January 1, 2017

2016 ISSA International Conference Review

Jessa Gramenz

The 2016 ISSA International Conference was held in Dallas, Texas on November 2nd and 3rd. The event theme was Survival Strategies in a Cyber World. The two-day event took place at the Hyatt Regency, the same location as the Reunion Tower Landmark that the Dallas skyline is known for. The event held sessions lead by industry leaders, networking events, and vendor booths for students, educators, and chapter leaders alike.

As a student, these large conferences can often be a bit intimidating, but the event was well organized and utilized a helpful application for scheduling sessions and networking. After picking from a great selection of sessions to attend, I was eager for the upcoming presentations. Due to my schedule at school, I was only able to attend on November 2nd, but I made the most of my time there.  My activities planned for the day started with a visit to Career Central. My first goal was to get a second opinion on my resume to ensure I’m putting the right material out there for companies to see. Although I didn’t have a chance to visit with the resume reviewer, I was able to ask the staffing companies that were present what they suggest I work on. I made sure to network with some of the businesses and stocked up on the goodies they had to offer.

My session schedule started with Cyber Fraud Hunt Operations presented by Jarrett Kolthoff. Kolthoff is a former Special Agent of the US Army Counterintelligence with over twenty years of experience in cyber security. The presentation outlined several cases that Kolthoff has worked on relating to incident response and digital forensics. During the presentation, Kolthoff offered advice to attendees and discussed how tools don’t inspect memory in real time. As a student, what I found interesting about his presentation was his discussion with other attendees that most students aren’t being taught the basics of networking such as the OSI Model. At first, I wanted to refute his claims and name all the seven layers and their role but decided to test his theory with other computer science students at the four-year college that I transferred to after graduating from John A. Logan College, a community college in Southern Illinois. Of the three students I inquired about the OSI Model and other networking basics, they hadn’t even heard of the OSI Model and we discussed that they had no knowledge of subnetting. So, it turns out Kolthoff may be onto something. Most computer science programs are focusing on coding and other fundamentals, but forgetting essential basics. Luckily, my instructors at John A. Logan College drilled the fundamentals into my memory from the very beginning. This is another instance where the gap between educators and industry leaders needs to be bridged.

My next session was looking for a Job in a 0% Unemployment Industry, presented by Sean Henry of CyberSN. Henry is the Vice President of Staffing Services at CyberSN and is passionate about developing people and businesses. During the presentation, Henry explained how employers could help find the employees to fill their openings. He discussed the importance of finding an employee that is trainable and has the basics down. Henry spoke from experience when he noted that most roles aren’t being filled because the chance of finding the experienced individual with every specialization you need them to have, is very slim. The chance of that person being unemployed and searching for your opening in your region is even slimmer. Henry suggested that employers meet in the middle and prepare to take on employees with the capability to adapt to their needs. “You don’t want to spend a year screening when you have someone who is trainable.” Henry also mentioned the difficulties we have finding the ideal position as students. The interview process is unique and even though the jobs are there, proving that we have what it takes isn’t always as simple as showing a resume. Henry also stressed that due to the nature of technology constantly evolving, it is useful to have a fresh graduate who is prepared to tackle new technologies.

CISO Success Strategies was the third session I attended. Frank Kim presented topics on the difficulties that you may face as a CISO, and how to successfully present ideas and needs so that executives get on board. Kim stressed the importance of connecting with business leaders to show how cyber security is of value to the company.

The final session I was able to attend was Automotive Security: Challenges and Perspectives, presented by former Tesla Firmware Engineer, Eric Evenchick. Automotive Security has become a hot topic since the expansion of IoT to vehicles. As cars become more automated, the security of these connected devices is critical. Evenchick discussed the vulnerabilities of our current automotive systems, and ways that we can improve them. It has been 20 years since OnStar opened the door to connected cars in 1996. One aspect of car security today that is still a little alarming is the lack of authentication, especially when using OBD-II tools. Evenchick also explained the Controller Area Network (CAN) as well as provided statistics that stated, by 2025 it is estimated that 100% of cars will be connected.

ISSA International made sure that the event wasn’t all work and no play. As the final hours of the first day of the conference concluded, attendants lined up to attend the Party in the Sky. This event turned out to be an excellent networking opportunity, and the capture the flag event was exciting to follow. Overall the 2016 ISSA International Conference was an amazing experience. I can only imagine all the takeaways I would have acquired if I could have attended both days of the conference. Although there weren’t a lot of students present, I hope to help change that as I encourage more students to attend conferences to stay current with cyber security trends.