Wednesday, Jan 21, 2021, Austin ISSA Chapter Meeting

Click here to Register for Free

SolarWinds Sunspot, Sunburst and SuperNova – Updates and Q&A

(This is not an astronomy lecture)

Discuss the latest information on the SolarWinds hack and where to go from here

About Speaker

Paul Guido, CISSP, CCSP

Paul works as a security professional in the finance industry in San Antonio. Paul is also SolarWinds Certified and a SolarWinds THWACK Community MVP and has built and maintained SolarWinds installations for over a decade.

He was introduced to computer networking as a hobby through Amateur Packet Radio in 1986. This hobby evolved into a full-time computer career in 1993 that continues today.

Wednesday, Dec 16, 2020, Austin ISSA Chapter Meeting – Board Elections

!! Austin ISSA Chapter Election Time !!

Join us on Wednesday, December 16, 2020 to celebrate another year of promoting information security in the Austin community. We will be holding elections for open positions of Austin ISSA chapter board. To ensure we have a quorum of members needed for a valid election, we highly encourage all members to attend the December meeting in order to vote.

9 of our 10 board member positions are up for election or vacant – we encourage anyone and everyone to apply  and or nominate by sending an email to elections@austinissa.org.  This is an excellent opportunity to give back to the local security community and at the same time connect with the Austin area security professionals and security industry!

The positions are:

• President (Term Expiring)
• Vice President (Vacant)
• Education Director (Vacant)
• Membership Director (Vacant)
• Treasurer (Term Expiring)
• Recording Secretary (Vacant)
• Corresponding Secretary (Term Expiring)
• Marketing Director (Term Expiring)
• Sponsorship Director  (Term Expiring)

Over the last two years we have made many strides:

• Chapter Meetings: We found a better facility to host our meetings (pre-COVID) for free, allowing us to reduce meeting fees to $0 while improving our catering from sandwiches to offerings like Rudy’s Barbecue.
• Education Content: We incorporated lots of content related to emerging areas like cloud, full-stack, containerization, and DevSecOps; and we hosted a slew of excellent speakers who were well-received, including published authors.
• Collaboration Tools: We introduced Slack and Zoom webinars to encourage more participation among those at a greater distance or indisposed, and this capability allowed us to make a smooth transition into telemeeting during COVID.
• Expanded Offerings: We introduced variety and interaction via new events like moderated round tables, war game exercises, and evening networking happy hours.
• Board Streamlining: We slightly restructured officer roles to reduce redundancy and improve our ability to reach quorum.

We are seeking the local security leaders who can take our chapter to the next level by building on the great progress we made in 2020.
More details on these positions is available at https://austinissa.org/chapter-info/ 

Wed Dec 16 2020 Chapter Meeting

Agenda

11:30 AM Chapter Business
11:45 AM Election
12:30 AM Speaker of the Year Presentation – Alex Kreilein  – CISO, Rapid Deploy
12:50 PM Speaker Q&A
1:00 PM Meeting Concludes

Location

Due to the COVID-19 epidemic, this month’s meeting will be hosted virtually via Zoom

Zoom Meeting InfoURL: https://us02web.zoom.us/j/89875038512?pwd=YzJiQTlVSkhRVE5KK3o5bnhzVHltUT09

One-Tap Mobile: +13462487799,,89875038512#,,,,,,0#,,738406#
Meeting ID: 898 7503 8512
Passcode: 738406Phone Number: 346-248-7799  

Wednesday, Nov 18, 2020, Austin ISSA Chapter Meeting

Click here to Register for Free

Cloud Infrastructure Cyber Kill Chain – Threats & Countermeasures

Attackers are maturing their TTPs  (Tactics, Techniques and Procedures) to now exploit over-permissioned identities within AWS, Azure, and GCP; resulting in very prominent breaches. In this session we’ll define a new Cloud Infrastructure Cyber Kill Chain and explore these TTPs to expose unique methods of lateral movement, privilege escalation, role-chaining, and more. Real world examples and a live demo will highlight these risks.

About Speaker

Mike Raggo

Michael T. Raggo has over 20 years of security research experience. Over the years he has uncovered numerous vulnerabilities in products including Samsung, Checkpoint, and Netgear.

His current research focuses on hybrid cloud security risks and threats. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Books, and contributing author for “Information Security the Complete Reference 2nd Edition”. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade.

A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; and is a former participating member of FSISAC/BITS and the PCI Council. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.

Chapter Meeting Location
Virtual via Zoom. Click here to Register for the link to the meeting invite

Sponsor – NetSkope

Reimagine your perimeter.

Wednesday, 21 Oct, 2020, Austin ISSA Chapter Meeting

Click here to Register for Free

Zero Trust, Identity, and Why VPNs aren’t the Solution

This presentation will unpack and explore the current global operational environment (pre & post COVID) – as informed by the ongoing crisis/pandemic and threat conditions – with an eye towards the new network realities going forward – to include such topics as zero trust, the use software defined perimeters vs firewalls and VPNs, and thoughts on extending operational reach and access of the global remote work force, while at the same time ensuring integrity, resiliency, and competitive advantage of the supported government/business model.

About Speaker

Jack Koons

Jack Koons is a seasoned cybersecurity executive with extensive experience building organizations, teams, and capabilities – focused on the development, deployment, and employment of cyberspace operations and cybersecurity capability.

Jack previously served as Chief Cybersecurity Strategist and technology evangelist for a global information technology provider, and is a former 25-year career (retired) senior United States Department of Defense full-spectrum Cyber Warfare Officer whose globally-spanning operational, management, and leadership assignments include extensive service within the US National Intelligence, Special Operations, and Cyber communities; Jack is an accomplished author and lecturer on the topic of cyber warfare and security; founding member of the US Army’s Cyber Warfare Career Field, US Army Cyber Command, and emergent United States Department of Defense cyberspace effort.

Chapter Meeting Location

Chapter Meeting Location
Virtual via Zoom. Click here to Register for the link to the meeting invite

Sponsor – Centrify

Your Ally Against Privileged Access Abuse

Wednesday, 16 Sep, 2020, Austin ISSA Chapter Meeting

Click here to Register for Free

Email Security

DMARC (Domain-based Message Authentication, Reporting and Conformance) is considered an industry standard for email security to prevent attacks from malicious third parties sending fraudulent email using a legitimate address. DMARC is also an important defense against business email compromise (BEC), which is a growing risk for organizations of all sizes, with more than $1.7 billion in losses last year according to the FBI.

In this presentation we will cover not just DMARC, but also SPF and DKIM. Learn about the information that you need to help decision makers understand why it is important to implement these protocols to mitigate cyber risks.

About Speakers

Shehzad Mirza / Director of Operations for Global Cyber Alliance (GCA)

Shehzad Mirza is the Director of Operations for Global Cyber Alliance (GCA), a not-for-profit organization who mission is to eliminate cyber risks around the globe. Prior to joining GCA, Shehzad was a manager in the Advisory Services practice, as part of the security monitoring group of Ernst & Young LLP. He also served as Senior Director of Security Operations at the Center for Internet Security (CIS), an internationally recognized not-for-profit organization that provides cybersecurity services and support to state, local, tribal, and territorial governments throughout the United States. He was responsible for managing the security operations, which included a 24×7 security operations center (SOC) consisting of security analysts and Intel analysts providing cybersecurity and detection/notification services to all state and local governments across the United States for the Multi-State Information-Sharing and Analysis Center (MS-ISAC).

Shehzad started his career in cybersecurity as a consultant with Symantec working and managing a 24×7 security operations center (SOC) for the State of New York. He started as an analyst and within four years managed the SOC.

Chapter Meeting Location

Chapter Meeting Location
Virtual via Zoom. Click here to Register for the link to the meeting invite

Wednesday, 19 Aug, 2020, Austin ISSA Chapter Meeting

Click here to Register for Free

Introduction to Cybersecurity Maturity Model Certification (CMMC)

The Department of Defense (DoD) is implementing the Cybersecurity Maturity Model Certification (CMMC) as an independent security assessment for 350,000 vendors in the Defense Industrial Base (DIB), including small mom and pop shops, companies that mow the grass, and companies that make military weapon systems.

New DoD contracts as of October 1, 2020 require CMMC certification (although Covid-19 may push that back slightly). CMMC will be phased in over five years as current contracts and their option years expire. The CMMC formalizes security self-assessments that became mandatory in November 2016 with the introduction of NIST 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” yet were considered ineffective due to lack of independent audit oversight.

All companies storing, managing, or processing DoD Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) must become CMMC certified.

The CMMC is expected to:

• Drive real security change in the DoD marketplace by mandating independent audits for DIB vendors and closing loopholes where DIB vendors could self-attest their compliance based on inconsistent perception and experience.
• Be adopted by additional US Government and State Agencies seeking a security standard that translates well for public and private sectors.
• Trigger an explosion of new security careers and further strain the already limited cybersecurity / information security workforce.

About the Speaker

Dave Gray, Senior Cyber Security Advisor at Cyber Defense , Inc.

Dave Gray is a CISSP, CAP and PMP certified CyberSecurity Leader skilled in securing information systems to achieve information Confidentiality, Integrity and Availability. Dave’s focus is Governance, Risk Management and Compliance (GRC) using information security frameworks established by the National Institute of Standards and Technology (NIST) and the Center for Information Security 20 Critical Security Controls. Dave specializes in DoD CMMC, NIST 800-171, NIST 800-53 and CIS CSC 20.

Dave retired in 2011 from the Texas Army National Guard as a Lieutenant Colonel where he managed Information Security and IT Operations for 5,000 network users spread across Texas. Dave teaches local community college classes for CISSP, Security+ and ITIL certifications and volunteers for the ISSA Capitol of Texas Chapter at Austin. Dave’s certifications include CISSP, CAP, PMP, Security Plus, ITIL, CEH, EnCE, MCSE, MCSA, NSA NSTISSI 4011 and CNSSI 4012. Dave completed his MBA from the Jack Welch Management Institute in March 2020.

Chapter Meeting Location

Chapter Meeting Location
Virtual via Zoom. Click here to Register for the link to the meeting invite

Wednesday, 15 July, 2020, Austin ISSA Chapter Meeting

Click here to Register for Free

How to do Application Security Right

You’re building an application and need to prove it’s secure, and to do that you need to find vulnerabilities and fix them. However, there’s so much confusion about what that even means, let alone how to do it right, that it can be an uncertain and overwhelming endeavor. Author Ted Harrington takes you to the front lines of ethical hacking and security research, blending real-world exploit stories with actionable insights in order to help you understand how to break — and fix — applications. You’ll walk away with practical guidance about how to:

• Abuse functionality
• Chain vulnerabilities
• Choose a testing approach & methodology
• And much more

About the Speaker

Ted Harrington, Executive Partner, Independent Security Evaluators (ISE)

Ted Harrington is the author of HACKABLE: How to Do Application Security Right, and the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for being the first to hack the iPhone. He’s overseen security research hacking medical devices, password managers, and cryptocurrency wallets. Ted has helped hundreds of companies fix tens of thousands of security vulnerabilities, including Disney, Amazon, Google, Netflix, Adobe, Warner Brothers, Qualcomm, and more. For his stewardship of security research that Wired Magazine says “wins the prize, hands down,” Ted has been named both Executive of the Year [by American Business Awards] and 40 Under 40 [by SD Metro]. He leads a team that started and organizes IoT Village, an event whose hacking contest is a three-time DEFCON Black Badge winner, and which represents the discovery of more than 300 zero-day vulnerabilities (and counting). Ted‘s work has been featured in more than 100 media outlets, including The New York Times, Financial Times, Wall Street Journal, Washington Post, and USA Today. Ted is a Boston Marathon finisher, and holds a Bachelor’s degree from Georgetown University, where he started his first company while a student.

Outside of work, Chris is a musician and family man who enjoys outdoor adventures.

Chapter Meeting Location

Chapter Meeting Location
Virtual via Zoom. Click here to Register for the link to the meeting invite

Wednesday, 19 February, 2020, Austin ISSA Chapter Meeting

Click here to Register for Free

ISSA members can attend remotely via Zoom. To retrieve the Zoom link and password click this link or use the link below.
https://www.members.issa.org/global_engine/download.aspx?fileid=D3ACCA0D-9894-4389-8198-EDE94618C7AD&ext=pdf

Digital Identity Management

Digital Identities empowers enterprises of all sizes to escape the exposure epidemic. Industries are moving to a cloud-delivered PKI as-a -services platform, IT and Info Sec teams are looking at better ways to manage thousands of digital certificates and keys across today’s hyper-connected environments. Product teams are designing and manufacturing devices with crypto-agility at massive scale causing the merger of IoT.

About the Speaker

Chris Davis – Sr. Solutions Engineer

Chris has 28 years of PKI centric experience. He worked for PepsiCo for 18 years where he designed and managed their global PKI infrastructure and team. Prior to that Chris worked for the NSA and FEMA where, among many other things, maintaining their PKI management and infrastructure.

Outside of work, Chris is a musician and family man who enjoys outdoor adventures.

Chapter Meeting Location

Chapter Meeting Location

FICO Auditorium (Left from main entrance in Bldg A as shown in picture below).
There is ample free parking in the complex, so you can park around the building anywhere.
Located in:  FICO
Map Location: https://goo.gl/maps/iEbhvrjKFzmjeL6E6
Address:     7700 West Parmer Lane
                      Austin, TX 78729

Wednesday, 15 January, 2020, Austin ISSA Chapter Meeting

Click here to Register for Free

Adding Security to the DevOps Pipeline

With the speed of modern software development, code is being pushed into production faster than ever…. and with it Security Vulnerabilities. Most of these vulnerabilities stem from a small set of common programming errors, which can be easily resolved.

This presentation will go over the different security scans which can be added to your pipeline, and how they lead towards more secure code. It will cover Static Application Security Testing, Dynamic Application Security Testing, Container Scanning, Dependency Scanning, and License Scanning.

About the Speaker

Fernando Diaz is a Technical Marketing Manager at GitLab. He is involved in managing content for GitLab’s set of Security Products. He is an active contributor to Kubernetes, mainly focusing on Ingress-Nginx.

In the past Fernando was an IBMer working as a Software Engineer for IBM’s public cloud. He was also an OpenStack Core Contributor, focusing on Barbican(Key Management) Development. He has spoken and held workshops at several OpenStack Summits.

Born and raised in Miami, Florida, Fernando received his B.ASc. in Computer Science at Florida International University. Currently resides in Austin, Texas and helps keep Austin weird. He loves hanging out with his dog “Oreo” and enjoying nature.

Sponsor for this month – COLORTOKENS