Past Conferences & Presentations


Information Security Awareness Conference 2009

Holyoke Community College is hosting the event on October 16th, 2009 at the Leslie Phillips Forum. The purpose of this conference is to focus attention on cyber security. Awareness presentations are scheduled that will share cyber security information directly related to businesses, academic institutes, and individuals and emphasize the importance of cyber security and the adverse consequences of its failure. Today's highly networked systems environment requires nothing less than our nation's best effort to protect the confidentiality, integrity, and availability of information. "Thinking security" should be a natural reflex for information technology users in the 21st century.

Full Conference Details

SANS COINS Logo

Holyoke Community College
303 Homestead Ave
Holyoke, Massachusetts 01040

Check out my session:
Introduction to Digital Investigations
Friday, October 16, 2009
Time: 7:30 am - 1:00 pm

Presentation Abstract
With the steep rise in e-discovery requests and other internal investigations involving technology, the need for digital forensic skills has never been higher. This session will cover investigation techniques for different operating systems, incident response tactics, and touch on some legal issues. Attendees will learn the foundational skills necessary to perform a successful investigation. Through war stories, best practices and a discussion of suggested minimal standards, attendees will acquire a needed sense of urgency in taking a proactive approach to security investigations.

This presentation is part of the SANS Community Of Interest for Network Security (COINS) program. which was developed as a way of supporting local professional information and cyber security groups by offering SANS instructors and SANS content to local InfoSec Chapters all over the U.S and Canada. They support associations like: Information System Security Association (ISSA), Information Systems Audit and Control Association (ISACA) , High Tech Crimes Association (HTCIA), Infragard and others. For more information on how they can work with your organization, please contact Sonya Goulet, Director of the COINS program (http://www.sans.org/coins/). This session contains excerpts of the SANS SEC 508 Systems Forensics, Investigation, and Response course.

This conference was covered on the local news in Springfield, MA. (Full Story)

 

MTUG 2009 Conference

The 22nd Annual Telecommunications and Computer Networking Conference will be hosted by MTUG in Portland, Maine on Thursday May 28th, 2009.

Full Conference Details

MTUG Logo Holiday Inn By The Bay
88 Spring St.
Portland, Maine

Check out my session:
Computer Forensics, Investigation and Response
Thursday, May 28, 2009
Time: 9:15 am - 10:30 am

Presentation Abstract
With the steep rise in e-discovery requests and other internal investigations involving technology, the need for digital forensic skills has never been higher. This session will cover investigation techniques for different operating systems, incident response tactics, and touch on some legal issues.

This presentation is part of the SANS Community Of Interest for Network Security (COINS) program. which was developed as a way of supporting local professional information and cyber security groups by offering SANS instructors and SANS content to local InfoSec Chapters all over the U.S and Canada. They support associations like: Information System Security Association (ISSA), Information Systems Audit and Control Association (ISACA) , High Tech Crimes Association (HTCIA), Infragard and others. For more information on how they can work with your organization, please contact Sonya Goulet, Director of the COINS program (http://www.sans.org/coins/). This session at MTUG contains excerpts of the SANS SEC 508 Systems Forensics, Investigation, and Response course.

 

RSA Conference 2009 - Where the World Talks Security

The industry's most pressing information security issues were addressed by more than 540 speakers, in 17 class tracks containing more than 220 educational sessions.

More than 325 of the industry's top companies exhibited the latest information security technologies.

RSA Conference 2009 Website

Evan will be moderating two panel sessions this year on the topics of Architectural Risk Analysis and Digital Forensics. Details about these sessions, including panelist biographies and a free podcast, follow:

 

Check out my session:
Architectural Risk Analysis - A Practical Approach
04/21/09 | Session Code: AND-107

How do you validate the design of new applications before coding even begins? Do you have a formal methodology to assess the fundamental design of third-party applications or services? The key is defining an enterprise-wide approach to security architectural risk analysis. This expert panel will describe their experience implementing solutions in many of the most challenging environments.

Listen online to a brief teaser for this panel discussion as part of the RSA Conference 2009 - Podcast Series.

Panel from RSA
From Left to Right: Evan Wheeler, Ken Asnes, Marc French, Scott Matsumoto, and John Rhodes

For a description of Evan Wheeler's background, see the About the Author page.

Kenneth Asnes currently leads Information Security at Novartis Institute for Biomedical Research, based in Cambridge, MA. He has been in the information security field for 15 years working in the areas of software development, architecture, policy and management functions. He is a CISSP and holds Electrical Engineering and MBA degrees from Northeastern University.

Marc French has over 15 years of commercial software product development experience. These products span a broad range of technologies including mainframe systems, graphical UIs, database management systems and mobile systems. His experience encompasses software development management, software development, and professional services. Marc has worked in a variety of verticals including government, healthcare, insurance, and finance. Recently, he has been focusing his efforts in the software security space.

Scott Matsumoto has over 20 years of commercial software product development experience. These products span a broad range of technologies including component-based middleware, performance management systems, graphical UIs, language compilers, database management systems and operating system kernels. His experience encompasses executive management, software development management and software development. Matsumoto founded Xtremesoft, a software company that develops products for Microsoft-based applications where he served as both CEO and CTO. Matsumoto also served as the CTO for Spring Street Networks, an online social networking company.

John Rhodes currently works at the Federal Reserve Bank. Prior to coming to the Federal Reserve, he has served as faculty at NYU and later served as the Director of computer services. As the Executive Director of Kaplan Inc., a Washington Post Company and provider of educational services, he was responsible for the overall technology strategy as well as their security division. He also was the Senior Director of Global Technology at Cable and Wireless, and the Director of professional services at IPSoft where he established and led the international information security practice. His previous experiences as a practitioner and strategist have focused on the information security aspects of IT. John Rhodes holds the PMP and CISSP certifications.

 

Check out my session:
How to Prepare for the Five Most Common Security Investigations
04/22/09 | Session Code: ESS-202

Learn what steps are necessary to prepare for the 5 most common security investigations from this panel of forensic and incident response experts. Each panelist will explain the essential planning steps organizations must take in advance to avoid common pitfalls. The panelists will provide their unique perspectives on each topic, from legal considerations to safe malware handling techniques.

Panel from RSA
From Left to Right: Eric Gentry, David Thomas, Jim DeLorimier, Lenny Zeltser, and Evan Wheeler

David Thomas is a top litigator for the lawfirm of Greenberg and Traurig. He focuses his practice of civil litigation in state and federal courts across the country and counsel's clients how to mitigate litigation risk. David helps corporations with issues surrounding intellectual property, and consumer protection litigation both on the state and federal level.

Jim DeLorimier is the Forensic/CIRT Leader for New Jersey Manufacturer's Insurance. Mr. DeLorimier's expertise include data extraction and analysis, computer forensics and e-discovery. He has assisted attorneys and corporations in understanding the issues surrounding electronic evidence, including acquisition, analysis and production of data. His industry experience includes the health care, pharmaceutical, manufacturing, construction, retail and insurance sectors. He has also developed processes to extract data over the client's own internal network or internet using best in class tools. These initiatives resulted in reduced lead-time for the submission of evidence and the ability to curtail unnecessary investigations. Mr. DeLorimier's certifications include CISSP, EnCE, FTK, and GCFA.

Eric Gentry serves as a Principal Consultant for the Investigative Response practice at Verizon Business. In this role, he is responsible for customer-facing incident response, computer forensics, IT investigative work, and litigation support/eDiscovery around the world. His extensive experience includes investigations and intelligence analysis for the U.S Army, FBI, and DEA, as well as many commercial organizations.

Lenny Zeltser leads a security consulting team at Savvis. He is also a Board of Directors member at SANS Technology Institute, a SANS faculty member, and an incident handler at the Internet Storm Center. Zeltser frequently speaks on information security and related business topics at conferences and private events, writes articles, and has co-authored several books. He is one of the few individuals in the world who have earned the highly-regarded GIAC Security Expert (GSE) designation. He also holds the CISSP certification. Zeltser has an MBA degree from MIT Sloan and a Computer Science degree from the University of Pennsylvania. For more information about his projects, see http://www.zeltser.com.

For a description of Evan Wheeler's background, see the About the Author page.

Since the conference, the panelists (from this year and last year) and I have started a weekly blog on the RSA365 Website based on where we left off with our discussions at the conference: Take a Byte Out of CyberCrime. Each week we cover how to prepare for digital forensic investigations in more detail than we had time to cover at the conference.

 

Clark University Professional Development Seminar Series

The Masters of Science in Information Technology program at the College of Professional & Continuing Education at Clark University is hosting a free seminar for technology professionals on January 8, 2009.

Register Now for this Seminar

Clark University
Tilton Hall
950 Main Street
Worcester, MA 01610

Check out my session:
Shifting the IT Focus: From Security to Risk Management
Thursday, January 8, 2009
Time: 9:00 am - 3:30 pm

Presentation Abstract
In many IT security programs, information security is forced on the organization. This approach often creates resistance leading to limited success in actually securing the environment. The IT security group should work collaboratively with the business units to identify and prioritize the real threats to core business objectives. By shifting the focus away from blindly applying industry standards across the board and minimal compliance with regulations, the IT security function can help to identify and address the risk exposures that are most likely to impact the organization.

In this seminar, we will discuss the basic building blocks for any good Information Security Risk Management Program including several prerequisites. We will also look at approaches to building this program from scratch and where to focus resources initially.

By the end of this seminar, attendees should have a solid understanding of security risk analysis fundamentals and tools to implement a security risk management program in their own organization.

For more information about related courses at Clark University that Evan Wheeler is teaching, see the Teaching Experience Page. Participants in this seminar will receive a 20% discount for the following Spring 2009 semester courses:*

  • Data Security & Privacy
  • Information Security Risk Management
  • e-Commerce/e-Business
* New Enrolling Students only

 

CSI Conference 2008 - Security Reconsidered

CSI 2008 features a comprehensive program, covering security from both a management and technical perspective. We know that you live in the real-world, that security needs to be part of the business plan, and that you need solutions that work.

CSI 2008 Conference Website

CSI Conference Logo Gaylord National Resort and Convention Center
201 Waterfront Street
National Harbor, MD 20745
Phone: 301.965.2000

Check out my session:
Assessing Your Organization's Forensic Readiness
Wednesday, 11:00am - 12:00pm
60-minute Session

Presentation Abstract
As security breaches continually make headlines, companies can no longer afford to be reactive with regards to forensic incident response. Learn a formal process to proactively examine your organization's ability to facilitate a thorough investigation of an intrusion or internal policy violation. Attendees will receive a "Digital Forensic Readiness" checklist.

Topic: Incident Response - Forensics, Disclosures

Presentation from CSI
Evan Wheeler answers questions from attendees after the presentation

Download a copy of the checklist (PDF) that I distributed at the CSI 2008 Conference. This checklist is in the early stages of development and I welcome feedback on ways to improve it.

 

RSA Conference 2008 - Insightful. Engaging. Interactive.

In information security, you're trained to expect the unexpected. Changes occur in a nanosecond. Stay on top by staying one step ahead -- attend RSA Conference!

Join us for the most comprehensive forum in information security. Come learn about the latest trends and technologies, get access to new best practices, and gain insight into the practical and pragmatic perspectives on the most business critical issues facing you today.

Connect and collaborate. Build your professional network. And mingle with 17,000 of the industry's best and brightest.

RSA Conference 2008 Website

Check out my session:
Plan in Advance for a Forensic Investigation
04/10/08 | Session Code: DEPL-303

A star panel of digital forensics experts is available to answer questions regarding incident investigations. With a focus on a proactive approach to forensics the panel will cover safe guard measures and policies to implement before an incident occurs. The panel legal experts will explain how and when to work with law enforcement, and how to do so without compromising IP, brand and reputation.

Panel from RSA
From Left to Right: John (JJ) McLean, Jim DeLorimier, David Thompson, John Rhodes, and Evan Wheeler

JJ McClean is a Detective Lieutenant for the Medford Police Department and also heads the NEMLEC crime lab in New England. Past assignments include the Secret Service and US Attorney's office. JJ is a professor at Northeastern University and also a co-author of the "Handbook of Computer Crime Investigation: Forensic Tools & Technologies".

Jim DeLorimier works as an Information Security Analyst for New Jersey Manufacturers Insurance focusing on forensics and incident response. He has also worked as an investigator for corporations such as TD Ameritrade and Bistrol Meyer Squib. He has also worked in cooperation with the FBI and Secret Service on many criminal investigations in the past.

David Thomas is a top litigator for the lawfirm of Greenberg and Traurig. David helps corporations with issues surrounding intellectual property, and consumer protection litigation both on the state and federal level.

John Rhodes works for the National Information Security Assurance group at the Federal Reserve Bank, and he is responsible for architecture and standards among other things. John is a former Director at NYU, and has often spoken on the topic of forensics and digital evidence.

For a description of Evan Wheeler's background, see the About the Author page.

Since the conference, the panelists and I have started a weekly blog on the RSA365 Website based on where we left off with our discussions at the conference: Take a Byte Out of CyberCrime. Each week we cover how to prepare for digital forensic investigations in more detail than we had time to cover at the conference.