January Meeting
Thursday the 1oth
Renaissance Richardson Hotel

Hacking Trends

Mark "Simple Nomad" Loveless

You've installed firewalls. Your anti-virus and anti-spyware is up to date. You patch all of your systems as quickly as possible. The digital wagons have been circled and your perimeter is as tight as possible. Are you secure? Probably not. In fact, "probably not" may be too optimistic. The landscape of the hacker is ever-changing. As new defenses are developed, attackers develop new techniques and chart out new and unique attack vectors to gain access to computer systems. This talk will focus on how attack trends have evolved, where they seem to be heading, and how the security professional cannot simply rely on tried and true techniques to help protect an organization. Expect a frank, open, and lively talk with tales from both sides of the security fence.

Mark "Simple Nomad" Loveless has worked in the computer security field for years. He is the Security Architect for Autonomic Networks, a company currently in stealth mode. Mark is also the founder of the Nomad Mobile Research Centre, a hacker think-tank with an international membership of like-minded security professionals involved in the security industry. Mark has been quoted frequently in the press including such notable outlets such as the New York Times, the Washington Post, and CNN. He is a frequent lecturer and keynote at security conferences worldwide, typically on topics involving computer security and personal privacy.

Keeping America Running: Securing Our Nation's Critical Infrastructure Assets
Sujeet Shenoi, University of Tulsa

Can a criminal entity or terrorist group -- from the other side of the world -- take out down the Internet and telecommunications systems? Or launch a worm that disrupts oil and gas pipelines, water and electric power distribution?

How will America cope if the outages last for days?

The critical infrastructure, which comprises computers, embedded devices, networks and software systems, is vital to day-to-day operations in every sector -- agriculture, food, water, public health, emergency services, government, defense, information and telecommunications, energy, transportation, banking and finance, chemicals and hazardous materials, and postal and shipping. Global business and industry, government -- indeed society itself -- cannot function if major components of the critical infrastructure are degraded, disabled or destroyed. This presentation highlights the challenges involved in securing interconnected critical infrastructure assets, in particular, the Internet and IP networks, telecommunications networks, and process control (SCADA) networks used for oil and gas, water and electric power distribution. Also, it discusses the importance of designing security solutions that weave science, technology and policy.

Sujeet Shenoi is the F.P. Walter Professor of Computer Science at the University of Tulsa. An active researcher with specialties in cyber security and forensics, Dr. Shenoi is currently the principal investigator on projects supported by the Departments of Defense and Homeland Security, FBI, National Security Agency, National Science Foundation, and U.S. Secret Service.

He is the Chair of IFIP Working Group 11.10 on Critical Infrastructure Protection, Editor-in-Chief of the International Journal of Critical Infrastructure Protection, and Director of the Cyber Security Education Consortium, an NSF ATE Center that is building a high-tech workforce in the Southwestern United States. He is the Co-Chair of the FBI's National Steering Committee for the Regional Computer Forensics Laboratory Program. He is also the founder of the Tulsa Undergraduate Research Challenge, a nationally recognized program of scholarship and service. For his innovative strategies integrating academics, research and service, Dr. Shenoi was named the 1998-1999 U.S. Professor of the Year by the Carnegie Foundation.

Spreadsheet Use in Your Enterprise – Conquering the Risks
Paul Bach, with Lane Severson assisting, Business Controls Analyst, Compassoft, Inc.

Audit firms are sharpening their focus on end-user developed applications - especially spreadsheets - as being a source of corporate risk throughout the entire organization. But which spreadsheets should be controlled? What does it even mean to control them? Who is responsible?

This session will offer tips based on real-world experience to help participants reduce the risks and costs of spreadsheet management. The participant will learn more about the nature and urgency of spreadsheet risks in enterprise organizations and will learn a practical approach for how to set policies, discover and prioritize areas of risk, analyze and baseline the spreadsheets, and to monitor and manage spreadsheets on a continuous basis.

The speaker will outline advancements in spreadsheet management best practices and automation technologies that scale across the enterprise, offering comprehensive management and control while reducing costs with a sustainable, automated approach to meet enterprise financial reporting, internal audit, and regulatory compliance needs.

As CEO of Compassoft, Paul Bach brings to the management team more than 20 years of industry experience, in senior executive and general management positions with both startup and public companies. Prior to joining Compassoft, Paul was the President of Striva Corporation, an award winning market leader of solutions for enterprise data integration. Striva was acquired by one of it's many distributors, Informatica Corporation (NASDAQ: INFA) in September of 2003. Under Paul's leadership, Striva experienced rapid growth and its integration and infrastructure technology was deployed by more than 200 fortune 500 corporations. Prior to Striva, Paul held executive positions with among others, Unify Corporation, Borland International and Oracle Corporation. Paul holds a B.S. in Economics from American University, Washington , DC.