams, virtual worlds, and time. She has published in top-ranked Management, IS, Computer Science and Communication journals.

Terry, Carl

Carl Terry
Affiliation:
Affiliation:	Citigroup
Talk:	The presentation will include, “It’s the Law” presented by Russ Cooley, CISSP, a discussion of the federal and state laws concerning the privacy of a customer’s data. “Protecting your data in the cloud-Ten things you need to know” presented by Bill Crowe, CISA, CRISC, which takes a look at COSO’s Enterprise Risk Management methodology and the last topic “Because I said so”, presented by Carl Terry, CISSP, MCSE, MCP+I, CNE, CNA, looks at the results that unrealistic expectations written in policies and procedures can have on the business.
Bio:	Carl Terry has 28 years experience in information technology and information security fields and is a VP of Technology Risk Management, Data Security, and Information Security for Citi responsible for Commercial, Bankcard, Retail Private Label, Partnership, and Oil customer service for both phones and paper components of the Card member Services line of business and other portions of the Operations for North America. He is a Certified Information Systems Security Professional (CISSP), Microsoft Certified Systems Engineer (MCSE), Microsoft Certified Professional + Internet (MCP+I), Certified Netware Engineer (CNE), Certified Netware Administrator (CNA) and is currently working towards his Certified Information Systems Manager certification (CISM).

Torrey, Macy

Macy Torrey
Affiliation:
Affiliation:	Check Point Software Technologies
Talk:	Stuxnet: How to take over a Nuclear Power Plant A detailed analysis of the stuxnet virus. Check Point's malware researchers were called into action to analyze the virus when it was found several months ago by a small Russian company.
Bio:	Macy Torrey is currently a Channel Manager with Check Point Software Technologies covering the Orlando, Daytona Beach, and Jacksonville metro areas. Macy has over 15 years of experience in IT security. He started at Check Point in 2004 as a Security Engineer covering Florida and the Caribbean. He specialized in Check Point's high-end product lines including VSX (Virtual Firewall Platform) and Provider-1 (Multi-Domain Management) platforms. Before moving to Florida, Macy worked at US Sprint as a Managed Security Services engineer for over eight years assisting some of the largest companies in the world with managed firewall and IDS services. Macy served for eight years in the US Navy in the Cryptology field.

Ullrich, Johannes

Johannes Ullrich, Ph.D.
Affiliation:
Affiliation:	SANS Institute
Talk:	Network Packet Analysis Understanding your network is a first and critical step in detecting and preventing intrusions. In particular, the relatively new field of network forensics attempts to reconstruct events based on network packet captures, which may reveal data no longer recoverable from the compromised disk. This presentation will discuss basic network traffic "file carving" techniques. We will go over some covert channel techniques that do not leave any artifacts on the victims file system, and how to detect them and reconstruct payloads. In the second half we will enter the new world of IPv6 and show how various tunneling mechanisms that are used by hosts to connect to IPv6 networks can be used. The presentation will include a large number of demonstrations and traffic samples as well as some tools and scripts will be made available to participants. Don't forget your laptop to fully participate in these great learning events.
Bio:	Dr. Johannes Ullrich is Dean of Research, Chief Research Officer and a faculty member of the SANS Technology Institute. Johannes also serves on the following SANS Technology Institute committees: Faculty and Administration, Curriculum and Long Range Planning. As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He regularly writes about various information security topics at the Internet Storm Center and maintains a daily security news podcast (http://isc.sans.edu/podcast.html).

Copyright © 2012 University of North Florida
1 UNF Drive | Jacksonville, FL 32224 | Phone: (904) 620-1000

Contact | Emergency | Privacy | Regulations
Disability Accommodations