The NEbraskaCERT Conference:
August 9 - 11, 2005
at the Peter Kiewit Institute's
Scott Conference Center
Omaha, NE USA
Christy, Jim
McClure, Stuart
Cohen, Fred

Session Name
TITLE Presenter
7 Strategies to Protect Your Business From Hackers, Disasters & Thieves
Christofferson, Debbie

Anomaly Based Techniques for Intrusion Detection Systems Suseela, Sarasamma &
Huff, Julie
Application and Database Security: Attack Demonstration and Discussion of Defense Techniques
Carcone, Dan
Audit & Information Security: The Next Generation
Wiggin, Steve
Auditing LINUX
Hoesing, Michael
Certification and Accreditation: DITSCAP and the STIGS Payne, Matt

Combating Common Web Application Authentication Threats Marshall, Bruce
Computer & Network Forensics I
Computer & Network Forensics II
Computer & Network Forensics III
Computer & Network Forensics IV
Vidas, Tim
A Conceptual Model for Addressing Buyer-Seller Trust Relationships in Online Auctions Fournier, Sandra
Conducting Flaw-Hypothesis Risk Based Information Protection Assessments in State-sized Governments Uber, Chet

Critical Infrastructure Protection:  The Long View
Watson, Ken
Enterprise Security Patch Management
Errett, Jerry

Evaluating Alternatives to Passwords Marshall, Bruce

Google Hacking
Doumakes, Don
Helping Users by Spying on Them
Nugen, Steve
How to Lock Down Access to your Cisco IOS and CatOS Devices Marsh, Matthew
Implementing Enterprise Wireless VLAN's: Lessons Learned
Uber, Chet

Implications of the Proposed New Federal Rules for eDisocovery
Carr, Michael
Information Security and Clandestine Electronic Intercept
Ellsworth, Doug

The Information Security Process Under BS7799/ISO17799 Garcia, Leonardo
Java Security
Payne, Matt
Keeping Up To Date with Windows Server Update Services
McCoy, Bob
LAMP Secure Web Hosting
Newmaster, A.J. & Payne, Matt

Linking Information Security to the Business Woerner, Ron
Metasploit: The Morning After...
Butterworth, Jim
The Need For Biometric Authentication
Rotschafer, Nate
Open Source Tools for eMail Security on Mac OS X Caughron, Mat
The Past, Present and Future of Information Security Atteberry, Mick
Protecting against DoS Attacks

Saloman, Glen
The Reality of RFID
Ross, Joan

Repelling the Wily Insider Woerner, Ron
Revisiting MySQL Access Control Caughron, Mat
Security Methodology and Incident Response
Hanrion, Patrick
The Security Silver Bullet
McMullin II, George

Security Triage: How to Secure a Network for a Busy Administrator
O'Gorman, Jim
SIM Today Tomorrow Stevens. Matt

The Snake in the Woodpile -- Spyware on your PCs
Hayes, Bill
Tips and Tricks for dealing with Cisco IOS/CatOS Network Management Marsh, Matthew
Trusted Computing and Its Impact on the Healthcare Industry and HIPAA
Sprague, Steven
Today's Requirements for a Modern Investigative and Incident Response Infrastructure
Butterworth, Jim
Traditional SQL Injection Protection: Wrong Solution for the Right Problem
Carcone, Dan

Using SIM-Based Intelligent Correlation to Empower Automated Remediation
Dickman, Michelle
Utilizing Solaris 10 Security Features
Rotschafer, Nate
Virtualization - Usage and Risks
Hoesing, Michael


7 Strategies to Protect Your Business from Hackers, Disasters & Thieves - Christofferson, Debbie

In today's global economy, associations spend heavily on internet based applications to acquire new members, satisfy existing ones, and improve communication between employees, members and business partners. In this environment it is essential that we protect our systems and the integrity of our communications with our constituents. In this session you will learn to identify current security risks, understand the tools available to combat those risks, and review the components of a comprehensive security plan.

Anomaly based techniques for Intrusion Detection Systems - Sarasamma, Suseela and Huff, Julie

Intrusion Detection Systems (IDS) can be broadly classified into two categories: signature based IDS, and anomaly IDS. Signature based IDS are highly successful in accurately detecting previously known attacks. However, they fail to detect variants of known attacks whose signatures are not stored. They also fail in detecting new attacks whose signatures are not known. When new attacks are discovered, the signature database has to be manually updated. The network will be vulnerable to the newly discovered attacks until the updated signature database is in effect. In anomaly based detection approach, a profile of what is perceived as normal behavior is first established. Deviants from the normal profile are considered as anomalies or potential attacks. In some cases, normal operations that exhibit behavior adherent to unseen mode of operation are detected as anomalies. Such cases of false detection of normal operations as anomalous operations are termed false positives. Unlike signature-based detection systems, there are no exact templates to match an unknown event. The merit of an anomaly detection scheme is the absence of an enormous signature database. The characteristic of a good anomaly-based approach is a very high detection rate at a very low false positive rate. A novel multilevel hierarchical Kohonen Net (K-Map) for IDS is presented. Each level of the hierarchical map is modeled as a simple winner-take-all K-Map. One significant advantage of this multilevel hierarchical K-Map is its computational efficiency. Unlike other statistical anomaly detection methods such as nearest neighbor approach, K-means clustering or probabilistic analysis that employ distance computation in the feature space to identify the outliers, our approach does not involve costly point-to-point computation in organizing the data into clusters. Another advantage is the reduced network size. We use the classification capability of the K-Map on selected dimensions of preprocessed packet header data in detecting anomalies with high detection rates at relatively low false positive rates.

Application and Database Security: Attack Demonstration and Discussion of Defense Techniques - Carcone, Dan

The first portion of the presentation will be an in depth demonstration of application vulnerabilities and attack techniques.    This discussion will include many real life examples of penetration tests conducted on behalf of end-user organizations.  Demonstrated attacks will include: SQL injection, Script Injection, Cross-Scripting, Cookie Poisoning, Parameter Tampering and other application attacks. 

The demonstration application is a live web site that was created specifically for this purpose.  This web site is protected by a market-leading network Firewall, and the applications running it were designed by a third party firm that specializes in creating on-line shopping applications.  

The presentation will end with a short introduction of prevention techniques.

Audit & Information Security: The Next Generation - Wiggin, Steve

Are you an information security professional who has worked with auditors and wondered why they seem to be questioning your decisions and policies?  Are you an auditor that has worked with an information security department and wondered why they seem to be less than helpful when replying to your questions? Then this session is for you.

This session will examine the differences in perception and philosophy of IS and audit professionals.  Come away with some ideas as to how to do your job better.

Auditing Linux - Hoesing, Michael

Auditing LINUX - As the implementations of LINUX expand on mainframes and other platforms,  expand in use as the base operating system (OS) for more vendor applications, and are used as the hardened base for appliances, the need to review the configuration of this OS increases.  The overall need for expanded assessment is currently being driven by Sarbanes, GLBA, PCI and other compliance needs and certainly will expand rather than abate.  As LINUX expands its deployment in the organization it will most certainly wind up supporting an application or data needing assessment coverage.  A methodology to assess the logical access, services, connections, file rights, logging, security configuration, and authorized applications is presented.  That methodology will be discussed in the context of 2 assessment approaches, metric comparison and enumeration.  Finally, open source tools will be compared and contrasted  to facilitate the information gathering phase of the assessment methodology and approach.

Certification and Accreditation: DITSCAP and the STIGS - Payne, Matt

The DoD Information Technology Security Certification and Accreditation Process (DITSCAP) is being replaced by DoD Instructions 8500.1, 8500.2, and a collection of secure technical implementation guidelines (STIGS).   This talk presents an overview of the differences between these two approaches, potential benefits and pitfalls of the new approach, and places the DoD certification and accreditation (C&A) procedures in the landscape of C&A processes in use today.

Combating Common Web Application Authentication Threats - Marshall, Bruce

Attacks on Web applications are a growing threat for organizations  using online systems.  Ensuring these Web apps follow proper authentication practices and precautions can keep some of these attackers at bay.  Mr. Marshall will demonstrate the techniques used by criminals to defeat  Webapp authentication and impersonate valid users.  You will learn about the common authentication mistakes made by app developers and administrators in the environments assessed by Mr. Marshall.  Then he will share tips that can help you eliminate these vulnerabilities in your own apps.

Computer and Network Forensics I-IV - Vidas, Tim

This session begins with use of low level command line forensics tools and culminates with complex graphical forensics tools.  Both traditional "static" forensics and "live" network forensics will be covered.  Granular topics (in no particular order, and obviously dependant upon class interaction level) will include: threat vectors, forensic imaging, imaging hardware, boot sequence, hashing, file systems (FAT, NTFS, maybe ext3), file structure/signatures, data recovery, logging, footprints, steganography/watermarking,  network forensics, incident response, 'deciphering' email, information hiding, partition table decoding,
formatting, binary analysis, etc.

Both open source and COTS tools will be used in demonstrations, and strengths and weaknesses of both with be explored.

Unique, recent topics that will be touched on include: the recent 'compromise' of the MD5 hashing algorithm (with live examples), and memory based forensics.

A mix of legal, procedural and technical material will be covered.  Prior use of command line tools in Linux and Windows is not required, but would be helpful.

The session will be demonstration rich and geared toward individual hands-on experience after the session concludes (all lecture material and noncopywritten tools will be available on CD).

A Conceptual Model for Addressing Consumer-Seller Trust Relationships in Online Auctions - Fournier, Sandra

Secondary market e-commerce sites are gaining popularity in spite of the high rate of fraud associated with them. Governmental organizations involved in monitoring and regulating fraud have indicated that online auction fraud has been the top complaint of all internet fraud over the past few years. The institution-trust based mechanisms such as credit card guarantees, escrow services, and payment assurance services have been shown to improve the perception of initial trust buyers have in making online purchases. However, these mechanisms do not ease the minds of all consumers. Although the growth of e-commerce over the past few years has been spectacular, the comparison between total retail sales and total e-commerce sales reveals that there is potentially more ground to be gained in online sales. Unfortunately, there still remains reluctance in shopping online due to lack of trust. In general, all consumers desire some level of trust that they can manage or avoid uncertainty when making their purchases in the cyber marketplace. Improving effectiveness of community reputation systems may prove to be the most cost effective way to add value to the market for sellers, buyers, and online auction companies. However, current reputation feedback systems are not robust enough to supply members with the credible information to act as an effective decision support system. The perception of the seller's trustworthiness is based upon the information the seller provides about the product and the seller-specific information which is provided by the feedback system. Using decision support mechanisms to validate product quality expectations, fair conduct in dispute resolution, and good performance in following the rules of engagement, the formation of initial trust can be strengthened and reduce the reliance on costly institution-based trust control mechanisms.

Conducting Flaw-Hypothesis Risk Based Information Protection Assessments in
State-sized Governments - Uber, Chet

The Flaw Hypothesis methodology is often thought of as an exercise that only system manufacturers and the federal government use for developing classified systems; however the core tenants when combined with a solid risk management assessment provide a cost-effective way for state-sized and larger government entities to determine urgent, tactical and strategic
solutions to strengthening their protection postures. State governments have a unique problem, similar only to a few large corporations and national governments. They deal with large geographies, elected officials, bureaucracies, and other manifestations that are only seen in entities of this type and size. With often competing goals, needs, and classifications of information state governments are an interesting and worthwhile point of study. This session is designed to go through these differences and shows how to use classic methods to yield actionable results. If you are interested in getting beyond the theory and seeing how difficult it is to properly apply - this session is for you.

Critical Infrastructure Protection:  The Long View - Watson, Ken

Protecting critical infrastructures requires focusing on immediate threats andexposures, but also striving to improve their long-term security.  Basic and applied research, workforce development, and policy, practices, and standards development may hold the keys to providing a more secure environment for the critical infrastructures.  This presentation shares ideas on areas ripe for collaboration for long-term security improvements.

Enterprise Security Patch Management - Erret, Jerry

 Automated Security Patch Management is the process that administers the detection and remediation of software vulnerabilities. Because  the number of reported vulnerabilities has increased dramatically in the past ten years, the need for an automated method of remediation is clear.

This presentation details both the process and the implement steps required for Automated Security Patch Management. Also included are answers about why the inclusion of this process is vital in avoiding large-scale security breaches. Current examples, drawn from corporations that have recently experienced security breaches, are given.

Finally, the presentation provides a look at some of the key difficulties associated with the adoption and implementation of an Automated Security Patch Management system.

Evaluating Alternatives to Passwords - Marshall, Bruce

We would all like to trade in our passwords for more secure and  reliable replacements if we could just convince upper management of the need. 
In this session, Mr. Marshall reviews the alternative authentication technologies, products, and services -- including knowledge-based, possession-based, and biometric-based solutions.  He introduces the  five core characteristics of authenticators that can be used to evaluate their pros and cons: usability, integrity, uniqueness, accuracy, and affordability. Attendees will be able to apply the knowledge gained in this session to influence authentication investment decisions in their organization.

Google hacking - Doumakes, Don

An overview of Google hacking:  what it is, how it can be used for Good or for Evil, and what can be done about it. 

Google indexes a surprising amount of information that organizations may not intend to make public.  Expert Google users can use that information for penetration testing, or purposes less commendable.

Helping Users by Spying on Them - Nugen, Steve

Newer versions of Microsoft Windows include an undocumented feature that monitors how users interact with their computer and favorite web sites.  Collected information is weakly encrypted and stored in the registry (where it is retained even when the user clears their caches and histories).

Pubic-domain knowledge about this feature is thin and oftentimes just wrong.

This presentation includes:
  • Discussing the advantages of this feature with respect to computer forensics.
  • Discussing the disadvantages of this feature with respect to privacy.
  • Demonstrations of how simple tools can be used to bust some of the  myths associated with UserAssist entries.
  • Demonstrations on how to manage the collection of this personal information.
How to Lock Down Access To Your Cisco IOS and CatOS Devices - Marsh, Matthew

In this session we will cover the various forms of remote connectivity to Cisco IOS and CatOS devices and the methods available to limit and log connections. Some knowledge of IOS/CatOS will be assumed. Participants will walk away with concrete examples of applying various access mechanisms with an emphasis on local security, uses of encryption, and access lists. Where possible techniques will be demonstrated on a live system.

Implementing Enterprise Wireless VLAN's: Lessons Learned - Uber, Chet

This talk deals with the realities involved when introducing wireless into the enterprises. Numerous books are available on the use of WiFi in the enterprise, but most of them fail to provide and accurate picture of the complexities and vulnerabilities added by implementing this "must have" technology. We start with some of the basics related to the Radio Layer, progress up to the applicability and issues involving roaming. This is the perfect session for those that can't seem to get their wireless solutions to work as advertised; as well as those considering adding this to their networked systems. This talks main goal is to distill down the methods, tools, do's and don'ts that over 3 million square feet of survey and over 1000 access point installations of experience bring. If you are looking to cut through the hype to the truth about wireless - don't miss this session.

Implications of the Proposed New Federal Rules for eDiscovery - Carr, Michael

The United States federal judiciary (through its Advisory Committee on Civil Rules) has proposed changes to the Federal Rules of Civil Procedure which will likely cause I/T departments to change the way they currently retain, backup, archive, destroy and reuse data. Although the proposed changes will most likely not take affect until late 2006 or later, this presentation will be a brief overview of the proposed changes and will discuss how these rule changes may affect I/T operations, I/T security policies and the I/T staff’s involvement with the General Counsel’s office.

Information Security and Clandestine Electronic Intercept: A Bank-Vault Door on a Grass Hut? - Ellsworth, Doug

Some Realities:

Too few Information Security and Physical Security Programs in the private sector have seriously addressed information exposures to Clandestine Electronic Intercept (CEI).  Still fewer have consulted face to face with an honest to goodness Technical Surveillance Countermeasures (TSCM) practitioner to evaluate potential peril, or to detect, deter, and nullify this threat to sensitive / proprietary information.  Further weakening this posture are scores of commonly accepted misconceptions regarding this subject matter that have been popularized through novels, television, and movies.

There are few barriers to Clandestine Electronic Intercept.  CEI is not an expensive endeavor, and in many cases requires only minimal technical skill to achieve some effective exploits.  Importantly, any intercept attempt is almost always successful!

Clandestine Electronic Intercept is a felony offense in all jurisdictions including Federal without approved court order, yet CEI is an extremely "safe" undertaking for the Information Thief.  There are no logs to audit.  There exists no automated or direct means to provide alert, or to detect, track or trace the bad guys.

Information Thieves and CEI Agents-For-Hire do exist - and prosper.   They are an adaptable bunch, and will always seek the path of least resistance.

Do you see a problem?

In past presentations, Doug has focused variously on several dimensions affecting your information assurance: the current state of technology (both positive tradecraft and countermeasures); the availability, low cost and ease of installation of purpose-built intercept items; covert methods of entry - including lock and burglar alarm bypass; the mindsets of victims and predictability; the mindsets of CEI Agents-For-Hire; the implications of economic and social trends pointing toward increased and growing disloyalty among insiders; the serious scarcity of competent Countermeasures Practitioners and how to seek out and qualify a legitimate TSCM practitioner amongst the overabundance of organizations and individuals alleging to offer these specialized services for a fee.

At this year's presentation, Doug has prepared a more interactive format.  Stories of real-life exploits will illustrate points made.  Questions are welcome - so bring them.  Get "for real" answers to uncertainties, fears or doubts.

Information Security Process Under BS7799/ISO17799 - Rojas, Leonardo Garcia

To deal with information security in operation, we need to think on the information security as a capability to secure INFORMATION and when the organization implement this capability, we should think in the implementation of a new business process and not in a project.

During this session we will share the experience on the implementation of the information security process under BS7799-2 and the code of practice ISO17799 for an organization that takes the security process as an strategy to penetrate new markets, decrease insurance premiums, comply with national & international regulations, and perform a continuum assurance of their operation trough the security process

We will detail the strategic, tactic, and operation process in order to understand how the security process is protecting the information in order to give value to the chain of production, preserve record for quality & security assurance, evidence in case of investigations and comply with law & regulations.

Java Security - Payne, Matt

This talk tours and explains the modern java security model.  There is a lot more too it than the applet sandbox from 1996.   Java security policy files, java network launching protocol security, sealed and
signed java archive files,  crypto that interoperates with the openssl toolkit and PGP, the authentication and authorization service, container managed security, and new trends such as the acegi security system.

Keeping Up To Date with Windows Server Update Services - McCoy, Bob
Microsoft Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates to Microsoft Windows Server 2000, Windows Server 2003, and Windows XP operating systems. By using Windows Server Update Services, you can fully manage the distribution of updates that are released through Microsoft Update to computers in your network.

This briefing will go over patch management strategies for Microsoft technologies and where it makes sense to use the Windows Server Update Services.

LAMP Secure Web Hosting -  Newmaster, A.J. & Payne, Matt

An open source secure web-hosting environment based on linux, apache, mysql, and PHP is presented.   Web applications on the system are isolated from each other; malicious code running on one web application will not impact the other applications on the system.   This presentation focuses on common web application security flaws, how  those common problems are addressed by the architecture of the secure web hosting system, and the performance tests run on the system.

Linking IT Security to Business - Woerner, Ron and Atteberry, Mick

In the past, information security was about the technology and how that technology could provide a measure of security for the business.  Today, information security must be linked to the business in order to succeed.  In this session, the presenters will discuss techniques for bringing linking business initiatives with information security.  It includes a discussion of Risk Management as a method for establishing a productive information security program that adds value to the business.   It includes methods for determining an acceptable level of risk, conducting a risk assessment, taking steps to reduce risk to the acceptable level, and maintaining that level of risk.  Whether you?re a security officer, IT manager or business owner, you will learn techniques for bringing together business and information security.

Metasploit: The Morning After... - Butterworth, Jim

Metasploit, developed under the auspices of "penetration testing", was designed as a simple-to-use tool for information security personnel that would give them the ability to perform sophisticated attacks on systems within their networks, thereby simulating a hacker. Metasploit uses a familiar point and click GUI on a Windows desktop with the ability to perform advanced security exploits. Clearly, once this tool got in the wrong hands - or novice hands - it would be a real threat to network security.

This presentation will show the workings of an attacker who has used thistool in an offensive manner.  It will show the digital footprints left behind by an attacker when they use the metasploit framework as their tool of choice.Demonstrations of the artifacts that are present on both the attacking and attacked machines will be shown as attendees will take away the ability to find the footprints of these exploits by themselves.

The Need For Biometric Authentication - Rotschafer, Nate

Biometric Authentication technology had been under development for several decades. Recently the technology has enjoyed a period of rapid maturation. With the impetus of Counter Terrorism, Biometric Authentication is coming into its own as the authentication mechanism of choice. The presentation will explore the concept of authentication, outline the available various authentication options, and focus on the various approaches, planned and available, for biometric authentication. The presentation will also discuss some of the strengths and weaknesses of the various forms of Biometric Authentication.

Open Source Tools for eMail Security on Mac OS X - Caughron, Mat

Recent advances in user interface from Apple have been coupled with open source software development efforts to produce an exceptionally accessible interface for the GPG suite of cryptography tools.  An
overview of the currently available software will be given (useful for Mac users in your office!).  Setup of GPG from key creation to key signing will be covered.  IDEA compatibility with PGP as well as patentless means to the same end will be discussed.  The GPG Privacy Handbook will be  made available to attendees and this session will be followed by a key-signing as time  permits.

The Past, Present and Future of Information Security - Woerner, Ron and Atteberry, Mick

In the session, the presenters will discuss the history of information security and where it is today.  By leveraging the past, the participants can understand the future. The presenters will use a number of analogies and anecdotes do describe the current state of information security.  Lastly, this presentation will include a brain-storming session on the future of information security at all levels; people, process and technology.

Repelling the Wiley Insider - Woerner, Ron and Atteberry, Mick

The human element of security has always been the most volatile. This presentation focuses on the human threat by examining vulnerabilities created and exploited by both careless and malicious insiders. It provides solutions for handling the human element and demonstrates how to mitigate the threat from those inside the trusted network boundary.  This is an update of the presentation given at the RSA Security Conference, February 2005.

Revisiting MySQL Access Control - Caughron, Mat

In addition to SQL injection attacks, the access contol layers of MySQL are worthy of close and careful attention by users of this popular open source database.  The use of x.509 certificates for authentication will also be covered in this presentation.  Updated password hashing from MySQL 4.1 will be discussed as will basic port forwarding techniques making use of the secure shell to establish robust authentication with a database server.

Security Methodology and Incident Response - Hanrion, Patrick

Incident response is many times used to drive the greater Security vision of a company.  By adopting a security methodology and using industry standards and best practices one can move beyond incident response and drive security solutions that cover identified risks. 

This presentation is targeted toward C level executives, decision makers, and consultants who are looking to address incident response from a broader view.  It uses case studies to show how organizations lacking an encompassing security methodology will lack programs procedures and governance to make information security work.  

Security Triage: How to Secure a Network for a Busy Administrator - O'Gorman, Jim

Most training and books do a great job presenting security best practices. The problem is, these best practices assume there is ample time to implement. The reality of life is such that many of us don't  have the staff equipped to follow best practices, the money to hire  them, or the time to do it ourselves. But in the spirt of "If you don't have time to do something right, do you really have time to do it wrong?", we would be negligent to not do what we can.

This talk will cover steps administrators can take to get the most  return from their time investment as possible. We will approach security from the point of view of the overworked administrator.

Snake in the Woodpile -- Spyware on your PCs - Hayes, Bill

In "Snake in the Woodpile - Spyware on your PCs", information systems security specialist Bill Hayes will discuss the propagation and detection of Spyware. Bill will first cover the confusing terms used with spyware and he will propose a better definition of spyware. Next, he will provide a brief overview of some of the spyware purveyors and the legal battle against spyware. From the technical aspect, he will cover how spyware servers are organized for the downloading and control of spyware and attendant advertising content. Finally, Bill will discuss spyware detection from the perimeter to the desktop with common strategies for recovering from spyware infestations.

Tips and Tricks for dealing with Cisco IOS/CatOS Network Management - Marsh, Matthew

In this session we will cover managing Cisco IOS/CatOS devices from a network perspective. Some knowledge of IOS/CatOS will be assumed. Knowledge of SNMPv3, TFTP, and SSH helpful but not required. Participants will walk away with concrete examples of using SNMP and TFTP to configure and manage
IOS/CatOS devices with emphasis on providing automated processes for upgrading and monitoring remote devices. Where possible techniques will be demonstrated on a live system.

Traditional SQL Injection Protection: Wrong Solution for the Right Problem - Carcone, Dan

SQL Injection is arguably the biggest threat to web applications and some estimates show that nearly two thirds of all web applications are vulnerable to these attacks.

This high-level technical demonstration will examine the trend of protecting systems against SQL Injection using signature-based detection mechanism. This presentation will demonstrate the viability of attacks on a system protected only by signature-based mechanisms and discuss appropriate remediation steps including processes and technologies.

Using SIM-Based Intelligent Correlation to Empower Automated Remediation - Dickman, Michelle

The role of Intrusion Prevention or Automated Remediation has been typecast as the bouncer that thwarts the bad guy by blocking access to the network. That role is important, but we need more.

With SIM-based remediation technology, responses ease the everyday burdens of network and security management.

Today’s network-based Intrusion Prevention systems do one thing very, very well – they block traffic. Unfortunately, like most point solutions, including their IDS predecessors, their view of the network is limited to the traffic they can see.

The goal is to look beyond simply blocking traffic, and look for policy enforcement, network management and network defense activities that can be automated. SIM technology monitors data from firewalls, routers, switches, servers, workstations, IDS and IPS products, and has the potential to spot patterns of behavior that could easily be missed by IPS.

Utilizing Solaris 10 Security Features - Rotscaher, Nate

With the recent influx of internet attacks, security technology has been developed to help mitigate many of these attacks and risks.  Solaris 10 incorporates many technologies from Trusted Solaris along with many other open solutions to help virtualize many parts of the OS, make the services running on the OS easier to manage and to help mitigate many common types of attack.  This presentation will discuss many of the new security features provided by the Solaris 10 OS and demonstrate as many of the features while discussing them to show how these security features function.

Virtualization - Usage and Risks - Hoesing, Michael

Virtualization - The efficient use of computing resources has always been an organizational topic. While virtualization is not a new topic to the mainframe world, the advancement of x86 based system processing capabilities has enabled virtualization to become effective at the server and even workstation levels. In addition to cost savings, additional benefits of testing in different operating systems on one host, the ability to run application versions parallel, business continuity opportunities.and other opportunities exist when one can run multiple operating systems on one machine simultaneously. This session will compare and contrast current choices in x86 virtualization,


Stuart McClure, CISSP, CNE, CCSE, Vice President, Risk Management Product Development, McAfee, Inc.

Stuart McClure is senior vice president of risk management product developmentat McAfee, Inc., where he is responsible for driving product strategy and marketing for the McAfee Foundstone family of risk mitigation and management solutions. McAfee Foundstone saves countless millions in revenue and man-hours annually in recovering from hacker attacks, viruses, worms and malware. Prior to his role at McAfee, McClure was founder, president and chief technology officer of Foundstone, Inc., which was acquired by McAfee in October of 2004.

Widely recognized for his extensive and in-depth knowledge of security products, McClure is considered one of the industry's leading authorities in information security today. A well-published and acclaimed security visionary, McClure brings over 15 years of technology and executive leadership to Foundstone with profound technical, operational, and financial experience. McClure leads both the product vision and strategy for Foundstone, as well as operational responsibilities for all technology development, support, and implementation. Since he assumed this leadership position, McClure has helped grow annual revenues over 100% every year since the company's inception in 1999.

In 1999, he took the lead in authoring Hacking Exposed: Network Security Secrets and Solutions, the best selling computer security book ever sold with over500,000 copies sold to date. The book has been translated into over 20 languages, and ranked the #4 computer book sold - positioning it as one of the best selling security and computer books in history. McClure has also co-authored Hacking Exposed: Windows 2000 by Osborne/McGraw-Hill and Web Hacking: Attacks and Defense by Addison-Wesley.

Prior to Foundstone, McClure held a variety of leadership positions in security and IT management, with Ernst & Young's National Security Profiling Team, two years as an industry analyst with InfoWorld's Test Center, five years as Director of IT with both state and local California government, two years as owner of an IT consultancy, and two years in IT with University of Colorado, Boulder.

McClure holds a bachelors degree in Psychology and Philosophy, with an emphasis in Computer Science Applications from the University of Colorado, Boulder. Helater earned numerous certifications including ISC2's CISSP, Novell's CNE, andCheck Point's CCSE.

Jim Christy, Supervisory Special Agent Director, Defense Cyber Crime Institute Defense Cyber Crime Center

Supervisory Special Agent Jim Christy, is the Director of the Defense Cyber Crime Institute (DCCI), Defense Cyber Crime Center (DC3). The DCCI is responsible for the research & development and test & evaluation of forensic and investigative tools for the DoD Law Enforcement and Counterintelligenceorganizations. The Institute is also charged with intelligence analysis, outreach, and policy for DC3. Jim is an Air Force Office of Special Investigations, Computer Crime Investigator. SA Christy has been a computer crime investigator for over 19 years.

In Oct 03, the Association of Information Technology Professionals, awarded Jim the 2003 Distinguished Information Science Award winner for his outstanding contribution through distinguished services in the field of information management. Previous recipients of this prestigious award include GraceHopper, Gene Amdahl, H. Ross Perot, Emmett Paige, Bill Gates, Lawrence Ellison, David Packard and Mitch Kapor.

From 17 Sep 01 - 1 Nov 03 Jim was the Deputy Director/Directorof Operations, Defense Computer Forensics Lab, Defense Cyber Crime Center. As the Dir of Ops for the DCFL he managed four sections with over 40 computer forensic examiners that supported Major Crimes & Safety, Counterintelligence and Counterterrorism, as well as Intrusions and Information Assurance cases for the Department of Defense.

From May 98 - Sep 01 Jim was assigned to the Defense-wide Information Assurance Program, Assistant Secretary of Defense for Command, Control Communications and Intelligence (ASDC3I) as the Law Enforcement & Counterintelligence Coordinator and Infrastructure Protection Liaison.

SA Christy served as the DoD Representative to the President'sInfrastructure Protection Task Force (IPTF) from Sep 96 - May 98. The President signed Executive Order, 13010 on 15 Jul 96, creating IPTF to protect the Nation's critical infrastructure from both physical and cyber attacks.

Prior to the IPTF, Jim was detailed to Senator Sam Nunn's staff on the Senate, Permanent Subcommittee on Investigations as a Congressional Fellow, Jan - Aug 96. Senator Nunn specifically requested Jim's assistance for the Subcommittee to prepare for hearings in May - Jul 1996, on the vulnerabilityand the threat to National Information Infrastructure from cyberspace.

From 1986-1998, Jim was the Director of Computer Crime Investigations, and Information Warfare for AFOSI and established the first computer forensic lab in DOD which is the DoD Computer Forensic Lab.

In 1986, Jim obtained some notoriety as the original case agent in the "Hanover Hacker" case. This case involved a group of German hackers who electronically penetrated DOD computer systems all over the world and sold the information to the Soviet KGB. The case was detailed in the best seller, "The Cuckoo's Egg", by Dr. Cliff Stoll. The Public Broadcast system has also produced a docu-drama on this case.

In a murder investigation in 1991, the suspect cut two floppy diskettes into 23 pieces with pinking shears. No agency was able to recover any of the data until Jim and his deputy developed a technique for less then $150. Jim was able to recover 85%-95% of the data from each piece of diskette. The suspect when confronted with the evidence, confessed, pled guilty and was sentenced to life in prison. This case was profiled on the "New Detectives" series on the Discovery Channel, 2 Jan 99 and will be on Court TV's Forensics Files in 2005.

Some of SA Christy's notable firsts in Computer Crime Investigations:

1st civilian computer crime investigator in the U.S. Government

1st computer espionage investigation (Hanover Hacker Case), case agent

1st electronic surveillance of a standalone color PC

1st DoD investigator to go undercover on pedophile bulletin boards

1st to distribute wanted poster on the Internet (triple homicide case)

1st to develop forensic technique to recover data from cutup diskette (homicide investigation)

1st psychological profiling study of computer criminals program (Project Slammer)

1st to create DOD Computer Forensic Lab

1st to create DOD Computer Intrusion Squad

1st computer crime investigator to testify before the U.S. Senate

1st information security survey of private sector by U.S. Senate (authored)

1st to create government, private sector, academia, program to provide free education and awareness about the cyber threat to infrastructure owners and operators (Manhattan Cyber Project)

1st DoD-wide Computer Crime Workshop for IA, investigators and attorneys

1st State Infrastructure Protection Center for Arizona

1st Clearinghouse for Intelligence Media Exploitation (CHIME) to support GWOT

1st Computer Forensics team to support Special Operations

1st Law Enforcement official to be awarded the AITP Distinguished Information Science Award

    Jim has managed Little League Baseball teams for13-15 year olds for the last 6 years. Jim is retired as a college hockey referee. He has worked as a professional referee at the minor league level and was the USA HockeySupervisor of Officials for the Mid-Atlantic States. Additionally he worked for the National Hockey League as an Off-ice Official for the Washington Capitals for eight years and officiated on-ice their pre-season, exhibition and training camp games.

Fred Cohen, CEO - Inventor of Computer Virus Defense Techniques.

Fred Cohen is best known as the inventor of computer virus defense techniques, the principal investigator whos team defined the information assurance problem as it relates to critical infrastructure protection today, as a seminal researcher in the use of deception for information protection, and as a top flight information protection consultant. But his work on information protection extends far beyond these areas.

In the 1970s he designed network protocols for secure digital networks carrying voice, video, and data; and he helped develop and prototype the electronic cashwatch for implementing personal digital money systems. In the 1980s, he developed integrity mechanisms for secure operating systems, consulted for many major corporations, taught short courses in information protection to over 10,000 students worldwide, and in 1989, he won the prestigious international Information Technology Award for his work on integrity protection. In the 1990s, he developed protection testing and audit techniques and systems, secure Internet servers and systems, defensive information warfare techniques and systems, early systems using deception for information protection, and bootable CDs designed for forensics and secure server applicaitons. All told, the protection techniques he pioneered now help to defend more than three quarters of all the computers in the world.

Fred has authored almost 200 invited, refereed, and other scientific and management research articles, writes a monthly column for Network Security magazine on managing network security, and has written several widely read books on information protection. His series of "Infosec Baseline" studies have been widely used by the research community as stepping off points for further research, his "50 Ways" series is very popular among practitioners looking for issues to be addressed, and his most recent "Protection for Deception" series of papers is widely cited.

As a corporate consultant Fred has helped secure some of the world's largest companies in the fields of information technology, microelectronics, pharmaceuticals, manufacturing, transportation, telecommunications, and the financial and information industries. As a consultant to and researcher for the U.S. government he was the principal investigator on seminal studies in defensive information operations , he was the principal investigator on the national information security technical baseline series of reports, founded the College Cyber Defenders program at Sandia National Laboratories that ultimately led to the formation of the CyberCorps program, and led projects ranging from 'Resiliance' to 'The Invisible Router'. He has also worked in critical infrastructure protection, with law enforcement, and with the intelligence community to help improve their ability to deal with computer related crime and emerging threats to national security. He has worked on issues of digital forensics, including work for many large corporations and pro bono and state-funded work for indigent defendants, and in 2002, won the "Techno-Security Industry Professional of the Year" Award.

Fred has participated in and created numerous strategic scenario games. He devised and ran the first Internet-based strategic information warfare wargame and held several initial trial Internet-based games involving national defense and corporate personnel. In 1998, he introduced the Internet Game for information security policy development, training, and awareness in corporate, educational, and government environments, and followed this up with the Sexual Harassment Game which helps train employees on sexual harassment policies and processes. His recent introduction of several security games and simulations to the Internet are excellent examples of the work he has done in this area. He has also developed several strategic scenarios for government and private use.

Over the past 25 years, Fred has managed organizations and projects with as many as 250 employees. Several projects he led have resulted in new business in excess of $10 million, and one project led to a 5-year government contract with a ceiling of over $1.7 billion. He led a 35-person research team at Sandia National Laboratories for almost 5 years and produced several patents, copyrighted software programs, and publications in the process.

His combination of management, technical, and communication skills, allows him to effectively bridge the gap between decision makers and implementers. His involvement in and understanding of corporate, national, and global issues, provides a context that allows him to meet challenges of unlimited size and scope. With more than 25 years of experience and a global reputation for integrity, accuracy, and innovation, Fred Cohen is widely considered one of the world's leading authorities in information protection.


The NEbraskaCERT Conference is very fortunate to get some of the best speakers to present at our conference.  Here is the Class of 2005:

Atteberry, Mick

Mick Atteberry is the Manager of Enterprise Information Security at ConAgra Foods.  His team provides IT risk assessments and security consultations on processes, services, systems, and implementations supporting business initiatives.  He comes to ConAgra Foods with a depth of Information Security experience dealing with information threat and vulnerability management, regulatory compliance, system security engineering, and engineering fault analysis. Prior to joining ConAgra Foods in 1998, Mick worked for the Boeing company and the Cessna Aircraft company. Mick earned his bachelor?s degree in Information Systems from Kansas State University. He was awarded the Certified Information Systems Security Professional (CISSP) certificate in 2000.

Butterworth, Jim

With more than 12 years of hands-on experience in Network Security and Computer Forensics, Jim Butterworth provides Guidance Software clientele with top-level experience and technical support. His background as a certified Intrusion Analyst, vulnerability tester, perimeter defense technician, and first responder, has contributed to countless successful investigations and nicely complement the Guidance Software Incident Response Team. Butterworth has investigated globalhacking and data mining incidents involving the defense industry; corporate theft of proprietary source code; Zero-day outbreak containment; intellectual property theft; e-mail spoofing; phishing expeditions; eDiscovery; evidence seizure; data recovery; corporate policy enforcement; Web defacement; harmful threat communications; and packet capture/analysis of unknown activity.

Butterworth honed his diverse technological skill set while completing more than 20 years of distinguished and highly decorated service in the United States Navy. Seven of those years were spent fulfilling two tours in the Fleet Information Warfare Center the Navy Center of Excellence for Information Warfare.

Carcone, Dan

Dan Carcone is a Senior Security Engineer at Imperva, Inc. He is responsible for providing technical sales support, application and database security consulting and training services to the company?s customers. Mr. Carcone has 16+ years experience in penetration testing and securing information systems from unauthorized intrusion and attacks.

He first worked as Security Testing Engineer at Bell Telephone Companies Security consulting group in 1987 specializing in UNIX systems.  Since then Mr. Carcone has worked at numerous fortune 1000 companies and software vendors, providing consulting to companies how to protect their most valuable information assets.

Mr. Carcone has been a feature presenter in several  computer security videos and widely quoted in the world of network and application/database security.

Carr, Mike

Mike Carr is the Chief Information Security Officer for the University of Nebraska system with oversight responsibility for the four state universities within Nebraska: University of Nebraska-Lincoln, University of Nebraska Medical Center, University of Nebraska-Omaha and University of Nebraska-Kearney. He is a certified information systems security professional, a certified member of InfraGard, a licensed attorney in Ohio and Kentucky, a former security consultant, and has been an adjunct faculty member at the University of Cincinnati, Wilmington College, Thomas More College and Ivy Tech State College.

Christofferson, Debbie

Debbie Christofferson worked 20 years at Intel Corporation in IT and IT Security Manager roles, across the U.S., Europe, and Asia. She knows security from the ground up, has focused in the field for the most recent 14 years, and can increase the results and effectiveness of any security program.  Debbie's company, Sapphire-Security Services, helps helps organizations' build and manage a successful security strategy based on key risks to the bottom line.

Dickman, Michelle

Ms. Dickman has spent over 20 years in the software and financial industries combined. Much of her extensive experience has been focused on the SME/SMB market which is TriGeo's core market. Dickman leads a team of dedicated security professionals and software engineers working on the leading edge of Security Information Management and Automated Remediation technology and focusing on the specific needs of the mid-sized enterprise.

Doumakes, Don

Don Doumakes is a Systems Programmer.  He spent most of the last decade building middleware, embedded systems, and diagnostic tools, as well as learning Linux system administration.  Current interests include privacy-enhancing software.  Ask him to brag about his organic garden.

Ellsworth, Doug

Doug is highly regarded among the leading TSCM practitioners nationwide.  Doug began his TSCM career 16 years ago while
serving as president of a small Midwestern defense contractor. In that position, Doug administered the maintenance and repair of TEMPEST-certified microcomputer systems at (then) Strategic Air Command Headquarters (55SRW/HQSAC) at Offutt AFB.  Secure Communications Corporation was conceptualized and formed at that time.

Doug has performed advanced TSCM surveys in all Mid-west States as well as the States of New York, Maryland, and Virginia.  Doug has given expert testimony in felony cases and has independently consulted with the Federal Judiciary.  Written materials authored by Doug have been cited as authority in academic texts and corporate white papers internationally, and given "key-paper" status at Columbia University's academic website.

Doug recently devised an exploit concerning forged documents and Clandestine Electronic Intercept, which crossed the sector
"stovepipes" of Financial Institutions and Telecommunications. Alert was issued to Law Enforcement, which resulted in sweeping policy changes in several large Midwestern banks.

Doug is a strong advocate of general security measures and defense issues, and legislative action related thereto, in addition to many other activities.

Erret, Jerry

Kansas City native Jerry Errett began his IT career shortly after the transition from punched card to magnetic tape. His professional industry background includes investment banking, healthcare, interactive voice response, and IT security.  His security career began with eSecurity Online, and continues today at Computer Associates, Inc. where he is a Senior Architect.

Jerry continues to reside in the metro Kansas City area, with his wife and their 15 year old son.

Fournier, Sandra

Sandra Fournier, MA, is a Senior Cost & Schedule Analyst for a Department of Defense contractor, Lockheed Martin. In her current position as well as in her previous position, as a Senior Engineering Planner, she has been intimately involved with engineering and program management activities supporting the USSTRATCOM organization at Offutt Air Force Base in Bellevue, Nebraska. Her involvement with systems engineering and security engineering planning continues to stimulate her interest in information security. Ms. Fournier earned a Master of Arts in Business with a specialization in Management Information Systems. Her thesis titled  A Conceptual Model for Addressing Consumer-Seller Trust Relationships in Online Auctions  presents a perspective on trust in e-commerce that is often overlooked in the digital market yet historically well-defined in the physical market. She is a member of both the Project Management Institute and the Association for Computing Machinery.

Hanrion, Patrick

Patrick Hanrion, CISSP/ISSAP, CISM is a Security Consultant for the Microsoft Security Center of Excellence.  Patrick has over 12 years of experience in Information Technology and Information Security.  He has worked for many different security and technology companies including Cylink, and Baltimore Technologies.  Patrick has experience deploying and managing Information Security projects at various fortune 500 customers.  He has spoken at various IT conferences regarding PKI, Certificate management, Identity management, Digital signatures and general cryptography. 

Hayes, Bill

Bill Hayes has worked nearly four years for the Omaha World Herald Company corporate security department as an information security specialist where he conducts security audits for the World Herald's  nationwide firms. For the past 18 years, he has performed a variety of  information technology and information security duties in the corporate  and academic environments. Bill has a Bachelors degree in Journalism  from the University of Nebraska Lincoln. He also does freelance writing  for computer magazines and web sites. His byline has appeared most  recently in Processor Magazine and the SecurityFocus web site.
Hoesing, Michael

Michael T. Hoesing CISA CISSP CIA CCP CMA CPA  Information Systems Audit & Information Assurance Manager First National Nebraska Inc.

Mike has over 30 years of experience in the areas of information systems audit, information systems implementation, and financial audit. His experiences span a variety of industries during his years with public accounting firms and his last 15 years has focused on the financial services with firms such as First National Nebraska Inc.,Pricewaterhouse Coopers, First Data Corp, and American Express.  Mike has been involved in both the external and internal audit processes and also has served as a systems integrator, software trainer, conference speaker, and a university instructor.  Currently Mike leads the Information Systems Audit & Information Assurance groups for First National Nebraska Inc. assessing risk and helping to improve the control environment for technology sectors at the bank and the related non-banking subsidiaries.

Huff, Julie

Julie Huff is currently pursuing her M.S. degree in bioinformatics at the University of Nebraska Medical Center, Omaha.

She is a Senior Systems Architect with Northrop Grumman Mission Systems, Bellevue, NE., where she has lead research and developments in a number of areas. She is one of the originators of the Security Kinetix patent developed for event dissemination and response in tactical environments.

Marsh, Matthew

Matthew has worked in network management and architecture since 1983 specializing in routed IP/IPX/SNA networks. As President of Paktronix Systems LLC he is responsible for all research, design, and implementation of the award winning PakSecured family of Security Products. As Chief Scientist of the NEbraskaCERT he is very active in researching
IPv4/IPv6/IPSec Integrated Security Networks and giving seminars and talks on the state of Network Security.

Matthew developed the first (and currently still the only) SNMPv3 managed Policy Routing firewall system for Linux. This is the base PakSecured Linux system available under GPL at His certifications include CISSP, CISA, CCNA, NSA-IAM, MCNE, PSRE, and several minor specific technical specializations.

Marshall, Bruce

Bruce K. Marshall, CISSP, NSA-IAM is a Senior Security Consultant at Security PS in Kansas City.  He has focused his attention on password and authentication threats for the past eight years and founded to publish research on the subject.  Mr. Marshall trains and consults with clients to help them overcome their authentication and other information security challenges.

McCoy, Bob

Bob is a Technical Account Manager for Microsoft.  He manages the support relationship between Microsoft and several of its large customers in the Omaha area.  He has also been a Microsoft consultant where he specialized in infrastructure and security consulting.  Bob a member of the NEbraskaCERT Board of Directors and serves on the Microsoft internal InfoSecurity Force.

Bob's credentials include:  BS in Computer Information Systems, Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional (ISSAP), and Microsoft Certified Systems Engineer (MCSE).

Newmaster, A.J.

A.J. Newmaster is a freshmen at UNO double majoring in Computer Science and Management Information Systems. In 2005 A.J. graduated from  Bellevue West and received the AIM Institute High School Intern of the Year award while working for Optimum Data Inc. A.J.'s interests include Information Assurance, Networking, System/Network Security, and Wireless technologies.

Nugen, Steve

Stephen (Steve) Nugen is Senior Technical Research Fellow at the Nebraska University Consortium on Information Assurance, College of  Information Science and Technology; Founder and President of NuGenSoft, LLC; and
a member of the NEbraskaCERT Board of Directors.  He teaches information assurance topics to graduate students, undergraduates, and practicing  professionals.

Steve's credentials include:  BS Computer Science; MS Computer Engineering; Certified Information Systems Security Professional (CISSP); and NSA InfoSec Assessment Methodology (IAM).

O'Gorman, Jim

Jim O'Gorman has over 7 years experience in information security and   has worked with such companies as AOL, Sun, General Motors, Sprint,   and the Department of Defense. Jim currently resides in Nebraska and   be be reached online at

Payne, Matt

Matt Payne, CISSP, is a Senior Technical Research Fellow at the  Nebraska University Consortium on Information Assurance (NUCIA), University of Nebraska at Omaha (UNO) in Omaha, Nebraska.

Matt's day-to-day activities focus on Information Assurance and  Computer
Security research and instruction. His academic research interests include Information Assurance, the Semantic Web, Collaboration, and  Open Source Development.

Rojas, Leonardo Garcia
Leonardo, studied engineering at ESIME-UC obtaining his bachelor in 1992, the Banamex award to the Quality of Work on January 1997, the ISC2 CISSP certification on November 2000, the CISM certification on March 2004 under the ISACA Godfathering program.

During his professional career has worked for PMI Comercio Internacional (A Mexican Oil Trading Company), Phibro Energy Division of Salomon Inc., the National Bank of México, Pemex Gas y Petroquimica Básica.

His experience includes implementation & operation of Information Technology Architectures, Information Security Architectures & Management Systems under BS7799 / ISO 17799, ITIL, COBIT, NFPA1600, DRII, RAD. As complement has been speaker for National an International conferences such as the Congreso Iberoamericano de Seguridad Informatica, Nebraska CERT Conference, Computer Security Institute Conference, SUN Network conference, IEEE chapter Mexico and have imparted “BS7799 Auditor” Seminars.

Rotschafer, Nathan D.

Nate is a junior in the College of Information, Science and Technology at the University of Nebraska at Omaha, Peter Kiewit Institute.  He is majoring in computer engineering and computer science with a concentration in information assurance.  He has been in the IT field for 6 years, the last 4 of which have been spent doing information assurance.  He is A+, MCSE and LPI Linux certified along with have an extensive background in Windows administration and security, IP telephony, Cisco network equipment and Linux/UNIX.  He has previously presented at infoTEC 2002, Defcon X, NebraskaCERT 2002, Mutual of Omaha, ConAgra Foods Inc. and infoTEC 2005.

Sarasamma, Suseela

Suseela Sarasamma received Ph. D degree in computer science from the University of Nebraska at Lincoln and M. Eng. degree in electrical and computer engineering from Concordia University, Montreal, Canada.

She is a Senior Software Engineer at Northrop Grumman Mission Systems, Bellevue, NE. Her current interests are in the design and development of algorithms of scientific nature for practical applications. She has over eight years experience in developing high quality object oriented software for scientific and engineering applications.

Sprauge, Steven

Steven Sprague is president and CEO of Wave Systems Corp. Based in Lee, MA. A pioneer of the Trusted PC movement, Sprague has spoken and presented at more than 50 industry events, sharing his expertise and the leadership. Wave Systems has brought to delivering trusted computing applications and services. Wave Systems provides advanced products, infrastructure and solutions across multiple trusted platforms from a variety of vendors. The Company holds a portfolio of significant fundamental patents in security and e-commerce applications, and employs some of the world's leading security systems architects and engineers.  Sprague was a vice president of Wave from 1992 to 1995. In 1995 he founded Wave Interactive Network, a specialized consumer distribution channel. In 1996 Wave acquired Wave Interactive Network and Sprague was elected president and COO of Wave Systems. In 2000 he took over responsibilities as CEO. Sprague has a B.S. in mechanical engineering from Cornell University and resides in Lenox, MA.

Stevens, Matt

Matt Stevens, CTO
Network Intelligence

Mr. Stevens joined Network Intelligence in 1997 and is widely recognized as a SEM expert. At Network Intelligence, he was responsible for the Company's transition from a software-based SEM vendor to its current offering of a full range of appliance-based solutions targeting a variety of network sizes and industries including financial services, government, telecommunications and MSSPs. As Network Intelligence's CTO, Mr. Stevens defines the company's long-term technology strategy and is one of the inventors of the patent-pending LogSmart(r) internet protocol database (IPDB).

Uber, Chet

Chet Uber has worked in the IT industry for over 20 years, and is the Co-founder and a principal with SecurityPosture, Inc. Uber is an information warfare specialist currently working on information protection posture assessments and network and computer assurance programs. Previous areas of work spanning more then two years include: high-availability computing, high-speed computing, grid and cluster computing, electromagnetic warfare, psychological warfare, and most notably to demonstrate threat from common communication and computer gear to airplanes using ILS and other advanced systems susceptible to MIJI. Uber's research is very much focused on wireless communications, specifically WiFi and WiMax. Uber and the other members a multi-company/agency team are planning to showcase RF weapons and defenses in a live-exercise held in conjunction with the January 2006 DOD Cyber Crime Conference. These exercises are intended to replicate a large number of combatants and the issues they would have to deal with. When not practicing or doing research, Uber is in charge or the corporate and operations divisions of the four-state corporation he helped found in 2002. Uber is a Professional member of IEEE, AFCEA, ISSA, ACM, ASIS, Infragard, ISACA, and the NCCTF.

Vidas, Tim

Tim Vidas is a Senior Technology Research Fellow in the Nebraska University Consortium for Information Assurance, in the College of IS & T. In addition to teaching at UNO, for the past several years Tim's main focus has been in the private sector with System / Network Security, Defense in Depth, and Systems Integration. His interests include Automation, Information Assurance, Education, Integration, OSS, and wireless technologies. Tim is locally associated with ACM, NEbraskaCERT, Infragard, OLUG, SANS, and the Omaha Perl Mongers.

Tim's credentials include: BS in Computer Science and Certified Information Systems Security Professional (CISSP).

Watson, Kenneth

Kenneth C. Watson Senior Manager, Critical Infrastructure Assurance Group
Cisco Systems, Inc.

Ken Watson is Senior Manager, Critical Infrastructure Assurance Group (CIAG), Cisco Systems, Inc. He established CIAG to drive Cisco’s strategic contribution to the security of worldwide critical infrastructures, with initiatives encompassing long-term research, education, training, incident response support, policy and standards development, and communications and awareness. He is also Chairman Emeritus of the Partnership for Critical Infrastructure Security, a non-profit organization dedicated to assuring the reliable provision of critical infrastructure services in the face of emerging risks to economic and national security; and Chairman of the National Cyber Security Alliance, a non-profit foundation focused on helping home and small business computer users improve their computer and network security through its website and other national awareness efforts. He came to Cisco with the WheelGroup acquisition in March 1998, where he was Director, Professional Services.

Before WheelGroup, Watson served 23 years in the Marine Corps, retiring with the rank of lieutenant colonel. His last assignment was as the Marine Liaison Officer to the Air Force Information Warfare Center. Assigned there by the Assistant Commandant of the Marine Corps, his responsibilities included refining and evaluating Marine Corps requirements regarding information warfare and its implementation on the battlefield via command and control warfare. He led multi-Service information warfare teams in military operations spanning several continents. His efforts helped convince the Marine Corps to establish permanent policy, doctrine, personnel positions, and operational requirements to make offensive and defensive information warfare an integrated part of Marine Corps operations. As Marine Liaison Officer to the Air Force Information Warfare Center, he participated in the beginnings of organized network security in the military services. He also led the Electronic Warfare Reprogramming Support Division, responsible for supporting reprogramming updates for all US Air Force aircraft threat warning and countermeasure systems.

During his military career, Watson was a carrier-qualified A-6E Intruder and EA-6B Prowler pilot. A Joint Specialty Officer, he served at the Joint Electronic Warfare Center, helping to coordinate publication of the annual Department of Defense Electronic Warfare Plan. He also wrote a handbook on US responses to hostile wartime reserve modes and provided planning and analysis support to various contingencies and operations. He co-authored Marine Corps doctrinal textbooks on directed energy weapons, electronic warfare, and command and control warfare.

Wiggin, Steve

Steve Wiggin, CISSP, is a Senior Security Analyst at Mutual of Omaha, headquartered in Omaha, Nebraska. He has over 25 years experience in Information Systems.

His background includes work in the U.S. Navy as a Cryptologic Technician and work in the banking and insurance industries where he has worked in Information Security. Steve has also been the Information Security Office for a defense contractor, and prior to his position at Mutual of Omaha, spent 4 years as an Information Security consultant, teaching and assisting as part of an external audit team.

Woerner, Ron

Ron Woerner is currently a Senior Security Analyst with ConAgra Foods, Inc.  In the past 15 years, he has been an Air Force Intelligence Officer, the Information Security Officer for the Nebraska Department of Roads, a UNIX administrator for the Mutual of Omaha Companies, and the Lead Security Engineer for CSG Systems.  Ron earned a Bachelors degree from Michigan State University and a Masters degree from Syracuse University in Information Systems.  He was awarded the CISSP security certification in August of 2001 and the NSA IAM certification in August of 2003.