Cyber Security HomeSecurity AwarenessCyber Security For KidsPA-ISAC
Cyber Security
Security Awareness
Resources and Tips
Security Assessment Framework
Security Awareness Toolkit
Cyber Quiz
Cyber Security for Kids
Security Advisories
Anti Virus
Security News
Best Practices
Security Projects
Commonwealth Employees
Local Government
Information Technology
Log In
Security Awareness

Cyber Friday Informational Sessions

October is Cyber Security Awareness Month and as part of this year’s cyber security awareness campaign, OA-Information Technlogy will be hosting weekly cyber security informational sessions each Friday during the month of October. These events are open to all commonwealth employees.

Please note that you must register in advance


8:30 am to 10 am - Cyber Security: The Emerging Threat Landscape and State of the State
Presenter: Erik Avakian, Chief Information Security Officer, Commonwealth of Pennsylvania
Location: Commonwealth Technology Center, Conference Room 1&2

The advent of new business-centric technologies such as cloud computing, the domination of mobile technologies, and advances in the exchange of electronic information have morphed the cyber security threat landscape and will continue to present significant challenges  for years to come. The recent flurry of data breaches and advanced persistent threats, and well as the risk of cyber attacks on our critical infrastructure (SCADA systems) have propelled cyber security to the front page of the media world on a daily basis. We will examine some of these real world examples and real threats to our critical infrastructure, and focus on the evolving cyber security threat landscape to identify the types of safeguards and solutions organizations that can implement to protect themselves from an attack.

10:30 am to 12 pm - How Microsoft Secures its Network
Presenter: Al MacKinnon, Technology Strategist, Microsoft
Location: Commonwealth Technology Center, Conference Room 1&2

Microsoft IT operates an open, operational and experimental development network that supports a global corporate enterprise.  Microsoft IT is responsible for managing IT services and a challenging computing environment for more than 140,000 end users and more than 500,000 network devices, including tens of thousands of smart phones that span more than 440 sites worldwide.  Microsoft IT is constantly developing mechanisms to understand, communicate, and prioritize existing and emerging security challenges that surround the enterprise. This combination of factors—an evolving security landscape full of potential vulnerabilities in a large and dynamic IT environment—presents a challenging array of variables for a security organization to comprehend, organize and address.


8:30 am to 10 am - 21st Century Incident Response
Presenter: Angie Singer Keating, CISA, CIPP, CISM, CRISC
Location: Commonwealth Technology Center, Conference Room 1&2

A growing body of disclosure law governing security breaches and data loss incidents, coupled with 'the professional nature' of the threats, is fueling an expanded focus on incident response, digital forensics, evidence collection and proactive fraud detection. In addition, government and industry regulations require not only the aggregation of data and event management but also the ability to identify and take remedial action on incidents. Attendees will be introduced to the fundamentals of IRP and will learn how to craft and implement an incident response planning program which relies on processes and documentation. A special emphasis will be placed on the requirements, responsibility, processes and procedures needed to provide a rapid and reliable incident response capability. Attendees will learn how to identify potential issues between management, public relations and legal counsel before they happen, how to deal with government and law enforcement officials, and understand how and when to engage forensic procedures.

10:30 am to 12 pm - Imperva ThreatRadar Web Application Firewall (WAF)
Presenters: Jack Shirley, Regional Sales Manager and and Madhu Murty, Sales Engineer, Imperva
Location: Commonwealth Technology Center, Conference Room 1&2

Hackers are becoming more industrialized and well resourced.  Sophisticated criminals are leveraging networks of remotely-controlled computers, or bots, to launch large-scale automated attacks. Effective attack mitigation requires identifying known malicious sources and adapting to continuously changing attack locations and techniques.  The presenters will review the commonwealth’s current WAF architecture and how the solution is able to protect agency web application from external threats.  


8:30 am to 10 am - Unfolding the GRC Roadmap
Presenter: Peter Novosel, Director of GRC Platform Strategy, RSA
Location: Commonwealth Technology Center, Conference Room 1&2
Are you concerned about reducing your organization's exposure to security and compliance risks? Are there ways to automate the collection, analysis and management of data generated by your systems and people? Do you want to explain the benefits of leveraging a GRC platform to your management team? In this presentation, you will hear about the compelling need for a centralized and streamlined governance, risk and compliance program and how to automate those processes with an eGRC software platform.

10:30 am to 12 pm - Hacking 101
Presenter: April Sauer, IBM
Location: Commonwealth Technology Center, Conference Room 1&2
Learn first-hand the fundamentals of hacking, including how to find Web application vulnerabilities through a combination of manual and automated approaches, and what to do when a vulnerability has been identified.


8:30 am to 10 am - Cyber Security Research & Development: A Perspective on Current Activities
Presenter: Dr. Douglas Maughan, Cyber Security Division Director, U.S. Department of Homeland Security
Location: Commonwealth Technology Center, Conference Room 1&2
Cyber security has become a critical area of interest for the government and critical infrastructure. This presentation will highlight those activities associated with research and development (R&D) and how they will impact cyber security activities from the global level down to state and local entities.

10:30 am to 12 pm - The State of Cloud Security: Ready or Not
Presenter: Dan Blum, Senior VP, Gartner
Location: Commonwealth Technology Center, Conference Room 1&2
Driven to the cloud, organizations are still fraught with sensitive data concerns. As we found during field research on adoption, organizations cycle between understanding cloud drivers, deploying, resolving issues, changing architectures, and strategizing. As the industry progresses towards provider transparency, standards, and assurance, security pros must learn how to prepare for cloud compliance and audit; what public cloud security technologies they should be emphasizing and how the market for cloud security solutions progressing.