Cybersecurity Days - placeholder

It’s time to register and gear up for the biggest Cybersecurity learning opportunities of the year – Cybersecurity Days. Enterprise Security will again be hosting this event at The Ohio Union this October, with 3 days packed full of content! 

  • Tuesday, October 16: Defending Applications from Security Threats

All sessions are open to the entire Ohio State University community, including students, faculty, staff, researchers, and the Wexner Medical Center.  

If you'd like to attend the October 16 session, please join us at the Ohio Union Great Hall Art Gallery by 9:00 AM on Tuesday, October 16 and fill out a walk up registration form, space is extremely limited (priority will be given to those with an OSU affiliation of either student or employee). 


Defending Applications from Security Threats 

Tuesday, October 16 | The Great Hall at The Ohio Union

Seasoned software security architect Bill Sempf will lead a dynamic course to help you think like an attacker and will give you the coding tools you need to stop cyber criminals cold in their tracks. Even the most experienced developers are sure to pick up some new tips and tricks! This hands-on workshop will have something for everyone. 

Bill brings a breadth of experience in defending applications. He is accomplished in the areas of business and technical analysis, software design, development, testing, server management, server maintenance and security. In his 20 year career, he has helped create well over 300 applications for large and small companies, managed the software infrastructure of two Internet service providers, coded complex software in every environment imaginable, tested the security of all natures of applications and APIs, and made mainframes talk to cell phones.

Bill has authored/coauthored many books, including C# 5 All in One for Dummies. He is a frequent contributor to industry magazines; and has recently been invited to present to audiences at ACM and IEEE, BlackHat, CodeMash, DerbyCon, BSides, DevEssentials, the International XML Web Services Expo and the Association of Information Technology Professionals. Bill also serves on the board of the Columbus branch of the Open Web Application Security Project, and is the Administrative Director of Locksport International. Learn more about Bill and peruse his blog on his website at https://sempf.net

If you'd like to participate in the lab exercises please be sure to bring a laptop and a power cord.

Click here to submit a wait list registration request for Defending Applications from Security Threats. 

TimeSessions
8 - 9 a.m.Registration (Great Hall Meeting Gallery)
9 - 10 a.m.Introduction to Application Security - Problems and solutions as they relate to application security.
10 - 10:30 a.m.Why Does My Data Leak?Presenter: Dr. Lin Zhiqiang is an Associate Professor of Computer Science and Engineering at The Ohio State University
10:30  - 11 a.m.HTTP Security - Requests and responses and what’s going on under the covers.
11 - 11:30 a.m.HTTP Security Lab and Break - Practice using an attack proxy.
11:30 - 12:30 p.m.Authentication - Covers all aspects of secure authentication, including building secure login screens, password storage, secure interactions between sites, and an overview of many other topics.
12:30 - 1:30 p.m.Lunch on your own and lab completion 
1:30 - 2:30 p.m.SQL and Other Injection - SQL, command, LDAP injection, just to name a few. Sending your commands to a backend system.
2:30 - 3 p.m.

SQL Injection Lab - Practice in passing SQL Injection attacks.

3:00 - 4:00 p.m.Cross Site Scripting - Finding and exploiting cross site scripting vulnerabilities.
4:00 - 4:30 p.m.Cross Site Scripting Labs - Practice using Cross Site Scripting vectors.
4:30 - 5:00 p.m.Web Vulnerabilities Tour and Closing Remarks 
 

Community Forum

Tuesday, October 2, 2018 | The Ohio Union 

Our goal was to provide everyone at Ohio State with an event focused on learning, collaborating and working together as a community to share ideas and concepts, even if you are not well versed in security. We have something for everyone! 

  • Our Cybersecurity for You track covered interesting information to engage all technology users. Are you worried about all the data that retailers are collecting about you online? Wondering whether using the same network for your thermostat and your laptop might put you at risk? Curious what cyber-thieves are buying, selling or trading on the Dark Web? We talked about all these topics and more!
     
  • The Cybersecurity for Ohio State track was focused on providing cybersecurity tools to our research community. We were thrilled to welcome Senior Vice President for Research Morley Stone and a number of other research experts to present about topics focused on helping researchers benefit from cybersecurity. Content ranged from the grant proposal process to project completion and everything in between.  Additional topics included using AWS and Human Subject Research Data Security. 
     
  • Our Technical track was overflowing with cutting-edge breakthroughs related to security and features some of our very own prominent researchers from OSU. This was the stuff that's going to shape our future! 

 

Community Forum Agenda

Print the Schedule

TimeSessions
8 - 9:00 a.m.Registration (Great Hall Meeting Gallery)
9:00 - 9:50 a.m.
  • Title: Keynote Address: A Network Defender's Future - Presenter: Rick Howard, CISO, Palo Alto Networks
    Location: Performance Hall
10 - 10:50 a.m.
  • Title: Exploiting the Human: Cybersecurity is a People Problem - Presenter: Brittany Ash | Track: Cybersecurity for You
    Location: US Bank Theater
  • Title: IoT Security: What Is It and Where Is It Heading - Presenter: Deral Heiland | Track: Technical
    Location: Great Hall 1 & 2
  • Title: How to Protect Data Even After Operating System Compromise - Presenter: Yinqian Zhang | Track: Technical
    Location: Great Hall 3
10 - 11:50 a.m.
  • Title: Research and Data Security: from Grant Proposal to Research Publication (2 Hour Talk) - Moderators: Senior Vice President for Research Morley Stone, Kimberly Lightle, Sandy Shew, Amanda Rinehart, Elizabeth Wagner, Casey Hoerig, Michael Chakerian and S Taylor Crane | Track: Cybersecurity for Ohio State
    Location: Performance Hall
11 - 11:50 a.m.
  • Title: IoT: Trust No One - Presenter: Randy Marchany | Track: Cybersecurity for You
    Location: US Bank Theater
  • Title: Why Does Your Data Leak? - Presenter: Dr. Lin Zhiqiang | Track: Technical
    Location: Great Hall 1 & 2
  • Title: Hardware Obfuscation through Algorithmic Modification - Presenter: Xinmiao Zhang | Track: Technical
    Location: Great Hall 3
12 - 1 p.m.Lunch on your own
1 - 1:50 p.m.
  • Title: Is the refrigerator listening to my conversations again? - Presenter: Joanna Grama | Track: Cybersecurity for You
    Location: US Bank Theater
  • Title: Taming your Macs | Track: Cybersecurity for Ohio State
    Location: Performance Hall
  • Title: Machine Learning for "Dark Host" Vulnerabilities - Presenter: Theodore Allen | Track: Technical
    Location: Great Hall 1, 2 & 3
2 - 2:50 p.m.
  • Title: Not All Hacks are Technical - Presenter: Ed McCabe | Track: Cybersecurity for You
    Location: US Bank Theater
  • Title: Secure Research & Technical Computing with Amazon Web Services (AWS) - Presenter: Brad Dispensa | Track: Cybersecurity for Ohio State
    Location: Performance Hall
  • Title: Credentials and Biometrics | Track: Technical
    Location: Great Hall 1, 2 & 3
3 - 3:50 p.m.
  • Title: A Tour Behind the Dark Curtain, Your Identity in the Dark Web - Presenter: Jerod Brennen | Track: Cybersecurity for You
    Location: US Bank Theater
  • Title: Dispelling the Mystery of Human Subject Research Data Security - Presenters: Sandra Meadows, Vanessa Hill, Frank White, Richard Kastelic and Cole Weber | Track: Cybersecurity for Ohio State
    Location: Performance Hall
  • Title: Shifting Security Left - Application Security - Presenter: Craig Stuntz | Track: Technical
    Location: Great Hall 1, 2 & 3
4 - 4:30 p.m.
  • Title: Closing Remarks & Prizes - Presenter: Helen Patton, Chief Information Security Officer, The Ohio State University
    Location: US Bank Theater

Community Forum Presentation Summaries

Keynote

Rick Howard, CISO, Palo Alto Networks - A Network Defender's Future

Rick Howard worked for military and government intelligence organizations, when the cyber "kill chain" became popular. The cyber kill chain is a phase-based cybersecurity defense model that documents threats and defense strategies throughout the stages of an attack.  Analyzing a cyber kill chain allows IT professionals to document how threats present themselves and which actions are most effective in eliminating those threats.

As this approach to security became more popular, companies flooded the market with security tools to support it. It was difficult for IT professionals to determine which of these tools were actually effective in driving the cyber chain kill model. The result was wasted time and resources. Rick Howard was among the thought leaders that created a strategy that leverages automation and industry cooperation to combat threats. Documenting indicators of compromise allows IT professionals to build effective prevention controls. Sharing actionable intelligence allows colleagues to create powerful, effective solutions.

 

Cybersecurity for You Track

Exploiting the Human: Cybersecurity is a People Problem

We need to get away from the “that will never happen to me” mindset and become more aware of the importance of information security in our everyday lives. From a cyber threat intelligence perspective, this presentation will give you a glimpse into how cyber criminals are staying ahead of the average Joe. Whether their success stems from tech savvy or just dumb luck, the negative impact victims experience when their information is compromised is equally devastating.

  • Presenter: Brittany Ash is a Threat Research Analyst for Unit 42 at Palo Alto Networks.
  • Time: 10:00 - 10:50 a.m.
  • Location: US Bank Theater
  • Presentation Slides

IoT: Trust No One

The Internet of Things (IoT) is an instrumented, smart-device world that is forcing a clash between traditional security architects and IoT vendors. Security architects are moving to a zero-trust model, insisting their systems verify every device. At the same time IoT vendors insist the networks should provide security for their IoT devices. This presentation discusses these conflicting assumptions and explores some possible solutions.

  • Presenter: Randy Marchany is the Chief Information Security Officer at Virginia Tech.
  • Time: 11:00 - 11:50 a.m.
  • Location: US Bank Theater
  • Presentation Slides

Is the refrigerator listening to my conversations again?

Alexa and Siri can't be trusted to keep a secret. Your Smart TV is building a profile of you. Facebook is selling your data to 3rd parties. Learn what you can do to protect your privacy in this new age.

  • Presenter: Joanna Grama is a Security and Privacy Expert with Vantage Technology Consulting Group.
  • Time: 1:00 - 1:50 p.m.
  • Location: US Bank Theater
  • Presentation Slides

Not All Hacks are Technical

Cybercriminals have learned that being curious about the world around you can open many doors. Social engineering is the concept of using that curiosity to attack or defend. Take a dive deep into these tactics and give yourself a new lens to understand security both online or off.

  • Presenter: Ed McCabe is a Cybersecurity Expert and Founder of The Rubicon Advisory Group.
  • Time: 2:00 - 2:50 p.m.
  • Location: US Bank Theater

A Tour Behind the Dark Curtain, Your Identity in the Dark Web

Journey into the Dark Web, a community for criminals beyond the reach of the law. What will we find? And what does it mean for your identity?

  • Presenter: Jerod Brennen is a Security Architect at One Identity.
  • Time: 3:00 - 3:50 p.m.
  • Location: US Bank Theater
  • Presentation Slides

 

Cybersecurity for Ohio State Track

Research and Data Security: from Grant Proposal to Research Publication

This panel talk will teach you how to leverage data security practices to make your grant proposal stand out, work successfully with restricted data sets, perform research internationally and survive a data audit.

Moderators are Ohio State staff membersRes earch and Data Security: from Grant Proposal to Research Publication (2 Hour Talk) - Moderators: Morley Stone, Kimberly Lightle and  Amanda Rinehart | Morley Stone, Senior Vice President for Research, Kimberly Lightle, Assistant Dean and Administration Director, College of Education and Human Ecology, Office of Research, Sandy Shew, College of Arts and Sciences, Director of Research for Computing Services, Amanda Rinehart, Data Management Librarian, Assistant Professor, Research and Education, Elizabeth Wagner, Associate Director, Compliance Officer, College of Engineering, Casey Hoerig, Director of IT, College of Pharmacy, Michael Chekarian, Director of IT, College of Food, Agriculture and Environmental Sciences and S Taylor Crane, Security Engineer, OCIO Governance and Risk Management.

  • Time: 10:00 - 11:50 a.m.
  • Location: Performance Hall

Taming your Macs

There’s a misperception that we cannot manage Mac security or we simply don’t need to manage it. This fallacy has grown from lack of knowledge or insufficient resources. To keep Mac environments safe, Apple has strategies you can learn to make these devices more secure.

  • Presenter: This talk will be given by a senior Apple Consulting Engineer (TBD).
  • Time: 1:00 - 1:50 p.m.
  • Location: Performance Hall

Secure Research & Technical Computing on Amazon Web Services (AWS)

AWS helps researchers process complex workloads by providing cost-effective, scalable and secure computing, storage and database capabilities. These resources ensure that investigators can accelerate time-to-science. This session will focus on how researchers can securely leverage AWS services to align to secure computing standards such as NIST as well as OSU’s.  We will cover the current state of the art for AWS data security and monitoring to ensure that your research data is always under your control. 

  • Presenter: Brad Dispensa is a security and compliance specialist with Amazon Web Services.
  • Time: 2:00 - 2:50 p.m.
  • Location: Performance Hall
  • Please contact cybersecurityday@osu.edu for presentation slides

Dispelling the Mystery of Human Subject Research Data Security

Medical Research often forges new paths. Innovation requires and creates volumes of data. Many times researchers can best utilize this data when shared securely and collaboratively – which is complicated. We understand, and want to help you coordinate your efforts to keep data safe. Learn what Ohio State does to guide you and your research safely through the process.

Ohio State Research Panel featuring: Sandra Meadows, Program Manager, Educational Programming and Regulatory Support, Vanessa Hill, Program Manager, Noncompliance and Regulatory Support of Office of Research, Office of Responsible Research Practices, Frank White, Director, Research Compliance, Research HIPAA Privacy Officer, College of Medicine - Office of Research, Richard Kastelic, IT Security Manager, Wexner Medical Center, Cole Weber, IT Security Architect, Wexner Medical Center

  • Time: 3:00 - 3:50 p.m.
  • Location: Performance Hall

 

Technical Track

IoT Security: What Is It and Where Is It Heading

There will be more than 20 billion "Internet of Things" (IoT) devices by the end of the decade. We need a focused effort to secure our new IoT-driven world successfully. This presentation establishes a sound understanding of what IoT is, and methods for communication, identification, and mitigation of security issues within an IoT product’s ecosystem.

  • Presenter: Deral Heiland is a Security Researcher for Rapid 7.
  • Time: 10:00 - 10:50 a.m.
  • Location: Great Hall 1 & 2
  • Please contact cybersecurityday@osu.edu for presentation slides

How to Protect Data Even After Operating System Compromise

Learn how cyber criminals can attack Intel’s Software Guard Extensions (SGX). This presentation will include our ongoing research to fortify and defend SGX.

  • Presenter: Yinqian Zhang is an Assistant Professor with the Colleges of Computer Science and Engineering, Electrical and Computer Engineering, and College of Engineering at The Ohio State University.
  • Time: 10:00 - 10:50 a.m.
  • Location: Great Hall 3

Why Does Your Data Leak?

Recent Ohio State research efforts have developed solutions to possible data leakage in the cloud from Mobile Apps. Ohio State researchers are working to develop automated program analysis as a powerful tool for identifying various security vulnerabilities in cloud servers. Learn common mistakes mobile app developers make and how to develop practical defenses.

  • Presenter: Dr. Lin Zhiqiang is an Associate Professor of Computer Science and Engineering at The Ohio State University.
  • Time: 11:00 - 11:50 a.m.
  • Location: Great Hall 1 & 2

Hardware Obfuscation through Algorithmic Modification

Hardware obfuscation is a protection technique that hides the functionality of the hardware. This makes it harder for competitors to reverse-engineer and copy the hardware’s design. Ohio State recently developed an algorithmic scheme to achieve hardware obfuscation by varying finite field construction and primitive element representation. This algorithm adds additional protection and can be combined with circuit-level techniques.

  • Presenter: Xinmiao Zhang is an Associate Professor, Electrical and Computer Engineering at The Ohio State University.
  • Time: 11:00 - 11:50 a.m.
  • Location: Great Hall 3

Machine Learning for "Dark Host" Vulnerabilities

Explore incorporating a quality perspective into cybersecurity, which means developing methods for monitoring with minimal false alarms and ways to fill in data from incomplete vulnerability scans. Find out the best way to approach vulnerability maintenance and general cyber inspection planning from an economic/data-driven point of view. Interested in whether Linux is better than Windows and how you should charge for administrative access? Find out how quality engineering and related disciplines can answer these questions and more!

  • Presenter: Theodore Allen is an Associate Professor or Integrated Systems Engineering at The Ohio State University.
  • Time: 1:00 - 1:50 p.m.
  • Location: Great Hall 1, 2 & 3
  • Presentation Slides

Apple Biometrics

Apple handles biometrics quite differently than other tech manufacturers, and has been a pioneer in many biometrics technologies such as TouchID and FaceID. But are biometrics secure? Attend this lesson and you may be surprised to learn how Apple secures its biometrics, perhaps much more effectively than some industry skeptics have led you to believe.

  • Presenter: This talk will be given by a senior Apple Consulting Engineer (TBD).
  • Time: 2:00 - 2:50 p.m.
  • Location: Great Hall 1, 2 & 3

Shifting Security Left - Application Security

The best way to avoid security problems in an application is to design security into the architecture from the very beginning. Develop a foundation for application security that is independent of specific technology decisions. Use application security as a means for establishing a common language between designers and defenders. Security teams can be an enabler for good design, not just a gateway to block mistakes.

  • Presenter: Craig Stuntz is a Software Engineer and Cybersecurity Professional.
  • Time: 3:00 - 3:50 p.m.
  • Location: Great Hall 1, 2 & 3

 

Closing

Closing Remarks & Prizes

Join Helen Patton, Ohio State's Chief Information Security Officer to wrap up the day, and perhaps even take home a raffle prize! 

  • Time: 4:00 - 4:30 p.m.
  • Location: Performance Hall

 

Amazon Web Services Immersion Day

Wednesday, October 3, 2018 | The Great Hall at The Ohio Union

Amazon Web Services (AWS) came to Ohio State! This immersion day was an opportunity to meet members of Amazon's team and take a deep dive into learning about AWS, how it could help you and how to use it securely. This day was an engaging, tech-driven event focused on helping you accelerate and secure your journey on AWS.

This immersive one-day workshop included an overview of AWS core services and techniques to secure them. Topics included security, authentication, elastic cloud computing, best practices, networking, use cases, architectures and technical labs. 

Amazon Web Services Immersion Day Agenda

TimeSessions
8 - 9 a.m.Registration (Great Hall Meeting Gallery)
9 - 9:45 a.m.                                                                                                                                                           Intro to AWS and EC2 - An introduction to the AWS cloud and an overview of the Elastic Compute Cloud (EC2). 
9:45 - 10:30 a.m.

AWS Security Overview - A discussion around AWS cloud security concepts such as the "Shared Responsibility Model," IAM and the AWS security center.

  • Multi-factor authentication for all users, auditing for root
  • VPN or bastion hosts, tools to report external footprint 
10:30 - 10:45 a.m.Morning Break
10:45 - 11:30 a.m.

Networking in AWS - Details on AWS networking functionality and offerings such as VPC, ELB, Direct Connect, and Route 53.

  • Boundaries inside AWS with VPCs
  • Everything deployed inside VPC
    • Security groups attached, detailed, justified and tagged 
11:30 - 12 p.m.Lab - Introduction to Amazon EC2 – Provides a basic overview of launching, resizing, managing and monitoring an Amazon EC2 instance.
12 - 1 p.m.Lunch on your own and lab completion 
1 - 1:45 p.m.

Getting Started with AWS Security - Overview of AWS Security, including services available to build security controls and how to leverage services for preventive, detective and responsive controls

  • Be conscious of entry points
  • Tools to report external footprint
  • Flow logs enabled, monitored
  • Security groups attached, detailed, justified and tagged
  • CloudTrail
  • GuardDuty
  • Static checks
  • Tagged audits for any infrastructure changes (CFT/Config) 
1:45 - 2:30 p.m.

Storage and Database; Protecting your Data in AWS - Details on AWS storage and database products and features. Scalable and efficient encryption, key management, leveraging encryption in preventive and responsive controls

2:30 - 3 p.m.Lab - Using Amazon S3 – covers creating an Amazon S3 Bucket, managing permissions and objects 
3 - 3:15 p.m.Afternoon break and lab completion
3:15 - 4 p.m.

DevOps and Automation - Tools and practices to automate infrastructure, governance and deployments.

  • Automation
  • Peer reviews
  • Seamless sign off
  • Automated roadblock
  • Changes in stages to allow for auditing/testing
4 - 4:45 p.m.

Monitoring and Logging - Overview of the AWS Monitoring and Logging options across performance, vailability, security and cost areas

  • Isolate scope/environment, monitor!
  • CloudWatch
4:45 - 5 p.m.Closing Remarks

Questions

Questions should be directed to cybersecurityday@osu.edu.   

Register Now!