The NEbraskaCERT Conference:
August 22nd, 2008
at the Peter Kiewit Institute's
Scott Conference Center
Omaha, NE USA
NEbraskaCERT

CONFERENCE
SPONSORS
PAST CONFERENCES


 talks
Session
 TITLE Presenter
D-4
pdf_icon.gif
 Benchmarking for Success
 Dixon, Bill
C-1
pdf_icon.gif
 Detection of Data Hiding in Computer Forensics
 Martin, James
B-2
pdf_icon.gif
 Effective Controls over Information Security ... An Auditor's Perspective
 Liska, Vladimir
B-1
pdf_icon.gif
 Free Security Resources
 Woerner, Ron
C-3
 Providing a Modicum of Security in Virtualized Environments
 Guilfoyle, Jeff
B-3
pdf_icon.gif
 Recap of the RSA Executive Security Action Forum (ESAF) Hoesing, Michael
D-3
pdf_icon.gif
 Reporting Vulnerabilities that Comply with HIPPA and SOX Regulations
 Baldi, Robert
C-3
pdf_icon.gif
 Security Convergence - What You Need to Know
 Warren, Phillips
C-2
pdf_icon.gif
 Security Requirements: Competitive Advantage or Barrier
 Currin, Chris
D-1
pdf_icon.gif
 So You Want to be a Hacker or Think Like One?
 Wentz, Lucas
C-4
pdf_icon.gif
 The State of the Hack Harms, Kris
A-1
pdf_icon.gif 		Sticking it to the Man: How to P0wn - FTW! - Part 1 & Part 2
 		O'Gorman, James
A-3
pdf_icon.gif
 Whack a POwn: Play or Be Played - Part 1 & Part 2
 Churchill, Matt
D-2
pdf_icon.gif
 What Happens When You Invite 30 Universities to Hack You?
 Bender, Jonathan

Abstracts

Title: Benchmarking for success
Presenter: Bill Dixon
 
Abstract: All to often a new or change to a regulatory requirement or compliance initiative causes organizations to dedicate time and resources to "put out the fire".  Information Security and Risk Management program benchmarking allows an organization to align itself based on identified needs.  Industry standards such as ISO27001, NIST, and Cobit to name a few service as models.
 
The attendees will be able to identify the value in program benchmarking along with case studies of benchmarking exercises in action and their results.

Title: Detection of Data Hiding in Computer Forensics
Presenter: James E. Martin, JD, CISSP
 
Abstract: Anti-forensics has become a forensic buzzword recently, but computer users have been trying to hide data for much longer. This session provides a brief look at digital evidence hiding types and taxonomy, complimented by a practical examination of how to identify and process various types of data hiding.

Title: Effective Controls over Information Security - An Auditor's Perspective
Presenter: Vladimir M. Liska

Abstract: In the recent past, controls over information security in most organizations were the prevue of management and the auditors.  In today’s changing world influenced by Sarbanes-Oxley, privacy, and data breaches the rules have changed and controls over information security are now the responsibility of all IT professionals.  Whether preventive, detective, automated, or manual all security related control activities should be designed and operated in the most effective and efficient manner to mitigate the numerous risks faced by organizations today.  We will review technology independent risks and associated controls in key areas of information security including overall security management, awareness and training, end-user computing, incident monitoring, administering logical security (at the OS, data, and application levels), system administration, controlling external network connections, and physical security.  This will include real-world examples of risks and controls and help any IT professional create and maintain an effective and efficient control environment around information security.

Title: Free Security Resources
Presenter: Ronald Woerner, CISSP
 
Abstract: Many security tools, documents, and programs are available for free (or very little cost). This session will show how they can be used for vulnerability assessments, penetration testing, intrusion detection, incident response, and security management. This updated presentation is great for cash-strapped organizations that need to promote and improve all of their security activities.

Title: Providing A Modicum Of Security In Virtualized Environment
Presenters: Jeff Guilfoyle, Principal SE, Symantec Corporation
 
Abstract: As more and more companies move to VMWare and XEN virtualization technologies, the traditional methods of 'physically' firewalling servers from each other into disparate zones becomes increasingly complex and in many cases impossible.  A new approach to security must be explored, relying on host-based controls rather than relying purely on the network.

Title: Recap of the RSA Executive Security Action Forum (ESAF)
Presenter: Mike Hoesing

Abstract: A summary of the RSA sponsored April 2008 one day gathering of the top 100 CISOs and the results of their interactive polling of the top issues events and concerns of their day.

Title: Reporting vulnerabilities that comply with HIPPA and SOX regulations
Presenter: Robert Baldi, CISSP, CEH and CIW 
 
Abstract: This presentation will cover the legal requirements to report vulnerabilities in regards to HIPPA and SOX regulations.  It will also address the crucial need for security professionals to have a solution to report vulnerabilities without fear of reprisal.  Companies are too focused on fixing the security issues, putting out their specific fires and moving on.  Without collaboration with organizations like US-CERT, software manufacturer and other key agencies we as a society will be at unnecessary risk.  Alternative reporting methods will be reviewed in addition to examples of how security researchers are changing the way security professionals can security networks from a global perspective.


Title: Security Convergence - What You Need to Know
Presenters: Ronald Woerner & Warren Phillips
 
Abstract: Call it convergence, call it holistic security management. By either name, it’s the subject of much talk these days. This session provides the definition of convergence and an explanation of the desired payoffs and unexpected pitfalls that can obstruct efforts to get all security functions working off the same page.  In addition, we will discuss common physical security systems (e.g., badging systems, CCTV, DVR) and how they are really network devices that need to be integrated into your security program. Convergence is happening, like it or not.  You need to know how it works to grow as a security professional.


Title: Security Requirements: Competitive Advantage or Barrier
Presenter:   Chris Currin

Abstract: This PCI-oriented presentation discusses the costs/benefits of PCI security requirements in the context of business liability. It goes over measurement versus management expectations, all in the context of data and statistics from Visa and the PCI DSS. The presentation ends by discussing the science of measurement and how it can be applied to security to help business management staff make solid decisions.


Title: So, You Want to be a Hacker or Think like One? 
Presenters: Lucas Wentz & Jonathan Bender
 
Abstract: The presenters, Lucas and Jonathan, will first talk about different competitions one can participate in to test their skills. Capture the flag (CTF) exercises are good events to test your skills, so Lucas and Jonathan, will also talk about the many CTF  frameworks along with other competitions. Finally they will discus different tools to use for testing web applications.

Title: The State of the Hack
Presenter: Kris Harms, Senior Consultant at Mandiant
 
Abstract: During the last 3 years, Kris Harms responded to over 20 computer security incidents at some of America's largest organizations.  During this presentation, Kris reviews the current state of incident response leveraging his experiences on the front lines.  He discusses how organizations are preparing for and detecting incidents.  He demonstrates the latest response techniques used to mitigate the current information security risks organizations face.  Discussions and demonstrations are highlighted with actual evidence collected from several cases over the past few months.

Title: Stickin it to the Man: How to P0wn - FTW!
Presenters: James O’Gorman, Matt Churchill and Don Kohtz

Abstract: Have you ever known a locksmith that could not pick a lock? Let’s put ourselves into the mindset of an internal attacker and realize that irrational behavior never seems so on the inside. We will examine why someone might attack your systems and how they might attack your systems. A dual session talk, split with introductory material in the first session and advanced in the second, we will cover everything from information gathering techniques to fuzzing and writing our own exploit. We will find the lock, pick the lock, and make the lock irrelevant. After seeing what a rogue employee can do, we will end the session speaking with Don Kothz, former Assistant Attorney General for the State of Nebraska, about how to detect and handle rogue employees. This is not just a technology problem we face. After this morning session, we will follow up with a second two part talk about this attack we conduct from the point of view of the victim.

Title: Whack a P0wn: Play or Be Played
Presenters: Matt Churchill, James O’Gorman and Bill Dixon
 
Abstract: A follow up to the morning session, this talk will cover how the victim of the mornings attack would investigate the intrusion. In the first session we will focus on network based evidence, followed by the second session focused on a system based forensics investigation. We will cover how to find out if something happened, how to find out what exactly happened, assess the impact of what happened, and try to identify who did it. After this, we will end the session speaking with Bill Dixon, Director of Assessment & Assurance Services for Continuum Worldwide, about how organizations can better position themselves to properly handle the inevitable.

Title: What Happens When You Invite 30 Universities To Hack You? 
Presenters: Jonathan Bender & Lucas Wentz
 
Abstract: The presenters will demonstrate capture the flag exercises in more detail while focusing on analyzing data, results, and lessons from previous exercises.  The presentation will contain detailed forensics of network traffic and vulnerable images, timelines of attacks, and demonstrations of the attacks used.  Each attack will be complemented with information on how to harden against the attack.

Presenters

The NEbraskaCERT Conference is very fortunate to get some of the best speakers to present at our conference.  Here is the Class of 2008:

Baldi, Robert - CISSP, CEH, CIW

Robert Baldi is a CISSP, CEH and CIW Security Analyst with over nine years experience in Information Assurance with the Department of Defense. He is currently a security engineer for NSA, employed by Booz Allen Hamilton.  He graduated from Bellevue University and has worked for the US Air Force and Raytheon.  Robert is also an adjunct instructor for information technology and information security courses at Bellevue University and ITT Technical Institute in Omaha, NE.

Churchill, Matt

Matt Churchill is the Director of Digital Forensics and Cyber Investigations for Continuum Worldwide.  Matt is a former member of the FBI's Cyber Crimes Task Force and former Deputy Douglas County Sheriff of ten years, where he conducted digital forensic examinations.  Matt is a graduate of UNO and has earned the professional designations of Certified Forensic Computer Examiner (CFCE), Certified Computer Examiner (CCE), Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH).  Matt is a founding member and current President of the Nebraska Chapter of the High Technology Crime Investigation Association (HTCIA) and he is a member of the International Association of Computer Investigative Specialists (IACIS), the International Society of Forensic Computer Examiners (ISFSE)and Infragard.

Currin, Chris

Chris Currin is the Senior Vice President of Financial Market Solutions at Solutionary, and Omaha based company.  He has been working in the information security specialty for 8 years.  He has a BS is Computer Science from UNL, and has been working in the IT industry for 17 years.  Chris currently advises about 250 local and national firms on many aspects related to information security.

Dixon, Bill

Bill is a Managing Consultant for Continuum Worldwide.  He has over 7 years of experience, in the field of information security and risk assessment.  Bill has worked with clients in the insurance, financial services, banking, manufacturing, software development, and higher education industries.  Bill has assisted clients with development and assessment of risk management programs, technical controls review, policy development, and regulatory compliance with focus on PCI, HIPAA, GLBA, FISMA, and SOX 404.  Bill also has experience in information security risk assessment, application security assessment, system architecture and design, and project management.

Bill has authored a number of technical and organizational pieces, including operating system and network device platform configurations standards and risk management process methodologies and has spoken regionally and nationally on the topics if risk management, information security, and business partner management.

Bill holds a Certified Information System Security Professional (CISSP) certification and is a Payment Card Industry (PCI) Qualified Security Assessor (QSA).

Harms, Kris

Kris Harms is a Senior Consultant at Mandiant with six years experience in computer security and incident response. Mr. Harms provides Mandiant with investigative and technical expertise in incident response management and investigation, computer forensics, vulnerability assessment and remediation, and security architecture and design.
 
He has extensive experience conducting large scale incident investigations for Fortune 100 companies, e-commerce sites and financial institutions. He has also supported multiple counter-intelligence investigations at several government entities. Mr. Harms has lead investigations and conducted evidence discovery for several multi-million dollar litigations.

A frequent industry speaker and instructor, Mr. Harms has appeared on the CBS News program 60 Minutes and PBS’s Wealth and Wisdom. Mr. Harms holds a Bachelor of Arts degree in Applied Science and Technology from The George Washington University.

Hoesing, Michael

Mike has over 30 years of experience in the areas of information systems audit, information systems implementation, and financial audit.
 
 His experiences span a variety of industries during his years with public accounting firms and his last 18 years has focused on the financial services with firms such as First National Nebraska Inc.,Pricewaterhouse Coopers, First Data Corp, and American Express.  Mike has been involved in both the external and internal audit processes and also has served as a software trainer, conference speaker at the Computer Security Conference, VMworld, ISACA's CACS, CERT conference in Omaha Nebraska, University involvement includes membership on the Creighton University College of Business advisory board, and facilitating sessions in their eSecurity lab. At the University of Nebraska at Omaha he developed and delivers the regions only class devoted to Information Systems Audit and has enrolled that school in the ACL partner program.
 
 Mike has been published in the Information Systems Control Journal published by ISACA on network security,  operating systems and virtualization audit topics. Currently Mike leads the Information Systems Audit and Information Assurance groups for First National Nebraska Inc. conducting traditional IS and integrated audit activities, proactive control and risk management consulting, technical assessments, forensics, ediscovery litigation support,  and external assessment liaison with regulatory, financial and credit card association assessors, assessing risk and helping to improve the control environment for  technology sectors at the bank and the related non-banking subsidiaries.

James, Adam

Adam James is a Consultant with Continuum Worldwide. Prior to becoming a Consultant, Adam worked for four years at Mutual of Omaha gaining insight into multiple aspects of a Fortune 500 company while in positions including Provider Analyst, Business Analyst, Computer Programmer/Analyst, and Information Security Analyst. In his most recent position as an Information Security Analyst at Mutual of Omaha Adam was responsible for conducting information security risk assessments, penetration tests, application security assessments, developing audit responses, and providing information security consulting on business and infrastructure projects.

Adam holds a Bachelors of Science in Management Information Services from the University of Nebraska at Omaha and has completed his Masters degree in Information Assurance from the Peter Kiewit Institute at the University of Nebraska at Omaha . Adam also holds CCNA, GCFA, and GSNA certifications.

Kohtz, Don

Don Kohtz is the Director of Investigative & Compliance Solutions with Continuum Worldwide.  He was formerly an Assistant Attorney General for the State of Nebraska, the Fraud Bureau Chief at the Nebraska Department of Insurance, and was legal counsel to insurance companies and financial institutions.

Don has presented and published articles on the topics of fraud, risk mitigation, and compliance matters.  He has investigated matters involving fraud, white collar crime and unethical behavior.

Don holds a Bachelor of Science degree, a Doctorate of Jurisprudence, and is certified as a HIPAA Professional (HIPPAP).  He is a member of the Nebraska Power Review Board, which regulates Nebraska’s publicly owned electrical utility industry.  He is a former executive board member of the Nebraska Crime Stoppers, Inc., and the Heartland Chapter of the Association of Certified Fraud Examiners (ACFE).  He is an associate member of both the local chapter and the national organization of the ACFE.  He is a recipient of the Distinguished Achievement Award from the ACFE for his efforts in the fight against fraud.

Liska, Vladimir M.

Vladimir Liska is the Project Audit & Consulting Manager in the Corporate Audit department at TD AMERITRADE based in Omaha, Nebraska.  In this role, Vlad has developed and administers a framework to facilitate consulting and assurance services on enterprise projects.  Through this framework, Vlad performs active monitoring and risk assessment of enterprise projects, proactively ensures appropriate controls are implemented on projects, and monitors adherence to the product development lifecycles.  Prior to joining TD AMERITRADE, Vlad worked in various technology and audit positions in public accounting and the private sector.
 
Vlad holds a Bachelor of Arts degree in Computer Science from Simpson College in Indianola, Iowa and a Master of Science in Information Technology Management from Creighton University in Omaha, Nebraska.  He has also served on the faculty at the University of Nebraska at Omaha and has spoken at several local and regional conferences including InfoTech 2004 and the 2007 IIA District Conference.  Vlad is a Certified Information Systems Auditor (CISA) and is licensed as a FINRA Registered General Securities Representative, a Register Investment Advisor in the State of Nebraska, and a General Securities Principal.

Martin, James

Jim Martin is a CISSP and JD with over twelve years experience in information security. He has worked as Security Coordinator for the Missouri Research & Education Network and senior computer forensic expert for Kaiser Permanente. In his current position as security engineer for West Corporation, he is an internal consultant to the West enterprise on security architecture, engineering, incident response and forensics. He is a member of HTCIA, and a former member of the Missouri Computer Crimes Task Force and Missouri State Internet Technology Advisory Board Security Subcommittee.

O’Gorman, James

James O'Gorman is a consultant with Continuum Worldwide. In his over 10 years of working in information technology, James has worked in consulting, support, and managerial positions at companies across a spectrum of industries. Specializing in information security, James has made contributions in to the industry in the way of speaking engagements, papers, tool and process development that have been made available to the community. A member of the GIAC advisory board and the Omaha ISSA chapter, James holds OSCP, CISSP, GCIA and GCFA certifications

Woerner, Ronald - CISSP, IAM, IEM, CEH, and CHFI

Ron Woerner is a CISSP, IAM, CEH and CHFI with over 17 years experience in multiple industries. He graduated from Michigan State and Syracuse Universities and has worked for the US Air Force, State of Nebraska, Mutual of Omaha, ConAgra Foods, and AmeriTrade. He has spoken at the RSA Conference, the CSI Conference, CERT, Infotec and Information Security Decisions.  He is also on the Information Security Magazine Advisory Board.