SESSION DESCRIPTIONS and BIOS for CyberOSINT: Threat Detection via Automated Collection and Internet-Accessible Information


SESSION DESCRIPTIONs AND SPEAKER BIOs 7:30 - 8:15 Registration 8:30 - 8:40 Welcome Presented by: Dr. Jerry Lucas, President, TeleStrategies 8:40 - 9:00 Next Generation Information Access: The CyberOSINT Disruption Today integrated platforms are necessary for automated collection and analysis of open source data and information. Standalone software that perform isolated functions like statistical analysis or entity extraction do not deliver results that have context. Next Generation Information Access (NGIA) systems deliver context and high-value outputs that can be used for tactical and strategic action. NGIA systems provide applications that meet the needs of today’s law enforcement, security, and intelligence professionals. NGIAs provide the Launchpad for more sophisticated use of large volumes of social, Web, and third-party information and data. Today’s program showcases companies and technology that are on the front of automated collection and analysis for threat detection. Presented by: Stephen E. Arnold, Managing Partner, ArnoldIT BIO: Stephen E. Arnold began his work career at Halliburton Nuclear Utility Services in 1973. He worked at Booz, Allen & Hamilton until 1981 when he began work on full text information systems. He and his team developed The Point (sold to Lycos) an automatic Web indexing system and Xoom (sold to General Electric) an online video delivery system. In Year 2000 he worked on the initial index of the US government and then his team built the online system for the Threat Open Intelligence Gateway. He is the author of The Google Legacy (2005), Google Version 2 (2007), and Google: The Digital Gutenberg (2009). He contributes monthly columns about online systems to Information Today and to KMWorld. He is a summa cum laude graduate of Bradley University and he has completed work on his PhD at the University of Illinois. He has no plans to go back to school at age 70. He has worked as an expert witness and has provided advisory services to a wide range of organizations over the last 30 years. SESSION ONE: Best Practices for Deploying an Automated Collection and Analysis System for Threat Detection. A US and international Perspective. 9:00 - 9:30 CyberOSINT Architecture: Methods and Mechanisms for LE/Intel With exponential growth in online content and the multiple streams of data available from Surface Web, Deep Web, Dark Web and Social Media, law enforcement and intelligence organizations are required to build on the power of light tools to truly gain insight. This presentation will introduce important tradecraft and methodologies to consider when building a large-scale deployment to assist in OSINT objectives. Presented by: Tyson Johnson MA CFE CPP, BrightPlanet Speaker BIO: Starting his career in the Canadian Security Intelligence Service (CSIS), Tyson worked as an Intelligence Officer on both Counter-Terrorism and Counter-Intelligence files. He became aware of BrightPlanet during his tenure as an Intelligence Officer, recognizing the value of harvesting Open Source Intelligence (OSINT) for risk management. After departing CSIS, Tyson became the corporate security lead for TD Bank Financial Group – a multinational bank with its headquarters in Toronto, Canada. Tyson built a proactive security program, utilizing BrightPlanet’s technology as the core of his OSINT threat assessment program. Branching out from TD Bank, Tyson joined Celestica Inc., a global electronics manufacturing company, with operations in countries across the world. He was responsible for security, investigations and supporting compliance operations. At Celestica, Tyson recognized the need for BrightPlanet’s harvesting technologies to monitor online B2B and trade boards to watch for stolen products and parts of the OEM customers Celestica was contracted to build for. He is a Certified Fraud Examiner (CFE) and board certified as a Certified Protection Professional (CPP) by ASIS International. He is a member of the Chief Security Officer (CSO) Roundtable at ASIS and is a board member of the Canada – Southern Africa Chamber of Business, where he speaks on the topics of risk management and Corporate Social Responsibility. 9:30 - 10:00 Expert System Cogito: Facilitating International Automated Collection and Threat Detection via Open Source Information The volume and diversity of data being collected in intelligence activities make it hard for commanders to extract insight from the information at their disposal. Many organizations are increasingly turning to semantic technology to help them manage, integrate and gain intelligence from the multiple streams of unstructured data and information they manage; communications, conversations, data, news, etc. rarely has an organized form, such as a database structure. Intelligence officers need an intuitive way to extract insight from massive-scale data of disparate types. They need to enrich the raw data with their analytic insight, so other officers can benefit from the work of their colleagues. And they need to secure the data in a highly granular way, so they can safely collaborate while respecting privacy, civil liberties, and data handling policies. In this session, we will draw on our experiences working with some of the world’s largest organizations to provide examples of the application of semantic technology for information analysis and intelligence and its integration with third party platforms Presented by: Luca Scagliarini, Vice President Strategy and Business Development, Expert System Speaker BIO: Luca Scagliarin provides the leadership for Expert System's worldwide sales organization. Prior to Expert System, as CEO Luca cofounded and launched ADmantX, contributed to an impressive first-year growth at SiteSmith, which culminated in a sale to Metromedia Fiber Network, and has held leading positions at Hewlett Packard in the US and Italy. Luca holds an MBA from Santa Clara University and an Engineering degree from the Politecnico di Milano, Italy. 10:00 - 10:20 BREAK SESSION TWO: Best Practices for Using Automated Collection and Analysis of OSINT to Secure Your Organization's Perimeter from Threats and Attacks 10:20 - 10:50 Rise of Critical Infrastructure Attacks: Protecting Our Vital National Systems from Cyber Threat Protecting networks from cyber threats such as malware, malicious users, spam phishing, scanning, and multiple adversaries; Actual case studies of cyber attacks on critical infrastructure and their impact; How industry leaders are addressing challenges in policy, technology, the procedures to reduce risk and provide a secure operational environment. With cyber crime on the rise, it is crucial that organizations’ security systems adapt to the ever-changing threat landscape in order to meet the breadth of today’s malicious activity. Conventional cyber-security systems simply cannot scale to meet the threat with millions of potential attackers hiding amongst billions of legitimate users. In his address, Seán McGurk will discuss how technology is evolving with the use of an Active Network Defense system that operationalizes enterprise threat intelligence to enhance security and reduce risk for critical infrastructure operations. Presented by: Sean McGurk, Vice President of Business Development and Critical Infrastructure Protection, Centripetal Speaker BIO: Seán McGurk leads Centripetal’s Business Development (BD) team. Seán has extensive experience with the creation, deployment and support of advanced cyber protective systems and organizations. Prior to Centripetal Networks, Seán served as the Global Managing Principal for Critical Infrastructure Protection at Verizon Enterprise Solutions. Earlier in his career he also served as the director of the National Cybersecurity and Communications Integration Center (NCCIC), at the Department of Homeland Security (DHS). Seán is the recipient of numerous awards, including the 2011 Federal-100 award, and the US Navy League award for inspirational leadership. 10:50-11:20 Threat Intelligence: Securing Your Perimeter and Safeguarding Your Organization This session will cover: What characterizes true threat intelligence Why what you don't know about threat intelligence could cost you How to evaluate threat intelligence solutions Steps to building a threat intelligence program James will also discuss practical considerations for justifying an investment in threat intelligence, regardless of your organization type or budget. Presented by: James Carnall, Vice President, Cyber Intelligence Division, Cyveillance Speaker BIO: James Carnall brings a unique and relevant expertise to Cyveillance, combining his broad IT and information security knowledge with international perspective from his work in the US, UK and Australia. James has been with Cyveillance since 2005 and manages the Cyber Intelligence Analyst team and security as well as the Global Intelligence and Legal Advisory teams. His expertise allows him to work closely with clients to help them identify and manage risks, as well as prepare for and respond to new trends and vulnerabilities. James is a frequent speaker and contributor to many industry events and publications. Prior to joining Cyveillance, James worked for Franklin Covey in the education and training services industry. Before moving to the US, he worked in Australia managing his family’s transport and logistics company. He holds a BS degree in Information Security with a minor in Business Management from George Mason University. SESSION THREE: Best Practices for Automated OSINT Collection and Analysis for Threat Detection via Single-Provider Frameworks and Platforms 11:20 - 11:55 BAE Systems Products and Services Exploiting Open Source Intelligence Open Source Intelligence (OSINT) has origins dating back to World War II and has become increasingly important since the creation of the Director of National Intelligence (DNI) Open Source Center in 2005. The worldwide use of the Internet and explosion in use of Social Media is driving a rapid evolution in the development of tools and processes to effectively utilize OSINT. As an intelligence domain, the tools and processes developed for OSINT allow analysts to create tailored knowledge in support of public policy (or corporate) decision making. Perhaps the most rapidly growing aspect of OSINT is the exploitation of public and semi-private social media networks, “darknets” of Tor, anonymized web sites, and private networks. BAE’s platform delivers indications, warnings, and information about intentions. The program will discuss the pivotal roles OSINT can play in protection against cyber attacks and geospatial analysis. Presented by: Kevin McNeill, Solution Architect, BAE Systems Intelligence & Security Speaker BIO: Dr. McNeill is a Solution Architect in the CTO Office of BAE Systems Intelligence & Security in McLean, VA and a BAE Systems Global Engineering Fellow. Prior to joining the Intelligence & Security business sector, Kevin was Technology Group Director, Cyber & Communications Technologies Research (CCTR) group. Kevin joined BAE Systems in 2005, working in the area of advanced mobile ad hoc networking (MANET) and C4ISR systems. From 2005 to 2009 he led the development of new mesh networking technologies that have resulted in several patents. In 2009, he was Principal Investigator for BAE Systems research into Cyber Range technology as well as model-based software producibility technology. Kevin holds BA (Mathematics), MS (Computer Science) and PhD (Electrical and Computer Engineering) degrees from the University of Arizona. He received the State of Arizona Governor’s Award for Excellence (1996), and has received several Bronze Chairman’s Awards at BAE Systems, most recently in 2012. He is a co-inventor on a number of patents and is a member of the IEEE, IEEE Computer Society and IEEE Communications Society. 11:55 - 12:30 The Challenge of Drawing Actionable Insight from Automated Collection: The Leidos Approach to Automated Collection and Threat Analysis In this lecture, the importance of the robustness of the Digital Echo cyber OSINT platform is explained. Leidos offers a comprehensive suite of components for performing specific automated collection and threat analysis tasks that can be integrated into most law enforcement and intelligence solutions. For large scale, comprehensive OSINT activities, a modern services oriented architecture, tightly coupled components, and advanced analytics and visualization tools meet the most exacting standards for real world operations. Presented by: Parker Hine, Business Development Lead, Leidos Speaker BIO: Parker Hine is the Business Development Lead for Leidos’ Digital Echo Solution, where he oversees product development, business growth, and IR&D initiatives. He has extensive experience in the collection, analysis, and exploitation of OSINT for the Intelligence Community. 12:30 - 13:30 LUNCH SESSION FOUR: Benefits from the Integration of Advanced Predictive Analytics for Automated Threat Detection 13:30 - 14:10 Recorded Future: Web Intelligence With an estimated 90% of required intelligence available in open source, it is imperative intelligence analysts become adept at mining open sources. Recorded Future can help reduce research time, identify new sources, build timelines, chart networks, perform link analysis, and more. Presented by: Jason Hines, Vice President, Recorded Future Speaker BIO: Jason Hines is Vice President at Recorded Future and joined as the first employee in 2009. Since then he has built, managed, and lead Recorded Future's core commercial business with Fortune 1000 firms and leading government agencies. Most recently Jason established Recorded Future's partner program for threat intelligence service providers. Before joining Recorded Future, Jason was at Google where he helped start and grow their Federal Enterprise business. Prior to Google, Jason was Principal Systems Engineer at Spotfire (now TIBCO), and previously worked as a software engineer within the IC and DoD. 14:10-14:40 Integration Tasks with Palantir and Recorded Future Emerging technology has greatly increased the accuracy, speed and efficiency at which analysis can be conducted. Once a decision is made to acquire a new technology or capability, much must be done to ensure the implementation is done effectively. Whether it's configuring hardware, integrating data or new approaches and workflows, proper processes and standards are critical. Praescient Analytics is a proven provider of all of these services and is passionate about making technology users successful in all they do. Presented by: Brian Rucker, Director of Analytics, Praescient Analytics Speaker BIO: Brian Rucker directs Praescient's core Analytics business, where he deploys the company's suite of integrated technologies as a comprehensive analytic solution to customers around the world. Brian joined Praescient in 2012 as an expert consultant assisting in the deployment of Palantir at ICE-HSI before leading a team of consultants in the deployment of Palantir at the FBI. More recently, Brian directed Praescient's Governance Account, focusing business development efforts on Law Enforcement, Fed-Civ, and select international customers in the Asia-Pacific and MENA regions. Before joining Praescient, Brian served as a Counterintelligence Agent in the U.S. Army; deploying once to Afghanistan and twice to Iraq. 14:40 - 15:00 BREAK SESSION FIVE: A Look Toward the Future of Advanced Analytics and Their Application to Threat Detection and Action 15:00 - 15:30 Enterprise Threat Management: A Comprehensive Risk-Based Approach There is no shortage of data available, referred to these days as “Big Data”. But for security applications, the data is hard to harness and understand to support detection and prevention. While forensic applications are useful, in cases like Target’s breach or Snowden’s disclosures, it’s insufficient to piece together a loss after the fact. What is needed are analytical tools to understand what is happening now and likely risks so that these breaches and surprises can be detected and prevented. This presentation will focus on Enterprise Threat Management and behavioral analytics for preventing cyber, social media, and insider threats. Presented by: Bryan Ware, CTO, Haystax Technology Speaker BIO: Mr. Ware is a pioneer in the development and application of analytic methods and tools for critical security and risk applications. Mr. Ware is the CTO for Haystax Technology where he leads the company’s technology strategy and research and development activities, particularly in behavioral analysis, real-time analytics, cyber threat intelligence, and cloud applications. Mr. Ware was previously the Co-Founder and CEO of Digital Sandbox, Inc., a leading provider of security risk management and intelligence fusion products. Mr. Ware serves on the Board of Advisors of Core2 Group, a company developing business performance indicators for financial applications, derived from Internet traffic data. Mr. Ware also serves on the Stars Network, the industry advisory group for Mach37, a cybersecurity incubator, and is an Advisor to AlphaTech, a big data and cybersecurity executive development group. Mr. Ware holds multiple Patents for risk management and threat detection and received a Bachelor of Science degree in Applied Optics from Rose-Hulman Institute of Technology. He is an alumni of the MindShare executive program. 15:30 - 16:00 Next Generation Human Oversight - Behavioral Analytics to Combat Insider Threat For many years, law enforcement and intelligence professionals have known that some behaviors indicate that an employee might be stealing classified or sensitive information. The difficulty has been finding a way to turn those qualitative, anecdotally derived behaviors into quantitative signals that can be measured and analyzed. Mr. Madon's talk will explore how to leverage behavioral indicators and technology to enable more responsible oversight and help proactively mitigate insider threats. Presented by: Michael Madon, Vice President and General Manager, RedOwl Government Speaker BIO: Michael Madon is the Vice President and General Manager for RedOwl Government. Through software and data science, RedOwl is changing the way governments, companies, and firms conduct responsible oversight of their own people. By applying statistics to an organization’s ever growing digital exhaust, RedOwl’s signature product ‘Reveal’ helps combat the insider threat by examining behavioral signals— hidden among the noise of office communication and activity — to enable security and investigative professionals be more effective, efficient, and proactive. Michael heads RedOwl’s government practice and is responsible for its go-to market strategy, strategic partnerships, business development, and marketing activities. Prior to joining RedOwl, Michael served as Deputy Assistant Secretary (DAS) within the Department of the Treasury’s Office of Intelligence and Analysis (OIA). In that role, Michael was responsible for strengthening and expanding OIA’s relationships with its intelligence community and private sector partners; guiding Treasury’s intelligence collection and requirements activities; and supporting Departmental responses to significant cybersecurity threats to the financial sector. Before assuming his role as DAS, Michael was the Director of OIA’s Iraq Office where he co-led the National Security Council’s Terrorist/Insurgent Finance Working Group (TIFWG). The TIFWG provided strategic-level guidance and direction to the Iraq Threat Finance Cell, enabling unique financial intelligence collection, exploitation, and direct action capabilities for Coalition Forces. Prior to joining Treasury, Michael served as an active duty officer in the U.S. Army and remains a member of the Active Reserve. He has held leadership positions in Airborne, Mechanized and Military Intelligence units stateside and oversees and is a recipient of the Bronze Star. Michael served as a United States Peace Corps Volunteer in Kyrgyzstan, holds a BA from Cornell University, a Master’s in International Affairs from Columbia University, and an MBA from the Wharton School. SESSION SIX: ENDNOTE: CyberOSINT as a Force Multiplier for Next Generation Analytics 16:00 - 16:30 Evolution of the Insider Threat Starting with Adam and Eve, the malicious insider has come up with new tactics to commit fraud and sabotage Today, organizations are more focused on keeping up with external threats to protect assets rather than dealing with their own privileged users. Mike will draw on a decade of experience to discuss what works and what does not work – and the future of effective insider threat mitigation. Presented by: Michael Crouse, Director of Insider Threat Strategies, Raytheon Cyber Products Speaker BIO: Michael Crouse is Director of Insider Threat Strategies for Raytheon Cyber Products. In this role Crouse oversees the execution of cyber audits/anti-malware requirements programs while identifying new growth opportunities. Prior to Raytheon, he served as an Electrical Engineer/Project Lead for the National Security Agency (NSA). 16:30 - 16:45 Concluding Remarks and Thank You by Dr. Jerry Lucas, President, TeleStrategies Stephen E. Arnold, Managing Partner, ArnoldIT

Successful Use of Online Social Networking for Cyber Crime Investigations and Intelligence Gathering

SESSION DESCRIPTIONs AND SPEAKER BIOs

7:30 - 8:15
Registration

8:30 - 8:40
Welcome

Presented by:
Dr. Jerry Lucas, President, TeleStrategies

8:40 - 9:00
Next Generation Information Access: The CyberOSINT Disruption
Today integrated platforms are necessary for automated collection and analysis of open source data and information. Standalone software that perform isolated functions like statistical analysis or entity extraction do not deliver results that have context. Next Generation Information Access (NGIA) systems deliver context and high-value outputs that can be used for tactical and strategic action. NGIA systems provide applications that meet the needs of today’s law enforcement, security, and intelligence professionals. NGIAs provide the Launchpad for more sophisticated use of large volumes of social, Web, and third-party information and data. Today’s program showcases companies and technology that are on the front of automated collection and analysis for threat detection.

Presented by:
Stephen E. Arnold, Managing Partner, ArnoldIT

BIO: Stephen E. Arnold began his work career at Halliburton Nuclear Utility Services in 1973. He worked at Booz, Allen & Hamilton until 1981 when he began work on full text information systems. He and his team developed The Point (sold to Lycos) an automatic Web indexing system and Xoom (sold to General Electric) an online video delivery system. In Year 2000 he worked on the initial index of the US government and then his team built the online system for the Threat Open Intelligence Gateway. He is the author of The Google Legacy (2005), Google Version 2 (2007), and Google: The Digital Gutenberg (2009). He contributes monthly columns about online systems to Information Today and to KMWorld. He is a summa cum laude graduate of Bradley University and he has completed work on his PhD at the University of Illinois. He has no plans to go back to school at age 70. He has worked as an expert witness and has provided advisory services to a wide range of organizations over the last 30 years.

SESSION ONE: Best Practices for Deploying an Automated Collection and Analysis System for Threat Detection. A US and international Perspective.

9:00 - 9:30
CyberOSINT Architecture: Methods and Mechanisms for LE/Intel
With exponential growth in online content and the multiple streams of data available from Surface Web, Deep Web, Dark Web and Social Media, law enforcement and intelligence organizations are required to build on the power of light tools to truly gain insight. This presentation will introduce important tradecraft and methodologies to consider when building a large-scale deployment to assist in OSINT objectives.

Presented by:

Tyson Johnson MA CFE CPP, BrightPlanet

Speaker BIO:
Starting his career in the Canadian Security Intelligence Service (CSIS), Tyson worked as an Intelligence Officer on both Counter-Terrorism and Counter-Intelligence files. He became aware of BrightPlanet during his tenure as an Intelligence Officer, recognizing the value of harvesting Open Source Intelligence (OSINT) for risk management. After departing CSIS, Tyson became the corporate security lead for TD Bank Financial Group – a multinational bank with its headquarters in Toronto, Canada. Tyson built a proactive security program, utilizing BrightPlanet’s technology as the core of his OSINT threat assessment program. Branching out from TD Bank, Tyson joined Celestica Inc., a global electronics manufacturing company, with operations in countries across the world. He was responsible for security, investigations and supporting compliance operations. At Celestica, Tyson recognized the need for BrightPlanet’s harvesting technologies to monitor online B2B and trade boards to watch for stolen products and parts of the OEM customers Celestica was contracted to build for. He is a Certified Fraud Examiner (CFE) and board certified as a Certified Protection Professional (CPP) by ASIS International. He is a member of the Chief Security Officer (CSO) Roundtable at ASIS and is a board member of the Canada – Southern Africa Chamber of Business, where he speaks on the topics of risk management and Corporate Social Responsibility.

9:30 - 10:00

Expert System Cogito: Facilitating International Automated Collection and Threat Detection via Open Source Information
The volume and diversity of data being collected in intelligence activities make it hard for commanders to extract insight from the information at their disposal.

Many organizations are increasingly turning to semantic technology to help them manage, integrate and gain intelligence from the multiple streams of unstructured data and information they manage; communications, conversations, data, news, etc. rarely has an organized form, such as a database structure.

Intelligence officers need an intuitive way to extract insight from massive-scale data of disparate types. They need to enrich the raw data with their analytic insight, so other officers can benefit from the work of their colleagues. And they need to secure the data in a highly granular way, so they can safely collaborate while respecting privacy, civil liberties, and data handling policies.

In this session, we will draw on our experiences working with some of the world’s largest organizations to provide examples of the application of semantic technology for information analysis and intelligence and its integration with third party platforms

Presented by:

Luca Scagliarini, Vice President Strategy and Business Development, Expert System

Speaker BIO:
Luca Scagliarin provides the leadership for Expert System's worldwide sales organization. Prior to Expert System, as CEO Luca cofounded and launched ADmantX, contributed to an impressive first-year growth at SiteSmith, which culminated in a sale to Metromedia Fiber Network, and has held leading positions at Hewlett Packard in the US and Italy. Luca holds an MBA from Santa Clara University and an Engineering degree from the Politecnico di Milano, Italy.

10:00 - 10:20

BREAK

SESSION TWO: Best Practices for Using Automated Collection and Analysis of OSINT to Secure Your Organization's Perimeter from Threats and Attacks

10:20 - 10:50
Rise of Critical Infrastructure Attacks: Protecting Our Vital National Systems from Cyber Threat

Protecting networks from cyber threats such as malware, malicious users, spam phishing, scanning, and multiple adversaries;

Actual case studies of cyber attacks on critical infrastructure and their impact;

How industry leaders are addressing challenges in policy, technology, the procedures to reduce risk and provide a secure operational environment.

With cyber crime on the rise, it is crucial that organizations’ security systems adapt to the ever-changing threat landscape in order to meet the breadth of today’s malicious activity. Conventional cyber-security systems simply cannot scale to meet the threat with millions of potential attackers hiding amongst billions of legitimate users. In his address, Seán McGurk will discuss how technology is evolving with the use of an Active Network Defense system that operationalizes enterprise threat intelligence to enhance security and reduce risk for critical infrastructure operations.

Presented by:

Sean McGurk, Vice President of Business Development and Critical Infrastructure Protection, Centripetal

Speaker BIO:
Seán McGurk leads Centripetal’s Business Development (BD) team. Seán has extensive experience with the creation, deployment and support of advanced cyber protective systems and organizations. Prior to Centripetal Networks, Seán served as the Global Managing Principal for Critical Infrastructure Protection at Verizon Enterprise Solutions. Earlier in his career he also served as the director of the National Cybersecurity and Communications Integration Center (NCCIC), at the Department of Homeland Security (DHS). Seán is the recipient of numerous awards, including the 2011 Federal-100 award, and the US Navy League award for inspirational leadership.

10:50-11:20
Threat Intelligence: Securing Your Perimeter and Safeguarding Your Organization
This session will cover:

What characterizes true threat intelligence

Why what you don't know about threat intelligence could cost you

How to evaluate threat intelligence solutions

Steps to building a threat intelligence program

James will also discuss practical considerations for justifying an investment in threat intelligence, regardless of your organization type or budget.

Presented by:

James Carnall, Vice President, Cyber Intelligence Division, Cyveillance

Speaker BIO:
James Carnall brings a unique and relevant expertise to Cyveillance, combining his broad IT and information security knowledge with international perspective from his work in the US, UK and Australia. James has been with Cyveillance since 2005 and manages the Cyber Intelligence Analyst team and security as well as the Global Intelligence and Legal Advisory teams. His expertise allows him to work closely with clients to help them identify and manage risks, as well as prepare for and respond to new trends and vulnerabilities. James is a frequent speaker and contributor to many industry events and publications. Prior to joining Cyveillance, James worked for Franklin Covey in the education and training services industry. Before moving to the US, he worked in Australia managing his family’s transport and logistics company. He holds a BS degree in Information Security with a minor in Business Management from George Mason University.

SESSION THREE: Best Practices for Automated OSINT Collection and Analysis for Threat Detection via Single-Provider Frameworks and Platforms

11:20 - 11:55

BAE Systems Products and Services Exploiting Open Source Intelligence
Open Source Intelligence (OSINT) has origins dating back to World War II and has become increasingly important since the creation of the Director of National Intelligence (DNI) Open Source Center in 2005. The worldwide use of the Internet and explosion in use of Social Media is driving a rapid evolution in the development of tools and processes to effectively utilize OSINT. As an intelligence domain, the tools and processes developed for OSINT allow analysts to create tailored knowledge in support of public policy (or corporate) decision making. Perhaps the most rapidly growing aspect of OSINT is the exploitation of public and semi-private social media networks, “darknets” of Tor, anonymized web sites, and private networks. BAE’s platform delivers indications, warnings, and information about intentions. The program will discuss the pivotal roles OSINT can play in protection against cyber attacks and geospatial analysis.

Presented by:

Kevin McNeill, Solution Architect, BAE Systems Intelligence & Security

Speaker BIO:
Dr. McNeill is a Solution Architect in the CTO Office of BAE Systems Intelligence & Security in McLean, VA and a BAE Systems Global Engineering Fellow. Prior to joining the Intelligence & Security business sector, Kevin was Technology Group Director, Cyber & Communications Technologies Research (CCTR) group.

Kevin joined BAE Systems in 2005, working in the area of advanced mobile ad hoc networking (MANET) and C4ISR systems. From 2005 to 2009 he led the development of new mesh networking technologies that have resulted in several patents. In 2009, he was Principal Investigator for BAE Systems research into Cyber Range technology as well as model-based software producibility technology.

Kevin holds BA (Mathematics), MS (Computer Science) and PhD (Electrical and Computer Engineering) degrees from the University of Arizona. He received the State of Arizona Governor’s Award for Excellence (1996), and has received several Bronze Chairman’s Awards at BAE Systems, most recently in 2012. He is a co-inventor on a number of patents and is a member of the IEEE, IEEE Computer Society
and IEEE Communications Society.

11:55 - 12:30

The Challenge of Drawing Actionable Insight from Automated Collection: The Leidos Approach to Automated Collection and Threat Analysis

In this lecture, the importance of the robustness of the Digital Echo cyber OSINT platform is explained. Leidos offers a comprehensive suite of components for performing specific automated collection and threat analysis tasks that can be integrated into most law enforcement and intelligence solutions. For large scale, comprehensive OSINT activities, a modern services oriented architecture, tightly coupled components, and advanced analytics and visualization tools meet the most exacting standards for real world operations.

Presented by:

Parker Hine, Business Development Lead, Leidos

Speaker BIO:

Parker Hine is the Business Development Lead for Leidos’ Digital Echo Solution, where he oversees product development, business growth, and IR&D initiatives. He has extensive experience in the collection, analysis, and exploitation of OSINT for the Intelligence Community.

12:30 - 13:30

LUNCH

SESSION FOUR: Benefits from the Integration of Advanced Predictive Analytics for Automated Threat Detection

13:30 - 14:10

Recorded Future: Web Intelligence

With an estimated 90% of required intelligence available in open source, it is imperative intelligence analysts become adept at mining open sources. Recorded Future can help reduce research time, identify new sources, build timelines, chart networks, perform link analysis, and more.

Presented by:

Jason Hines, Vice President, Recorded Future

Speaker BIO:
Jason Hines is Vice President at Recorded Future and joined as the first employee in 2009. Since then he has built, managed, and lead Recorded Future's core commercial business with Fortune 1000 firms and leading government agencies. Most recently Jason established Recorded Future's partner program for threat intelligence service providers.

Before joining Recorded Future, Jason was at Google where he helped start and grow their Federal Enterprise business. Prior to Google, Jason was Principal Systems Engineer at Spotfire (now TIBCO), and previously worked as a software engineer within the IC and DoD.

14:10-14:40

Integration Tasks with Palantir and Recorded Future
Emerging technology has greatly increased the accuracy, speed and efficiency at which analysis can be conducted. Once a decision is made to acquire a new technology or capability, much must be done to ensure the implementation is done effectively. Whether it's configuring hardware, integrating data or new approaches and workflows, proper processes and standards are critical. Praescient Analytics is a proven provider of all of these services and is passionate about making technology users successful in all they do.

Presented by:

Brian Rucker, Director of Analytics, Praescient Analytics

Speaker BIO:
Brian Rucker directs Praescient's core Analytics business, where he deploys the company's suite of integrated technologies as a comprehensive analytic solution to customers around the world. Brian joined Praescient in 2012 as an expert consultant assisting in the deployment of Palantir at ICE-HSI before leading a team of consultants in the deployment of Palantir at the FBI. More recently, Brian directed Praescient's Governance Account, focusing business development efforts on Law Enforcement, Fed-Civ, and select international customers in the Asia-Pacific and MENA regions.

Before joining Praescient, Brian served as a Counterintelligence Agent in the U.S. Army; deploying once to Afghanistan and twice to Iraq.

14:40 - 15:00

BREAK

SESSION FIVE: A Look Toward the Future of Advanced Analytics and Their Application to Threat Detection and Action

15:00 - 15:30

Enterprise Threat Management: A Comprehensive Risk-Based Approach

There is no shortage of data available, referred to these days as “Big Data”. But for security applications, the data is hard to harness and understand to support detection and prevention. While forensic applications are useful, in cases like Target’s breach or Snowden’s disclosures, it’s insufficient to piece together a loss after the fact. What is needed are analytical tools to understand what is happening now and likely risks so that these breaches and surprises can be detected and prevented. This presentation will focus on Enterprise Threat Management and behavioral analytics for preventing cyber, social media, and insider threats.

Presented by:

Bryan Ware, CTO, Haystax Technology

Speaker BIO:
Mr. Ware is a pioneer in the development and application of analytic methods and tools for critical security and risk applications. Mr. Ware is the CTO for Haystax Technology where he leads the company’s technology strategy and research and development activities, particularly in behavioral analysis, real-time analytics, cyber threat intelligence, and cloud applications. Mr. Ware was previously the Co-Founder and CEO of Digital Sandbox, Inc., a leading provider of security risk management and intelligence fusion products.

Mr. Ware serves on the Board of Advisors of Core2 Group, a company developing business performance indicators for financial applications, derived from Internet traffic data. Mr. Ware also serves on the Stars Network, the industry advisory group for Mach37, a cybersecurity incubator, and is an Advisor to AlphaTech, a big data and cybersecurity executive development group.
Mr. Ware holds multiple Patents for risk management and threat detection and received a Bachelor of Science degree in Applied Optics from Rose-Hulman Institute of Technology. He is an alumni of the MindShare executive program.

15:30 - 16:00

Next Generation Human Oversight - Behavioral Analytics to Combat Insider Threat

For many years, law enforcement and intelligence professionals have known that some behaviors indicate that an employee might be stealing classified or sensitive information. The difficulty has been finding a way to turn those qualitative, anecdotally derived behaviors into quantitative signals that can be measured and analyzed. Mr. Madon's talk will explore how to leverage behavioral indicators and technology to enable more responsible oversight and help proactively mitigate insider threats.

Presented by:

Michael Madon, Vice President and General Manager, RedOwl Government

Speaker BIO:

Michael Madon is the Vice President and General Manager for RedOwl Government. Through software and data science, RedOwl is changing the way governments, companies, and firms conduct responsible oversight of their own people. By applying statistics to an organization’s ever growing digital exhaust, RedOwl’s signature product ‘Reveal’ helps combat the insider threat by examining behavioral signals— hidden among the noise of office communication and activity — to enable security and investigative professionals be more effective, efficient, and proactive. Michael heads RedOwl’s government practice and is responsible for its go-to market strategy, strategic partnerships, business development, and marketing activities.

Prior to joining RedOwl, Michael served as Deputy Assistant Secretary (DAS) within the Department of the Treasury’s Office of Intelligence and Analysis (OIA). In that role, Michael was responsible for strengthening and expanding OIA’s relationships with its intelligence community and private sector partners; guiding Treasury’s intelligence collection and requirements activities; and supporting Departmental responses to significant cybersecurity threats to the financial sector.

Before assuming his role as DAS, Michael was the Director of OIA’s Iraq Office where he co-led the National Security Council’s Terrorist/Insurgent Finance Working Group (TIFWG). The TIFWG provided strategic-level guidance and direction to the Iraq Threat Finance Cell, enabling unique financial intelligence collection, exploitation, and direct action capabilities for Coalition Forces.

Prior to joining Treasury, Michael served as an active duty officer in the U.S. Army and remains a member of the Active Reserve. He has held leadership positions in Airborne, Mechanized and Military Intelligence units stateside and oversees and is a recipient of the Bronze Star.

Michael served as a United States Peace Corps Volunteer in Kyrgyzstan, holds a BA from Cornell University, a Master’s in International Affairs from Columbia University, and an MBA from the Wharton School.

SESSION SIX: ENDNOTE: CyberOSINT as a Force Multiplier for Next Generation Analytics

16:00 - 16:30

Evolution of the Insider Threat
Starting with Adam and Eve, the malicious insider has come up with new tactics to commit fraud and sabotage Today, organizations are more focused on keeping up with external threats to protect assets rather than dealing with their own privileged users. Mike will draw on a decade of experience to discuss what works and what does not work – and the future of effective insider threat mitigation.

Presented by:

Michael Crouse, Director of Insider Threat Strategies, Raytheon Cyber Products

Speaker BIO:
Michael Crouse is Director of Insider Threat Strategies for Raytheon Cyber Products. In this role Crouse oversees the execution of cyber audits/anti-malware requirements programs while identifying new growth opportunities. Prior to Raytheon, he served as an Electrical Engineer/Project Lead for the National Security Agency (NSA).

16:30 - 16:45
Concluding Remarks and Thank You

by

Dr. Jerry Lucas, President, TeleStrategies

Stephen E. Arnold, Managing Partner, ArnoldIT

Registration

February 19, 2015
Washington, DC
Click Here to Register
for $395/person.

Seminar Location

ISS World Training' Home Page