Keynote Panel

Keynote Panel

How to Make End Users Smarter About Security

No matter how much money is spent on security technology, many major breaches – including those at RSA, Sony, and Zappos.com – begin with a single user breaking security policy to click on an email attachment or download a suspicious Web file. With so many breaches in the news and so many resources devoted to enterprise security, why do end users continue to make the same dumb mistakes and continue to be drawn in by the same tired social engineering schemes?

In this hard-hitting panel discussion, leading experts in social engineering and phishing attacks will offer a look at the most common methods used to fool enterprise employees, and the potential impact of users’ failure to maintain good security policy. The speakers will also offer a look at enterprise security awareness programs, pointing out the flaws in many current programs and making concrete recommendations on how to build security awareness and testing programs that work – and make end users more savvy about their online behavior.

		Francis Brown Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Stach & Liu, a security consulting firm providing IT security services to the Fortune 500 and global financial institutions as well as U.S. and foreign governments. Before joining Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients. Francis has presented his research at leading conferences such as Black Hat USA, DEFCON, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications. Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques. Title: “How to Make End Users Smarter About Security”

		Scott Greaux Scott Gréaux graduated from the Pennsylvania State University and has since held roles of increasing responsibility from application developer to CTO to President of a boutique marketing firm. Most recently Scott served as General Electric's Deputy Chief Information Security Officer where he led key global initiatives such as Policy and Policy Frameworks, Security Awareness, Advanced Threat initiative coordination and Information Security metric reporting. During his tenure he was uniquely positioned to see the threat of advanced phishing techniques and developed a multi-faceted program to address the phishing risk in a large enterprise. Scott brings his 13 years of Information Technology experience and unique blend of business management and creative marketing practice to PhishMe where he serves as Product Manager. In his role Scott works with PhishMe customers to develop robust anti-phishing programs and to define the future of the PhishMe product. Greaux is also responsible for PhishMe’s managed service and support operations. Title: “How to Make End Users Smarter About Security”

		Tim Rohrbaugh With more than 23 years of experience in the military, Government consulting and private security industry, Tim Rohrbaugh, Chief Information Security Officer at Intersections Inc., is frequently cited in the media as an expert on anti-fraud, ID verification, and security architecture. His mantra is “Information security is not a science, its art; leave the black-and-white approach to Ansel Adams.” As Chief Information Security Officer, Mr. Rohrbaugh is responsible for Intersections’ information security program; including, security control designs for the enterprise and specific consumer data protections. Prior to joining Intersections in 2004, Mr. Rohrbaugh was the CIO of a private consulting firm where he lead the Centers of Excellence which included security managed services and furthered the goal of integrating information security into the development life cycle. Mr. Rohrbaugh currently serves on the board for the Online Trust Alliance where he provides strategic advice from technical and corporate governance prospective with the goal of strengthening the bonds of trust between consumers and concerned businesses. He lives in the Virginia countryside with his wife and two children. Title: “How to Make End Users Smarter About Security”

		Timothy Wilson Tim Wilson is a founding editor of Dark Reading.com, the IT industry’s most comprehensive portal for news and information on computer security. In this role, Wilson is responsible for managing the site, assigning and editing much of the content, and writing breaking news stories. Wilson also directs the content behind Dark Reading's popular "Tech Center" subsites and Dark Reading's virtual conference events. Prior to joining Dark Reading.com, Wilson was the business editor for Network Computing, one of the industry’s leading magazines for in-depth technology information and product reviews. A 25-year veteran of the IT industry, Wilson has spent most of those years as a journalist, including eight years as a top editor and reporter for CMP Media’s InternetWeek (originally called Communications Week). As executive editor of DataTrends Publications Inc., a newsletter publisher, Wilson founded four industry newsletters on the subject of data communications, edited several others, and wrote a half-dozen books on the topic. Wilson also has served as an industry analyst with two widely-recognized IT consulting firms: Decisys Inc. (now part of Gartner) and Enterprise Management Associates. Title: “How to Make End Users Smarter About Security”