Wednesday, 16 Sep, 2020, Austin ISSA Chapter Meeting

Click here to Register for Free

Email Security

DMARC (Domain-based Message Authentication, Reporting and Conformance) is considered an industry standard for email security to prevent attacks from malicious third parties sending fraudulent email using a legitimate address. DMARC is also an important defense against business email compromise (BEC), which is a growing risk for organizations of all sizes, with more than $1.7 billion in losses last year according to the FBI.

In this presentation we will cover not just DMARC, but also SPF and DKIM. Learn about the information that you need to help decision makers understand why it is important to implement these protocols to mitigate cyber risks.

About Speakers

Shehzad Mirza / Director of Operations for Global Cyber Alliance (GCA)

Shehzad Mirza is the Director of Operations for Global Cyber Alliance (GCA), a not-for-profit organization who mission is to eliminate cyber risks around the globe. Prior to joining GCA, Shehzad was a manager in the Advisory Services practice, as part of the security monitoring group of Ernst & Young LLP. He also served as Senior Director of Security Operations at the Center for Internet Security (CIS), an internationally recognized not-for-profit organization that provides cybersecurity services and support to state, local, tribal, and territorial governments throughout the United States. He was responsible for managing the security operations, which included a 24×7 security operations center (SOC) consisting of security analysts and Intel analysts providing cybersecurity and detection/notification services to all state and local governments across the United States for the Multi-State Information-Sharing and Analysis Center (MS-ISAC).

Shehzad started his career in cybersecurity as a consultant with Symantec working and managing a 24×7 security operations center (SOC) for the State of New York. He started as an analyst and within four years managed the SOC.

Chapter Meeting Location

Chapter Meeting Location
Virtual via Zoom. Click here to Register for the link to the meeting invite

Wednesday, 19 Aug, 2020, Austin ISSA Chapter Meeting

Click here to Register for Free

Introduction to Cybersecurity Maturity Model Certification (CMMC)

The Department of Defense (DoD) is implementing the Cybersecurity Maturity Model Certification (CMMC) as an independent security assessment for 350,000 vendors in the Defense Industrial Base (DIB), including small mom and pop shops, companies that mow the grass, and companies that make military weapon systems.

New DoD contracts as of October 1, 2020 require CMMC certification (although Covid-19 may push that back slightly). CMMC will be phased in over five years as current contracts and their option years expire. The CMMC formalizes security self-assessments that became mandatory in November 2016 with the introduction of NIST 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” yet were considered ineffective due to lack of independent audit oversight.

All companies storing, managing, or processing DoD Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) must become CMMC certified.

The CMMC is expected to:

• Drive real security change in the DoD marketplace by mandating independent audits for DIB vendors and closing loopholes where DIB vendors could self-attest their compliance based on inconsistent perception and experience.
• Be adopted by additional US Government and State Agencies seeking a security standard that translates well for public and private sectors.
• Trigger an explosion of new security careers and further strain the already limited cybersecurity / information security workforce.

About the Speaker

Dave Gray, Senior Cyber Security Advisor at Cyber Defense , Inc.

Dave Gray is a CISSP, CAP and PMP certified CyberSecurity Leader skilled in securing information systems to achieve information Confidentiality, Integrity and Availability. Dave’s focus is Governance, Risk Management and Compliance (GRC) using information security frameworks established by the National Institute of Standards and Technology (NIST) and the Center for Information Security 20 Critical Security Controls. Dave specializes in DoD CMMC, NIST 800-171, NIST 800-53 and CIS CSC 20.

Dave retired in 2011 from the Texas Army National Guard as a Lieutenant Colonel where he managed Information Security and IT Operations for 5,000 network users spread across Texas. Dave teaches local community college classes for CISSP, Security+ and ITIL certifications and volunteers for the ISSA Capitol of Texas Chapter at Austin. Dave’s certifications include CISSP, CAP, PMP, Security Plus, ITIL, CEH, EnCE, MCSE, MCSA, NSA NSTISSI 4011 and CNSSI 4012. Dave completed his MBA from the Jack Welch Management Institute in March 2020.

Chapter Meeting Location

Chapter Meeting Location
Virtual via Zoom. Click here to Register for the link to the meeting invite

Wednesday, 15 July, 2020, Austin ISSA Chapter Meeting

Click here to Register for Free

How to do Application Security Right

You’re building an application and need to prove it’s secure, and to do that you need to find vulnerabilities and fix them. However, there’s so much confusion about what that even means, let alone how to do it right, that it can be an uncertain and overwhelming endeavor. Author Ted Harrington takes you to the front lines of ethical hacking and security research, blending real-world exploit stories with actionable insights in order to help you understand how to break — and fix — applications. You’ll walk away with practical guidance about how to:

• Abuse functionality
• Chain vulnerabilities
• Choose a testing approach & methodology
• And much more

About the Speaker

Ted Harrington, Executive Partner, Independent Security Evaluators (ISE)

Ted Harrington is the author of HACKABLE: How to Do Application Security Right, and the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for being the first to hack the iPhone. He’s overseen security research hacking medical devices, password managers, and cryptocurrency wallets. Ted has helped hundreds of companies fix tens of thousands of security vulnerabilities, including Disney, Amazon, Google, Netflix, Adobe, Warner Brothers, Qualcomm, and more. For his stewardship of security research that Wired Magazine says “wins the prize, hands down,” Ted has been named both Executive of the Year [by American Business Awards] and 40 Under 40 [by SD Metro]. He leads a team that started and organizes IoT Village, an event whose hacking contest is a three-time DEFCON Black Badge winner, and which represents the discovery of more than 300 zero-day vulnerabilities (and counting). Ted‘s work has been featured in more than 100 media outlets, including The New York Times, Financial Times, Wall Street Journal, Washington Post, and USA Today. Ted is a Boston Marathon finisher, and holds a Bachelor’s degree from Georgetown University, where he started his first company while a student.

Outside of work, Chris is a musician and family man who enjoys outdoor adventures.

Chapter Meeting Location

Chapter Meeting Location
Virtual via Zoom. Click here to Register for the link to the meeting invite

Wednesday, 19 February, 2020, Austin ISSA Chapter Meeting

Click here to Register for Free

ISSA members can attend remotely via Zoom. To retrieve the Zoom link and password click this link or use the link below.
https://www.members.issa.org/global_engine/download.aspx?fileid=D3ACCA0D-9894-4389-8198-EDE94618C7AD&ext=pdf

Digital Identity Management

Digital Identities empowers enterprises of all sizes to escape the exposure epidemic. Industries are moving to a cloud-delivered PKI as-a -services platform, IT and Info Sec teams are looking at better ways to manage thousands of digital certificates and keys across today’s hyper-connected environments. Product teams are designing and manufacturing devices with crypto-agility at massive scale causing the merger of IoT.

About the Speaker

Chris Davis – Sr. Solutions Engineer

Chris has 28 years of PKI centric experience. He worked for PepsiCo for 18 years where he designed and managed their global PKI infrastructure and team. Prior to that Chris worked for the NSA and FEMA where, among many other things, maintaining their PKI management and infrastructure.

Outside of work, Chris is a musician and family man who enjoys outdoor adventures.

Chapter Meeting Location

Chapter Meeting Location

FICO Auditorium (Left from main entrance in Bldg A as shown in picture below).
There is ample free parking in the complex, so you can park around the building anywhere.
Located in:  FICO
Map Location: https://goo.gl/maps/iEbhvrjKFzmjeL6E6
Address:     7700 West Parmer Lane
                      Austin, TX 78729

Wednesday, 15 January, 2020, Austin ISSA Chapter Meeting

Click here to Register for Free

Adding Security to the DevOps Pipeline

With the speed of modern software development, code is being pushed into production faster than ever…. and with it Security Vulnerabilities. Most of these vulnerabilities stem from a small set of common programming errors, which can be easily resolved.

This presentation will go over the different security scans which can be added to your pipeline, and how they lead towards more secure code. It will cover Static Application Security Testing, Dynamic Application Security Testing, Container Scanning, Dependency Scanning, and License Scanning.

About the Speaker

Fernando Diaz is a Technical Marketing Manager at GitLab. He is involved in managing content for GitLab’s set of Security Products. He is an active contributor to Kubernetes, mainly focusing on Ingress-Nginx.

In the past Fernando was an IBMer working as a Software Engineer for IBM’s public cloud. He was also an OpenStack Core Contributor, focusing on Barbican(Key Management) Development. He has spoken and held workshops at several OpenStack Summits.

Born and raised in Miami, Florida, Fernando received his B.ASc. in Computer Science at Florida International University. Currently resides in Austin, Texas and helps keep Austin weird. He loves hanging out with his dog “Oreo” and enjoying nature.

Sponsor for this month – COLORTOKENS

Wednesday, December 11, 2019, Board Member Elections, Speaker of the Year Award, Special Holiday Meal

Register Here

Join us on Wednesday, December 11, 2019 to celebrate another year of promoting information security in the Austin community. We are beta testing remote attendance for the meeting via Zoom. ISSA members can join using Zoom link that is available via this link. You need to log in to the ISSA website with your user id and password to retrieve the Zoom link and password.

5 of our 10 board member positions are up for election, we encourage anyone and everyone to apply by sending an email to elections@austinissa.org.  The positions up for election are:

• Vice President
• Marketing Director
• Membership Director
• Operations Director
• Recording Secretary

More details on these positions is available at https://austinissa.org/chapter-info/

Agenda
11:30 – Networking
11:45 – Chapter Business Update
11:50 – Sponsor
12:00 – Presentation
12:50 – Q&A

Chapter Meeting Location

Norris Conference Center
Located in:  Northcross Mall
Address:       2525 W Anderson Ln #365
                      Austin, TX 78757
Phone:          (512) 451-5011

Sponsor for this month – Thales Security

Register here: https://events.thepulsenetwork.com/Attendee/Default.aspx?C=70000088&M=30000227&Mode=HTML

If you have subscribed to our newsletters, check the most recent mailings from us for free and discounted codes.

We are looking for moderators for each table during the InnoTech Security luncheon round table discussions. Are you interested, or do you know anyone who is interested? If so, please contact the Austin ISSA Treasurer at treasurer@austinissa.org

NOTE: Austin ISSA November 2019 Chapter Meeting regularly scheduled for November 20, 2019 will not be held. Instead we encourage you to register for this event.

Security Expo Sponsors

• Check Point Software
• Cisco Umbrella
• Conducive Consulting
• Critical Start
• Kudelski Security
• Optiv
• Trend Micro

Security Speakers and Topics

How Next-Generation Data Protection Accelerate Innovation Cycles – Real Life Use Case for Blockchain –Lou Senko,  Senior Vice President of Hosting & Chief Information Officer, Q2

Strategic Tool Stacks: Security is More Than Amassing Blinking Lights and Alerts – Tommy Scott, Senior Solutions Consultant, Critical Start

Continuous Security: Using Automation to Expand Security’s Reach –
Matt Tesauro, Senior Partner, 10Security

Digital Extortion & Trend Micro Security Predictions for 2019/2020 
Jesse Brown, Trend Micro

The Current Privacy Policy Landscape – Why Should I Care About CCPA and What is Next? Elizabeth Rogers, CIPP/US, Partner, Michael Best Friedrich, LLP

Security within a Multi Cloud Environment –  Jordan Gackowski, SE Manager, Cisco Cloud Security Jeff Reich, Co-Founder & Chief Risk Officer & Chief Operating Officer, LexAlign, PBC

Cloud and Legacy Security Strategies, How to Find Alignment – Wayne Reynolds, Advisory CISO, Kudelski Security

Securing the Technology Supply Chain – Yi Mao, Ph.D., CISSP, Vice President, atsec Labs, atsec Information Security Corporation, 

For all the latest conference session additions, or to register visit: https://www.innotechaustin.com/securitysummit

ISSA War Game Exercise

To promote education and preparedness in the community, security, technology, and management professionals are invited to participate in a cybersecurity war game exercise. All resources and materials used during the exercise will be provided to attendees to bring back to their organization to launch a program for conducting cybersecurity war game exercises internally.

• On the stage will be participants with tech and management experience who will play various roles at a fictional company, and they will be led through a narrative series of events that result in a cybersecurity breach.
• Members of the audience will be given a dossier on their role as a customer or investor of the fictional company when they arrive, and they will submit feedback to the fictional company via their mobile device. Winning submissions as determined by audience vote will be used within the exercise, and prizes will be issued to select submitters.
• As a tabletop, there are no live systems, instead it’s like a D&D game with hackers and techies instead of dragons and wizards, supplemented with synthesized policies and logs from the fictional systems projected for everyone to see.
• After the event, there will be a panel of experts who will conduct a “hot wash” de-brief, analyzing how well the participants performed, and to what extent our exercise accomplished its objectives.
• Last year’s event received lots of positive feedback and drew attendees from as far as the SF Bay Area, and the Sli.do voting system we used ranked it among the top 10% most interactive events in North America in 2018!

Don’t Miss the ISSA at InnoTech Happy Hour!

5:00pm – 7:00pm Hosted by Kudelski Security A great opportunity to network and socialize with your security colleagues after the conference over free drinks and hors d’oeuvres!

Café Blue Downtown Austin 340 E 2^nd St Austin, TX 78701

Wednesday, October 16, 2019, Austin ISSA Chapter Meeting

Register Here

Register by October 9, 2019 to avail ISSA member discount !

Containers are relatively new to IT; they package software and dependencies in a single binary which are able to run reliably in multiple environments. Containers have grown in popularity to a point where Kubernetes have been created as an open-source container management system.

Like many other IT resources, Containers and Kubernetes are reliable only if configured properly by knowledgeable IT personnel. Without adequate safeguards, they open vulnerabilities that enable attackers to compromise critical systems.

This presentation will address common threats to Containers and Kubernetes and solutions to mitigate those threats. Basic demonstrations will be included.

About Our Speaker

Larry Moore has been serving in the information security field for over twenty years. Prior to security, Larry was a software engineer starting in NASA and migrated to device drivers and kernel extensions for personal computing operating systems such as OS/2, Windows, AIX and other Unix variants.

Larry has served in numerous roles in security. He was a penetration tester, network administrator, security architect, risk assessor auditor, secure code evaluator and part-time social engineer. Larry has worked in both the private and public sectors and his work in architecture and audits included data centers in the U.S. and around the world.

Larry currently works as a GRC Architect and vCISO for Pivot Point Security (pivotpointsecurity.com) where he performs risk assessments, ISO 27001, NIST, HIPAA and privacy assessments and solutions nationwide. His customers include software manufacturers, legal firms, healthcare, public sector and financial services.

Larry served the president of the Austin chapter of the Information Systems Security Association (ISSA) and was the former IT Sector Chief for the Austin chapter of Infragard. Larry is also very active in local security activities and serves as a mentor for rookies interested in entering the security field.