6th Annual IT Security Automation Conference and Expo Presentations

Below is a list of presentations from the 6th Annual IT Security Automation Conference and Expo. If any presenters from the conference, or associated workshops, would like to have their presentation listed please send the presentation, presenter's name, presentation date, and track name to david.lee@nist.gov.

Please click here to download all the presentations.

Day 1 (09/27/2010)

General Session Presentations
Automation Specifications
FDCC/USGCB
Software Assurance
SCAP 101 Tutorial
Automation Content Tutorial

Day 2 (09/28/2010)

General Session Presentations
Automation Specifications
Network Automation
Innovative Uses of SCAP
Security Management and Compliance Automation
Security Automation for Cloud Computing

Day 3 (09/29/2010)

General Session Presentations
SCAP Workshop
EMAP Workshop
Remediation Workshop
SCAP Product Validation Workshop
Continuous Monitoring Workshop

Day 1 (09/27/2010)

General
Presenter(s)	Presentation
	Welcome Address
Honorable Howard A. Schmidt, White House Cybersecurity Coordinator	Keynote Address
Phil Reitinger, Deputy Undersecretary, DHS	Keynote Address
	Track Lead Address

Automation Specifications
Presenter(s)	Presentation
Paul Cichonski, BAH	Automation Specifications Overview
Chris Johnson, NIST	Enterprise Remediation Automation
William Heinbockel, MITRE	CEE
George Saylor, G2	The Use of Rules in EMAP
John Wunder, MITRE and Adam Halbardier, BAH	ARF
Tim Keanini, nCircle (moderator), Luis Nunez, Cisco, Kent Landfield, McAfee, John Bordwine, Symantec, Jeff Spitulnik, IBM, Todd Dolinsky, HP	Vendor Interoperability Panel

FDCC/USGCB
Presenter(s)	Presentation
William Corrington, Dept. of the Interior	Evolution of the USGCB
Kurt Dillard, G2	Overcoming Technical Challenges in the Windows Baselines
Shelly Bird, Microsoft	Lessons Learned from Our FDCC Customers: Unmanaged to Managed
Kent Landfield, McAfee	Moving Baselines Forward
Scott Armstrong, Symantec, Tony Uceda-Velez, Symantec	Lessons Learned Using SCAP Tools
Steve Grubb, Red Hat	Understanding the Red Hat Enterprise Linux Baseline Settings

Software Assurance
Presenter(s)	Presentation
Joe Jarzombek, DHS, Don Davidson, DoD, Dan Schmidt, NSA, Tim Grance, NIST, Bob Martin, MITRE	SwA Panel: Use Cases, Standards and Roadmap for Enterprise Security Automation Operational Applications for Automation Protocols Public/Private Collaboration Efforts for Enterprise Security Automation Supply Chain and SwA
Bob Martin, MITRE	Knowing Your Weaknesses: CWE™
Steve Christey, MITRE	Ranking Your Weaknesses: CWSS™
Sean Barnum, MITRE	Understanding How They Attack Your Weaknesses: CAPEC™
Penny Chase, MITRE	Sharing Understanding of Malware: MAEC™
Steve Quinn, NIST, Joe Jarzombek, DHS, Dan Schmidt, NSA	CwA Panel on a Software Assurance Automation Protocol (SwAAP)

SCAP 101 Tutorial
Presenter(s)	Presentation
Karen Scarfone, G2	SCAP Overview (NIST 800-126 & 800-117)
Bryan Worrell, MITRE	XCCDF Tutorial
Matt Hansbury, MITRE	OVAL® Tutorial
Dave Mann, MITRE	Standards Development Toolkit
Dave Mann, MITRE	CCE™ Tutorial CPE™ Tutorials
Steve Christey, MITRE	CVE® & CVSS

Automation Content Tutorial
Presenter(s)	Presentation
Kent Landfield, McAfee	Innovating SCAP
Tina Ackerman, NSA	Easily Create SCAP Content Using the MACE Wizard
Harold Booth, NIST	SCAP Content Validation Tool
Bryan Worrell, MITRE	Recommendation Tracker
Peter Parker, G2	SCAP Content Creation Solutions Using the eSCAPe Editor and Libraries
Jim Shelton/Mike Kinney, NSA, Dave Hoon, DISA	Secure Configuration Management: Use Cases Secure Configuration Management: Standards Research Secure Configuration Management: Remediation Standards

Day 2 (09/28/2010)

General
Presenter(s)	Presentation
Stephen Pawlowski, Senior Fellow and CTO for the Intel Architecture Group, Intel Corporation	Keynote Address - Bringing the Trust Back into Cyber Space
Tony Sager, Chief of the Vulnerability Analysis and Operations Group, NSA	NSA Address - Security Automation: The Trail Ahead
Tim Grance, Program Manager, Cyber & Network Security Program, NIST	NIST Address - NIST Security Automation

Automation Specifications
Presenter(s)	Presentation
Charles Schmidt, MITRE	XCCDF
Brant Cheikes, MITRE	CPE™
Jon Baker, MITRE	OVAL®
Maria Casipe, MITRE	OCIL
Charles Wergin, BAH, Harold Owen, G2	National Checklist Program Submission Interface

Network Automation
Presenter(s)	Presentation
Robert Hollis, ThreatGuard, Chris Farrow, VMWare	Extending SCAP into the VMWare Virtual Infrastructure
Doug Dexter, Cisco	Automated Network Security Assessment
Steve Hanna, Juniper Networks	TNC: Open Standards for Network Security Automation
Matt Webster, Lumeta	Security Coordination with IF-MAP
Dr. Bruce Gabrielson, BAH	Progress in Near-Real Time Attack Detection At the Platform Level

Innovative Uses of SCAP
Presenter(s)	Presentation
Michael Tan, Microsoft	Security Compliance Manager
Tom Grill, VeriSign, Paul Sand, Salare Security	SCAP for VoIP
Kim Watson, NSA, Dr. George Moore, Dept. of State	Role of SCAP in an Emerging Strategy for Continuous Certification and Accreditation
Peter Guerra and Shane Shaffer, G2	Automated Creation of SCAP Content
Jack Vander Pol and Kyle Stone, SPAWAR	Developing a Government-Funded SCAP-Validated Application
Jim Ivers, Triumfant	Leveraging SCAP for TNC, Endpoint Sensor Grid and Automated Remediation

Security Management and Compliance Automation
Presenter(s)	Presentation
Mischel Kwon, RSA	IT Security: Tying the Pieces Together
Alfredo Rohweder	FISMA & Security_Automation
Davd Houlding, Intel Health	Client Technologies that Help Assist with Security and Privacy Regulation Compliance
Peter Mell (moderator), COL Michael Jones, HQDA, John Streufert, Dept. of State, Tim McBride, DHS	Continuous Monitoring Panel Cyber Dashboard Overview CAESARS Reference Architecture
Kelley Dempsey, NIST	Security Configuration Management
Earnest Neal, Atlantic Systems Group, Inc., Dirk Barrineau, VA	FISMA Automation in a Global Enterprise

Security Automation for Cloud Computing
Presenter(s)	Presentation
Peter Mell, NIST, Dennis Moreau, RSA	Cloud Security Opening Address Security Automation for the Cloud
Neil Ziring, NSA (moderator), Mischel Kwon, RSA, Steve Orrin, Intel, Jen Nowell, Symantec, Gregg Brown, Microsoft	Security Automation in Private Clouds Panel
Peter Mell, NIST, Christopher Hoff, Cisco, Kent Landfield, McAfee, Duncan Hays, IRS	Continuous Monitoring for Cloud Panel
Kent Landfield, McAfee	Continuous Monitoring in a Cloud Environment
Ron Knode, CSC	CloudTrust 2.0
Steve Orrin, Intel	Creating Trustworthy Cloud Systems
Rob Roy, Fortify	The Need for Software Security Assurance to Secure Mission Critical Applications in the Federal Cloud
Lee Badger and Chris Johnson, NIST	Standards to Acceleration to Jumpstart Adoption of Cloud Computing

Day 3 (09/29/2010)

General
Presenter(s)	Presentation
	General Session Panel/Discussion

SCAP Workshop
Presenter(s)	Presentation
Charles Schmidt, MITRE	XCCDF
Charles Schmidt, MITRE	XCCDF Discussion Topics
Harold Booth, NIST	Vulnerability Data Model
Jon Baker, MITRE	OVAL® Future Considerations
John Wunder, MITRE, Adam Halbardier, BAH	ARF

EMAP Workshop
Presenter(s)	Presentation
	EMAP Status Update
	OEEL Engineering Session
	CERE Engineering Session
	Emerging Topics

Remediation Workshop
Presenter(s)	Presentation
Chris Johnson, NIST (moderator)	Common Remediation Enumeration (CRE) and Extended Remedation Information (ERI)
Matthew Wojcik, MITRE (moderator)	Remedation Policy
Matthew Wojcik, MITRE (moderator)	Remedation Tasking
Matt Kerr, G2 (moderator)	Remedation Language
Karl MacMillan, Tresys Technology	Secstate: Flexible Lockdown, Auditing, and Remediation

SCAP Product Validation Workshop
Presenter(s)	Presentation
John Banghart	SCAP Validation

Continuous Monitoring Workshop
Presenter(s)	Presentation
Peter Mell, Harold Booth, and Dave Waltermire, NIST	Technical Foundations for Continuous Security Monitoring
Peter Mell, NIST (moderator), Kim Watson, NSA, Ron Gula, Tenable, Duncan Hays, IRS, Randy Barr, Qualys	CM Technical Design Panel
David Waltermire, NIST, Matt Coose, DHS	Identifying Continuous Monitoring Measures