Segmentation Made Simple

Wednesday March 20, 2019

Learn how the industry is moving from ‘address defined networking’ to ‘identity defined networking’ and using provable machine identities instead of spoof-able IP addresses. Understand how segmentation through zero-trust networking cloaks your network while simplifying your environment. Learn about the Host Identity Protocol (HIP) that combines the powerful attributes of three different protocols (VXLAN, LISP and IPsec) into one -while eliminating their complexity and limitations. INTENDED AUDIENCE(S): IT Director, Network Architect, Security Architect, Enterprise Architect, CIO, CSO, Risk and Compliance Manager

Robert Kern, Director, Regional Sales Tempered Networks

About our speaker for March 2019 : Robert Kern is a Regional Sales Director for Tempered Networks with nearly thirty years of experience providing network and security solutions for customers in multiple market verticals throughout the central United States as well as Mexico. Robert has tenure with several notable and innovative companies, including SynOptics (Bay Networks) and F5 Networks. With his pioneering attitude and keen sense of business, Robert was instrumental in bringing their disruptive solutions to market. Based in Dallas, Robert has cultivated long-standing relationships with Fortune 500 accounts, from oil and gas to global transportation companies, and is well-respected for his ability to map solutions to meet critical business challenges.

Feb 2019, Chapter Meeting Recap

Jason Sheffield, Sr. Sales Engineer at Netskope, made several great points about how enterprises can implement cloud security. Some highlights included:

Data flows like water!
Data exposure from mis-configured settings that does not constitute a breach.
Is that cloud application your enterprise is thinking about using really enterprise ready?
Think about shadow IT:
- Who’s buying it?
- What is the risk exposure?
- From a compliance perspective, how does shadow IT impact audits and compliance?

Larry Moore, Austin, ISSA Past President, thanks Jason Sheffield for this presentation

He suggested three quick wins for Enterprise IT:

DLP policies for downloading sensitive data from the cloud, make sure you scrub test data, and don’t worry about nonsensitive data.
Assess the security of your IaaS environment continuously.
Consider using the same security policies against all your cloud data.

He told us about a great resource to check out – Adrian Grigorof’s article on Peerlyst, Mapping of On-Premises Security Controls vs Major Cloud Providers Version 3.2 Feb 2019.

Thank you, Jason, for a very informative meeting! If you’re an ISSA member, his slides are available here: https://www.issa.org/global_engine/download.aspx?fileid=8ED909AC-BCE6-4DB0-A67B-32DC463DA918&ext=pptx

January 2019, Chapter Meeting Recap

At the ISSA Chapter Meeting on January 16, 2019, William Vastine presented a fascinating overview on “Insider Threat Intelligence: Overview of Nation State-Sponsored Talent Recruitment Platforms.”

Larry Moore, Austin, ISSA Past President, shakes William Vastine’s hand

Our sponsors were Conducive and Splunk. Conducive is a boutique consulting and systems integration firm specializing in Splunk services and focused on solving complex business problems. Splunk was founded to pursue a disruptive new vision: make machine data accessible, usable and valuable to everyone. As well as the Austin ISSA raffle, Splunk and Conducive raffled off an additional $500 in prizes!

December 2018 Austin ISSA Chapter Meeting

For the December Austin ISSA chapter meeting, we had food and fun! The menu consisted of roast turkey breast, house salad, corn bread dressing, green beans, petit fours, pumpkin pie, and ice tea.

Len Noe, CyberArk Global Solutions Engineer, presented “Cyber Kill Chain.”

The Cyber Kill Chain concept, a model developed by Lockheed Martin, consists of seven steps:

Recon
Weaponization
Delivery
Exploitation
Installation
Command & Control
Actions on Objectives

Len demonstrated several attacks in 30 minutes, including:

MouseJack / JackIT, Process Hollowing
WHID cactus / Mimikatz
Hak5 BashBunny- Quick Creds
Responder / MultiRelay

A fascinating presentation! Several of his slide decks are available on SlideShare, such as https://www.slideshare.net/LenNoe/hackers-bag-of-tricks-2019

Why is AI Needed in Cybersecurity?

Tuesday, November 13, 2018

Mark Montgomery presents key trends for using Artificial Intelligence (AI) in various verticals of cybersecurity. Mark’s discussion covers many of the critical breakthroughs and innovations that have helped fight cybercrime, as well as areas ripe for disruption by entrepreneurs. Mark goes beyond the hypes and myths of AI in cybersecurity and covers the practical implications of technologies to provide value to organizations. Mark also presents aspects of how the attackers are innovating using advanced techniques, and in some cases, potential abuse of AI. Attendees will learn:

What is artificial intelligence (AI) and machine learning (ML)?
Why are AI and ML important to cybersecurity, and what are the most critical use cases?
What are the business drives for using AI in the context of cybersecurity?
What’s next? That is, how will AI evolve over the next 5 – 10 years in cybersecurity?

Mark Montgomery is a former US Navy Cryptologic Technician First Class, where he served with the Navy Cyber Defense Operations Command and the US Cyber Command. Since departing military service, Mark worked with the Texas Comptroller of Public Accounts and now SparkCognition. Mark earned his bachelor’s degree in IT System Management and a Master’s degree in Cyber Security Engineering; Mark has over a dozen industry certifications.

Mark specializes in operational security, performing malware analysis, intrusion detection, network analysis, incident response, digital forensics and threat intelligence. His current focus is on developing malicious software and machine learning feature development for the improvement and testing of DeepArmor endpoint anti-malware.

Cyber Threat Response Clinic

FREE Cyber Threat Response Clinic

As part of ISSA Austin’s training program, Cisco is offering free day-long technical training on October 16.

Listen to the podcast interview with Ryan Firth:

NOTE: This free event is limited to the October chapter meeting attendees. Standard chapter meeting fees apply. Click here to register for the October 16 chapter meeting.

Security and Network professionals need to evolve their strategy from a point-in-time approach to pervasive protection across the full attack continuum. Join Cisco and the Capital of Texas ISSA to experience common cybersecurity attack situations in a virtualized lab environment, where you will get to play both the role of attacker and defender. Utilizing an environment that models many enterprise networks, you will learn how environments get compromised, how breaches get discovered, and how to respond most effectively with Cisco Security products and integrated solution architectures.

We look forward to this hands-on experience and sharing the breadth of product and integrated solution offerings provided by Cisco Security.

Class agenda:

CTR Scenario 00: Clinic Overview
CTR Scenario 01: Integrated Threat Defense Solutions
CTR Scenario 02: The Enterprise to Protect: Welcome to HackMDs.com
CTR Scenario 03: Reconnaissance and Vulnerability Discovery
CTR Scenario 04: Smash & Grab: Attacking your Public Network Services
CTR Scenario 05: Pay to Play: Ransomware in the Enterprise
CTR Scenario 06: Insider Threats: Beyond the Perimeter
CTR Scenario 07: The Infected: Compromised Host Systems
CTR Scenario 08: Threat Hunting: Centralized Incident Response
CTR Scenario 09: The Challenge: Capture the Flag!

In order to attend the class you MUST register for the ISSA chapter meeting and you must register for this class separately (link below) so that we will have an accurate headcount. Class registrants who have not registered for the chapter meeting will not be admitted.

Hardware: Advanced Threats & Defenses

Hardware:

Advanced Threats & Defenses

Tuesday, October 16, 2018

Jennie Kam (Cisco) discusses advanced hardware threats during purchase, boot, and runtime. These threats are applicable to just about anything with a processor – personal computers, servers, networking gear, and even those convenient digital assistants on your home counter. Jennie discusses and presents hardware defense mechanisms to counter these threats.

Jennie Kam
Sr. Security Researcher
Cisco

Jennie Kam is a security researcher in Cisco’s Security and Trust Organization. Jennie’s embedded systems background enables her to evaluate the security posture of Cisco products from both a hardware and software perspective. Jennie is passionate about educating the next generation of cybersecurity professionals at all levels from elementary school to university students.

August—Securing Your Company During a Merger

Rick Handley, IT Security Manager at Schlumberger, disclosed the steps he took when the company he worked for acquired a smaller company. He approached the acquisition by using the following processes:

How to get budget (“never let a potential incident go to waste!”),
How to best deploy personnel capabilities and resources and,
Being open to new ideas from the acquired company.

He talked about ways to measure results while the acquisition is in process, making progress as opposed to achieving perfection, risk and risk assessment, and how to set up network segmentation and default policies. Then, he detailed keys to success. It was an excellent presentation!

If you’re an ISSA member, you can download the slides here.

August Raffle Winner – Travis Dye

Configuring Mobile App Security Test Protocols

Hacker Carpet Bomb

Tuesday, September 18, 2018 11:30 am – 1:00 pm

Andy demonstrates real-world attacks that organizations see daily. Andy has hours of simulated attacks to share and will present as many exploits and attacks as possible during the chapter meeting. Simulated attacks include stealing hashes off the wire with Responder & Inveigh, Poison Tap, Bash Bunny, MouseJack and more!

Andy Thompson

Andy Thompson is the CyberArk Software National Manager for Customer Success in the Southwest and Midwest territories. Andy provides strategic and technical guidance to organizations to secure their technologies with security best practices in order to prevent credential theft and breach. Andy spent the last 20 years in the fields of Web Development, Systems Engineering/Administration, and Architecture Andy spent the last 6 years in Information Security and Architecture focusing on large retail organizations.