Presentations

Conferences

Panel on Artificial Intelligence - Rocky Mountain Cyber Symposium 2019 - February 2019

Moderator: Maj Gen (ret) Paul Nielsen Panelist: Dr Matt Gaston, Dr Matthew McFadden, Mr Anthony Grieco, Lt Col Mike Chiaramonte

Cyber Automation - Rocky Mountain Cyber Symposium 2019 - February 2019

Technology and emerging threats are ever increasing customers are facing more threats than ever before and they have finite resources to address these threats. In this training session you automate key operations and tasks using the Cloud, Security Orchestration, Automation, and Remediation (SOAR) technologies, and AI/ML can provide more robust cyber situational awareness and operational threat reduction. This session you will learn to better protect your workloads and defend against security threats while implementing automation. This training session provides a hands-on overview on implementing Integrated Adaptive Cyber Defense Framework (IACD) and technologies using Artificial Intelligence / Machine Learning / Orchestration that are being used in the commercial and government sector to drive cyber automation including compliance, continuous security, cloud security, and orchestration technologies.

Second Order Benefits of Open Integration - Integrated Cyber at JHU/APL - October 2018

The evolution of the SOAR market has the potential to fundamentally change classic business models because of the open integration of products and services. If companies are opening up their APIs, what other support services and opportunities does this open to small/mid-sized business development approaches and integration approaches? Tools that used to be custom-developed for integration are now commercially available and supported. What is your organization’s perspective on how a market of open integration changes for different business partners and operational activities?

Industry Panel on Implementor Insights - Integrated Cyber at JHU/APL - October 2018

An increasing number of organizations are exploring and integrating Security Automation & Orchestration (SA&O)/ Security Orchestration, Automation & Response (SOAR) strategies and platforms in cyber defense. During this panel, experienced organizations share SA&O, with information sharing, lessons learned, best practices, and recommendations.

Government & Industry Panel I | Defending Critical Cyber Resources and Networks - FCW Cyber Summit - August 09 2018

Agency IT leaders do not have to reinvent the wheel on cybersecurity. Standards and requirements are in place, as are shared services and resources. Our panelists will discuss resources available and best practices for defending cyber.

Wargaming the Security Infrastructure - ChannelCon 2018 - 2:15 PM - 3:15 PM, August 2 2018 - Article

Red team-blue team exercises take their name from military exercises. The idea is simple - one group of security pros, a red team, attacks a network, and an opposing group, the blue team, defends it. Originally, the exercises were used by the military to test force-readiness, today they’re also used to test information security systems. The key element for success is a red team that can get into the mind-set of an attacker. Join us to discuss how to setup and run effective red team/blue team exercises and what you can learn from them. https://certification.comptia.org/it-career-news/post/view/2018/08/03/channelcon-it-pro-track-day-2-dives-deep-into-cybersecurity

Nuclear Security: Prevention-Based Strategies for Today's Risks - Nuclear Deterrence Summit- Feb 21st, 2018

Nuclear installations invest heavily in physical and operational security designed to defeat external threats. The spectrum of current and future threats can be much more complex and nuanced. Are we protecting our facilities from yesterday's threats and missing the real risks? This panel of international risk management experts examines the efficacy of new approaches to safeguarding nuclear facilities in an ever-changing threat environment to look at how we anticipate and account for these emerging security risks, and how we can better understand our vulnerabilities to build stronger security systems and approaches.

Industry Panel: "Building the Cyber Workforce – The Industry Perspectives" - Cyber Education, Research, and Training Symposium (CERTS) - 2018

Mr. Joel Esler Manager, Open Source and Education Talos – Cisco, RADM (Ret.) Bill Leigher Director, DoD Cyber Ware Programs, Raytheon MG (Ret.) Jennifer Napper VP & GM, Army, Air Force and COCOMS DXC Technology - https://www.youtube.com/watch?v=bnJa9sDE4P0

Cybersecurity: Protect, Detect and Respond - Cybersecurity: Protect, Detect and Respond - FederalNewsRadio.com - 2017

This is why emerging approaches to cybersecurity such as automation and machine learning can give agencies the eyes and ears that they otherwise wouldn’t have in trying to secure the dual environments filled with an ever-increasing number of end points and therefore threats. https://federalnewsradio.com/federal-insights/2017/10/cybersecurity-protect-detect-and-respond/slide/1/

Training Organizations to Prevent Cyber Attacks – FISSEA 28th Annual Conference – 2015

Hand’s on practical application is the most effective way for an organization to train against cyber threats. Whether you are an information security officer, a seasoned system administrator, or a non-technical individual seeing and experiencing a cyber attack drastically increases awareness and detection. This presentation demonstrates a few different attacks and how you can best “show” your organization how to prevent a serious intrusion.

The Technology of Training Tomorrow’s Cyber Forces – FISSEA 27th Annual Conference – 2014

This session will break down the necessary components of building a cyber-education training system and foster discussion on developing futuristic cyber education training programs of the future and the appropriate technologies that will be required or will be needed. From this session you will learn about technology infrastructure, authentication, learning management systems, content management systems, virtual machines, software development, open source applications, integration, and futuristic technologies to address tomorrow cyber force’s needs.

Introduction to Malware AnalysisDoDCCC 2012

Malware is often found on computer systems during network intrusion investigations. The main goals of analysis are to assess an executable to discover its functionality, and to identify the artifacts of its presence and usage. This class is designed for investigators who need to perform basic malware analysis in order to aid in their forensic investigations. The purpose of this course is to introduce the principles of malware analysis, and to teach how to perform a basic assessment of unknown executables and malware. Investigators will learn how to use many free open source tools to perform analysis of executables at a basic level.

Network Intrusion and Malware Visualization – DoDCCC 2012

Learn how to effectively use visualization techniques to respond to network intrusions faster by visually modeling complex datasets. This topic will show you how to use visualization tools to effectively monitor, analyze, and respond to exploits and malware.

Splunk as an Enterprise Incident Response and Forensic Tool – DoDCCC 2012 / DoDCCC 2011

Splunk is a monitoring and reporting tool for enterprise IT systems that deeply emphasizes search capability by consolidating logs, metrics, and other data from applications, services, and network devices. Therefore, in this breakout session the investigator will learn how to index, search, and analyze all enterprise threat data from a single location in real time, drastically cutting response times, and limiting exposure to the threat by reacting quicker.

Malicious Code Analysis in Windows – DoDCCC2010

Subject Identification / General Searches and Public Records – 2010 ICAC Task Force Nat. Conf.

This lab will address how to use information available on the internet to search for subjects to establish leads and gather information on a target.

Basic Networking and Incident Response2010 ICAC Task Force Nat. Conf.

This lecture will address how to respond to networked computers and how to perform an incident response in order to collect sufficient evidence for an investigation.

It’s 4 o’ Clock and……Your Linux Server was Hacked…Techno Forensics & Digital Investigations 2010

Track 4 – Lecture Room B Sponsored by ISFCE – An intrusion on a linux box occurred, now what? Learn how to respond to a linux machine and learn about all the evidence you will loose if you pull the plug. Linux incident responders must gather volatile data! This includes how to build their trusted tools, determine what information is collected during the volatile data gathering process, and how to use kernel and third party tools for volatile evidence gathering. This gives investigators evidence and analysis to supplement the dead box exams.

Linux Incident Response Volatile Data Gathering 101! – Techno Forensics & Digital Investigations 2009

An intrusion on a linux box occurred, now what? Learn how to respond to a linux machine and learn about all the evidence you will loose if you pull the plug. Linux incident responders must gather volatile data! This includes how to build their trusted tools, determine what information is collected during the volatile data gathering process, and how to use kernel and third party tools for volatile evidence gathering. This gives investigators evidence and analysis to supplement the dead box exams. Objective: To teach volatile data gathering techniques to intrusion and forensic investigations during incident response.

Wireshark as a Forensic Tool – 2009 DoDCCC

Firefox Forensics2009 DoDCCC

Browser Forensics – Techno Forensics & Digital Investigations 2008

This presentation will include an overview of how and where records are stored in various browsers. We will then explore the steps that may be taken in order to configure the IE7 or Firefox browsers to hide user tracks. And lastly, we will show information that may only be recoverable in RAM.

Articles

Cyber Leaders Share Insights at Forum on Training - Featured

CSRA unveils Cyber Center of Excellence - Featured

Politico Cyber Updates - Mentioned

ExecutiveBiz - AI/ML Hackathon - Mentioned

Books

Defense Against the Black Arts: How Hackers Do What They Do and How to … By Jesse Varsalone, Matthew McFadden

As technology has developed, computer hackers have become increasingly sophisticated, mastering the ability to hack into even the most impenetrable systems. The best way to secure a system is to understand the tools hackers use and know how to circumvent them. Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It provides hands-on instruction to a host of techniques used to hack into a variety of systems. Exposing hacker methodology with concrete examples, Defense against the Black Arts shows you how to outwit computer predators at their own game. Google Books

Amazon Slashdot Review Hak9

Not to be confused with: http://harrypotter.wikia.com/wiki/Defence_Against_the_Dark_Arts

Events

2012 – White Team / Incident Response LE Lead (Law Enforcement Coordinator) – 2012 Collegiate Cyber Defense Competition (CCDC)

2011 – White Team / Incident Response LE – 2011 Collegiate Cyber Defense Competition (CCDC)