November – BeyondCorp & Zero Trust Networking

Come Join us for our November Lunch Meeting:

Zero-Trust Networking & A New Approach to Enterprise Security

From: 11:30 am to 1:00 pm

Speaker Bio:

Ivan Dwyer, ScaleFT

Abstract:

BeyondCorp is a Zero Trust security framework modeled by Google that shifts access controls from the perimeter to individual devices and users. The end result allows employees to work securely from any location without the need for a traditional VPN.

Register on Eventbrite: https://www.eventbrite.com/e/issa-portland-november-beyondcorp-zero-trust-networking-tickets-39132108189

Posted in Uncategorized | Comments Off on November – BeyondCorp & Zero Trust Networking

October 2017 – Social Engineering recap

The October meeting hosted Christopher Paidhrin talking about Social Engineering. This talk was well attended and covered the theory behind the human element and how to improve employee engagement to combat social engineering.

Check out the slides here: Social Engineering_v3

Posted in Uncategorized | Comments Off on October 2017 – Social Engineering recap

Training Options – Fall 2017

School has started again and with that, our ISSA year begins with a great talk about hacking a hackathon, next week. If you haven’t signed up for that, I highly encourage you to do so. With fall around the corner, that also means James and my CISSP preparation course at PCC starts soon, so get signed up for that. There are many other items coming up and hopefully I can touch on those here.

  • Of course, I have to mention our CISSP course at PCC. James and I successfully helped and guided a group through their CISSP study and passing the CISSP test! It was fun, challenging and informative. We provide this course for the local community, including the ISSA Portland Chapter. Anyone is welcome and the goal is to provide CISSP help at a reasonable cost. Please pass this along, the more people we have in the course, the more incentive James and I have to continue providing the content. The PCC class, CEU3654, is found here: https://www.pcc.edu/schedule/default.cfm?fa=dspCourse2&thisTerm=201704&crsCode=CEU3654&subjCode=CEU&crsNum=3654&topicCode=INTAX&subtopicCode=%20
  • If you are taking our CISSP course, or you want to study on your own, the official ISC2 CISSP study guide is provided to ISSA members at a 50% discount! This is the book we use in the course and the official ISC2 study guide. Contact Ashley Edwards at Wiley to receive the discounted price: aedwards@wiley.com. Promo Code: CSP50
  • OWASP Portland, our sister organization in the Portland area, is having their annual Training Day, October 4th! This year there are 6 tracks, a half-day each. Tickets go on sale 9/19 at 10AM, They will sell out fast! https://www.owasp.org/index.php/OWASP_Portland_2017_Training_Day
  • SANS has an upcoming SEC401: Security Essentials bootcamp coming to Portland in November. I am teaching this one! It will be awesome. Get signed up for this early. Get your organization to fund your attendance, touting you will save on travel expenses with a local course. https://www.sans.org/community/event/sec401-portland-nov-2017
  • Mt. Hood Community College has their 2-year programs around Information Security. Please check them out if you are interested in a program: https://www.mhcc.edu/CyberSecurity/
  • The Oregon Institute of Technology opened a campus in Wilsonville and provides 4-year IT programs. They are working on an Information Security curriculum. Kris Rosenberg is the Program Director and is one of the 6 instructors for the OWASP training day above! If you are looking for a 4-year program or know someone that might: http://www.oit.edu/academics/degrees/information-technology

Cheers

Posted in Training | Comments Off on Training Options – Fall 2017

September Lunch Meeting: Hacking a Hackathon

https://www.eventbrite.com/e/issa-portland-september-hacking-a-hackathon-tickets-36792255627

 

Date: September 14th, 2017
From: 11:30 am to 1:00 pm
Speakers: Alexei Kojenov & Alex Ivkin

Portland Building
1120 SW 5th Ave
Portland, OR 97204

Speaker Bio:
Alexei Kojenov is a Senior Application Security Engineer with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications.

Alex Ivkin is a senior security architect with experience in a broad array of computer security domains, focusing on Identity and Access Governance (IAG/IAM), Application Security, Security Information and Event management (SIEM), Governance, Risk and Compliance (GRC). Throughout his consulting career Alex has worked with large and small organizations to help drive security initiatives and deploy various types of enterprise-class identity management and application security systems. Alex is an established and recognized security expert, a speaker at various industry conferences, holds numerous security certifications, including CISSP and CISM, two bachelor’s degrees and a master’s degree in computer science with a minor in psychology.

Abstract: Hacking a Hackathon
All modern software, but the most trivial one, relies on common libraries to perform routine work. Your software may be bastion of security, exhaustively tested and evaluated, but once a vulnerability is discovered in a library you depend on, all bets are off. These large and pervasive vulnerabilities quickly become popular targets, exploited by everybody from script kiddies, to professional hackers, to state actors. It is no surprise that the use of vulnerable libraries is included in the OWASP Top 10 list. The Australian Signals Directorate (ASD) lists patching operating systems and applications as two of their top four strategies to mitigate security incidents!

During a recent hacking game, we’ve identified and exploited a vulnerability not anticipated by the developers. One little crack in a widely used library gave us the footing we needed to construct an attack chain of remote code execution, file upload, data exfil, source code disassembly, and branching into a private network, all despite extremely high level of hardening on the target from unintended attacks. We’ll share with you how a safe and fun library exploitation can be in the confines of a hacking game, and how there are serious implications for your corporate applications where the stakes are much higher.

Have questions about ISSA Portland – September – Hacking a Hackathon? Contact ISSA Portland Chapter
Posted in Chapter Meetings, Events | Comments Off on September Lunch Meeting: Hacking a Hackathon

Come Join us for our June Meeting: Threat Intelligence & Officer Elections

Meeting Time: 11:30 am to 1:00 pm

Speaker: Scott Williams, Anomali

About Anomali: Anomali delivers earlier detection and identification of adversaries in your organization’s network by making it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali’s approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred.To learn more, visit www.anomali.com and follow us on Twitter: @anomali.

Speaker Bio: (Check Back Soon)

Topic: Threat Intelligence & Officer Elections

We will also be holding elections for:

  • Vice President
  • Treasurer
  • Secretary

https://www.eventbrite.com/e/issa-portland-june-2017-threat-intelligence-officer-elections-tickets-34761169594

Posted in Uncategorized | Comments Off on Come Join us for our June Meeting: Threat Intelligence & Officer Elections

May Chapter Meeting: Getting Physical with Red Team

Come Join us for our May Meeting: Getting Physical with Red Team

From: 11:30 am to 1:00 pm

As the landscape of cyber security evolves, offensive security has become the tip of spear. The industry is utilizing more advanced offensive security exercises to compete with present day attackers.  Red Teaming is one of those tools in our toolkit that can provide great insight into the true capabilities of an organization to the thwart an attack.  Matt Mosley of Tevora will discuss one of the three elements of Red Team engagements. Matt’s focus will be on the physical aspect of Red Team engagements which involves bypassing physical controls such as locks, gates, badge systems, alarm systems, and security guards with an overview of tools and techniques used today and stories from actual engagements.

Speaker: Matt Mosley

Speaker Bio:

Matt is the Director of Incident Response & Threat Services at Tevora with expertise in penetration testing, development of security intelligence solutions, digital forensics, and incident response. Matt was also former adjunct professor at UCLA, teaching offensive security tools & techniques.

https://www.eventbrite.com/e/issa-portland-may-getting-physical-with-red-team-tickets-33123690851

Posted in Uncategorized | Comments Off on May Chapter Meeting: Getting Physical with Red Team

Hackathon, HACKED! good job team

Our March meeting was a 1/2 day Hackathon, with the platform provided by Security Innovation. The event was a great success!

The event was a gamified, safe hacking space. Our first and second place winners went on and fully owned the site! This was outside the initial scope and plan, but was still a safe place to run these exercises.

Alexei and Alex, the 2 winners, wrote up their experience and how they were able to own the entire site. It is a good read, showing the details of their attack. I encourage each of you to read.

http://www.aspectsecurity.com/blog/shadow-bank-pwn-hackathon

 

Posted in Announcements, Chapter Meetings, Events, News, Training | Comments Off on Hackathon, HACKED! good job team

PDX Cyber Camp!

LEARN CYBERSECURITY NOW!

Join us at PDX Cyber Camp 2017! The camp will give you and other high school students a hands-on, introductory experience to cybersecurity principles, including hands-on implementation in Windows and Ubuntu.

Cybersecurity is one of today’s hottest technical fields, with some experts forecasting a shortage of up to 1 million trained professionals in the coming years. Cybersecurity careers can be incredibly rewarding and high-paying. By participating in this cyber camp, you’ll receive valuable experience that can help you pursue cybersecurity internships.

PDX Cyber Camp Details

Date: Monday July 17 through Friday July 21, 2017
Camp Times: Monday-Thursday 9 a.m. to 4 p.m., Friday 9 a.m. to 1 p.m.
Camp Reception: Thursday, July 20th
Location #1: (Girls Only) Lincoln High School, 1600 SW Salmon St, Portland, Rm #223
Location #2: (Co-Ed) Center for Advanced Learning, 1484 NW Civic Dr., Gresham
Location #3: (Co-Ed) Mentor Graphics: 8005 Boeckman Rd, Wilsonville, OR
Cost: $150 with scholarships available based on financial need

Curriculum and Highlights

  • Introduction to cybersecurity and ethics
    • Introduction to VMware Player
    • Hands on security configuration of Windows and Ubuntu
    • Mock cyber competition
    • Guest speakers from leading cybersecurity companies including McAfee by Intel Security, Cylance and many more
    • Networking reception with security business professionals and educator

APPLY NOW!

www.softwarediligence.com/pdxcybercamp/

Title Sponsor

PacStar

Platinum Sponsors

IBM
McAfee by Intel Security
Mentor Graphics
Galois

Gold Sponsors

Absolute Software
Cylance
Hueya
New Relic

PDX Cyber Camp 2017 is a program organized and managed by EnergySec (www.energysec.org) and Lincoln High School Coding Club

PDX Cyber Camp 2017 is non-profit and volunteer driven. All proceeds and sponsor-ships go only toward direct expenses such as curriculum, supplies, and outreach.

Posted in Announcements, News, Training | Comments Off on PDX Cyber Camp!

March Symposium presenting the topic of: Half-Day Hackathon

Please join ISSA Portland March Symposium presenting the topic of:  Half-Day Hackathon

(This is the same event that was to happen in December 2016 but was cancelled the day of due to ice and snow)

You can register at the link below until Tuesday March 21, 2017 for the early registration pricing.

https://www.eventbrite.com/e/issa-portland-december-12-day-hackathon-symposium-tickets-32239381859

Space is limited, so please register soon.

When: 

Thursday – March 23, 2017

Agenda:

8:30am – Doors open

9 AM – Overview & Training Session

10 AM – Hacking begins

12-1 PM – Lunch Is Served

1-1:30 PM – Wrap Up Session – Announce Winner!

Where:

Nike Victory (EDO)

15475 SW Koll Pkwy

Beaverton, OR 97006

Presentation:

Come to the first-ever hands-on ISSA website hackathon.  We are partnering with SecurityInnovation to provide an immersive hands-on hacking experience for our ISSA symposium.

Compete against your fellow ISSA Portland members in a contest of hacking skills in a fun environment.

This event will provide value for everyone from a non-coder with zero hacking experience to a seasoned penetration tester.  There are challenges for all skill levels and interest built into the game and we will have expert help on hand to help anyone who wants it.

We will provide some initial training, lunch and the vulnerable infrastructure for you to test your skills against.

You will need to bring a laptop with the following:

Price:

The chapter meeting is subsidized by chapter memberships and sponsors.  There is a nominal fee of $10 (member) or $25 (non-member) for preregistered attendees.  Walk in attendee’s are welcome but will be charged $30 at the door.  If you wish to become a member, please visit http://portland.issa.org/join-issa-portland/ for additional details.

CPEs:

The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE’s are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Chapter Sponsors:

ISSA Portland would like to thank our program sponsors, who help make high quality programs like this possible.

Platinum Sponsor: Vectra

GOLD Sponsor:  Optiv, Tenable, Netskope

SILVER Sponsor: FireEye, RiskIQ, OBS

Posted in Announcements, Chapter Meetings, Events | Comments Off on March Symposium presenting the topic of: Half-Day Hackathon

How AI Works: Recent examples of AI

Please join us for the February luncheon meeting!!!!

Presenting the topic of Artificial Intelligence and Machine Learning in Security: Move from Detection to  Prevention.”

 

How AI Works – Recent examples of AI

Why AI and ML are well suited for security
Details on how AI and ML work
Impact on Operations, User, and Business
Demo of AI in action (detect only and predict and prevent)

 

Posted in Events | Comments Off on How AI Works: Recent examples of AI