PDX Cyber Camp!

LEARN CYBERSECURITY NOW!

Join us at PDX Cyber Camp 2017! The camp will give you and other high school students a hands-on, introductory experience to cybersecurity principles, including hands-on implementation in Windows and Ubuntu.

Cybersecurity is one of today’s hottest technical fields, with some experts forecasting a shortage of up to 1 million trained professionals in the coming years. Cybersecurity careers can be incredibly rewarding and high-paying. By participating in this cyber camp, you’ll receive valuable experience that can help you pursue cybersecurity internships.

PDX Cyber Camp Details

Date: Monday July 17 through Friday July 21, 2017
Camp Times: Monday-Thursday 9 a.m. to 4 p.m., Friday 9 a.m. to 1 p.m.
Camp Reception: Thursday, July 20th
Location #1: (Girls Only) Lincoln High School, 1600 SW Salmon St, Portland, Rm #223
Location #2: (Co-Ed) Center for Advanced Learning, 1484 NW Civic Dr., Gresham
Location #3: (Co-Ed) Mentor Graphics: 8005 Boeckman Rd, Wilsonville, OR
Cost: $150 with scholarships available based on financial need

Curriculum and Highlights

  • Introduction to cybersecurity and ethics
    • Introduction to VMware Player
    • Hands on security configuration of Windows and Ubuntu
    • Mock cyber competition
    • Guest speakers from leading cybersecurity companies including McAfee by Intel Security, Cylance and many more
    • Networking reception with security business professionals and educator

APPLY NOW!

www.softwarediligence.com/pdxcybercamp/

Title Sponsor

PacStar

Platinum Sponsors

IBM
McAfee by Intel Security
Mentor Graphics
Galois

Gold Sponsors

Absolute Software
Cylance
Hueya
New Relic

PDX Cyber Camp 2017 is a program organized and managed by EnergySec (www.energysec.org) and Lincoln High School Coding Club

PDX Cyber Camp 2017 is non-profit and volunteer driven. All proceeds and sponsor-ships go only toward direct expenses such as curriculum, supplies, and outreach.

Posted in Announcements, News, Training | Comments Off on PDX Cyber Camp!

March Symposium presenting the topic of: Half-Day Hackathon

Please join ISSA Portland March Symposium presenting the topic of:  Half-Day Hackathon

(This is the same event that was to happen in December 2016 but was cancelled the day of due to ice and snow)

You can register at the link below until Tuesday March 21, 2017 for the early registration pricing.

https://www.eventbrite.com/e/issa-portland-december-12-day-hackathon-symposium-tickets-32239381859

Space is limited, so please register soon.

When: 

Thursday – March 23, 2017

Agenda:

8:30am – Doors open

9 AM – Overview & Training Session

10 AM – Hacking begins

12-1 PM – Lunch Is Served

1-1:30 PM – Wrap Up Session – Announce Winner!

Where:

Nike Victory (EDO)

15475 SW Koll Pkwy

Beaverton, OR 97006

Presentation:

Come to the first-ever hands-on ISSA website hackathon.  We are partnering with SecurityInnovation to provide an immersive hands-on hacking experience for our ISSA symposium.

Compete against your fellow ISSA Portland members in a contest of hacking skills in a fun environment.

This event will provide value for everyone from a non-coder with zero hacking experience to a seasoned penetration tester.  There are challenges for all skill levels and interest built into the game and we will have expert help on hand to help anyone who wants it.

We will provide some initial training, lunch and the vulnerable infrastructure for you to test your skills against.

You will need to bring a laptop with the following:

Price:

The chapter meeting is subsidized by chapter memberships and sponsors.  There is a nominal fee of $10 (member) or $25 (non-member) for preregistered attendees.  Walk in attendee’s are welcome but will be charged $30 at the door.  If you wish to become a member, please visit http://portland.issa.org/join-issa-portland/ for additional details.

CPEs:

The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE’s are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Chapter Sponsors:

ISSA Portland would like to thank our program sponsors, who help make high quality programs like this possible.

Platinum Sponsor: Vectra

GOLD Sponsor:  Optiv, Tenable, Netskope

SILVER Sponsor: FireEye, RiskIQ, OBS

Posted in Announcements, Chapter Meetings, Events | Comments Off on March Symposium presenting the topic of: Half-Day Hackathon

How AI Works: Recent examples of AI

Please join us for the February luncheon meeting!!!!

Presenting the topic of Artificial Intelligence and Machine Learning in Security: Move from Detection to  Prevention.”

 

How AI Works – Recent examples of AI

Why AI and ML are well suited for security
Details on how AI and ML work
Impact on Operations, User, and Business
Demo of AI in action (detect only and predict and prevent)

 

Posted in Events | Comments Off on How AI Works: Recent examples of AI

Sticky: Educational Update for 2017

Last Fall, James Trumper and I led a successful CISSP class through PCC. James and I really enjoyed the opportunity and the class participants got a lot out of it. I hope we can put together another course. PCC was a great venue and the cost was much lower than any bootcamp or other intensive I have found. Let me know if you are interested in a local CISSP course, so we prioritize this appropriately.

What else is out there? As you know, I teach for SANS, so I looked into what SANS courses are coming to town. Here is what I found:

  • MGT512: Security Leadership Essentials For Managers with Knowledge Compression™    Apr 10, 2017 – Apr 14, 2017
  • SEC401: Security Essentials Bootcamp Style    Jun 12, 2017 – Jun 17, 2017
  • SEC501: Advanced Security Essentials – Enterprise Defender    Jul 17, 2017 – Jul 22, 2017

These are each great options to avoid travel and get high value training locally. Here is the link: https://www.sans.org/security-training/by-location/north-america/oregon

In my sticky post to the Training page on the Portland ISSA webpage (http://portland.issa.org/category/training/), I mentioned the programs at Mt. Hood Community College, as well as Cybrary.it. These are both very good resources. The first has a number of 2-year programs for Information Security and the latter is continually adding new materials and certifications for self-study.

My teaching schedule is here: https://www.sans.org/instructors/brian-ventura

I have a 2-day Critical Security Controls course outside of Spokane, WA in April and another in Cupertino for May, in case anyone wants to travel with me :)

I am partnering with Tenable to host a 5-part webcast series on the first 5 Critical Security Controls starting in May. I will post those up as they get closer.

Dont forget our upcoming March Hackathon 1/2 day symposium:

https://www.eventbrite.com/e/issa-portland-december-12-day-hackathon-symposium-tickets-32239381859

Happy 2017! Stay warm and I look forward to seeing you at the next event!

Posted in Training | Comments Off on Sticky: Educational Update for 2017

ISSA Portland December Hackathon Symposium

Come to the first-ever hands-on ISSA website hackathon!!

We are partnering with SecurityInnovation to provide an immersive hands-on hacking experience for our ISSA symposium.

Compete against your fellow ISSA Portland members in a contest of hacking skills in a fun environment.

This event will provide value for everyone from a non-coder with zero hacking experience to a seasoned penetration tester. There are challenges for all skill levels and interest built into the game and we will have expert help on hand to help anyone who wants it.

We will provide some initial training, lunch and the vulnerable infrastructure for you to test your skills against.

You will need to bring a laptop with the following:
· Recent version of Firefox installed with the FireBug Extension
· Recent Java Runtime installed

Space is limited, so please register soon.

Location:
Nike Victory (EDO)
15475 SW Koll Pkwy
Beaverton, OR 97006

Date:
December 15th, 2016

Agenda:
9 AM – Overview & Training Session
10 AM – Hacking begins
12-1 PM – Lunch Is Served
1-1:30 PM – Wrap Up Session – Announce Winner!

Event Tickets (click here)

 

Posted in Events | Comments Off on ISSA Portland December Hackathon Symposium

Cyber Hygiene – Critical Security Controls

 

FOR OUR FIRST MEETING OF THE FALL! We are happy to have Brian Ventura presenting Cyber Hygiene. With so many types of network attacks and so many tools/solutions to combat these attacks, you ask yourself which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this introduction, we will discuss the benefits and application of the first five controls.

Presenter info:

Brian Ventura is an Information Security Architect at the City of Portland, Community Instructor for SANS and volunteers in the Portland ISSA chapter, working on educational opportunities for members. Brian teaches the Critical Security Controls regularly for SANS and through community events. The City uses the Critical Security Controls to prioritize the Information Security framework for the city.

 

Posted in Events, Uncategorized | Comments Off on Cyber Hygiene – Critical Security Controls

Portland Area Security Community Fall Mixer

Please join ISACA, ISSA, OWASP, ASIS and InfraGard as we kick-off the 2016-2017 programs year.  Details below.  Register today on the event page here!

Portland Area Security Community Fall Mixer September 14, 2016

 

ISACA, ISSA, OWASP, ASIS and InfraGard are hosting a joint event!

WE ARE EXCITED: This year’s event includes several regional associations. This is a great opportunity to network and meet other IT, Security and Audit professionals in our area.

JOIN THE FUN:  Once again we will be providing an array of appetizers and a full hosted bar. Each of the 5 associations will be announcing upcoming events, plans and certification offerings.

COST: The event is FREE. Parking vouchers for the Alder St. STAR PARK, will be available.

USE TRANSIT? The event is right on the max line.

Event Privacy Practices:  Registration information for this information will not be provided to event sponsors, and will be used only by the 5 associations co-sponsoring the event for membership, programs, and marketing purposes. Attendees are being registered in the ISACA attendee system, and contact information will be provided to any other association(s) whom the attendee identifies they are affiliated with during the registration process.

Posted in Announcements, Chapter Meetings, Events | Comments Off on Portland Area Security Community Fall Mixer

May 2016 Chapter Meeting – Securing Vendor & Mobile Workforce Access

Join ISSA  for our monthly luncheon on the topic of:  “Securing Vendor & Mobile Workforce Access” presented by: Rick LeClerc, Chief Solutions Architect, Bradford Networks.

This is also our annual meeting and the 2016 board will be elected. 

Presentation Abstract:

Topics will include how to facilitate the deployment of access policies based on device characteristics like “Who, What, Where and When” to secure access for domain users, vendors, mobile workforce and guests and how to reduce the attack surface and substantially save IT staffing costs by automating the enforcement of access policies to restrict/quarantine and/or remediate when anomalous activities from compromised hosts have been detected.

Speaker Bio:

In his role as Chief Solutions Architect at Bradford Networks, Rick works with ‘strategic accounts’ all over the world, and also works directly with Business Development and Technology Partners to deliver joint customer solutions that bridge the gap between the SOC and the NOC through security automation and orchestration initiatives. Prior to Bradford Networks, Rick was Director of the Custom Engineering Group at Aprisma Management Technologies and Cabletron Systems for over 10 years. Rick and his team worked directly with customers to understand their business requirements and map those requirements to technical specifications for customized software development projects related to their Spectrum Enterprise Management solution. Rick has presented at Educause, RSA, NERCOMP, UCISA Networkshop (UK), Oxford/Cambridge University (UK), and a host of additional networking and security conferences.

When: 
Thursday, May 19th, 2016 – Doors open at 11:30AM.  The event will end at 1:00PM.  Lunch will be provided.

Where:  
XPO Logistics (formerly Con-way)
2055 Northwest Savier Street
Portland, OR 97209

XPO’s reception desk is located at west end (closest to 21st Ave.) of the AdTech II building, best accessed by turning into the entrance located on 21st Ave;  the main entrance to the building is on Savier Street on the west side of the building. This entrance is manned by a security guard and you will be asked to sign in.  XPO has asked that guests park in the two lots to the East of NW 20th Avenue between NW Raleigh and NW Thurman.  Please do not park in spaces that are marked with names other than XPO since these spaces are leased. The best option is the lot on the NE corner of NW Raleigh and NW 20th.

CPEs:
The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE’s are credited to their respective accounts. This luncheon will offer 1 CPE per hourof attendance.
Chapter Sponsors

ISSA Portland would like to thank our sponsors, who help make high quality programs like this possible.

Posted in Announcements, Chapter Meetings, Events | Comments Off on May 2016 Chapter Meeting – Securing Vendor & Mobile Workforce Access

April Symposium: Web Application Security

Thursday, April 21, 2016
This was an all morning event. Doors opened at 8:00 AM and ended at 1:00PM.

Where:  
XPO Logistics*
2055 Northwest Savier Street
Portland, OR 97209

Session 1: (8:45-9:35) – Securing the SDLC with Automated Code Analysis
Presented by Jeremy Anderson, Principal Solutions Architect with Veracode

PRESENTATION: Securing the SDLC 2.0

Abstract:
Over 90% of the $$ spent on InfoSec in today’s enterprises goes to late stage protection strategies, yet the single biggest threat to the enterprise today isn’t so much the infrastructure, but the software. Kaspersky labs mentioned in one of today’s briefs that they see the biggest issue of 2016 being vulnerable third party software. That, coupled with managing our own swiss cheese of software makes for a threat vector that nobody can handle. Jeremy’s presentation will be from a “mostly” tool agnostic approach, simply pointing out the need for good testing early and often, in keeping with today’s agile development processes.  Jeremy will demonstrate how to use Jenkins to build and upload to Veracode, and show the results automatically returned to JIRA – a defect tracking system.

Speaker Bio:
Jeremy Anderson has over 15+ years web software development experience in a variety of fields. He started out programming Perl and Java back in the late 90’s and has since written software in over 10 languages. He recently spent 7 years in operations management at US Bank here in Portland, building DR systems, managing vendor security and creating software security mitigation strategies. He recently joined Veracode, one of the fastest growing application security companies in the world where he works as a Principal Solutions Architect, supporting customers in their adoption of Veracode’s cloud based security testing solution.

Session 2: (9:45-10:35) – Extend login security for websites with two factor authentication based on possession.
Presented by Bill Bartlett, Founder of Fobfuscate

PRESENTATION: MFA

Abstract:
A demonstration of 4 methods of multi-factor authentication, 2 on a cell phone and 2 with USB touch activated tokens.  Google Authenticator is a cell phone app that generates one-time passwords.  CLEF is a cell phone web service that uses PKI to digitally sign and verify users.  Yubikeys are touch activated one-time password tokens with a cloud authentication service.  FIDO is an open standard that provides PKI challenge/response on a USB touch activated device.

Speaker Bio:
Bill Bartlett has been an application software developer for 35 years and has worked with banking encryption products for 25 years including challenge/response systems.  He is a 2FA enthusiast who believes that website users should be given options to improve their own security online by enrolling their own devices on their profile.  With new technology that uses cloud authentication for devices in their possession, user identity theft can be stopped dead.  Furthermore, most 2FA solutions do not require the website to cache any sensitive credentials reducing their exposure to data breach.

Session 3: (10:45-11:35) The basics of Red Teaming
Presented by Chris Z. and Robert Hartshorn, HP Cloud Solutions & Operations Security

PRESENTATION: RedTeamSlides

Abstract:
Chris and Robert from the HP application security team will cover the basics of red teaming: what it is, where it fits in a security program, and how you can implement one on a shoe-string budget.  Assessment of web applications will be emphasized due to their popularity and low barrier to entry.  We will demonstrate a number of common web-app bugs and how real attacks abuse them.  Bring your questions!

Speaker Bio’s:
Chris has been working as an Application Security Engineer at HP for more than 5 years where he bootstrapped the CSO (Cloud Solutions & Operations) Security team and focuses predominately on exploit development and penetration testing.  He holds a bachelor of science in Computer Science along with a number of security industry certifications.

Robert Hartshorn is an Application Security Engineer at HP. His main area of expertise is penetration testing web applications, with working knowledge of Mobile applications security along with Incident response and malware analysis.

Lunch: (11:35-Noon) Content Security Policy

Session 4: (Noon-12:50) Content Security Policy
Presented by Timothy D. Morgan Founder and Principal Security Consultant Blindspot Security LLC

PRESENTATION: Content Security Policy TDM

Abstract:
Content Security Policy (CSP) is a mechanism to help harden web applications against a wide variety of client-side attacks including cross-site scripting, clickjacking, and cross-origin information leaks.  CSP is a powerful tool that is now available in all major browsers, but is sadly under-utilized.  Join Tim for an overview of CSP, what it can do for you, and how you can incrementally deploy it on at-risk web applications.

Speaker Bio:
As an application security consultant and vulnerability researcher, Tim Morgan has been taking deep technical dives in security for over a decade.  In that time, he has been credited with the discovery and responsible disclosure of numerous security vulnerabilities in a variety of software products, including: IBM Tivoli Access Manager, Sun Java Runtime Environment, Google Chrome Web Browser, OpenOffice, Oracle WebLogic Application Server, and IBM Websphere Commerce.  His current research interests include applied cryptanalysis, XML external entities attacks, and network timing attacks.  Tim develops and maintains several open source forensics tools in addition to Bletchley, an application cryptanalysis toolkit. Tim works to secure his customers’ environments through black box testing, code reviews, social engineering exercises, security training, and a variety of other services.  Tim has worked in a variety of roles in the information security field including incident response, digital forensics, and risk analysis, giving him a broad set of experiences to draw upon.  Tim earned his computer science degrees from Harvey Mudd College and Northeastern University and currently resides in Portland, Oregon where he leads the local OWASP chapter.

Posted in Past Presentations | Comments Off on April Symposium: Web Application Security

March Chapter Meeting – Information Security Leadership Panel

Topic: “Challenges and Initiatives”

Format: Board leads with questions followed by audience and guest questions and participation.

Panel participants:

  • Christopher Paidhrin – Information Security Manager, City of Portland
  • Dave Dyk – Director of Information Security, Simple Finance
  • Chris Apgar – President and CEO, Apgar and Associates
  • Mark Farley – Vice President, Worldwide Information Technology, FEI Company

When: 

Thursday, March 17th, 2016 – Doors open at 11:30AM.  The event will end at 1:00PM.  Lunch will be provided.

Where:  
XPO Logistics*
2055 Northwest Savier Street
Portland, OR 97209

Posted in Past Presentations | Comments Off on March Chapter Meeting – Information Security Leadership Panel