RSA Charge 2017

Tuesday, October 17, 2017 to Thursday, October 19, 2017

Senior Cybersecurity Engineer Bill Newhouse will participate in a panel on "Build Omni-channel Fraud Strategies with Deep Entity Profiling & Automation" at RSA Charge on Wednesday, October 18, 2017 from 2:30pm to 3:15pm. The panel will discuss best practices to leverage these technologies to mitigate fraud more effectively while reducing end-user friction and operational costs and enabling omni-channel business growth.

Yael Gour, Product Marketing, RSA

Daniel Cohen, Director of Product Management, Fraud & Risk Intelligence, RSA
Gregg Sansone, Director, Decision Science Design, USAA
Bill Newhouse, Senior Cybersecurity Engineer, National Cybersecurity Center of Excellence and Deputy Director, National Initiative for Cybersecurity Education

Mobility Summit

Tuesday, July 18, 2017

NCCoE Security Engineer Joshua Franklin will participate in a panel discussion titled "A Defense-in-Depth Approach to Mobile Security" from 11:30am to 12:10pm. This session will explore the different dimensions of mobile security and how they must be managed in a comprehensive approach. Topics include mobile device management, authentication strategies, and the mobile threat landscape. The Mobility Summit will be held in Washington, D.C. and will provide federal IT leaders with insights into the foundations of the mobile ecosystem: Productivity tools, apps, devices, management strategies, and defense-in-depth cybersecurity.

GridSecCon 2017

Tuesday, October 17, 2017 to Thursday, October 19, 2017

NCCoE Security Engineer Jim McCarthy will lead the session titled "Convergence of Cybersecurity Situational Awareness Capabilities for the Energy Sector" at GridSecCon 2017 in St. Paul, MN. NCCoE engineers alongside former Department of Energy CTO Pete Tseronis, Eric Andersen and Mark Rice of Pacific Northwest National Laboratory  (PNNL), and Mary-Ann Ibeziako and Don Hill of University of Maryland College Park, Engineering and Energy, will share their expertise on Situational Awareness and discuss the recently NIST Special Publication 1800-7 that uses commercially available products to explore the methods for energy providers to more readily detect and remediate anomalous conditions and investigate the chain of events that led to the anomalies.

NERC’s annual Grid Security Conference (GridSecCon) series brings together cybersecurity and physical security experts from industry and government to share emerging security trends, policy advancements, and lessons learned related to the electricity sub-sector. 

PCI North America Community Meeting

Wednesday, September 13, 2017

Authenticating users in card not present (CNP) transactions continues to be a challenge for e-commerce payments. In this session "No Card? No Problem" NCCoE's Deputy Program Manager Brian Abe and Orvis' Head of IT Security, Compliance and Risk Management Tyson Martin will discuss approaches being developed by the NCCoE in conjunction with industry partners to implement multifactor authentication to address these challenges and implement stronger authentication mechanisms to ensure a customer is authorized to use a credit card for e-commerce transactions. The NCCoE example implementation will introduce multifactor authentication that ties to existing web analytics and contextual risk calculation to reduce the risk of false online identification and authentication fraud.

FS-ISAC 2017 Fall Summit

Sunday, October 1, 2017 to Wednesday, October 4, 2017

NCCoE Senior Engineer Harry Perper will present "Ransomware Recovery and Privileged Account Management Improve Resilience" on October 4 from 1:45pm to 2:30pm at the FS-ISAC Fall Summit in Baltimore, Md. Malware and insider threat actors often make use of privileged accounts to enable their activities. Recovery from ransomware is complicated by the lack of consistent and protected file and system back-ups. And access rights policies are difficult to enforce using manual processes. This session will explore  the NCCoE's research and projects related to Data Integrity (ransomware recovery), Access Rights Management, and Privileged Account Management.

POSTPONED: Cyber Hygiene for the Health Sector

Tuesday, June 27, 2017

NCCoE Director of Operations Tim McBride will speak at Cyber Hygiene for the Health Sector on Tuesday, June 27 from 8am-9:30am EST at Launch Workplaces (9841 Washingtonian Blvd Ste 200, Gaithersburg, MD 20878). Do you worry about the security of your organizations data, your customer's data, or the potential impacts of a cyber attack on your organization? McBride will join speakers Denise Anderson, President, National Health Information Sharing and Analysis Center (NH-ISAC) and Kevin Crain, CISO, UMD Health System to examine the need for good cyber hygiene in healthcare sector organizations.

Mobile Security for Defense and Government Summit

Wednesday, June 7, 2017

NCCoE Security Engineer Josh Franklin will present NIST's Mobile Security Best Practices & Guidelines at the 4th Annual Mobile Security for Defense and Government Summit in Arlington, VA at the AUSA Conference Center on June 7 from 9am to 9:40am. This presentation will explore breaking down the Mobile Threat Catalogue (MTC) and how to identify the greatest areas of need for protecting vulnerable mobile device networks; current NIST Guidelines for Mobile Device Management platforms; and moving towards a secure mobile enterprise.

Borderless Cyber USA

Thursday, June 22, 2017

Borderless Cyber USA brings together the world’s most informed cybersecurity leaders to share insights on changing the economics of computer network defense for a two-day conference at the U.S. Customs House in New York City. NCCoE Associate Director of Operations Tim McBride will speak during a roundtable session on Cyber Threat Collaborations and Alliances to Improve Global Defenses Against Cyber Adversaries on June 22 from 3:15-4:30pm. 

MobileIron Live 2017

Tuesday, May 9, 2017 to Thursday, May 11, 2017

NCCoE security engineer Chris Brown will present at a roundtable discussion at MobileIron Live on Wednesday, May 10 from 3:30p.m. to 5p.m. In this session, he will demonstrate how derived PIV credentials can be added to mobile devices for remote authentication to information technology systems in operational environments while meeting information security policy guidelines.