Session Descriptions

Cyber Security Research: A Data Scientist’s Perspective

Celeste Matarazzo, Lawrence Livermore National Laboratory

Cyber security has become one of the nation’s top priorities. As all aspects of our lives become increasingly dependent on computing networks and the Internet, cyber security has grown from a localized economic problem to a major national imperative. Situational awareness of computer networks presents many challenges including but not limited to the volume of the data and the dynamic and evolving nature of the problem space. For example, at the perimeter of a corporate enterprise computer network, it is common to see terabytes of network traffic each day, containing millions of unique IP addresses and connection records that number in the hundreds of millions. Celeste will provide an overview and discuss recent trends facing computer security researchers and practitioners. She will describe recent work at Lawrence Livermore National Laboratory to enable analysis of computer networks. Characterizing network-wide activity depends critically on understanding time-varying patterns of system behaviors, such as the actions and connections between components. This approach makes use of state of the art data collection, building and accessing large-scale graph representations, new capabilities and advances in of data science and machine learning.

Data brokers, Third-party Data Reseller and Privacy Issues

Dr. Aury Curbelo (Professor, Researcher and Information Security Consultant), CEO and Founder, Digetech Inc.

Data brokers compile information about individuals from a wide variety of online and offline sources, including email, personal websites, social media posts, and more. The data is often collected without the consent or knowledge of the individuals involved, integrated and synthesized using advanced analytic tools, then sold to other data brokers and businesses for a variety of purposes. This presentation will discuss the privacy issues behind data selling, also will discuss how data brokers sell our information, how much our data cost, how to become a data dealer and broker and how to stop companies from tracking our online activity.

NIST Cybersecurity Framework

John R. Robles, Cybersecurity Consultant, President, CISA, CISM, John R. Robles & Associates

“It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber-environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.” - President Barack Obama, Executive Order 13636, Feb. 12, 2013

In this presentation we will review the efforts of the National Institute for Standards and Technology (NIST) to implement President Obama’s executive order and improve the nation’s cybersecurity environment. Specifically, we will review the 5 core functions of the cybersecurity framework, i.e., Identify risks, Protect against threats, Detect cybersecurity-related events, Respond to incidents, and Recover capabilities after a cyber breach.

"Re-thinking" Effective Implementation of Cybersecurity Controls

Jeremy Rasmussen, Cybersecurity Director, Abacode

In this talk, we provide an overview of current threats and explain how cybersecurity must start at the top of the organization. We then talk about implementing a comprehensive cybersecurity framework versus a scattershot approach based on point products. We address some misconceptions about cybersecurity technologies such as firewalls and antivirus. We show how small to mid-sized organizations are very much a target and at risk as much as (or more than) larger ones. Then, we address prioritization of efforts – showing a “traditional” view versus an “alternate” view – in keeping with modern threats and vulnerabilities. Attendees to this talk should leave with a clearer picture of best practices to address cybersecurity in their organizations.