Loading…
OISC 2020 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, March 11
 

TBA

General Conference
Wednesday March 11, 2020 TBA

7:15am

Registration / Breakfast
Wednesday March 11, 2020 7:15am - 8:00am
Great Hall

7:45am

Opening Comments
Wednesday March 11, 2020 7:45am - 8:00am
Great Hall

8:00am

Department of Homeland Security: Perspectives on security and partnerships
Speakers
avatar for John O’Connor

John O’Connor

Director, National Coordinating Center for Communications (NCC), National CyberSecurity & Communications Integration Center (NCCIC), U.S. Department of Homeland Security
Mr. John O'Connor is the Director of the National Coordinating Center (NCC) for Communications.  The NCC is a joint government and industry all hazards emergency response partnership charged to coordinate the restoration and reconstitution of National Security and Emergency Preparedness... Read More →


Wednesday March 11, 2020 8:00am - 9:00am
Great Hall - Keynote Stage

9:00am

Organization Resilience – the Intersection of Risk Management, Information Security and Business Continuity
You have heard the term ‘organization resilience’ but what does it mean? In this session, I will provide an introduction to the evolving discipline that is actually the collaboration and intersection of the well-established disciplines of risk, information security, business continuity management and related disciplines. It is more than a buzzword – it is a requirement for succeeding in today’s markets. I will explore how business continuity helps to provide the glue that holds everything together for the organization when attacks hit. As Winston Churchill once said: ‘In battles, the other fellow interferes all the time and keeps up-setting things, and the best generals are those who arrive at the results of planning without being tied to plans.’

Speakers
avatar for Alice Kaltenmark

Alice Kaltenmark

Global IT Service Continuity Manager, RELX Group
Alice has over 39 years’ experience in IT with 37 years at LexisNexis / RELX. Alice began her career as a software engineer and quickly advanced into management. Since beginning her management career in 1989, she has led many organizations spanning the spectrum from software development... Read More →


Wednesday March 11, 2020 9:00am - 10:00am
Room 131

9:00am

Star Wars: How an ineffective Data Governance Program destroyed the Galactic Empire
Thee Galactic Empire in Star Wars Episode 4 was destroyed not by a farmboy from Tatooine, but by an ineffective Data Governance Program. This talk will be 100% vendor agnostic and will focus on tools, techniques, and strategies that attendees may take back and implement leveraging either tools that they already own or tools that will be new to their environment. We will discuss aligning Incident Response and Data Governance to ensure proper stewardship of critical and regulatory data. Hopefully after this talk you will not ‘find my lack of regular expressions disturbing’.

Speakers
MK

Micah K. Brown

Vice President, Greater Cincinnati ISSA
Micah K Brown is a member of the IT Security Engineering team at the Munich RE Group.  In this role Micah has learned a new appreciation towards data first focused security.  In his free time, Micah serves on the Greater Cincinnati ISSA Chapter as Vice President.  Micah graduated... Read More →


Wednesday March 11, 2020 9:00am - 10:00am
Room 120

9:00am

A Practical Guide to Incident Response
Everybody has a plan until they get punched in the mouth. If you do not focus on Incident Response it can feel like getting hit, but there are ways for us to be better prepared. We are going to cover what is needed in order to work through Incident Response without being run over, from NIST guidelines to operational needs. Preparing for an incident is something you can do now without requiring large budgets, and you can even have fun doing it. This presentation will give you actionable steps for getting your procedures and practice in order before your next incident.

Speakers
avatar for Dan Wilkins

Dan Wilkins

Manager, Information Security, CareSource
Everybody has a plan until they get punched in the mouth. If you do not focus on Incident Response it can feel like getting hit, but there are ways for us to be better prepared. We are going to cover what is needed in order to work through Incident Response without being run over... Read More →


Wednesday March 11, 2020 9:00am - 10:00am
Room 116

9:00am

A methodology for cyber threat ranking integrating NIST and FAIR
NIST recommends that organizations perform cyber risk assessments regularly to identify security vulnerabilities and to control levels of exposure to threats. We discuss a method to customize the ranking of cyber threats based on the organization’s maturity level of implementing NIST controls. We use LEF as a measure of severity of cyber threats.  The methodology integrates NIST maturity levels to calculate the resistance strength component and produce the LEF values for each threat. The LEF value is then used to represent the severity level of the threat to the specific organization.

Speakers
avatar for Dr. Hazem Said

Dr. Hazem Said

University of Cincinnati
avatar for Adeyinka Bakare

Adeyinka Bakare

Research Assistant, University of Cincinnati
Yinka Bakare is a graduate student at the University of Cincinnati School of Information Technology and a research assistant with the UC Information Technology Solutions Center


Wednesday March 11, 2020 9:00am - 10:00am
Room 119

9:00am

5G, cybersecurity and you
With the rapid deployment of 5G networks, new cybersecurity risks and threats will emerge.  What does this mean for people, companies and cybersafety or security.

Speakers
avatar for Chris Kuhl

Chris Kuhl

CISO, Dayton Children’s Hospital
Chris Kuhl is the CISO of Dayton Children’s Hospital.  Mr. Kuhl has accumulated a wealth of knowledge as his career has spanned from entry level helpdesk, to network engineer and architect, to cybersecurity architect, and CISO, for numerous US organizations.  He has participated... Read More →


Wednesday March 11, 2020 9:00am - 10:00am
Room 127

9:00am

Ohio Cyber Range
The Ohio Cyber Range was created by the Ohio Cyber Collaboration Committee joining the Chancellor's Office with the Ohio National Guard to provide virtual infrastructure for cybersecurity education, training, and even competitions serving K12,  higher education, and industry.   This session consists of OC3 leadership describing the the multifacted OCR mission and capabilities as well as those of partner organizations such as the new Ohio Cyber Reserve.

Speakers
avatar for John Hoag

John Hoag

Ohio University
Dr. John Hoag is Associate Professor at Ohio University in Athens and Adjunct Associate Professor at Case Western Reserve University in Cleveland. He teaches courses in cybersecurity and telecommunications and serves on the Ohio Cyber Collaboration Committee (OC3). His research interests... Read More →
avatar for John Franco

John Franco

University of Cincinnati
Prof. Franco is director of the NSA sanctioned Center of AcademicExcellence in Cyber Operations at the University of Cincinnati.  TheCenter is a collaborative effort involving three university colleges,and two local major defense contractors for advanced education andtraining in... Read More →
avatar for Rebekah Michael

Rebekah Michael

Executive Staff Director, Ohio Cyber Range Institute, University of Cincinnati
Bekah Michael is Assistant Professor Educator in the School of Information Technology and Executive Staff Director of the Ohio Cyber Range Institute housed at the University of Cincinnati.  


Wednesday March 11, 2020 9:00am - 10:00am
Room 171

10:00am

Networking / Visit Exhibitors
Visit 10+ Booths and Enter their Codes in your Passport App! You could win a Door Prize during the Wrap-Up Ceremony:
https://passport.magneticmobile.com/

Wednesday March 11, 2020 10:00am - 10:30am

10:30am

Why data ethics could prevent the next data breach
Data ethics is the new front in employee security awareness, encouraging employees to see the humans in the data they handle. This session will explore the growing interest in data ethics training as a way to reduce the likelihood of a data breach or privacy failure, and to reduce the cost and impact when one does occur. And it will explain why data ethics training could have an even greater impact on security than employee security awareness training.

Speakers
avatar for Neal O'Farrell

Neal O'Farrell

CEO, Ethicause
Neal O’Farrell is one of the world’s first generation of security and privacy experts, with 37 years and counting, and one of the first security entrepreneurs to come into conflict with the NSA for his work in advanced speech encryption. Today, Neal’s focus is on the growing... Read More →


Wednesday March 11, 2020 10:30am - 11:30am
Room 171

10:30am

What is the CMMC and does it affect me?
The goal of this session is to provide an information sharing overview from a peer organization by someone who was part of the Defense Industry Base (DIB) advisory group on the upcoming Cybersecurity Maturity Model Certification (CMMC).  The DOD is migrating to the new CMMC framework to assess the cybersecurity posture of defense contractors and is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity controls and processes are adequate to protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks.

Speakers
avatar for Thomas Autry

Thomas Autry

Senior Cybersecurity Engineer, Northrop Grumman
Thomas Autry has worked in the industry since 1996 across several industries and currently works at Northrop Grumman Corporation (NGC) as a Senior Cybersecurity Engineer.  He has a Doctorate of IT from Capella University, a BS and MS in Mechanical Engineering from the University... Read More →


Wednesday March 11, 2020 10:30am - 11:30am
Room 120

10:30am

Extending Security Resources With A Managed SOC
The number of security tools companies deploy to protect their information assets can lead to a new problem. The volume of event data and number of sources can quickly overwhelm a small team.  Midmark addressed this issue by implementing a Managed SOC. This provided us with a co-managed SIEM to collect events from more sources and managed services to monitor those events 24/7/365.

Speakers
avatar for Brad Gettinger

Brad Gettinger

IT Cybersecurity Manager, Midmark
Brad Gettinger is an IT Cybersecurity Manager at Midmark and is currently leading their cybersecurity program.


Wednesday March 11, 2020 10:30am - 11:30am
Room 127

10:30am

Responding to Email Compromises in Office 365
With over $1.2 billion dollars lost in 2018 due to email compromises, it is one of the leading methods attackers use to launch cyber-attacks. Companies often don’t take the basic necessary precautions to prevent it, and don’t know how to respond to them when they occur. Learn how to secure your Office 365 tenant to reduce your risk of attack, the common methods attackers use to compromise email accounts, the proper response to an email compromise, and how to perform threat hunting. Also learn how to utilize PowerShell to provide deep insight into your tenant and perform incident response.

Speakers
avatar for Chaim Black

Chaim Black

Systems Engineer, Intrust IT
Chaim Black is a Systems Engineer at Intrust IT, providing a full scope of IT and cybersecurity services to a wide range of environments. Focused in reducing clients’ risk for cyber-attacks, and when necessary, perform incident response to cyber-attacks. Acts as the liaison for... Read More →


Wednesday March 11, 2020 10:30am - 11:30am
Room 116

10:30am

Built-in Security Mindfulness for Software Developers
In this presentation, we introduce an approach to promoting the awareness of software vulnerabilities and their consequences for our students, the future software developers. The overall goal is to train the responsibility of developers for software vulnerabilities so that they must apply secure programming techniques at the development phase. We call it ``built-in security mindfulness''. We illustrate our approach with several concrete demos and demonstrate how the method can be adopted in other colleges or software development projects.

Speakers
avatar for Phu H. Phung

Phu H. Phung

Assistant Professor, University of Dayton
Dr. Phu H. Phung is an assistant professor and the director of the Intelligent Systems Security Lab at the University of Dayton. Dr. Phung’s research leverages programming language and compiler techniques to enforce security policies to defend against cyberattacks. He has been invited... Read More →


Wednesday March 11, 2020 10:30am - 11:30am
Room 119

10:30am

Talent Leadership Panel-CISO Panel
Speakers
VS

Vrah Shah

Intern, UD, Dayton STEM School
BD

Birch Dunford

Application Security Manager, CareSource
GS

Grant Sowder

Security Analyst, CareSource
avatar for Dave Sailisbury

Dave Sailisbury

University of Dayton Center for Cybersecurity & Data Intelligence
avatar for Patty Wolff

Patty Wolff

CISO, 84.51
avatar for Lisa Heckler

Lisa Heckler

CareSource


Wednesday March 11, 2020 10:30am - 11:30am
Room 131

11:30am

Lunch
Visit 10+ Booths and Enter their Codes in your Passport App! You could win a Door Prize during the Wrap-Up Ceremony:
https://passport.magneticmobile.com/ 

Wednesday March 11, 2020 11:30am - 12:20pm

12:00pm

Midday Comments
Wednesday March 11, 2020 12:00pm - 12:15pm
Great Hall

12:20pm

Election Security
Speakers
avatar for Frank LaRose

Frank LaRose

Secretary of State
Frank LaRose took office as Ohio's 51st Secretary of State on January 14th, 2019. Prior to being elected to statewide office, he served two terms in the State Senate representing the 27th Senate District in northeast Ohio.As Ohio’s Secretary of State, LaRose is doing his part to... Read More →


Wednesday March 11, 2020 12:20pm - 1:20pm
Great Hall - Keynote Stage

1:30pm

A Group Debate: Prioritizing Your Limited Cybersecurity Time and Budget
Every organization wants to attain the highest level of cybersecurity, but very few have the time, budget and expertise to make it happen. In this unique and highly interactive session, we’re going put our collective minds to work in deciding how to best prioritize the limited time and resources of an organization that sounds a lot like your own. Should they direct their time/energy/budget on upgrading AV and/or firewall? Implementing email filtering? Doing some user awareness training? Getting serious about patching? What about penetration testing? Or maybe finally convincing the c-suite that they need to implement better policies/procedures? Let’s help them figure this out. Together.

Speakers
avatar for Bryan Hogan

Bryan Hogan

President/CEO, Afidence
Bryan Hogan is the President/CEO and co-owner of Afidence. His career spans over 35 years and is seeded with a deep sense of integrity, strong business acumen, and industry leadership. Bryan has helped numerous clients in a variety of industries get the most out of IT and security... Read More →


Wednesday March 11, 2020 1:30pm - 2:30pm
Room 120

1:30pm

80/20 Cyber Risk Management: Prioritizing Issues That Matter Most
In IT security, there is a universal truth: we will always have more issues than time, people, and money. This perpetual shortage of resources means security leaders and their teams must continuously prioritize their risks and decide where to apply their limited resources. During this session, we will explore some of the challenges that make prioritizing issues difficult and how a simple principle introduced by 1900 century economist, Vilfredo Pareto, can be used to design an effective risk management process.

Speakers
avatar for Apolonio Garcia

Apolonio Garcia

President, HealthGuard
Apolonio "Apps" Garcia is the President and CEO of HealthGuard, a provider of cyber risk management solutions to the healthcare industry. He has been in the IT security and risk management field for over 20 years, in both technical and management roles. He is a decorated veteran of... Read More →
avatar for Terry Rapoch

Terry Rapoch

HealthGuard
Terry Rapoch is the President and CEO of Terence G Rapoch Consulting LLC, a company he formed after retiring as the Chief Technologist for the Wright State Research Institute (WSRI) and President of the Wright State Applied Research Corporation (WSARC) in September 2016. His consulting... Read More →


Wednesday March 11, 2020 1:30pm - 2:30pm
Room 131

1:30pm

What Happens in the First 48 hours After a Breach
Speakers
avatar for Shawn Waldman

Shawn Waldman

CEO, Secure Cyber Defense
Shawn is the founder and CEO of Secure Cyber Defense LLC located in Miamisburg, Ohio. He is a 20-year IT veteran and previously served in law enforcement. Secure Cyber Defense assists organizations in protecting assets from internal and external threats and aligning cybersecurity... Read More →


Wednesday March 11, 2020 1:30pm - 2:30pm
Room 171

1:30pm

Communication best practices during & after a cybersecurity attack: What the research suggests
You've been hit by a cyber-attack.  The calls from the media and your customers are coming fast and furious.  What will your team tell the media and your customers?  In this panel we will (1) discuss how organizations – both large and small – typically communicate about such incidents, (2) offer some critique about the strategies those organizations employed, and (3) demonstrate how you can use the Benoit model of image restoration to develop effective messaging strategies for your various publics or constituencies.

Speakers
avatar for Dr. James Robinson

Dr. James Robinson

University of Dayton
James Robinson is a professor of communication. Tom Skill is a professor of communication, CIO & Associate Provost at University of Dayton and Kimberly Conde is the Team Lead for IT Communications & Training and Messaging Czar for Cybersecurity
avatar for Kim Conde

Kim Conde

University of Dayton
avatar for Dr. Thomas Skill

Dr. Thomas Skill

University of Dayton


Wednesday March 11, 2020 1:30pm - 2:30pm
Room 116

1:30pm

Fingerprinting on Encrypted Voice Traffic on Smart Speakers with Deep Learning
Smart speakers have been adopted by millions of users. However, the privacy impacts of smart speakers have not been well examined. We investigate the privacy leakage of smart speakers under an encrypted traffic analysis attack, named voice command fingerprinting. In this attack, an adversary eavesdrops encrypted voice traffic from and to a smart speaker and infers which voice command a user says without decrypting encrypted traffic. We design our attacks using deep learning. Our results show disturbing privacy concerns, where an attacker can infer 92% voice commands correctly on Amazon Echo.

Speakers
avatar for Boyang Wang

Boyang Wang

Assistant Professor, University of Cincinnati
Boyang Wang is a tenure-track Assistant Professor in the Department of Electrical Engineering and Computer Science at the University of Cincinnati. He received his Ph.D. in Electrical and Computer Engineering from the University of Arizona. His current research focus on data security... Read More →


Wednesday March 11, 2020 1:30pm - 2:30pm
Room 127

1:30pm

Community College Cyber Pilot (C3P) Program
In 2018, NSF awarded a group of community colleges funding to establish a stand alone CyberCorps SFS program. These community Colleges received funding for student scholarships, tuition and related costs. The session will review the recruiting and selection process, the different curriculum pathways and describe the target audience to receive these scholarships. Learn how these institutions have collaborated to establish a cohort of students across multiple institutions. Find out the details of this program and experiences from each of the institutions participating in the program.

Speakers
avatar for Kyle Jones

Kyle Jones

Sinclair College
Kyle Jones, Chair & Associate Professor of Sinclair’s Computer Information Services department. He worked in the IT field for over 15 years before coming to education.  Mr. Jones holds a CompTIA Strata, A+, Network+, Security+ certification as well as an ITIL Foundations.  He... Read More →


Wednesday March 11, 2020 1:30pm - 2:30pm
Room 119

2:30pm

Networking / Visit Exhibitors
Visit 10+ Booths and Enter their Codes in your Passport App! You could win a Door Prize during the Wrap-Up Ceremony:
https://passport.magneticmobile.com/ 

Wednesday March 11, 2020 2:30pm - 3:00pm

3:00pm

CCPA Update
Speakers

Wednesday March 11, 2020 3:00pm - 4:00pm
Room 171

3:00pm

It Was Never About the Things
In an ever-evolving threat landscape, the future of IoT security is one of great concern. Jason will dive into his hypothesis on the future of IoT security and the implications of these threats on businesses and our daily lives.

Speakers
avatar for Jason Ortiz

Jason Ortiz

Sr. Product Engineer, Pondurance
Jason is Sr. Product Engineer and has worked in cybersecurity roles for 10 years since graduating from Purdue University with a BS in Computer Science in 2009. Prior to joining Pondurance, Jason worked as a defense contractor in the Washington D.C. area and was a NASA intern while... Read More →


Wednesday March 11, 2020 3:00pm - 4:00pm
Room 120

3:00pm

System Resiliency: Continuing Business and Mission Operations on a Playground Full of Bullies
Our systems are operating in a contested environment, our enemies are playing on our playground. We are at the pinnacle in time where we must ensure our business and mission critical systems are resilient enough to fight through these attacks. This presentation introduces system cyber resiliency, how organizations can effectively play in the adversary's sandbox and the incorporation of adversarial assessments into your organization.

Speakers
avatar for Rebecca Onuskanich

Rebecca Onuskanich

Partner, International Cyber Institute
Becca is the founder of International Cyber Institute, LLC, a small business located in Dayton, Ohio. She has supported US Central Command, Veterans Administration, NASA, DoT and various other organizations as a cybersecurity engineer. She works to ensure systems and solutions are... Read More →


Wednesday March 11, 2020 3:00pm - 4:00pm
Room 131

3:00pm

Lend me your IR's!
Protecting systems and networks as a tech defender means withstanding a constant barrage of unsophisticated attacks from automated tools, botnets, crawlers, exploit kits, phish kits, and script kiddies! Once in a while we encounter attacks worthy of style points for creativity or new twists on old attack techniques. This talk features live demo reenactments from some advanced attacks I have investigated. These live demos showcase both the attacker and investigator sides of these attacks. Attendee key takeaways are strategies and techniques helpful during incident response investigations.

Speakers
avatar for Matt Scheurer

Matt Scheurer

Sr. Systems Security Engineer, First Financial
Matt Scheurer serves as Chair of the CiNPA Security SIG, an Ambassador for Bugcrowd, and works as a Sr. Systems Security Engineer. He possesses CompTIA Security+ and several Microsoft Certifications. He has presented on numerous Information Security topics as a featured speaker at... Read More →


Wednesday March 11, 2020 3:00pm - 4:00pm
Room 116

3:00pm

Educational Initiatives in Cybersecurity for a Technically-Skilled Workforce
Discusses Cedarville’s (CU) initiatives for developing a cybersecurity concentration with their CS degree. Includes how these initiatives were influenced by National Security Agency and ABET requirements for programs such as these. Also, addresses the academic exercises and labs which we use to establish, develop, and assess the technical skills accreditors require, particularly in reverse engineering. Concludes with a brief demonstration of an assignment emphasizing low-level C and assembly concepts. Former graduates of CU’s cybersecurity concentration will also be available to share their perspective on how such programs can help matriculation into the workforce.

Speakers
avatar for Keith Shomper

Keith Shomper

Professor of Computer Science, Cedarville University
Dr Keith Shomper earned his PhD in Computer Science (CS) from the Ohio State University in 1993. During his Air Force career, he served on the faculties of the Air Force Institute of Technology and the Air Force Academy. He joined Cedarville in 2003 teaching programming, algorithms... Read More →


Wednesday March 11, 2020 3:00pm - 4:00pm
Room 127

3:50pm

Final Comments
Wednesday March 11, 2020 3:50pm - 4:00pm
Great Hall

4:00pm

Breach Resiliency Panel
Speakers
avatar for Shawn Waldman

Shawn Waldman

CEO, Secure Cyber Defense
Shawn is the founder and CEO of Secure Cyber Defense LLC located in Miamisburg, Ohio. He is a 20-year IT veteran and previously served in law enforcement. Secure Cyber Defense assists organizations in protecting assets from internal and external threats and aligning cybersecurity... Read More →
avatar for Leo Cronin

Leo Cronin

CSO, Cincinnati Bell
avatar for Mark Sadler

Mark Sadler

Divisional VP, Great American Insurance Group
avatar for Mark Winemiller

Mark Winemiller

VP, Information Systems & Marketing, Gosiger
avatar for Matt King

Matt King

VP of Global Information Security, Belcan LLC


Wednesday March 11, 2020 4:00pm - 5:00pm
Great Hall - Keynote Stage

5:00pm

Door Prize Announcement
Wednesday March 11, 2020 5:00pm - 5:15pm
Great Hall