Cybersecurity Day Proceedings 2017

  • The Institute for Cyber Security at IUP, in collaboration with the IT Support Center and the Computer Science Department, hosted the 10th annual Cyber Security Day on Thursday, October 26, 2017, from 9:00 a.m. to 4:00 p.m. in the Stouffer Auditorium.

    View the 2017 Cyber Security Day Photo Gallery

    View the 2017 Cyber Security Day Presentations

    View the 2017 Cyber Security Day Brochure

    Schedule of the Event

    9:00–9:10: Opening Remarks

    Dr. Deanne Snavely, Dean, Kopchick College of Natural Sciences and Mathematics

    9:10–9:20: Welcome Message

    Dr. Francisco E. Alarcón, Acting chair, Department of Computer Science

    9:20–9:30: Event history, ICS work and recent achievements, and logistics.

    Dr. Waleed Farag, Professor of Computer Science and Director, Institute for Cyber Security at IUP

    9:30–10:20: Insider Threats: Challenges and Mitigation Approaches

    Dr. James Joshi, Professor, Department of Informatics and Networked Systems, School of Computing and Information, University of Pittsburgh

    10:20–10:35: Break

    10:35–11:25: The State of Security Awareness and Education: Phishing and Beyond

    Mr. Skip Irwin, Account Executive for Wombat Security Technologies

    11:25–12:50: Lunch Break

    12:50–1:00: Provost’s Remarks

    Dr. Tim Moerland, IUP’s Provost and Vice President for Academic Affairs

    1:00–1:50: Cyber Power and the Reserve Component

    Dr. Isaac Porche, Director, Acquisition and Development Program, Homeland Security Operational Analysis Center (HSOAC), RAND Corporation

    1:50–2:00: Break

    2:00–2:50: The 2018 Cyber Security Employment Landscape and You

    Mr. Joe Harford, President and Founder, Reclamere

    2:50–3:00: Break

    3:00–3:50: The Cybersecurity Professional’s Current and Future Challenges

    Mr. David Brown, CISSP, PMP, Manufacturing Information Security Business Strategist,Business Complete Solutions

    3:50–4:00: Conclusions

    Dr. Waleed Farag, Director, Institute for Cyber Security at IUP

    Biographical Information

    Dr. James Joshi, Professor, Department of Informatics and Networked Systems, School of Computing and Information, University of Pittsburgh

    James Joshi is a professor of School of Computing and Information at the University of Pittsburgh, and the director and co-founder of the Laboratory of Education and Research on Security Assured Information Systems (LERSAIS), which has been designated as a Center of Academic Excellence in Information Assurance and Cyber Defense Education and Research (CAE and CAE-R). He is an elected fellow of the Society of Information Reuse and Integration (SIRI) and a senior member of the IEEE and the ACM. His research interests include access control models, security and privacy of distributed systems, trust management, network security, and security and privacy services in cloud computing, critical infrastructures, and social networking environments. He is a recipient of the US NSF-CAREER award in 2006. He has served as program co-chair and/or general co-chair of several international conferences/workshops. He currently serves as the steering committee chair of IEEE CIC. He was a founder and co-Editor-in-chief of EAI Endorsed Transactions on Collaborative Computing. Currently, he is the EiC of the IEEE Transactions on Services Computing. He had also served in or is in the editorial board of several international journals. His work has been recognized with Best Paper award in ACM CODASPY 2011 and BigData Congress in 2017, and Best Student Paper award in ACM SIGSPATIAL 2011. He is a co-editor of the book titled “Information Assurance: Dependability and Security of Networked Systems” published in 2007. He has published over 120 articles as book chapters and papers in journals, conferences and workshops, and has served as a special issue editor of several journals including Elsevier Computer & Security, ACM TISSEC (now TOPS), Springer MONET, IJCIS, and Information Systems Frontiers.

    Mr. Skip Irwin, Account Executive for Wombat Security Technologies

    Skip Irwin, Account Executive for Wombat Security Technologies, a leading provider of security education that changes employee behavior. Founded in 2008, Wombat’s Security Education Platform includes integrated knowledge assessments, a library of simulated attacks, and interactive training modules.

    Dr. Dr. Isaac Porche, Director, Acquisition and Development Program, Homeland Security Operational Analysis Center (HSOAC), RAND Corporation

    Isaac is a senior engineer at the RAND Corporation, where he currently serves as the Director of the Acquisition and Development Program in the Homeland Security Operational Analysis Center (HSOAC). As the director, Isaac overseas a wide range of projects supporting the Department of Homeland Security and its components. He joined RAND in 1998 after graduating from the University of Michigan with a Ph.D. in electrical engineering. He has led research projects for the U.S. Navy, U.S. Army, the Department of Homeland Security (DHS), the Joint Staff, and the Office of the Secretary of Defense. He has served on the U.S. Army Science Board supporting a number of its cyber related panels. At the Institute of Politics and Strategy at Carnegie Mellon University, Isaac serves as an adjunct instructor, where he teaches a graduate class titled Policy and Technology of Cyberwar. He has authored numerous RAND publications, peer-reviewed journal articles and conference papers. He is also a frequent contributor of op-eds and commentary for news outlets on military and science topics and has been quoted in other media outlets including National Public Radio, the San Francisco Chronicle, and the Baltimore Sun.

    Isaac’s areas of expertise include cybersecurity, network and communication technology, intelligence, surveillance, and reconnaissance (ISR) systems, data mining, modeling and simulation, cybersecurity, rapid acquisition processes, and operations research techniques. In 2016, he presented testimony on emerging cyber threats and implications before the House Homeland Security Committee, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. Isaac’s latest publication, Cyber Power Potential of the Army’s Reserve Component, focuses on research conducted on how to train, manage, and develop the Army’s Cyber force.

    Mr. Joe Harford, President and Founder, Reclamere

    Joe Harford, President and Founder, Reclamere, a 16-year old information security company located in Central Pennsylvania that serves clients in highly regulated market sectors. The company has been providing its' clients with information security solutions throughout the Mid-Atlantic region. Reclamere works with clients of all sizes and stages of the security maturity model.

    Mr. David Brown, CISSP, PMP, Manufacturing Information Security Business Strategist, Business Complete Solutions

    David C. Brown, PMP, CISSP, is the founder of Business Complete Solutions®. He shows leaders of manufacturing companies how to grow their business, and improve their competitiveness while they manage the risk of cyber-attacks and Compliance penalties. He has more than twenty-five years experience in manufacturing and seventeen in various cybersecurity roles. He has filled leadership positions in diverse engineering, consulting, and management positions at a wide variety of companies and industries. He specializes in using cybersecurity tools, techniques, and procedures to enable companies to innovate and improve business profits.

    Titles and Abstracts

    Dr. James Joshi, Professor, University of Pittsburgh

    • Title: Insider Threats: Challenges and Mitigation Approaches
    • Abstract: Insider threats pose as an increasingly challenging issue that has significant potential impacts on organizations. Detection, mitigation and/or prevention of insider attacks present complex challenges while the boundary between an insider and an outsider within the context of an organizational information system is becoming increasingly blurry because of the immense interconnectivity among devices and applications, and organizational information systems; this is further aggravated by evolving and emerging technologies such as Cloud computing and the Internet of Things (IoT). In this talk, I will discuss various challenges, potential mitigation approaches and our ongoing research efforts related to tackling insider threats.

    Mr. Skip Irwin, Account Executive for Wombat Security Technologies

    • Title: The State of Security Awareness and Education: Phishing and Beyond
    • Abstract: This session will provide a comprehensive overview of the different threats facing end users today and the steps proactive organizations are taking to protect themselves. In addition to phishing, it will highlight lesser known, but equally as dangerous threat vectors such as social engineering, mobile security, and ransomware. Skip will also discuss why an effective security plan must address a full scope of threats and share best practices on how to create an actionable security awareness and training program to effectively change behavior and reduce risk.

    Dr. Isaac Porche, Director, Acquisition and Development Program, Homeland Security Operational Analysis Center (HSOAC), RAND Corporation:

    • Title: Cyber Power and the Reserve Component
    • Abstract: The military services are formalizing and bolstering their contribution to the nation’s cyber force, known as the U.S. Cyber Command Cyber Mission Force. As part of a Total Force approach, the Army is considering using both active component and reserve component personnel to fill the Cyber Mission Force and other requirements in support of Army units. This presentation will discuss ways in which these soldiers can be leveraged to conduct Army cyber operations as well as the broader challenges and opportunities that the use of reserve component personnel presents.

    Mr. Joe Harford, President and Founder, Reclamere

    • Title: The 2018 Cyber Security Employment Landscape and You 
    • Abstract: OK, so you have that prized information security degree, solid internship experience, and your first job offer - now what?  The now what question is one that has plagued graduates for decades.  This presentation is not about your short-term savings plan, 401K strategy, or winning real estate advice, although that would be helpful.  Rather this speaker will explain to you how important organizational culture, attitude, and a PIVOT mindset will differentiate you from your other professional colleagues.

    Mr. David Brown, CISSP, PMP, Manufacturing Information Security Business Strategist, Business Complete Solutions

    • Title: The Cybersecurity Professional's Current and Future Challenges 
    • Abstract: The cybersecurity field is extremely complex and fast moving. Each year cybercriminals victimize thousands of large and small companies. David C. Brown, PMP, CISSP, founder of Business Complete Solutions, will discuss some of the current and future challenges facing cybersecurity professionals as they endeavor to protect their company and their career