December 2015 Chapter Meeting: Controls for Managing Privileged Accounts – presented by CyberArk Software

Targeted Attacks and the Privileged connection_ISSA

Presentation:  

A common link in today’s most dangerous, targeted attacks and information security breaches: The Exploitation of Privileged Accounts. Such accounts grant extensive control over sensitive data and IT systems. They’re pervasive in every organization, they’re often overlooked, and they can be powerful weapons in the wrong hands. Leading security experts report that privileged accounts are widely abused in targeted cyber-attacks and that privileged account exploits have grown increasingly sophisticated.  Privileged accounts ship with every piece of information technology, including servers, desktops, applications, databases and network devices. The accounts confer powerful controls to IT administrators, but they can be lethal in the wrong hands. To protect these accounts and the critical resources they provide access to, organizations need comprehensive controls in place to protect, monitor, detect and respond to all privileged account activity

 

 

Posted in Past Presentations | Comments Off on December 2015 Chapter Meeting: Controls for Managing Privileged Accounts – presented by CyberArk Software

Local Portland Educational Opportunities

As the Director of Education for the Portland Chapter of ISSA, I have worked with the Board to identify educational options for each of you, our members. There are a number of options to enhance knowledge and advance individual careers.

Each option provides distinct opportunities and encounter various costs. I hope one or more meet your needs. If you have questions or comments about local security education opportunities, please direct them to education@portland.issa.org and I will address your questions and listen to your comments. I am working on additional resources and will post more as the year progresses.

Currently identified options:

  1. Mt Hood Community College in Gresham
  2. Portland SANS Instructor courses
  3. Local SANS courses
  4. Cybrary.it
  5. CISSP course through PCC

Details:

  1. Mt. Hood Community College has a Cyber Security and Network department! They have two 2-year associate degrees in Information Security as well as 3 certificate programs for continuing education. Each program focuses on a different aspect of Information Security and is built for students with different backgrounds and experience.
  2. I am a Community SANS Instructor and call Portland home. You can find my courses on my SANS page (most of mine are not local):
  3. SANS does provide local courses. Their local courses are found on their Oregon search:
  4. There are a number of online training sites. I list Cybrary.it because it is a new, free resource. They offer courses at many different levels: beginner, intermediate and leadership. This is a great price-point with an awesome mission.
  5. James and I provided a CISSP course through PCC in 2016 and we intend to keep this going. Look for our CISSP course in the Summer PCC catalog.

I hope each of you find a resource to help in your own career advancement. I am interested in your goals and how these resources either help or do not help in meeting those goals. My intent is to find resources to help our members, support our community, and advance the Information Security industry.

Thank you.
Brian Ventura
ISSA Portland
Director of Education
education@portland.issa.org
water@bighead.org
https://www.sans.org/instructors/brian-ventura

Posted in Past Presentations | Comments Off on Local Portland Educational Opportunities

ISSA Portland – Monthly Luncheon – Vulnerability Management Programs and Lessons Learned from the Field

 

Presentation:  Vulnerability Management – Lessons Learned

ISSA Chapter Meeting 11-19-2015 – Vuln Mgmt Lessons Learned

Abstract: This presentation is about lessons learned by studying what goes on in the real world with Vulnerability Management programs.  More importantly, it discusses how you can construct a program that focuses on threat management, security intelligence, risk awareness and patch auditing.

Presenter:  

Bill Olson – Product Manager, Tenable Network Security

Bill Olson has nearly 20 years of expertise in the information security and technology industry. As a member of the product management team with Tenable Network Security, Bill is responsible for SecurityCenter™ and SecurityCenter Continuous View™, understanding customer needs, helping to predict market needs and working closely with the development team.  Prior to joining Tenable, Bill was the vulnerability management subject matter expert for Qualys. Where he was responsible for working with hundreds of clients to ensure that their vulnerability management programs were mature and focused on strong goals.

Posted in Past Presentations | Comments Off on ISSA Portland – Monthly Luncheon – Vulnerability Management Programs and Lessons Learned from the Field

October Symposium: SIEM (Security Information and Event Management)

Session 1: SIEM Maturity and SOC Optimization presented by John Velisaris with IBM

IBM – SIEM Security and SOC Optimization

John will cover maturation models for SIEM deployment from a people, process, and technology standpoint. He will also delve into best practices for SOC optimization with the SIEM has a foundational technology.

Speaker Bio:

John Velisaris is an Associate Partner with IBM Security and leads the Security Intelligence and Operations Consulting (SIOC) for IBM North America. His team assists clients with SIEM technology, security operations and cyber threat intelligence operations. John is a resident of the Seattle area and former employee of Washington Mutual and KPMG. John is a Certified Information Systems Auditor

Session 2: Real World SIEM presented by Todd Reader and Andy Riley with GBProtect

GBprotect – Real World SIEM

This session will describe a methodology that can be used to bring new sources into a SIEM. The entire lifecycle of an event stream will be discussed from business drivers and device identification to resource creation and maintenance. Topics will include:

  • Device Identification and Research
  • Use Case Development
  • Collection Configuration
  • Log Verification
  • Platform Configuration
  • Metric Gathering
  • Health Monitoring
  • Maintenance

Tips and tricks will be included throughout the presentation that can aid administrators along each step of the process. Common issues and prevention will also be discussed.

Speaker Bios:

Todd Reder is a Solutions Engineer with GBprotect. Over the past nine years, Todd has progressed from handling escalations as an operator, conducting client security reviews as an analyst, and on to his current role which includes platform management, client turn up, and consulting engagements. His SIEM experience includes management and day to day operations of ArcSight, LogRhythm, Splunk, QRadar, LogLogic, and enVision. Todd is a Splunk Certified Architect and LogRhythm LCSE.

Andrew Riley is VP of Security Solutions at GBprotect with responsibility for Sales Engineering, Professional Services, and Product Development.  Mr. Riley has close to 25 years of IT experience and has held a focus on information security since the late 1990’s.  Andrew holds CISSP, C|CISO, and HCISPP certifications and is a former Portland ISSA Chapter president.

Session 3:  Identifying Indicators of Threat presented by Cameron Naghdi of TripWire

Tripwire – Using SIEM for Incident Response

Cameron will show how using SIEM technology and multiple sets of data, users can shorten time to detection and response. Cameron will cover use cases such as insider threat detection as well as technical capability, scalability and performance issues related to the deployment of Tripwire Log Center.

Speaker Bio:

Cameron Naghdi is a Systems Engineer with Tripwire and has 10+ years of experience in system and network solution engineering, application deployment and industry standard security frameworks.  As the Channel Systems Engineer of the Western half of the US at Tripwire, he collaborates with clients to bring market-leading solutions and resources to create a more secure and compliant IT environment.

 

Session 4: Panel Discussion

The panel discussion will take the format from previous symposiums. The ISSA Board will prepare some initial questions to get the conversation going. This will be followed by questions from the audience and general discussion on the topic.

 

CPEs:
The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE’s are credited to their respective accounts. This luncheon will offer 1 CPE per hourof attendance.

 

Posted in Past Presentations | Comments Off on October Symposium: SIEM (Security Information and Event Management)

September 2015 Monthly Chapter Luncheon – Host Card Emulation for NFC Mobile Payment in the Cloud

Topic: Host Card Emulation for NFC Mobile Payment in the Cloud 

Mobile Payments Security – Presentation for ISSA Portland Chapter 9-24-2015

Abstract:  

Security on HCE NFC Mobile Payment smartphones has been an issue and with the use of tokenization, these issues have been minimized, although further debate and apparent limitations remain. Also some believe the TEE or even eSE could play a role in security of HCE NFC along with biometric “Touch ID” authentication. A secure payment system requires a holistic approach encompassing end-to-end encryption, tokenization and compliance with both existing and emerging standards, including PCI and EMV. The key is use of NFC SIM cards and HCE are not mutually exclusive, and you’ll see hybrid designed NFC Payment smartphones emerge. Karl will explore exactly what Host Card Emulation is, where it came from, also a discussion on Apple and Android “Pay” developments, including Samsung and Softcard.

Speaker:  

Karl J. Weaver is an OEM/ODM mobile device ecosystem and business development executive/rainmaker for Near Field Communications, mobile (wallet) payments and TEE embedded mobile device security ecosystems. He is a globally-trained, bilingual Mandarin Chinese speaking senior mobility executive with vast experience selling wireless & mobile device technologies from both sides of the Pacific Rim to the global OEM/ODM handset/tablet PC ecosystem supply chain. He recently spent 5 years working in China for Gemalto as Rainmaker for design in of embedded Mobile NFC Payments & TEE security technologies to the OEM Smartphone/Tablet PC ecosystem.

CPEs:
The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE’s are credited to their respective accounts. This luncheon will offer 1 CPE per hourof attendance.

Posted in Past Presentations | Comments Off on September 2015 Monthly Chapter Luncheon – Host Card Emulation for NFC Mobile Payment in the Cloud

Ratification of Chapter Bylaws Changes

During the May Chapter Meeting, the membership present will be asked to ratify the proposed changes to the bylaws. Below is a link to the bylaws with the proposed changes. If you are a member, please take a moment and review the document. If you have any questions or additional changes, please contact any of the board members.

ISSA Portland Chapter Bylaws – Amended

Posted in Uncategorized | Comments Off on Ratification of Chapter Bylaws Changes

May 2015 Monthly Chapter & Annual Election Meeting – How to secure sensitive data with an evolving cyber perimeter.

By: Watchful Software

Speaker: Robert Goldsmith

When: 
Thursday, May 21st, 2015 – Doors open at 11:30AM.  The event will end at 1:00PM.  Lunch will be provided.
Location:  
Con-Way
2055 Northwest Savier Street
Portland, OR 97209

Con-way’s reception desk is located at west end (closest to 21st Ave.) of the AdTech II building, best accessed by turning into the entrance located on 21st Ave;  the main entrance to the building is on Savier Street on the west side of the building. This entrance is manned by a security guard and you will be asked to sign in.  Con-way has asked that guests park in the two lots to the East of NW 20th Avenue between NW Raleigh and NW Thurman.  Please do not park in spaces that are marked with names other than Con-way since these spaces are leased. The best option is the lot on the NE corner of NW Raleigh and NW 20th.

Presentation:  
Data centric security, information classification and DRM – presented by Watchful Software.
Price:

The chapter meeting is subsidized by chapter memberships and sponsors.  There is a nominal fee of $10 (member) or $25 (non-member) for preregistered attendees. Walk in attendee’s are welcome but will be charged $30 cash at the door.

If you wish to become a member, please visit http://portland.issa.org/join-issa-portland/
CPEs:
The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE’s are credited to their respective accounts. This luncheon will offer 1 CPE per hourof attendance

Posted in Past Presentations | Comments Off on May 2015 Monthly Chapter & Annual Election Meeting – How to secure sensitive data with an evolving cyber perimeter.

April 2015 Monthly Chapter Meeting – Zero Days, Ghost Malware, and Other Current Trends

Speaker: Tobin Sears, FireEye
Tobin currently leads the Western region systems engineering team at FireEye – an organization dedicated to protecting enterprises and governments against the next generation of cyber attacks through the use of a purpose-built, virtual machine-based security platform. His expertise in the Web security space has led him to architect and consult on an extensive portfolio of secure infrastructure projects worldwide. Prior to FireEye, Tobin held various positions at F5, McAfee/Secure Computing, and NetApp. He holds a Bachelor of Science degree from the University of California, Berkeley.

Presentation Content

Posted in Past Presentations | Comments Off on April 2015 Monthly Chapter Meeting – Zero Days, Ghost Malware, and Other Current Trends