November 2022 Chapter Meeting: Cyber Insurance – Tips, Tricks, and Traps

Due to popular demand, ISSA Portland’s November meeting will focus on cyber insurance. The program will include presentations covering, the insurance application, what you should know about the attestation survey, types of coverage, and services that are often included as part of your policy that might be able to save you money… as well as lots of time for your questions and discussion.

When:

Thursday, November 17th, 2022 – 11:30AM – 1:00PM

Where:

This will be an in-person event.

University Place Hotel & Conference Center*

310 SW Lincoln Street, Portland, Oregon 97201 – Astoria Room

There is plenty of parking on the Hotel Property @ $3.00 an hour or $13.00 daily. Public Transportation: MAX’s Lincoln Station is just outside the Hotel’s front door and the Downtown Street Car is less than 3 blocks away

* University Place Hotel is owned, operated, and located on the campus of Portland State University

Lunch is included at the event.

Roaster Turkey & Swiss

Black Forest Ham & Cheddar Cheese

Chef Choice Salad (GF)

CPE credits:

This event qualifies for CPE credit.

Sign up link:

https://www.eventbrite.com/e/november-2022-chapter-meeting-cyber-insurance-tips-tricks-and-traps-tickets-449852479877

Speakers:

Peter Olson ARM, Property Casualty Consultant, USI Insurance Services

Peter is a sales executive in USI’s Portland commercial insurance group. Peter delivers customized client solutions with economic impact, leveraging the USI ONE Advantage®, a proprietary platform integrating analytics, networked resources and strategic planning.  Peter leads and collaborates with the USI team to design and develop a specific program; market existing coverages and introduce new product solutions; and integrate analytics, risk control and claims advocacy for clients. He is ultimately responsible for all service standards, communication and implementation. Peter provides responsive and strategic advice designed to help companies safely manage risk at the lowest net cost.

Rick Rosenberry – Property and Casualty Consultant, USI Insurance Services

Rick specializes in helping clients position themselves in the Cyber and Tech E&O marketplace. Based in Portland he works with Manufacturers in Defense, Aerospace, Healthcare and Technology as well as MSSPs. Featured as a regular speaker on the Pacific Northwest Defense Coalition’s Cyber Security Forum he works with clients to address evolving cyber threats and risk within manufacturing supply chains. USI is one of the largest insurance brokerage and consulting firms in the world providing solutions to large risk management clients, middle market companies, smaller firms and individuals. Utilizing the USI ONE Advantage® a proprietary platform integrating analytics, networked resources and strategic planning, they help clients identify risk and close coverage gaps.

Frank X. Curci is a Shareholder in Buchalter’s Portland office and a member of the Firm’s Corporate Practice Group.

His practice focuses on the representation of high-tech companies (ranging from emerging growth companies to global companies), bioscience industry companies, universities/research institutions, global technology consortia, technology accelerators, and other technology-based companies.  He counsels these clients concerning a range of matters, including patent/technology licensing, technology collaborations & consortia (including technology standards), research matters, technology transfer, the overall protection, commercialization, and use of the client’s intellectual property rights. Mr. Curci has a recognized bioscience practice representing universities/research institutions and bioscience companies regarding licensing, technology transfer, collaborations, research, and other technology commercialization matters.  He has earned a national reputation in the high tech industry for his work regarding the formation, structuring, and ongoing operations of global technology consortia and other technology collaborations (including standards organizations).  Mr. Curci is active with high technology and bioscience-related associations. For several years he has been an Adjunct Professor of Law teaching intellectual property law courses at Oregon, Arizona and California law schools.  He has received The Best Lawyers in America® (2009-2023) recognition in the Technology Law and Biotechnology Law fields. In 2017 and 2018 Frank was named to the Oregon Super Lawyers list.  He also has an AV Rating® from Martindale-Hubbell®. More at https://www.buchalter.com/attorneys/frank-x-curci/#bio

Posted in Announcements, Chapter Meetings, Events, News | Comments Off on November 2022 Chapter Meeting: Cyber Insurance – Tips, Tricks, and Traps

October 2022 Chapter Meeting: Managing Information Security

ISO 27001:2022 standard update is to be release in October. Find out about ISO 27001 and what is changing.

Managing information security is a combination technical capabilities and a trained work force, both paired with management processes intended to assure confidentiality, integrity and availability of information assets. ISO 27001 is the globally recognized standard for Information Security Management System (ISMS) design and operation. This month a long awaited updated to the standard will be release, the new ISO 27001:2022. In this presentation, obtain an overview of ISO 27001, discover best practices in how to implement it and find out what new in the 2022 revision of the standard.

This meeting marks our return to in person chapter meetings. There will not be a live virtual participation option.

When:

Thursday, October 20th, 2022 – 11:30AM to 1:00PM

20 minutes – networking

60 minutes – speakers

15-30 minutes – Q&A

Where:

Embassy Suites Portland Washington Square

9000 SW Washington Square Rd

Tigard, OR 97223

Lunch is included at the event. Please select from the following when you purchase your ticket:

  • Tri-Tip Sandwich – Tri tip Beef, Arugula, Heirloom Tomatoes, Tillamook Cheddar Brioche Bun
  • Roast Chicken Breast Sandwich – Chicken, Arugula, Basil, Roma Tomato, Fresh Mozzarella, Ciabatta
  • Veggie Wrap – Roasted Shaved Vegetables, Baby Lettuce, Vine Ripened Tomatoes, Micro Greens, Hummus, Sundried Tomato Tortilla
  • Lunch Salad (gluten free) – Chef’s choice

This event qualifies for CPE credit.

Sign up link:

https://www.eventbrite.com/e/october-2022-chapter-meeting-managing-information-security-tickets-436122162127

Speaker/Panelist Bio:

Matt Olson – Senior Security Architect, Higher Logic

With 20 years of experience running large software as a service (SaaS) operations at scale, Matt brings both a product and enterprise operations focus to information security and compliance for Higher Logic’s 200 million+ end users. He has experience in security leadership, security operations management, security architecture, risk assessments, incident response, vendor management, secure software development life cycle (SDLC) best practices, establishment of policy, certification under ISO 27001 and managing audits under SOC 2. Matt currently serves as Portland ISSA chapter Technology Chair.

Posted in Past Presentations | Comments Off on October 2022 Chapter Meeting: Managing Information Security

April 2022 Chapter Meeting: Security Frameworks, compliance and risk management

What is a framework? Why do I follow a framework? Which one is best? How many do I need? Can I build my own? How do compliance requirements fit in and am I mitigating the right risks?

There are many questions around how to build and maintain an Information Security program. Security frameworks are designed to answer these questions and provide assurance. In this talk we will discuss how frameworks, compliance and risk management work together. We will also show how to map between various solutions, including measuring and reporting maturity.

When: April 21st, 2022 – 11:10-AM to 1:00PM.

20 minutes – networking

60 minutes – speakers

15-30 minutes – Q&A

This event qualifies for 1.5 CPEs.

Sign up link:

https://www.eventbrite.com/e/april-2022-chapter-meeting-security-frameworks-tickets-312487397217

Speaker/Presenter Bio:

Brian Ventura

Brian Ventura is a information security consultant and teaches Information Security topics through SANS. Brian focuses on building sustainable security programs. Brian volunteers on the ISSA Portland board and Oregon CyberSecurity Advisory Board.

Posted in Past Presentations | Comments Off on April 2022 Chapter Meeting: Security Frameworks, compliance and risk management

March 2022 Chapter Meeting: Cybersecurity and Infrastructure Security Agency (CISA)

We are pleased to welcome Theresa Masse, Cyber Security Advisor in Region 10 (Oregon) for the US Department of Homeland Security -Cybersecurity and Infrastructure Security Agency (CISA), for a presentation on CISA and services that it provides. Created in 2018 as a part of the U.S. Department of Homeland Security, CISA’s mission is to provide threat reduction to U.S. physical and cybersecurity infrastructure. CISA is a bright spot in the cybersecurity community in recent years and is leading the way in facilitating national public/private cybersecurity resiliency.

When: March 10th, 2022 – 11:10-AM to 1:00PM.

20 minutes – networking

60 minutes – speakers

15-30 minutes – Q&A

This event qualifies for 1.5 CPEs.

Sign up link:

https://www.eventbrite.com/e/march-2022-chapter-meeting-dhs-cisa-tickets-274485923787

Speaker/Presenter Bio:

Theresa Masse – Cyber Security Advisor in Region 10, US Department of Homeland Security – Cybersecurity and Infrastructure Security Agency (CISA)

Ms. Masse is a Cyber Security Advisor in Region 10 (Oregon) for the US Department of Homeland Security -Cybersecurity and Infrastructure Security Agency (CISA). Prior to that, she served as the Chief Information Security Officer (CISO) for the Port of Portland for 5+ years. Theresa was the first CISO for the State of Oregon and served in that capacity for 10 years. Previous to that, she worked in the private sector as the Senior Director for Information & Corporate Security at Cummins Inc., an international Fortune 500 company.

Ms. Masse is on the advisory committee for the Oregon State University – Oregon Research & Teaching Security Operations Center, and a participant on several state committees and working groups. She is a member of the Portland ISSA, ISC2, and InfraGard chapters. Theresa also serves on the Cyber Security Advisory Board at Mount Hood Community College. She is a former member of the executive committee for the State, Local, Tribal and Territorial Government Coordinating Council and was chair of the Cyber Security subcommittee. She is a past member of the executive committee of the Multi-State-Information Sharing and Analysis Center (MS-ISAC) and served as a co-chair of the mentoring program. Theresa has a CISSP and a Master’s degree with a major in Management.

Slide presentation:

Posted in Past Presentations | Comments Off on March 2022 Chapter Meeting: Cybersecurity and Infrastructure Security Agency (CISA)

February 2022 Chapter Meeting: Privacy Laws, Standards and Compliance

Since the implementation of the European Union General Data Protection Regulation (GDPR), privacy has become a fast evolving regulatory landscape within the developed world. Privacy laws are being adopted by U.S. states at an increasing rate. Will there be a U.S. federal privacy law? Which countries are adopting new privacy laws to keep pace with GDPR? In this presentation learn about global privacy compliance and gain an overview of privacy laws, standards and effective compliance strategies.

When: February 10th, 2022 – 11:10-AM to 1:00PM.

20 minutes – networking

60 minutes – speakers

15-30 minutes – Q&A

This event qualifies for 1.5 CPEs.

Sign up link:

https://www.eventbrite.com/e/february-2022-chapter-meeting-privacy-laws-standards-and-compliance-tickets-259880889737

Speaker/Presenter Bio:

Matt Olson – Senior Security Architect, Higher Logic

With 20 years of experience running large software as a service (SaaS) operations at scale, Matt brings both a product and enterprise operations focus to information security and compliance for Higher Logic’s 200 million+ end users. He has experience in security leadership, security operations management, security architecture, risk assessments, incident response, vendor management, secure software development life cycle (SDLC) best practices, establishment of policy, certification under ISO 27001 and managing audits under SOC 2. Matt currently serves as Portland ISSA chapter President.

Posted in Past Presentations | Comments Off on February 2022 Chapter Meeting: Privacy Laws, Standards and Compliance

January 2022 Chapter Meeting: Ransomware Attack Simulation

Session Name: Are you ready for a ransomware attack?

This session will provide a walkthrough of a ransomware event using readily available attack tools and common techniques. Following a technical demonstration, a sample Incident Response Plan will be distributed and reviewed. A tabletop exercise will be facilitated, with roles such as Business Owner, Technical Expert, Legal Counsel, Crisis Communication, and Insurance Broker filled by attendees. Questions and activities will be available to support a single group session, or breakout rooms of teams comprising 4 or 5 members. Where possible, logs, reports, and other evidence will be available to inform analysis, decision making, and communications. Wrap-up activities will include an evaluation of the Incident Response Plan and supporting artifacts to identify improvement opportunities and priorities to better prepare for the next event.

When: Thursday, January 13th, 2022 – 11:10AM to 1:00PM.

20 minutes – networking

60 minutes – speakers

15-30 minutes – Q&A

This event qualifies for 1.5 CPEs.

Sign up link:

https://www.eventbrite.com/e/january-2022-chapter-meeting-ramsomware-attack-simulation-tickets-234014372287

Speaker/Presenter Bio:

Dennis Allen is a Senior Security Consultant at Stratascale, where he helps organizations assess and improve their cybersecurity posture to address the ever-evolving cyber threat landscape. Dennis received his B.S. degree in Computer Science from St. John Fisher College, and a M.S. in Information Assurance from Norwich University. With more than 25 years of information technology and security experience, Dennis has helped fortune 500 companies, governmental agencies, the U.S. military, and many small businesses develop solutions to prevent, detect, and respond to the most advanced cyber challenges. He has also delivered numerous professional training classes, presented at industry conferences, and taught at both the undergraduate and graduate-level.

Posted in Past Presentations | Comments Off on January 2022 Chapter Meeting: Ransomware Attack Simulation

Chapter Meeting: Cyber Insurance Marketplace 2021/2022

The pandemic period has seen changes in the cybersecurity threat landscape. As opportunities for threat actors increased due to the prevalence of work-from-home restrictions and increases in ransomware attacks, insurance companies paid out record amounts in 2020 for cyber related claims. The downstream effects are here: higher premiums, changes in coverage limits and hesitancy of insurance companies to underwrite cyber risk. At our November meeting, we are please to welcome Matthew T. Denielak who is a Cyber/E&O insurance broker and Jonathan Davies who is a cyber risk consultant. Our guests will present on the current issues affecting the cyber insurance market place.

When: Thursday, November 18th, 11:10AM to 1:00PM.

20 minutes – networking

60 minutes – speakers

15-30 minutes – Q&A

This event qualifies for 1.5 CPEs.

Sign up link:

https://www.eventbrite.com/e/november-2021-chapter-meeting-cyber-insurance-marketplace-20212022-tickets-207686013457

Matthew T. DanielakDirector, Broking FINEX Cyber/E&O Midwest Region Lead

Matt leads the Midwest Region for Willis Towers Watson’s FINEX Cyber/E&O team. In addition to running a team of 13, he focuses on delivering expertise in privacy, information technology, E&O and media, including dedicated cyber claim advocates. As part of his role, he regularly speaks on industry panels, handles market relationships, creates risk transfer strategies with clients, oversees the placement of insurance programs, and provides client service throughout the course of the year. Matt has more than 12 years’ experience in building successful technology E&O, professional liability, media and cyber insurance books of business as both an underwriter and broker.

Matt holds a B.S. in Communications from Indiana University (Bloomington).

Jonathan Davies, C|CISO, CISSP, CCSPCyber Risk Consultant, North America – FINEX

Jonathan Davies is based in Las Vegas and has developed and implemented cybersecurity programs for several large clients in the global gaming and hospitality industry. He specializes in identifying, quantifying and mitigating key organizational cyber risks and then developing consensus-based, cost-effective solutions that align with the organization’s overall business goals. He emphasizes a cross-functional approach, involving key stakeholders and business units across the organization, to ensure that a comprehensive, organization-wide strategy is developed to manage the people, technical and financial risks impacting an organization’s cyber resilience.

Jonathan’s cybersecurity career is underpinned by a twenty-year military intelligence background. He holds a number of advanced industry certifications, including Certified Chief Information Security Officer (C|CISO), Certified Information Systems Security Professional (CISSP), and Certified Cloud Security Professional (CCSP).

Posted in Past Presentations | Comments Off on Chapter Meeting: Cyber Insurance Marketplace 2021/2022

Chapter Meeting: Security Frameworks Leadership Panel Discussion – May 13th

With hundreds of Information Security frameworks available, which one should you choose? What are the advantages to using a framework, and what are the risks for not having one?

Please join ISSA Portland for an interactive leadership panel discussion. You are invited to engage with local leaders on framework lessons learned and best practices.

If you’ve wanted to know more about the value of information security frameworks, from selection, integration, and their alignment with compliance domains, come engage and learn, and bring your questions for the panel!

Register here: https://www.eventbrite.com/e/may-2021-security-frameworks-leadership-panel-discussion-tickets-151748743577 Registration is free for ISSA Members and $10 for non-members.

Framework examples we may discuss:

  • NIST Cybersecurity Framework
  • Center for Internet Security (CIS)
  • Cybersecurity Maturity Model Certification (CMMC)(DOD)
  • MITRE ATT&CK
  • ISO 27001
  • Microsoft
  • PCI DSS
  • COBIT
  • HIPAA

Speaker bios:

TRACI ESTEVE – Director IT Risk and Compliance, The Standard Insurance Company
As Director of Technology Governance and Risk for The Standard in Portland, Oregon, Traci Esteve is committed to protecting the confidentiality, integrity, and availability of information and processing resources. She began her career as a developer and infrastructure engineer. This led to her rise to a premier technical architect at Accenture and to expanding the practice in Asia and Europe. Her journey includes staying home to raise her two sons and serving as an advisor to organizations to increase profitability, maximize customer value, and effectively meet regulatory requirements. She has a BS in Applied Science, MBA certification from Miami University, and a certification in Cybersecurity Risk Management from Harvard University. Traci enjoys cooking with her family, drawing, hiking, and encouraging high-school students to believe in themselves.

LEO HOWELL – Chief Information Security Officer, University of Oregon
Leo Howell is a visionary information technology leader who is passionate about the “I” in IT as he believes that data leveraged as a strategic asset is a competitive benefit to any organization. Leo currently serves as the chief information security officer for the University of Oregon where he practices his balanced approach to cybersecurity – stop the bad guys and empower the good guys to carry out the organization’s mission. Previously, he served in cybersecurity and audit leadership at NC State University. Leo received his B.Sc. in Computer Science and Electronics from the University of the West Indies, and his MBA from NC State University. Leo is a Certified Information Security Professional (CISSP), Certified Information Systems Auditor (CISA) and a proud member of the international honor society Beta Gamma Sigma.

SHANE PERRY – Information Security & Risk Officer, Oregon Public Employees Retirement System (PERS)
In his 7th year at Oregon PERS, Shane Perry is leading the agency’s Information Security and Risk Management Program(s), focused on protecting its member’s data in an ever-changing environment. As the Information Security and Risk Officer, Mr. Perry leads a small team which oversees the security, continuity, and risk challenges for Oregon’s Public Employees Retirement System. Prior to joining Oregon PERS, Mr. Perry lead and managed Information Technology and Cybersecurity functions across various industries including semi-conductor manufacturing, higher-education, private education, and most recently in the public sector. In total, Mr. Perry has over 20 years’ experience in Information Technology and Security Management. Mr. Perry maintains his CISSP certification and holds a Master’s degree in Management of Information Systems from the Westminster College of Salt Lake City, and a Bachelor of Arts degree in Speech Communications from the University of Utah (Go Utes!).

ITZIK KOTLER – CTO and Co-Founder, SafeBreach
A former member of the elite Israel 8200 Intelligence unit, Itzik Kotler served as CTO of Security Art, and led SOC activities and research for Radware (RDWR). He is a well-known security researcher and a frequent speaker at security conferences.

ESTEBAN GUTIERREZ – VP, Information Security & CISO, New Relic, Inc.
Throughout his career, Esteban Gutierrez has approached security challenges with the goal of enabling people to work safely and securely and to help organizations protect what they value. In early roles, he helped create the first enterprise network architecture for the US Army Corps of Engineers, solved security challenges in an e-commerce start-up, and while at Intel worked on cloud security strategy, enterprise risk mitigation, and research on emerging threats. Esteban joined New Relic in 2016 where he is leading the organization as the CISO on a path to cyber-resilience. Esteban is an initial founder of Security BSides Portland (a volunteer driven regional security conference) and is a long-time lead volunteer with Def Con. He is a proud father and lives with his daughter in Portland.

Posted in Past Presentations | Comments Off on Chapter Meeting: Security Frameworks Leadership Panel Discussion – May 13th

Chapter Meeting: Leverage the Right Technology & People to Build the Best IR Team, March 11th

When: Thursday, March 11th, 2021 from 11:30 AM – 1:00 PM – Networking opens at 11:10 AM, presentation begins at 11:30 AM. A link to the online event will be provided before the event begins.

Registration: Free for ISSA members (you do not have to be a Portland Chapter member), $10 for non-members.

Register here: https://www.eventbrite.com/e/mar-2021-leverage-the-right-technology-people-to-build-the-best-ir-team-tickets-142699376677

Event Description:

With the massive network breaches we have seen lately Incident Response is more important than ever. With the shortage of capable cybersecurity talent incident response teams are facing overload and diminishing effectiveness.

This presentation will speak to methods that address this dilemma leveraging technology and human assets working together to meet the rising level of demands on cybersecurity teams.

Speaker Bio:

BRETT L. SCOTT – Director, Security Enablement and Training, Tech Data

Brett serves as the director of Security Enablement and Training, Americas for Tech Data. In this role, he is responsible for accelerating the security expertise of their partners and building security solutions for the Tech Data partner ecosystem to deliver to their customers.

Brett’s current project is the Tech Data Cyber Range (TDCR). A multi-million-dollar effort, the TDCR is part of Tech Data’s next-generation distributor strategy. Brett is the co-founder of the National Cyber Warfare Foundation (NCWF), a 501(c)(3) non-profit organization leading the country in teaching hands-on cybersecurity skills in a real-world environment. The primary purpose of the NCWF and the Tech Data Cyber Range is to develop real competence in cybersecurity.

Brett’s career began professionally in 1987 and he remains hands-on, but he also has many years of experience leading technical teams. During his career, he has worked in many different industries and has a great deal of in-depth knowledge on cybersecurity issues facing companies today.

Posted in Past Presentations | Comments Off on Chapter Meeting: Leverage the Right Technology & People to Build the Best IR Team, March 11th

Chapter Meeting: Anticipating and Countering Adversarial Tactics Through the MITRE ATT&CK® Knowlege Base, February 11th

What: ISSA Portland February 2021 Membership Meeting – MITRE ATT&CK®

When: Thursday, February 11th, 2021 from 11:30 AM – 1:00 PM – Networking opens at 11:10 AM, presentations begin at 11:30 AM, see note below. A link to the online event will be provided before the event begins.

Registration: Free for ISSA members (you do not have to be a Portland Chapter member), $10 for non-members. Register here:

https://www.eventbrite.com/e/issa-portland-february-2021-membership-meeting-mitre-attck-tickets-138866640861

Event access:

https://www.eventbrite.com/x/138866640861/

Format Change: ISSA Portland is now opening Zoom meetings 20 minutes early so we can catch up with you and give you the opportunity to grow your network. Over the coming program year we will be experimenting with Zoom features to expand the networking component of our meetings. We welcome your feedback and suggestions – contact us at ISSA-Board@portland.issa.org.

Event Description: MITRE ATT&CK® has become widely adopted in the community as a way to understand adversary behaviors and improve defenses. In use across governments, private sector, and security solutions providers, ATT&CK helps to focus defenses against known threats, provides an effective tool for measuring security improvements, and drives innovation. The presentation will cover an intro to ATT&CK and several use cases for how it can be applied, including cyber threat intelligence, behavioral analytics, and adversary emulation.

Speaker bio:

Mike Hartley
Lead Cybersecurity Engineer – The MITRE Corporation

Mike works in MITRE’s adversary emulation capability area, where he helps conduct adversary research, builds adversary emulation plans, and studies behavior-based detections. Mike also helps lead efforts such as ATT&CK® and ATT&CK Evaluations.

Posted in Past Presentations | Comments Off on Chapter Meeting: Anticipating and Countering Adversarial Tactics Through the MITRE ATT&CK® Knowlege Base, February 11th