2020 N.C. Cybersecurity Awareness Symposium
Videos
Opening Remarks
Welcome from Gov. Roy Cooper
Partnering Through NC 2-1-1
Business Continuity & Pandemic Planning
Cybersecurity: A Driving Force Behind Cloud Adoption
Public Safety Information Security – Protecting Critical Infrastructure
Agenda & Materials
Monday, Oct. 5, 2020 (Day 1)
The two-day virtual 2020 N.C. Cybersecurity Awareness Symposium is aimed at those in state, local and academic institutions. Find the agenda below, as well as links to videos, presentations and other related materials. (Please note video and materials are limited only to certain sessions.)
Time | Session | Speaker | Related Materials |
---|---|---|---|
10 a.m. to 11:40 a.m. |
|
Thomas Parrish Acting Secretary and State Chief Information Officer N.C. Department of Information Technology |
None available |
Welcome | Gov. Roy Cooper Governor State of North Carolina |
None available | |
The Evolution of Ransomware | Jason Rivera Director, Strategic Threat Advisory Group CrowdStrike |
2020 Global Threat Report | |
1 p.m. to 2 p.m. | Partnering Through NC 2-1-1 for Easy Reporting of Cybercrimes by North Carolinians |
Heather Black Kristin Judge |
None available |
1 p.m. to 3 p.m. | Automation & Security: A Match Made in Heaven | Brad Dispensa WWPS Specialist SA AWS |
None available |
1 p.m. to 5 p.m. | Hands-On Defending Exercise | Tanium | None available |
2 p.m. to 3 p.m. | Business Continuity & Pandemic Planning | Debora Chance IT Business Continuity/Disaster Recovery Specialist N.C. Department of Information Technology |
Session Materials (ZIP file) |
2 p.m. to 3 p.m. | Role of DHS Assessments in Executive Risk Decisions |
Sean McCloskey Roland Varriale |
Tuesday, Oct. 6, 2020 (Day 2)
The two-day virtual 2020 N.C. Cybersecurity Awareness Symposium is aimed at those in state, local and academic institutions. Find the agenda below, as well as links to videos, presentations and other related materials. (Please note video and materials are limited only to certain sessions.)
Time | Session | Speaker | Related Materials |
---|---|---|---|
9:30 a.m. to 10:35 a.m. |
Public Safety Information Security – Protecting Critical Infrastructure
|
Greg Hauser Statewide Interoperability Coordinator/Communications Branch Manager N.C. Emergency Management |
Slide Presentation |
10:45 a.m. to 11:45 a.m. | Cybersecurity: A Driving Force Behind Cloud Adoption | Michael South Principal Business Development Manager for Security AWS |
Slide Presentation |
1 p.m. to 4 p.m. | TTX for K-12 Incident Response |
Matt Chytka Lt. Col. Seth Barun Tom McGrath |
|
1 p.m. to 4 p.m. | Virtual Threat Hunting Challenge | VMware |
None available |
1 p.m. to 4 p.m. | Using Public Toolsets to Evaluate & Improve Your Organization’s Security | Roland Varriale Cybersecurity Analyst Argonne National Laboratory |
None available |
2 p.m. to 4 p.m. | Managing COVID-19-Era Third-Party Risks with Real Data | Evan Tegethoff Vice President of Consulting Engineering BitSight Technologies |
None available |
Monday, Oct. 5, 2020 (Day 1)
The Evolution of Ransomware
The targeting of U.S. state and municipal governments, health care institutions, critical infrastructure providers and our nation’s universities, coupled with the rise of big game hunting, ransomware as a service and increased collaboration between adversarial state intelligence services and criminal groups, has increased the salience of ransomware.
This brief will cover the latest trends and developments of financially motivated ransomware attacks and how they have leveraged ransomware as a powerful tool for profit generation. Hear about the latest intelligence observations on how threat actors deploy ransomware against various government targets and the latest developments in how the sophistication of ransomware continues to improve.
Partnering Through NC 2-1-1 for Easy Reporting of Cybercrimes by North Carolinians
Thousands of North Carolinians become victims of cybercrimes each year, yet few know how to report the crime or where to turn to for recovery resources. The United Way of North Carolina and Cybercrime Support Network have partnered to leverage the NC 2-1-1 information and referral system as an easily accessible access point for victims of cybercrimes to report crimes and access resources. Attend this session to learn more about this new service aimed at helping citizens respond to and recover from cybercrime.
Automation & Security: A Match Made in Heaven
Now more than ever, it’s important to embrace automation of your security practices to reduce operational burden to your staff and to better safeguard your customers. This session will be a demonstration and lecture on the use of automation for security services in AWS. Learn how to automatically remediate issues like non-compliance, vulnerability and also how you can quickly perform a point in time assessment of your AWS account using AWS tooling and open-source projects.
Hands-On Defending Exercise
Recommended for IT operations, desktop and system administrators and cybersecurity professionals, this session integrates IT and security in a hands-on workshop where users are oriented to cyber tools that facilitate network cyber hygiene. The session will cover:
- Discovery and ownership of unmanaged devices
- Creating an unstoppable asset register and integrating it with other solutions
- Keeping endpoints patched and updated
- Policy enforcement and remediation
- Endpoint performance troubleshooting
- Mapping your network to understand data flow
- Creating an IT hygiene graphical dashboard to visualize data
Business Continuity & Pandemic Planning
Learn how to expand business continuity resilience strategies to prepare for and adapt to unconventional threats.
Role of DHS Assessments in Executive Risk Decisions
This session will discuss the role of assessments in executive risk decisions. Assessments serve a comparative analysis that quantifies security and resilience gaps and enables a conversation about the consequence of loss in an effort to improve both security and resilience of the logical and physical environment.
Tuesday, Oct. 6, 2020 (Day 2)
Public Safety Information Security – Protecting Critical Infrastructure
Over the past few years, public safety information security has become directly exceedingly important to the safety of first responder professionals and, in turn, the citizens of North Carolina. The use of publicly accessible smartphone apps allows for live monitoring of law enforcement’s tactical movements when responding to high-profile events. This session will briefly discuss high-level vulnerabilities and the obstacles that first responders face to providing adequate InfoSec.
Cybersecurity: A Driving Force Behind Cloud Adoption
There are four common challenges that CISOs and their security teams struggle with, even in the most secure and mature organizational datacenters: visibility, resilience, defense-in-depth and automation. Learn how these challenges become benefits of using the AWS Cloud and why cybersecurity is becoming a driving force behind commercial cloud adoption. This is an executive-level presentation that covers key technical concepts and capabilities to meet business security and compliance objectives. Intended audience includes CIOs, CISOs, technical managers, senior architects and engineers new to AWS, and technically savvy business managers.
TTX for K-12 Incident Response
The N.C. National Guard Advise and Assist Team will conduct a virtual tabletop exercise for school systems focused on incident response to a ransomware attack.
Virtual Threat Hunting Challenge
In today’s changing environment, it is even more important to protect your organization from destructive attacks. The Virtual Threat Hunting Challenge offers hands-on threat-hunting experience with VMware Carbon Black's latest products to protect your organization from destructive attacks. During this event, you will:
- Learn how to find attacks used in actual incidents
- Advance your skills with the latest threat knowledge
- Get hands-on with VMware Carbon Black Cloud and discover why real-time device assessment and remediation are key for a remote workforce
- Talk to experts individually about how to uplift your organization's security operations strategy
Players accrue points based on response accuracy and speed. Follow your progress with the group leaderboard updates in real time.
You must have Firefox or Chrome to participate.
Using Public Toolsets to Evaluate & Improve Your Organization’s Security
This session is a discussion of toolsets and methods used by security professionals to identify and evaluate possible vulnerabilities within an organization, both internally and externally. This will include techniques for identifying devices and assets on a network, scanning for services and identifying vulnerabilities within those devices and services. The session will include the use of virtual machines within a sandbox environment to gain hands-on experience with some of tools in a live, but safe, environment. Finally, the session will focus on some technical, security measures that may mitigate some risk associated with common vulnerabilities.
Managing COVID-19-Era Third-Party Risks with Real Data
The COVID-19 era has brought many new challenges to third-party risk. Trends such as increased work from home and the changing ways we interact with vendors have driven a greater need for immediate data.
This presentation will include a demonstration of a data-driven approach to third-party risk using BitSight. Additionally, various facets of the threat environment will be discussed, highlighting the changing nature of third-party risk.
What platform will be used for the 2020 N.C. Cybersecurity Awareness Symposium sessions?
Most sessions will be held via WebEx, GoToMeeting or Amazon Chime. Prior to each session, you will receive a notification with information on how to join the event.
Will the sessions be recorded?
Many sessions will be recorded and made available on this webpage following the event. Some sessions, however, will not be available.
What do I do if I need to change my registration?
If you must change your registration, send a message by noon on Friday, Oct. 2. Changes received after this time might not be fulfilled.
What if I can’t attend a session?
Because some sessions are limited to a certain number of participants, please send a message if you are no longer able to attend a session. Letting us know will also help us keep an accurate count of who is attending.