Friday, April 6th

Abstract: Planning, Building and Implementing a security awareness program at your organization is only half the task. If you don’t test it, how do you know that it works? Yes you can hire a penetration test, but do you really want to put the safety of your organization solely in the hands of consultants? You can make a penetration test more effective by conducting your own testing of your program by yourself. In this talk students will learn to recon their own networks, look for vulnerabilities in new places, and test their users levels of security awareness.

Bio: For the last 20 years Matt has been a Network Administrator, Detective, and Litigation Support Professional at The Masters Law Firm, a Plaintiff’s Trial Law Firm in Charleston, West Virginia. Prior to that, Matt worked at the Kanawha County Sheriff’s Department, Before that Matt started his career as an IBM sub-contractor, installing IBM System 36’s and later AS/400’s and programming in RPGII.

Matt is a board member of the Appalachian Institute of Digital Evidence. AIDE is a non-profit organization that provides research and training for digital evidence professionals including attorneys, judges, law enforcement officers and information security practitioners in the private sector.

Matt is a co-founder the SecureWV/Hack3rCon convention and is a co-founder and treasure of the 304geeks, a West Virginia technology networking organization. Matt is an active member of the information security community and has spoken at a number of information security conferences including AIDE, Derbycon, Hach3rcon, and several Legal conferences. In addition, Matt is a licensed minister, and farmer in rural West Virginia.

Bio: Michelle Pirtle, Special Agent Federal Bureau of Investigation – SA Pirtle has been with the FBI for 11 years and is currently based out of the Pittsburgh field office. Her experience has focused on cyber investigations, to include criminal and national security matters. SA Pirtle is now on the Human Intelligence and Public Outreach Squad; she is the FBI Coordinator for both the Pittsburgh InfraGard Members Alliance and the West Virginia InfraGard Members Alliance, and she is the local FBI control systems point of contact for Western Pennsylvania.

Abstract: Everyone talks about the intrusion kill chain (sometimes called the cyber kill chain)—a model for actionable intelligence in which defenders align enterprise defensive capabilities to the specific processes an adversary undertakes to target that enterprise—but much of what is said is misinformation and scare tactics. Much of what is covered will be hands on free walkthroughs in a Windows environment. MS Windows domains are the most popular target for attackers as they are frequently the most insecurely configured.

We explores the most effective steps you can take to protect your organization from the vast majority of threats with defensive mitigation and monitoring, covering use cases such as ransomware, data exfiltration, and lateral movement to demonstrate how to improve the standard of defense at each level. We will conclude with an overview of tabletop exercises and drills to strengthen your understanding.

Bio: Amanda Berlin is a Sr. Security Analyst for a consulting firm in Southern Michigan. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. Amanda has been involved in implementing a secure Payment Card Industries (PCI) process and Health Insurance Portability and Accountability Act (HIPAA) compliance as well as building a comprehensive phishing and awards-based user education program. 

Amanda is an avid volunteer and has also presented at a large number of conventions, meetings and industry events. Some examples of these are: DerbyCon, O’Reilly Security, GrrCon, and DEFCON. She is the author for a Blue Team best practices book called “Defensive Security Handbook: Best Practices for Securing Infrastructure” with Lee Brotherston through O’Reilly Media. She is a co-host on the Brakeing Down Security podcast and writes for several blogs. While she doesn’t have the credentials or notoriety that others might have, she hopes to make up for it with her wit, sense of humor, and knack for catching on quick to new

Abstract:  Now that you are a college graduate (or close to it), what come next? I will walk you through many of the career choices you will have, resources you have to help you prepare for the next step, and some self deprecating stories. This talk will inform, entertain, and maybe even scare you. (I will provide you access to actual recruiters, too!)

Bio: Branden Miller retired from the US Navy in 2011 after 20 years of service. While in the Navy he held many positions such as system administrator, network engineer, 

digital network exploitation analyst, and finally, adjunct faculty for the National Cryptologic School. After the Navy he has spent time as a compliance analyst in healthcare, security consultant, and internal auditor. In his spare time, he starts many projects he never finishes and assists his extended family with prepping. 

Abstract:  As the number of cyber-attacks continues to grow on a daily basis, so does the delay in threat detection. For instance, in 2015, the Office of Personnel Management (OPM) discovered that approximately 21.5 million individual records of Federal employees and contractors had been stolen. On average, the time between an attack and its discovery is more than 200 days. In the case of the OPM breach, the attack had been going on for almost a year. Currently, cyber analysts inspect numerous potential incidents on a daily basis, but have neither the time nor the resources available to perform such a task.  Current work in firewall log forensic analysis at large enterprises is manual intensive and involves manpower hours to find events to investigate.  This is predominantly achieved by manually sorting firewall log data.  This work aims to improve the data mining capabilities of analysts to assist in this process.  A Tabulated Vector Approach (TVA) is proposed to create meaningful state vectors from time-oriented blocks. Multivariate and graphical analyses are then used to analyze state vectors in a human-machine collaborative interface.  Statistical tools, such as the Mahalanobis distance, factor analysis, and histogram matrices, are employed for outlier detection. This research also illustrates how these analytic methodologies can be integrated into embedded analytic tools so that cyber analysts on the front-line can efficiently deploy the anomaly detection capabilities.

Bio: Dr. Trevor Bihl received the B.S. and M.S. degrees in electrical engineering from Ohio University, Athens, OH, and the Ph.D. degree from the Air Force Institute of Technology, Wright-Patterson AFB, OH. He is currently a Research Engineer with the Air Force Research Laboratory, Sensors Directorate. From 2009-2016 he was a Research Associate of Operations Research with the Air Force Institute of Technology. He is also an Adjunct Assistant Professor of Pharmacology and Toxicology, and Industrial Engineering with Wright State University, Dayton, OH, where he teaches classes in applied statistics, biostatistics, and engineering. His research interests are in the areas of pattern recognition and multivariate statistics. Dr. Bihl is a member of Eta Kappa Nu (Electrical Engineering Society), Alpha Kappa Delta (Sociology Society), Tau Beta Pi, the Institute of Electrical and Electronics Engineers (IEEE) and the Institute for Operations Research and Management Sciences (INFORMS).