Agenda

Conveniently located in the Washington metropolitan area, the Second Annual International Information Sharing Conference (IISC) is being held at the Hilton in Tysons Corner, Virginia. Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they come together to discuss the impact ISAOs have had on the nation’s security, share lessons learned, and discover the latest in cybersecurity policy. Attendees will gain the knowledge needed to learn how to improve information sharing.

For detailed program and speaker information, please see the agenda below. All speakers are subject to change.

Subscribe to our mailing list or follow us on Twitter or LinkedIn to keep up-to-date with IISC updates and announcements.

Tuesday, September 11
Time Agenda Item
7:30 am - 4:00 pm

Attendee Registration

Foyer 1

Day-of attendee registration may be completed at any time between 7:30 am - 4:00 pm in Foyer 1.

7:30 am – 9:00 am

Breakfast Available

International Ballrooms B & C

8:30 am – 9:00 am

Opening Remarks

International Ballrooms B & C

Welcome – Allen Shreffler, Deputy Director, ISAO SO
State of the Ecosystem – Dr. Greg White, Executive Director, ISAO SO

Dr. Gregory White is the Executive Director of the ISAO Standards Organization. He also serves as the Director of the Center for Infrastructure Assurance and Security (CIAS) and is a Professor of Computer Science at The University of Texas at San Antonio (UTSA). He spent 30 years with the Air Force and Air Force Reserves and has been involved in computer and network security since 1986.

Allen Shreffler is the Deputy Director of the ISAO Standards Organization and is also a Senior Cybersecurity consultant for LMI. He is a former career Army Military Intelligence Officer serving 32 years culminating as the G2 Director of Intelligence, Army Network Enterprise Technology Command (NETCOM). Allen led the NETCOM threat intelligence production, cyber threat situational awareness, identification of critical infrastructure and cyber key terrain for elevated protection to defeat cyber threats against Army networks.

9:00 am – 9:30 am

DHS Keynote

International Ballrooms B & C

9:30 am – 6:30 pm

Sponsor Expo

Atrium, Foyers 1-3, Dallas Room

9:30 am – 10:00 am

Congressional Keynote

International Ballrooms B & C

10:00 am – 10:20 am

Networking Break

10:20 am – 10:50 am

Industry Keynote

International Ballrooms B & C

Ann Beauchesne, CEO, Ridge Global Cybersecurity Institute

Ann M. Beauchesne is Chief Executive Officer of Ridge Global Cybersecurity Institute, which works with business organizations to manage and mitigate their complex cyber risk through executive training, customized consulting, and information sharing. She is responsible for developing and overseeing the Institute’s successful cybersecurity risk oversight education program, providing strategic advice and guidance to senior executives, leading cyber incident tabletop exercises, and directing the Cybersecurity Advisory Council.

Beauchesne has covered cybersecurity and resilience issues on behalf of the business community for more than a decade. As the impacts of attacks on the private sector have grown more significant, she has focused on enhancing national cybersecurity through advocacy, thought leadership, and education. Previously, she served as senior vice president at the U.S. Chamber of Commerce leading its National Security and Emergency Preparedness department. Prior to that, Beauchesne worked for the National Governors Association where she established its Homeland Security and Emergency Management Division.

10:50 am – 11:20 am

Industry Keynote

International Ballrooms B & C

David Powell, CyberUSA

11:20 am – 12:00 am

Organizations Supporting ISAOs Presentations

International Ballrooms B & C

The Cyber Resilience Institute (CRI)

Global Resilience Federation (GRF)

The Cyber Resilience Institute (CRI)

The Cyber Resilience Institute (CRI), is a 501(c)(3) nonprofit established in 2014.

CRI is engaged in assisting communities and organizations in cyber resilience organizing, program development, and Information Sharing and Analysis Organization (ISAO) advocacy across the country and internationally.

CRI helps governmental and commercial organizations establish a sustainable Private-Public-Partnership (PPP) for cyber market making to improve resilience among market participants. We currently maintain a Cooperative Research and Development Agreement (CRADA) with the U.S. Department of Homeland Security.

cyberresilienceinstitute.org

Global Resilience Federation (GRF)

GRF is a not-for-profit intelligence provider and highway for cyber, physical, and geopolitical threat sharing among not-for-profit ISACs, ISAOs and CERTs from many different industries around the world. Its mission is to help assure the resilience and continuity of vital infrastructure and individual organizations when facing threats that could impact their ability to provide services critical to the global economy.

GRF works with the financial services, legal services, and energy industries, among others. GRF members benefit from industry-specific or regionally-specific analysis and intelligence as well as vulnerability alerts and cross-sector sharing.

www.GRFederation.org

12:00 pm – 1:30 pm

Lunch and Technology Demos

International Ballrooms B & C

Lunch will be served starting at noon with technology demos beginning at 12:15. The Premier sponsor will have a 30 minute slot on Day 1, and Platinum sponsors are allowed 15 minutes each for the second half of lunch on Day 1 or Day 2.

1:30 pm – 2:30 pm

Track #1: Government and Legislation

International Ballroom A

Understanding and Leveraging the Arizona Cybersecurity Team (ACT) for Arizona

Frank J. Grimmelmann, ACTRA

Mike Lettman, CIO, State of Arizona

Presentation

Governor Doug Ducey issued Executive Order 2018-03 on March 1, 2018 to create the Arizona Cybersecurity Team (ACT), a diverse team of experts from state, local, and federal government, the private sector, and higher education to work together to protect Arizonans from a cyberattack. Government, businesses, and citizens are faced with a challenging and complex task of securing critical information online. To accomplish this, the cyber security team will enhance collaboration among government, private sector, law enforcement, non-profit organizations, higher education, and the greater Arizona community to address cybersecurity statewide and advise and provide recommendations to the governor. Hear the story directly from the source on how this initiative will build on Arizona’s strong existing ISAO foundation and develop a unified vision for Arizona that addresses workforce and economic development, education, emerging technology trends and information sharing and response.

What the audience will learn by attending this presentation:

  • Tying ISAO's into business and economic development opportunities
  • Integrating academic organizations in furthering the ISAO's mission
  • Fitting advanced technology into the equation
  • Raising information sharing and response to the next level
  • Involving top level leadership into supporting resource requirements
  • Leveraging a team of teams to raise the bar for information exchange and response board

Frank J. Grimmelmann is President and CEO for the non-profit Arizona Cyber Threat Response Alliance ("ACTRA"), independent of, but closely affiliated with the FBI's AZ InfraGard Program. In this capacity, Mr. Grimmelmann represents the private sector in the Arizona Counterterrorism Information Center ("ACTIC") and is the first private sector representative on its Executive Board. ACTRA’s Members include both public and private sector organizations. He also serves as the private sector cyber intelligence liaison to the FBI, the ACTIC, and the FBI's Arizona InfraGard Program. Mr. Grimmelmann Co-Chair's the AZ Cybersecurity Team formed by the Governor's Executive Order on March 1, 2018.

Mike Lettman is a recognized technology leader with over 28 years of experience in government information, security and technology. As the Arizona State Chief Information Security Officer (CISO), he provides strategic direction for information security to over 130 public agencies. With a focus on statewide enterprise and standardization efforts, Mike leads the Security, Privacy and Risk team for the Arizona Strategic Enterprise Technology (ASET) Office. With alignment to the State’s Strategic IT Plan, he ensures and enhances the State of Arizona’s security and safety. Mr. Lettman Co-Chair's the AZ Cybersecurity Team formed by the Governor's Executive Order on 3/1/18, and serves on the ACTRA How to enhance public-private collaborative ISAO collaboration.

Track #2: Improving the Value of Shared Information

Continental Ballrooms B & C

Building a Foundation for Successful Cyber Threat Intelligence Exchange

Paul Kurtz, TruSTAR

Panel

Security Operations Centers (SOCs) and Computer Security Incident Response Teams (CSIRTs) have rapidly matured over the past 2 years.

Threat intelligence and exchange is now fundamentally a question of knowledge management. Understanding how an exchange platform correlates and manages big data is essential to determining how you can evaluate, respond to, and share incidents in real time.

TruSTAR will convene a panel with leaders from IT-ISAC, Retail-CISC, and the Cloud Security Alliance to share best practices on how to Crawl, Walk, Run as companies get started with new sharing group relationships.

This panel will provide a framework to help ISAO/ISAC members enhance their event data and incident response capabilities through intelligence exchange. The panelists will provide recommendations for best technology and policy requirements to give security teams the best start, as well as best practices for sharing and analysis once an exchange partnership has been established.

What the audience will learn by attending this presentation:

  • How to enhance public-private collaborative ISAO collaboration
  • Tying ISAO's into business and economic development opportunities
  • Integrating academic organizations in furthering the ISAO's mission
  • Fitting advanced technology into the equation
  • Raising information sharing and response to the next level
  • Involving top level leadership into supporting resource requirements
  • Leveraging a team of teams to raise the bar for information exchange and response

Paul Kurtz is an internationally recognized expert on cybersecurity and the co-founder and CEO of TruSTAR Technology. Paul began working on cybersecurity at the White House in the late 1990s. He served in senior positions relating to critical infrastructure and counterterrorism on the White House's National Security and Homeland Security Councils under Presidents Clinton and Bush.

After leaving government, Paul has held numerous private sector cybersecurity positions including founding the Cyber Security Industry Alliance (Acquired by Tech America), Executive Director of SAFECode, Managing Partner of Good Harbor Consulting in Abu Dhabi, and CISO of CyberPoint International.

Track #3: What's Trending in Information Sharing

Continental Ballroom A

Delivering Actionable Threat Information, A Critical Process

Gene Fredriksen, National Credit Union ISAO (NCU-ISAO)

Presentation

The threat sharing environment today buries recipients in an avalanche of alerts, advisories, and threat notifications. This is of particular concern for SMB's like Credit Unions who are extremely limited on the amount of Information Security professionals they have on staff. In fact it is not uncommon to have a staff of one.

To avoid the number of advisories becoming a threat to the organization, we must find ways to increase the value to the member, allowing the dissemination of actionable, applicable, information to the member.

This presentation will discuss the processes and methods to implement a successful threat sharing program that is meaningful and relevant to the member organization. The role of an ISAO must be to act as a force multiplier to the organization, adding value and security to the member. If we fail to successfully implement these programs, the ISAO will ultimately fail.

What the audience will learn by attending this presentation:

  • Methods to define "actionable intelligence" which is meaningful to the member
  • Feedback Mechanisms to monitor the processes
  • Practical examples of success and the positive impact on members

Gene is the CEO and Executive Director for the National Credit Union Information Sharing and Analysis Organization (NCU-ISAO). The organization is a not for profit entity dedicated to the sharing and analysis of Cyber and Operational Intelligence specific to the Credit Union Sector.

Gene is also the Gene Fredriksen is the Chief Security Strategist for PSCU. In this role, he is responsible for the development of information protection and technology strategies and outreach programs for the company. Gene has over thirty-five years of Information Technology experience, with the last thirty focused specifically in the area of Information Security.

Track #4: Growing your ISAO in the Ecosystem

Beverley Room

FS-ISAC Coordinated Crisis Response Information Sharing Model

Susan Rogers, Financial Services ISAC

Presentation

Financial Services ISAC and other critical infrastructure ISACs (information sharing and analysis centers) can provide the operational backbone for trusted information sharing of cyber and physical threat analysis, risk mitigation and coordinated crisis response. Developing business resilience and crisis response practices within an ISAC and ISAO, provides the tools for leadership and experts who collaborate to obtain: shared situational awareness, understanding of impact, direction on mitigation and priority of recovery actions. The information sharing community plans and exercises to support the health of all participants, during the most disruptive events with systemic consequences. In this session, FS-ISAC event communication and crisis response practices will be discussed. A suggested timeline for developing business resilience sharing communities and crisis coordination practices will be presented.

What the audience will learn by attending this presentation:

  • In this session, FS-ISAC event communication and crisis response practices will be discussed.
  • A suggested timeline for developing business resilience sharing communities and crisis coordination practices will be presented.

Susan Rogers is Vice President of Business Resilience of the Financial Services Information Sharing and Analysis Center (FS-ISAC). Susan leads the FS-ISAC Business Resiliency Committee which is responsible for U.S. financial sector’s All Hazards Playbook, and for developing business resiliency collaborative planning, trusted information sharing and crisis response and recovery coordination. She has directed business continuity, disaster recovery architecture and crisis response since 1997 while leading technology and operational risk teams at Bank of America and GMAC Commercial for 15 years. Her early career was in MBS pricing, trading & delivery and capital markets systems development.

2:30 pm – 2:45 pm

Break

2:45 pm – 3:45 pm

Track #1: Government and Legislation

International Ballroom A

Steve Ingram, PwC

To be confirmed

Track #2: Improving the Value of Shared Information

Continental Ballrooms B & C

What CRI can do for your ISAO

Doug DePeppe, CRI

Presentation

Track #3: What's Trending in Information Sharing

Continental Ballroom A

What GRF can do for your ISAO

Cindy Donaldson, President, Global Resilience Federation (GRF)

Presentation

Cindy Donaldson has more than 20 years of experience in cybersecurity in both the public and private sectors where she has supported organizations ranging from small businesses to Fortune 50 global companies.

Donaldson is the president of the Global Resilience Federation (GRF), a non-profit spin-off from the Financial Services Information Sharing and Analysis Center (FS-ISAC). GRF provides support and technology to ISACs, ISAOs, and other communities around the world, with co-located analysts supporting individual communities and facilitating cross-sector sharing and collaboration based on information sharing protocols. Donaldson and her staff led the establishment of the Legal Services Information Sharing and Analysis Organization (LS-ISAO) and support operations for its member law firms. Donaldson and her staff also led the development of the Retail Cyber Intelligence Sharing Center (R-CISC) and the Energy Analytic Security Exchange (EASE). Today, GRF’s member-driven capabilities support FS-ISAC, LS-ISAO, EASE, and the Oil and Natural Gas ISAC (ONG-ISAC). These four communities are represented on the GRF Board of Directors along with representatives from National Health ISAC, Multi-State ISAC, NRF’s Retail ISAO and R-CISC.

During her career, Donaldson has served as a chief security officer for a global $500M company with responsibility for both cybersecurity and physical security, and is also an experienced entrepreneur. During her time with a Fortune 50 payment brand, she was asked to serve as a representative on the Payment Card Industry Security Standards Council (PCI SSC) Technical Working Group where she co-authored the PCI Data Security Standard. Cindy was also the founder and inaugural president of the Information Systems Security Association (ISSA) Chapter in Phoenix, Arizona. She has a Bachelor’s in Management and Marketing and a Master’s of Business Administration from Indiana University of Pennsylvania.

Track #4: Growing your ISAO in the Ecosystem

Beverley Room

ISAO Support Organization

3:45 pm – 4:00 pm

Break

4:00 pm – 5:00 pm

Track #1: Government and Legislation

International Ballroom A

Voluntary vs. Mandatory Sharing

Stuart Murdoch, Surevine, Great Britain

Presentation

Mandatory sharing is becoming increasingly common around the world - but how does it stack up against voluntary sharing? Is it true that mandatory sharing results in the "minimum necessary to comply" approach, or that voluntary sharing provides high volume, but low quality information? How can an organization comply with their mandatory reporting requirements while also providing value to the wider community? Learn why both voluntary and mandatory sharing have a role to play in cyber defense.

What the audience will learn from attending the presentation:

  • Learn the details of legislation and regulation for mandatory cybersecurity reporting nationally and internationally.
  • Consider approaches to maintaining voluntary collaboration vs. regulatory compliance in your ISAO.

Stuart Murdoch is the Founder and CEO of Surevine; the developers of Threatvine, the platform which powers national cyber-security sharing strategies. Stuart is a Chartered Engineer with a BSc in Computer Science from Royal Holloway and an advanced MSc in Computing from Imperial College, London.

Track #2: Improving the Value of Shared Information

Continental Ballrooms B & C

Case Study: Tackling the Sociological Inhibitors of Sharing in an ISAO

David Mann*, MITRE

Suneel Sundar, MITRE

*Only one presenting

Presentation

We present a case study on a methodology that considers the social factors for successful collaboration that was applied to a Federal intra-agency ISAO to identify root causes of its under-performance.

MITRE’s Bilateral Analysis of Information Exchanges (BLAISE) methodology was developed as part of a research effort in applying the social and behavioral sciences to the problems of collaboration, information sharing and automation. Information exchange failures are often due to sociological factors ignored by traditional engineering.

A Federal agency established an ISAO among its bureaus to improve situational awareness and security. It enjoyed early success but has increasingly experienced setbacks. BLAISE was applied to the ISAO to identify the root causes. In this talk, we present an overview of BLAISE, how it was applied, how it was used to make recommendations for process changes, and how BLAISE might be applied to other ISAOs to help improve sharing.

What the audience will learn from attending this presentation:

  • The audience will be aware of a tool they can leverage and apply to their own ISAO to identify root causes of sharing problems and make informed design decisions, such as when to use or not use more automation and how to identify and account for conflicting needs among their members.

Dr. David Mann is a principal information security scientist at MITRE with more than 20 years of experience in endpoint assessment and cybersecurity standards. He is credited as being the inventor of MITRE's Common Vulnerabilities and Exposures (CVE) program. For the past 10 years, Dr. Mann has been pursuing research on the social and technical factors for effective information sharing and collaboration.

Suneel Sundar founded and managed the cyber threat intelligence operational capabilities for America’s largest utility company and for the world’s largest payment processor. In these roles he depended on information shared by local and sector partners to protect critical infrastructure. At MITRE, Suneel advocates, facilitates, and implements cyber information partnerships.

Track #3: What's Trending in Information Sharing

Continental Ballroom A

A briefing requested by the Office of the Director of National Intelligence (ODNI) IAP: How to leverage ISAOs to manage Supply Chain Risk in a hyperconnected world

Israel Martinez, GD&O ISAO

Presentation

Track #4: Growing your ISAO in the Ecosystem

Beverley Room

ISAO SO Support Presentation

Natalie Sjelin, ISAO SO

Natalie Sjelin is the Director of Support for the ISAO Standards Organization and serves as the associate director of training for the Center for Infrastructure Assurance and Security (CIAS) at The University of Texas San Antonio. In her role as Director of Support, she leads the development of the ISAO SO’s Support Group to assist ISAOs in their overall development and to assist ISAOs to hone their capabilities and services. In addition, Sjelin plays a significant role in the National Cyber Preparedness Consortium (NCPC) initiatives to design and deliver cybersecurity training for the nation.

5:00 pm – 6:30 pm

Networking Reception

Lobby Bar

Wednesday, September 12
Time Agenda Item
7:00 am - 12:00 pm

Attendee Registration

Foyer 1

Day 2 attendee registration may be completed at any time between 7:00 am and noon in Foyer 1.

7:30 am – 9:00 am

Networking Breakfast

International Ballrooms B & C

8:30 am – 8:40 am

Opening Remarks

International Ballrooms B & C

Administrative Notes – Allen Shreffler, Deputy Director, ISAO SO

Allen Shreffler is the Deputy Director of the ISAO Standards Organization and is also a Senior Cybersecurity consultant for LMI. He is a former career Army Military Intelligence Officer serving 32 years culminating as the G2 Director of Intelligence, Army Network Enterprise Technology Command (NETCOM). Allen led the NETCOM threat intelligence production, cyber threat situational awareness, identification of critical infrastructure and cyber key terrain for elevated protection to defeat cyber threats against Army networks.

8:40 am – 9:00 am

ISAO SO Awards Presentations

International Ballrooms B & C

ISAO SO Awards Presentations

9:00 am – 9:30 am

Public-Private Partnership

International Ballrooms B & C

Gary Gardner, Chairman of the Board for InfraGard National Executive Board

Gary Gardner is President and CEO of TOTALeACCESS, a security consulting firm, and Chairman of the Board for InfraGard National Members Alliance. He brings over forty years of investigative, security, protection, intelligence, analysis, forensic, technology, consulting, management and teaching experience to the national and international business and law enforcement communities. His career spanned more than thirty years of diverse service with the Federal Bureau of Investigation in various capacities including executive management. His experience covers numerous areas of concern to today’s business and sports world.

While serving several decades in the FBI, he held many positions in records management, laboratory technician, a Special Agent, investigating a wide variety of Federal offenses. In the New York City Office, he served as Supervisor/Co-Commander of both the renowned Bank Robbery and Terrorism Task Forces. Then, he was assigned to FBI Headquarters where he oversaw cutting-edge investigative information technology and crisis management. He led the FBI’s investigative computer support systems, directed investigative support and training for crisis situations, special events and major cases. He also designed, managed development and directed the FBI’s Law Enforcement OnLine (LEO), an international interactive computer communications capability and information service, used exclusively for the law enforcement/criminal justice/public safety community.

9:30 am – 10:00 am

Networking Break

9:30 am – 2:45 pm

Sponsor Expo

Atrium, Foyers 1-3, Dallas Room

10:00 am – 10:30 am

International Keynote

International Ballrooms B & C

To be confirmed

To be confirmed
10:30 am – 11:00 am

Industry Keynote

International Ballrooms B & C

Tommy McDowell, Senior Director for the Retail Cyber Intelligence Sharing Center (R-CISC)

Tommy McDowell is the Senior Director for the Retail Cyber Intelligence Sharing Center (R-CISC), a partner of the ISAO Standards Organization. Mr. McDowell acts as an advisor on the ISAO SO leadership team.

Mr. McDowell is the former Senior Director of Cyber Threat Intelligence with FireEye with over 20 years of experience as a Cyber Security Professional, Manager of Cyber Security Services, Researcher, and Facilitator/Trainer for Cyber Security Professionals and Executive Teams. He has consulted in the design, development, and maturity of Threat Intelligence Programs, Incident Response Teams, Cyber Security Operations Centers (CSOC), and Integrated Security Operation Centers (ISOC).

He is a United States Army Veteran and former Special Agent with the US Naval Criminal Intelligence Service (NCIS).

11:00 am – 12:00 pm

Community Based ISAOs Keynote

International Ballrooms B & C

Dr. Greg White, Executive Director, ISAO SO

Dr. Gregory White is the Executive Director of the ISAO Standards Organization. He also serves as the Director of the Center for Infrastructure Assurance and Security (CIAS) and is a Professor of Computer Science at The University of Texas at San Antonio (UTSA). He spent 30 years with the Air Force and Air Force Reserves and has been involved in computer and network security since 1986.

12:00 pm – 1:30 pm

Lunch and Technology Demos

International Ballrooms B & C

Lunch will be served starting at noon with technology demos beginning at 12:15. The Premier sponsor will have a 30 minute slot on Day 1, and Platinum sponsors are allowed 15 minutes each for the second half of lunch on Day 1 or Day 2.

1:30 pm – 2:30 pm

Track #1: Government and Legislation

International Ballroom A

TLP to IEP Evolution: What, Why & How

Thomas Millar, DHS

Presentation

The Traffic Light Protocol (TLP) and the Information Exchange Policy (IEP) framework can help ISAOs and their constituents share and re-share sensitive information more efficiently. This talk will give a quick overview of both, followed by an in-depth exploration of the use cases and more advanced options that IEP offers, in addition to the traditional TLP designations.

IEP’s four policy types “Handling, Action, Sharing and Licensing“ address many of the needs of larger, mature sharing communities, but can also work for sharing networks that are just starting out, so that they will be able to easily accommodate other sharing models as they grow. TLP can be used to support the sharing policy type in IEP’s model, so they are fully compatible.

What the audience will learn from attending this presentation:

  • Learn everything needed to implement TLP and IEP in their own communities, as well as to educate fellow information sharing peers and partners.

Tom Millar has been a member of the DHS NCCIC and US-CERT for 10 years, serving as its Chief of Communications for most of that time. In that role, he has worked to strengthen the DHS's information sharing capabilities, increased the level of public, private and international partner engagement, and supported initiatives to improve information exchange by both humans and machines. Prior to his cybersecurity career, he served as a linguist with the 22nd Intelligence Squadron of the United States Air Force.

Mr. Millar has a master of science in engineering management from the George Washington University.

Track #2: Improving the Value of Shared Information

Continental Ballrooms B & C

Demonstrating the Value of Sharing Information

Dr. Shaun M. Brady, Center for Model Based Regulation

Presentation

For years industry white papers, government pronouncements, and the media have all championed the idea that enterprises of all types and sizes face a number of performance and risk management challenges that can be addressed more successfully through better information sharing. And while some industries have embraced the concept in some areas, there is no agreement that successful information sharing is a critical part of a mature security operations. Which is not helped by the limited examples of where cyber incident data sharing has actually made an impact at either the firm or system levels. Going forward CISOs must demonstrate to the C-suite that it is worth overruling legal or other constraints to invest in sharing data that they really understand or trust. This talk will review both the engagement mechanisms that can help build trust and confidence in sharing, and the assessment approaches that can help demonstrate the value of supporting related investments.

What audiences will learn from this presentation:

  • Real world examples of how to: improve information collection and sharing; conduct information sharing capability maturity assessments; and, demonstrate the impact and value of sharing and using the right data.

Over the last 35 years, Shaun Brady has held leadership and advisory roles at some of the world’s largest financial institutions and government agencies, improving their risk visualization capabilities, managing evolving regulatory and cybersecurity requirements, mining and monetizing data, developing new products and services, and implementing a variety of technology enabled solutions to reduce operating risk, optimize capital, and deliver mission critical capabilities.

Shaun has a B.Sc. in Int'l Finance from San Francisco State Univ, and a Masters in MIS and a Doctorate in Risk Management from the University of Maryland.

Track #3: What's Trending in Information Sharing

Continental Ballroom A

Impacts of New and Merging Global Cybersecurity and Privacy Changes on Information Sharing

Norma Krayem, Holland & Knight

Panel

Track #4: Growing your ISAO in the Ecosystem

Beverley Room

Community Collaboration in the Information Sharing Ecosystem

Nick Sturgeon, Cyber Leadership Alliance

Panel

Community collaboration as it relates to threat information sharing, whether the threats are cyber, weather, or other hazards, has become increasingly important in today’s highly connected world. When State, Local, Tribal, Territorial (SLTT) governments, Federal Government/Military and the private sector collaborate with one another there is a much greater chance of those threats being mitigate before there is a major issue. This panel discussion will take a look at how all these entities can effectively share threat information between one another which will ultimately serve to enhance the public interest. The panel will also discuss ISAO document 600-1 A Framework for State-Level Information Sharing and Analysis Organizations. Lastly the panel will discuss establishing community markets around information sharing, and observations about the untapped opportunities surrounding Capacity Building at community levels.

What the audience will learn by attending this presentation:

  • Understanding of the ISAO 600-1 publication
  • Real world examples of the value of States creating an ISAO
  • How to work with the private sector and the Federal Government/Military

Nick oversees the SOC at Pondurance, providing threat hunting, incident response and vulnerability services to many of the firm's clients. In addition, he is responsible for growing the talented SOC team, developing processes to improve efficiency, and building focused career paths for SOC personnel. He and his team will continue to deliver top-caliber threat hunting and incident response services to help clients maintain proactive security programs and address cyber threats as they emerge. Nick is a 2003 graduate of Indiana State University. He graduated with a B.S. in MIS with a focus on networking. Nick recently graduated from Purdue University with a M.S. in Cyber Forensics.

2:30 pm – 2:45 pm

Break

2:45 pm – 3:45 pm

Track #1: Government and Legislation

International Ballroom A

Building Confidence in the Cybershpere

Theresa Hitchens, CISSM

Presentation

Ms. Theresa Hitchens is a Senior Research Associate at the Center for International and Security Studies at Maryland (CISSM) where she focuses on space security, cyber security, and governance issues surrounding disruptive technologies. Prior to joining CISSM, Hitchens was the director of the United Nations Institute for Disarmament Research (UNIDIR) in Geneva from 2009 through 2014. Among her activities and accomplishments at UNIDIR, Hitchens served as a consultant to the U.N. Group of Governmental Experts on Transparency and Confidence Building Measures in Outer Space Activities, provided expert advice to the Conference on Disarmament regarding the prevention of an arms race in outer space (PAROS), launched UNIDIR's annual conference on cyber security, and oversaw UNIDIR’s expert support of the U.N. Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security meetings.

From 2001 to 2008, Hitchens worked at the Center for Defense Information, where she served as Director, and headed the center’s Space Security Project, setting the strategic direction of the center and conducting research on space policy and other international security issues. She was also previously Research Director of the Washington affiliate of the British American Security Information Council (BASIC), where she managed the organization’s program of research and advocacy in nuclear and conventional arms control, European security and North Atlantic Treaty Organization (NATO) affairs.

Hitchens spent almost two decades as a journalist, including 11 years at Defense News of Springfield, Virginia, covering: transatlantic relations; European Union foreign and security policy; NATO; arms control; USAF issues; international security; the arms trade; nuclear, chemical and biological weapons; space security; and cybersecurity. She served as International Editor for two years, and concluded her service as Editor for two years.

Hitchens's numerous publications include: “Toward a New National Security Space Strategy: Time for a Strategic Rebalancing,” coauthored with Dr. Joan Johnson-Freese, Atlantic Council Strategy Paper, June 17, 2016; “Forwarding Multilateral Space Governance: Next Steps for the International Community,” CISSM Working Paper, Aug. 6, 2015; and “Space Security-Relevant International Organizations: UN, ITU, ISO,” 2014, which was penned for the Handbook of Space Security. Hitchens holds a Bachelor of Science in journalism from Ohio University in Athens, Ohio. She is a member of the Research Advisory Group Internet Governance Cluster of the Global Commission on the Stability of Cyberspace, and has participated in numerous conferences and workshops on cyberspace governance issues.

Track #2 Improving the Value of Shared Information

Continental Ballrooms B & C

Achieving and Measuring the Value of Cyber Threat Information Sharing

Dr. Clement Skorupka*, MITRE

Dr. Lindsley Boiney, MITRE

*Only one presenting

Presentation

Dr. Skorupka and Dr. Boiney present the Trust and Value in Information Sharing (TVIS) framework for understanding the interplay of trust and value in ISAOs, and provide specific and actionable recommendations that ISAOs can implement to overcome challenges and build a more robust, value-focused exchange of threat information. The framework considers the varying perspectives across a continuum of CTI sharing roles: Passive Consumer, Active Consumer, Reporter, and Producer. For each role, the framework articulates the value proposition to the individual enterprise, the value to the sharing community, and the degree of inter-organizational trust needed to support the role-specific sharing activities.

What the audience will learn from attending the presentation:

  • The audience will be learn how the value proposition for threat information sharing and the trust required is non-monolithic, and depends on the needs and capabilities of the ISAO members. The audience will take away specific, actionable recommendations to build more robust, value-focused exchanges across diverse member organizations.

Dr. Clement Skorupka is a Cybersecurity Researcher and Technology Integrator at the MITRE Corporation. He is a co-author of NIST's Special Publication 800-150 "Guide to Cyber Threat Information Sharing". He is co-developer of the Cyber Operations Rapid Assessment (CORA) methodology, which is used to help organization improve how they collect, share, and utilize cyber threat information. He has over 20 years of experience supporting network and cybersecurity operations in DoD, Intelligence Community, and Civilian government environments. Clem holds B.S., M.S., and Ph.D. degrees in Physics, and was an Office of Naval Technology Postdoctoral fellow.

Dr. Lindsley Boiney is a Principal Cybersecurity Engineer at the MITRE Corporation. Her expertise lies at the intersection of human behavior and information technology, applying a blend of social/behavioral science methodologies and decision support technologies to improve judgments, decisions and information sharing. She is the co-developer of the CORA Methodology. She has worked in diverse sponsor domains including DoD Command and Control, Aviation Security, and has been a principal investigator on numerous research projects. Lindsley holds a Ph.D. in Decision Science and a B.A. in Computer Science.

Track #3: What's Trending in Information Sharing

Continental Ballroom A

Automating the Defense – Really taking advantage of Automated Sharing

Michael Vermilye, Johns Hopkins Applied Physics Laboratory

Presentation

This presentation will walk through the steps that are needed to automate your network defense and the game changing results when this automated defense is tied to automated sharing in a trust community. An ISAO can take advantage of current and evolving technologies to explore offering orchestration and automation as a service to their members. An advantage of an ISAO being the vehicle to offer this service is the trust community that is part and parcel of a robust ISAO.

What the audience will learn from attending presentation:

  • An appreciation of the current technologies available in the automation space
  • An understanding of the serious conversations needed to help ensure a relatively smooth automation implementation experience
  • A listing of available resources to guide the process will also be provided

Michael has supported multiple national efforts in the areas of cybersecurity information sharing and automation over the past ten years. When supporting CNCI-5 and ESSA Michael led Federal inter-agency engagement in multiple areas that have led to the development of a set of capabilities supporting automated information sharing and automated defense. Currently supporting the Automated Indicator Sharing (AIS) effort and Integrated Adaptive Cybersecurity Defense (IACD) development. Michael is the lead for sector and community engagements to encourage and facilitate the use of automated sharing and automated defense within and between sectors and the Federal government.

Track #4: Growing Your ISAO in the Ecosystem

Beverley Room

Best Practices for an Emerging ISAO

Bonnie Moss, Small and Mid-Sized Business ISAO (SMB-ISAO)

Panel

Information sharing helps organizations move quickly on potential cybersecurity events. These events can include incidents, threats and vulnerabilities. Breaking this down, how you design your ISAO and develop its core capabilities should not only promote information sharing but enhance your members value proposition as well.

What audience will learn from attending the panel:

  • Incident response
  • Collaboration and engagement with third parties
  • Accountability
  • Risk assessment and management
  • Threat detection
  • Protection and awareness and training

Bonnie Moss is the Executive Director of the SMB ISAO, which has recently acquired her non-profit organization, the CiSMB (Cybersecurity Institute for Small and Mid-Size Business), as both organizations are designed to help the SMB market with cybersecurity hygiene and information sharing.

Bonnie's background is Crisis Communications and has provided this expertise for the global defense market (The Macalan Group) and the commercial market (Home Depot Corporate). Within the last few years, she has witnessed the onslaught of cyber attacks on SMB owners and saw the natural fit to assist this vulnerable market, hence creating the SMB ISAO.

 

,

 

 
×