6th Annual IT Security Automation Conference and Expo Presentations
Day 1 (09/27/2010)
- General
- Automation Specifications
- FDCC/USGCB
- Software Assurance
- SCAP 101 Tutorial
- Automation Content Tutorial
Day 2 (09/28/2010)
- General
- Automation Specifications
- Network Automation
- Innovative Uses of SCAP
- Security Management and Compliance Automation
- Security Automation for Cloud Computing
Day 3 (09/29/2010)
- General
- SCAP Workshop
- EMAP Workshop
- Remediation Workshop
- SCAP Product Validation Workshop
- Continuous Monitoring Workshop
Day 1 (09/27/2010)
| Presenter(s) | Presentation |
|---|---|
| Welcome Address | |
| Honorable Howard A. Schmidt, White House Cybersecurity Coordinator | Keynote Address |
| Phil Reitinger, Deputy Undersecretary (DHS) | Keynote Address |
| Track Lead Address |
| Presenter(s) | Presentation |
|---|---|
| Paul Cichonski (BAH) | Automation Specifications Overview |
| Chris Johnson (NIST) | Enterprise Remediation Automation |
| William Heinbockel (MITRE) | CEE |
| George Saylor (G2) | The Use of Rules in EMAP |
| John Wunder (MITRE), Adam Halbardier (BAH) | ARF |
| Tim Keanini (moderator) (nCircle), Luis Nunez (Cisco), Kent Landfield (McAfee), John Bordwine (Symantec), Jeff Spitulnik (IBM), Todd Dolinsky (HP) | Vendor Interoperability Panel |
| Presenter(s) | Presentation |
|---|---|
| William Corrington (Dept. of the Interior) | Evolution of the USGCB |
| Kurt Dillard (G2) | Overcoming Technical Challenges in the Windows Baselines |
| Shelly Bird (Microsoft) | Lessons Learned from Our FDCC Customers: Unmanaged to Managed |
| Kent Landfield (McAfee) | Moving Baselines Forward |
| Scott Armstrong (Symantec), Tony Uceda-Velez (Symantec) | Lessons Learned Using SCAP Tools |
| Steve Grubb (Red Hat) | Understanding the Red Hat Enterprise Linux Baseline Settings |
| Presenter(s) | Presentation |
|---|---|
| Joe Jarzombek (DHS), Don Davidson (DoD), Dan Schmidt (NSA), Tim Grance (NIST), Bob Martin (MITRE) | |
| Bob Martin (MITRE) | Knowing Your Weaknesses: CWE™ |
| Steve Christey (MITRE) | Ranking Your Weaknesses: CWSS™ |
| Sean Barnum (MITRE) | Understanding How They Attack Your Weaknesses: CAPEC™ |
| Penny Chase (MITRE) | Sharing Understanding of Malware: MAEC™ |
| Steve Quinn (NIST), Joe Jarzombek (DHS), Dan Schmidt (NSA) | CwA Panel on a Software Assurance Automation Protocol (SwAAP) |
| Presenter(s) | Presentation |
|---|---|
| Karen Scarfone (G2) | SCAP Overview (NIST 800-126 & 800-117) |
| Bryan Worrell (MITRE) | XCCDF Tutorial |
| Matt Hansbury (MITRE) | OVAL® Tutorial |
| Dave Mann (MITRE) | Standards Development Toolkit |
| Dave Mann (MITRE) | |
| Steve Christey (MITRE) | CVE® & CVSS |
| Presenter(s) | Presentation |
|---|---|
| Kent Landfield (McAfee) | Innovating SCAP |
| Tina Ackerman (NSA) | Easily Create SCAP Content Using the MACE Wizard |
| Harold Booth (NIST) | SCAP Content Validation Tool |
| Bryan Worrell (MITRE) | Recommendation Tracker |
| Peter Parker (G2) | SCAP Content Creation Solutions Using the eSCAPe Editor and Libraries |
| Jim Shelton (NSA), Mike Kinney (NSA), Dave Hoon (DISA) |
Day 2 (09/28/2010)
| Presenter(s) | Presentation |
|---|---|
| Stephen Pawlowski, Senior Fellow and CTO for the Intel Architecture Group (Intel Corporation) | Keynote Address - Bringing the Trust Back into Cyber Space |
| Tony Sager, Chief of the Vulnerability Analysis and Operations Group (NSA) | NSA Address - Security Automation: The Trail Ahead |
| Tim Grance, Program Manager, Cyber & Network Security Program (NIST) | NIST Address - NIST Security Automation |
| Presenter(s) | Presentation |
|---|---|
| Charles Schmidt (MITRE) | XCCDF |
| Brant Cheikes (MITRE) | CPE™ |
| Jon Baker (MITRE) | OVAL® |
| Maria Casipe (MITRE) | OCIL |
| Charles Wergin (BAH), Harold Owen (G2) | National Checklist Program Submission Interface |
| Presenter(s) | Presentation |
|---|---|
| Robert Hollis (ThreatGuard), Chris Farrow (VMWare) | Extending SCAP into the VMWare Virtual Infrastructure |
| Doug Dexter (Cisco) | Automated Network Security Assessment |
| Steve Hanna (Juniper Networks) | TNC: Open Standards for Network Security Automation |
| Matt Webster (Lumeta) | Security Coordination with IF-MAP |
| Dr. Bruce Gabrielson (BAH) | Progress in Near-Real Time Attack Detection At the Platform Level |
| Presenter(s) | Presentation |
|---|---|
| Michael Tan (Microsoft) | Security Compliance Manager |
| Tom Grill (VeriSign), Paul Sand (Salare Security) | SCAP for VoIP |
| Kim Watson (NSA), Dr. George Moore (Dept. of State) | Role of SCAP in an Emerging Strategy for Continuous Certification and Accreditation |
| Peter Guerra (G2), Shane Shaffer (G2) | Automated Creation of SCAP Content |
| Jack Vander Pol (SPAWAR), Kyle Stone (SPAWAR) | Developing a Government-Funded SCAP-Validated Application |
| Jim Ivers (Triumfant) | Leveraging SCAP for TNC, Endpoint Sensor Grid and Automated Remediation |
| Presenter(s) | Presentation |
|---|---|
| Mischel Kwon (RSA) | IT Security: Tying the Pieces Together |
| Alfredo Rohweder | FISMA & Security_Automation |
| Davd Houlding (Intel Health) | Client Technologies that Help Assist with Security and Privacy Regulation Compliance |
| Peter Mell (moderator), COL Michael Jones (HQDA), John Streufert (Dept. of State), Tim McBride (DHS) | Continuous Monitoring Panel
Cyber Dashboard Overview CAESARS Reference Architecture |
| Kelley Dempsey (NIST) | Security Configuration Management |
| Earnest Neal (Atlantic Systems Group, Inc.), Dirk Barrineau (VA) | FISMA Automation in a Global Enterprise |
| Presenter(s) | Presentation |
|---|---|
| Peter Mell (NIST), Dennis Moreau (RSA) | |
| Neil Ziring (moderator) (NSA), Mischel Kwon (RSA), Steve Orrin (Intel), Jen Nowell (Symantec), Gregg Brown (Microsoft) | Security Automation in Private Clouds Panel |
| Peter Mell (NIST), Christopher Hoff (Cisco), Kent Landfield (McAfee), Duncan Hays (IRS) | Continuous Monitoring for Cloud Panel |
| Kent Landfield (McAfee) | Continuous Monitoring in a Cloud Environment |
| Ron Knode (CSC) | CloudTrust 2.0 |
| Steve Orrin (Intel) | Creating Trustworthy Cloud Systems |
| Rob Roy (Fortify) | The Need for Software Security Assurance to Secure Mission Critical Applications in the Federal Cloud |
| Lee Badger (NIST), Chris Johnson (NIST) | Standards to Acceleration to Jumpstart Adoption of Cloud Computing |
Day 3 (09/29/2010)
| Presenter(s) | Presentation |
|---|---|
| General Session Panel/Discussion |
| Presenter(s) | Presentation |
|---|---|
| Charles Schmidt (MITRE) | XCCDF |
| Charles Schmidt (MITRE) | XCCDF Discussion Topics |
| Harold Booth (NIST) | Vulnerability Data Model |
| Jon Baker (MITRE) | OVAL® Future Considerations |
| John Wunder (MITRE), Adam Halbardier (BAH) | ARF |
| Presenter(s) | Presentation |
|---|---|
| EMAP Status Update | |
| OEEL Engineering Session | |
| CERE Engineering Session | |
| Emerging Topics |
| Presenter(s) | Presentation |
|---|---|
| Chris Johnson (moderator) (NIST) | Common Remediation Enumeration (CRE) and Extended Remedation Information (ERI) |
| Matthew Wojcik (moderator) (MITRE) | Remedation Policy |
| Matthew Wojcik (moderator) (MITRE) | Remedation Tasking |
| Matt Kerr (moderator) (G2) | Remedation Language |
| Karl MacMillan (Tresys Technology) | Secstate: Flexible Lockdown, Auditing, and Remediation |
| Presenter(s) | Presentation |
|---|---|
| John Banghart | SCAP Validation |
| Presenter(s) | Presentation |
|---|---|
| Peter Mell (NIST), Harold Booth (NIST), Dave Waltermire (NIST) | Technical Foundations for Continuous Security Monitoring |
| Peter Mell (moderator) (NIST), Kim Watson (NSA), Ron Gula (Tenable), Duncan Hays (IRS), Randy Barr (Qualys) | CM Technical Design Panel |
| David Waltermire (NIST), Matt Coose (DHS) | Identifying Continuous Monitoring Measures |