Home

Cornerstones of Trust 2012

COT2012 is truly about raising the security expertise and effectiveness of our ISSA and InfraGard members. Please take advantage. We are bringing our members another efficient, high-value, impactful security conference focused on industry trends and member priorities. With "Raising Security IQ: the Art of Balancing Risk with Opportunities"

Register Now!

Attendees can also elect to be entered into the drawings where many great prizes will be given away, including a free ticket to the San Francisco SANS Conference Cloud Security Fundamentals ($1800 value ).

Track Details

Edify Your Mind – Learn how to educate your users, the “force multiplier” in your information security program. Sharpen the skills that will mean the most for your career. Learn about the education, certification, and professional involvement opportunities to maximize your value as a security professional.

Harness Mind-bending Technologies – Understand the impact of key trends and issues in the technology landscape. Build a technology strategy based on business strategy, develop a technology roadmap, and choose, source and implement solutions for lasting value.

Corralling Mobile and Cloud Chaos – Mobility and cloud computing offer the potential to transform the enterprise. Shape the future and bring clarity to the opportunities, risks, and strategic issues for enabling business from anywhere to anywhere at any time.

Set the Business Free – Focus your security program to enable your business at acceptable risk. Move beyond compliance to strategic advantage. Make “metrics that matter” your guideposts toward business goals.

SANS Track Details

Twenty Critical Security Controls - The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through. These controls allow those responsible for compliance and those responsible for security to agree, for the first time, on what needs to be done to make systems safer. No development in security is having a more profound and far reaching impact.

Preston Wood

EVP CSO, Zions Bancorporation

Preston oversees Zions’ Fraud Management, Security Analytics and Forensics, Information Security, Physical Security, Corporate Investigations, Technology and Operations Risk, and Business Resiliency for eight banks in eight high growth western markets.

He is a veteran Security and Information Technology professional, with over 15 years of hands-on experience in an Information Technology, Security, and Risk capacity. Because of this, he is a frequent speaker on various security and fraud topics. Preston’s unique blend of skills combines real-world business and technology experience with a keen understanding of security and risk management.

He holds a Bachelor’s Degree in Computer Science and an MBA.

The commercialization of IT and the pervasive migration to virtualization, mobility and big data has resulted in a shift in cyber Advanced Persistent Threat (APT) techniques and tactics whereby the modalities for attack weaponization has expanded far beyond conventional “kill chain” staging and exploitation. The Internet, predicated on interconnectivity, has enabled global innovation, social, economic and technology growth exposing many of our Nation’s critical infrastructures, individuals, public, private and commercial enterprises to an unfamiliar and unsafe communication “chain”. In this new Cyber Kill Chain, the challenge to effective risk exposure mitigation is to focus on three main areas: (1) assess Breach Exposure Time (BET) whereby an APT target has either been a victim and/or made a weapon as a catalyst for a given attack; (2) determine over time and visualize distinct attack surface artifacts within Cyber Kill Chain curves (chaining) and; (3) calculate and identify the optimal points of inflection where a given enterprise’s ability to actively detect, deny and demobilize is realized.

Research methodologies included an analysis of previous research and reporting, forensic analysis, interviews with security practitioners, users and officials with expertise within critical infrastructure control systems, manufacturing, defense/aerospace, financial and biomedical industries. Results revealed that several factors contributed to the shifts in APT attack methodologies and the Cyber Kill Chain: (1) adoption of standardized technologies with known vulnerabilities; (2) increasing interconnectivity and dependencies among public, academic and commercial domains; (3) manufacturing and supply chain vulnerabilities and; (4) widespread availability of open source targeting information. The perception that securing enterprises will be economically unfeasible coupled with conflicting priorities within organizations is only contributing to the greater challenge. Increased collaboration and a new mindset are necessary to understanding and framing innovative approaches to intelligently interacting within the new Cyber Kill Chain.

Peter Tran

Senior Director for RSA’s Advanced Cyber Defense Practice

Peter M. Tran is the Senior Director for RSA’s world-wide Advanced Cyber Defense Practice. He is responsible for Global Incident Response/Discovery (IR/D), breach readiness, remediation, SOC/CIRC redesign and proactive computer network defense services. Prior to RSA, Peter led Raytheon’s commercial cyber professional services as well as its enterprise Cyber Threat Operation Programs for SOC/CERT, IR/D, intelligence, APT threat analysis, technical operations, exploitation analysis and adversarial attack methodologies research/tools development. He possesses over 17 years of combined government, commercial and research experience in the field of computer forensics and Information Assurance/ Security. He is a Six Sigma Qualified Specialist and holds numerous technical certification to include the Certified Information Systems Security Professional (CISSP), Paraben Handheld Device/GPS Signals Examination and the SANS Institute GIAC Reverse Engineering Malicious Code Certification.