Over the past year, we have seen a record-breaking number of cyberattacks in the form of ransomware hitting the public sector, phishing attempts to trick staff and numerous security incidents affecting all layers of government. So what’s on the minds of state and local government cybersecurity leaders in 2018? What are the top priority projects? As legacy computer equipment fails and as the new Internet of Things (IoT) devices show up on public sector networks, what projects are the top CISOs working on to address these security threats? Please join us for an engaging and thought-provoking conversation which includes top government security experts. Main points covered: • What are the top cyber threats? • What are the highest priority government security projects? • Is the security staffing shortages real, and what’s being done to attract and retain cyber talent? • What keeps CISOs up at night moving forward towards 2020? • What solutions hold the greatest promise for protecting data (including AI, machine-learning, new cloud protections and others)? Presenters: Our presenters for this webinar will be three very distinguished and recognized professionals. The first one is Daniel Lohrmann, who currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor, Inc. He is an internationally recognized cybersecurity leader, technologist, keynote speaker and author. During his career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including CSO of the Year from SC Magazine, Public Official of the Year from Governing Magazine and Computerworld Magazine Premier 100 IT Leader. The second presenter is Elayne Starkey, who is the Chief Security Officer in Delaware’s Department of Technology and Information (DTI), responsible for Delaware’s enterprise-wide cyber security, disaster recovery, and continuity of operations programs. She was honored as one of 10 Most Influential People in Government Information Security, a State Scoop 2017 Top Women in Technology, and has testified before the US Senate on cybersecurity. Our third panelist is Michael Roling, who has been the Chief Information Security Officer for the Office of Administration, Information Technology Services Division for the State of Missouri since 2009. As CISO, he has transformed the security culture throughout government, introduced new processes and technologies that have enabled IT to swiftly and effectively respond to incidents, and has implemented various policies that have strengthened IT governance.

2. Use by permission
CYBERTHREAT RECAP
2

3. Use by permission
2017 –THE YEAR HURRICANES DEVASTATED
LAND, DATA AND TRUST
3IDC: ‘2017 was worse in every aspect of information security’
• Ransomware attacks widespread, including governments
• IoT malware opens a backdoor into the home
• Commodification of financial attacks
• Part of the Internet goes down
• More DDoS attacks via IoT
• Lack of trust – More ‘Fake News’
• Rise of the Corporate Incentivized Insider Threat
• Security integration and orchestration considered
the benchmarks of new technology investment

4. Use by permission
CYBER THREATS 2018 - CHANGE & GROW
4
• Trend Micro: The ransomware business model will still be a
cybercrime mainstay
• Symantec: Blockchain Will Find Uses Outside Of
Cryptocurrencies
• Kaspersky: Fraud as a service. Speed increases danger
• Everyone: More DDoS attacks via IoT
• Everyone: Lack of trust – More ‘Fake News’
• Multiple vendors: Election security issues
• McAfee Labs predicts an adversarial machine
learning “arms race” between attackers and defenders
http://www.govtech.com/blogs/lohrmann-on-
cybersecurity/the-top-18-security-predictions-for-2018.html

5. Use by permission
Delaware Information Security
2018 Focus Areas
 Training and Education/Employee Awareness
 Cloud Security: T&C update
 Security Operations Center Growth
 New Endpoint Protection Tool
 Information Security Scorecards
 Application Security
 Updated Delaware Information Security Policy
 New Vulnerability Disclosure Policy
 Continuity of Operations Planning
 Disaster Recovery Planning
 Simulations and Exercises
Elayne Starkey, Delaware CSO

6. Use by permission
Missouri Government
Security Initiatives
• DMARC
• Cloud security controls and governance
• Bug bounty programs
• Red team assessments
• Third party risk management
• Public data vulnerability program
• Identity and access management
• End-user awareness
• Vulnerability management
• Automation and orchestration
Michael Roling, Missouri CSO

7. Use by permission 7
Thoughts On RANSOMWARE 2018
7

8. Use by permission
INTERNET OF THINGS AT RSA17
A NEW BUZZWORD FOR ALL TECH?
HUNDREDS OF IOT HEADLINES
- NEW PRODUCT ANNOUNCEMENTS
- INTERNET OF THINGS (IOT) THEMES RELATED TO ATTACKING DEVICES
- CONSUMER
- CRITICAL INFRASTRUCTURE COMPONENTS
- GOVERNMENT SMART (EVERYTHING)
- PANELS
- MENTIONED IN MOST PRESENTATIONS ACCEPTED
- HANDS-ON IOT DISPLAYS IN BASEMENT OF MARRIOTT MARQUIS
BOTTOM LINE: IOT WAS THE #1 TOPIC AT THE RSAC 2017 IN SAN FRANCISCO
8

9. Use by permission
RESILIENCY & PROTECTING YOUR CRITICAL
INFRASTRUCTURE (INCLUDING HACKTIVISTS ACTS)
9
Tom Bossert, Homeland
Security Adviser after
President Trump Signs
Cyber EO
"From this point
forward,
departments and
agencies shall
practice what we
preach,"

10. Use by permission
HOW DO WE PREPARE FOR INCIDENTS?
MICHIGAN CYBER DISRUPTION RESPONSE
STRATEGY
• DEVELOPED WITH PRIVATE-SECTOR PARTNERS
• COORDINATED RESPONSE IN THE EVENT OF
CATASTROPHIC CYBER INCIDENT
• FOCUS ON KEY CRITICAL INFRASTRUCTURE
• INCLUDES COMPONENTS FOR RISK
ASSESSMENTS, RESPONSE PLANS,
COMMUNICATION PLANS
www.michigan.gov/cybersecurity 10

11. Use by permission
PHISHING & BUSINESS EMAIL
COMPROMISE (BEC)
11

12. Use by permission
RANSOMWARE
(+ MALWARE – INCLUDING MOBILE APPS)
12

13. Use by permission
PARTNER: YOU CAN’T DO IT ALONE
OUR VALUED ‘ECOSYSTEM’ INCLUDES (OPS AND PLANNING):
• DEPARTMENT OF HOMELAND SECURITY (DHS)
• MICHIGAN INFRAGARD
• MULTI-STATE INFORMATION SHARING & ANALYSIS CENTER (MS-ISAC)
• FBI, OTHER STATES, LOCAL GOVERNMENTS, PRIVATE SECTOR CONTRACTS
• MICHIGAN INTELLIGENCE OPERATIONS CENTER (MIOC)
• RESOURCES:
• Stay Safe Online: https://staysafeonline.org/re-cyber/
• THE NO MORE RANSOM PROJECT: HTTPS
• The Department of Homeland Security (DHS) Critical Infrastructure Cyber
Community or C³ (pronounced “C Cubed”): https://www.us-
cert.gov/ccubedvp
• The Federal Trade Commission’s Start with Security:
https://www.ftc.gov/news-events/audio-video/video/start-security-free-
resources-any-business
13

14. ISO/IEC 27032
Training Courses
• ISO/IEC 27032 Introduction
1 Day Course
• ISO/IEC 27032 Foundation
2 Days Course
• ISO/IEC 27032 Lead Cybersecurity Manager
5 Days Course
Exam and certification fees are included in the training price.
www.pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
www.pecb.com/events

15. THANK YOU
?
dlohrmann@securitymentor.com
www.securitymentor.com
linkedin.com/in/danlohrmann
www.twitter.com/govcso