Why is AI Needed in Cybersecurity?

Tuesday, November 13, 2018

Mark Montgomery presents key trends for using Artificial Intelligence (AI) in various verticals of cybersecurity. Mark’s discussion covers many of the critical breakthroughs and innovations that have helped fight cybercrime, as well as areas ripe for disruption by entrepreneurs. Mark goes beyond the hypes and myths of AI in cybersecurity and covers the practical implications of technologies to provide value to organizations. Mark also presents aspects of how the attackers are innovating using advanced techniques, and in some cases, potential abuse of AI. Attendees will learn:

What is artificial intelligence (AI) and machine learning (ML)?
Why are AI and ML important to cybersecurity, and what are the most critical use cases?
What are the business drives for using AI in the context of cybersecurity?
What’s next? That is, how will AI evolve over the next 5 – 10 years in cybersecurity?

Mark Montgomery is a former US Navy Cryptologic Technician First Class, where he served with the Navy Cyber Defense Operations Command and the US Cyber Command. Since departing military service, Mark worked with the Texas Comptroller of Public Accounts and now SparkCognition. Mark earned his bachelor’s degree in IT System Management and a Master’s degree in Cyber Security Engineering; Mark has over a dozen industry certifications.

Mark specializes in operational security, performing malware analysis, intrusion detection, network analysis, incident response, digital forensics and threat intelligence. His current focus is on developing malicious software and machine learning feature development for the improvement and testing of DeepArmor endpoint anti-malware.

Cyber Threat Response Clinic

FREE Cyber Threat Response Clinic

As part of ISSA Austin’s training program, Cisco is offering free day-long technical training on October 16.

Listen to the podcast interview with Ryan Firth:

NOTE: This free event is limited to the October chapter meeting attendees. Standard chapter meeting fees apply. Click here to register for the October 16 chapter meeting.

Security and Network professionals need to evolve their strategy from a point-in-time approach to pervasive protection across the full attack continuum. Join Cisco and the Capital of Texas ISSA to experience common cybersecurity attack situations in a virtualized lab environment, where you will get to play both the role of attacker and defender. Utilizing an environment that models many enterprise networks, you will learn how environments get compromised, how breaches get discovered, and how to respond most effectively with Cisco Security products and integrated solution architectures.

We look forward to this hands-on experience and sharing the breadth of product and integrated solution offerings provided by Cisco Security.

Class agenda:

CTR Scenario 00: Clinic Overview
CTR Scenario 01: Integrated Threat Defense Solutions
CTR Scenario 02: The Enterprise to Protect: Welcome to HackMDs.com
CTR Scenario 03: Reconnaissance and Vulnerability Discovery
CTR Scenario 04: Smash & Grab: Attacking your Public Network Services
CTR Scenario 05: Pay to Play: Ransomware in the Enterprise
CTR Scenario 06: Insider Threats: Beyond the Perimeter
CTR Scenario 07: The Infected: Compromised Host Systems
CTR Scenario 08: Threat Hunting: Centralized Incident Response
CTR Scenario 09: The Challenge: Capture the Flag!

In order to attend the class you MUST register for the ISSA chapter meeting and you must register for this class separately (link below) so that we will have an accurate headcount. Class registrants who have not registered for the chapter meeting will not be admitted.

Hardware: Advanced Threats & Defenses

Hardware:

Advanced Threats & Defenses

Tuesday, October 16, 2018

Jennie Kam (Cisco) discusses advanced hardware threats during purchase, boot, and runtime. These threats are applicable to just about anything with a processor – personal computers, servers, networking gear, and even those convenient digital assistants on your home counter. Jennie discusses and presents hardware defense mechanisms to counter these threats.

Jennie Kam
Sr. Security Researcher
Cisco

Jennie Kam is a security researcher in Cisco’s Security and Trust Organization. Jennie’s embedded systems background enables her to evaluate the security posture of Cisco products from both a hardware and software perspective. Jennie is passionate about educating the next generation of cybersecurity professionals at all levels from elementary school to university students.

August—Securing Your Company During a Merger

Rick Handley, IT Security Manager at Schlumberger, disclosed the steps he took when the company he worked for acquired a smaller company. He approached the acquisition by using the following processes:

How to get budget (“never let a potential incident go to waste!”),
How to best deploy personnel capabilities and resources and,
Being open to new ideas from the acquired company.

He talked about ways to measure results while the acquisition is in process, making progress as opposed to achieving perfection, risk and risk assessment, and how to set up network segmentation and default policies. Then, he detailed keys to success. It was an excellent presentation!

If you’re an ISSA member, you can download the slides here.

August Raffle Winner – Travis Dye

Configuring Mobile App Security Test Protocols

Hacker Carpet Bomb

Tuesday, September 18, 2018 11:30 am – 1:00 pm

Andy demonstrates real-world attacks that organizations see daily. Andy has hours of simulated attacks to share and will present as many exploits and attacks as possible during the chapter meeting. Simulated attacks include stealing hashes off the wire with Responder & Inveigh, Poison Tap, Bash Bunny, MouseJack and more!

Andy Thompson

Andy Thompson is the CyberArk Software National Manager for Customer Success in the Southwest and Midwest territories. Andy provides strategic and technical guidance to organizations to secure their technologies with security best practices in order to prevent credential theft and breach. Andy spent the last 20 years in the fields of Web Development, Systems Engineering/Administration, and Architecture Andy spent the last 6 years in Information Security and Architecture focusing on large retail organizations.

July Recap – Defending the Industrial Cloud

Brett Young, an ICS Security Lead at Leidos, gave a rousing presentation on defending the industrial cloud. He showed us the Purdue Enterprise Reference Architecture model and briefly explained how the IEC/ISA 62443-3-2 standard is used to document attributes for each defined zone and conduit. A copy of his presentation is available here for ISSA members.

July sponsor

Our sponsor for the July meeting was SparkCognition, which uses the “higher-order possibilities AI can deliver for the industries and organizations [to] create a healthy, functioning, and safe society.” Rick Pither can help your organization find out how their product can transform your organization. Call him at 512-688-7328 or email rpither@sparkcognition.com. Sparkcognition CEO Amir Husain also donated three copies of The Sentient Machine to the raffle.

Raffle winners

Winners of The Sentient Machine:

Doug Engle
Gene Lubker
Dee Dee Ranyan

Winner of the training donated by InfoSec Institute—a $4,000 value!—was Jim Pearce.

How to Protect Your Company During a Merger

Tuesday, August 21, 2018 11:30 am – 1:00 pm

Protect your manufacturing, business systems, IT operations and employees during a merger. Learn specific mitigation techniques used to protect Operational Technology (OT) from production networks and information assets from vulnerable remote access.

Learn about strategies successfully used to:

Get the budget needed
Rapidly integrate IT operations
Grow staff size and proficiency

These techniques were employed successfully during the merger and rapid integration of a Fortune 500 company into a Fortune Global 500 company. Other topics covered include risk assessment, budget justification, and fostering collaboration.

Rick Handley has been an Information Security practitioner for 20 years. Previous roles at Schlumberger include Integration Security Manager and Endpoint Security Manager. Prior to Schlumberger he was Director of Network Security and Integration for Smith International. Rick has been a speaker at IBM’s Focus Conference and is currently Communications Director for South Texas ISSA having served on the board since 2012.

RIck Handley

Compliance Challenges

The New Oxford American dictionary defines compliance as, “the action or fact of complying or yielding to a set of rule or standards.” Many infosec experts have their own definition of security compliance consisting of a few choice four-letter words.

Like or not, compliance will be here for the foreseeable future. We seem to be caught in a Catch-22; it’s commonly agreed that metrics are critical to ensure the effectiveness of security controls yet businesses often become engulfed in compliance requirements when they attempt to adhere to a baseline that defines acceptable minimum standards defined by frameworks. Some frameworks, like PCI DSS, contain very detailed and rigid requirements that leave little room to interpretation while others like ISO 27001 are more flexible and give the business room to define its own requirements. Many frameworks require or promote an internal or external audit that evaluates the controls in place and, if necessary, establishes corrective actions.

The humorous or disastrous observation on how businesses often address compliance—depending upon your point of view—is that they not only don’t have an idea on how to approach this topic but assume that they’re experts yet refuse to see the error of their ways. I ought to know because I’ve been on the short end of this topic and have lived to tell the tale. My personal career has been, shall we say, interesting when it comes to compliance.

A growing trend is for companies to mix project management and information security when seeking experts to address their compliance requirements. An increasing number of companies are looking to fill compliance roles and believe that information security experts are the right people to hire. More and more compliance openings are seeking experts with CISSP, CISA and other certifications yet these roles only require project managers who may serve as intermediaries between the auditors and the IT teams.

If you’re looking for work and come across an opening for some type of compliance work don’t let the requirements fool you; companies often believe that security qualifications are needed because security is the general requirement for compliance. In reality, security skills are of little importance.

If you are interviewed by a company for a compliance role and would like clarification on the real qualifications needed for the role I would like to offer something that has helped me in my interviews. Ask the interviewer: “If you were only permitted to choose one skill needed for this role would you choose a project manager or an information security expert?” If “project manager” is the reply then it’s a good bet that your security skills will not be needed. This question has often been the key factor for me to turn down roles that I thought would not enable me to grow as a security practitioner. I wish I asked this question years ago.

Another disturbing trend is that companies often mistake common security best practices as though they’re completely separate entities. For example, HIPAA and ISO 27001 require businesses to define operational continuity as needed for the business yet many interviewers consider “HIPAA disaster recovery” and “ISO 27001 disaster recovery” as separate entities. It’s not just a matter of apples and oranges to them it’s apples and algebra. Although businesses of all types use identical databases, servers, data centers, desktops, monitoring, etc. the idea of disaster recovery/business continuity is foreign for an industry that is not similar to theirs.

ISSA Austin will continue its outreach program to local businesses to help businesses make informed decisions on infosec issues. ISSA Austin also offers a mentorship program to its members to help them be effective in job searches, interviews and negotiations. Contact a board member if you are interested in a mentor.

Best regards,

Larry Moore
President – ISSA Capitol of Texas chapter

Welcome to Austin ISSA!

June Chapter Meeting Recap

Meeting Recaps

We’ve had some excellent meetings so far this year! In case you missed any of these dynamite presentations, there are materials available from each presenter.

June – The Attacker Point of View: Hacking mobile Apps in Your Enterprise

Brian Lawrence, a security engineer at NowSecure, gave a riveting presentation on the mobile app attack surface from an attacker’s point of view (POA). He covered several possible weak points, such as data at rest (where is it stored?), data in motion (how is it sent?), code functionality, and the API backend. He then discussed the OWASP Mobile Top 10 (2016). Next, he demonstrated FRIDA, a “dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.” Members of ISSA can download his presentation (as well as other past presentations) here.