Workshop Wednesdays

INMA presents Workshop Wednesdays, a component of National Infrastructure Security and Resilience U (NISRU), offering world class online learning and continuing education focused on critical infrastructure protection and resiliency.

Note: All workshops are from 10am – 12pm PT / 1pm – 3pm ET

1: SEPTEMBER 23

Preventing Your Organization From Becoming The Next Cyber Crime Victim

Scott Augenbaum |  Partner |  Hero Publishing

Did you know that over 90% of all Cybercrime could be prevented?  During his decades with the FBI, Retired Supervisory Special Agent Scott Augenbaum handled over 1,000 Cybercrime incidents and was responsible for formulating the FBI’s responses.  Since his retirement in 2018 (after having served the FBI in New York City, Syracuse, New York, Washington DC and Nashville, Tn), Scott has traveled around the world teaching organizations and individuals what they can do to prevent their becoming the next Cybercrime victim. 

His book on the subject “The Secret to CyberSecurity, A Simple Plan to Protect Your Family and Business” was voted one of the Top Ten Information Security Reads for 2020.  Scott currently serves a guest commentator on Cybercrime for CNN. Scott’s presentation will address the global cost of Cybercrime, how it continues to increase each year, how despite the increase in expenditures to fix/cure/prevent Cybercrime the problem just continues to grow and how proper cyber hygiene and corporate/individual cultural shifts offer some simple cost-free solutions to the problem.

Who should attend:

Information/Security Professionals or any executive wanting to understand best practices to keep your organization from becoming the next Cybercrime Victim.

Learning Objectives
  1. Participants will learn about the major commonalities in enterprise data breaches.
  2. Participants will learn about hidden risk within the organization not covered by IT departments.Participants will learn how to pressure test your intrusion response plan and, most importantly, where they should start.

About the Instructor

Scott Augenbaum

Partner | Hero Publishing

Scott joined the Federal Bureau of Investigation (FBI) in the New York Field Office in 1988 as a support employee, In 1994 he became a Special Agent and was assigned to the Syracuse, New York Office, where he worked domestic terrorism, white collar and hate crimes, and all computer crime investigations. 

In October 2003, he was promoted to Supervisory Special Agent at FBI Headquarters, Washington D.C in the Cyber Division, Cyber Crime Fraud Unit and was responsible for managing the FBI’s Cyber Task Force Program and Intellectual Property Rights Program.  

In 2006, he transferred to Nashville, TN and managed the FBI Memphis Division Computer Intrusion/ Counterintelligence Squad in Nashville, TN. Over the past ten years, he’s provided hundreds of computer intrusion threat briefings to educate organizations on emerging computer intrusion threats and how to not to be the victim of a data breach. 

Scott earned an MBA at American Sentinel University in Information Technology and a Masters Certificate in Information Security Management from Villanova University and holds numerous General Information Assurance Certifications. He is also the author of The Secret to Cybersecurity: A Simple Plan to Protect Your Family and Business From Cyber Crime.


2: SEPTEMBER 30

Blockchain and Smart Contracts for Critical Infrastructure Protection

Mark Schwartz | Blockchain Pathfinder | ZapTheory, LLC

This workshop will provide you with basic understanding of blockchain technology in general and smart contracts, and educate you on how these technologies will impact critical infrastructure protection.

Who should attend:

Professionals in either government or the commercial sector who focus on national security, energy, communications, financial services, manufacturing, transportation or law enforcement.

Learning Objectives
  1. Gain a basic understanding of blockchain and smart contract technologies.
  2. Understand how blockchain and smart contracts will impact critical infrastructures.
  3. Learn how blockchain and smart contracts might disrupt today’s infrastructure paradigm so as to instantiate Infrastructure 2.0. 

About the Instructor

Mark Schwartz

Blockchain Pathfinder | ZapTheory, LLC

Mark Schwartz concentrates his advisory practice exclusively in blockchain, tokenization and smart contracts.  He has led teams to design, build and implement smart contracts for the financial services, OEM, communications and aviation sectors.  Mark also gives seminars and workshops in blockchain.  Mark is currently implementing a new program in DeFi (decentralized finance on the blockchain).  Mark earned a JD and MA from American University in 1995, where he was a member of American University Law Review and graduated Magna Cum Laude in both programs.  Mark graduated from the University of Florida in 1991 with Highest Honors and was inducted into Phi Beta Kappa.


3: OCTOBER 7

Cryptocurrencies, Financial Fraud and Tracking Bitcoin

James McDowell | Senior Security Analyst | Alabama Securities Commission

What are cryptocurrencies? What is blockchain technology? What are the red flags of financial fraud? How can you better protect yourself from fraud? If you find yourself asking these questions, then this workshop is for you! We will spend the first part of the workshop covering the basics of cryptocurrencies, blockchain technology, and financial fraud. 

The second half of this workshop will be spent walking through tabletop cryptocurrency fraud investigations with attendees.

Who should attend:

Those interested in learning more about cryptocurrencies and financial fraud investigations; banking, finance, insurance, government, military, law enforcement staff.

Learning Objectives
  1. Understand the basics of cryptocurrencies.
  2. Understand the red flags of fraud.
  3. Understand financial fraud investigations and how to protect themselves.

About the Instructor

James McDowell

Senior Security Analyst| Alabama Securities Commission

James McDowell is a Senior Securities Analyst for the Alabama Securities Commission. In this role, he utilizes data analytics to coordinate multi-jurisdictional investigations; trains law enforcement officers, at various levels, on digital and financial investigations; and briefs stakeholders at all levels on issues related to cybersecurity and data analytics. 

He holds a master’s degree in Cybersecurity and Information Assurance; bachelor’s degrees in Finance and Economics; and the designations of Certified Cyber Crimes Investigator, Certified Ethical Hacker, Certified Fraud Examiner, and Certified Computer Hacking Forensic Investigator. He is currently pursuing the designations of Certified Data Scientist and Certified Big Data Architect.

He is a proud member of the National Chief Information Security Officer Cross-Sector Council, the Multi-State Information Sharing & Analysis Center, and InfraGard. Additionally, he is elected to the Board of Directors for the Birmingham Chapter of the InfraGard, appointed to Co-Chair of the “Investment Adviser Cybersecurity and Technology Project Group” of the North American Securities Administrators Association (NASAA), and selected as Chair of the Financial Regulatory Compliance Section of the Government Blockchain Association (GBA). 

James is also a Member of the NASAA Enforcement Technology Project Group; a Member of the GBA Cybersecurity Working Group, Economic Analysis Working Group, and Financial Crimes Working Group; a Member of the Military Operations and Research Society Data Science and Artificial Intelligence CoP; a Member of the International Association of Law Enforcement Intelligence Analysts; a Member of the Elder Justice Coalition; a Member of the American Legal and Financial Network; and a Member of the National White Collar Crime Center.


4: OCTOBER 14

NIST National Cybersecurity Center of Excellence (NCCoE) Technical Ransomware Attack Mitigations for Prevention and Response

Anne Townsend | Principal Cybersecurity Engineer | Mitre Corporation

This workshop will describe cybersecurity best practices and recommendations to help you prepare for and respond to a ransomware (or other type of data loss) event. We will review the 3 publication that provide technical recommendations to help you identify, protect, detect, respond to these types of events. In addition, we will discuss recommendations for securely maintaining the backups needed in the response and recovery phase of an event.

Who should attend:

CISOs, cybersecurity practitioners, IT Security specialists

Learning Objectives
  1. Learn techniques to protect back-up files from manipulation
  2. Learn techniques to detect ransomware (or data destruction activities)

About the Instructor

Anne Townsend

Principal Cybersecurity Engineer | Mitre Corporation

Anne Townsend is a principal cybersecurity engineer at the National Cybersecurity Federally Funded Research and Development Center, operated by the MITRE Corporation, in support of the National Cybersecurity Center of Excellence. She is responsible for providing leadership to the organization in the area of data security. 

One of her largest projects, the Data Integrity Project, provides guidance and technical insight to challenges such as ransomware and other destructive events. Townsend holds a bachelor’s degree in business administration with a concentration in computer and information sciences from the University of Florida and a master’s degree in computer science with a concentration in information security from Boston University.


5: OCTOBER 21

Implementing a Resilience Centric Approach to Business Continuity: Lessons from the COVID-19 Outbreak

Stephen E. Flynn | Founding Director | Global Resiliency Institute (GRI)

The Global Resilience Institute has been working closely with FEMA Region 1 to assess the economic impact from the COVID-19 pandemic on the surrounding community and businesses in the New England region. During this workshop we will take you through some of the lessons and learnings about how to assure that your organization is faster and more resilient going forward. There will also be a deeper interactive discussion with leaders of enterprises on the importance of implementing a resilience centric approach to business continuity.

Who should attend:

Public, Private and Government enterprises that are in the midst of reopening and looking at longer term continuity plans given this recent pandemic.

Learning Objectives
  1. Understanding lessons learned from the COVID-19 emergency: To include how to navigate a crisis of an unknown duration.
  2. Anticipating likely cascading failures due to dependencies and interdependencies on systems outside the direct control of your enterprise.
  3. Sharing best practices to implementing a resilience approach to business continuity.

About the Instructor

Stephen E. Flynn

Founding Director | Global Resiliency Institute (GRI)

As Founding Director of the Global Resilience Institute at Northeastern University, Stephen E. Flynn leads a major university-wide research initiative to inform and advance societal resilience in the face of growing human-made and naturally-occurring turbulence. At Northeastern, he is also Professor of Political Science with faculty affiliations in the Department of Civil and Environmental Engineering and the School of Public Policy & Urban Affairs. Dr. Flynn is recognized as one of the world’s leading experts on critical infrastructure and supply chain security and resilience.


6: OCTOBER 28

If You are Not Hacking your Physical Security, Someone Else Will.  Understand the Mindset of Hackers.

Jeff Jones | Threat Hunter and Security Officer | Large Financial Institution

Security Teams and vendors will never be able to protect other groups completely because they cannot govern every action these teams make on an hourly basis.  Therefore, education for everyone on how to secure systems is the best course of action.  After reviewing attacker’s thought process and methodology the participants will be challenged to come up with multiple strategic solutions from real world problems.

Who should attend:

Those that are NOT concerned about their physical security are strongly encouraged to attend.  This is a non-technical discussion for anyone that wants to understand the security of physical security.

Learning Objectives
  1. The first step in defending anything is understanding your attacker.  There are good and bad hackers; but they both think the same way.  Understand their approach in how they push systems to the extremes to see where they break.
  2. After understanding the methodology, a review of attacks will be conducted to understand how this methodology has been applied in the past to anticipate future attacks.  Understand the value of your physical security to miscreants.
  3. Review what happens during a common breach and what mistakes are commonly made before or during a breach that make the situation worse.

About the Instructor

Jeff Jones

Threat Hunter and Security Officer | Large Financial Institution

Jeff is an up and coming leader in the security space.  He has two undergraduate degrees in Sociology & Computer Engineering and two certifications: CISSP & GPEN.  Most of career work has been in consulting roles.  Jeff currently works for a major financial institution on an elite security team and regularly speaks at local universities and conferences.  Jeff’s passion is threat intelligence with a focus on understanding the cause of breaches.  He successfully predicted the use of ransomware on businesses in a public tabletop exercise playing the role of attacker.


7: NOVEMBER 4 & 11

Certified Cyber Security Architect (CCSA) Workshop

Ali Pabrai | CEO | ecfirst.com

The Certified Cyber Security Architect (CCSA) workshop will provide you with the knowledge to achieve the CCSA certification. CCSA is a unique program that validates the knowledge and skills to examine, build a practical and applicable cyber security program for your organization. 

The CCSA workshop will cover four major areas: 1) Step through core components of a NIST-based cybersecurity program; 2) Identify policies that reflect an organization’s priority for security in the areas of risk assessment, mobile devices, cloud computing, encryption and more; 3) Walk thru incident management and other checklist documents to establish consistency in monitoring enterprise security capabilities; and 4) Examine the U.S. DoD CMMC cybersecurity standard, an important industry reference.

Who should attend:

Compliance professionals and managers, information security officers, security practitioners, privacy officers, internal compliance auditors and senior IT professionals.

Learning Objectives
  1. Learn about the core components of an actionable incident response plan.
  2. Recognize the policies that reflect an organization’s priority for security in the areas of risk assessment, mobile devices, cloud computing, encryption and more.
  3. Gain practical expertise walking thru an incident management scenario to learn what is required to establish consistency in monitoring enterprise security capabilities.

About the Instructor

Ali Pabrai

 CEO | ecfirst.com

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), Security +, CCSFP, is the CEO of ecfirst. A highly sought after information security and regulatory compliance expert, he has successfully delivered solutions on compliance and information security to organizations worldwide. 

Mr. Pabrai has presented opening keynote and other sessions at several conferences, including ISACA, ISSA, FBI InfraGard, HIMSS, HCFA, HIPAA Summit, Microsoft Tech Forum, NASEBA Healthcare Congress (Middle East), Kingdom Healthcare (Saudi Arabia), Internet World, DCI Expo, Comdex, Net Secure, Nurse Practitioners Conference, National Council for Prescription Drug Programs (NCPDP), National Council for State Board of Nursing IT Conference, and many others.


8: DECEMBER 2

Employing the Mitre ATT&CK Knowledgebase for Critical Infrastructure Protection

Otis Alexander | Cyber Security Engineer | Mitre Corporation

Operators of Industrial Control Systems (ICS) like those used in the electric power substations lack the capability for active defense of their systems from cyber adversaries. Critical to building defenses is understanding potential and past cyber adversary behavior. Building a threat model for ICS systems, e.g. ATT&CK for ICS will enable the industry to prioritize and enhance defenses, sharing threat information relative to adversary Tactics and Techniques, and enable more effective incident response. MITRE will present their ATT&CK for ICS model with associated use cases of past and recent incidents.

Who should attend:

Cybersecurity professionals protecting networked industry control systems

Learning Objectives
  1. Learn how the ATT&CK for ICS framework can be used to tune your log analytics to reduce false positive alerts
  2. Learn to apply the framework to identify gaps in your event detection schemes, analytics and data collection.
  3. Gain practical expertise walking thru an incident management scenario to learn what is required to establish consistency in monitoring enterprise security capabilities.

About the Instructor

Otis Alexander

Cyber Security Engineer | Mitre Corporation

Otis Alexander joined the Mitre Corporation as a Cyber Security Engineer in 2014. He currently leads the development of the ICS ATT&CK model and focuses on the categorization and emulation of adversary behavior in cyber physical systems. Otis holds a BS and MS in Computer Science from the University of Washington.


9: DECEMBER 9

Business Continuity Planning and Pandemics

Mary Lasky | Program Manager, Johns Hopkins University | Applied Physics Laboratory

All businesses should have a plan for emergencies including natural and man-made.  Recently, the novel coronavirus COVID-19 has heightened organizations awareness for the need of plans.  All attendees will leave with a simple plan for natural and man-made disasters as well as one for a Pandemic.

Who should attend:

All businesses would benefit from this workshop

Learning Objectives
  1. Attendees will have an idea of what a Business Continuity Plan is and will have an opportunity to build a simple one.
  2. Attendees will have an idea of what a Pandemic Plan is and how it differs from a BCP.  They will have an opportunity to build a simple one.
  3. For those with a BCP background, they will have a way of communicating their plans with senior management.

About the Instructor

Mary Lasky

Program Manager, Johns Hopkins University | Applied Physics Laboratory

Mary is the Chairman of the InfraGard National Disaster Resilience Council (NDRC).  She is the lead editor and author of “Powering Through: From Fragile Infrastructure to Community Resilience” an action guide on being prepared if there is grid failure.  Mary Lasky is a Certified Business Continuity Professional (CBCP).  She is on the Foundation for Resilient Societies Board of Directors.

John Jackson

John Jackson | Chair | InfraGard National, Business Continuity Cross Sector Council

John’s business continuity experience spans 40 years. He founded Chi/Cor’s disaster recovery practice in 1980. In 1984, John joined Comdisco, leading their recovery center and consulting businesses during his 18 years. Following this, he held leadership positions with Hewlett-Packard and IBM’s continuity services organizations. John co-founded Fusion in 2005 and retired in 2019. He continues his industry support with DRJ, CI, BCI and InfraGard.


10: DECEMBER 16

Vulnerability and Remediation Tracking Management Program

Terri Reilly | Sr Cyber Security Analyst,  Deputy Program Manager | Department of the Army

What happens when the pen testers are done testing your websites? How do you track discovered vulnerabilities and weak controls once the auditors leave? How do you ensure that your organization tracks, monitors, and remediates all the discovered findings once the dust settles and things are back to day-to-day operations? For many organizations, this is a real concern. Tracking five findings may only require the use of a spreadsheet, but how do you track the weaknesses if your organization has 250, 1000 or even more identified vulnerabilities?  I will provide the audience with a real-life process example for tracking and documenting mitigation and remediation efforts of identified vulnerabilities.

Who should attend:

CISOs, ISSOs, Cyber Security Analysts, Supervisors, Auditors; anyone who is involved with vulnerability identification/management and is looking for ways to build a efficient, repeatable and sustainable program to monitor the remediation process of their organization’s identified vulnerabilities.

Learning Objectives
  1. At the end of this session participants should be able to begin building a sustainable, repeatable, and effective vulnerability tracking process.
  2. Participants will be able to begin setting artifact standards for validation of remediation efforts.
  3. Participants will be better prepared to initiate the cyber vulnerability training awareness that needs to accompany an organization’s vulnerability and remediation tracking process.

About the Instructor

Terri Reilly

Sr Cyber Security Analyst,  Deputy Program Manager | Department of the Army

Terri is a senior IT Professional with 35 years of experience working for the Department of the Army, both as a government employee and now as a contractor. She is employed by Exeter Government Services as a Deputy Program Manager/Sr Cybersecurity Analyst. In 2017, Terri received her Master of Science in Information Assurance and Computer Security from Dakota State University. She holds certifications for EC-Council’s Certified Ethical Hacking, ISACA’s Certified Information System Auditor and ISC2’s Certified Information Systems Security Professional. In addition to her Deputy PM responsibilities, Terri leads a team of auditors conducting assessments of the organization’s servers, workstations, devices, applications, etc., found on the network. The team works directly with system, network and database administrators, application developers, and many others to remediate discovered findings.