ISSA Portland April 2019 Symposium: Zero Trust and Endpoint Security

The board regrets that this event has been cancelled due to low registration and high cost of the venue making this event not viable. The board is looking into adding another event to the calendar in the May/June timeframe. So please stay tuned. Thank you for your patience.

Posted in Announcements, Chapter Meetings, Events | Comments Off on ISSA Portland April 2019 Symposium: Zero Trust and Endpoint Security

March 13, 2019 Chapter Meeting: Container Security

When: March 13, 11:30am – 1pm; (Lunch will be provided)

Location: 1900 SW 4th Street, room 2500B (2nd floor)

              *Note new location*

Lunch will be provided.

Title: Modernizing Traditional Security: How Containerization Makes Security and Compliance Easier

Presenter: Keith Mokris, Sr. Product Marketing Manager at Twistlock

As containers become the commonplace method for delivering and deploying applications, organizations are taking a “lift-and-shift” approach to migrating their existing applications. In this presentation, Keith will discuss a non-profit that provides environmental science and engineering oversight to some of the world’s largest civil waterworks projects and their shift to containers. This organization previously relied on a critical 14-year old app that models storm surge. The move to containers for this application delivered immediate benefits, making it easier to manage vulnerabilities, ensure regulatory compliance, and provide runtime defense. Throughout this session, we’ll break down the security advantages of containers relative to traditional architectures using this real life app as an example.

Main takeaways:

  • Learn the technical differences between containers and traditional architectures around vulnerability management, compliance, and runtime security
  • How containerization helps move security upstream in the development lifecycle and why that’s such an important benefit
  • Why containers make compliance instantly easier, by enabling organizations to find and correct problems early on, enforce settings, and automatically block non-compliant configurations
  • How the predictable nature of containers enables a new approach to runtime defense that improved efficiency and scale by reducing human security management effort
  • Lessons learned from a real world organization’s experience migrating a mission critical app to containers and how impacted their security approach

Bio: In his role at Twistlock, Keith tells the story around how enterprises can leverage the company’s cloud native cybersecurity platform to secure their modern applications. Previously, Keith was in charge of product marketing at NowSecure, helping enterprises integrate mobile application security testing into their development pipelines and identify critical vulnerabilities via penetration testing. In his free time, he is a landscape and street photographer.

Posted in Past Presentations | Comments Off on March 13, 2019 Chapter Meeting: Container Security

ISSA Portland: ½ Day Hackathon

When: March 21, 2019 8:30am to 1:30pm

Where: Salesforce | 2035 NE Cornelius Pass Rd | Hillsboro, OR 97124

A complimentary coffee bar, breakfast snacks and lunch will be provided.

We are partnering again with Security Innovation to provide an immersive hands-on hacking experience for our February 2019 ISSA symposium. 

Compete against your fellow ISSA Portland members and guests in a contest of hacking skills to attack and breach the “Shred Retail” site.

This event will provide value for everyone from a non-coder with zero hacking experience to a seasoned penetration tester. There are challenges for all skill levels and interest built into the site and we will have expert help on hand to help anyone who wants it.

Those registering for the event will be provided with a complimentary code for 30-day access to the Security Innovations OWASP 2017 Series training. Course details can be found here:

https://www.securityinnovation.com/course-catalog/application-security/secure-design/owasp-2017-series

This code will be provided at least 14 days prior to the event.

Amazon gift cards will be given for:

  • Highest score – $100
  • Runner up – $50
  • Hardest vulnerability – $50
  • First vulnerability – $25

You will need to bring a laptop with the following:

Many thanks to Salesforce for the coffee bar and for hosting this event.

Snacks and lunch are sponsored by:

Posted in Past Presentations | Comments Off on ISSA Portland: ½ Day Hackathon

Holiday Social & Panel Discussion: Managed Security Services Update

Our holiday social will be Wednesday, December 19th from 5:30PM to 8:00PM at Rock Bottom Brewery in downtown Portland.  

We will be holding a panel discussion on managed security services.  This is a great opportunity to gain an understanding of the market for security service providers, what they offer, how they function as a component in your security program and current trends in service offerings.

Please register using the calendar widget.

Panel Participants:

Andy Riley, Chief Technology Officer, GBprotect Inc.

Mr. Riley is a US ARMY veteran and results-oriented security and privacy leader with a record of success directing leading-edge IT security initiatives. Mr. Riley leads the development and management of security services offerings at GBprotect and has over 10 years’ experience delivering hosted IT services.   Prior to joining GBprotect, Mr. Riley held leadership and senior consulting roles with organizations including: The Bill and Melinda Gates Foundation, Public Consulting Group, and State of Washington.

Jesse Nine, Symantec Senior Systems Engineer, Cyber Security Services

Started his career in technology at a local computer shop in Eugene back in ‘95 and got hired on at Symantec in 1999.   Spent much of his years at Symantec working with large enterprise and government customers supporting flagship products (SAV/SEP, SSIM).  Now ply’s his trade as an Senior System Engineer for Symantec’s Cyber Security Services group which includes Symantec’s 14-year, Gartner Magic Quadrant-leading Managed Security Services.

Bowe Hoy, VP Sales, Sword and Shield

This event is sponsored by Symantec.

View Map

Posted in Past Presentations | Comments Off on Holiday Social & Panel Discussion: Managed Security Services Update

November 29th, 2018 Chapter Meeting: Symposium: Identity Governance and Access Management

When: Thursday, November 29th, 2018 from 8:00AM to 1:00PM, (Morning pastries and lunch provided . . . )

Where: Salesforce Offices, 2035 NE Cornelius Pass Rd, Hillsboro, OR 97124

CPEs: 4             This event sponsored by Saviynt.

8:00AM – 8:45AM Networking and Introductions

Session 1: 8:45AM – 9:40AM

Title: “Keeping Pace with the Trajectory of IGA Evolution”

Presented by Diana Volere, Principal Solution Architect with Saviynt

Synopsis: Positive identification and granting of permissions is an old, old problem, but one which continually grows ever more complicated yet ever more necessary. The pressure of compliance regulations, the massive scale of the cloud and the Internet of Things, and the increasing sophistication of attacks are all driving a need to look at Identity Governance and Administration (IGA) in new ways. We’ll touch on the history and explore the current state of capabilities in the space of identity governance, and then prognosticate the directions and challenges to come.

Speaker Bio: Diana Volere has been a professional in security, identity and access for almost twenty years. She has spent time in delivery and pre-sales for leading vendors Novell, Oracle and ForgeRock, as well as consulting with Edgile. Diana has architected and driven sales of solutions for global Fortune 500 companies and focused on several industry-specific verticals, with an emphasis on healthcare and financial. Her aptitude for translating complex technology terminology and capabilities to business value and language plays into her passion for bridging the gap between technology and business needs. Outside of work she loves travel, gastronomy, sci-fi and most other activities associated with being a geek.

Session 2: 9:45AM – 10:40AM

Title: “How to successfully deploy and manage cloud IAM solutions”

Presented by Baber Amin, CTO for West with Ping Identity.

Speaker Bio: Mr. Baber Amin works with Ping customers to develop and evolve their IAM strategy. Baber is also working on Ping’s M&A and ML/AI strategy. Previously, he was responsible for Ping’s solution offerings around OpenBanking, GDPR, Privacy, and Consent, product and solution go-to market and pricing strategy, and for solutions in Employee, and Consumer centric Identity and Access Management. Prior to Ping, Mr. Amin served as Senior Director of product management for IDaaS solutions at Oracle Corp. and CA Technologies and served as Director of Cloud Security with Novell Identity and Security. Mr. Amin is an author on several patents in software security, web caching and content distribution.

Session 3: 10:50AM – 11:45AM

Title: Three Challenges of Identity Security with Modern IT

Presented by Cameron Williams, CTO with OverWatchID

Synopsis: Modern IT environments have three major challenges with traditional identity security products. IT organizations evolved and embraced hybrid IT deployments and cloud services, traditional identity security vendors failed to evolve with them. Organizations are left vulnerable to privilege abuse, insider threats and external attackers. Find out if your organization is affected by these three challenges and learn how they can be prevented.

Speaker Bio: For more than 25 years, Cameron Williams has helped enterpise clients like IBM, Wells Fargo, Sony, BP, and dozens others keep their data safe and secure from data breaches, hacks, ransomware, and spear-phishing. As OverWatchID’s CTO, Cam leads all product design and product development, and is responsible for ensuring that that the company’s cloud-based converged identity security platform is meeting existing and future threats to identity security. Prior to co-founding OverWatchID, Cam held senior positions with InteliSecure, Juniper Networks, Pulse Secure, Virtela Technology Services, IBM, and MCI. Cam studied computer science at North Carolina State University and pre-med at Penn State University. Cam lives in Denver with his daughter Alaura and dog Zoe. He is a competitive Ironman and is an internationally ranked parathlete.

Lunch Break 11:45AM – 12:15PM

Session 4: 12:15PM – 1:00PM

Panel Discussion

 

Posted in Past Presentations | Comments Off on November 29th, 2018 Chapter Meeting: Symposium: Identity Governance and Access Management

October 18, 2018 Chapter Meeting: Panel Discussion: Tracking the Cyber Threat Landscape

When: Thursday Oct 18, 2018 from 11:30 AM to 1:00 PM  (Lunch will be provided…)

Where: Columbia Square Bldg., 111 SW Columbia, 8th floor conference room – Portland, OR 97201

Topics to include:

  • Quarterly update
  • Trends in threat intelligence
  • The role of AI in malware detection
  • Defense in depth techniques
  • Cloud defenses 

Panel Participants:

Brian Ventura, Security Architect City of Portland

About the panelist: Brian is an Information Security Architect for the City of Portland and a SANS Instructor. Brian volunteers with the ISSA Portland chapter as the Director of Education and with OWASP locally. Over the past 25 years, Brian achieved, holds, and now teaches various industry certifications including CISSP, GSEC, GCIH, GCFA, and GCCC. In addition to his Information Security persona, Brian is a member of the Timbers Army and Thorns Riveters, attending as many games as possible. Find Brian’s teaching schedule: https://www.sans.org/instructors/brian-ventura

Cameron Naghdi, Systems Engineering Manager, Malwarebytes

About the Panelist: Cameron Naghdi is the Systems Engineering Manager for US-West at Malwarebytes. Cameron has worked for multiple endpoint technology firms and has supported many vertical markets from retail and healthcare up to Federal/Civilian agencies and the Department of Defense. Cameron is also on the technology advisory board of 802Secure and is Co-Founder and CTO at FilecheckIO. Cameron specializes in understanding the threats of today and  how to prepare solutions to address both today’s and future security challenges.

Chris Sestito, Director of Threat Research, Cylance

About the panelist: Chris Sestito manages the Cylance Threat Research Team, which consists of 30 researchers dedicated to data-science-based analysis and automation development. Chris is based in Austin, Texas and is an eight-year veteran in information security with a wealth of experience in malware analysis and malvertising that helps ensure the security of Cylance customers. Chris also holds Sec+ and C|EH certifications.

Craig Schippers, Principal Field Engineer, Trend Micro

About the Panelist: Craig Schippers is a CISSP Certified Principal Field Engineer at Trend Micro. He has worked in the security industry for approximately 17 years, assisting customers with their Infrastructure Security needs. Craig lives in Portland, Oregon.

Moderator:

Christopher Paidhrin, CISO, City of Portland and ISSA Portland Vice-President

About the moderator: Christopher Paidhrin, is the Chief Information Security Officer for City of Portland, Oregon. For the past 17 years Christopher has been a nationally recognized healthcare Information Security authority, having received recognition, nominations and awards for service excellence, including Network World, ISE, SC Magazine, and Information Security magazine’s 2011 “Security 7” Award. Christopher is a regular media consultant and presents at numerous events across the U.S. Christopher is an advocate of IT Service Management (ITSM) best practices and process improvement, including learning organizations and knowledge management.

 

This event is sponsored by: Malwarebytes and Trend Micro

Posted in Past Presentations | Comments Off on October 18, 2018 Chapter Meeting: Panel Discussion: Tracking the Cyber Threat Landscape

September 2018 Chapter Meeting: DNS’s Role in Securing your Network

When: Sept 20, 2018 from 11:30 AM to 1:00 PM  (Lunch will be provided…)

Where: Columbia Square Bldg., 111 SW Columbia, 8th floor conference room – Portland, OR 97201

Please register using the calendar widget at right.

Abstract: 

Your network is the gateway to the world. Unfortunately, protecting your network from evolving threats is more difficult than ever. Device proliferation, BYOD, Internet of Things, virtualization, hybrid cloud adoption—all are crucial trends that enhance business performance. But they also add complexity and increase the attack surface. DNS is an essential component of network connectivity, but it has emerged as a significant threat vector for malware command and control, DDoS attacks, and data exfiltration. Even as your network modernizes and gains valuable new capabilities, threats multiply exponentially. During this session, learn more about DNS, threats to DNS infrastructure, and different methods to address these threats.

About the Speaker:

Kevin Zettel is a security-focused Technical Marketing Engineer who works with Infoblox to lock down the DNS and secure it for enterprises. Kevin knows that security is the center focus of companies and believes that without security, industries will unquestionably fall apart. Kevin has worked with the Infoblox Security Ecosystem to manage many security vendors such as McAfee, Cisco, ServiceNow, Aruba, and many others. He knows the security landscape and sees the necessity and demand that businesses have to secure their capital. With a degree from Central Washington University and an education in programming, Kevin has the technical know how to get secured.

Posted in Past Presentations | Comments Off on September 2018 Chapter Meeting: DNS’s Role in Securing your Network

June 13, 2018 Chapter Meeting – Sustain Yourself!

Sustain Yourself! – and vote for 2018/19 ISSA Portland Board 

When: June 13,2018 from 11:30 AM to 1:00 PM  (Lunch will be provided…)

Where: Columbia Square Bldg., 111 SW Columbia, 8th floor conference room – Portland, OR 97201

Vote: June is our last meeting of the presentation year. We use this meeting to vote in the next year’s board. If you are interested in participating, let the current board know and we will put your name on the ballot. Please come and vote in our new board!

Please register using the calendar widget at right.

Abstract: 

Using neuroscience and biology along with a sense of humor, in this talk Robin shares the four necessary components required to sustain accurate discernment, vibrant energy and focused resilience, essential to sustain professionals working in stressful situations or work environments.
Learn what you can do to have a remarkedly better day. Not only to maintain career satisfaction, be exceptional professionals, but also to enhance your health and sense of humor, on the job and at home.
Come away with ah-has, skills and insights that you will repeatedly use and want to pass on to others.

About the Speaker:

Robin Rose is an accomplished trainer, speaker and consultant with over thirty years’ experience. With a background in counseling and education, she translates the latest developments in brain-based research into practical, learnable skills. Robin’s expertise is in teaching people how to stay calm, professional, and effective, especially during high-stress, high-pressure situations. She delivers information, training, and tools that help you understand how your brain works, how to think clearly, and how to communicate effectively. People leave her trainings with new skills and renewed energy!

Robin has an uncommon ability to make it safe for individuals and groups to learn new ways to work together, build trust, and move forward. She holds a Master’s degree in Counseling Psychology from Lewis & Clark College. After fifteen years as college faculty, she formed her own company and moved into the public, government agency, non-profit, and business sectors.
Her latest book, Shifting Gears: A Brain Based Approach to Engaging Your Best Self, has been field tested on over 100,000 people and is packed with tools for clear thinking, improved relationships, and renewed enthusiasm for life. Robin has trained thousands of professionals who wanted to learn how their brain works, so they could think, act, and communicate at their highest proficiency.

To see Robin in action (video), please go to: http://www.robinrose.com

Posted in Past Presentations | Comments Off on June 13, 2018 Chapter Meeting – Sustain Yourself!

May 17, 2018 Chapter Meeting – Cyber Deception

Cyber Deception – Legacy Challenges and New Techniques to Supplement Your Cyber Defenses

When: May 17,2018 from 11:30 AM to 1:00 PM  (Lunch will be provided…)

Where: Formaltech, 421 SW 6th Avenue, Suite 950 – Portland, OR 97204

Please register using the calendar widget at right.

Abstract: 

Speakers will discuss all things cyber deception including why legacy and high interaction honeypots don’t scale, are expensive and add attack surface, what technologies organizations can implement for host, protocol and Active Directory deception, as well as how to best integrate those technologies into existing cyber defenses.

 About the Speakers:

 Charlie Kawasaki, CISSP, VP of Business Development, Formaltech

Charlie has over 35 years of experience working in technology, primarily in venture-backed start-ups, early stage and spin-out companies innovating in the cybersecurity, software, and network industries. He currently serves as the VP of Business Development at Formaltech, CTO for PacStar, and Entrepreneur in Resident at Galois. Charlie is highly involved in the local technology community by serving as a Board Member of Technology Association of Oregon, Co-chair of TAO Cyber Lab, Vice-chair of Oregon Cybersecurity Advisory Council, and Founder and Manager of NW Cyber Camp.

Clayton Fields, Vice President, Javelin Networks

As a security specialist, Clayton has helped clients improve security programs across the world. A thorough understanding of business drivers coupled with the ability to diagnose risk has allowed Clayton to help companies avoid being a headline. Also with this unique skill set, Clayton has helped executives understand the breakdown that exists between the business executives and cybersecurity professionals regarding risk assignment and prioritization that has caused so many newsworthy events. Experiences with incident response and threat hunting have also allowed Clayton to help companies choose unique solutions to mitigate risk.

Posted in Past Presentations | Comments Off on May 17, 2018 Chapter Meeting – Cyber Deception

April 12 Symposium – Safeguarding Your Critical Unstructured Data

Come join us at our upcoming 4 hour symposium (4 CPE credits)

When: Thursday, April 12 8:30 am – 1:30 pm (Lunch will be provided)

Location: Nike Victory (EDO), 15475 SW Koll Parkway, Beaverton OR 97006

Register by clicking on the date on the calendar widget.

Session 1 (9:00-9:45): Harden Your Unstructured Data at Scale via Classification, Redaction, Encryption, and Reporting

Abstract:  Estimates state that 80% of all data is unstructured.  It lives in documents, spreadsheets, images, and other types of files.  Inappropriate access to those files can lead to a loss of intellectual property, system crashes, and even lost application functionality. Unfortunately, we have to understand the files themselves before we can properly secure them.  This is particularly challenging at the scale and speed of modern business.  Thankfully, solutions exist to help with this.  Come learn how to:

  • Discover what data is living in your files
  • Easily determine file ownership and entitlements
  • Restrict access to critical files
  • Redact, and even encrypt, sensitive content

About the Speaker: Leo Duncan is the Analytics Practice Lead at Nordisk Systems.  Leo Duncan specializes in the intersection between analytics and information security.  He has been securing analytic platforms and their underlying content for well over a decade.  In addition to years of platform administration experience, his accomplishments also include the design, construction, and deployment of a novel security control for use with a leading relational database management system.

Session 2 (9:45-10:30): Data Loss Prevention by evaluating and addressing risk.

Abstract: Data Protection is an important consideration for all companies.  Why is Data Loss Prevention needed and how does it impact various departments like compliance and legal?  Who is after your data and why?  We will cover myths that are associated with it and how to separate myth and legend from fact.  Lastly, we will discuss how you can create a data-centric framework for your business with respect to Data Protection.

About the Speaker:  John Loya is currently the Director of Sales Engineering with Digital Guardian, providing clients with Threat Aware Data Protection solutions. John has been with Digital Guardian for 5 years. Prior to Digital Guardian, John was with McAfee for 9 years in a combination of sales and engineering positions and with Siemens for 9 years as a software developer.  John is based out of Orange County, California.

Break 10:30-10:45

Session 3 (10:45-11:30) UEBA & Insider Threat: Comprehensive Architecture for a Zero Perimeter World

Abstract: Today’s security breaches are rooted in people-based vulnerabilities.  A key set of tools are required to protect your valuable data from accidental, compromised and malicious users.  Visibility and context are key components of an enterprise level security program.  By focusing on peoples’ interactions with data, Insider Threat programs prevent behavioral-based data loss and exposes other insider threats that present risk to critical systems, such as fraudulent transactions or cyber sabotage.  Combine these tools with UEBA to deliver rich analytics and visibility into a multitude of 3rd Party channels to reduce enterprise risk in an era where threats have surpassed the perimeter.  Review large data sets and reduce risk to your organization.

About the Speaker:  Ben Bailey is a Solutions Architect based in the Pacific Northwest with Forcepoint, a Raytheon company.  An industry leader in delivering advanced analytics and security solutions to the broader market and key contributor to the development of best in class security tools to prevent sensitive data exfiltration.  Mr. Bailey has been actively engaged in the architectural design, deployment and implementation of DLP, CASB, UEBA and Insider Threat programs with large enterprise organizations.  His background is in data protection and business continuity.  Mr. Bailey has served in this capacity for 10 years working with key manufacturers and service providers in the security space.

Session 4: (11:30-12:15) Building data-centric security in a world without borders and full of uncontrollable endpoints.

Abstract: Learn how to gain control over sensitive unstructured information even when it travels beyond sanctioned on-premise cloud services using encryption, global monitoring and dynamic data control across any platform or device.

About the Speaker: Bert Grantges is the VP of Solutions Engineering at Vera. Bert is passionate about applications in the mobile space and data security. His key interests are in business development, strategic relations and architecture for internet and mobile based companies. He frequently speaks on topics mostly centering on threat landscapes and technology. Bert specializes in enterprise technology, software architecture design and development, program management and product management.

Lunch Break (12:15 – 12:30) followed by: 

Panel Discussion (12:30 – 1:30)  Moderated by ISSA Board members.

Posted in Past Presentations | Comments Off on April 12 Symposium – Safeguarding Your Critical Unstructured Data