Threat Hunting and Vendor Cyber Contracts

Monday August 3rd, 2020 / 6:30 PM (PST)

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:30 PM (MST)

WHERE: Virtual Zoom Meeting : Direct Link

Meeting ID: 851 5567 0745
Password: SWCSF

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s

[6:30-6:35 PM]

Announcements

  • Announcements and Updates (~5 min)

[6:35-6:50 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[6:50-7:05 PM]

Sponsor Segment

Phreedom now offers expanded professional services for Networking, Fortinet and Palo Alto Firewall Technology

[7:05-7:50 PM]

Threat Hunting

Tim Garcia - Instructor, SANS Institute

Topic:

SANS Instructor, Tim Garcia will be presenting on the broad topic of Threat hunting.  So you have purchased manageable assets, deployed agents and configured logging on everything you can think of, including your local and cloud workloads and bringing it all into your central data lake / SIEM.  What questions should you be asking it?  How do you make sense of it and where do you even start?  Tim, a cyber security veteran, will provide a the strategic direction combined tactical knowledge of how to approach the general topic of threat hunting in modern corporate environments.

Bio:

Timothy Garcia is a seasoned security professional who loves the challenge and continuously changing landscape of defense. Tim started his career as an engineer in IT and after working on a few security incidents related to Code Red and Nimda; he realized he had found his calling. Tim currently works as an Information Security Engineer for a Fortune 100 financial institution where he provides security consulting to project teams to ensure security of IT operations and compliance with policies and regulations.

[7:50-8:40 PM]

Security Vendors and Contracts (The Un-Sexy Side of Cyber)

Ilene Klein
Ilene Kein

by Ilene Kein, CISSP, CISM, CIPP/US, Cybersecurity Program Coordinator Urban Area Security Initiative City of Phoenix Office of Homeland Security and Emergency Management

Topic:

Security Vendors and Contracts (The Un-Sexy Side of Cyber)

So, you run a cyber security program and have done everything reasonable you can, or at least have budget for, to secure your environment. Now, how about your vendors? As more and more of our data, operations and service delivery model rely on 3rd parties, we have an increasing need to understand those vendors risk profile, and codify that understanding in a contract.

Ilene will walk through the process of doing just that and touch on frameworks, audit dynamics and the important contact provisions you should push in order to keep your compliance program, and your vendor risk landscape, in order.

Bio:

For over 20 years, Ilene Klein has been evangelizing security to anybody who would listen … and to management. During this time, she built and led compliance, governance, incident response, privacy, policy, security awareness, threat intelligence, and vulnerability management programs and frameworks. Ilene started her career as an electronics instructor and then traveled from Honolulu to Heidelberg as a systems engineer installing proprietary software for the U.S. Army and resolving system crashes before focusing on cybersecurity. Ilene has earned multiple security and privacy certifications, and she’s won awards such as the CISM Geographic Excellence Award for earning the highest score in the North America geographical region on the December 2011 CISM examination and a 2018 Warrior Award for fighting on the “front lines” of cybersecurity.

 

FBI Cyber Task Force Update + Implementing Security Compliance Through DevOps Automation / Splunk My Logs Please!

REGISTER HERE

A Zoom account is required for this special event.

Monday June 1st, 2020 / 6:30 PM (PST)

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:30 PM (MST)

WHERE: Virtual Zoom Meeting: Register Here or use  Direct Link to Meeting.

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s

Sponsor: Check Point Software

Our thanks to Check Point Software for sponsoring this months meeting!

Check Point Infinity is the first consolidated security across networks, cloud and mobile, providing the highest level of threat prevention against both known and unknown targeted attacks to keep you protected now and in the future.

Contact:
Enterprise Team: AZ,NM,NV
Brian Besse: Territory Manager BBesse@CheckPoint.com 949-521-3590
Jon Fallon: Security Engineer JFallon@CheckPoint.com
Michael Reuland: Business Development MReuland@checkpoint.com
Katie Schweger Renewals Specialist KSchwege@checkpoint.com

[6:30-6:35 PM]

Announcements

  • Announcements and Updates (~5 min)

[6:35-6:50 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[6:50-7:05 PM]

Sponsor Segment

  • Short presentation by our sponsor (~15 min)

[7:05-7:50 PM]

Implementing Security Compliance Through Automation

Joseph Bennet - Lead Consultant Contino,
Aaron Brock - Lead Consultant Contino,
Jason Lutz, NPA - Senior DevOps Consultant, Security

Topic:

Hybrid cloud change control and compliance can be manual, cumbersome and not scale well.  Joseph, Aaron and Jason will present how they migrated a manual process of log ingestion for clients AWS flow logs into an automated process driven by what are typically considered DevOps tools such as Git, Ansible, Jenkins, Terraform and Trumpet.  This reduced the process timeline from days to hours, and allowed different teams to more effectively collaborate in managing the process.  This mash-up of tools and how they were used provides important lessons for the future of Security Automation.  Don’t miss this highly technical presentation which will include demo code and interactive chat session with the presenters.

Bio:

Joseph:  Joseph Bennet has 14 years working in the IT industry, and 7 years as a consultant ups killing clients and their staff in the deployment, management, and use of various technologies. Joseph Bennet's includes a wide range of industries including financial, entertainment as well as public sector experience working with organizations such as the US Patent and Trademark Office and the Army Research Laboratory.

Aaron:  Aaron N. Brock, is passionate about delivering solutions which create business value for clients. His forte is to tightly integrate iterative technological improvements with people-focused learning and upskilling, creating an environment where positive change is encouraged. He continues to evangelize a Cloud-First approach following DevOps best practices. Aaron has extensive experience in Docker, K8s, Jenkins, Ansible, Terraform and more. He continues to work with a wide breadth of companies across a variety of industries ranging from gaming to large financial institutions, and has experience at every level of the software development lifecycle.

Jason: Passionate in building cloud security programs, implementing open source technologies, and addressing information security risk. As a certified ISO 27001 Lead Implementer: he understands what it takes to build and reinforce information security management systems (ISMS) with a specialized focus on cloud implementations. He continuously increases his security, compliance and technical skills; combining these skills to create a unique amalgamate of knowledge to offer to our clients.

 

[7:50-8:40 PM]

FBI Cyber Task Force Update

FBI Seal
Federal Bureau of Investigation

by FBI Special Agent Paul Schaaf, also Phoenix Co-Infragard Coordinator

Topic:

Paul and team will provide an update from the FBI Cyber Task Force on the onslaught of on-line misinformation and how it is going to force our society to change the way we consume information and trust sources.

[8:40PM]

End

 

Complexities of Incident Response + Real Time Defender Velocity

Monday May 4th, 2020 / 6:30 PM (PST)

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:30 PM (PST)

WHERE: Online

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s

Sponsor: SentinelOne

Our thanks to SentinelOne for sponsoring this months meeting!

A group of defense and intelligence experts saw savvy attackers compromising endpoints seemingly at will. Traditional approaches failed to provide sufficient protection. They founded SentinelOne to develop a dramatic new approach to endpoint protection. It’s one that applies AI and machine learning to thwart known and unknown threats.

Our team understands how much endpoints matter. When attackers come after our privacy, intellectual property, infrastructure, and collaborative modes of working, they assault more than just data. We’re under attack, and so are our values. That’s why we’re dedicated to keeping our breakthrough platform ahead of threats from every vector. Gartner, NSS Labs, and industry leading organizations recognize that our approach sets us apart.

Contact:
Shaq Misra
Enterprise Sales
shaqm@sentinelone.com
801-414-9641

[6:30-6:35 PM]

Announcements

  • Announcements and Updates (~5 min)

[6:35-6:50 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[6:50-7:05 PM]

Sponsor Segment

  • Short presentation by our sponsor (~15 min)

[7:05-7:50 PM]

Real Time Defender Velocity

by David Gold – Sr. Director, Sales Engineering – West SentinelOne

Bio:

David Gold recently joined SentinelOne as Sr. Director of Sales Engineering for the West. David has more than 15 years experience in enterprise information security and brings a strong track record of innovation and customer focus to SentinelOne. Previous to SentinelOne he was the VP of Product and VP of Solutions Architecture at ProtectWise and helped launch and build the company from stealth to a successful exit to Verizon.  David helped define the network detection and response market and has helped many organizations develop detection and response strategies and to embrace cloud delivered technologies. He has also led Firewall Product Management at McAfee and has held various roles in sales engineering, product management and support at Websense, Intel, McAfee and Secure Computing.

Topic:

Organizations spend more money on cyber security tools every year, yet the number of breaches and the cost of these breaches continues to increase. A new approach is needed that relies on autonomous analysis that can respond at machine speed. By embracing automation, AI and big data analytics organizations can better prevent threats, find and detect what is missed, provide contextual linking for forensic and threat hunting – and even more importantly self heal and fully recover when necessary.

[7:50-8:40 PM]

Complexities of Incident Response

 

by Chris Pavan; Security Professional, Helios Group

Bio:

Chris Pavan is a veteran incident responder with experience supporting the US military and working in national forensics projects. He is a previous SWSCF speaker and is heavily invested in the Phoenix cyber security community.

Topic:

Chris Pavan will review a forensic case involving a vulnerable minor which touches on a lot of the standard items inherent in any cyber-security forensic case.  This particular case ran into a number of unique challenges relating to victims’ rights, the inherent bureaucracy and sometimes siloed mentality of law enforcement agencies and the complex and sometimes conflicting legal framework that must be navigated by the investigator to juggle all these competing dynamics.  The presentation will highlight some of the entrenched challenges we still need to deal with not only as cyber security professionals but as a society.

[8:40PM]

End

 

Deep Dive into the CISM Certification + Anatomy of an Incident Response

Monday April 6th, 2020 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: Arctic Wolf Networks

Our thanks to Arctic Wolf Networks for sponsoring this months meeting!

Arctic Wolf

Through the industry’s original Concierge Security Team, Arctic Wolf provides the scalable managed cybersecurity protection IT-constrained companies need to keep their critical data, networks, web-based applications, and devices safe. Working as an extension of your internal team, highly-trained and coveted security experts deliver 24×7 cloud-based monitoring, risk management, threat detection, and response services that protect you from ever-evolving methods of cyber attack. By escalating only the issues that require action, Arctic Wolf eliminates noise, enabling your limited IT resources on other priority initiatives. Personal, predictable protection – It’s the Arctic Wolf difference

Contact:
Amy Judge
Field Marketing Manager
amy.judge@arcticwolf.com
408-497-6112

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Announcements and Updates (~5 min)
  • Short presentation by our sponsor (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7:00-8:00 PM]

Deep Dive into the CISM Certification

Ilene Klein

by Ilene Kein, CISSP, CISM, CIPP/US, Cybersecurity Program Coordinator Urban Area Security Initiative City of Phoenix Office of Homeland Security and Emergency Management

Bio:

For over 20 years, Ilene Klein has been evangelizing security to anybody who would listen … and to management.  During this time, she built and led compliance, governance, incident response, privacy, policy, security awareness, threat intelligence, and vulnerability management programs and frameworks.  Ilene started her career as an electronics instructor and then traveled from Honolulu to Heidelberg as a systems engineer installing proprietary software for the U.S. Army and resolving system crashes before focusing on cybersecurity.  Ilene has earned multiple security and privacy certifications, and she’s won awards such as the CISM Geographic Excellence Award for earning the highest score in the North America geographical region on the December 2011 CISM examination and a 2018 Warrior Award for fighting on the “front lines” of cybersecurity.

Topic:

Congratulations — You’re in cybersecurity, one of the best and most in-demand careers.  But there’s an entire alphabet soup full of cyber-related certifications out there.  During this presentation we’ll discuss the CISM certification, including what it is, how it differs from the CISSP, who might be interested in earning a CISM, the domains covered, and whether it’s worth it.

[8:00-8:45 PM]

Anatomy of an Incident Response

Niko Zivanovich

by Niko Zivanovich, Security Engineer specializing in Incident Response, Check Point Software

Bio:

Niko Zivanovich is a Security Engineer for Check Point based in the South West US, specializing in Incident Response. Check Point is based in Tel Aviv, Israel and is one of the largest cyber security firms in the world. Previously at Johns Manville in Denver, Colorado working in network security and security operations focusing on ICS environments. While at Johns Manville, Niko and his colleagues helped to form the Berkshire Hathaway Information Security Group in order to facilitate the sharing of intelligence across the organization. He most recently worked for Berkshire Hathaway Inc. focusing on Incident Response preparation throughout the subsidiaries globally. He holds multiple certifications through the SANS GIAC organization.

Topic:

Anatomy of an Incident Response Event An Incident Response (IR) Plan is where tools, skills and process all come together in a high pressure, time-critical environment. Advance planning and experience are critical to a successful outcome. Niko will walk through a real-world Incident Response event and highlight at each key stage in the process where specific tools, people and skills and the structured response plan came into play and the how deficiencies at any point can hobble the organization. Attendees will be able to overlay this presentation onto their own organizations capabilities and identify where they may have shortcomings in their own IR Plan.

[8:45-9:00 PM]

Networking