NEbraskaCERT Conference 2005: <? echo $title; ?>

The United States federal judiciary (through its Advisory Committee on Civil Rules) has proposed changes to the Federal Rules of Civil Procedure which will likely cause I/T departments to change the way they currently retain, backup, archive, destroy and reuse data. Although the proposed changes will most likely not take affect until late 2006 or later, this presentation will be a brief overview of the proposed changes and will discuss how these rule changes may affect I/T operations, I/T security policies and the I/T staff’s involvement with the General Counsel’s office.

During this session we will share the experience on the implementation of the information security process under BS7799-2 and the code of practice ISO17799 for an organization that takes the security process as an strategy to penetrate new markets, decrease insurance premiums, comply with national & international regulations, and perform a continuum assurance of their operation trough the security process

We will detail the strategic, tactic, and operation process in order to understand how the security process is protecting the information in order to give value to the chain of production, preserve record for quality & security assurance, evidence in case of investigations and comply with law & regulations.

The role of Intrusion Prevention or Automated Remediation has been typecast as the bouncer that thwarts the bad guy by blocking access to the network. That role is important, but we need more.

Today’s network-based Intrusion Prevention systems do one thing very, very well – they block traffic. Unfortunately, like most point solutions, including their IDS predecessors, their view of the network is limited to the traffic they can see.

The goal is to look beyond simply blocking traffic, and look for policy enforcement, network management and network defense activities that can be automated. SIM technology monitors data from firewalls, routers, switches, servers, workstations, IDS and IPS products, and has the potential to spot patterns of behavior that could easily be missed by IPS.

With the recent influx of internet attacks, security technology has been developed to help mitigate many of these attacks and risks. Solaris 10 incorporates many technologies from Trusted Solaris along with many other open solutions to help virtualize many parts of the OS, make the services running on the OS easier to manage and to help mitigate many common types of attack. This presentation will discuss many of the new security features provided by the Solaris 10 OS and demonstrate as many of the features while discussing them to show how these security features function.

Stuart McClure is senior vice president of risk management product developmentat McAfee, Inc., where he is responsible for driving product strategy and marketing for the McAfee Foundstone family of risk mitigation and management solutions. McAfee Foundstone saves countless millions in revenue and man-hours annually in recovering from hacker attacks, viruses, worms and malware. Prior to his role at McAfee, McClure was founder, president and chief technology officer of Foundstone, Inc., which was acquired by McAfee in October of 2004.

Widely recognized for his extensive and in-depth knowledge of security products, McClure is considered one of the industry's leading authorities in information security today. A well-published and acclaimed security visionary, McClure brings over 15 years of technology and executive leadership to Foundstone with profound technical, operational, and financial experience. McClure leads both the product vision and strategy for Foundstone, as well as operational responsibilities for all technology development, support, and implementation. Since he assumed this leadership position, McClure has helped grow annual revenues over 100% every year since the company's inception in 1999.

In 1999, he took the lead in authoring Hacking Exposed: Network Security Secrets and Solutions, the best selling computer security book ever sold with over500,000 copies sold to date. The book has been translated into over 20 languages, and ranked the #4 computer book sold - positioning it as one of the best selling security and computer books in history. McClure has also co-authored Hacking Exposed: Windows 2000 by Osborne/McGraw-Hill and Web Hacking: Attacks and Defense by Addison-Wesley.

Prior to Foundstone, McClure held a variety of leadership positions in security and IT management, with Ernst & Young's National Security Profiling Team, two years as an industry analyst with InfoWorld's Test Center, five years as Director of IT with both state and local California government, two years as owner of an IT consultancy, and two years in IT with University of Colorado, Boulder.

McClure holds a bachelors degree in Psychology and Philosophy, with an emphasis in Computer Science Applications from the University of Colorado, Boulder. Helater earned numerous certifications including ISC2's CISSP, Novell's CNE, andCheck Point's CCSE.

Supervisory Special Agent Jim Christy, is the Director of the Defense Cyber Crime Institute (DCCI), Defense Cyber Crime Center (DC3). The DCCI is responsible for the research & development and test & evaluation of forensic and investigative tools for the DoD Law Enforcement and Counterintelligenceorganizations. The Institute is also charged with intelligence analysis, outreach, and policy for DC3. Jim is an Air Force Office of Special Investigations, Computer Crime Investigator. SA Christy has been a computer crime investigator for over 19 years.

In Oct 03, the Association of Information Technology Professionals, awarded Jim the 2003 Distinguished Information Science Award winner for his outstanding contribution through distinguished services in the field of information management. Previous recipients of this prestigious award include GraceHopper, Gene Amdahl, H. Ross Perot, Emmett Paige, Bill Gates, Lawrence Ellison, David Packard and Mitch Kapor.

From 17 Sep 01 - 1 Nov 03 Jim was the Deputy Director/Directorof Operations, Defense Computer Forensics Lab, Defense Cyber Crime Center. As the Dir of Ops for the DCFL he managed four sections with over 40 computer forensic examiners that supported Major Crimes & Safety, Counterintelligence and Counterterrorism, as well as Intrusions and Information Assurance cases for the Department of Defense.

From May 98 - Sep 01 Jim was assigned to the Defense-wide Information Assurance Program, Assistant Secretary of Defense for Command, Control Communications and Intelligence (ASDC3I) as the Law Enforcement & Counterintelligence Coordinator and Infrastructure Protection Liaison.

SA Christy served as the DoD Representative to the President'sInfrastructure Protection Task Force (IPTF) from Sep 96 - May 98. The President signed Executive Order, 13010 on 15 Jul 96, creating IPTF to protect the Nation's critical infrastructure from both physical and cyber attacks.

Prior to the IPTF, Jim was detailed to Senator Sam Nunn's staff on the Senate, Permanent Subcommittee on Investigations as a Congressional Fellow, Jan - Aug 96. Senator Nunn specifically requested Jim's assistance for the Subcommittee to prepare for hearings in May - Jul 1996, on the vulnerabilityand the threat to National Information Infrastructure from cyberspace.

From 1986-1998, Jim was the Director of Computer Crime Investigations, and Information Warfare for AFOSI and established the first computer forensic lab in DOD which is the DoD Computer Forensic Lab.

In 1986, Jim obtained some notoriety as the original case agent in the "Hanover Hacker" case. This case involved a group of German hackers who electronically penetrated DOD computer systems all over the world and sold the information to the Soviet KGB. The case was detailed in the best seller, "The Cuckoo's Egg", by Dr. Cliff Stoll. The Public Broadcast system has also produced a docu-drama on this case.

In a murder investigation in 1991, the suspect cut two floppy diskettes into 23 pieces with pinking shears. No agency was able to recover any of the data until Jim and his deputy developed a technique for less then $150. Jim was able to recover 85%-95% of the data from each piece of diskette. The suspect when confronted with the evidence, confessed, pled guilty and was sentenced to life in prison. This case was profiled on the "New Detectives" series on the Discovery Channel, 2 Jan 99 and will be on Court TV's Forensics Files in 2005.

1st to develop forensic technique to recover data from cutup diskette (homicide investigation)

1st psychological profiling study of computer criminals program (Project Slammer)

1st to create government, private sector, academia, program to provide free education and awareness about the cyber threat to infrastructure owners and operators (Manhattan Cyber Project)

1st Law Enforcement official to be awarded the AITP Distinguished Information Science Award

Fred Cohen is best known as the inventor of computer virus defense techniques, the principal investigator whos team defined the information assurance problem as it relates to critical infrastructure protection today, as a seminal researcher in the use of deception for information protection, and as a top flight information protection consultant. But his work on information protection extends far beyond these areas.

In the 1970s he designed network protocols for secure digital networks carrying voice, video, and data; and he helped develop and prototype the electronic cashwatch for implementing personal digital money systems. In the 1980s, he developed integrity mechanisms for secure operating systems, consulted for many major corporations, taught short courses in information protection to over 10,000 students worldwide, and in 1989, he won the prestigious international Information Technology Award for his work on integrity protection. In the 1990s, he developed protection testing and audit techniques and systems, secure Internet servers and systems, defensive information warfare techniques and systems, early systems using deception for information protection, and bootable CDs designed for forensics and secure server applicaitons. All told, the protection techniques he pioneered now help to defend more than three quarters of all the computers in the world.

Fred has authored almost 200 invited, refereed, and other scientific and management research articles, writes a monthly column for Network Security magazine on managing network security, and has written several widely read books on information protection. His series of "Infosec Baseline" studies have been widely used by the research community as stepping off points for further research, his "50 Ways" series is very popular among practitioners looking for issues to be addressed, and his most recent "Protection for Deception" series of papers is widely cited.

As a corporate consultant Fred has helped secure some of the world's largest companies in the fields of information technology, microelectronics, pharmaceuticals, manufacturing, transportation, telecommunications, and the financial and information industries. As a consultant to and researcher for the U.S. government he was the principal investigator on seminal studies in defensive information operations , he was the principal investigator on the national information security technical baseline series of reports, founded the College Cyber Defenders program at Sandia National Laboratories that ultimately led to the formation of the CyberCorps program, and led projects ranging from 'Resiliance' to 'The Invisible Router'. He has also worked in critical infrastructure protection, with law enforcement, and with the intelligence community to help improve their ability to deal with computer related crime and emerging threats to national security. He has worked on issues of digital forensics, including work for many large corporations and pro bono and state-funded work for indigent defendants, and in 2002, won the "Techno-Security Industry Professional of the Year" Award.

Fred has participated in and created numerous strategic scenario games. He devised and ran the first Internet-based strategic information warfare wargame and held several initial trial Internet-based games involving national defense and corporate personnel. In 1998, he introduced the Internet Game for information security policy development, training, and awareness in corporate, educational, and government environments, and followed this up with the Sexual Harassment Game which helps train employees on sexual harassment policies and processes. His recent introduction of several security games and simulations to the Internet are excellent examples of the work he has done in this area. He has also developed several strategic scenarios for government and private use.

Over the past 25 years, Fred has managed organizations and projects with as many as 250 employees. Several projects he led have resulted in new business in excess of $10 million, and one project led to a 5-year government contract with a ceiling of over $1.7 billion. He led a 35-person research team at Sandia National Laboratories for almost 5 years and produced several patents, copyrighted software programs, and publications in the process.

His combination of management, technical, and communication skills, allows him to effectively bridge the gap between decision makers and implementers. His involvement in and understanding of corporate, national, and global issues, provides a context that allows him to meet challenges of unlimited size and scope. With more than 25 years of experience and a global reputation for integrity, accuracy, and innovation, Fred Cohen is widely considered one of the world's leading authorities in information protection.

Presenters

The NEbraskaCERT Conference is very fortunate to get some of the best speakers to present at our conference. Here is the Class of 2005:

Atteberry, Mick

Mick Atteberry is the Manager of Enterprise Information Security at ConAgra Foods. His team provides IT risk assessments and security consultations on processes, services, systems, and implementations supporting business initiatives. He comes to ConAgra Foods with a depth of Information Security experience dealing with information threat and vulnerability management, regulatory compliance, system security engineering, and engineering fault analysis. Prior to joining ConAgra Foods in 1998, Mick worked for the Boeing company and the Cessna Aircraft company. Mick earned his bachelor?s degree in Information Systems from Kansas State University. He was awarded the Certified Information Systems Security Professional (CISSP) certificate in 2000.

Butterworth, Jim

With more than 12 years of hands-on experience in Network Security and Computer Forensics, Jim Butterworth provides Guidance Software clientele with top-level experience and technical support. His background as a certified Intrusion Analyst, vulnerability tester, perimeter defense technician, and first responder, has contributed to countless successful investigations and nicely complement the Guidance Software Incident Response Team. Butterworth has investigated globalhacking and data mining incidents involving the defense industry; corporate theft of proprietary source code; Zero-day outbreak containment; intellectual property theft; e-mail spoofing; phishing expeditions; eDiscovery; evidence seizure; data recovery; corporate policy enforcement; Web defacement; harmful threat communications; and packet capture/analysis of unknown activity.

Butterworth honed his diverse technological skill set while completing more than 20 years of distinguished and highly decorated service in the United States Navy. Seven of those years were spent fulfilling two tours in the Fleet Information Warfare Center the Navy Center of Excellence for Information Warfare.

Carcone, Dan

Dan Carcone is a Senior Security Engineer at Imperva, Inc. He is responsible for providing technical sales support, application and database security consulting and training services to the company?s customers. Mr. Carcone has 16+ years experience in penetration testing and securing information systems from unauthorized intrusion and attacks.

He first worked as Security Testing Engineer at Bell Telephone Companies Security consulting group in 1987 specializing in UNIX systems. Since then Mr. Carcone has worked at numerous fortune 1000 companies and software vendors, providing consulting to companies how to protect their most valuable information assets.

Mr. Carcone has been a feature presenter in several computer security videos and widely quoted in the world of network and application/database security.

Carr, Mike

Mike Carr is the Chief Information Security Officer for the University of Nebraska system with oversight responsibility for the four state universities within Nebraska: University of Nebraska-Lincoln, University of Nebraska Medical Center, University of Nebraska-Omaha and University of Nebraska-Kearney. He is a certified information systems security professional, a certified member of InfraGard, a licensed attorney in Ohio and Kentucky, a former security consultant, and has been an adjunct faculty member at the University of Cincinnati, Wilmington College, Thomas More College and Ivy Tech State College.

Christofferson, Debbie

Debbie Christofferson worked 20 years at Intel Corporation in IT and IT Security Manager roles, across the U.S., Europe, and Asia. She knows security from the ground up, has focused in the field for the most recent 14 years, and can increase the results and effectiveness of any security program. Debbie's company, Sapphire-Security Services, helps helps organizations' build and manage a successful security strategy based on key risks to the bottom line.

Dickman, Michelle

Ms. Dickman has spent over 20 years in the software and financial industries combined. Much of her extensive experience has been focused on the SME/SMB market which is TriGeo's core market. Dickman leads a team of dedicated security professionals and software engineers working on the leading edge of Security Information Management and Automated Remediation technology and focusing on the specific needs of the mid-sized enterprise.

Doumakes, Don

Don Doumakes is a Systems Programmer. He spent most of the last decade building middleware, embedded systems, and diagnostic tools, as well as learning Linux system administration. Current interests include privacy-enhancing software. Ask him to brag about his organic garden.

Ellsworth, Doug

Doug is highly regarded among the leading TSCM practitioners nationwide. Doug began his TSCM career 16 years ago while
serving as president of a small Midwestern defense contractor. In that position, Doug administered the maintenance and repair of TEMPEST-certified microcomputer systems at (then) Strategic Air Command Headquarters (55SRW/HQSAC) at Offutt AFB. Secure Communications Corporation was conceptualized and formed at that time.

Doug has performed advanced TSCM surveys in all Mid-west States as well as the States of New York, Maryland, and Virginia. Doug has given expert testimony in felony cases and has independently consulted with the Federal Judiciary. Written materials authored by Doug have been cited as authority in academic texts and corporate white papers internationally, and given "key-paper" status at Columbia University's academic website.

Doug recently devised an exploit concerning forged documents and Clandestine Electronic Intercept, which crossed the sector
"stovepipes" of Financial Institutions and Telecommunications. Alert was issued to Law Enforcement, which resulted in sweeping policy changes in several large Midwestern banks.

Doug is a strong advocate of general security measures and defense issues, and legislative action related thereto, in addition to many other activities.

Erret, Jerry

Kansas City native Jerry Errett began his IT career shortly after the transition from punched card to magnetic tape. His professional industry background includes investment banking, healthcare, interactive voice response, and IT security. His security career began with eSecurity Online, and continues today at Computer Associates, Inc. where he is a Senior Architect.

Jerry continues to reside in the metro Kansas City area, with his wife and their 15 year old son.

Fournier, Sandra

Sandra Fournier, MA, is a Senior Cost & Schedule Analyst for a Department of Defense contractor, Lockheed Martin. In her current position as well as in her previous position, as a Senior Engineering Planner, she has been intimately involved with engineering and program management activities supporting the USSTRATCOM organization at Offutt Air Force Base in Bellevue, Nebraska. Her involvement with systems engineering and security engineering planning continues to stimulate her interest in information security. Ms. Fournier earned a Master of Arts in Business with a specialization in Management Information Systems. Her thesis titled A Conceptual Model for Addressing Consumer-Seller Trust Relationships in Online Auctions presents a perspective on trust in e-commerce that is often overlooked in the digital market yet historically well-defined in the physical market. She is a member of both the Project Management Institute and the Association for Computing Machinery.

Hanrion, Patrick

Patrick Hanrion, CISSP/ISSAP, CISM is a Security Consultant for the Microsoft Security Center of Excellence. Patrick has over 12 years of experience in Information Technology and Information Security. He has worked for many different security and technology companies including Cylink, and Baltimore Technologies. Patrick has experience deploying and managing Information Security projects at various fortune 500 customers. He has spoken at various IT conferences regarding PKI, Certificate management, Identity management, Digital signatures and general cryptography.

Hayes, Bill

Bill Hayes has worked nearly four years for the Omaha World Herald Company corporate security department as an information security specialist where he conducts security audits for the World Herald's nationwide firms. For the past 18 years, he has performed a variety of information technology and information security duties in the corporate and academic environments. Bill has a Bachelors degree in Journalism from the University of Nebraska Lincoln. He also does freelance writing for computer magazines and web sites. His byline has appeared most recently in Processor Magazine and the SecurityFocus web site.

Hoesing, Michael

Michael T. Hoesing CISA CISSP CIA CCP CMA CPA Information Systems Audit & Information Assurance Manager First National Nebraska Inc.

Mike has over 30 years of experience in the areas of information systems audit, information systems implementation, and financial audit. His experiences span a variety of industries during his years with public accounting firms and his last 15 years has focused on the financial services with firms such as First National Nebraska Inc.,Pricewaterhouse Coopers, First Data Corp, and American Express. Mike has been involved in both the external and internal audit processes and also has served as a systems integrator, software trainer, conference speaker, and a university instructor. Currently Mike leads the Information Systems Audit & Information Assurance groups for First National Nebraska Inc. assessing risk and helping to improve the control environment for technology sectors at the bank and the related non-banking subsidiaries.

Huff, Julie

Julie Huff is currently pursuing her M.S. degree in bioinformatics at the University of Nebraska Medical Center, Omaha.

She is a Senior Systems Architect with Northrop Grumman Mission Systems, Bellevue, NE., where she has lead research and developments in a number of areas. She is one of the originators of the Security Kinetix patent developed for event dissemination and response in tactical environments.

Marsh, Matthew

Matthew has worked in network management and architecture since 1983 specializing in routed IP/IPX/SNA networks. As President of Paktronix Systems LLC he is responsible for all research, design, and implementation of the award winning PakSecured family of Security Products. As Chief Scientist of the NEbraskaCERT he is very active in researching
IPv4/IPv6/IPSec Integrated Security Networks and giving seminars and talks on the state of Network Security.

Matthew developed the first (and currently still the only) SNMPv3 managed Policy Routing firewall system for Linux. This is the base PakSecured Linux system available under GPL at http://www.paksecured.com. His certifications include CISSP, CISA, CCNA, NSA-IAM, MCNE, PSRE, and several minor specific technical specializations.

Marshall, Bruce

Bruce K. Marshall, CISSP, NSA-IAM is a Senior Security Consultant at Security PS in Kansas City. He has focused his attention on password and authentication threats for the past eight years and founded PasswordResearch.com to publish research on the subject. Mr. Marshall trains and consults with clients to help them overcome their authentication and other information security challenges.

McCoy, Bob

Bob is a Technical Account Manager for Microsoft. He manages the support relationship between Microsoft and several of its large customers in the Omaha area. He has also been a Microsoft consultant where he specialized in infrastructure and security consulting. Bob a member of the NEbraskaCERT Board of Directors and serves on the Microsoft internal InfoSecurity Force.

Bob's credentials include: BS in Computer Information Systems, Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional (ISSAP), and Microsoft Certified Systems Engineer (MCSE).

Newmaster, A.J.

A.J. Newmaster is a freshmen at UNO double majoring in Computer Science and Management Information Systems. In 2005 A.J. graduated from Bellevue West and received the AIM Institute High School Intern of the Year award while working for Optimum Data Inc. A.J.'s interests include Information Assurance, Networking, System/Network Security, and Wireless technologies.

Nugen, Steve

Stephen (Steve) Nugen is Senior Technical Research Fellow at the Nebraska University Consortium on Information Assurance, College of Information Science and Technology; Founder and President of NuGenSoft, LLC; and
a member of the NEbraskaCERT Board of Directors. He teaches information assurance topics to graduate students, undergraduates, and practicing professionals.

Steve's credentials include: BS Computer Science; MS Computer Engineering; Certified Information Systems Security Professional (CISSP); and NSA InfoSec Assessment Methodology (IAM).

O'Gorman, Jim

Jim O'Gorman has over 7 years experience in information security and has worked with such companies as AOL, Sun, General Motors, Sprint, and the Department of Defense. Jim currently resides in Nebraska and be be reached online at http://www.elwood.net/.

Payne, Matt

Matt Payne, CISSP, is a Senior Technical Research Fellow at the Nebraska University Consortium on Information Assurance (NUCIA), University of Nebraska at Omaha (UNO) in Omaha, Nebraska.

Matt's day-to-day activities focus on Information Assurance and Computer
Security research and instruction. His academic research interests include Information Assurance, the Semantic Web, Collaboration, and Open Source Development.

Rojas, Leonardo Garcia
Leonardo, studied engineering at ESIME-UC obtaining his bachelor in 1992, the Banamex award to the Quality of Work on January 1997, the ISC2 CISSP certification on November 2000, the CISM certification on March 2004 under the ISACA Godfathering program.

During his professional career has worked for PMI Comercio Internacional (A Mexican Oil Trading Company), Phibro Energy Division of Salomon Inc., the National Bank of México, Pemex Gas y Petroquimica Básica.

His experience includes implementation & operation of Information Technology Architectures, Information Security Architectures & Management Systems under BS7799 / ISO 17799, ITIL, COBIT, NFPA1600, DRII, RAD. As complement has been speaker for National an International conferences such as the Congreso Iberoamericano de Seguridad Informatica, Nebraska CERT Conference, Computer Security Institute Conference, SUN Network conference, IEEE chapter Mexico and have imparted “BS7799 Auditor” Seminars.

Rotschafer, Nathan D.

Nate is a junior in the College of Information, Science and Technology at the University of Nebraska at Omaha, Peter Kiewit Institute. He is majoring in computer engineering and computer science with a concentration in information assurance. He has been in the IT field for 6 years, the last 4 of which have been spent doing information assurance. He is A+, MCSE and LPI Linux certified along with have an extensive background in Windows administration and security, IP telephony, Cisco network equipment and Linux/UNIX. He has previously presented at infoTEC 2002, Defcon X, NebraskaCERT 2002, Mutual of Omaha, ConAgra Foods Inc. and infoTEC 2005.

Sarasamma, Suseela

Suseela Sarasamma received Ph. D degree in computer science from the University of Nebraska at Lincoln and M. Eng. degree in electrical and computer engineering from Concordia University, Montreal, Canada.

She is a Senior Software Engineer at Northrop Grumman Mission Systems, Bellevue, NE. Her current interests are in the design and development of algorithms of scientific nature for practical applications. She has over eight years experience in developing high quality object oriented software for scientific and engineering applications.

Sprauge, Steven

Steven Sprague is president and CEO of Wave Systems Corp. Based in Lee, MA. A pioneer of the Trusted PC movement, Sprague has spoken and presented at more than 50 industry events, sharing his expertise and the leadership. Wave Systems has brought to delivering trusted computing applications and services. Wave Systems provides advanced products, infrastructure and solutions across multiple trusted platforms from a variety of vendors. The Company holds a portfolio of significant fundamental patents in security and e-commerce applications, and employs some of the world's leading security systems architects and engineers. Sprague was a vice president of Wave from 1992 to 1995. In 1995 he founded Wave Interactive Network, a specialized consumer distribution channel. In 1996 Wave acquired Wave Interactive Network and Sprague was elected president and COO of Wave Systems. In 2000 he took over responsibilities as CEO. Sprague has a B.S. in mechanical engineering from Cornell University and resides in Lenox, MA.

Stevens, Matt

Matt Stevens, CTO
Network Intelligence

Mr. Stevens joined Network Intelligence in 1997 and is widely recognized as a SEM expert. At Network Intelligence, he was responsible for the Company's transition from a software-based SEM vendor to its current offering of a full range of appliance-based solutions targeting a variety of network sizes and industries including financial services, government, telecommunications and MSSPs. As Network Intelligence's CTO, Mr. Stevens defines the company's long-term technology strategy and is one of the inventors of the patent-pending LogSmart(r) internet protocol database (IPDB).

Uber, Chet

Chet Uber has worked in the IT industry for over 20 years, and is the Co-founder and a principal with SecurityPosture, Inc. Uber is an information warfare specialist currently working on information protection posture assessments and network and computer assurance programs. Previous areas of work spanning more then two years include: high-availability computing, high-speed computing, grid and cluster computing, electromagnetic warfare, psychological warfare, and most notably to demonstrate threat from common communication and computer gear to airplanes using ILS and other advanced systems susceptible to MIJI. Uber's research is very much focused on wireless communications, specifically WiFi and WiMax. Uber and the other members a multi-company/agency team are planning to showcase RF weapons and defenses in a live-exercise held in conjunction with the January 2006 DOD Cyber Crime Conference. These exercises are intended to replicate a large number of combatants and the issues they would have to deal with. When not practicing or doing research, Uber is in charge or the corporate and operations divisions of the four-state corporation he helped found in 2002. Uber is a Professional member of IEEE, AFCEA, ISSA, ACM, ASIS, Infragard, ISACA, and the NCCTF.

Vidas, Tim

Tim Vidas is a Senior Technology Research Fellow in the Nebraska University Consortium for Information Assurance, in the College of IS & T. In addition to teaching at UNO, for the past several years Tim's main focus has been in the private sector with System / Network Security, Defense in Depth, and Systems Integration. His interests include Automation, Information Assurance, Education, Integration, OSS, and wireless technologies. Tim is locally associated with ACM, NEbraskaCERT, Infragard, OLUG, SANS, and the Omaha Perl Mongers.

Tim's credentials include: BS in Computer Science and Certified Information Systems Security Professional (CISSP).

Watson, Kenneth

Kenneth C. Watson Senior Manager, Critical Infrastructure Assurance Group
Cisco Systems, Inc.

Ken Watson is Senior Manager, Critical Infrastructure Assurance Group (CIAG), Cisco Systems, Inc. He established CIAG to drive Cisco’s strategic contribution to the security of worldwide critical infrastructures, with initiatives encompassing long-term research, education, training, incident response support, policy and standards development, and communications and awareness. He is also Chairman Emeritus of the Partnership for Critical Infrastructure Security, a non-profit organization dedicated to assuring the reliable provision of critical infrastructure services in the face of emerging risks to economic and national security; and Chairman of the National Cyber Security Alliance, a non-profit foundation focused on helping home and small business computer users improve their computer and network security through its www.staysafeonline.info website and other national awareness efforts. He came to Cisco with the WheelGroup acquisition in March 1998, where he was Director, Professional Services.

Before WheelGroup, Watson served 23 years in the Marine Corps, retiring with the rank of lieutenant colonel. His last assignment was as the Marine Liaison Officer to the Air Force Information Warfare Center. Assigned there by the Assistant Commandant of the Marine Corps, his responsibilities included refining and evaluating Marine Corps requirements regarding information warfare and its implementation on the battlefield via command and control warfare. He led multi-Service information warfare teams in military operations spanning several continents. His efforts helped convince the Marine Corps to establish permanent policy, doctrine, personnel positions, and operational requirements to make offensive and defensive information warfare an integrated part of Marine Corps operations. As Marine Liaison Officer to the Air Force Information Warfare Center, he participated in the beginnings of organized network security in the military services. He also led the Electronic Warfare Reprogramming Support Division, responsible for supporting reprogramming updates for all US Air Force aircraft threat warning and countermeasure systems.

During his military career, Watson was a carrier-qualified A-6E Intruder and EA-6B Prowler pilot. A Joint Specialty Officer, he served at the Joint Electronic Warfare Center, helping to coordinate publication of the annual Department of Defense Electronic Warfare Plan. He also wrote a handbook on US responses to hostile wartime reserve modes and provided planning and analysis support to various contingencies and operations. He co-authored Marine Corps doctrinal textbooks on directed energy weapons, electronic warfare, and command and control warfare.

Wiggin, Steve

Steve Wiggin, CISSP, is a Senior Security Analyst at Mutual of Omaha, headquartered in Omaha, Nebraska. He has over 25 years experience in Information Systems.

His background includes work in the U.S. Navy as a Cryptologic Technician and work in the banking and insurance industries where he has worked in Information Security. Steve has also been the Information Security Office for a defense contractor, and prior to his position at Mutual of Omaha, spent 4 years as an Information Security consultant, teaching and assisting as part of an external audit team.

Woerner, Ron

Ron Woerner is currently a Senior Security Analyst with ConAgra Foods, Inc. In the past 15 years, he has been an Air Force Intelligence Officer, the Information Security Officer for the Nebraska Department of Roads, a UNIX administrator for the Mutual of Omaha Companies, and the Lead Security Engineer for CSG Systems. Ron earned a Bachelors degree from Michigan State University and a Masters degree from Syracuse University in Information Systems. He was awarded the CISSP security certification in August of 2001 and the NSA IAM certification in August of 2003.