We spend a lot of time talking about the FUTURE of the cybersecurity workforce. By 2021, more than 3.5 million job openings will impact the security posture of enterprise, government, and academic institutions across the globe. But we don’t spend a lot of time talking about the PAST. History can tell us a lot about where we’ve been and inform where we’re going—and the case is no exception when it comes to hiring the next generation of cyber professionals. 
Laura Lee will share how a 1940’s secret recruiting campaign targeting female high school teachers and recent college graduates for cryptanalyst jobs set an expectation for diversity in coding.  That effort to hire code breakers analyzed the attributes needed to be successful in this field that is now cyber.
Laura will discuss why examining the hiring and employee retention methods leading up to World War II can help the cybersecurity workforce challenges of today and how we can use modern techniques, such as gamification to IDENTIFY – SCREEN - ASSESS – PLACE – TRAIN – RETAIN staff.  She will describe methods that rely on Artificial Intelligence to help instruct and score cybersecurity professionals.  This talk is designed to stimulate ideas in the audience on “How to Grow Cybersecurity Professionals” in the modern world.
After a short presentation, Laura will engage the audience with example cyber games that illustrate the attacker’s kill chain, show the relationship between common ports and protocols, reinforce binary and hexadecimal conversion and play good old-fashioned cyber trivia!

 

Laura Lee is the Executive Vice President of Rapid Prototyping at Circadence Corporation. In this role, she applies her extensive knowledge and experience in cybersecurity workforce development to help organizations understand how to identify, screen, assess, train and retain cybersecurity professionals. She previously led the product development for the Circadence® Project Ares® next generation cybersecurity training and assessment platform and the Orion Mission Builder.

Laura holds a Bachelor of Science in Aerospace Engineering from the University of Minnesota and a Master of Science in Aerospace Engineering and Mechanics from the University of Notre Dame. She also has a Juris Doctorate from George Mason University School of Law. She is also adjunct faculty at the University of Colorado Boulder where she teaches Immersive Cyber Defense to graduate students. Laura is a Certified Information Systems Security Professional (CISSP) and holds certifications in gamification and game development. She was recently awarded Cybersecurity Women of the Year GOLD in 2019. 

 

More and more products are hitting the market promising to increase efficacy and decrease false positives.  Most of these products represent only incremental change to the status quo despite being labeled as “disruption”.  The reason for this charade is due largely to the business models upon which our industry is based.  Most of the so-called disruption comes from startups whose exit strategy more often than not is to be acquired by one of the existing big players in the industry.  Venture Capitalists back these companies, perceiving their value not in terms of whether or not they solve a problem, but whether or not they can look attractive to future buyers.

Another facet as to why the industry is not helping us is on us, the practitioners.  Rarely do we perform adequate or meaningful threat modeling or risk analysis.  Tools are purchased based on gut feel, on past experiences in other environments, or simply because “everyone has that kind of tool”.  With little regard given to risk, threat and maturity, we often find ourselves spending money that could prove more useful elsewhere.  And above all of this is the overarching fact that the un-sexy, un-glamorous security fundamentals are more critical to protecting our environment than the flash of our tech stack.

Allan Alford is Chief Information Security Officer (CISO) at Mitel, formerly CISO at Forcepoint and at Polycom. In his CISO roles Alford has managed enterprise security as well as compliance with various frameworks such as GDPR, NIST SP800-171 and ISO 27001.

 

With more than 30 years of IT and Engineering security experience, Alford has a strong product and cloud security background, overseeing security for Mitel’s UCaaS cloud offerings and having served at Pearson as Product Information Security Officer (PISO) (where he created the security practice for a massive-scale companywide cloud transformation program).  Alford also built and led the product security program at Polycom, integrating it fully into the business.

 

Alford is also co-host of “Defense in Depth” – a weekly podcast that focuses each episode on a specific, popular topic from the world of information security.

 

A perpetual learner, Alford is currently pursuing a master's degree in Information Systems and Security from Our Lady of the Lake University and received a bachelor's degree in Liberal Arts with a focus on leadership from DePaul University. Alford also holds a CISM certification.

Aamir Lakhani is a leading Senior Security Researcher for FortiGuard Labs at Fortinet. He is responsible for providing IT security solutions to major enterprises and government organizations.

Lakhani creates technical security strategies and leads security implementation projects for Fortune 500 companies. Industries of focus include healthcare providers, educational institutions, financial institutions and government organizations. 

Lakhani has designed offensive counterdefense measures for the Department of Defense and national intelligence agencies. He has also assisted organizations with safeguarding IT and physical environments from attacks perpetrated by underground cybercriminal groups.

 

"Chaos is inherent in all compounded things..." - Buddha.

Chaos is inherent in our lives filled with technology. Mobile phones, voice assistance, 4K streaming devices, connected utilities, IoT devices have made our world more relevant and more dangerous than ever.  Attackers have unlimited attack surface and targets to compromise. 

This talk will examine current attacks and schemes attackers use to make money, steal identities, and target individuals. This talk is an exploratory look at how cybercriminals make money with low-level crime, the technology they use, and how they get away with it. 

We will explore some techniques they have used from simple gift card theft, credit card theft, attacks against public utilities, and their continued attempts at blackmail and fraud. Explore with me how attackers are all killing us softly and slowly with our technology.