Chris Schreiber has nearly 20 years of IT and information security experience across the higher education/research, IT managed services and financial services industries, including more than eight years leading enterprise information security programs. Before joining FireEye, Chris was the CISO and HIPAA Security Officer at the University of Arizona where he was responsible for all aspects of information security for a large research institution with more than 15,000 employees and supporting more than 42,000 students. Chris held prior information security and IT leadership positions with SunGard Data Systems (now FIS), the University of Wisconsin and Central Michigan University. Chris has a Bachelor of Science in Business Administration from Central Michigan University, a Masters Certificate in Project Management from the University of Wisconsin – Madison and holds certifications, including Certified Information Security Manager (CISM) and Project Management Professional (PMP).

Swimming with Sharks: Understanding and Countering Cyber Threats
Join FireEye for an interactive discussion about cyber threats facing public sector organizations and how you, as a technology executive, can prioritize your limited resources to most effectively protect your digital assets.

2019 is the Year of Data: How Data is Driving Decisions in Cybersecurity, Privacy and Analytics
Presenter: Jon O'Keefe, Logical Operations
With there soon to be more terabytes of data on Earth than stars in the Milky Way Galaxy, data driven decisions have become increasingly important to businesses of all shapes and sizes. In this presentation, Jon O'Keefe will look at the emerging technologies and regulations that are driving data collection, data science and cybersecurity. Attendees will come away with a strong understanding of the current emerging technology landscape around tools such as Tableau, Power BI, Python, and SQL, as well as data regulatory efforts such as CCPA and GDPR. This is a chance for beginners and experts alike to learn why and how data is shaping our future.
Experience Level: Beginner/Intermediate

Beyond Password Management: Seven Steps to an Effective Privilege Program
Presenter: Troy Brueckner, CyberArk
Does your current Privileged Access Management (PAM) program actually stop attackers from fulfilling their mission? We will explore the common elements revealed in a various well-known breaches … and how compromised credentials were a necessity to the overall “success” of each and every attack. More importantly, we will discuss the “must-do’s” and “should-do’s” every organization can take to reach an acceptable level of cyber-hygiene to protect against external attackers and malicious insiders in an “assume breach” model.
Experience Level: Beginner/Intermediate/Advanced

Business Email Compromise
Presenter: JR Noble, University of Nebraska

Ever wonder why we rarely reach our security goals? In this workshop we will go over and identify the 7 key steps to get operationally secure so that:

• Risk is reduced
• Security of your assets is improved
• Cost is optimized
• Value is measured
• Results are communicated

This workshop not only outlines these steps but identifies key resources that are either free or low cost that can assist you in getting to your security program goals.
Experience Level: Intermediate/Advanced

The Critical Path to Being Secure - 7 Simple Steps to Reduce Risk and Improve Operational Security
Presenter: Matt Morton, Vantage Technology Consulting Group

Victims in 150 countries and all 50 states have discovered cyber criminals still rely on the oldest trick in the book, deception. Impersonating a CEO’s email account continues to be a successful means of financial fraud targeting employees with access to company finances. The attack is easy to execute, hard to prevent, requires minimal effort, and has led to more than $3.7 billion in financial losses (according to an FBI IC3 report). Organized crime groups continue to target small and large organizations using simple, yet effective tactics. Come learn how attacks are launched, the ways criminals impersonate your CEO, analyzing the attack, and hear how you should respond.
Experience Level: Beginner/Intermediate

Cyber Threat Hunting: Open Season on Hackers
Presenter: Andrew Munger, Zurich Insurance
Threat Hunting is one of the most advanced techniques used by proactive cyber defenders. It combines threat research with knowledge of internal networks and vulnerabilities, providing a powerful capability to find and defeat threats that evade automated detection and prevention resources. This presentation will provide an introduction to the concept of Threat Hunting, equip the audience with some practical use-cases, detail some “tales from the trenches” from real Threat Hunt scenarios, and provide best practices on integrating a Threat Hunt team with other cybersecurity capabilities.
Experience Level: Intermediate/Advanced

Cyber Threats: How are the Adversaries Getting into Our Systems and What are They Targeting?
Presenter: Ken Schmutz, FBI
SSA Schmutz will discuss the ways in which cyber adversaries are targeting our computer systems and what they are after. SSA Schmutz will also discuss the different types of cyber actors and what we can do to make ourselves and our companies less vulnerable to attack.
Experience Level: Beginning/Intermediate

Cybersecurity Tips, Tools and Techniques - Updated for 2019
Presenter: Ron Woerner, RWX Security Solutions
Every cybersecurity professional needs to keep a toolkit of programs, apps and resources for troubleshooting and securing systems. This rapid-fire presentation—an update from the hugely popular 2018 talk—showcases apps used in cybersecurity testing, investigations, administration, and just day-to-day work. You’ll experience advanced techniques using security tools such as Kali Linux, Windows SysInternals Suite, VMWare, Wireshark, NMAP, and many more.
Experience Level: Intermediate/Advanced

DHS Cyber Security Programs: Coordinate Cyber Preparedness, Risk Mitigation and Incident Response
Presenter: Geoffrey F. Jenista, Cybersecurity and Infrastructure Security Agency
The DHS cyber security resources include assessments, active monitoring and vulnerability mitigation processes to the nation’s sixteen critical infrastructure sectors and state, local, tribal, and territorial government entities.
Experience Level: Beginner/Intermediate/Advanced

Epic Fails in Data Security and How to Address Them
Presenter: Richard Swain, IBM
Prerequisite: Typical audience roles are security leaders, security architects, the database management team, line of business data owners, data privacy officers, compliance teams and risk officers
Ultimately data is the target of bad actors. More data is being created, changed, shared, and stored than ever before—being able to collect and process data is critical to running a digital organization, but it also can create liabilities if it’s mismanaged. On the subject of privacy, new regulations are creating more stringent requirements around how you handle data. How do you deal with this challenge for different data types, like structured and unstructured, or different environments, like on-prem and cloud? We will discuss the typical EPIC fails in securing your critical data and how can you avoid them. We’ll walk though IBM’s point of view in addressing data security followed by a short technical demo showing how you can proactively identify threats to your organizations data.
Experience Level: Beginner/Intermediate

How to Stop Worrying and Start Destroying: Guaranteed, Science-Based Ways to Keep Data Secure
Presenter: Renee Schafer, Data Security Inc.
From government-classified to company proprietary, and even your own personal identification—each day presents a real threat for that information falling into unauthorized hands. Despite the availability of security regulations and guidelines, data breaches continue to make headlines. With more than 30 years’ experience in digital data destruction, Data Security, Inc. can help make sense of it all, identify effective and cost efficient solutions, and offer guidance and support to minimize risk.
Experience Level: Beginner/Intermediate/Advanced

The Internet of Things (IoT) and “Common Sense” Security Practices
Presenter: Art Provost, Foundation for Educational Services, Inc.

Everyone is increasingly vulnerable to electronic attacks as digitized data proliferates across all sectors of the economy. Ensuring that employees handling data, whether it means more sensors, cameras, POS devices, or even daily email understands their role in protecting data and preventing breaches needs to be a priority in today’s world. During this presentation we will discuss easy steps you can take to limit your exposure in an increasingly online world. We also will discuss the things you can do to improve your own information security, some best practices for work, and the reasons why we have to do some of these crazy things like have UPPER case, lower case, numb3rs, and special characters in our passwords, then change them as soon as our fingers learn to type them (and then some even better methods that are easier to remember!).
Experience Level: Beginner/Intermediate

Physical Security and Associated Risks to Information, Personnel and Physical Assets
Presenter: Randy Bohrer, Integration Partners
Physical security is a sometimes overlooked area where there can be substantial risk to both physical and information security assets. Third party or internal tests and assessments evaluate not only the ease or difficulty in compromising facility entrances, but the response of employees to unauthorized individuals within the facility. Although a vulnerability scan or penetration test may not result in gaining internal network access, this access might be achieved more easily through physical means. This activity can demonstrate the need for technical controls to guard against any condition where an attacker gains a foothold in the network, whether through technical or physical methods.
Experience Level: Beginner/Intermediate

Recent Developments in the Crypto World
Presenter: Abhishek Parakh, University at Nebraska Omaha
We will review recent developments in cryptographic algorithms, threat of quantum computing and NIST's current efforts to standardize new cryptosystems.
Experience Level: Beginner/Intermediate

Secure Email
Presenter: Emily A. Markel, Office of the Chief Information Officer

Data harvesting is BIG business for cybercriminals, and email is their direct link to you. How can you protect yourself and your organization? By learning to recognize suspicious emails, and increasing your vigilance against phishing attacks and the spread of malware. Confidential data in the wrong hands is devastating to businesses and our personal lives. Security systems have become ever more sophisticated, but none are 100% effective. We must each be the last line of defense against the continuously evolving threat of cybercrime. In this year’s Secure Email Presentation, Emily will highlight the Who, What, Where, When, and Why of safeguarding your organization’s information by keeping your email secure. We’ll cover examples of phishing and whaling attacks, discuss trust, appropriate information to send an email, and ways to keep sensitive data safe.
Experience Level: Beginner/Intermediate

So What's the Buzz Around Zero Trust
Presenter: Steven Carlson, Symantec Corporation

The network perimeter is dissolving. Cloud based datacenters have abstracted the traditional datacenters into dynamic and software defined entities. The new datacenter is easy to deploy and destroy and is often managed using APIs and code. On top of that, the remote workforce who increasingly uses their own devices for the sake of productivity, raises questions among security practitioners about the relevance of the castle and moat approach for keeping attackers outside the network perimeter. The Zero Trust approach is becoming more and more popular across security and operation teams as it can address many of the shortcomings of the traditional castle and moat approach. However, the interpretation of Zero Trust can vary between vendors, analysts and security practitioners. In this talk we will discuss the five steps to achieving a Zero Trust access model in your environment.
Experience Level: Intermediate

Spotting the Red Bandannas: Don't Let Social Engineers Drive You Down the Wrong Track
Presenter: Karla Carter, Bellevue University

Social engineering will always be a threat to cybersecurity as long as we have people (as opposed to Skynet) making decisions. The human, as opposed to the machine, is the preferred platform for the social engineer to conduct their nefarious business. Come learn how to spot the red flags of the social engineer, train yourself how to not get railroaded into a breach and avoid confusion and delay.
Experience Level: Beginner/Intermediate

Steps to Security Validation - How to Measure, Manage and Continuously Validate Your Cybersecurity
Presenter: Earl Matthews, Verodin

Organizations have been managing security based on assumptions, hopes and prayers for decades. We assume our technology will detect and block that attack or leak, we hope our incident response techniques will be efficient and effective when under assault, and we pray that our security teams are well trained and practiced when everything goes wrong. But in many cases, we don’t have a way to evaluate our security effectiveness let alone have any empirical evidence to back up our assumptions. In short, assumption-based security needs to end.
Assumption-based security results in many negative outcomes.

• Security tool overload and shelf-ware is being predicated on a tradition of purchasing too many security buzzwords, evaluating solutions incorrectly, purchasing the wrong solutions, not tuning what we have, not retiring antiquated solutions and burning through time, money and other resources.
• Defensive regression is resulting in perhaps a once effective set of security controls no longer operating as desired because of configuration mistakes, loss of expertise and even malice.
• Poor business decision making is occurring because most of us don’t know if our security spend is making us more secure, if we are investing in the right areas or if we can even communicate the state of our security effectiveness to stakeholders.

Enough is enough. We need to move beyond assumptions. We need to “know.” We need to assess the efficacy of our security technology, talent, and techniques. This presentation will focus on moving from assumption-based security to continuous security validation and as it relates to security effectiveness.
Experience Level: Intermediate/Advanced

Why are We Buying This? An Information Security Management System (ISMS) May Have the Answers
Presenter: Christopher Cashmere, University of Nebraska - Information Technology Security Services

Do you have questions about your security program like why are we buying this or why do we need that? Perhaps you may have even been asked are we compliant? Your first step to answering these effectively may be using an Information Security Management System, or at least its framework and concepts, to manage and connect your organization’s IT assets, risks, controls, and compliance obligations. Come see how the principles and frameworks used for ISMS can be of tremendous value for IT and security and how the ISMS processes and concepts can help lead the conversations around why what IT and security is doing is important. The University of Nebraska is deploying a "free to use" ISMS called "eramba" to assist with managing our security program. This session will include discussing and demonstrating how and why the University of Nebraska is using an ISMS, where we are going and perhaps most importantly how you can get started with an ISMS for "FREE."
Experience Level: Beginner

Randy Bohrer, Integration Partners
Randy Bohrer is a security architect with specialties in Vulnerability Assessments, Penetration Testing, Security Policy Development, Wireless Security, Digital Forensics, and Compliance Assessments for PCI (payment card), FISMA, ISO, HIPAA, and state data privacy.
- Physical Security and Associated Risks to Information, Personnel and Physical Assets

Troy Brueckner, CyberArk
Troy Brueckner is a Certified Information Systems Security Professional (CISSP #409914) with an extensive record of assisting organizations improve network and data confidentiality, integrity and availability. Mr. Brueckner joined CyberArk Software, Inc. (NASDAQ:CYBR) in 2013 to assist in their mission to “Provide a new layer of security to protect the heart of the enterprise from advanced cyber threats.” Prior to CyberArk, he served as Vice President for Infogressive, Inc. and as Security Architect for Alexander Open Systems, Inc. (AOS). Mr. Brueckner graduated summa cum laude from Bellevue University with a Bachelor's degree in Business, as well as minors in Computer Information Systems, Organizational Communications and Communication Arts. He is a graduate of the FBI Citizens Academy and serves on the Board of Directors for InfraGard Nebraska, the Board of Trustees of the FBI Omaha CAAA and is past president of the (ISC)2 Omaha-Lincoln Chapter.
- Beyond Password Management: Seven Steps to an Effective Privilege Program

Steven Carlson, Symantec Corporation
Steven Carlson is a seasoned IT professional with more than 30 years of experience in the industry. Steven has had a variety of roles at IBM, Sygate, Mcafee, and Network General. For the past decade, he’s been managing a team of cybersecurity engineers at Symantec.
- So What's the Buzz Around Zero Trust

Karla Carter, Bellevue University
Karla Carter is an associate professor in the College of Science and Technology at Bellevue University, in Bellevue, NE. Drawing on more years than she should be admitting of information technology experience, she teaches Cybersecurity and Information Technology Ethics. In addition to being Chair for ACM SIGCAS and Vice Chair for the Nebraska Chapter of the IEEE Computer Society, she is curious, intense and irreverent, and cannot resist puns.
- Spotting the Red Bandannas: Don't Let Social Engineers Drive You Down the Wrong Track

Christopher Cashmere, University of Nebraska - Information Technology Security Services
Chris has had roles in information technology for the past 24 years, with the last 18 years in information security. He spent six years as a data security administrator at a financial institution and then the past 12 years as a senior information security analyst at the University of Nebraska.
- Why are We Buying This? An Information Security Management System (ISMS) May Have the Answers

Geoffrey F. Jenista, Cybersecurity and Infrastructure Security Agency
Geoffrey F. Jenista, CISSP, MBA, MA Cyber Security Advisor, Region VII (MO, KS, IA, NE) Cybersecurity and Infrastructure Security Agency Cyber Security Division, serves as the Regional Cyber Security Advisor for the Cyber Security Division of the Cybersecurity and Infrastructure Security Agency. He supports the Department of Homeland Security's (DHS) mission of strengthening the security and resilience of the nation's critical infrastructure. His program coordinates cyber preparedness, risk mitigation, incident coordination, and cyber security policy promotion and situational awareness resources, including assessments, to the nation’s sixteen critical infrastructure sectors and state, local, tribal, and territorial government entities.
- DHS Cyber Security Programs: Coordinate Cyber Preparedness, Risk Mitigation and Incident Response

Emily A. Markel, Office of the Chief Information Officer
Emily Markel is a Lincoln, NE native and a 2016 graduate with high distinction from Southeast Community College’s Computer Information Technology program. She currently works for the State of Nebraska as an I.T. Infrastructure Support Analyst Lead for the OCIO’s Exchange and Video team. At age 15, Emily began her career with a burgeoning software company that later became the largest software provider for medical and dental offices in the United States. She has since held a variety of technical, training and customer service positions, all focused on connecting with the end user and providing exceptional customer service. Emily fundamentally believes that no one is safe from email attacks. The pursuit of education, training and continued vigilance is the only way users can effectively combat the loss of valuable information.
- Secure Email

Earl Matthews, Verodin
Prior to joining Verodin, Matthews served as Vice President and General Manager of Enterprise Security Solutions for DXC Technology, the world’s leading independent end-to-end IT services and solutions company. In this role, Matthews delivered strategic, end-to-end solutions to help clients anticipate, overcome and reduce security threats. Major General Matthews retired from the United States Air Force in 2014 after more than three decades of distinguished service, holding high-ranking positions such as the Chief Information Security Officer and Director of Cyberspace Operations, Chief Information Officer of the United States Transportation Command and Chief Information Officer of Air Mobility Command. Major General Earl Matthews USAF (Ret) is an award-winning retired Major General of the U.S. Air Force with a successful career influencing the development and application of cybersecurity and information management technology.
- Steps to Security Validation - How to Measure, Manage and Continuously Validate Your Cybersecurity

Matt Morton, Vantage Technology Consulting Group
Flyfisherman | Philatelist | Hiker Matt Morton has more than 20 years of experience in IT focused on information security, IT management, organizational development and strategic technology architecture. Through hands-on management savvy and innovative strategic expertise, Matt has a strong record of delivering value to organizations while balancing security and effectiveness. Most recently, Matt was the Executive Director and Chief Information Security Officer at the University of Nebraska. Prior to that, Matt served as the Chief Information Security Officer and Assistant Chief Information Officer at the University of Nebraska at Omaha. Matt has a Master’s degree in Higher Education Administration from Upper Iowa University and holds CISM, CISSP, and CGEIT certifications.
- The Critical Path to Being Secure - 7 Simple Steps to Reduce Risk and Improve Operational Security

Andrew Munger, Zurich Insurance
Andrew Munger currently leads the global Cyber Threat Hunt team for Zurich Insurance. Andrew has almost two decades of experience built on a unique and diverse background in cyber strategy, intelligence, information security, risk management, layered defense, and strategic analysis. As a member of the United State Air Force, and a top graduate of their Network Intelligence Academy, he specialized in security, intelligence, and counterintelligence. After leaving the military, he has applied his skills and acquired additional expertise in the private sector supporting multiple efforts to reduce risks to businesses, protect corporate brands, and enhance cybersecurity programs.
- Cyber Threat Hunting: Open Season on Hackers

JR Noble, University of Nebraska
JR Noble is an IT Security Analyst at the University of Nebraska. He has more than 13 years of experience securing digital assets and researching emerging security threats. He holds a B.F.A. in New Media Design/Web Development from Kansas State University and an M.A. in Instructional Technology from the University of Nebraska-Lincoln. Additionally, JR holds security certifications in penetration testing and incident handling. He held an appointment as an adjunct professor at Southeast Community College where he taught web development courses. In addition to his security career, JR serves as a project coach for the Jeff Raikes School of Computer Science (at UNL) where he mentors students using machine learning, computer vision and natural language processing on externally funded projects. Clients include Hudl, CSG, TD Ameritrade, and the State of Nebraska. JR’s work analyzing malicious files and cyber-attacks have played a valuable role in increasing security awareness.
- Business Email Compromise

Jon O'Keefe, Logical Operations
As the Technology Education Jedi at Logical Operations, Jon is truly a master at helping training organizations embrace the latest technology training topics and tools. With years of experience in IT (and plenty of Star Wars trivia) under his belt and a natural curiosity for understanding what makes things work, Jon is the go-to guy for helping anyone make complicated technology seem simple. He is equally well-versed in the latest teaching methods as he is with the latest tech gadgets; it makes perfect sense that he also holds the Modern Classroom Certified Trainer (MCCT®️) certification.
- 2019 is the Year of Data: How Data is Driving Decisions in Cybersecurity, Privacy and Analytics

Abhishek Parakh, University at Nebraska Omaha
Dr. Parakh is an associate professor of Cybersecurity at the University of Nebraska Omaha. His research interests include cryptography, network security, information science, and quantum computing.
- Recent Developments in the Crypto World

Art Provost, Foundation for Educational Services, Inc.
Art Provost, CISSP, CISM, GIAC: GSEC, GPEN, GWAPT AVP of FES Security Services Art joined FES in 2011. He has been working in the Information Security arena for more than 25 years. He has held positions in operations, implementation, design and engineering, audit, and Information Security management in the U.S. Air Force, multiple Fortune 500 companies and Information Security consulting companies. He received his Certified Information Systems Security Professional from the International Information Systems Security Certification Consortium; Global Information Assurance Certifications, including Security Essentials, Penetration Tester, and Web Application Penetration Tester and Certified Information Security Manager from the Information Systems Audit and Control Association. FES Security Services conducts security and vulnerability assessments, develops policies, performs compliance audits, and provides Information Security related services to organizations across the country.
- The Internet of Things (IoT) and “Common Sense” Security Practices

Renee Schafer, Data Security Inc.
Renee Schafer, CSDS, has been with Data Security Inc. since 1999. As the Director of Operations, she leads the company by working directly with the National Security Agency (NSA), data destruction scientists and electronic media storage experts, while also growing the company through strategic decisions and effective management of all departments, especially sales, marketing and product development. She is a member of the FBI’s InfraGard, was the first CSDS in the state of Nebraska and speaks around the world to educate people on information protection. Renee leads an active family-life as well as participates in various community fundraising efforts and volunteers regularly at local outreach centers and her church.
- How to Stop Worrying and Start Destroying: Guaranteed, Science-Based Ways to Keep Data Secure

Ken Schmutz, FBI
SSA Schmutz graduated from Utah State University with a Bachelors and Master’s degree in Information Systems. SSA Schmutz worked for 13 years in the private sector for IT companies prior to joining the FBI in 2004. SSA Schmutz investigated computer intrusions his whole career which included his time in Seattle, Chicago and the FBI’s Cyber Division in Washington DC where he focused on cyber threats to the critical infrastructure. In August of 2012, SSA Schmutz was transferred to the Omaha Field Division where he serves as the supervisor of the FBI’s Cyber Task Force (CTF).
- Cyber Threats: How are the Adversaries Getting into Our Systems and What are They Targeting?

Richard Swain, IBM
Richard Swain is a Senior Security Architect with more than 30 years in IT and 10 years in Information Security. He holds the industry certifications CISSP, CCSP and CRISC and is a Master IT Architect. Richard also is a volunteer Director for the ISACA Sacramento chapter. Richard has been supporting IBM North America Clients since 2008 and has been the lead solution architect for many engagements across State Government and Healthcare. He has authored IBM best practice documents on Data Security and Information Lifecycle Management.
- Epic Fails in Data Security and How to Address Them

Ron Woerner, RWX Security Solutions
Ron Woerner, CISSP, CISM, has more than 25 years of IT and Security experience and is a noted consultant, speaker and writer in the security industry. As President and Chief Trusted Advisor at RWX Security Solutions, he works as an IT Security Consultant performing security audit and risk assessments for small, medium and large organizations. Ron established the Cybersecurity Studies program at Bellevue University, an NSA Center of Academic Excellence where he still teaches. He has been a featured speaker at the (ISC)2, ISACA and RSA conferences. His crowning achievement was being selected as the AFA CyberPatriot Mentor of the Year in 2014 for his work with High School Students. Ron loves to talk to others who are passionate about security and privacy.
- Cybersecurity Tips, Tools and Techniques - Updated for 2019

Platinum Plus

Platinum

Gold

Silver

"The value of the conference is great - local, affordable, and full of relevant content."

"I had an opportunity to learn about subjects at the periphery of my particular job responsibilities."

"Excellent conference, this is the second time I have attended."

"Good variety of breakout offerings."

"I liked the push and pull between the morning speaker and the lunch speaker. It was a nice experience to see info presented from both sides of the fence so to speak."

"Great to see so many in the state finally concerned with security."

"Breakout sessions were varied, offering something for most everyone."

"I greatly appreciated the ability to keep up on the latest trends in Cyber Security as well as the networking with peers."

"The keynotes. The kilt dude was a good slap in the face to wake us up, and the FBI field agent delivered an outstanding presentation. The irony of the contrast between these two gentlemen was certainly not lost upon me."

"The morning Keynote was one of the best security presenters I have ever heard speak."

"The range of sessions offered were good. They were not all completely vendor product focused and offered good information in a lot of different areas (social engineering, data, legal)."

"The variety of topics covered by presenters was astounding. You could get as technical or non-technical as you liked, and still received relevant security content."

"There were many new things to learn about."

"Another great conference."