North Country Cybersecurity Conference
Where The Business World Meets Tech
This year’s conference will take place on Oct. 18 at the main campus.
Past Conference Speakers
The theme of this 2018’s event, Prepare, Plan, Practice, and WIN!, moved away from the “doom and gloom” portrayal of cybersecurity to present winning strategies for ongoing cybersecurity resiliency in the North Country. Speakers shared their practical, “how to do it,” best strategies for cybersecurity awareness, management and technical implementation in your organizations.
Debra Snyder, GSTRT, CISSP, CRISC, PMP
- Chief Information Security Officer
- NYS Office of Information Technology Services
- Chief Information Security Office
Deborah A. Snyder serves as chief information security officer (CISO) for New York State, in the Office of Information Technology Services (ITS).
In her role, she directs the Enterprise Information Security Office’s comprehensive governance, risk management and compliance program. She is responsible for providing strategic leadership and vision, and assuring business-aligned, risk-based investments that maximize business opportunity and minimize cyber security risk.
Ms. Snyder has extensive experience in government program administration, information technology and cyber security policy. She actively supports the state’s efforts to engage citizens and enhance the delivery of government services. She is an acknowledged industry thought-leader, and has been recognized for excellence and outstanding contributions in public programs and the field of cyber security.
She serves on the NYS Forum Board of Directors, NY CISO Executive Summit Governing Board, is a State Academy for Public Administration Fellow, and member of the Project Management Institute, InfraGard, Information Systems Security Association (ISSA), Information Systems Audit and Control Association (ISACA), and the Institute of Internal Auditors (IIA).
She teaches graduate-level courses, has published numerous articles, and co-authored “SECURE – Insights From The People Who Keep Information Safe,” which offers industry leadership insights and perspective. She is a highly regarded speaker on topics critical to executive-level business and IT professionals.
Thomas Duffy, Class of ’73
- Senior Vice President, Operations & Services
- Vice President of Operations
- Multi‐State Information Sharing and Analysis Center (MS‐ISAC)
Thomas Duffy is senior vice president of operations and services at CIS. He is responsible for managing all aspects of the CIS Security Operations activities, which are the focal point for cyber threat prevention, protection, response, and recovery for the nation’s state, local, tribal, and territorial (SLTT) governments. He provides leadership in developing program, organizational, and financial strategies.
He also manages the operation of the CIS 24-hour cybersecurity watch and warning operations center, which provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation, and incident response. He works closely with the U.S. Department of Homeland Security (DHS), including its National Cybersecurity and Communications Integration Center (NCCIC), as well as with SLTT officials across the country.
Prior to joining CIS, Mr. Duffy served as deputy director of the New York State Office of Cyber Security and Critical Infrastructure Coordination (CSCIC). In this role, he oversaw the day-to-day operations of the office, which included coordinating the state’s cybersecurity strategies and policy development, monitoring the state’s networks, researching threats, vulnerabilities, and exploits, and issuing cyber alert advisories to the governmental and private sector entities in New York.
Andrew Gronosky, Class of ‘92
- Principal Application Security Engineer at Pegasystems, Inc
Presentation: “Painless Threat Modeling.” Threat modeling is one of the best things you can do to improve your systems’ security posture and promote security awareness, but to a beginner, it can look like a massive and dauntingly complex task. This presentation will show how teamwork and an iterative approach can starting bringing you the benefits of threat modeling within hours, not weeks, while building positive relationships between security experts and IT and software engineering professionals.
Andrew Gronosky is a principal application security engineer at Pegasystems, Inc. in Cambridge, Mass. He graduated from SUNY Plattsburgh in 1993 and holds a master’s degree in mathematics from Rensselaer Polytechnic Institute. Mr. Gronosky was formerly a research scientist at Raytheon BBN technologies, where he developed survivable distributed systems and served on a team that received the Excellence in Engineering Technology award. He is currently a member of the Security Assessment Team at Pegasystems, where he is leading the company’s threat modeling program.
Devi Momot, CISSP, GSLC, GISP
- CEO, Twinstate Technologies
Presentation: “Creeps, cheats and thieves on the dark web, an inside look.” This session provide insight into the dark web and provide examples of what types of information is bought and sold. This is a non technical session to illustrate better information and awareness and remove the mystery of the term for the attendees.
Presentation: “The Dark Web is changing your role as an IT person.” This session provide insight into the dark web and provide examples of what types of information is bought and sold. This is a technical session to demonstrate the realities of what is occurring on the dark web and how this ecosystem is changing the way IT and IT Security professionals need to look at protecting their environments.
Devi Momot is the CEO and acting CISO of Twinstate Technologies® and has been at the helm since 2007, moving the company into the future through her pioneering vision. She is a Certified Information Systems Security Professional (CISSP®) by (ISC)2, the International Information System Security Certification Consortium, Inc.; and has core cybersecurity leadership certifications from the SANS (SysAdmin, Audit, Networking and Security) Institute, including the GIAC Security Leadership Certification (GSLC®) and the GIAC Information Security Professional (GISP®). Devi holds certificates in education from institutions like Harvard Business School; serves on advisory councils for global tech titans such as Sophos; is a present and past member of a number of boards of directors, and is actively involved in making a difference in her community. An avid supporter of education, Devi initiated the company’s support of the SUNY Plattsburgh School of Business and Economics (SBE) Center for Cybersecurity and Technology (CCT) as an Academic Alliance.
Christian Nicholson, GWAPT, GMOB, GPEN, GCIH, GSEC
- Lead Consultant and Partner at Indelible LLC
Presentation: “Six degrees to domain admin revisited, leveraging BloodHound for Defense and Offense.” I consider myself an advanced programmer, I have been programming ever since I was little, it is one of my favorite hobbies along with building computers and computer programs, websites, and more recently mobile apps. My first formal experience in the technology industry was as a part of the student technology team in both high school and middle school, whose job was to help teachers with computers, new programs, and also new technology like smart boards. I also do freelance work in the areas of web design, graphic design, program and application design for various platforms, video editing and special effects, audio editing, as well as occasional work in video game or 3d design.
I enjoy many different aspects of the rapidly evolving world of technology. I love to learn new things especially those that I can use later on in life. I enjoy programming and experimenting with new ideas and concepts. I also like to play around with graphic art and web design. I also love things that challenge me and force me to really think. I am a strong believer in pushing the boundaries of what we believe to be possible in order to find or create something new, just because we currently believe something is impossible doesn't mean that it is impossible.
- KPMG, Sr. Associate Advisory Cyber
- Threat Researcher, Foundstone Professional Services, Intel Security
- SANS, CyberAces
- SANS, Instructor and Subject Matter Expert (SME)
Frank Angiolelli, CISSP
- Strategic Site Consultant, Foundstone
Presentation: “Wreck SIEM Noise. Practical and simple approaches and techniques anyone can do to eliminate alert fatigue and SIEM noise confidently.” Frank is an intelligence systems patent author and seasoned IT security professional with lengthy management and hands on technical experience. Possessing a broad knowledge of information security fields and deep knowledge in SOC operations, incident response, network forensics, pattern recognition, and threat landscape. Passionate about protecting both locally and the internet at large. Privacy advocate. Creator of Three Principles of Judo Threat Intelligence:
- Use the attackers energy against them
- Maximum effect, minimum effort
- Break their posture, execute the throw
- CISSP #354776 (18 Nov 2009)
- Nearly 2 decades of cyber security experience
- Deep experience in malicious anomalies
- Tenacious and unceasing security researcher
- CERT/CIRT incident management and response consulting
- Proven motivator, facilitator and problem solver
- Proven capabilities in producing actionable threat intelligence internally.
- Penchant for automation, statistics and thermodynamics
- Published in SANS SOC, Washington Post, SecurityAffairs.co, Westchester Magazine
Valecia Stocchetti, GCFE, GSEC
- CERT Manager, Multi-State Information Sharing and Analysis Center (MS-ISAC)
Valecia comes to CIS from the eCommerce field where she worked complex financial fraud cases. She is a graduate of University of Albany with a degree in Digital Forensics. Valecia has held every position within the MS-ISAC Computer Emergency Response Team (CERT), starting as an intern and working her way into division leadership. She currently manages the MS-ISAC CERT and spearheads forensics investigations and incident response for the MS-ISAC SLTT community. Valecia holds two certifications, GIAC Certified Forensic Examiner (GCFE) and GIAC Security Essentials Certification (GSEC). While she enjoys all things InfoSec, she particularly finds the cybercrime and espionage fields fascinating, which is what led her to this career in the first place.
Tyler Wrightson, CISSP, CCSP, CCNA, CCDA and MCSE
- Founder Leet Cyber Security
Tyler Wrightson, CISSP is the author of Advanced Persistent Threat Hacking and Wireless Network Security: A Beginner's Guide. Tyler is the founder of Leet Cyber Security, which helps organizations solve their technical cyber security challenges.
Leet focuses on offensive security services such as penetration testing and red teaming to secure organizations against real world attackers. Tyler has over sixteen years of experience in the IT security field across many industries including healthcare and financial services with extensive experience in many areas of technical security including networking, systems architecture, offensive security and penetration testing.
Tyler holds industry certifications such CISSP, CCSP, CCNA, CCDA, and MCSE. Tyler has also taught classes for CCNA certification, hacking and penetration testing, wireless security, and network security.
Tyler is the founder of ANYCon, Albany New York’s annual hacker conference. He has been a frequent speaker at industry conferences including NYS CyberSecurity Conference, Derbycon, BSides, Rochester Security Summit, ISACA, ISSA, and others. Follow his security blog at http://blog.leetsys.com
Cristian Balan, CISSP, CHFI, ACE, CAS, MST
- Coordinator, Center for Cybersecurity and Technology (CCT)
- Management, Information Systems and Analytics Dept (MISA), School of Business and Economics (SBE), SUNY Plattsburgh
Presentation: “The WIN — Small Business Cyber Resiliency.” Small business continue to be the target of cyber-attacks and hacking. While on a small budget, they cannot afford the more expensive vendor provided protection of medium and large business. Using inexpensive products and in-house policies and management, small business can resist the onslaught of malware and ransomware we have seen in the past year. Building on last year’s presentation where we showcased some basic strategies, we will share more in depth techniques for protecting your computers, your network and your data. CCT Interns will be presenting with Prof. Balan.
Cristian Balan is an energetic information systems security professional with ample experience in incident response and managing teams of highly technical responders. He has teaching experience in computer networking and information security. He has extensive consulting experience working with the law enforcement community in system administration, information security and digital forensics. As the deputy CIO for the VT Army National Guard, Cristian Balan has experience working at the executive level with CIOs, CTOs and CISOs to implement security policies and create incident response teams.
He is an active member of the Albany Chapter of Infragard, an FBI sponsored organization, and was the chief of the Vermont Army National Guard Computer Network Defense Team. Major Balan and his team responded to cyber incidents on the VT Army National Guard computer networks and the larger U.S. Army network. MAJ Balan (Retired) is a National Guardsman with 31 years of experience with the last 14 years spent in the information assurance field.
In December of 2010, Major Balan completed a one year tour of duty in Afghanistan with the 1-172nd Cavalry Squadron, 86th Infantry Brigade Combat Team (Mountain) as their signal officer managing a 70 million dollar computer and radio communications infrastructure in Parwan Province, north of Kabul. MAJ Balan holds DOD Certification in Information Assurance Level III both technical and management. Professor Balan holds the CISSP certification from the International Information Systems Security Certification Consortium, Inc. [(ISC)²], the Certified Hacking Forensic Investigator designation from the EC-Council, and ACE certification from Access Data.
He is the owner and managing consultant of NY Computer Networks, a 14 year old consulting firm specializing in managing cyber risk for a wide range of clientele in both the public and private sector. Professor Balan invites his students to work with him on vulnerability assessments and consulting for government organizations and non-profits that cannot otherwise afford the services of a security expert. Professor Balan managed the highly successful Champlain College digital forensic program starting in the summer of 2007.
Prior, he held the position as distance learning coordinator at several colleges to include SUNY at Plattsburgh, SUNY at Potsdam and Clinton Community College. As a manager, Cristian Balan believes in constant professional development for his team members and participation in industry events. He endears a hands-on, lead from the front management style and quickly builds effective teams to respond to security incidents.
He actively works with the industry association and is a regular presenter at security conferences. Cristian Balan’s latest interests span remote forensics, digital evidence triage and malware analysis. Professor Balan manages the SUNY Plattsburgh Center for Cybersecurity and Technology in the School of Business and Economics. He teacher cybersecurity courses in the Management, Information Systems and Analytics Department. Cristian Balan is interested in exploring industry opportunities in managing incident response teams, digital forensic and malware teams along with consulting at the C-level in cybersecurity.
Randy Giltz, CPCU, CSRM, ‘86
- Senior Vice President, Northern Insuring
Randy joined the Northern Insuring team in 1990. He has twenty-five years of experience in the insurance industry and holds the designation of chartered property and casualty underwriter, as well as certified school risks manager. As senior vice president, Randy is responsible for marketing business insurance, taking an active role in nurturing our excellent relationship with a variety of insurance carriers. As a member of the sales team, he specializes in coverage for public schools.
- SOC Administrator, State University of New York
Kevin Stillman is the administrator for SUNYNet and SUNY SOC Services at the State University of New York’s System Administration in Albany, NY, reporting to the chief information officer for SUNY. He is responsible for university-wide network initiatives, including SUNYNet and its wide-area-network services to the sixty-four campuses of the State University of New York (SUNY). He leads the network operations center responsible for data center network and security infrastructure at system administration, as well as planning and operations of voice/video/data networks at SUNY locations throughout New York State. Kevin also serves in an administrative leadership role for the SUNY Security Operations Center, which provides information security services to more than half the SUNY system’s campuses. Kevin has been with SUNY since 1997 starting as a network analyst in network operations and moved to a management role under the CIO’s office in 2003. Prior to joining SUNY Kevin was a network administrator for Rensselaer County in Troy, N.Y. where he provided a variety of information technology services like desktop support, Windows server management, mainframe operations, network cabling and routing & switching. Kevin graduated from Marist College in 1994 with a Bachelor of Science in Computer Information Systems and Business Administration. Today he still resides in Brunswick and enjoys very much being the father of two boys. While not working he enjoys playing guitar and being a dad.
Ken Runyon, CISSP, CCSP, CISM
- Chief Information Security Officer, State Univeristy of New York (SUNY) System Administration (SA)
Ken Runyon is the SUNY SA university wide CISO. In this role ken provides leadership and support to each SUNY campus in areas relating to information security, enterprise risk management, and compliance. In addition, he was instrumental in establishing the SUNY SOC and continues to provide oversight and information security guidance to the SOC with regard to future initiatives and operations. In line with his leadership role, he established SUNY’s first university wide information security working group (ISWG) to improve communications and information sharing within the broad SUNY information security community. These monthly meetings provide a venue for the identification of future technologies and better enables SUNY to leverage expertise available throughout the broader organization. As a subject matter expert, he was part of a handpicked team that crafted the SUNY board of trustees’ first u-wide information security policy. He routinely presents information security topics at SUNY sponsored technology events and enjoys sharing his experience and learning from others. His background includes a wide array of practical experience that lends itself to cybersecurity. This experience includes training as an electronic warfare/cryptologic linguist (Russian), intelligence officer (SIGINT), signal officer (telecommunications), and information systems management officer (computing) in the U.S. army, N.Y. army guard, and army reserve. During his career ken worked as a software engineer for several consulting firms and software vendors (Sybase/PowerBuilder, Silverstream software, and Novell) while living in the Washington dc metro area throughout the 90’s until taking a position at SUNY as a senior java developer in late 2003. His interest in cyber security began in the 1990’s when he became the data networking branch chief for the 311th theater signal command where he designed and implemented secure data networks in support of us army operations in Korea and south east Asia. As a java software engineer, he worked with the National Security Agency (NSA) and helped design their first secure web/java-based signals intelligence reporting portal. During OIF/OEF (2007-2008) he deployed in support of the 311th theater sustainment command out of ft. Bragg as their information management division chief where he established the unit’s secure SharePoint portal, secure ftp, and secure adobe connect, while supervising help desk support operations for over 30,000 distributed users. During this same time, in close coordination with the 335th theater network operations and security center (TNOSC), he engineered the first SIPRNET connection to the Sinai Peninsula in support of us military operations in that region. He recently retired from the us army reserves after serving as an adjunct professor for the us army command and general staff college responsible of training operations throughout New England, New York, and new jersey.
Diane J. Delaney
- Worldwide Talent Manager, IBM Security
Diane Delaney is the worldwide talent manager for IBM Security. In this role, she established and now oversees an enterprise-wide talent program to attract, recruit, hire and retain diverse early professionals with cybersecurity skills. She created and manages the IBM Security Early Professional Bootcamp, a class for IBM Security Early Professional New Hires. She also provides guidance and direction for the security enablement program which includes learning activities, digital badges and security certifications, essential for career growth for cybersecurity professionals. During her 33-year career with IBM, Diane has held several roles including senior manager, service delivery manager, project manager, systems engineer and programmer. Diane is an IBM Certified Executive Project Manager. She is PMP and ITIL Foundations v3 certified and holds a Bachelor of Science degree in Computer Science from SUNY Plattsburgh. Diane lives in Woodland Hills, California. She is married and is the mom of two “millennial” children. Outside of work, she enjoys playing racquetball, bicycling and skiing. She is actively involved at her church and is a volunteer leader for several community events focused on helping the homeless and hungry in Los Angeles and around the world.