Skip Main Navigation

Community College of Rhode Island


Wednesday, Oct. 30, 2013, Presentations

CCRI Knight Campus, Warwick, R.I. [Directions]

Bobby Hackett Theater, 4090 Board Room, Lower Commons, Room 1128/1130

Registration and general session (8 a.m. to 1:45 p.m.)
Time Event / Title Presenter Location
8 to 8:45 a.m. Registration   Lower Commons
8:45 to 9 a.m. Welcoming remarks Ray Di Pasquale
President, CCRI
Bobby Hackett Theater
9 to 10 a.m. Where do you draw the creepy line?
Privacy, big data analytics and the Internet of things
Rebecca Herold
CEO of the Privacy Professor
Bobby Hackett Theater
10 to 11 a.m. Social media and open source targeting: Common sense is the best defense Scott G. Brown
Intelligence Analyst, Boston FBI
Bobby Hackett Theater
11 to 11:15 a.m. Break
11:15 a.m. to noon The unknown threat:  Who's inside your organization? Henry Marquez
Regional Security Architect, ePlus Security
Bobby Hackett Theater
Noon to 12:45 p.m. Lunch   Lower Commons
1 to 1:45 p.m. SANS 2013 Critical Security Controls Survey: Moving from awareness to action John Pescatore
Director of Emerging Security Trends, SANS Institute
Bobby Hackett Theater
Breakout sessions and Wrap-up (2 to 4:15 p.m.)
Time Event / Title Presenter Location
2 to 2:45 p.m. Breakout session I Would you give 10 percent of your IT budget to be secure? Sherry Horeanopoulus
Information Security Officer, Fitchburg State
Room 1128/1130
The IAM Program Development Toolkit: an Educause resource David Sherry
Chief Information Security Officer, Brown University
Bobby Hackett Theater
Security considerations when building a Vulnerability Management program. Laurie MacCarthy
Director, Field Operations, Qualys, Inc.
Board Room (4090)
2:45 to 3 p.m. Break
3 to 3:45 p.m. Breakout session II PCI DSS news and events:
PCI gray areas, PCI 3.0 and a PCI case study
David Rawlinson, CPA, CFE, MPAc
Assistant Controller, CCRI

Brad Chronister
Manager of Security Consulting and Lead QSA, Control Scan Inc.
Board Room (4090)
Next generation threat prevention Josh King, CCIE Security #18303
Technical Director of Security, Atrion Corporation
Room 1128/1130
Cyber forensics Victor Fay-Wolfe, Ph.D.
URI's Digital Forensics and Cyber Security Center
Bobby Hackett Theater
4 to 4:15 p.m. Wrap-up Steve Vieira
Bobby Hackett Theater

Presentation Descriptions

Where do you draw the creepy line? Privacy, big data analytics and the Internet of things.

Presenter: Rebecca Herold

New technologies are rapidly entering the consumer market, creating new and exciting services and new challenges for privacy professionals. For example, huge amounts of patient data is collected and stored within bio-med devices. The smart grid is attaching homes with utilities, smart appliance vendors, PEV owners and others to gain insights into living experiences. Consumers are now walking cash registers, paying for goods by simply swiping their smartphones. Smart cars transmit data about location and driving habits. Retailers track the movements of shoppers and digital billboards and mannequins interact with consumers. Drones are live-streaming images wherever they can get the airspace. And vast amounts of data is automatically uploaded to social media sites, where marketing, research and other types of organizations are gobbling it up to data crunch with other data sources to produce vast amounts of new insights into the lives of consumers, patients, and potential terrorist and crime suspects. When does all this data collection and analysis cross the creepy line? In this lively session, Rebecca will provide an overview of leading edge data uses, associated big data analytics and the privacy challenges. She will offer attendees some privacy questions to ask their organizations whenever they are considering the use of new Big Data analytics.

Social media and open source targeting: Common sense is the best defense

Presenter: Scott G. Brown

Scott G. Brown from FBI Boston's Intelligence Branch will provide a presentation on open source security vulnerabilities and adversarial targeting via social media. His real-time and interactive presentation will assist higher education professionals to recognize potential indicators of suspicious social networking activities; exploitation of personal identifying information (such as screen names, emails, etc.); and use of social media platforms to conduct a variety of criminal activities. He will also provide participants with a "cheat sheet" highlighting ways to protect their online footprints and defend the integrity of their online presence.

The unknown threat: Who's inside your organization?

 Presenter: Henry Marquez

With today's unknown cyber-attackers we are left to wonder what is really going on in our organizations every day. We hear about companies losing data and, more importantly, their credibility and branding. So how can we protect our organizations?

  1. We can't protect what we don't understand.
  2. We can't protect what we don't see.
  3. We can't protect what we don't know.

The best way to understanding is through awareness and visibility inside of our organizations.

SANS 2013 Critical Security Controls Survey: Moving from awareness to action

Presenter: John Pescatore

Over the years, many security standards and requirements frameworks have been developed in attempts to address risks to enterprise systems and the critical data in them. However, most of these efforts have essentially become exercises in reporting on compliance and have actually diverted security program resources from the constantly evolving attacks that must be addressed. In 2008, the U.S. National Security Agency recognized the diversion of resources as a serious problem, and the agency began an effort that took an "offense must inform defense" approach to prioritizing a list of the controls that would have the greatest impact in improving risk posture against real-world threats. A consortium of U.S. and  international agencies quickly grew and, ultimately, recommendations for what were to become the Critical Security Controls (CSCs) were coordinated through the SANS Institute.

How well are the CSCs known in government and private industry, and how are they being used? More importantly, what can we learn from CSC implementations to date? These and other questions were posed to 699 respondents to a recent online survey conducted by the SANS Institute.

Topics to be discussed:
  • Level of awareness
  • Perceived benefits and barriers to adoption
  • Assessment: Identifying the gaps
  • Levels of adoption
  • Implementation progress and experience
  • Measurement and metrics

Breakout session I

Would you give 10 percent of your IT budget to be secure?

Presenter: Sherry Horeanopoulus

Achieving a measure of security for your institution costs money ... but is it actually affordable, especially after the initial purchases go to maintenance costs? This presentation follows Fitchburg State's sometimes amusing path from "0 mph* to 60 mph*" and what it cost to go beyond compliance to a reasonable state of security.

*measures per hour

The IAM Program Development Toolkit: an Educause resource

Presenter: David Sherry

Throughout 2012 and early 2013, a team of higher education practitioners from across the country developed an Identity and Access Management Toolkit at the request of Educause. This session will review the final product, and is meant to be a discussion and information sharing session for those who attend. It is led by a member of the working group who will share the methodology and facilitate discussion on its use as a resource for an enterprise that is just starting an IAM initiative or benchmarking a current program.

Security considerations when building a Vulnerability Management program.

Presenter: Laurie MacCarthy

Description coming soon.

Breakout session II

PCI DSS news and events: PCI gray areas, PCI 3.0 and a PCI case study

Presenters: David Rawlinson, Brad Chronister

Curious about the changes coming to PCI DSS 3.0? Want to discuss a specific PCI question with a QSA? This presentation will provide opportunity for both and more as Brad Chronister, lead QSA at ControlScan, provides insights on some of the trickery areas of the PCI DSS to navigate as well as insights on the upcoming new version of the standard.  Additionally, Brad will present a case study outlining one organization's PCI compliance issues and strategy.

Next generation threat prevention

Presenter: Josh King, CCIE Security #18303

The threat of malware infection, botnet activity, data loss or even breach is becoming more and more prevalent. With the frequency of 0-day attacks and the risk of APTs increasing, it is clear that traditional perimeter firewalling is no longer sufficient.

This session will discuss what technologies are available to help combat this ever-evolving threat, as well as what criteria is the most important when choosing a platform that will protect the assets and reputation of your organization.

Cyber forensics

Presenter: Victor Fay-Wolfe, Ph.D.

Cyber forensics is the application of forensic science techniques to the discovery, acquisition and analysis of digital evidence in legal matters. It includes finding evidence on hard drives, phones, and network activity. This presentation overviews the forensics processes, laws, and technology used in the fields of digital forensics and cyber forensics - illustrated with cases worked at the RI Digital Forensics Center. Learn more on Cyber Forensics

Dr. Fay-Wolfe will describe many cyber challenges and also discuss the following topics:

  • Open Cyber Challenge Platform solution
  • Virtual Target Network (VTN)
  • Humans in network defense
  • Penetrating testing
  • Secure programming
  • Digital forensics

This page developed and maintained by Web Services. Send comments and suggestions to

Last Updated: 7/26/16