Annual Symposium on Information Assurance >> ASIA
Navigation Menu ASIA Main Page Call for Papers Organizing Committee Symposium Proceedings Best Paper Awards Keynote Speakers Author/Presenter Information Reviewers NYS Cyber Security Conference Directions & Parking Accomodations OCS Website UAlbany Business Website Pictures Contact Us Want to Sponsor? End of Menu Facebook Twitter Years for Selection: 2006 - 2007 - 2008 - 2009 - 2010 - 2011 - 2012 - 2013

Billy Rios, Director of Consulting, Cylance & Chair, Operational Security Testing Panel, NBISE.

Biography: Billy Rios is currently the director of consulting at Cylance and is the Chair of the Operational Security Testing panel at the NBISE. Previous to this, he was a Team Lead for Google where he studied emerging security threats and technologies. Billy was one of the primary security engineers for Google Plus, the new social network by Google. Before Google, Billy was a Security Program Manager at Microsoft where he helped secure several high profile software projects including Internet Explorer and Microsoft Online. Prior to his roles at Google and Microsoft, Billy was a penetration tester for various consulting firms.

Before his life as a penetration tester, Billy worked as an Information Assurance Analyst for the Defense Information Systems Agency (DISA). While at DISA, Billy helped protect Department of Defense (DoD) information systems by performing network intrusion detection, vulnerability analysis, and incident handling, Before attacking and defending information systems, Billy was an active duty Officer in the United States Marine Corps where he served as an OIC, Platoon Commander, and Company Executive Officer.

Billy is an accomplished public speaker and published author. He has authored and contributed to several books, most notability: "Hacking: The Next Generation" and "Inside Cyber Warfare: Mapping the Cyber Underworld", both published by O'Reilly Media. Billy has also presented at such prestigious security conferences as Black Hat, RSA, NATO CCDCOE, Microsoft's Blue Hat, DEFCON, ToorCon Seattle, and HITB Security conference. Billy is cited in numerous security advisories for research on attacking Industrial Control Systems, URI and protocol handlers, content ownership issues (such as the GIFAR attack), DNS rebinding attacks (against Flash and the Java Virtual Machine), and was previously credited for discovering vulnerabilities in Microsoft Windows and Adobe PDF Reader.

Why every CSO needs to know Industrial Control Systems (ICS)
Industrial Control Systems (ICS) have introduced tremendous cost savings by automating some of the enterprise's most critical operations. Do you understand the systems that support your critical data centers and corporate campuses? Do you understand the risks associated with these technologies? Every data center, large building, and corporate campus around the world plays host to environmental controls, building entry systems, safety systems, and many other automation systems that are considered ICS. In many industries these systems are a vital component to the enterprises most critical business operations. Given the complexity and specialization of these systems, many of these systems are managed and operated outside of the traditional IT sphere, leaving traditional vulnerability and risk management programs blind to their existence and the risk associated with these systems. Many of these systems are even managed and maintained by external third parties, providing a backdoor to your corporate network and hence represent a new weakest link in enterprise information security. Using the experience of a team with wide experience in critical infrastructure this session talks about strategies for understanding risk and implementing mitigating controls which need to be used to protect these vital systems.


Important Dates

I do not fear computers. I fear the lack of them.

- Isaac Asimov

Just as drivers who share the road must also share responsibility for safety, we all now share the same global network, and thus must regard computer security as a necessary social responsibility. To me, anyone unwilling to take simple security precautions is a major, active, part of the problem.

- Fred Langa

In theory, one can build provably secure systems. In theory, theory can be applied to practice, but in practice, it canít.

- M. Dacier