George J. Proeller, D. CS.
Colorado Technical University
6320 Lange Drive
Colorado Springs, CO 80918
719-358-2728 (USA and Colombia)
DVP term expires December 2016
Thirty-plus years of highly technical/increasingly responsible operations and management experience in Information Technology Systems (ITS) focusing on Information Assurance/Computer Network Security with Program Management, and Process Improvement/Quality. Dr. Proeller's experience encompasses all aspects of information systems life cycle from requirements definition through development and deployment to follow-on test and evaluation to decommissioning. He holds multiple security certifications including the Certified Information Systems Security Professional (CISSP) credential, the Certified Information Security Manager, and the GIAC Security Leadership Certification and is a pioneer in the transition of information security to academia. His Department of Defense (DoD) experience includes a Certified Acquisition Professional certification in Operational Test and Evaluation and extensive experience in the DoD Information Technology Security Certification and Accreditation Process. He also serves on the adjunct faculty of the Computer Science Department of one local university and departmental advisory boards two others.
Multimodal Biometrics Uses in Person Identification and Verification
Biometric Systems based solely on a single modality will most often not meet desired performance requirements for large user population applications due to size and differentiation. This becomes evident with increases in noisy data and the presence of more than a few statistical outliers thereby increasing error rates to an unacceptable range. This presentation discusses the possibilities available with the use of multiple biometric modalities to answer the questions of Identification "Who am I?" and verification "Am I who I claim to be?"
Personal Electronic Devices; iPODS, Tablets, PDAs, Cell and Smart Phones -- a Forensics Discussion
iPods, PDAs, Tablets, and cell/smart phones continue to merge in form, fit, and functionality and now include data acquisition (cameras, keyboards, USB ports, etc), data aggregation, and storage (some up to 80 gigabytes), and communications capabilities (IR, Bluetooth, wireless internet access, and cellular telephone). This presentation provides insights into the features and capabilities of such systems, their possible uses in unethical/unlawful activities, and a discussion of the concepts of forensic analyses and approaches useful in combating such uses.
Cloud Security and Forensics
Cloud Computing increases capability and productivity while decreasing overall IT costs – and its use is filtering down to everyday use –iTunes Cloud, RealAudio Cloud, etc. However the "Benefits" of the Cloud cause us to forfeit aspects of control, visibility, and tracking data origin, source, and attribution. Traditional Computer Forensics requires physical access to systems for processes such as disk imaging something not readily available when working in the Cloud. Therefore implementing traditional forensics processes can be quite difficult – especially when a deleted file's allocation space can be immediately reallocated to another user. Further the physical location of data can be very difficult to determine in a private cloud and a near impossible task in a public cloud where the data may not even reside in the same country as the user. This talk discusses the challenges and opportunities within the emerging area of cloud forensics.
Blackhats vs Whitehats
Defenders must protect all accesses to their data yet attackers need only find a single weakness to exploit. We call these attackers Blackhats and we enlist others, called Whitehats, to test the protection of accesses to our data and the systems that store, process and transmit that data. This talk discusses the processes of each, compares and contrasts those processes, and walks through the anatomy of a notional attack.
Securing SCADA Systems
The need to automate processes and move away from direct observation/control and data gathering via Telemetry to more reliance on SCADA (Supervisory Control And Data Acquisition) systems in order to better monitor and control large and widely dispersed systems. These systems include components of our critical infrastructure: oil and gas production, pipelines, power generation and transmission, and water/waste management. But these systems were built and deployed, and in many cases are still being built and deployed, without a focus on securing those systems. This talk will give an overview of SCADA, discusses threats to/vulnerabilities of these systems (including some highlights of incidents), discusses remediation including better access control, monitoring of system activity and network traffic, and processes to alert when anomalies are detected.
Security and Intelligent Transport Systems
Intelligent Transportation Systems (ITS) use integrated information technologies (computing, sensing, and communications) to support and control surface transportation ranging from Traffic Signal Controllers and Detectors, to Roadway Surveillance Systems, to Car Navigation, to large scale systems which comprise part of the nation's Critical Infrastructure. While the primary objectives of ITS are mobility and safety, security, specifically information security, is equally important. This talk discusses ITS use and dependence on information systems and the need for Information Security and focuses on methodologies to achieve confidentiality, integrity and availability of information and systems, access control, and risk remediation.