Barry Kouns is CEO at Risk Based Security, a vulnerability intelligence, organizational ratings,
and on-demand security solutions firm. Barry’s experience includes information security consulting, risk assessment and quality management. Barry has full knowledge of GLBA, FFIEC, HIPAA, Sarbanes-Oxley, and ISO 27001 and is well versed with PCI DSS, ISO 9001, COBIT, FISMA, NIST 800-53, BS 25999, ISO 31000 and ISO 20000. He has earned a B.S. in Statistics from Virginia Tech and a M.S. in Industrial Engineering Management from North Dakota State University. He has earned the CISSP designation, is a trained ISO/IEC 27001:2013 Auditor & ISMS Implementer, and is ITIL Foundation Certified. Barry was a Captain in the United States Air Force and served as a B-52H Bombardier.

Risk Assessment – The Heart of Risk-based Security

Everywhere you look today you see “risk-based security” being touted as the next big thing. Knowing your assets, understanding the threats and vulnerabilities that may impact those assets, and calculating a risk score in order to prioritize mitigation actions, should be every organization’s goal. Risk-based security is not accomplished by performing a risk assessment exercise once a year. It requires a continuous assessment of your organization’s risk posture. Too many businesses think that completing a risk assessment is a difficult and complicated process that requires expensive software and can only be done by third party consultants. As a result, risk assessments are not conducted or conducted once and stored away to show the auditors. Risk assessments are essential in order to assure that the expenditures involved in mitigating vulnerabilities and the implementation of security controls are commensurate with the risks facing the organization. Attend this interactive session to explore the definitions, methodologies, structure and the expected results of a proper risk assessment that can be produced by your organization

Come see Barry at RVAsec! Register now.

@URSpider

Conrad Layne is a senior cyber intelligence analyst with General Electric since 2013. In this role, Conrad tracks more than 50 Nation-state actors, their attacks, and TTPs with efforts focused on cyber-attacks affecting industrial control systems. Conrad holds a Bachelor of Science Degree in Digital Forensic Science from Defiance College and a Master’s Degree in Cyber Security Intelligence from Utica College.

Operationalizing the ATT&CK™ Framework

Use of atomic indicators of compromise for cyber security, quickly become stale, and are often defeated by malicious actors. Behavioral-based detection strategies focus on series of actions, during an intrusion, and are more dynamic in defending against intrusions. In this talk, GE-CIRT discusses strategies to track, and respond to threat actors, by using frameworks like the Lockheed Martin Kill Chain and the MITRE ATT&CK framework with TIAMAT, GE’s in-house developed end-to-end operational ATT&CK tool.

Come see Conrad at RVAsec! Register now.

barry@riskbasedsecurity.com

@riskbased

Barry Kouns is CEO and principal consultant for Information Security Program services at Risk Based Security, Inc., an information security, threat intelligence, and risk management consultancy. Barry’s experience includes information security consulting, risk assessment and quality management. Barry has provided training, procedure development and pre-certification consulting services resulting in the successful ISO/IEC 27001 certification of more than three dozen organizations.
He has earned a B.S. in Statistics from Virginia Tech and a M.S. in Industrial Engineering Management from North Dakota State University. He has earned the CISSP designation, is a trained ISO /IEC 27001:2013 Auditor & ISMS Implementer, and is ITIL Foundation Certified.
Barry was a Captain in the United States Air Force and served as a B-52H Navigator/Bombardier.

Can Game Theory Save Us from Cyber Armageddon?

What can the movies “War Games” and Doctor Strangelove” teach us about avoiding a cyber Armageddon? The Mutual Assured Destruction (MAD) doctrine, first introduced in the 1960s, is largely attributed with preventing any full-scale conflicts between the United States and the Soviet Union. MAD was part of U.S. strategic doctrine which believed that nuclear war could best be prevented if neither side could defend itself against the other’s missiles. Although not talked about very much today, the ghost of MAD and the lessons it teaches remain even if people would rather not think about it. Join this interactive session as we explore the parallels and learn the lessons of the MAD doctrine as it applies to cyber warfare today. It’s the same thing that the computer Joshua learned, the only way to win in cyber warfare is not to play.

Come see me at RVAsec 2017. Register Now!

Mark Weatherford

@marktw

www.varmour.com

vArmour
Mark Weatherford is Chief Cybersecurity Strategist at vArmour. He has more than 20 years of security operations leadership and executive-level policy experience in some of the largest and most critical public and private sector organizations in the world including roles as:

• Principal at The Chertoff Group
• Appointed by President Obama as DHS’s first Deputy Under Secretary for Cybersecurity
• VP and Chief Security Officer at the North American Electric Reliability Corporation (NERC)
• Appointed by Governor Arnold Schwarzenegger as California’s first Chief Information Security Officer
• Chief Information Security Officer for the State of Colorado
• US Navy Cryptologic Officer

In addition, Mark was:

• Selected as SC Magazine’s “CSO of the Year” award in 2010
• Named one of the “10 Most Influential People in Government Information Security” by GovInfoSecurity in both 2012 and 2013
• Selected for the 2013 CSO Compass Award for leadership achievements in the security community

(Your) Inevitable Path to the Cloud
Like the switch from steam to electric power a century ago, the shift to cloud computing is inevitable—in fact, it’s already here. But what this brings in efficiency, it misses in security as the lack of visibility in the virtual environment allows too much room for malicious activity. This presentation details the structure and blind spots of data centers and cloud environments and addresses ideas for companies to consider in securing their data assets.

Register Now!