The final schedule for the 2020 Virtual IT Security & Risk Symposium, including presentation abstracts, will be posted shortly.
- Day 1 November 2, 2020
- Day 2 November 3, 2020
- Virtual Sessions
For the last nine years I have worked inside the financial crimes/compliance industry in a variety of roles. I have completed two (+) years as the Senior Manager for the Cyber Intelligence Unit at Western Union, identifying risk on the TOR network (dark web markets), not otherwise caught by transaction monitoring.
Prior to Western Union, I spent five years with Bank of America serving as a fraud intelligence analyst and then as an anti-money laundering investigator within the terrorist financing group of Bank of America.
While at BofA I closed over 2,000 suspected money laundering cases and worked closely with law enforcement to service grand jury subpoenas and special law enforcement requests. I obtained my Certified Anti Money Laundering Specialist (CAMS) title in 2015.
Prior to entering the private sector, I served in the Central Intelligence Agency for ten years. I was posted in both overseas and domestic positions, specializing in Counter Terrorism, conflict resolution, mediation, and due diligence. I worked in both independent and group scenarios, in any environment. I served in multiple active war zones and developed a robust understanding of terrorist tactics as well as an understanding of the Diplomatic landscape in any given region.
Specialties: Conflict resolution, mediation, due diligence, Security, government liaison.
David has more than 20 years of experience in the information security field, with a particular focus on incident detection and response. He is active in the DFIR and Threat Hunting community, speaking and writing on the subjects of detection planning, threat intelligence and threat hunting. He is the principal contributor to The ThreatHunting Project (http://ThreatHunting.net). You can follow him on Twitter as @DavidJBianco or subscribe to his blog, “Enterprise Detection & Response” (http://detect-respond.blogspot.com).
It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application security advocate Alyssa Miller dives into the key issues that keep DevSecOps culture from becoming a reality. She’ll provide insights from recent studies that have looked at the state of DevSecOps and share evidence that organizations are still failing to mature their processes in order to achieve the ideals of a shared responsibility culture. Through her analysis, Alyssa identifies tangible, practical actions that organizations can take immediately to begin improving collaboration and enablement within the DevSecOps pipeline. Alyssa will demonstrate what steps can be taken to create mutual enablement between Development, Security, and Operations disciplines. Finally, Alyssa delivers a forward-looking viewpoint for what lies beyond DevSecOps, and how this culture can be cultivated and extended into the broader business.
About the Speaker
Alyssa Miller is a hacker, security advocate, cyber security professional and public speaker with almost 15 years of experience in the security industry. Her experience includes penetration testing, threat modeling and working with business leaders to build enterprise security programs. She speaks internationally at industry, vendor, and leadership conferences on topics ranging from technical security vulnerabilities, to high-level security program strategies, to issues within the security community itself. She is a member of the Board of Directors for Women of Security (WoSEC), an Advisory Board member for Blue Team Con in Chicago, and she current works as an Application Security Advocate for London-based Snyk Ltd.
Chris Cochran is the Director of Security Engineering for a financial technology company headquartered in Silicon Valley and host of the popular Hacker Valley Studio podcast. Chris is former active duty US Marine Intelligence. He has dedicated his career to building and leading advanced cybersecurity capabilities for organizations across different industries. Chris has made it his personal mission to motivate and empower cybersecurity professionals and teams through coaching, his podcast, and speaking engagements.
Michael Wylie, MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Universities, and for clients around the world. Michael is the winner of numerous SANS challenge coins and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GMON, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more. Twitter: @TheMikeWylie.
- Virtual Sessions
Michelle Finneran Dennedy currently serves as Chief Executive Officer at Drumwave. She has a passion for developing software for business people, data scientists, analysts, students, all kinds of surfers – and you. Before working at Drumwave, Michelle was a VP and Chief Privacy Officer at Cisco. She was responsible for the development and implementation of the organization’s data privacy policies and practices, working across business groups to drive data privacy excellence across the security continuum.
Women in Cyber Panel
Anna Manley – Principal Lawyer at Manley Law Inc.
Anna Manley is an internet and privacy lawyer based in Sydney, NS. She is the principal lawyer at Manley Law Inc. and founder and CEO of Advocate Cognitive Technologies Inc.
Kim Lamoreux – Senior Security Analyst, PlayStation
Kim Lamoureux has over 7 years experience leading Sony PlayStation’s Level 1 PCI assessment, both as an external consultant and eventually joining Sony full time.
Over the past 15 years, Kim has managed multiple engagements across industries including risk management, compliance, and audit. In her spare time, she actively participates in multiple cybersecurity inclusionary efforts, including cybersecurity and privacy for children. Kim was nominated and lead the ISACA San Diego Chapter as its acting president from 2017 to 2018.
Kim has given talks at the Diana Initiative and twice at the ISACA Los Angeles Conference, and is also a volunteer CFP reviewer for the Usenix Enigma conference. Though she has a degree in biochemistry, her passion lies in cybersecurity and the intersection of payment system protection and commerce.
Ursula Cowan – Senior Threat Research Analyst, Mandiant Security Validation
Ursula Cowan, is a Senior Threat Research Analyst at Mandiant Security Validation (a FireEye Company), focusing on researching adversaries’ tactics, techniques, and procedures (TTPs), breaking them down to the smallest behaviors, for the purpose of replicating them within the Mandiant Security Validation Platform.
Ursula’s career started as a police detective investigating cyber-crime, death, and online exploitation. She later added computer forensics examiner to her list of job duties. Her training in computer forensics was at the U.S. Secret Service’s National Computer Forensic Institute (NCFI), she also holds a Bachelor of Science in Applied Psychology from the Florida Institute of Technology, and a Master of Science in Digital Forensics from the University of Central Florida.
Melissa Sariffodeen – Co-Founder & CEO at Canada Learning Code
I’m Melissa and I’m a fierce advocate for providing Canadians (especially women and youth) the critical skills, confidence and opportunities they need to become passionate builders – not just consumers of technology and to inspire everyone to leverage and build technology that has the power to truly change the world. And, I’m making that happen with an amazing team across the country at Canada Learning Code.
Since 2011, we have taught over 80,000 Canadians code through one of our programs and we’re just getting started. Our goal is to provide 10,000,000 technology learning experiences to Canadians over the next ten years through our programs Ladies Learning Code, Girls Learning Code, Kids Learning Code, Teens Learning Code and Teachers Learning Code.
Through program design and delivery (like the code:mobile – a travelling computer lab roadtrip across Canada), strategic industry and public partnerships, educator training, research, advocacy and awareness Canada Learning Code aims to unify coding education in Canada and drive results
Dominique West – Senior Cloud Security Consultant, EY
Dominique West is currently a Senior Cloud Security Consultant for a multinational professional services and creator of the Security in Color cyber and cloud security podcast. Achieving her CISSP and Master’s degree in cybersecurity, Dominique is deeply passionate about cloud security & cyber awareness, with 8 years of experience in IT spanning risk, vulnerability, incident and response, cloud transformation & security across the commercial industries. In addition to her professional endeavors she founded a platform, Securityincolor.com, that provides industry news and professional guidance to those aiming to begin to navigate a career in the cloud and cybersecurity space. She also leads the Atlanta chapter of the Women’s Society of Cyberjutsu, a nationwide non-profit with the aim of empowering women in the field of information security. You can find Dominique on all social media platforms (@domyboo), on Linkedin, or directly on her website (http://www.securityincolor.com)
Philip is a cybersecurity and assurance expert. He has a deep background in IT Security dating back to high school and was able to translate that in to a career in IT risk and security after attaining his degree in computer science.
Prior to joining Visa, Philip worked at Ernst & Young and Grant Thornton as a Sr. IT Auditor conducting IT security process and system reviews for large financial institutions, specializing in Unix, Windows and Legacy systems. He continued this work when he moved over to Visa Inc’s internal audit department bringing his deep technical background to the types of audits typically found within a large, global, tech company. During this time he was applauded for his ability to translate between the business and the technical for management reporting.
In his spare time Philip enjoys exploring security on uncommon systems. As a result he recently devoted himself to raising awareness about the vulnerabilities in systems that are often referred to as ‘Legacy’. To demonstrate some of these platforms weaknesses he’s written multiple tools (available here: https://github.com/mainframed) and given talks at various IT security and hacker conferences around the world including:
• BlackHat USA
He has also been invited to speak on multiple podcasts including PaulDotCom, SecuraBit and Eurotrash Security.
Due to this personal endeavor Philip was invited to join the Global Information Security group, within Visa, to create and build the Core Systems Security group. In this role he has:
• Re-written the technical security standards and requirements based on industry standards
• Conducted detailed security assessments of our core platforms
• Re-designed the SSDLC program to appropriately risk rank and assess applications
• Re-wrote penetration testing processes and scope when testing core/commercial systems
• Assessed network segregation
• Designed a program to identify and assess rogue assets
Masha Sedova is an award winning people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first people-centric security platform that leverages behavioral-science to transform employees into security superhumans. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Masha has been a member of the Board of Directors for the National Cyber Security Alliance and regular presenter at conferences such as Blackhat, RSA, ISSA, Enigma and SANS.