>> Compliance Track 



Cyber Threats: How Criminals Work and What They're After

In this interesting presentation, one of the FBI Buffalo Division’s Cyber Task Force member agents will share up-to-date information regarding key threats facing our nation in this time of acute and persistent terrorist, state-sponsored, and criminal threats to our national security, our economy, and our communities. The session will also include a discussion of ways to mitigate cyber-risks even when the adversary is continually evolving.


Sharon Mentkowski, FBI

The FBI leads the national effort to investigate high-tech crimes, including cyber-based terrorism and espionage, computer and network intrusions, and major cyber fraud and identify theft. To stay in front of current and emerging trends, the FBI gathers and shares information and intelligence with public and private-sector partners worldwide. The Buffalo Division Cyber Task Force brings together local, state, and federal intelligence community experts to combat computer intrusions, viruses, and other cyber threats.



Security With a Team of One

This session will give a broad-based overview for security practitioners that are designing a Security Program for small/medium business, as well as those who may wish to apply these practical suggestions in the home environment.  In both cases, the need for prioritization of effort and practical, budget-conscious choices is greater than ever.  It may also be the case that the "Team of One" does not have the security skills required to design such a program, or to implement the underlying IT required to meet the requirements of such a program. 

Similarly, many professionals from enterprise-level environments are unfamiliar with the affordable, often open-source tools that are available to practically achieve a good security posture.  SO beyond covering the "must-do" items for a legitimate Security Program, this session will survey the range of tools that can fulfill those needs, and provide thoughts and comments on their effective use.


Stan Letarte, EagleDream Technologies - Director of Security & Infrastructure

Stan's Information Technology career spans over 30 years as a creative communicator, innovative architect, and leader in numerous industries including: music publishing, government, aerospace & defense, high-tech manufacturing, clinical research service supply chain and office document automation.

As head of the Security & Infrastructure practice at EagleDream, Stan often serves as a virtual CISO, helping clients identify and address their security and governance needs. He also takes a leadership role in developing policies, roadmaps migration strategies and other key deliverables.  Prior to joining EagleDream, Stan drove progress and efficiency at Xerox Corporation in such diverse areas as: Enterprice Architecture, PCI/Payment Platforms, SDLC systems, Logfile Security & Analytics and Integration Competency Centers.

Outside work, Stan enjoys uphill bicycle racing with his sons, cabinet making, gardening and time spent with his wife and daughter. He serves as an audio engineer for many musicians and gives back to the community by chairing several boards. 


You've Been Hacked! Now What?

Organizations large and small, in every industry are falling victim to hackers, hacktivists and nation states. Your intellectual property, data and bank accounts have never been at greater risk - it's not if, but when your organization will be victimized. Developing and maintaining an effective Incident Response plan and team has never been more important. This session will present an in-depth look at several recent databreach victims and how their incident response processes led to effective business resumption or epic failure. Attendees will learn best practices for responding to incidents, from law enforcement, forensics and legal considerations to compliance and public relations. The presentation will also cover the standards and compliance regulations - from NIST and US-CERT to HIPAA and the NYS Information Security Breach and Notification Act - that should be considered when developing Incident Response policies and procedures. Attendees will take away actionable information for implementing an effective Incident Response program.


Dan Didier, Greycastle Security - Vice President of Services

Dan Didier (MSIA, CCSP, TSS) is an entrepreneur, speaker and Vice President of Services for GreyCastle Security.
With nearly 20 years of security experience in a wide range of industries including critical infrastructure, finance, healthcare, manufacturing and other prominent industries, Dan brings extensive expertise as a technical security engineer and business-focused risk manager.
Dan's unique background allows him to bridge the gap between people, process and technology and adapt to the unique cybersecurity challenges that organizations face today.



Reimagining Security - Changing Team Culture

This presentation will be a case study on influencing team culture, and empowering team members to be agents of change for the Enterprise Cybersecurity Program.


Cynthia Ricci, Change Agent in Human Affairs

As a catalyst for positive change, I have a history of engaging cross organizational members to generate new ideas and to increase overall performance. I am proficient at establishing standards, procedures, and tools to enhance the effectiveness and efficiency of teams. I enjoy making it possible for individuals to work together. My passion is to break down silos that prevent shared knowledge so that organizations can achieve new heights.