The New York State Office of Cyber Security, the University at Albany's School of Business and College of Computing and Information, and the NYS Forum, Inc. are pleased to announce:

Keynote
Melissa E. Hathaway

As President of Hathaway Global Strategies, LLC, Ms. Hathaway brings a multi-disciplinary and multi-institutional perspective to strategic consulting and strategy formulation for public and private sector clients. She is building information and research bridges among academic, industrial and government stakeholders. Over the past two years, she has served as:

• a member of the Board of Directors of Terremark Worldwide Inc., a NASDAQ listed company that was acquired by Verizon Communications in March 2011;
• a strategic advisor to NetWitness Corporation, which was acquired by EMC Corporation in April 2011;
• a member of the Board of Directors of EastWest Institute;
• a member of the Council of Experts at the Global Cyber Security Center in Italy;
• a member of the Strategic Advisory Board of the Advanced Cyber Security Center in Boston, Massachusetts; and
• a member of the Intelligence Advisory Board for Sandia National Laboratory.

In addition, she has served as a strategic advisor to a number of companies, including, Cisco Systems Inc, ManTech International Corporation, Guidance Software Inc., and Core Security Technologies. In the government sector, Ms. Hathaway provides strategic advice to the U.S. Government and Interpol, as well as numerous governments around the world as they develop and refine their national strategies for cybersecurity.

At Harvard, Ms. Hathaway is participating and contributing to the joint MIT-Harvard Project Minerva. She is contributing to the interdisciplinary research program by developing methods to measure, model, interpret and analyze challenges and responses in cyberspace. She is also a regular guest lecturer at both universities.

From February 2009 to August 2009, Ms. Hathaway served in the Obama Administration as Acting Senior Director for Cyberspace in the National Security Council. In that capacity she assembled a team of experienced government cyber experts to conduct the 60-Day Cyberspace Policy Review. In May 2009, the President presented the elegant blueprint of the Cyberspace Policy Review, announced cybersecurity as one of his Administration's priorities, and recognized Ms. Hathaway's leadership in conducting the review. In the ensuing months, Ms. Hathaway stood-up the Cybersecurity Office within the National Security Staff to commence the work called for in that blueprint.

During the last two years of the administration of George W. Bush, Ms. Hathaway served as Cyber Coordination Executive and Director of the Joint Interagency Cyber Task force in the Office of the Director of National Intelligence where she led the development of the Comprehensive National Cybersecurity Initiative (CNCI). She built a broad coalition from within the Executive Branch and established an unprecedented partnership with Congress to obtain bipartisan support for addressing cybersecurity priorities. She developed and created a unified cross-agency budget submission for FY 2008 and for 2009-13, assembling disparate funding sources into a coherent, integrated program. At the conclusion of her government service she received the National Intelligence Reform Medal in recognition of her achievements.

Previously, Ms. Hathaway was a Principal with Booz Allen & Hamilton, Inc., where she led two primary business units: information operations and long range strategy and policy support, supporting key offices within the Department of Defense and Intelligence Community. Earlier in her career she worked with Evidence Based Research, Inc. and the American Foreign Service Association.

Ms. Hathaway is a frequent keynote speaker on cybersecurity matters, and regularly publishes papers and commentary in this field.

Billy Rios

The State of ICS Security: A Year in Review

Over the past year, we've discovered over a thousand different Industrial Control System (ICS) vulnerabilities affecting a wide range of vendors and software.   Join us as we cover our favorite vulnerabilities from the year and discuss how these vulnerabilities could have impacted real world ICS systems.  We'll give you the details on how we found the vulnerabilities, show you working exploits, and will discuss how to find some of these systems on the Internet.  It's a fun, yet sobering talk on the state of ICS security...

Biography:

Billy Rios is currently a Team Lead for Google where he studies emerging security threats and technologies. Billy was one of the primary security engineers for Google Plus, the new social network by Google. Before Google, Billy was a Security Program Manager at Microsoft where he helped secure several high profile software projects including Internet Explorer and Microsoft Online. Prior to his roles at Google and Microsoft, Billy was a penetration tester for various consulting firms.

Before his life as a penetration tester, Billy worked as an Information Assurance Analyst for the Defense Information Systems Agency (DISA). While at DISA, Billy helped protect Department of Defense (DoD) information systems by performing network intrusion detection, vulnerability analysis, and incident handling, Before attacking and defending information systems, Billy was an active duty Officer in the United States Marine Corps where he served as an OIC, Platoon Commander, and Company Executive\Officer.

Billy is an accomplished public speaker and published author. He has authored and contributed to several books, most notability: "Hacking: The Next Generation" and "Inside Cyber Warfare: Mapping the Cyber Underworld", both published by O'Reilly Media. Billy has also presented at such prestigious security conferences as Black Hat, RSA, NATO CCDCOE, Microsoft's Blue Hat, DEFCON, ToorCon Seattle, and HITB Security conference. Billy is cited in numerous security advisories for research on attacking Industrial Control Systems, URI and protocol handlers, content ownership issues (such as the GIFAR attack), DNS rebinding attacks (against Flash and the Java Virtual Machine), and was previously credited for discovering vulnerabilities in Microsoft Windows and Adobe PDF Reader.

Cyber Espionage and Your Mom

The presentation will cover non-traditional cyber based corporate espionage techniques that organizations don't typically prepare for when developing cyber security readiness plans and incident response plans. The goal is to make the attendees aware of how far an adversary may be willing to go to steal their secrets and why we must all be vigilant in both our professional and our personal lives.

Speakers: Special Agents Daniel Alfin and Michael Keller, FBI

---

Dan Alfin
FBI

Dan is a Special Agent with the FBI.  He has been with the bureau for three years and is a member of the Albany division Cyber squad.  His case work includes criminal computer intrusions, national security computer intrusions, and child predators.  Prior to joining the FBI, Dan received a degree in Information Technology from Florida State University and worked as a defense contractor for Raytheon Integrated Defense Systems doing network security and systems support for the Navy.

Michael Keller
FBI

Mike is a Special Agent with the FBI. He primarily works on national security computer intrusions in the Albany Division. Prior to joining the bureau, Mike received his degree in Computer Science from the University of Richmond. Previous job experience includes 10 years in the IT industry in the Washington DC area.

Cyber Education and Workforce Development

Panelists will discuss the implications of the NICE Cybersecurity Workforce Framework document for education, government, and industry. The Framework describes in some detail 31 competencies that together represent the cybersecurity workforce. Having a common language and terms to discuss the workforce will allow educators and employers to better prepare and recruit future workers.

Panel:

Ernest McDuffie
National Institute of Standards and Technology National Initiative for Cybersecurity Education (NICE)
Thomas D. Smith
NYS Division of Homeland Security and Emergency Services, Office of Cyber Security
Bo Yuan
Center for the Advancement of Research and Education for Information Assurance
Rochester Institute of Technology

---

Dr. Ernest McDuffie

In early 2010 the National Institute of Standards and Technology (NIST) was selected as the lead agency for the National Initiative for Cybersecurity Education (NICE) and they identified Dr. McDuffie to be the Lead for this effort and has now completed his transition to this new position. In his previous position he had been appointed the Associate Director of the National Coordination Office (NCO) for Networking and Information Technology Research and Development (NITRD) in February 2008. From early September 2009 until early November 2009 he served as Acting Director of the NCO. His appointment as the Associate Director of the NCO comes after joining the NIST as a Computer Scientist in their Information Technology Laboratory, Office of Federal and Industrial Relations. In August 2006, Dr. McDuffie joined the NCO where he served as the Technical Coordinator for the Cyber Security and Information Assurance (CSIA) Interagency Working Group (IWG), Federal Agency Administration of Science and Technology Education and Research (FASTER) Committee of Practice (CoP), and the Software Design and Productivity (SDP) Coordination Group (CG).

Prior to joining the NCO, Dr. McDuffie served as the Deputy Director of the Office of Naval Research (ONR) - Science and Technology for America's Readiness (N-STAR) Initiative. He served as the Lead Program Director for the Federal Cyber Service: Scholarship for Service (SFS) Program at the National Science Foundation (NSF).

He served as an Assistant Professor at Florida State University in the Department of Computer Science where he taught both graduate and undergraduate courses in CS for seven years. Dr. McDuffie has participated in software engineering projects for the U.S. Air Force, the National Center for Atmospheric Research, the Federal Aviation Administration, Lockheed Missiles and Space Company, Los Alamos National Laboratory, and the National Security Agency.

Dr. McDuffie received his Ph.D. and M.S. degrees in Computer Science from the Florida Institute of Technology in Melbourne, Florida.

Thomas D. Smith

Thomas D. Smith was appointed Director of the Office of Cyber Security in July 2010. Prior to that, he served as Assistant Deputy Director and Counsel since 2007. In that position, he assisted in the agency's policy direction; managed the agency's large scale procurements; coordinated the agency's legislative program; and served as Co-Chair of the Multi-State Information Sharing and Analysis Center's Procurement Workgroup. He also served as the agency's Ethics Officer and Records Appeals Officer.

Prior to joining the Office of Cyber Security, Mr. Smith served as a supervising attorney at the State Office For Technology where he oversaw the legal team for the State Data Center and served as legislative liaison. From 1986-2000, he worked in the New York State Office of the State Comptroller, where he served as an associate attorney in the Division of Legal Services/Municipal Law Section and the Division of Legal Services/Investments.

Mr. Smith graduated cum laude from Dartmouth College and earned his Juris Doctor from Albany Law School. He and his wife reside in the City of Albany and have three children.

Bo Yuan

Bo Yuan is an associate professor in the Department of Networking, Security, and Systems Administration at Rochester Institute of Technology. He is also the director of the Center for Advancement of Research and Education in Information Assurance. Mr. Yuan received a Ph.D. in Systems Science from Binghamton University (SUNY) in 1996. Dr. Yuan has over 20 years' experience in research and development in computational intelligence in both academic and industrial environment. His recent research interests are in the area of information security, network covert channels, etc. Dr. Yuan coauthored/edited 3 books, over 40 peer-reviewed journal and conference publications and 4 US patents.