2018 Annual WNY Conference 


We are very excited to announce ISACA of WNY's annual Controls and Compliance Conference, set to take place on May 8, 2018.  The location will be the same as last year (DoubleTree by Hilton Hotel Rochester).



Morning Keynote:

"An Update on the Cyber Threatscape - Tracing Threats to the Financial Services Community"

This session is a high level introduction to using threat intelligence relating to the financial services threatscape.  However, the techniques are applicable to a wide variety of cyber threat hunting scenarios regardless of the industry.  We begin by reviewing the cyber threatscape in general and introducing the cyber underground including what it is - it's not just TOR - and how to monitor and access it.  We will visit some payment card dumpshops and a boutique that focuses on account takeovers.  We will introduce some tools including the use of "canaries" to use as intelligence multipliers.  The blockchain and bitcoin wallets are important tracing tools so we will examine how the blockchain works and how to use it to trace transactions relating to malicious activity.  We will focus on tracing the chain of transactions in a card fraud scheme rather than such things as ransomware payments since our focus is on fraud.  We will finish by showing you how to perform these investigations safely including how to set up an investigative PC and build aliases.  Over the entire session we will show you tools - commercial and free - that belong in your tool kit.  We also will focus on the most current events in the underground and some of the actors most active. 

Topics include: ~The Cyber Threatscape and the Cyber Underground; ~Finding and Tracing Dumpshops and Boutiques: using canaries; ~Intro to block chain as an indicator compromise: tracing bitcoin transactions; ~Setting up aliases and what your investigative computer should look like; ~Proactive response to payment card fraud and cyber-initiated account takeovers.


P. R. Stephenson, PhD, CISSP (Ret), VSM, Cyber Criminology, Cyber Jurisprudence, Cyber Crime Research Lab

Peter Stephenson has taught information assurance, network attack and defense, digital forensics and cyber investigation on both the graduate and undergraduate levels. He started his 50+ year career as a U.S. Navy cryptographer, then moved into the private sector where he operated his own information security consulting practice for some 20 years. Navigating the industry and his career with aplomb, he then became director of technology for the global security practice of Netigy Corporation and was, until July 2003, the director of technology and a research coordinator for QinetiQ Trusted Information Management, a large international information security professional and managed services company. He holds a doctorate in digital investigation and is pursuing a second PhD in law. He holds the CISSP (retired) designation from (ISC)2 and retired as a Fellow of the American Academy of Forensic Sciences. He has authored “Investigating Computer Crime” and the “Official (ISC)2® Guide to the CCFP CBK” He also is former CISO of Norwich University. In short, Stephenson knows a thing or two about IT security.  His current personal research home is at the helm of the Cyber Crime Research Lab, which is engaged in cutting edge research related to cyber-crime technology, cyber threat intelligence, cyber law and jurisprudence, cyber criminology, and cyber threat hunting.  It is also home of Forensic Threat Hunting (trademark).



Afternoon Keynote: 

Cryptocurrency Crime A basic introduction to cryptocurrency, for those who don’t follow it, and then a focus on the crimes we’re seeing associated with it, and what’s coming next. We will break the crime down to 4 categories – (1) theft of cryptocurrency, (2) cryptocurrency as a tool to facilitate other crime, (3) theft of resources (to mine cryptocurrency, aka cryptojacking), and (4) physical crimes related to cryptocurrency.


Stacey A. Wright, Director of Cyber Intelligence, MS-ISAC, EI-ISAC, Center for internet Security (CIS)


Stacey A. Wright leads the Intel Team for the Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). She has designed and built this team to provide strategic and operational cyber intelligence to state, local, tribal, and territorial (SLTT) governments. The team publishes more than 200 products per year providing timely, actionable SLTT government and elections-focused insight on cyber risks, actors, trends, tactics, vulnerabilities, and incident response. Recipients use the intelligence to improve visibility, detection, accuracy, and strategically align resources to the current cyber environment. In addition to her work at CIS, Stacey teaches two graduate cybersecurity and threat intelligence classes at the State University of New York. Prior to her employment at CIS, Stacey was the Cyber Intelligence Analyst for the Federal Bureau of Investigation (FBI) Albany Division, where she was responsible for coordinating the local cyber intelligence program and served as the FBI's liaison to the MS-ISAC. Stacey began her career as an Information Systems Specialist for the Cambridge, MA, Emergency Communications and Fire Departments. She received her Bachelor of Science in Criminal Justice from Northeastern University, and her Master of Business Administration from the University of Massachusetts, Boston. She is a formally trained Intelligence Analyst and a national speaker on cybercrime.