John Shier
10:00 am - 10:50 am
In the aftermath of an attack victims are left wondering what they could have done better or differently. When faced with nation-state attackers, the answer is often: not much. But, most attacks aren't the product of a nation-state adversary. They are the work of professional cybercriminals, intent on causing harm for financial gain. By analyzing hundreds of incident response investigations, we can identify how the attackers are succeeding and what we can do differently to change the narrative.
John Shier is a Field CTO Threat Intelligence with more than two decades of cybersecurity experience. He’s passionate about protecting consumers and organizations from advanced threats, and has researched everything from costly ransomware to illicit dark web activity, uncovering insights needed to strengthen proactive cybersecurity defenses.
Greg Stachura and Alex Ioannidis
11:00 am - 11:50 am
EDR, I love you, you’re perfect, now change! The continued enhancements in EDR make them invaluable tools, however there isnt a single one on the market that can detect it all, or even gives you insight into it all. So how do we gain visibility into our blindspots, without writing blank checks? For Windows users, Sysmon can help with those blindspots. Utilizing a smart implementation, a logging filter and some know how, you can help fix or, in some cases, improve, detections from your EDR.
Greg is a Senior Manager at Security Risk Advisorsy where he helps run and manage an MSSP offering for a 24/7/365 CyberSOC services. Greg has architected, deployed, and managed SIEM environments, orchestration and automations platforms, and developed custom tools for SOC analysts. He also has extensive background in Incident Response playbook development, log analysis, and forensics in health care, financial, and academic environments.
Greg earned his MBA from the Rochester Institute of Technology with an Advanced Certificate in Information Assurance. Prior to joining Security Risk Advisors, Greg worked extensively in the financial, healthcare, and education sectors.
Alexandra is a Senior Consultant at Security Risk Advisors. She focuses on EDR engineering and detection rule creation, specifically for SentinelOne, Microsoft Defender, and CrowdStrike. Alexandra is also a threat hunt lead, developing and overseeing threat hunts for multiple clients.
Alexandra is a graduate of Rochester Institute of Technology, holding a degree in Computing Security with a minor in Networking & Systems Administration.
Richard Smith
1:00 pm - 1:50 pm
Concerned about business email compromise (BEC) attacks? Until recently, organizations using Office 365 for email had no way to audit access to individual mailbox items unless they paid for the premium E5-level license. Microsoft has enabled all customers to access these logs - but accessing them and getting the data into an actionable format is still a daunting task. In this talk I'll show how you can leverage readily-available technologies to pull the mailbox audit logs into your SIEM and datalake solution, giving visibility into individual mailbox item access logs, and potentially reducing your PHI/PII exposure risk in the event of a cybersecurity incident.
Richard Smith is a Senior Consultant with Security Risk Advisors, working primarily on security data pipeline efficiency and onboarding clients into SRA's XDR solution, SCALR.
Mark Musone
2:00 pm - 2:50 pm
Mark will demonstrate forensic analysis of malware which originated from a foreign threat actor. He will teach us how malware operates, how to analyze malware, and ways to take the confusion out of compromises.
Mark Musone has expertise in both corporate and Government cybersecurity. He has proficiency in NIST 800-53, NIST 800-171, CMMC, FedRAMP, FISMA, and numerous other standards.
Mark regularly provides subject matter expertise on security audits, reviews of technical system design documentation, deliverables, and performance. Mark also provides additional research and analysis of cloud technologies, security architectures, IPV6 solutions, and Federal security requirements and standards.
Mark has taught countless technology and security classes and seminars, has provided forensic assistance to various Governmental agencies, and provides expert testimony in court cases. Mark has successfully worked with contractors and vendors to resolve findings, develop security best practices, and maintained up-to-date status of security compliance. Mark is a CISSP, CMMC Registered Practitioner, a CMMC Provisional Assessor, a CMMC Certified Assessor, a CMMC Certified Professional, and a CMMC Certified Provisional Instructor.
Barry Hofecker
3:00 pm - 3:50 pm
As businesses grapple with increasing digital complexity, continually evolving threats, increasing risk exposure, and pressure from leadership to reduce costs, it is more important than ever for security teams provide assurance that security investments support and promote business goals and objectives. In this presentation we will discuss the principles of information security architecture, review two prominent security architecture frameworks and learn how they can be leveraged to improve our security program and provide the assurance that the business is looking for.
Barry Hofecker is a vCISO, Security Strategist with 20+ years of information security, technology, and risk management experience in multiple diverse markets, including Manufacturing, Healthcare, Education, Financial Services, and public sector entities. Barry holds a MS in Information Security and Assurance as well as multiple industry certifications.