MARCH-APRIL 2020 - Cybersecurity & OISC20 VOLUME 18 • NUMBER 2

Serving as the bridge since 1997…Industry • Academic • Government

CIO Council • CEO Council • Cybersecurity • Data Analytics Infrastructure/Cloud • Municipality IT • Women 4 Technology

Technology… the foundation and future of every business.

technologyfirst.org

2

Technology First | MAR-APR 2020

LEADERSHIP

Technology First Announces New Executive Director

CONTENTS

After an extensive search led by Technology First's Board of Directors, we are proud to share that Melissa Cutcher accepted the position of Executive Director and began February 1, 2020. Melissa is stepping into the leadership role currently held by Marcia Albers who will be retiring March 31st.Melissa's professional achievements include leading many facets of a non-profit organization, having been with the Better Business Bureau for over fourteen years and most recently as their Chief Business Officer. Her responsibilities included relationship and financial management as well as oversight for their Women in Business Networking program. She holds a Bachelor of Arts degree in organization management and an MBA in organization leadership from Bluffton University. Melissa has been in the Miami Valley since 1985 and is a contributing member to many groups and organizations. She enjoys connecting people, golf, reading books, spending time with her daughter Ashley, husband Jeff, and puppies Cooper and Bailey.It has been said "Melissa is a person of strong character and integrity and expects that of others. She is very objective and realistic while being a self-starter and innovative". As Executive Director, Melissa will lead the promotion of Technology First, ensure revenue growth, manage the operational budget and drive the expansion of provided services in support of the region's IT industry.

A few words from Melissa: “I am excited and honored to join your organization as the new executive director. I want to thank everyone for your warm welcome. Also, I want to thank Marcia Albers, staff and the board for their support and assistance in helping me transition into this position. Following in Marcia’s shoes will not be easy, but with your input, participation and support, we can be assured that Technology First has an exciting future. I recognize I have a lot to learn and I intend to invest time and attention to get to know and understand the Technology First culture. We have a great team here at Technology First. Feel free to reach out to any of us at any time; we are happy to hear from you.” Please join us in welcoming Melissa to Technology First!

2 Announcing our new Executive Director!

3 Upcoming Events

4 Article: Joseph Desch: Dayton's IT Rock Star

6 Article: The Importance of Understanding Your Security Maturity

9 Article: Digital Forensics: Identifying the Who, What, When, and How of Cyberattacks

10 Ohio Information Security Conference

12 Article: The Importance of Risk-Based Vulnerability Management in Modern Cyber Security

13 Article: Combat Rising IT Security With IT Asset Management

14 Article: Humans are the New Malware: Protecting Your Business Against Advanced Cyberthreats

15 IT Leader Spotlight: Leo Cronin & Tim Ewart

16 Article: Operating a SOC...

17 Article: Do You Need to Backup Office 365?

18 Technology First Board of Directors

19 2020 Infographic

20 2020 Event Dates

We’re proud to support

Technology First

3

Technology First | MAR-APR 2020

MARCH17th annual OISC (Security Conference) Registration still OPEN! 3 Keynotes 24 Breakout Sessions (6 Tracks) Wednesday, March 11 | 7:45am-5:00pm Sinclair College Ponitz Center See pages 10 & 11 for Session Information

CIO Council (IT Leaders) Digital Customer/Employee Experience Facilitated by: J.D. Whitlock, CIO, Dayton Childrens Friday, March 27 | 11:30am-1:00pm Business Solutions Center

APRILData Analytics SIG IoT meets Data Analytics Facilitated by: Matt Wenning, Speedway Friday, April 3 | 8:30-10:00am Business Solutions Center

Infrastructure/Cloud SIG Topic TBA - details to come! Friday, April 3 | 11:30am-1:00pm Business Solutions Center

Tech Thursday Happy Hour Networking with TEKsystems Thursday, April 9 | 5:00-7:00pm Downtown Dayton Location - TBA!

CIO Council - Tech Forum OPEN to ALL! Data Science Panel Thursday, April 16 | 11:30am-1:00pm Business Solutions Center

UPCOMING EVENTS

WELCOME NEW MEMBERS!

Technology First Scholarship Applications due March 23rd!

The Technology First Scholarship is awarded annually to one or more deserving Southwest Ohio area college students. Students selected for this

scholarship are matriculating in Information Technology related curriculums, have achieved distinguished academic success, and have demonstrated high

character and values.

visit technologyfirst.org/tech-careers/scholarships.html for more info!

MAY7th annual TECHIES Awards Celebration! Nominations due March 6h! Categories: Outstanding Technology Team IT Project of the Year Best IT Services Company IT Executive of the Year Emerging Technology Leader Most Promising Startup Award of Excellence - Student Project Thursday, May 7 | 4:00-6:00pm University of Dayton Arena - Flight Deck

Women 4 Technology - CINCY Topic TBA Wednesday, May 13 | 8:00-10:00am Great American Insurance Group

Data Analytics SIG Topic TBA Friday, May 15 | 8:30-10:00am Business Solutions Center

Infrastructure/Cloud SIG Topic TBA Friday, May 15 | 11:30am-1:00pm Business Solutions Center

CIO Council (IT Leaders) Topic TBA Thursday, May 21 | 11:30am-1:00pm Business Solutions Center

4

Technology First | MAR-APR 2020

HOMETOWN INNOVATIONJoseph Desch: Dayton's IT Rock Star David J. Wright

Director of Academic Technology & Curriculum InnovationUniversity of Dayton

“But where are the ships?” – I asked my grandfather as we stood alongside the giant docks in my hometown of Cardiff, Wales. At one point in history this was the busiest port in the world – but it now stood largely empty. As a child I barely comprehended the story he told of the Battle of the Atlantic, where German U-Boats were sinking the convoys of ships (including those from Cardiff) as they struggled to get food and supplies across from the Americas. Rationing of food was a deadly serious outcome in this phase of World War II as 14 million tons of shipping was sent to the bottom of the Atlantic and 72,000 allied and merchant sailors died. He could not tell the complete story of how the Battle of the Atlantic was won, because much remained a secret.

Years later, now living in Dayton, I am excited to know that part of this story has been recently uncovered as we learn of the remarkable accomplishments of Joseph Raymond Desch (1907-1987). Any of us in the IT world should marvel at Desch’s prominent role in the history of computing. For example, he was one of the first patent holders on the design of a working electronic calculator. His work at Dayton’s National Cash Register Company (NCR) led to a series of innovations that matched or exceeded those of IBM in the early days of IT.

However, Joseph Desch’s even more significant contributions were kept secret until quite recently. Because of his expertise in the use of modern electronics (in particular, gas-filled glass tubes called thyratrons), Desch became the Research Director of the US Naval Computing Machine Laboratory located in Building 26 on the NCR campus. In parallel with a similar operation at Bletchley Park, England, machines called “Bombes” were built at the lab to decode Enigma messages sent to-and-from the German U-Boats. The Enigma machines looked like typewriters, with the function of taking a string of text characters and encoding them in a way that only another Enigma machine could decode. The Germans used this method to encrypt messages to prevent the Allies from knowing their intent.

The German military remained confident that the Enigma machines produced scrambled messages that could not be broken. Indeed the number of combinations of letter reassignments possible for each character in a message from Enigma was greater than the number of atoms in the universe. So yes, with the US Navy Bombe, Dayton was at the forefront of “big data” from the very beginning of the IT revolution.

Construction of 121 US Naval Bombes, each weighing 5,000 lbs., was undertaken in Dayton by a workforce of civilian and naval personnel including 600 WAVES (women in the US Naval Reserve). Using an innovative combination of mechanical rotors and thyratrons, the Bombes were precursors to modern computers. Desch’s electronics were essentially a type of memory – like a primitive forerunner of RAM. As the mechanical part of the Bombe ran through many of the potential wiring possibilities within an Enigma machine, the memory was needed to keep track of the correct hits.

The decoding efforts worked! To the very end, German naval officers refused to believe their messages were being read by the Allies, even as their submarine fleet was destroyed. This allowed the troop

buildup prior to D-Day. Desch also played an important role in helping decode messages from the Japanese naval forces operating in the Pacific Ocean. Unknown to Desch, his electronics were also used in the Manhattan Project to quantify the fissionable material used in the first nuclear weapons.

Inventions of Desch and his team were instrumental in shortening World War II. He received the Medal for Merit from President Harry Truman in 1947 – which characteristically of the entire project – was given in complete secrecy. After his death in 1987, Desch was inducted into the National Security Agency-Central Security Service Cryptologic Hall of Honor in 2011.

Almost a hundred years ago, Joseph Desch began taking classes at what would become the University of Dayton. He graduated from UD in 1929 with a degree in Electrical Engineering. UD recognized his accomplishments by posthumously awarding him the 2017 Distinguished Alumnus Award. The award was accepted by Deborah Anderson, daughter of Joseph and wife Dorothy.

This year, UD is proud to open its new Center for Cybersecurity and Data Intelligence (CCDI; see udayton.edu/cybersecurity/) in which a central lab has been named to honor Joseph Desch. The mission of the CCDI is to foster a multi-disciplinary approach for research, collaboration, and experiential learning in the areas of cybersecurity and data analysis. The Joseph Desch Lab is a shared space for students, faculty, staff and community partners to experiment and innovate with hands-on experiential learning. One of the signature aspects of Joe’s youth was his interest in building electronics from scratch – which echoes UD’s desire to catalyze student learning through hands-on real-world problem solving.

Today, Dayton and surrounding communities have established an enviable foothold in this rapidly expanding IT field. But even as we marvel at what the future holds, and what new innovations can come from the next generation of cyber and IT professionals, it helps to remember that our track record goes back to the origins of electronic computing and “hacking for the common good”. For these reasons, Joseph Desch should be remembered as Dayton’s first IT rock star.

Portrait painting of Joseph Desch and the US Navy Bombe that was designed and built in Dayton during World War II (by David Wright).

5

Technology First | MAR-APR 2020

Cyber for the Common Good

Research and practice

Hands-on education

Workforce development

Building partnerships to advance

go.udayton.edu/cybersecurity

@udaytoncyber

Architects of Continuity™

Vertiv solves the most important challenges facing today’s data centers, communication networks and commercial and industrial facilities with a portfolio of power, cooling and IT infrastructure solutions and services that extends from the cloud to the edge of the network.

Vertiv.com

Thank You New Academic

Partner

Need to find the one you want here. FYI.

6

Technology First | MAR-APR 2020

SECURITY

The Importance of Understanding Your Security Maturity

Dustin GrimmeissenDirector - Network & Security

RoundTower Technologies“I need to know what my security gaps are. But where should I begin?”If this troubling thought has ever crossed your mind, you’re not alone. Whether you’re a novice or veteran CISO, you know that the ever-evolving cybersecurity landscape means businesses like yours are constantly under siege in new and unexpected ways. And yesterday’s traditional security measures can’t keep up with the rapidly increasing frequency and sophistication of today’s attacks—leaving your data and intellectual property dangerously unprotected and placing your reputation as a gatekeeper in serious risk.The Cybersecurity LandscapeCybersecurity is shifting from an afterthought to a major business driver for most businesses. They, and their IT leadership, are being pushed more than ever to have a well-defined security program with controls in place that are commensurate with the size and complexity of the digital needs of the business. Security is more complex than ever with distributed resources, resources in the cloud, and users and devices on or off the corporate network. And businesses without a particularly mature security program (no CISO, etc.) are being driven by their industry partners to emphasize security—and rightfully so. The stats below tell a sobering story:• 71% of US enterprises reported suffering at least one data breach Thales, 2018 Global Threat Report• The average cost of a data breach in the US is $8.19m IBM, 2019 Cost of a Data Breach Report• The average time to identify a breach is 206 days IBM, 2019 Cost of a Data Breach Report• The average time to contain a breach is 73 days IBM, 2019 Cost of a Data Breach Report

The bottom line is that understanding your security program’s posture is vital to the continued growth and success of your business. But because most assessments are too vague, time-consuming, or cost-prohibitive, knowing where to take specific action can be daunting.It’s Time to ARM YourselfAt RoundTower Security, we believe that a comprehensive maturity assessment is job one. The key to combating overwhelming complexity is keeping things simple and focused on addressing the right challenges. Our proprietary ARM process quickly, effectively, and affordably assesses security program maturity and provides tested solutions and expert management. Step One: Assess risk using targeted interviews and technical exercisesStep Two: Remediate risk by applying tested solutions to help mitigate / transfer riskStep Three: Manage risk by providing visibility and orchestration through a suite of managed security offeringsSee the Big PictureA truly actionable assessment of your security program will identify the important risks and then equip you with the tools you need to quickly solve the right problems. RoundTower provides our customers with the following information, allowing them to understand the full scope of their security footing:1. Overall Security Posture Evaluation

• Inherent business-specific risks• Framework security control compliance• Strategy, policy, and governance

2. Consultative and Analytical Approaches• On-site data-gathering workshops• Risk-profile measurement via a proprietary platform

3. Robust Results and Reporting• Detailed gap analyses• 12-month ongoing maturity optimization

Quantify Your RiskOnce you can see the full scope of your security posture, quantifying the associated risks is vital to outlining your next steps. RoundTower employs a streamlined, two-stage process to determine your risk level based on existing inherent program elements.Stage one identifies your program’s “Inherent Risk” based on its ecosystem complexity. Stage two calculates a “Cyber Score” using Stage one data in relation to the strength of your program’s existing Cyber Controls.Regain ControlUnderstanding and correcting your security posture doesn’t need to be time- and budget-consuming. That’s the RoundTower difference.• Lightning Fast Findings Report - only 2-3 week turnaround from the beginning of a workshop.• Unmatched Visibility - clearly see the most pressing needs for an improved maturity posture.• Information-on-Demand - robust and readily actionable reports generated directly from exclusive software.• Targeted Strategic Planning - confidently manage ongoing Security & Risk programs in partnership with RoundTower.Security Assessment in Action: A Case StudyAn expert design-services software provider was challenged with several blind spots when it came to their own security posture. They were experiencing an increasing need to provide better overall security as well as have the ability to report on the security controls and policies they already had in place. Despite having always been focused on software development, this client did not have a CISO, nor did they have in place a dedicated security program or function. The solution demanded a quick way to evaluate their security posture, identify the most critical gaps, and be able to report on that progress as they matured.The RoundTower ApproachWhat RoundTower brought to the table was truly differentiating. Our approach is ideal for businesses that are not comfortable with the level of their security maturity—largely because they did not consider security as foundational to their business approach. So, to maximize success, we don’t start with complex compliance frameworks (NIST, etc.). Instead, we focus on high-level security maturity, providing a simplified view of where the company stands, where there are key gaps (that matter to their specific business), and a prioritization of closing those gaps. We lead streamlined and focused workshops that measure our clients’ security maturity and risk posture using sophisticated risk analysis tools. And we yield results within days or weeks—not months—and without a complex deliverable that’s hard to understand for non-security professionals.A Successful OutcomeRoundTower worked closely with our client, partnering with CyberPrism, a trusted software provider, to deliver a wholly successful outcome. We held workshops that identified the subset of overall policies and controls that mattered (based on the size and digital complexity of the client’s business) and entered into the CyberPrism platform all of the controls/policies that they did or did not have in place.The deliverables from the assessment not only included the security controls that were missing, but a prioritized list based on criticality and alignment to their business model. We also provided a list of RoundTower solutions that could close their gaps. Our client was very impressed with how quickly we turned around the assessment and how relevant the results were to their business. According to their IT leadership, the solutions were not too complex, allowing their engineers on the software development side to understand the end-goal and prioritize implementation.For more information on RoundTower and their expertise, please visit roundtower.com.

7

Technology First | MAR-APR 2020

www.roundtower.com

Copyright © 2019 All Rights Reserved by RoundTower Technologies, LLC

You do you. Let us manage the IT. For over a decade, RoundTower has been changing how technology delivers value and service by helping businesses focus on efficiency and digital transformation. Redefine your IT strategy with our cross-functional, tailored approach that will leave you with more time to focus on your main objectives.

You’re in the ___________ business,not the IT business.

Healthcare

Focus on what you do best.

X

X

X

X

Sinclair’s new Centerville campus offers many degree and certificate programs including:• Cyber Investigation

• Secure System Administration

• Information Systems Security

• Network Engineering Security

• Linux Security and Networking Essentials

• IT Fundamentals

• Network Engineering

• User Support

8

Technology First | MAR-APR 2020

Cyber threatshave met their match.

NOW PROVIDING INCIDENT AND FORENSICS SERVICES! 937-388-4405 www.secdef.com

Secure Cyber Defense analyzes and monitors digital environments with cutting-edge tools to identify, stop, and prevent cyber threats. Contact us to learn how our vulnerability assessments, intrusion prevention, and continuous monitoring services can help protect your business.

ADVANCED PARTNER

C

M

Y

CM

MY

CY

CMY

K

OISC 2020 Ad V4.pdf 1 1/28/20 11:26 AM

Information Systems and Supply Chain Management Graduate Open House You’re invited to a graduate open house for information systems and supply chain management degrees.

Join us for a free lunch and information session.

May 2, 2020 11:30 a.m.–1:30 p.m. Rike Hall Wright State University

Why choose an information systems or supply chain graduate degree?

• Earn your degree in just one year.

• Flexible scheduling with online courses and in-person residencies.

• Advance your career or find another career opportunity.

• Don’t have a business degree? Our degrees can benefit people in careers as varied as health care, education, nonprofits, marketing, and more.

You can register or learn more at wright.edu/isscmopenhouse

Explore. Innovate. Expand.With the fiber network built with your future in mind.

Our fiber networks are custom-built to meet your needs today, while preparing you for tomorrow’s mosttransformative innovations. So no matter what comes next, you’ll be ready—with the strength and assurance that come with working with an S&P 500 company.

The pathway to possible.

Fiber.CrownCastle.com

9

Technology First | MAR-APR 2020

SECURITY

Digital Forensics: Identifying the Who, What, When, and How of Cyber Attacks

Shawn Waldman, CEOSecure Cyber Defense

When a data breach or ransomware attack occurs, maintaining and preserving evidence are critical activities for law enforcement, insurance claims, court proceedings, and getting systems back online. Computer forensic teams work to identify the type of hack, the approaches used, understand the source, layout the timeline, and determine how best to recover compromised data. If your company’s data or systems have been breached or compromised, there are a number of time-sensitive and highly technical questions that must be addressed. Like other crimes, the first 48 hours are critical for gathering and preserving evidence and identifying suspects. Digital forensic experts help investigate and identify:

• Motive – why did the criminal launch the attack? Many breaches are the result of cybercriminals attempting to steal data or banking information, but it could have been a former or current employee or supplier• Means – the tools and approaches used to compromise or breach the data, such as malware, email phishing, or malicious links. It is critical to identify the level of expertise of the cybercriminal and the tools used to gain access and close off systems. • Opportunity – How and when did the cybercriminal gain access, what systems were compromised, and when was the attack launched? Some attacks occur in a small window of time, while others occur over time where multiple systems and databases have been scanned and compromised. System vulnerabilities are examined such as system patches not applied, backdoor approaches through hardware, cloud provider vulnerabilities, and SaaS platform weaknesses.

Each industry has its own set of rules and compliance regulations relating to compromised data, particularly if banking or personal information are exposed. In addition to the digital forensic investigation, reporting a breach to governing bodies, customers, suppliers, and employees is required. Digital forensic teams and incident response teams are well-versed in compliance regulations and often guide companies on their responsibilities, what information from the investigation can be shared, and how to work with their legal and communications teams.So, What Is Digital Forensics?The best defense against cyberattacks is preparing in advance and putting systems and incident response plans in place. When all else fails, and a breach or ransomware attack occurs, having digital forensic experts and an incident response team on retainer allows for quick action to be taken. In the first 48 hours, the focus is on preserving evidence. Preserving evidence follows a carefully prescribed legal and technical approach so what is gathered can be used should the case go to court. “Digital forensic investigation is a combination of technological tools, consulting guidance, evidence gathering, analysis, and the understanding of how to navigate all four", says Shawn Waldman, CEO of Dayton-based Secure Cyber Defense. Digital forensic and incident response teams work hand in hand during the critical first 48 hours. The goal of both groups is to follow a systematic approach to preserving evidence and investigating the size and scope of the breach and how best to proceed forward in getting systems back online. In the case of Secure Cyber Defense, we have a three-step process:

• Analyze – Identify the type of attack, define its scope, determine the data exposed or stolen, and the potential impact of the breach on IT systems, hardware, third-party vendors, and personal devices such as laptops, tablets, and mobile phones. • Contain - Limiting a company’s exposure and further expansion of the current cyberattack.• Preserve – Capturing and systematically preserving all the evidence necessary to understand the who/when/why and how motivations of the cyberattack and mapping out the best path forward to restoring business operations.

Having an outside company dig through all of your systems and data is intimidating. When a breach occurs, it is a chaotic time with many unanswered questions and feelings of vulnerability. Often there is the temptation to try to patch things on your own and move on. However, if critical issues like when the initial breach occurred are unknown, companies could be adding the malware back into their systems, opening up the opportunity for another breach. A forensic investigation is, therefore, a critical step to be sure no backdoors into your IT systems are left behind, allowing access for future attacks. Experienced investigators understand that this review may be unpleasant, and they are trained to do their work as objectively and as professionally as possible, often giving much-needed advice and support to executive and IT teams. The evidence gathered by digital forensic teams is used by several critical players such as local and federal law enforcement, cyber insurance companies, and local and federal courts. Understanding the chain of evidence required by each is a crucial part of how forensic teams operate and preserve evidence. It is also important for executive teams to understand their role in the investigation process, including what is covered and required by their cyber insurance policy, what legal and compliance requirements must be addressed, and managing the crisis communications plan. Cyber Aware is Cyber PreparedAs with most essential functions of a company, planning is the key. “Too often, when our forensic or incident response teams are brought in, companies are making this call for the first time”, says Waldman. Working with an incident response team and having them on retainer allows a company to evaluate its cybersecurity approach, develop an incident response plan, connect with law enforcement resources, review their cyber insurance coverage and exclusions and understand their industry’s compliance requirements. With data breaches costing $150 per record (IBM and Ponemon) and rising, educating executive teams and board members on cybersecurity issues is key. Executive education includes ways to best prepare their organization to fend off increasingly sophisticated cyberattacks and the financial impact of cyberattacks are important steps to securing a company’s data. Educating executive teams has a trickle-down effect, prompting evaluations of cybersecurity measures, implementation of incident response planning, and even more important, educating employees on what suspicious activities to watch for and report. Executive-level cybersecurity training is beginning to emerge, including Secure Cyber Defense’s own GoCyber Executive Training Center. These programs aim to provide peer-level training on specific cybersecurity topics executives and board members should be focusing on as well as familiarizing themselves with common cyberthreats and building a list of resources to contact in the event of a breach. Having an understanding of how a breach occurs, how to deal with a cyberattack, and having a stable of resources available helps a company be more prepared to weather the storm.

Secure Cyber Defense is a Dayton-based company dedicated to cybersecurity services, consulting and compliance services. With the area's only digital forensic and incident response teams, Secure Cyber Defense brings Fortinet-certified experts that align with federal cybersecurity best practices and current industry compliance standards. Our Cyber Intelligence Center tracks cyberattack patterns from multiple sources for our clients and customers, including the FBI, DoD, and DHS. https://secdef.com

10

Technology First | MAR-APR 2020

Wednesday, March 11, 2020Dayton, OH

BCPAlice Kaltenmark,Global IT Service

Continuity Manager,RELX Group

Why data ethics could prevent the next data

breachNeal O'Farrell, CEO,

Ethicause

A Group Debate: Prioritizing Your

Limited Cybersecurity Time and Budget

Bryan Hogan, President/CEO,

Afidence

Developing Your Identity Strategy

Jerod BrennenIdentity Strategy & Solutions Advisor,

SailPoint

OISC AGENDA

Star Wars: How an ineffective Data

Governance Program destroyed the

Galactic EmpireMicah K. Brown, Vice President,

Greater Cincinnati ISSA

What is the CMMC and does it affect me?

Thomas Autry, Senior Cybersecurity Engineer, Northrop

Grumman

80/20 Cyber Risk Management:

Prioritizing Issues That Matter MostApolonio Garcia,

President, HealthGuard

CCPA UpdateBill Kilgallon,

Kroger

A Practical Guide to Incident Response

Dan Wilkins, Manager, Information Security,

CareSource

Extending Security Resources With A

Managed SOCBrad Gettinger, IT Cybersecurity

Manager, Midmark

Honey TolkiensRobert Wohlaib,

Senior Cybersecurity Engineer, PCI

It Was Never About the Things

Jason Ortiz, Senior Product Engineer,

Pondurance

A methodology for cyber threat ranking integrating NIST and

FAIRAdeyinka Bakare & Dr.

Hazem Said,University of Cincinnati

Responding to Email Compromises in Office

365Chaim Black, Systems

Engineer, Intrust IT

Communication best practices during &

after a cybersecurity attack: What the

research suggestsDr. James Robinson,

Dr. Thomas Skill, & Kim Conde,

University of Dayton

System Resiliency: Continuing Business

and Mission Operations on a

Playground Full of Bullies

Rebecca Onuskanich, Partner,

International Cyber Institute

THANK YOU SPONSORS:

11

Technology First | MAR-APR 2020

KEYNOTES

National SecurityJohn O'ConnorDepartment of Homeland Security

Election SecurityFrank LaRose

Secretary of StateOhio

Breach Resiliency PanelPanelist: Leo Cronin, CSO, Cincinnati BellPanelist: Matt King, VP, Global Information

Security, Belcan LLCPanelist: Mark Sadler, Divisional VP, Great

American Insurance GroupPanelist: Mark Winemiller, VP, Information

Systems & Marketing, GosigerModerator: Shawn Waldman, CEO, Secure

Cyber Defense

Wednesday, March 11, 2020Dayton, OH

OISC AGENDA

Ohio Cyber RangeRebekah Michael, John Hoag, & John

Franco,University of

Cincinnati

Talent Leadership Panel

CISO PanelModerated by Dave

Salisbury

Community College Cyber Pilot (C3P)

ProgramKyle Jones, Sinclair

College &Danie Heighton, Clark

State

Educational Initiatives in

Cybersecurity for a Technically-Skilled

WorkforceKeith Shomper,

Professor of Computer Science, Cedarville

University

5G, cybersecurity and you

Chris Kuhl, CISO,Dayton Childrens

Built-in Security Mindfulness for

Software Developers Phu H. Phung,

Assistant Professor,University of Dayton

Fingerprinting on Encrypted Voice Traffic on Smart

Speakers with Deep Learning

Boyang Wang, Assistant Professor

University of Cincinnati

Lend me your IR's!Matt Scheurer, Senior

Systems Security Engineer, First Financial Bank

12

Technology First | MAR-APR 2020

For 20 years, Beavercreek and Dayton area residents have trusted World Digital Imaging to be their digital printer! WDI offers a wide range of

coil binding, large format, invitations, postcards, newsletters, brochures, Our customer service is beyond compare

. DESIGN: Bring your vision to life with a customized approach.

PRINT: Turn times as quick as 24 hours for most jobs!

PREPARE: Our capabilities include laminating, folding, coil binding, boxing, and more.

MAIL: We handle your mailing job from concept to delivery.

DESIGN PRINT PREPARE MAIL

ABOUT US

Sales@worlddigitalimaging.com · (937) 431-1982WORLDDIGITALIMAGING.COM

1138 RICHFIELD CENTER · BEAVERCREEK, OH 45430

Creativitystarts here.

Give us a call today at (937) 431-1982 or call to schedule an appointment for a free tour of our facilities.

SECURITY

The Importance of Risk-Based Vulnerability Management in Modern Cyber Security Kathy Vogler

Expedient Technology SolutionsIn today’s world where nearly everything and everyone is connected to the internet, businesses can’t set up a layer or two of defense and expect to be safe. While antivirus software, firewalls, and protocols like multifactor authentication provide a good baseline of protection, there are always ways around them. Meeting your industry’s security standards isn’t enough either. Maintaining compliance is important, but industry-based guidelines are hardly comprehensive, and they fail to capture your business’s unique risks and challenges. Hackers, bots, and malicious programs are constantly trying to enter your systems from all angles. The more ways you have into your system, the more exposed you are. Staying protected and maintaining security is an on-going process that involves monitoring, detection, and response. In an ideal world, you could control and monitor all things at all times at the maximum level, but the truth is, you can’t. Successful cyber security requires prioritization and execution of strategy. In order to do that, you’ll need to establish your risks and vulnerabilities. Accessing Vulnerability Based on Risk and Priority Cyberthreats are prone to attack the areas where businesses are weakest. In order to understand your weaknesses, risks, and security gaps, an in-depth audit will need to take place. You need to look at all of the ways your systems can be accessed and what information is the most accessible. This includes devices in the Internet of Things, software programs, cloud connections, vendor tools, and more. It’s important to remember that you face risks from both the outside and within. Internal threats are some of the highest risks companies face, breaking through even the strongest of defenses. It’s important that

People are at the heart of every successful business initiative. At TEKsystems, a leading provider of IT staffing and IT services, we understand people. Every year we deploy over 80,000 IT professionals at 6,000 client sites across North America, Europe and Asia. Our deep insights into the IT labor market enable us to help clients achieve their business goals-while optimizing their IT workforce strategies.

threats from both sides are properly labeled and analyzed. While exposure and vulnerability are critical in determining your priorities, they need to be weighed against value. What systems would cause your business the most damage if they were breached? Risk-based management takes all factors into account, identifying weaknesses and providing the information needed to create actionable goals and improvements. This allows you to efficiently utilize your resources to increase your security. But this isn’t the end. It’s actually the beginning. On-Going Monitoring and Adjustments Cyberthreats are constantly evolving. As they change, your vulnerabilities can change with them. Assessing risk and fixing gaps is not a one-time process. It’s an ongoing process of refinement and adjustment. You need to stay current with modern threats. You also need to measure the effectiveness of your current strategies and make changes accordingly. Proper risk-based management is about leveraging data, both from inside your company and the world around you. Though it might sound like extra work and therefore extra cost, the opposite is actually true. By monitoring risk and prioritizing vulnerabilities, businesses can not only better protect themselves, but they can reduce IT costs. Avoiding the cost of a breach is worth the investment alone. No cyber defense is 100% perfect, but with an experienced IT partner and the right risk-management tools, you can ensure your business is ready for the threats found in today’s interconnected world.

13

Technology First | MAR-APR 2020

This makes sense; if IT Security is maintaining an asset inventory (as mandated by ISO 27000), why not harvest reliable parts of their data to build out an asset inventory for a SAM tool just like one prescribed in the aforementioned Gartner article!Is that enough, for a typical CISO to claim a portion of the ITAM savings for their own expenditures? Maybe not, but let’s consider the second cost-savings source from the Gartner article: recycling software licenses. Typical security vulnerability tools are licensed by either the software agents deployed and installed on objects discovered within the computing environment, or by total found objects discovered in a passive sweep of IP address ranges.Unfortunately, IT Security might not catch and remove retired, duplicated, or incorrect records from its own asset inventory lists. That, in turn, risks an overcount of needed licenses and an overcharge to IT Security’s budget. However, if IT Security partners with ITAM and purges recovered and disposed asset inventory records from its vulnerability tools, the overall total cost of ownership for IT Security’s tooling can be significantly reduced. And those savings will unarguably return to IT Security.The final factor — optimizing software configurations — might seem like a stretch, but IT Security does have a say in the matter. Consider this example: while advising a client a few years ago, the IT Security department identified a number of high-risk security vulnerabilities in the corporate-standard PDF viewer. The CISO recommended removing the standard issued software outright before the next phishing attack successfully exploited the known bugs within the tool. The IT Service Support team resisted, arguing replatforming to the IT Security recommendation would be too costly and could be rejected by the end-user community. The ITAM team stepped in, identified a comparable tool with more features than currently offered (satisfying the end-users), with a better vulnerability score (satisfying IT Security’s concerns), and at a total cost of ownership of 60% less than the current PDF standard (more than covering the cost of deploying the new tool). The moral of the story: simply by engaging ITAM, the CISO was able to improve the security position of his organization without incurring any extra cost to their department or the rest of the organization.Modern IT Security initiatives are necessary and expensive. Smart CISOs should always be on the lookout for cost-reduction and spend-justification opportunities. Both best business practice proponents and independent researchers identify the IT Asset Management team as a willing partner. By working together, ITAM and ITSec can improve the overall organization’s security position and simultaneously reduce the overall cost of ownership for IT.1 “Hollywood hospital pays $17,000 in bitcoin to hackers; FBI investigating”, 18Feb2016, Los Angeles Times2 “How Riviera Beach left the door wide open for hackers”, 21Jun2019, Palm Beach Post3 “Cut Software Spending Safely With SAM”, 16Mar2016, Gartner ID: G003017804 International Standard ISO/IEC 19770 — Information technology, asset management, Third edition 2017-12

(continued from page 10)

Combat Rising IT Security Costs with IT Asset Management

Jeremy Boerger, OwnerBoerger Consulting

Pity the poor Chief Information Security Officer (CISO). On one hand, her needs are real: emergent cybersecurity threats are increasingly sophisticated and numerous. On the other hand, the cost of defending against these threats follows the same trajectory. Her organization’s resources are finite, but not investing in the right technology or tactics could place her in the same inauspicious gallery as Hollywood Presbyterian1 or Riviera Beach2. Then again, what other value-add IT services should be cut? There is one group inside the department who is in a position to help: IT Asset Management (ITAM). Few CISOs and cybersecurity professionals realize the “hand in glove” relationship ITSec and ITAM should have.In 2016, Gartner published an article insisting up to thirty percent (30%) of a corporation’s software budget could be cut by implementing a software asset management (SAM) program3. The article identifies three best practice activities that must be performed to achieve this remarkable return:

• Optimize Software Configurations — make sure to use the features and tools you pay for, and avoid paying for features and tools you do not use• Recycle Software Licenses — remove unneeded software installations so the corresponding software licenses can be applied somewhere else• Use SAM tools — invest in specialty license management systems that can accurately calculate complex software license rules and point out cost-saving opportunities

In many organizations, software-related expenditures make up a significant portion of the overall IT budget. Any reduction in that line item could fund a number of other projects, so IT Security needs to present a good case to justify redirecting some of those funds to them.Interdepartmental budget strategy sessions can be cutthroat, but most will respect the “Little Red Hen” rule: you only get the bread if you help with the baking. If our intrepid CISO is going to ask for a part of the savings ITAM can deliver, she needs to demonstrate how her team, or tools, or data, are actively helping in those three SAM practices.Most ITSec professionals are familiar with the ISO/IEC 27000 standards, which require an “asset inventory” to be made of the corporate computing environment. The trouble is, the methodology of ISO 27000 focuses on information security management and does not provide necessary details and data attributes for effective SAM. But dig deeper into the supporting standards and you will find ISO/IEC 197704, which specifically addresses ITAM and SAM process requirements. Last updated in 2017, it contains a maturity model constructed of three tiers:

• Tier 1: Trustworthy Data — knowing what you have so that you can manage it• Tier 2: Life Cycle Integration — achieving greater efficiency and cost-effectiveness throughout the asset life cycle (e.g., purchasing, inventorying, using, recovering, and disposal)• Tier 3: Optimization — achieving greater efficiency and cost-effectiveness across functional management areas

In typical fashion, the ISO/IEC standards do not describe how “trustworthy data” is obtained or derived, but do describe four processes where ITAM will find “trustworthy data”:

• Change Management• Data Management• License Management, and• Security Management

SECURITY

14

Technology First | MAR-APR 2020

SECURITY

Humans are the New Malware: Protecting Your Business Against Advanced Cyberthreats

J.J. Thompson, Sr. DirectorSophos Managed Threat Response / Secure Content Technologies

It may seem like a peculiar twist of irony, but as the technical capabilities afforded by automation proliferate, successful cyberattacks are increasingly more reliant on human execution. Fully automated attacks that rely exclusively on the programmatic distribution of malware are now considered less sophisticated as advanced endpoint protection capabilities are able to detect and stop them without human intervention. In response, we are seeing a significant increase in attacks that use automation in the early stages to establish a silent foothold in the organization, then shift to a human operator to execute the next steps. Slowly, methodically, and with great precision, attackers can enter the system, covertly modify security controls to evade detection, steal credentials or data, and continue working their way through the environment. If you think of a fully automated malware attack as a smash-and-grab job, these automation-enhanced active attacks are Daniel Ocean-level heists.2020 marks an inflection point on the importance of proactively detecting attacker tactics, techniques and procedures (TTPs). It’s no longer enough to react to attacks in progress with the hope of mitigating further damage. In-depth knowledge of attacker TTPs enable security teams to operate at the level of adversaries’ behavior and tendencies, providing valuable context about the attackers, their intentions, and their methods to identify the most effective response. Here are a few of the top adversarial trends and behaviors businesses can expect in 2020:Malicious use of Legitimate Software Attacker patience and strategic evasion techniques are continuing to improve. Upon compromise, attackers survey the environment utilizing passive and active techniques to create a topology of the attack surface. This technique provides more stealthy identification of critical targets, such as administrative workstations, data custodian endpoints, files, and backup servers. Using legitimate administrative tools and other “living off the land” utilities such as PowerShell and PsExec, the attacker moves laterally to higher priority assets without being detected in time to do anything about it. Administrators who closely monitor logs often pre-filter these motions in Security Information and Event Management (SIEM) tools because, as the behaviors mimic legitimate administrator activities, they generate a lot of false positive alerts. So the security challenge lies in determining the difference between malicious and non-malicious use of these commonly utilized administrative tools.Attacking BackupsDuring an incident involving ransomware, the first question asked is whether it is possible to restore to a known good state. Unfortunately, the tactics and procedures utilized to compromise and encrypt servers and endpoints are the same methods that can render connected automated backups unusable. Attackers have realized that when they are able to destroy backups, it results in a higher percentage of victims paying the ransom. Organizations relying on backup and recovery instead of preventive and rapid threat neutralization leave themselves exposed to risk in that they will be unable to recover from ransomware attacks.Reflective Attribution The cybersecurity industry, media and government have a tendency of rushing to assign attribution and attackers are preying on that tendency to avoid being linked to attacks. Once a threat actor has graduated to an advanced level, the need to be known for conducting a successful attack

is decreased as the benefits of staying unknown outweigh the benefits of attribution. To hide their tracks, advanced adversaries will purposefully reverse engineer the methods and tactics of incident responders, forensics teams and threat analysts to add a dimension to their attack whereby they lead investigators to the conclusion they want them to reach on attribution by following the methods and behaviors that would appear to be the work of another actor group. As Sun Tzu once wrote, “If his position is accessible, it is because that is advantageous to him.” Protecting your business against advanced threatsCyberattackers aren’t just increasing in their level of sophistication, but they’re also “always-on.” That means an organisation’s dedicated security team needs to be too. But many businesses don’t have the capacity to support around-the-clock monitoring and management. Few organisations have the right tools, people, and processes in-house to effectively manage their security program 24/7 while proactively defending against new and emerging threats. This is where managed service programs come into their own. They enable organizations to outsource this increasingly business-critical service to a trusted partner.Managed threat detection and responseManaged detection and response services deliver 24/7 threat monitoring, detection and response services to customers. The use of such services augments an internal team by, for example, covering those second and third daily shifts that are notoriously difficult to recruit for, contributing skill sets that the internal team may lack, and adding threat intelligence and unparalleled product expertise. Ideally, they also provide customers with access to an expert team that can take targeted actions on their behalf to neutralise even the most sophisticated threats.Key areas of expertise to look for include:Expert-led threat hunting: A good managed threat detection and response service will anticipate attacker behaviour and identify new indicators of attack and compromise. Threat hunters will proactively hunt for and validate potential threats and incidents, and investigate casual and adjacent events to discover new threats that previously couldn’t be detected.Advanced adversarial detection: The service should use proven investigation techniques to differentiate legitimate behaviour from the tactics, techniques and procedures used by attackers. This should be coupled with enhanced telemetry that provides a detailed, full picture of adversary activities and allows for the scope and severity of threats to be determined for rapid response.Machine-accelerated human response: In the best cases, a highly trained team of world-class experts will not only generate and apply threat intelligence to confirm threats detected by advanced security solutions, but also take action to remotely disrupt, contain and neutralize threats with speed and precision.Asset discovery and prescriptive security health guidance: Last but not least, look for a service that provide valuable insights into managed and unmanaged assets, vulnerabilities for better-informed impact assessments and threat hunts, and offers prescriptive and actionable guidance for addressing configuration and architecture weaknesses that enable organizations to proactively improve their security posture with hardened defences.One thing is certain: our adversaries will continue to evolve. Keeping your business safe from advanced attacks means bringing together the brightest human minds with the best technology on the market to actively defend your business 24/7. For additional information please contact Karen Greer, Secure Content Technologies, Ltd. kgreer@securecontenttechnologies.com or call 513-779-1165.

15

Technology First | MAR-APR 2020

IT LEADER SPOTLIGHT

Tim EwartFormer Technical Director for Air, Space, and Cyberspace OperationsAir Force Materiel Command, WPAFBWhat was your first job?My first job was delivering TVs in Fort Wayne, Indiana. It was the summer of 1978 and cable television was a new concept. The clarity of the picture over cable impressed me at the time.

Did you always want to work in IT?Computers always interested me, but my interest in airplanes was greater. I saw the power of IT during my career as I helped design aircraft for the USAF and later assess the combat survivability of aircraft penetrating enemy airspace. I used computer simulations for both tasks and couldn’t image doing these tasks without IT. My full indoctrination into IT came when I got involved with providing cyber resilient aircraft for the Air Force. Over the years, aircraft become more sophisticated and reliant on IT software and hardware. Ensuring the safe operations for our military aircraft showed me the complexity of the task and the need to consider cyber protection early in the system design. The same is true for any IT system, not just aircraft.

Tell us about your career pathI started working for the Air Force in the fall of 1982, learning how to design aircraft. It was fun sketching something out on a drawing board and later using a computer to represent the design. We used a home-grown piece of software the organization wrote in Fortran to calculate the aerodynamics, propulsion, weight and performance of the aircraft. In 1993, I changed to running a wargame simulation, something like a Desert Storm scenario and analyzing how aircraft survivability helped minimize aircraft losses and maximize target kills. In 2013, I got involved is cyber resiliency for all USAF aircraft. This was new territory for the Air Force and got lots of attention from senior USAF leaders. From this position, I was chosen to be the Technical Director for Air, Space and Cyberspace Operations for Air Force Materiel Command. This allowed me the unique opportunity to protect USAF aircraft, as before, and protect the networks used to do the research, development, testing and procurement of aircraft in a traditional IT sense.What roles or skills are you finding (or anticipate to be) the most difficult to fill?The skills most difficult to fill are in the cyber security field. While I think of the field as new, it really isn’t. It has been around for 20 years. What makes it difficult is the ying and yang aspect of the field. As cyber security professionals become better at their job, the adversary finds new means to penetrate the defenses. It is hard to find someone with experience. It is hard to allow someone to develop their experience. And, we hold cyber security professionals to an impossible standard of zero breaches. No wonder it is difficult to fill these positions. Nobody wants to be a victim of a breech and defending against every threat in the world is daunting. Patience, perseverance and professionals will provide the protection everyone is looking for.

Leo CroninChief Security OfficerCincinnati BellWhat was your first job?My first job in IT was with Bethlehem Steel in Pennsylvania (1983). I was actually an Accounting and Business major in college and the steel company wanted business expertise. They provided the technical (IT) training. In retrospect, it was a great idea and forward-thinking. I entered the company’s management training program, called the

“Loop” program. The goal of the program was to “loop” candidates through the entire IT organization over a two-year period. I started out in application development helping to automate cost accounting applications. I loved the development process and working with some of the “newer” development technologies invented by IBM at the time, such as ADF and IMS. I ended my rotation in operations and was given the opportunity to help implement “security” on the mainframe computers using a systems application called ACF2 (Access Control Facility 2). After working with systems programming and ACF2, I became hooked on the emerging field of computer security. Did you always want to work in IT?I really wanted to be a CPA or work in finance and accounting after school, but I could see that the information systems/technology field had a lot of upside. IT is now essential to any organization and has significantly evolved from my days working on mainframes and closed networks. However, I do strongly believe my business background has helped me over my career in technology. Tell us about your career pathSecurity has always been a passion of mine since my first job with Bethlehem Steel, where I worked in banking, online publishing and then telecommunication/IT services. I have always been a collaborator and innovator in the field and was given the chance to do some career-enhancing things at First Interstate Bank and Lexis-Nexis/Reed Elsevier. At the bank, and in collaboration with the application development team, we designed and implemented a single sign-on framework to automate access to all branch mainframe applications using ACF2 and IBM’s Customer Information Control System (CICS). A byproduct of this project was the creation of a first-generation identity and access management application for on-boarding and off-boarding personnel who needed access to mainframe applications. It was driven for the most part from data straight out of the human resources management system. All written in SAS (Statistical Analysis System), it was really quite a beautiful thing. At Lexis-Nexis/Reed Elsevier I saw technology blossom with distributed systems, networking and that big thing called the Internet. Being an early adopter of the Internet, we developed our own session manager client software to access the Lexis systems from this new, ubiquitous network complete with password support and network transport encryption (that was pre-Web browser and SSL). I also got my start with writing intrusion detection systems that looked for anomalous online activity to reduce fraud and misuse of our services. As my career evolved, I was given the opportunity to lead a matrixed team of security professionals across the globe at Reed Elsevier to develop policies, strategy and standards for security. That was probably the work that I enjoyed the most. The security professional’s role has evolved significantly over the past 3 decades from technical wizard to trusted advisor and risk manager. All of my career experiences with designing and implementing security solutions and working with and through people definitely prepared me for my current job as Chief Security Officer (CSO) of Cincinnati Bell. I have been here 6 years and can already look back on some great accomplishments by the security team and our stakeholders. I really like the culture at Cincinnati Bell, they have great people, a forward-looking management team, and the company has allowed me to make a real difference. In closing, I would like to sum up my advice on a career path: do something you enjoy and become really good at it, believe in yourself, seize opportunities and take risks, and most importantly, work through and with people. Success is a team sport.

16

Technology First | MAR-APR 2020

SECURITY

Operating a SOC: Improvements to Make, Pitfalls to Avoid, and What to Watch Todd Thiemann

Arctic Wolf NetworksA modern security operations center (SOC) is challenging to operate in terms of organization, technology, and budgets. Arctic Wolf navigates these challenges every day as we monitor over 1000 customers to detect and respond to threats as well as assess vulnerabilities. Our SOC has operated since 2014 and we have learned many lessons along the way. This article describes three key factors to improve SOC operations, three pitfalls to avoid, and some guideposts to consider during your journey to optimize SOC effectiveness.Some key factors to improve SOC operations:1) Locate and Retain SOC TalentFinding good SOC analysts is difficult in the best of times, and is particularly challenging in the present growth economy where talent is scarce. You need smart people to understand threat surface, interpret security telemetry, and find and analyze threats. Today’s latest AI and machine learning will help your staff be more effective, however, it will never replace smart people who understand your context. You need to have the right programs in place to locate, train, and retain the good people. 2) Incrementally Improve Your SOCThe “big bang” theory of improving SOC operations is fraught with risk and has a high probability of failure. Our experience has been that you need to figure out what you do well and build from there. Gradual improvement typically wins out over grandiose projects. 3) Coordinating SOC and Network Operations Center (NOC) OperationsIntegrating your SOC and NOC and how they engage with each other can help improve success. A NOC manages, controls and monitors networks for things like availability, backups, ensuring sufficient bandwidth, and troubleshooting network problems. A SOC monitors and analyzes for security risks and threats. The two functions can overlap when events like a denial of service (DOS) attack might manifest itself as a network outage, but is, in fact, a security threat. While the two functions can be organizationally discrete, they need to coordinate to achieve an optimal outcome. Now that we have covered improvements, what about pitfalls along our SOC journey? The major ones that we identified along the way are:1) Unrealistic GoalsEstablish what you want to achieve with a SOC and how much it might cost. Think through all of the pieces to establish your SOC including people, processes and technology. While the goals might be the same, larger organizations have bigger budgets and more resources than smaller organizations. You will face “build vs buy” decisions and need to think through the best approach to achieving your goals. Be realistic about what you might want to achieve and clear-eyed on how to achieve it. 2) Staffing DelusionsConsider the security challenges the business faces and the staffing level to address those challenges. Referring to the two or three security people that you have as “my SOC” is not the optimal answer. A handful of people will struggle to provide 24x7x365 coverage. And relying on alerts sent to phones during off-hours is a risky recipe for success when that middle-of-the-night alert beeps while someone is asleep. Analyst firm Gartner has suggested that eight to 12 analysts are needed to provide 24x7 coverage. Consider what happens when something bad happens when your staff is celebrating on New Year’s Eve and there isn’t someone minding the store. Be realistic about how many people you need along with how you will find, train, and retain those people.3) The “AI Cure-all” FallacyArtificial intelligence (AI) and machine learning are the buzzwords de jour in IT security. While the technology holds promise, AI will not solve all of your problems and you cannot automate your way out of the security monitoring challenge. Maintaining a well-functioning SOC also requires finding, training and retaining good people. You need good people

who can leverage sophisticated tools and AI to find the bad stuff, and those people are hard to come by. And smart SOC talent is a key to providing feedback from which automation can learn. Retaining those people means providing them with a variety of work that they find to be interesting. Variety is the spice of life and it is one of the reasons Arctic Wolf has been able to retain exceptionally talented SOC staff. Other Guideposts to ConsiderA couple of items that you need to figure out on your SOC journey are whether to build-your-own SOC or use a third-party monitoring service along with what you need to watch. Build vs Buy: You can establish your own SOC or you can use a SOC-as-a-service provider to monitor your environment for threats. Analyst firm Gartner has predicted that the managed detection and response (MDR) market adoption will increase from 5% of organizations in 2019 to 25% by 2024 (Gartner “Market Guide for Managed Detection and Response Services”, 15 July 2019). Much of that decision will be driven by costs as well as the availability of cybersecurity expertise. A SOC combines people, process and technology. A SOC initiative requires a healthy chunk of budget and management attention. If you operate in a remote area, you might not be able to locate adequate security staffing. Think carefully about what makes the most sense for your organization given your business context. Understand Your Environment: You can’t monitor and protect what you don’t know you have. Understanding your environment means taking an asset inventory and assessing your vulnerabilities. It also means understanding your on-premises infrastructure along with your cloud footprint. Monitoring your on-premises environment involves endpoint computers running Windows, Linux and MacOS as well as monitoring the network and network infrastructure such as firewalls, DNS, Active Directory (AD), Wifi access points, and so forth. And as sensitive data moves to the cloud, you also need to understand your cloud footprint. Having visibility across your environment, both cloud and on-premises, will allow you to see scenarios like a threat actor attempting to brute force an Office365 account and then use it as a jump-off point to compromise on-premises infrastructure. No matter whether you build your own SOC or use a SOC-as-a-service, you need to understand your own environment to adequately monitor that environment. There is no one road to SOC success, but the above learnings and guideposts will increase your likelihood of SOC success.

17

Technology First | MAR-APR 2020

SECURITY

Protecting Your Data from ThreatsWherever They May Be.

For more information about data security, networking, and storage solutions for your organization, please contact:

Jeff TurnerAccount Executive | Chi Corporation | 614-595-2720 jturner@chicorporation.com | ChiCorporation.com

Learn More about Chi and Barracuda at the Ohio Information Security Conference

Visit Us at Booth #1

Chi Corporation is a leading storage, backup, networking, security and virtualization solution provider and is honored to partner with Barracuda, an innovator in network security and data protection.

Barracuda’s products span three core areas—network security, data backup and protection, and application delivery—and are designed to help businesses meet the growing IT challenges of network and data security with true end-to-end protection. All products can be managed from a singular, central platform, eliminating frustrations with access and management.

Do You Need to Backup Office 365? John Thome, President, Chi CorporationMicrosoft Office 365 has transformed business use of the cloud. Gartner recently reported that 1 in 5 corporate employees use an Office 365 cloud service, and that Office 365 is now the most widely used cloud service by user count. Companies and organizations have adopted Office 365 for a variety of reasons. It's simply easier and more efficient to manage than a back-room Exchange Server; the licensing is an easy-to-consume subscription model that can be modified on-the-fly; and the products can be deployed to multiple platforms or simply used in the cloud. Customers can access their Office applications and sync and share documents anywhere, even if they're offline, and there's no need for a VPN connection to an on-premises file server. And the Microsoft service even takes care of your email and data backups.Or does it?It's true that Microsoft has native retention and basic recovery capabilities, and businesses without mission-critical email and documents may find that these suit their needs. Using these native tools or deploying a more robust solution is a business decision that needs to be made upon migration to Office 365.Seven things to consider when evaluating the protection of your Office 365 data:1. Approximately 70% of data loss in a SaaS application is due to accidental or malicious deletion of data by end-users. If your discovery of the loss takes longer than the configured retention policy, the data is gone. Microsoft SLAs do not protect customers against this.2. If your Office 365 administrator account is compromised, your backups could be lost too. 3. Will your Microsoft data retention capabilities be able to restore files and accounts in the configuration you need? Even if the data is backed-up as

needed, the restore process could be more difficult than you want.4. Are you legally required to comply with specific retention and potential litigation policies? Will the native tools provide this capability for you?5. Users can accidentally corrupt their data with malware, especially ransomware. Recovery from this scenario can be difficult and time-consuming using built-in capabilities. Versioning in OneDrive and SharePoint can help, but this counts against storage allocation and may result in additional storage costs.6. Even Microsoft urges caution and recommends full backups:“We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.” - Microsoft7. Industry best practice is to use the 3-2-1 rule: At least three copies of data, in two different formats, with one copy stored offline or in the cloud. Following this rule remains one of the best ways to protect your data.Recent research reveals that at least 40% of companies surveyed aren't using any third-party backup tools to protect their mission-critical data in Office 365. That's at least 40% of companies that are at a higher risk of data loss.Choosing a capable, fully-featured, and secure cloud-to-cloud backup solution for Office 365 is key to avoiding the pitfalls of data loss in Office 365. Data is at the heart of your business, whether it is on-premises or in the cloud. As you move your business-critical data to the Office 365 cloud, choosing a secure cloud-to-cloud backup solution allows you to properly protect your data and secure it and confidently use the cloud without the worry of data loss, data leak, or cybersecurity concerns.

18

Technology First | MAR-APR 2020

Technology First would like to thank and recognize its Board of Directors. They provide input into the strategic direction of the organization and actively lead working committees that drive our programs and services.

Diana BoldenFormer CIOTeradata

Jim BradleyVice President, ITTecomet

Matt CoatneyCTO, Managed Services HBR Consulting

Tonjia Coverdale, PhDVice President for Information Technology and Chief Information OfficerCentral State University

Melissa CutcherExecutive DirectorTechnology First

Timothy EwartFormer Cyberspace Operations Technical DirectorHQ Air Force Materiel Command WPAFB

Treg Gilstorf Chief Information Officer Yaskawa Motoman Robotics

Gary Ginter System Vice President, CIO Premier Health

Lisa HecklerVP, Information Security & PrivacyCareSource

Bryan J. HoganPresident / CEOAfidence

John Huelsman Director of Business Support Solutions Hobart Service

Don HopkinsDirector, Master of IS & Logistics/SCM Wright State University

Ryan KeanVP, Technical Strategy and ArchitectureCompany

Andy LehmanCIO & Senior VPKettering Health Network

Scott McCollum - CHAIR Chief Information Officer Sinclair College

Monique McGlinch VP, Customer Engagement and Corporate Agile Center of Excellence Midmark Corporation

Paul MoormanFormer IT StrategistND Paper

Robin PoffenbergerSystems ManagerWashington-Centerville Public Library

Christopher RoeVice President, Information Technology Services Speedway LLC

Thomas Skill, PhDAssociate Provost & CIOUniversity of Dayton

TECHNOLOGY FIRST BOARD OF DIRECTORS

Writers: Our mission is to support the growth of Greater Dayton’s information technology industry. Technology First provides a forum for educators, business, and technical professionals to communicate their expertise and lessons learned while working in the field. Please submit the article in Word, preferably with 500 to 700 words, with any graphics in pdf form to info@technologyfirst.org. Please include your name, business organization, business address, phone number, fax number, e-mail address, and a brief description of any professional accomplishments. Please also include a digital photograph if available.

Subscriptions: Non-member business/home delivery of this publication is available at $25/year (6 issues). Mail name, address and check made payable to Technology First.

714 E. Monument Avenue; Suite 1062020 Technology First; All rights reserved Dayton, OH 45402 p: 937.229.0054

Publisher: Technology First Design & Production:Executive Director: Melissa Cutcher Technology FirstDirector, Marketing & Events: Kaitlin Regan

www.technologyfirst.org

19

Technology First | MAR-APR 2020

Publisher: Technology First Design & Production:Executive Director: Melissa Cutcher Technology FirstDirector, Marketing & Events: Kaitlin Regan

C R E A T I N G A C O M M U N I T Y T O S H A R E K N O W L E D G E ,G R O W B U S I N E S S A N D B U I L D F O R T H E F U T U R E .

K N O W L E D G ES H A R E

C R E A T I N G AC O M M U N I T Y

B U S I N E S SG R O W

B U I L D F O RT H E F U T U R E

Company's Highest Level IT Executive orBusiness LeaderMonthly Meetings25-40 Attendees Each SessionStrategic Planning and Leading Edge TopicsPeer-led sessions and networking

C I O / C E O C O U N C I L( I T L E A D E R S )

20+ Attendees Each Session7x/yearArtificial Intelligence / Machine LearningAnalytical AlgorithmsData Strategy & Analysis ToolsIoT Applications

D A T A A N A L Y T I C S

15+ Attendees Each Session7x/yearTrending Infrastructure and Cloud TopicsMaintenance & Security

I N F R A S T R U C T U R E / C L O U D

Outstanding Technology TeamBest IT Services CompanyIT Executive of the YearEmerging Tech LeaderMost Promising StartupAward of Excellence - Student Project

Recognizes contributions of Technology professionals (each May)

50+ Attendees Each SessionCIO Council open to all of membership3x/year (January, April, October)Recognized Thought Leaders

T E C H F O R U M S

Casual After Hours Networking5x / year

T E C H T H U R S D A Y S

LeadershipNetworkingProfessional DevelopmentMentoring

Both in Dayton and Cincinnati (7x/yr)Four Areas of Focus

W O M E N 4 T E C H N O L O G Y

2 2 B O A R DM E M B E R S

4 Quarterly Meetings

1 7 0 + C O R P O R A T EM E M B E R S

1 1 A N N U A LP A R T N E R S

2 A N N U A LC O N F E R E N C E S

T E C H N O L O G Y F I R S TL E A D E R S H I P A W A R D S

O H I OI N F O R M A T I O NS E C U R I T YC O N F E R E N C E17th Annual 3/11/20Tracks; Executive, Technical, Operations,

350+ Participants25+ Speakers including Expert Panels30+ Exhibitors

Resiliency, Governance, and Workforce

T A S T E O F I T13th Annual 11/13/19Tracks: Strategy,Security, Analytics,Infrastructure/Cloud,Dev/Programmers400+ Participants30+ Speakers 40+ Exhibitors

S O C I A L M E D I A

W E B S I T E

T E C H N O L O G YF I R S T M A G A Z I N E

26,000+ Unique Annual Visitors

Expert Articles contributed byMembers1,000+ Mailed to IT Professionals70,000+ readers

E - N E W S L E T T E R4,000+ SubscribersEvent NewsJob OpportunitiesMember HighlightsAnnual Partner Recognition

T E C H S O U R C EHelps IT Buyers find SuppliersLocate Resources in our RegionRFP & Referral Requests

D I G I T A L M I X E RAnnual Casual Career andNetworking Night (February)35+ Employers200+ StudentsLocal Colleges and Universities

S C H O L A R S H I P S$5,000 in Scholarship Money to 5 students2019 Winners from Sinclair College,Wright State University, and CedarvilleUniversity

T E C H F I R S T

J O B P O S T I N G SUnlimited Position Postings forMembersFull-time, Part-time, and InternshipOpportunities

W O R K F O R C E F O R E C A S T

& S A L A R Y

S U R V E Y

IT Leaders, City Managers, and MSP'sof MunicipalitiesSmart Cities and Leading EdgeTopics

M U N I C I P A L I T Y I T

S C A N T O S I G N - U PF O R E M A I L S

E s t a b l i s h e d i n 1 9 9 7

2 0 2 0

S T U D E N TV O L U N T E E R S

K - 1 2 E N G A G E M E N T

20

Technology First | MAR-APR 2020

714 E. Monument Ave., Suite 106Dayton, OH 45402937.229.0054 • TechnologyFirst.org

2020 EVENT DATES:

@technologyfirst.org @technologyfirst Technology FirstRead our Tech First Magazine at issuu.com/technologyfirstdayton

CIO COUNCIL

WOMEN 4 TECHNOLOGY

DATA ANALYTICS January 16, 2020 - Tech Forum (Open Event)

February 20, 2020 March 27, 2020

April 16, 2020 - Tech Forum (Open Event) May 21, 2020 June 12, 2020 July 9, 2020

August 14, 2020 September 10, 2020

October 8, 2020 - Tech Forum (Open Event) December 3, 2020

(Executive Leadership Only - 11:30-1pm) January 10, 2020 February 28, 2020

April 3, 2020 May 15, 2020

August 21, 2020 October 2, 2020

December 4, 2020

DAYTON: January 22, 2020

June 3, 2020 September 16, 2020TECH THURSDAYS

February 13, 2020 April 9, 2020 June 11, 2020

August 27, 2020 November 5, 2020

OISC - March 11, 2020 Taste of IT - November 18, 2020

CONFERENCES

Digital Mixer - February 12, 2020 Leadership Awards - May 7, 2020

SPECIAL EVENTS

(Open to ALL - 8:30-10am)

INFRASTRUCTURE/CLOUD(Open to ALL - 11:30-1pm)

(Open to ALL - 8-10am)

MUNICIPALITY ITJune 4, 2020

September 24, 2020 December 10, 2020

(for City Managers and Muni IT Leaders)

(Open to ALL)

(Open to ALL)

(Open to ALL - 5-7pm)

S IGN UP FOR EMAIL L IST HERE

CINCY: February 5, 2020

May 13, 2020 August 12, 2020

December 9, 2020

January 10, 2020 February 28, 2020

April 3, 2020 May 15, 2020

August 21, 2020 October 2, 2020

December 4, 2020

Register at www.technologyfirst.org