May 2016 Chapter Meeting – Securing Vendor & Mobile Workforce Access

Join ISSA  for our monthly luncheon on the topic of:  “Securing Vendor & Mobile Workforce Access” presented by: Rick LeClerc, Chief Solutions Architect, Bradford Networks.

This is also our annual meeting and the 2016 board will be elected. 

Presentation Abstract:

Topics will include how to facilitate the deployment of access policies based on device characteristics like “Who, What, Where and When” to secure access for domain users, vendors, mobile workforce and guests and how to reduce the attack surface and substantially save IT staffing costs by automating the enforcement of access policies to restrict/quarantine and/or remediate when anomalous activities from compromised hosts have been detected.

Speaker Bio:

In his role as Chief Solutions Architect at Bradford Networks, Rick works with ‘strategic accounts’ all over the world, and also works directly with Business Development and Technology Partners to deliver joint customer solutions that bridge the gap between the SOC and the NOC through security automation and orchestration initiatives. Prior to Bradford Networks, Rick was Director of the Custom Engineering Group at Aprisma Management Technologies and Cabletron Systems for over 10 years. Rick and his team worked directly with customers to understand their business requirements and map those requirements to technical specifications for customized software development projects related to their Spectrum Enterprise Management solution. Rick has presented at Educause, RSA, NERCOMP, UCISA Networkshop (UK), Oxford/Cambridge University (UK), and a host of additional networking and security conferences.

When: 
Thursday, May 19th, 2016 – Doors open at 11:30AM.  The event will end at 1:00PM.  Lunch will be provided.

Where:  
XPO Logistics (formerly Con-way)
2055 Northwest Savier Street
Portland, OR 97209

XPO’s reception desk is located at west end (closest to 21st Ave.) of the AdTech II building, best accessed by turning into the entrance located on 21st Ave;  the main entrance to the building is on Savier Street on the west side of the building. This entrance is manned by a security guard and you will be asked to sign in.  XPO has asked that guests park in the two lots to the East of NW 20th Avenue between NW Raleigh and NW Thurman.  Please do not park in spaces that are marked with names other than XPO since these spaces are leased. The best option is the lot on the NE corner of NW Raleigh and NW 20th.

CPEs:
The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE’s are credited to their respective accounts. This luncheon will offer 1 CPE per hourof attendance.
Chapter Sponsors

ISSA Portland would like to thank our sponsors, who help make high quality programs like this possible.

Posted in Announcements, Chapter Meetings, Events | Comments Off on May 2016 Chapter Meeting – Securing Vendor & Mobile Workforce Access

April Symposium: Web Application Security

Thursday, April 21, 2016
This was an all morning event. Doors opened at 8:00 AM and ended at 1:00PM.

Where:  
XPO Logistics*
2055 Northwest Savier Street
Portland, OR 97209

Session 1: (8:45-9:35) – Securing the SDLC with Automated Code Analysis
Presented by Jeremy Anderson, Principal Solutions Architect with Veracode

PRESENTATION: Securing the SDLC 2.0

Abstract:
Over 90% of the $$ spent on InfoSec in today’s enterprises goes to late stage protection strategies, yet the single biggest threat to the enterprise today isn’t so much the infrastructure, but the software. Kaspersky labs mentioned in one of today’s briefs that they see the biggest issue of 2016 being vulnerable third party software. That, coupled with managing our own swiss cheese of software makes for a threat vector that nobody can handle. Jeremy’s presentation will be from a “mostly” tool agnostic approach, simply pointing out the need for good testing early and often, in keeping with today’s agile development processes.  Jeremy will demonstrate how to use Jenkins to build and upload to Veracode, and show the results automatically returned to JIRA – a defect tracking system.

Speaker Bio:
Jeremy Anderson has over 15+ years web software development experience in a variety of fields. He started out programming Perl and Java back in the late 90’s and has since written software in over 10 languages. He recently spent 7 years in operations management at US Bank here in Portland, building DR systems, managing vendor security and creating software security mitigation strategies. He recently joined Veracode, one of the fastest growing application security companies in the world where he works as a Principal Solutions Architect, supporting customers in their adoption of Veracode’s cloud based security testing solution.

Session 2: (9:45-10:35) – Extend login security for websites with two factor authentication based on possession.
Presented by Bill Bartlett, Founder of Fobfuscate

PRESENTATION: MFA

Abstract:
A demonstration of 4 methods of multi-factor authentication, 2 on a cell phone and 2 with USB touch activated tokens.  Google Authenticator is a cell phone app that generates one-time passwords.  CLEF is a cell phone web service that uses PKI to digitally sign and verify users.  Yubikeys are touch activated one-time password tokens with a cloud authentication service.  FIDO is an open standard that provides PKI challenge/response on a USB touch activated device.

Speaker Bio:
Bill Bartlett has been an application software developer for 35 years and has worked with banking encryption products for 25 years including challenge/response systems.  He is a 2FA enthusiast who believes that website users should be given options to improve their own security online by enrolling their own devices on their profile.  With new technology that uses cloud authentication for devices in their possession, user identity theft can be stopped dead.  Furthermore, most 2FA solutions do not require the website to cache any sensitive credentials reducing their exposure to data breach.

Session 3: (10:45-11:35) The basics of Red Teaming
Presented by Chris Z. and Robert Hartshorn, HP Cloud Solutions & Operations Security

PRESENTATION: RedTeamSlides

Abstract:
Chris and Robert from the HP application security team will cover the basics of red teaming: what it is, where it fits in a security program, and how you can implement one on a shoe-string budget.  Assessment of web applications will be emphasized due to their popularity and low barrier to entry.  We will demonstrate a number of common web-app bugs and how real attacks abuse them.  Bring your questions!

Speaker Bio’s:
Chris has been working as an Application Security Engineer at HP for more than 5 years where he bootstrapped the CSO (Cloud Solutions & Operations) Security team and focuses predominately on exploit development and penetration testing.  He holds a bachelor of science in Computer Science along with a number of security industry certifications.

Robert Hartshorn is an Application Security Engineer at HP. His main area of expertise is penetration testing web applications, with working knowledge of Mobile applications security along with Incident response and malware analysis.

Lunch: (11:35-Noon) Content Security Policy

Session 4: (Noon-12:50) Content Security Policy
Presented by Timothy D. Morgan Founder and Principal Security Consultant Blindspot Security LLC

PRESENTATION: Content Security Policy TDM

Abstract:
Content Security Policy (CSP) is a mechanism to help harden web applications against a wide variety of client-side attacks including cross-site scripting, clickjacking, and cross-origin information leaks.  CSP is a powerful tool that is now available in all major browsers, but is sadly under-utilized.  Join Tim for an overview of CSP, what it can do for you, and how you can incrementally deploy it on at-risk web applications.

Speaker Bio:
As an application security consultant and vulnerability researcher, Tim Morgan has been taking deep technical dives in security for over a decade.  In that time, he has been credited with the discovery and responsible disclosure of numerous security vulnerabilities in a variety of software products, including: IBM Tivoli Access Manager, Sun Java Runtime Environment, Google Chrome Web Browser, OpenOffice, Oracle WebLogic Application Server, and IBM Websphere Commerce.  His current research interests include applied cryptanalysis, XML external entities attacks, and network timing attacks.  Tim develops and maintains several open source forensics tools in addition to Bletchley, an application cryptanalysis toolkit. Tim works to secure his customers’ environments through black box testing, code reviews, social engineering exercises, security training, and a variety of other services.  Tim has worked in a variety of roles in the information security field including incident response, digital forensics, and risk analysis, giving him a broad set of experiences to draw upon.  Tim earned his computer science degrees from Harvey Mudd College and Northeastern University and currently resides in Portland, Oregon where he leads the local OWASP chapter.

Posted in Past Presentations | Comments Off on April Symposium: Web Application Security

March Chapter Meeting – Information Security Leadership Panel

Topic: “Challenges and Initiatives”

Format: Board leads with questions followed by audience and guest questions and participation.

Panel participants:

  • Christopher Paidhrin – Information Security Manager, City of Portland
  • Dave Dyk – Director of Information Security, Simple Finance
  • Chris Apgar – President and CEO, Apgar and Associates
  • Mark Farley – Vice President, Worldwide Information Technology, FEI Company

When: 

Thursday, March 17th, 2016 – Doors open at 11:30AM.  The event will end at 1:00PM.  Lunch will be provided.

Where:  
XPO Logistics*
2055 Northwest Savier Street
Portland, OR 97209

Posted in Past Presentations | Comments Off on March Chapter Meeting – Information Security Leadership Panel

February Chapter Meeting – Carbanak APT: An analysis of the largest financial breach in history

Session Title: Carbanak APT: An analysis of the largest financial breach in history

ISSA Portland FEB 16 KSP

Abstract:

The Carbanak advanced persistent threat (APT) compromised several major financial institutions, resulting in the theft of over $1 billion. This massive criminal campaign remains one of the most successful bank heists in history. Ironically, the bad guys didn’t use ultra-sophisticated tools or techniques against their targets. During a series of attacks, they maintained long-term persistent access using the same tools as banking system administrators. They avoided detection by moving slowly and patiently over an extended period of time. We’ve learned key lessons from this and they apply to every type of business. This session will cover:

  • An analysis of the Carbanak advanced persistent threat
  • Lessons learned that apply to all industries and potential targets
  • Methods to detect and respond to advanced persistent threats

 Speaker Bio:

Kenneth (Sean) Patrick is a highly accomplished and motivated systems security professional and real-time systems engineer with over 20 years of real-world experience on United States and international defense programs. He spent 15 years working for Boeing in a variety of critical roles, including the U.S. Army Future Combat Systems Chief Engineer of Information Assurance and Chief Engineer and Architect of Asia and Middle East Government Security Operations Centers. Sean recently joined Vectra Networks as a Senior System Security Engineer, where he evangelizes the benefits of advanced cyber analytics in combating sophisticated attackers.

Posted in Past Presentations | Comments Off on February Chapter Meeting – Carbanak APT: An analysis of the largest financial breach in history

January 2015: Cloud Security Symposium

Presentation 1: Cloudy with a Chance of Pain

ISSA Cloud Security Symposium – OBS Cloudy with a Chance of Pain

Speaker: James Adamson, CISSP, CCSP, CRISC, QSA, Senior Consultant, Online Business Systems

Bio: James is an information security professional with over a decade of consulting experience in the security and risk management field. Client projects have included the full lifecycle of security projects, including gap analysis, assessment activities, solution and roadmap development, and project-based remediation. Recent work has focused on helping clients build and run cloud environments that are secure and compliant. Experience in security architecture and aligning technical solutions with security governance helps clients implement business-enabling technology while retaining the emphasis on security of the enterprise and protection of their important data.

Abstract: The benefits of moving data, applications, and even infrastructure to the cloud are undeniable and we find an increasing number of companies who have made the big move or who are considering it. These new frontiers come with a healthy dose of fear and skepticism that a lack of security could put the entire organization at risk. But just as these same anxieties were conquered in a distributed computing world, the major cloud providers are offering architectural building blocks that allow you to assemble secure cloud environments. While the tools and solution sets will vary by provider, there are several emerging security best practices to help ensure that you are creating a secure computing platform. We’ll cover security options at a high level in AWS and Azure as well as how to prove that what you’ve built is indeed secure when your internal audit or external assessors come knocking. You’ll leave with a deeper knowledge of how to secure the cloud and hopefully a little less stress (at least around cloud security).

Presentation 2: Perimeters and Unicorns: Two things that exist only in IT fairyland.

Speaker: Krishna Narayanaswamy, Netskope

Bio: Krishna Narayanaswamy, Chief Scientist, Netskope A highly-regarded researcher in deep packet inspection, security, and behavioral anomaly detection, Krishna Narayanaswamy leads Netskope’s data science and user behavior research as chief scientist. Krishna brings 24 years of experience, including founding Top Layer Networks and serving as a distinguished engineer at Juniper Networks.

Abstract: Perimeters & Unicorns: Two Things That Only Exist in IT Fairyland Join Netskope’s co-founder and Chief Scientist Krishna Narayanaswamy, for a bird’s-eye view of how mobile and cloud have conspired to dissolve the enterprise perimeter and transform IT as we know it. Hear his take on how these dynamics have shifted the role of enterprise IT, why letting users “go rogue” is the path to business success, and how smart CIOs will become the drivers of growth and profits this decade.

Presentation 3: Security in cloud application delivery model & DevOps Integration

Speaker: John Martinez, Product Manager, Evident IO

Bio: John is a recognized industry expert and speaker with extensive experience implementing DevOps and security at cloud leaders like Adobe and Netflix.

Abstract: John will lead a deep dive discussion and live demonstration on how to improve security awareness between IT, Dev, Ops teams, and provide real-world (code) examples on how to bring security into your application delivery model to reduce security risks with DevOps integration and security and compliance automation within Amazon Web Services.

Presentation 4:  Data-Centric Security – Key to Cloud and Digital Business

Speaker: Ulf Mattsson, Chief Technology Officer, Protegrity.

Bio:  Ulf is commonly considered one of the founding fathers of tokenization and has been advising the industry’s top analysts and stakeholders including PCI Security Standards Council and ISACA. Ulf is the inventor of more than 20 patents in the areas of encryption key management, policy driven data encryption, internal threat protection, data usage control and intrusion prevention. Ulf is working with the PCI Security Standards Council to create standards for Payment Card Industry in areas of Cloud Computing, Encryption and Tokenization. He also is a research member of the International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security, ANSI X9, Cloud Security Alliance , Information Systems Security Association (ISSA) and Information Systems Audit and Control Association (ISACA).

Prior to joining Protegrity, Ulf spent 20 years with IBM working in software development as a consulting resource to IBM’s research organization, specializing in the areas of IT architecture and IT security. He received a master’s degree in physics from Chalmers University of Technology in Sweden, and holds degrees in electrical engineering and finance.

Abstract: Business is moving to the cloud. To achieve the agility and low overhead necessary to remain competitive, your business needs to get in the game. But increased regulatory requirements for securing sensitive data create a huge challenge for large enterprises – and 80% of businesses are not sure how to protect data in the cloud.  You need a scalable solution that protects your data before it moves to the cloud and continues to protect it once it’s in a cloud environment.

 

Posted in Past Presentations | Comments Off on January 2015: Cloud Security Symposium

December 2015 Chapter Meeting: Controls for Managing Privileged Accounts – presented by CyberArk Software

Targeted Attacks and the Privileged connection_ISSA

Presentation:  

A common link in today’s most dangerous, targeted attacks and information security breaches: The Exploitation of Privileged Accounts. Such accounts grant extensive control over sensitive data and IT systems. They’re pervasive in every organization, they’re often overlooked, and they can be powerful weapons in the wrong hands. Leading security experts report that privileged accounts are widely abused in targeted cyber-attacks and that privileged account exploits have grown increasingly sophisticated.  Privileged accounts ship with every piece of information technology, including servers, desktops, applications, databases and network devices. The accounts confer powerful controls to IT administrators, but they can be lethal in the wrong hands. To protect these accounts and the critical resources they provide access to, organizations need comprehensive controls in place to protect, monitor, detect and respond to all privileged account activity

 

 

Posted in Past Presentations | Comments Off on December 2015 Chapter Meeting: Controls for Managing Privileged Accounts – presented by CyberArk Software

Sticky: Local Portland Educational Opportunities

As the Director of Education for the Portland Chapter of ISSA, I have worked with the Board to identify educational options for each of you, our members. There are a number of options to enhance knowledge and advance individual careers.

Each option provides distinct opportunities and encounter various costs. I hope one or more meet your needs. If you have questions or comments about local security education opportunities, please direct them to education@portland.issa.org and I will address your questions and listen to your comments. I am working on additional resources and will post more as the year progresses.

Currently identified options:

  1. Mt Hood Community College in Gresham
  2. Portland SANS Instructor courses
  3. Cybrary.it

Details:

  1. Mt. Hood Community College has a Cyber Security and Network department! They have two 2-year associate degrees in Information Security as well as 3 certificate programs for continuing education. Each program focuses on a different aspect of Information Security and is built for students with different backgrounds and experience.
  2. I am a Community SANS Instructor and call Portland home. I have 3 upcoming courses for those interested in the Critical Security Controls. Two of the courses are outside of Portland, while the April course is in Portland.
  3. There are a number of online training sites. I list Cybrary.it because it is a new, free resource. They offer courses at many different levels: beginner, intermediate and leadership. This is a great price-point with an awesome mission.

I hope each of you find a resource to help in your own career advancement. I am interested in your goals and how these resources either help or do not help in meeting those goals. My intent is to find resources to help our members, support our community, and advance the Information Security industry.

Thank you.
Brian Ventura
ISSA Portland
Director of Education
education@portland.issa.org
water@bighead.org
512-791-6535
https://www.sans.org/instructors/brian-ventura

Posted in Training | Comments Off on Sticky: Local Portland Educational Opportunities

ISSA Portland – Monthly Luncheon – Vulnerability Management Programs and Lessons Learned from the Field

 

Presentation:  Vulnerability Management – Lessons Learned

ISSA Chapter Meeting 11-19-2015 – Vuln Mgmt Lessons Learned

Abstract: This presentation is about lessons learned by studying what goes on in the real world with Vulnerability Management programs.  More importantly, it discusses how you can construct a program that focuses on threat management, security intelligence, risk awareness and patch auditing.

Presenter:  

Bill Olson – Product Manager, Tenable Network Security

Bill Olson has nearly 20 years of expertise in the information security and technology industry. As a member of the product management team with Tenable Network Security, Bill is responsible for SecurityCenter™ and SecurityCenter Continuous View™, understanding customer needs, helping to predict market needs and working closely with the development team.  Prior to joining Tenable, Bill was the vulnerability management subject matter expert for Qualys. Where he was responsible for working with hundreds of clients to ensure that their vulnerability management programs were mature and focused on strong goals.

Posted in Past Presentations | Comments Off on ISSA Portland – Monthly Luncheon – Vulnerability Management Programs and Lessons Learned from the Field

October Symposium: SIEM (Security Information and Event Management)

Session 1: SIEM Maturity and SOC Optimization presented by John Velisaris with IBM

IBM – SIEM Security and SOC Optimization

John will cover maturation models for SIEM deployment from a people, process, and technology standpoint. He will also delve into best practices for SOC optimization with the SIEM has a foundational technology.

Speaker Bio:

John Velisaris is an Associate Partner with IBM Security and leads the Security Intelligence and Operations Consulting (SIOC) for IBM North America. His team assists clients with SIEM technology, security operations and cyber threat intelligence operations. John is a resident of the Seattle area and former employee of Washington Mutual and KPMG. John is a Certified Information Systems Auditor

Session 2: Real World SIEM presented by Todd Reader and Andy Riley with GBProtect

GBprotect – Real World SIEM

This session will describe a methodology that can be used to bring new sources into a SIEM. The entire lifecycle of an event stream will be discussed from business drivers and device identification to resource creation and maintenance. Topics will include:

  • Device Identification and Research
  • Use Case Development
  • Collection Configuration
  • Log Verification
  • Platform Configuration
  • Metric Gathering
  • Health Monitoring
  • Maintenance

Tips and tricks will be included throughout the presentation that can aid administrators along each step of the process. Common issues and prevention will also be discussed.

Speaker Bios:

Todd Reder is a Solutions Engineer with GBprotect. Over the past nine years, Todd has progressed from handling escalations as an operator, conducting client security reviews as an analyst, and on to his current role which includes platform management, client turn up, and consulting engagements. His SIEM experience includes management and day to day operations of ArcSight, LogRhythm, Splunk, QRadar, LogLogic, and enVision. Todd is a Splunk Certified Architect and LogRhythm LCSE.

Andrew Riley is VP of Security Solutions at GBprotect with responsibility for Sales Engineering, Professional Services, and Product Development.  Mr. Riley has close to 25 years of IT experience and has held a focus on information security since the late 1990’s.  Andrew holds CISSP, C|CISO, and HCISPP certifications and is a former Portland ISSA Chapter president.

Session 3:  Identifying Indicators of Threat presented by Cameron Naghdi of TripWire

Tripwire – Using SIEM for Incident Response

Cameron will show how using SIEM technology and multiple sets of data, users can shorten time to detection and response. Cameron will cover use cases such as insider threat detection as well as technical capability, scalability and performance issues related to the deployment of Tripwire Log Center.

Speaker Bio:

Cameron Naghdi is a Systems Engineer with Tripwire and has 10+ years of experience in system and network solution engineering, application deployment and industry standard security frameworks.  As the Channel Systems Engineer of the Western half of the US at Tripwire, he collaborates with clients to bring market-leading solutions and resources to create a more secure and compliant IT environment.

 

Session 4: Panel Discussion

The panel discussion will take the format from previous symposiums. The ISSA Board will prepare some initial questions to get the conversation going. This will be followed by questions from the audience and general discussion on the topic.

 

CPEs:
The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE’s are credited to their respective accounts. This luncheon will offer 1 CPE per hourof attendance.

 

Posted in Past Presentations | Comments Off on October Symposium: SIEM (Security Information and Event Management)

September 2015 Monthly Chapter Luncheon – Host Card Emulation for NFC Mobile Payment in the Cloud

Topic: Host Card Emulation for NFC Mobile Payment in the Cloud 

Mobile Payments Security – Presentation for ISSA Portland Chapter 9-24-2015

Abstract:  

Security on HCE NFC Mobile Payment smartphones has been an issue and with the use of tokenization, these issues have been minimized, although further debate and apparent limitations remain. Also some believe the TEE or even eSE could play a role in security of HCE NFC along with biometric “Touch ID” authentication. A secure payment system requires a holistic approach encompassing end-to-end encryption, tokenization and compliance with both existing and emerging standards, including PCI and EMV. The key is use of NFC SIM cards and HCE are not mutually exclusive, and you’ll see hybrid designed NFC Payment smartphones emerge. Karl will explore exactly what Host Card Emulation is, where it came from, also a discussion on Apple and Android “Pay” developments, including Samsung and Softcard.

Speaker:  

Karl J. Weaver is an OEM/ODM mobile device ecosystem and business development executive/rainmaker for Near Field Communications, mobile (wallet) payments and TEE embedded mobile device security ecosystems. He is a globally-trained, bilingual Mandarin Chinese speaking senior mobility executive with vast experience selling wireless & mobile device technologies from both sides of the Pacific Rim to the global OEM/ODM handset/tablet PC ecosystem supply chain. He recently spent 5 years working in China for Gemalto as Rainmaker for design in of embedded Mobile NFC Payments & TEE security technologies to the OEM Smartphone/Tablet PC ecosystem.

CPEs:
The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE’s are credited to their respective accounts. This luncheon will offer 1 CPE per hourof attendance.

Posted in Past Presentations | Comments Off on September 2015 Monthly Chapter Luncheon – Host Card Emulation for NFC Mobile Payment in the Cloud