Cyberbytes
Jack Potter, Deputy CISO for Security Operations at WaTech’s Office of Cybersecurity provides short video tips on common scams and how to stay safe online.
Common Scams
Password Managers
Multi-Factor Authentication
See something say something
Training
2023 Cybersecurity Awareness Month presentations
Cybersecurity Awareness Month Kickoff
State CISO Ralph Johnson
Please join state Chief Information Security Officer Ralph Johnson for his kickoff presentation. As the state CISO, Ralph is responsible for establishing and leading the strategic direction of cybersecurity for Washington state and advising the state CIO and agency leaders on key cyber issues. Ralph oversees the Office of Cybersecurity and its team of cybersecurity experts who detect, block, and respond to cyber threats. The office also works to prevent and mitigate future risks through proactive steps to continually strengthen the state’s security posture.
Since 2005, Ralph has held several positions as CISO. He supported the Los Angeles Times and the San Diego Union-Tribune through his position as CISO of NantMedia Holdings LLC. He also has served as CISO of Los Angeles, CA and King counties. In King County, he held a dual role as King County’s Privacy Officer. His breadth of knowledge as a Holistic Information Security Practitioner (HISP) and with more than 28 years of experience in Information Technology provides a foundation of excellence in managing risk.
Do you have a plan for Insider Threats?
James Globe, Vice President, Strategic Advisor Cybersecurity Capabilities at Center for Internet (CIS)
Please join James Globe, Vice President, Strategic Advisor Cybersecurity Capabilities at Center for Internet (CIS) for his presentation: “Do you have a plan for Insider Threats?" This briefing will cover who are insider threats, common triggers, personal factors, and organizational factors to contribute to insider threat behaviors. You will learn what organization can do to defense against insider threats to include deploying data loss prevention (DLP), multi-factor authentication (MFA) with zero-trust, and endpoint detection and response (EDR) technologies. Globe serves as the senior leader responsible for advising on strategic cybersecurity capabilities, cybersecurity workforce, data analytic analysis, frameworks, emerging and enabling technologies for use by State, Local, Tribal, and Territorial (SLTT) members. He has more than 20 years in technology leadership including extensive experience engineering signal intelligence mission systems, workflow management systems, financial and banking systems, modeling and simulation systems, and web-based information portals for top-tier banking and defense contracting organizations including Bank of America, SAIC, BAE Systems, and L3 Harris Technologies.
Cybersecurity & Banking
John Fox, Department of Licensing CISO
John Fox will be discussing why multi-factor authentication is important and how it can be used with your online banking. John has worked for the state for six years and is currently Chief Information Security Officer at the Department of Licensing. Prior to joining DOL, John held networking and security jobs in state, federal, and private sectors for organizations ranging from large defense contractors to a small television station. In his off time, John enjoys the beautiful PNW with his family, woodworking, and football.
Phishing, smishing, and vishing. What they are and how can you protect yourself
Ian Moore, State Coordinator for the Cybersecurity and Infrastructure Security Agency (CISA)
Please join Ian Moore for a presentation on all the "ishing" threats. Ian will talk about phishing, smishing, and vishing and the various forms of deception that can be used against you. He'll also demonstrate and explain the differences with the parts of an email so you know what to look for to determine if it is real and will show how to respond to and manage phishing, smishing or vishing generically within your organization. Ian serves as the Cybersecurity State Coordinator for the state of Washington for CISA, based in Olympia, WA. He supports the Department of Homeland Security (DHS) mission of strengthening the security and resilience of the nation's critical infrastructure. His program coordinates cyber preparedness, risk mitigation and incident response, and provides cybersecurity resources, including assessments to the state, local, tribal, and territorial government entities and the nation’s 16 critical infrastructure sectors. Prior to joining DHS and CISA, Ian worked in both IT and cybersecurity for over 25 years. In 2015, Ian and his family decided to move home to the Northwest and took a job at the Puget Sound Naval Shipyard as a Cybersecurity Engineer. After a promotion and a year of working as the Platform IT (Operational Technology) Branch Manager, he accepted a position as a Cybersecurity Advisor position within CISA.
Technical discussion on phishing
Daniel Brown, CISA Cybersecurity Advisor for Eastern Washington
Daniel will discuss phishing from a technical perspective, highlighting what CISA has seen the adversary do. Dan serves as the Cybersecurity Advisor for Eastern Washington and is based in Spokane, WA. He supports the Cybersecurity and Infrastructure Security Agency (CISA) mission of leading the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. Dan offers CISA resources that coordinate cyber preparedness, risk mitigation and incident response. He provides cybersecurity resources, including assessments, to public and private stakeholders in the nations’ 16 critical infrastructures, including auxiliary support for state, local, tribal, and territorial government entities. Prior to joining CISA, Dan worked in information technology and cybersecurity for more than 25 years. He began in technical support and has worked in several roles including Software Engineer, Database Administrator, Network Administrator, and Security Administrator. His former public service experience includes state, local, and higher education. Most recently, he worked at the Community Colleges of Spokane as their Information Security Officer (ISO). Prior to that, he worked for 17 years at Washington State University as an Assistant Director of Systems and Security.
AI impact on privacy
Kathyrn Ruckle, WaTech state Chief Privacy Officer
Katy Ruckle, WaTech's State Chief Privacy Officer, will provide an overview of the impacts that generative AI can have on privacy. Katy, a licensed attorney admitted to the Washington State Bar Association in 2005, was appointed as the Chief Privacy Officer on Jan. 1, 2020 by the state Chief Information Officer. Since her appointment, Katy has published foundational privacy principles for Washington state agencies to incorporate into their data governance practices and increased training on privacy and data protection through monthly webinars. In 2021, she lead the Automated Decision-Making Systems workgroup which culminated in a report to the Legislature. She currently co-chairs the state workgroup on artificial intelligence. Katy previously served as the Privacy Officer and Information Governance Administrator at the Department of Social and Health Services (DSHS) where she created and implemented the agency’s privacy program. She holds certifications from the International Association of Privacy Professionals (IAPP) in U.S. privacy law (CIPP/US) and privacy program management (CIPM). In addition she is recognized as a Fellow of Information Privacy from the IAPP.
HISPI Trusted Artificial Intelligence (TAI) Model Top 20
Taiye Lambo, Founder, Holistic Information Security Practitioner Institute (HISPI)
The increasing adoption of AI and related technologies globally provides a massive opportunity for humanity. However, as is the case with any disruptive technology, there are also threats that introduce significant risks. Effectively managing these inherent risks is the key to leveraging AI in a balanced way. Taiye will discuss why and how the Holistic Information Security Practitioner Institute (HISPI) Trusted Artificial Intelligence (TAI) Model Top 20 can be a great starting point in your desire to achieve safe, secure, and responsible AI use. Taiye is an entrepreneur and a cybersecurity and risk management pioneer. He co-founded HISPI, eFortresses, CloudeAssurance, and recently LamboPublishing.com. He has 33 years of experience in the area of Information Technology across four continents – including 26 years of experience assisting organizations to build robust, comprehensive, effective, and sustainable information security programs through the integration of internationally accepted best practices. Taiye has held executive leadership roles (Deputy CIO, CISO, Director) for the City of Atlanta, John H. Harland (now Harland Clarke), as well as the Atlanta Federal Reserve Bank.
Password managers
Chrishen Heaton, Cybersecurity Operations Engineer at the state Department of Fish and Wildlife
Chrishen Heaton describes her job as "protecting orcas from hackers." Chrishen is a Cybersecurity Operations Engineer at the state Department of Fish and Wildlife (DFW). "My motivation is knowing that I am directly supporting our agency mission by helping to implement new types of diversified technology while making sure that technology is secure, functional and able to support the business initiative." Chrishen will talk about password managment noting "Our agency's existing solution had been an industry standard when it came to Enterprise Password Management. However, given current industry trends, DFW researched, tested and proposed an alternative enterprise password management solution. This discussion will cover the needs identified by our agency, the features which guided our decision and the lessons learned during migration and implementation."
Artificial intelligence for the rest of us
Debbie Moore and Phaedra Boinodiri, IBM
Join Debbie Moore and Phaedra Boinodiri from IBM for a discussion about why accountability, fairness, transparency, explainability, kindness, robustness, and data privacy are essential concepts in AI.
Debbie Taylor Moore is a Senior Partner and Vice President, for NA Security at IBM Consulting. She’s been a trusted advisor to the C-Suite on emerging cyber tech and risk management for industry and government, across 22 countries and four continents for more than 21 years. Debbie is a recognized industry pioneer in both the development and implementation of widely-adopted security frameworks and security strategy. Debbie collaborates with FedGov & Industry on Post-Quantum Cryptographic Migration, and Security & Privacy for Generative AI and Robotics. Debbie held executive roles at NetSec, Inc, Verizon Business and Kratos Defense. Debbie has held leadership roles at Exxon Mobil, Abbott Laboratories and Microsoft. She was Founder and CEO of global security accelerators, Cyber Zephyr, LLC & Energy Cyber Partners.
Phaedra Boinodiri is a fellow with the London-based Royal Society of Arts, Boinodiris has focused on inclusion in technology since 1999 and currently leads IBM Consulting’s Trustworthy AI Practice, she is the AI ethics board focal for all of consulting, serves on the leadership team of IBM’s Academy of Technology and leads IBM’s Trustworthy AI Center of Excellence. She is the co-author of the book ‘AI for the Rest of Us’. Boinodiris is a co-founder of the Future World Alliance, a 501c3 dedicated to curating K-12 education in AI ethics. She is pursuing her Ph.D. in AI and Ethics at University College Dublin’s Smart Lab. In 2019, she won the United Nations Woman of Influence in STEM and Inclusivity Award and was recognized by Women in Games International as one of the Top 100 Women in the Games Industry as she began one of the first scholarship programs in the United States for women to pursue degrees in game design and development.
IoT and security protections
Penny McKenzie, Pacific Northwest National Laboratory
Please join Penny McKenzie for a presentation about AI and IoT. Penny is a Cybersecurity Engineer for Pacific Northwest National Laboratory focusing on security of Industrial Control Systems, Embedded Systems, and the Internet of Things. She has expertise in network monitoring and intrusion detection of ICS, forensics analysis, policy and regulation alignment, incident handling procedures, malware analysis, convergence of cyber and physical security, and IoT cybersecurity (e.g., pattern-of-life, intrusion detection, supply chain, secure coding, network analysis, AI, ML, Graph Analytics, etc.). Her current research focuses on incident response, risk management framework guidance of implementation on facility related control systems, network monitoring protocols for ICS, configuration management of network sensors, cybersecurity policy review and implementation, cyber-physical security for federal facilities, IoT pattern of life behaviors, cyber talent recruitment and program development, and educational outreach. Penny’s work supports the IAEA, the US Department of Energy, the Department of Homeland Security, the Federal Bureau of Investigation, and the Department of Defense. Penny has a Joint Appointment with the University of Texas El Paso.
Securing our world
Christopher Callahan, Cybersecurity and Infrastructure Security Agency (CISA)
Christopher Callahan will discuss "Securing our world" - From AI to IOT, how we secure the world we live in every day. Christopher serves as the Chief of Cybersecurity of the DHS Cybersecurity and Infrastructure Security Agency (CISA) Region 10 office in Seattle where he is responsible for assisting private and public sector stakeholders enhance the security and resiliency of critical infrastructure facilities in the states of Alaska, Idaho, Oregon, and Washington . Prior to joining CISA in January 2022, Mr. Callahan served for twenty-four years across multiple Department of Defense Agencies to include the US Army Corps of Engineers, Army Network Command, Information Security Engineering Command and US Army Europe G6 office all in Cybersecurity leadership roles. In his previous role for the US Corps of Engineers he served as the Cybersecurity Engineering and Analysis Branch Chief, which maintained the overall Cybersecurity program for the High Performance Computing Modernization Program (HPCMP) for the Defense Research and Engineering Network (DREN). He ran the operations of multiple security assessment teams and the Cybersecurity Service Provider for the DREN and SDREN. He established the first Operational Technology (OT) NSA Certified Red Team within DoD in 2021. Mr. Callahan has assessed cybersecurity in various operational assignments throughout the world over his career.
Questions? Please contact the Office of Cybersecurity.
Cyberbytes!
Common Scams
Password Managers
Multi-Factor Authentication
See something say something
Events
(Coming soon)