Saturday, April 13
9:00 AM – 5:00 PM One Day 8 CPEs
W1 Project Management for Security
Bill O'Connell, Senior Director, Security Programs, Automatic Data Processing, Inc. (ADP)
Many technology projects have a technical focus but lack attention to the human element. To succeed, the security project needs to be treated not as just another technology, but as an agent of organizational change. This workshop will highlight the attributes and benefits of good project management in the context of delivering effective security projects and programs. Ultimately, it will show how the discipline of project management can help us as security practitioners better improve our organization's security posture.
This workshop will cover:
•The project management lifecycle
•The three project constraints (scope, schedule and budget) and how to manage them
•How to manage resources in a matrix environment
•Effective ways to work with non-security practitioners (Finance, HR, Legal, Audit, external third parties, etc.)
•Building a business case and project charter
•Key steps to creating and managing a project plan
•How to manage projects that span organizations and domains
•Addressing soft issues such as politics, culture and competing priorities
•A toolkit for successfully deploying security projects

Saturday, April 13 and Sunday, April 14
9:00 AM – 5:00 PM Two Days 16 CPEs
W2 (ISC)2 Seminar: Business Continuity and Disaster Recovery Planning
Adam Gordon, Instructor, New Horizons Learning Center
This workshop discusses the Business Continuity Management (BCM) and Disaster Recovery Planning (DRP) process and how to use decision trees to select, design and -prioritize backups, storage, -replication, power and facilities. We will discuss the common pitfalls and mistakes that organizations make, using real-world examples. The main focus will be to provide attendees with the core knowledge, understanding and actionable plans to implement or improve existing BC&DRP and the role of VMware in disaster recovery.
This workshop will cover:
•BCP
•Scoping and planning BCM projects
•Business organization analysis
•Assembling a BCM planning team
•Legal and regulatory requirements
•Assessing business impact
•Establishing a continuity strategy DRP
•Classifying and understanding disaster
•Establishing a recovery strategy
•Developing a recovery plan
•Training for and documenting DRP
•Testing and maintaining DRP
•Maintenance tasks
•Using Decision Trees to Design DRP
•Applications to protect
•Priorities and levels of protection
•Recovery sites
•Designing backups and storage
•Design replication, power and facilities VMware vCenter SRM
•VMware high availability
•VMware dynamic resource scheduler
•VMware dynamic power manager
•VMware fault tolerance
•VMware consolidated backup
•VMware data recovery

Two Days 16 CPEs
W3 Securing and Auditing Virtualized Environments DEMO
Alan Sugano, President, ADS Consulting Group
In this two-day workshop you will focus on vSphere and Hyper-V security and audit. You will start with virtualization basics, hardware virtualization considerations and different versions of ESX. You will then review Hyper-V and best practices for securing a Hyper-V environment. Case studies using a combination of live demonstrations and exercises will reinforce important security and audit factors to consider when dealing with a virtualized environment.
This workshop will cover:
•Virtualization basics of VMware vSphere
- Virtualization basics
- ESX basics
- ESX hardware considerations
- ESX backup
- ESX hardening
- vCenter security
- Back-up strategies
- Potential hypervisor attacks
•Hyper-V Security
- Hyper-V basics
- Hyper-V hardware considerations
- Hyper-V backup
- Hyper-V snapshots
- Hyper-V on Server Core
- Hyper-V clustering
- Hyper-V hardening
•A vSphere case study to apply everything learned in the class in a real-world scenario

Prerequisites: A working knowledge of operating system security, networking concepts, and associated logical access controls is assumed.

Sunday, April 14
9:00 AM – 5:00 PM One Day 8 CPEs
W4 Using Google to Find Vulnerabilities in Your IT Environment
Francis Brown, Managing Partner, Stach & Liu, LLC
Google, Bing and other major search engines have indexed and made searchable a wide variety of vulnerabilities on the Web, from exposed password files to SQL injection points. This has not gone unnoticed by hackers. In this workshop, you will gain an understanding of the magnitude of this threat, as well as the importance of being proactive in addressing it. You will be introduced to a slew of new tools and techniques that will allow you to leverage Google, Bing, SHODAN and many more open-search interfaces to track down and eliminate information disclosures and vulnerabilities.
This workshop will cover:
•Search-engine hacking – primary attack methods
- Google hacking and Bing hacking
- Toolkit overview:
Diggity toolset, Maltego, theHarvester, FOCA, and more
•Footprinting target organization networks and applications
- Identifying applications, URLs, hostnames, domains, IP addresses, emails and more
- Port scanning networks passively via Google
- DNS data mining via DeepMagic search engine
•Data loss prevention tools and techniques
•Cloud hacking via Google
- Targeting cloud implementations via search engines
•Adobe Flash hacking via Google and Bing
•Open-source code vulnerabilities
•Finding sensitive information disclosures on third-party sites
- Facebook, Twitter, YouTube, PasteBin
- Cloud document storage (Dropbox, Google Drive, etc.)
•Malware and search engines
- Understanding how search engines are used to distribute malware to users
•Advanced defense tools and techniques
- Search-engine hacking alerts, intrusion detection systems (IDS), dashboards, trending, and intelligence for your organization

One Day 8 CPEs
W5 Mobile Computing Security
Jerod Brennen, CISSP, CTO & Principal Security Consultant, Jacadis
Mobility poses many security-related challenges (anonymous connections, "always on" connections, clear text network traffic, wireless networks, and many more), most of which are seldom fully addressed. This workshop will go through the technical, procedural and administrative solutions available to protect your organization and help you securely embrace mobile computing. It will also include class exercises to evaluate a real-life mobile computing policy and to apply forensics procedures to capture and preserve evidence from mobile devices.
This workshop will cover:
•Risks in using wireless networks and control measures to counter them
•Security steps to protect handheld devices
•Exposures in mobile-device applications and appropriate control measures
•Procedures for mobile device forensics
•Auditing mobile computing environments
•Products and product features that mitigate mobile computing-related risks
To get the most out of this workshop a fundamental knowledge of networking and network security is helpful.

Wednesday, April 17
1:30 PM – 5:00 PM Half Day 4 CPEs
W6 Developing Information Security Policies and Standards
Sandy Bacik, CISSP, ISSMP, CISM, CGEIT, Manager, Global Information Security and Enterprise Architecture, Lord Corporation
With constant enterprise risk and various regulatory requirements, a formalized information security policy architecture is needed. In this workshop you will learn how to review what exists, implement what you need, and continue business without interruptions.
This workshop will cover:
•Differences between policies, guidelines, standards, processes and procedures
•How to develop standards and process architecture to support the organization
•How to gain support for implementing security standards and processes

Half Day 4 CPEs
W7 Securing SharePoint
David Totten, CISSP, PMP, SharePoint MCT, SharePoint Consultant, Fast Track IT Consulting LLC
As with SharePoint administration in general, security setup in SharePoint is handled by different people at different levels. IT administrators determine which authentication and security policies are in effect, site collection administrators and site owners manage the content authorization. Both are equally important, and proper security controls must be in place in order to establish a secure SharePoint environment.
This workshop will cover:
•Practical solutions on how to overcome various security threats in SharePoint
•SharePoint's major security features
•Third-party security integration features
•Proper security architecture and placement design
•SharePoint deployment models
•How to detect security loopholes and mistakes in SharePoint configurations and setup
•How to leverage SharePoint to improve security requirements with vendors
•How SharePoint governance strategies can help enforce security standards

Half Day 4 CPEs
W8 Industrial Espionage: Strategies for Protecting Your Intellectual Property
Michael Podszywalow, CISSP, CISM, CISA, CEH, Founder and Security Consultant, SpyByte, LLC
In this workshop you will gain insight into the use of both technical and non-technical tools for industrial spying, including low-tech gadgets, social engineering methods, key loggers, cyber tools, and other measures. You will also reinforce your knowledge through scenario-based activities that show how thieves capitalize on weak security practices to penetrate organizations.
This workshop will cover:
•Key indicators of espionage activities
•The surprising success of low-tech methods for intelligence gathering
•Live demonstrations of some information-gathering tools
•Recommendations for security awareness training to build resiliency
•Legal considerations and the misappropriation of trade secrets
•How to improve operational, technical and physical security controls to reduce information leakage

Thursday, April 18
9:00 AM – 5:00 PM One Day 8 CPEs HANDS-ON
W9 Advanced Social-Engineering Attacks and Pentesting Tricks
David Kennedy, OSCE, OSCP, CISSP, ISO 27001, GSEC, MCSE, Founder, Principal Security Consultant, TrustedSec, LLC; former CISO, Diebold Corporation
The Social-Engineer Toolkit (SET) is an open-source standard for penetration testers to assess the effectiveness of their overall education and awareness programs. It is designed to achieve both sophisticated and targeted attacks while leveraging human vulnerabilities. This workshop breaks down every aspect of the Social-Engineer Toolkit and allows the attendees to customize attacks in order to bypass effective security controls and make an almost unstoppable attack. SET has been featured on the BBC, the History Channel and a number of other media outlets. It is used by penetration testers across the world.
This workshop will cover:
•How to obfuscate payloads in order to circumvent security controls
•Bypassing security measures to achieve a successful attack
•Customizing your attacks to be effective
•Crash course into Python and developing custom payloads
•Craft attacks that contain multiple attack avenues
•How to have a 99% effectiveness rate on penetration tests
Pre-requisite Knowledge: This course is for those with a basic understanding of Metasploit, Linux, and BackTrack.
Laptop Requirements: Students must have a virtual machine or computer with the latest BackTrack Linux distribution. Students must also have a Windows XP or Windows 7 machine that can be fully patched to perform the social-engineering attacks on.

One Day 8 CPEs
W10 Data Loss Prevention: A Practical Workshop
George J. Dolicker, CISSP, CISA, former Chief Information Security Officer, Lenovo
In this full-day workshop you will learn first-hand how to develop a comprehensive data-loss prevention program. In hands-on exercises you will start with risk management techniques to identify what information requires the protection of DLP services, and how much protection it requires. You will evaluate the balance of a security posture that allows you to gain maximum business advantage from your information assets. Then you will develop skills determining the flow of business-critical information, identifying likely loss points, and how to apply reasonable and prudent preventatives.
This workshop will cover:
•Policy
•Data classification
•Escape vectors
•The time-value of information
•Human factors
•Finding the weakest link
•Plan Bs

Thursday, April 18 and Friday, April 19
9:00 AM – 5:00 PM
Two Days 16 CPEs HANDS-ON
W11 Identifying Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTP)
Stephen Windsor, CEO and Co-Founder, Maddrix; Ronald L. Shaffer Jr., CTO and Co-Founder, Maddrix
The major concerns of many security administrators and analysts is not knowing that their enterprise environment is compromised. The APT and other threat actors have become masters at infiltrating the enterprise and hiding in plain sight. They use the rules of your network to accomplish their mission. Threat actor TTPs are developed to blend into the environment, making it difficult for analysts and responders to grasp the complexity of a compromise if anything is detected. This intensive workshop will focus on understanding the TTPs of sophisticated adversaries, the type of malicious code used, and where to look for the malicious code. Participants will be working from a virtual image that has been compromised and will walk through how to identify and analyze malicious activity.
This workshop will cover:
•A look at the TTPs of the APT and other sophisticated threat actors
•A brief overview of the Microsoft Windows artifacts
•How to analyze Microsoft Windows artifacts
•How to identify persistent locations used by APT threat actors
•How to identify non-signature based malicious code
•Tips and tricks for dynamic and static analysis of malicious code
•Getting the most out of free digital forensic and malicious code analysis tools
Laptop Requirements: Students will be provided a virtual image that has been prepared specifically for this workshop. Students must bring their own laptop running Windows XP Pro (SP2+), Windows 7 or Apple iOS, with a VMware Player or VMware Workstation installed (Fusion for Mac). The laptop must have a working CD/DVD drive and USB port. Students must also bring a USB thumb drive. You must have a working knowledge of VMware and be comfortable configuring the imported image. Students must also be comfortable navigating the Microsoft Windows operating system.