APT Who/What/How + Data Sciences and Cybersecurity

Monday March 2nd, 2020 / 6 PM - 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM - 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: Vound Software

Our thanks to Vound-Software for sponsoring this months meeting!

Vound Software

Vound is a leading global vendor of technology used for forensic search, e-discovery and information governance. Our software suite is used by the world’s best-known enterprises, banks, law enforcement, and government agencies for compliance verification, internal audits, and criminal and legal investigations.

Our unique technology graphically displays relationships between custodians and electronically stored information, enabling users to drill down through terabytes of data to find and export the most pertinent information. This innovative approach to forensic search helps to significantly reduce the amount of time and money organizations need to carry out compliance and audit requests, digital investigations, and eDiscovery inquiries.

Contact:
Jaclyn Clark
Sales Support Specialist
jaclyn.clark@vound-software.com
480-401-0856

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Review of Community CyberEvents (~5 min)
  • Short presentation by our sponsor, Fortinet (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7:00-8:00 PM]

Advanced Persistent Threats (APTs) and Nation-state APT Groups

Bill Curdby Bill Curd

Bio:

Our own Dr. Bill Curd has been a pioneer in cybersecurity and related disciplines within global high-tech enterprises for decades. As President of Synesys Group, he is an invited instructor, speaker, analyst, investigator and mentor in cyber security, privacy, national security intelligence and geopolitical matrix – best known for his highly-evaluated CISSP boot camps (next one the week of March 30th).

Less known is his involvement with the intelligence community. He is a frequent mentor for national security intelligence analyst internships including a compartmented one now concerning Counter-Intelligence and occasionally participates in Red Cell exercises for three-letter agencies.

His Top Secret clearance was from the IC. He is a member of the Association of Former Intelligence Officers and FBI InfraGard, and alumni of FBI Citizens’ Academy. Bill is the Qualifying Party for Synesys Group, an AZ PI agency, and an associate of National Security Consulting & Investigations PLLC.

Checkout his extensive professional education, certifications, and affiliations on LinkedIn, and connect with him there if you haven’t already.

John resides in Seattle, Washington, holds a bachelor’s degree in business management, and will obtain his master’s degree in cybersecurity and information assurance in 2020. .

Topic:

  • What is an APT and an APT group?
  • How are these groups named?
  • To which nation-state do we best attribute each?
  • Whom do each target with what motivations, using what attack vectors?
  • What isn’t an APT (an acceptable excuse for your protections having failed)?
  • Then, we will look at some specific APT activities.

Time permitting, he will put some information concerning Advanced Persistent Threats on Dropbox to be shared for a window of time to those requesting access. Fortunately, a lot of information that we could only initially recover from the Darknet is now easily accessible on Wikipedia, MITRE ATT&CK, FireEye, and Crowdstrike.

At session end, Bill will briefly highlight the cybersecurity certifications that factor most prominently in job postings, their open positions, salaries, etc. For example, the CISSP is the third most requested certification in job postings for all occupations (after PMP and before Automotive Service Excellence).

[8:00-8:45 PM]

A Brief Overview of Data Science and the Intersection with Cybersecurity

by Mark Borbour, founder of Data Science Consulting

(Image Intentionally Pixelated)

Bio:

Mark is the founder of a Data Science Consulting firm that has served clients in a wide array of Government, Corporate, Non-Profit and Small Business environments.
Mark and his colleagues use Data Science to help organizations gather, process and structure data so that meaningful patterns can be analyzed, explored, and communicated to the organization, their stakeholders, clients, and contractors.

He started his career at 19 as a 911 Dispatcher for Phoenix Police Dept. There, he learned how powerful information and communication can be. He developed a curiosity for computer science that ultimately lead to doing freelance IT consulting for JP Morgan Chase, Berkshire Hathaway, and various other regional corporations and small businesses. While working for these companies, Mark's programming skills converged on Data Science to handle the massive amount of information that must be dealt with on a daily basis for these organizations. This lead to an increasing interest alongside the emerging field of Data Science. Seeing how generally useful these tools were, a couple of years ago he switched his business focus from IT to Applied Data Science, and has since served clients in Education, AI-Security Implementation, Politics, and Real Estate.

Topic:

The amount and importance of data in our daily lives is increasing at an accelerated rate. What are the security implications of large, international, public entities (state actors, corporations, etc) accumulating so much information in such a concentrated and centralized way? What kind of liability becomes apparent when large amounts of data are leaked? Even the most routine, mundane data (in large enough quantities) can be dangerous in very subtle and unpredictable ways. The best method of addressing these concerns is through education and data literacy. Spreading that knowledge will be the primary motivation of this talk.

I will go over the basic Data Science Process, some common industry vocabulary (especially common buzzwords), and provide some additional resources to learn more about Data Science.

[8:45-9:00 PM]

Networking

 

Cyberwarfare vs Conventional and how AI is empowering our adversaries

Monday Feburary 3rd, 2020 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: Fortinet 

Our thanks to Fortinet for sponsoring this months meeting!

Fortinet Logo
Fortinet

 

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Review of Community CyberEvents (~5 min)
  • Short presentation by our sponsor, Fortinet (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7:00-8:00 PM]

Warfare: Cyber vs.  Conventional

by John Jacobs, VP of Systems Engineering , Fortinet.

Bio:

As Vice President of Systems Engineering, John currently leads teams for a number of Fortinet’s largest customers and service providers. With 20 years of experience in network design, engineering and global operations, he continuously works to strategize, construct and operate data and content delivery that can scale and survive modern business needs.

As the industry has shifted from a focus of simple connectivity to one of continuous access, real-time security, and expanded platforms, he is proud to be part of a leading security organization as a consultative member of the Fortinet Security Fabric team, offering direct feedback from the field to help best determine not only how we shape our technology, but also the ecosystem growth through partners and their complimentary solutions.

John resides in Seattle, Washington, holds a bachelor’s degree in business management, and will obtain his master’s degree in cybersecurity and information assurance in 2020. .

Topic:

What is cyber warfare?  How is cyber warfare different from a conventional war?  How would a modern conflict between nation states manifest it self with todays technical landscape.  How would a cyber war impact the private sector?

Join John as he reviews the new landscape of warfare and how most countries are preparing for the likelihood that the next war will be a hybrid between cyber and conventional, and the impact to all of us that are in the line of fire.

[8:00-8:45 PM]

How AI and Deep Learning are Empowering our Adversaries

Bio Placeholder Pic
Image Pending

by Gavin Klondike , Sr. Security Consultant

Bio:

Gavin is a senior consultant and researcher who has a passion for network security, both attack and defense. Through that passion, he runs NetSec Explained; a blog and YouTube channel which covers intermediate and advanced level network security topics, in an easy to understand way. His work has given him the opportunity to be published in industry magazines and speak at conferences such as Defcon and CactusCon. Currently, he is researching ways to address the cybersecurity skills gap, by utilizing machine learning to augment the capabilities of current security analysts.

Gavin has presented to the group before in Jan of 2019 on Machine Learning with very positive reviews.

Topic:

There’s no question that modern advances in AI and Deep Learning technologies have allowed organizations to greatly scale their defensive capabilities. Between detecting evolving threats, automating discovery, fighting dynamic attacks, and even freeing up time for IT professionals; AI-fueled automation has been a boon for system defenders. But before we get too comfortable, we need to remember that there is another side to this fight.

In this talk, we’ll take a look at how AI technologies are enhancing adversarial capabilities and how challenges in defensive machine learning are opening up new attack surfaces.

[8:45-9:00 PM]

Networking

 

Crowdstrike presents on the current e-crime landscape and procedures used by APT actors

Monday January 6th, 2020 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: CrowdStrike 

Our thanks to CrowdStrike for sponsoring this months meeting!

Contact: Grace Bergen
SLED Marketing Manager
M: 805-699-5809
grace.bergen@crowdstrike.com

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Review of Community CyberEvents (~5 min)
  • Short presentation by our sponsor, Luke Zeman of Crowdstrike (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7-7:45 PM]

The Not So Itsy Bitsy Spider

by Matt Russell, Threat Intelligence Advisory Lead- The Americas, Crowdstrike

Bio:

Matt Russell an internationally seasoned business and technology executive. He combines the exceptional leadership skills he learned leading and training intelligence teams in US Special Operations, with his commercial experience in consulting and industry to successfully operate across a variety of business domains, geographic boundaries, and cultural landscapes. Matt spent 5 years living and working in Asia and possesses advanced fluency in both Korean and Spanish.

Topic:

Wizard Spider, made famous by their commodity banking malware “TrickBot” and “Ryuk”, is a notorious threat actor that conducts high impact attacks across a variety of industry verticals and sectors. We’ll start off with an overview of the current e-crime landscape and emerging trends, and the begin to breakdown the tactics, techniques, and procedures that Wizard Spider leverages as they conduct operations across the globe. Focus will be on the TrickBot, Ryuk, and AnchorDNS malware families, providing high-level overviews of their functionality and deployment. A victimology case study will provide a deep-dive into a real world scenario where both the failures and lessons learned will be on display. This talk will conclude with defensive strategies to help mitigate the threat, as well as, an interactive question and answer session.

[7:45-8:45 PM]

The Need for Advanced Incident Response Tools and Capabilities

Michael McAndrews Bio Pic

by Michael McAndrews, Vice President, Network Security Services, WGM Associates

Bio:

Michael McAndrews has been involved in Information Technology and Security for more than 25 years. Michael worked in the financial services, manufacturing and pharmaceutical industries before joining the Federal Bureau of Investigation in 2006 as a Special Agent. During his time with the FBI, he investigated numerous violations, but focused primarily on computer crimes such as intrusions, Internet frauds and intellectual property violations. He was also a member of the FBI’s Cyber Action Team, a group of selected agents who would deploy worldwide for the most critical of intrusions. With experience in both the National Security and Criminal arenas, Michael left the FBI in December 2013 to rejoin the private sector. He now works as an expert in the field using leading edge security devices and performing awareness training to groups worldwide.

Michael is a Certified Information Systems Security Professional (CISSP) and has been certified by GIAC as a GSEC professional, an Intrusion Analyst (GCIA), and Incident Handler (GCIH). Michael also holds the A+ and Network+ certifications from Comptia.

Topic:

With the ongoing epidemic of cyber security breaches, the need to successfully execute an incident response plan is of the utmost importance to shorted the time between breech and recovery and lower the overall risk to the organization. Michael will discuss incident response and how full network packet capture and end-point detection/response technologies can be leveraged together as a powerful combination to improve the investigative and remediation process. Actual scenarios will be shared where WGM and CrowdStrike have worked together on an international Incident Response engagement.

 

[8:45-9:00 PM]

Networking

 

FBI Cyber update & Advanced Persistent Threats (APT)

FBI

Monday December 2nd, 2019 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: Palo Alto 

Our thanks to Palo Alto for sponsoring this months meeting!

Palo Alto Logo

Contact: Amy Looper | Named Account Manager | Palo Alto Networks
Phoenix, AZ | www.paloaltonetworks.com
Mobile: 480.431.3870
Email: alooper@paloaltonetworks.com

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-7:00 PM]

Cyber Security Community updates

  • Cyber community updates (~5 min)
  • Sponsor segment (~15 min)
  • Cyber threat update with Erik Graham (~15 min)

[7-7:45 PM]

Defending against APT with Secure DevOps

Ford Winslow

by Ford Winslow, CEO of ICE Cybersecurity

Topic

Ford will discuss the importance of engaging the Development and Architecture teams at the early stages to build security into your products and systems so you can effectively defend, detect and prevent compromises from Advanced Persistent Threats as well as the hard lessons learned performing incident response for large clients.

Bio

With over two decades of professional experience in Information Technology and Business Management, Ford Winslow has been a thought leader in the related fields of cybersecurity, cloud and IT Services since their inception.

ICE Cybersecurity, the San Diego-based firm he founded in 2016, specializes in managed cybersecurity and advanced cyber protection programs for organizations in heavily regulated industries.

Over the past two decades, Mr. Winslow has held technology leadership positions in the Cybersecurity, Cloud, Information Technology, Risk Management, Life Sciences, Financial Services, Healthcare, Non-Profit and Retail Industries, where he has consistently delivered value through the latest break-throughs in technology.

Prior to launching ICE Cybersecurity, Mr. Winslow served as Chief Risk Officer, of a San Diego-based Cloud and Managed Services Provider. He is the co-author of “Good Informatics Practices,” a best-practices training guide for the Life Sciences and Healthcare industries. Prior to CentrexIT

In addition to his professional duties, Mr. Winslow serves as an advisor to a number of startups focused on Cybersecurity, Blockchain, Internet of Things (IoT) and Emerging Technologies. He is an advisor and mentor with CyberTECH, a San Diego-based network of tech-inspired startups and early-stage firms.

Mr. Winslow is an active member of the local community, supporting social organizations and charities benefiting a variety of worthy causes. His spare time is spent with family, on the golf course, playing music, or cooking. Ford studied Computer Science and Information Systems Management at University of Maryland.

[7:45-8:45 PM]

FBI Cyber update

FBI Seal
Federal Bureau of Investigation

by FBI Special Agent Paul Schaaf, also Phoenix Co-Infragard Coordinator, Federal Bureau of Investigation

Paul and team will provide an update on the FBI Cyber Task Force and relevant issues we all face as we collectively work together to keep our national infrastructure safe and secure.

[8:45-9:00 PM]

Networking

 

Detecting APT with NAC, Sandboxing & SIEM-Part I + Zeek/Bro Log Collection

Monday November 4th, 2019 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

 

Sponsor: Fortinet 

Our thanks to Fortinet for sponsoring this months meeting!

Fortinet Logo
Fortinet

 

Debbie Lite Trauter
Channel Account Manager – Mountain Desert
E: dlite@fortinet.com
M: 714.336.9695
Skype: Debbie Lite Trauter
NSE Certified : Level 3
899 Kifer Road | Sunnyvale, CA 94086

[7:15-8 PM]

Detecting APT with NAC, Sandboxing and SIEM – Part 1

Bio Placeholder Pic
Image Pending

by Cory  Sober, Systems Engineering Manager, Fortinet

Join Cory for the first in a two part series on Advanced Persistent Threats and how to detect them is something every large organization struggles with.  Yes, you have a wide variety of tools but how do you get them to all work together to get rapid answers to the time critical question of “Do I have a compromise and what is my exposure?”   Join Cory in this first of a two part series where he does a deep dive in how to use modern commercial tools including Network Access Control, Sandbox technology and full fledged Security Information and Event Management (SIEM) to detect Advanced Persistent Threats so you can quickly isolate and remediate compromises.

Cory is a Systems Engineering Manager at Fortinet with decades of hands on experience and holds several technical certifications relating to security, networking and systems.

In addition to being a security and networking expert, Cory is a graduate of the Reserve Officers Law Enforcement Academy and a member of Infragard

[8-8:45 PM]

Security Monitoring with Zeek and Bro IDS

Tim Garcia Profile Pic

by Tim Garcia, SANS instructor (Tool Time with Tim) VP-CISSP,GSEC,GCDA,GCCC,GMON,GCED

Can a 20 year old technology help give you strategic visibility into a modern enterprise netowork?  The answer is yes!.  Welcome to a powerful network monitoring/logging tool most people have never heard of.

Tim Garcia will review the capabilities and use of the the Zeek and Bro IDS (two seperte tools that are often used together) for security threat hunting.

(Originally the presentation was to be on the use of the Yara scripting tool to identify maleware signatures but the Zeek/Bro topic won out due to popular demand).

Tim is SANS Instructor primarily focused on blue team activities, ethical hacking, incident handling, security management and general information security principles.   Instructor in Information Systems Security, Systems Analysis and Project Management for several local universities in the Phoenix area.

In-House Risk-Based Security Controls Assessment (SCA) Process and Blockchain Security

Monday October 7th, 2019 / 6 PM - 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM - 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

 

Sponsor: Ventech Solutions 

Our thanks to Ventech Solutions for sponsoring this months meeting!

Ventech Solutions Logo

 

Sponsor Contact: Jennifer White
Senior Account Executive
Mobile: 480-297-8016
Jennifer.White@ventechsolutions.com

Presentation 1: In-House Risk-Based Security Controls Assessment (SCA) Process (7:00 - 8:00 PM)

Dr Jerry Craig Logo
Dr. Jerry Craig, D.Sc. CCSP, CISSP, InTP, PMP, ITILv3 Intermediate VP, Security Services of Ventech

Session Content:

Most organizations utilize third-party auditors as well as vulnerability and compliance-based assessments to determine the health of their systems prior to receiving an Authority to Operate (ATO) from a designated authority. Each organization in a specific business sector must follow federally mandated frameworks and processes. This is true whether it’s a healthcare organization utilizing frameworks to satisfy HIPAA and HITRUST requirements, military organizations satisfying the Department of Defense’s Certification and Accreditation (C&A) process, or a federal contractor who is required to maintain a security boundary for a Federal Information Security Management Act (FISMA) system.

Dr. Jerry Craig will review a new process in which Security Controls Assessments (SCA) are managed and operated by in-house assessor teams—which allows the federal government to reduced engagement periods and costs, continuous monitoring, deeper knowledge into control families and individual controls, greater visibility into systems, risk-based system vulnerabilities analysis, and most importantly, the ability to stand in a defensible position in the event of a data breach.

Bio:

As Ventech Solutions’ HIDS Security Director, Dr. Craig is responsible for managing the security operations for the Health Care Quality Information Systems (HCQIS) Infrastructure and Data Center Support (HIDS), a program of the Centers for Medicare and Medicaid Services (CMS). His area of responsibilities includes a Security Operations Center, Security Engineering Team, an Identity & Access Management Team, and a Compliance/Audit Team. In addition to his time supporting CMS, Dr. Craig serves as Ventech Solutions’ Vice President of Security Services.

Dr. Craig has over 20 years of experience delivering mission critical systems, services, and IT security solutions to a wide range of Department of Defense customers, universities, and private sector businesses. Dr. Craig led the implementation of the Armed Forces Health Longitudinal Technology Application (AHLTA) for the United States Navy and Air Force and led the deployment of the United States Marine Corps’ Combat Operations Centers for multiple DoD Special Operations units operating in Southeast Asia. For the past 10 years, Dr. Craig has served as an Adjunct Associate Professor for the University of Maryland University College (UMUC), as well as an Adjunct Professor for Capital Technology University (CTU).

Dr. Craig currently holds a Doctor of Science in Cybersecurity, a Master of Science in Network Security, a Master of Arts in Economics and Business Management, and a Bachelor of Science in Computer Studies. Dr. Craig maintains numerous certifications including ISC2’s Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP), PMI’s Project Management Professional (PMP), CompTIA’s Security+ and A+, and is a certified Insider Threat Program Manager via Carnegie Mellon University’s Software Engineering Institute.

Presentation 2: Blockchain Security (8:00-8:45 PM)

by Michael Noel

Mike Noel Bio Picture

 

Session Content:

Is blockchain really secure?

“Secure” It turns out is very hard to define in the context of blockchains.
Secure from whom?
Secure for what?
Blockchain Security depends on your perspective, Today we will be covering several different blockchain perspectives including,

A. The centralization question, Centralization is at least part of the problem. Data stored in a large depository is far more attractive to a potential hacker.

B. Permissioned systems, Building private or community systems AKA Permissioned blockchains for increased security is a severely misguided one. Permissioned systems, STILL raise questions.

C. The Centralization of Decentralized Systems, Despite blockchain technology being decentralized, there are still centralized aspects of it, such as cryptocurrency exchanges.

D. eclipse attack, Nodes on the blockchain must remain in constant communication to compare data, is this a strength, or a vulnerability?

E. Tokenomics is not Economics, Approaching Blockchain Security from the coding perspective is very important, and just like any other form of security, the human factor must be considered. Tokenomics is another important factor we need to understand with any blockchain implementation.

F. Tokenized Assets, Security Tokens are coming, what steps are necessary to protect Digital representations of your organization's equity and therefore control?

Bio:

Michael Noel - Certified Blockchain Professional, Building Distributed Ledger Architected Organizations

Michael is the Co-Founder and CEO of Blockinetics, Founder of Blockchain Equities, Blockchain Weekly Host, Cryptonite Ventures Founding Member, facilitator for three monthly Phoenix Meetups, and one of the first candidates to be Certified by the EC-Council as a Certified Blockchain Professional.

He is on numerous Advisory Boards such as Swift Harvest, Ethera Labs, Lannister Holdings, and Hemp Harvest. Michael is a Member of BizIt M&A and has multiple connections to Private Equity groups, Angel and VC Groups.

In 2011 a friend introduced him to cryptocurrency mining and they started a Crypto mining operation In 2014. Later that year the discovery of Ethereum nurtured a hard pivot to rationalizing workflows and developing Smart Contracts. Michael Co-Founded Blockchain Consultants, Inc. in 2016 and has been helping multiple companies in multiple industries, adopt Distributed Ledger Technology ever since.

Specialties: Blockchain, Distributed Ledger, Cyber Security, Marketing, Entrepreneurship, Information Technology, Big Data, Graph Processing, Micron Automata Processor, Disruptive Technologies, Disruptive Innovation, Growth Hacking and Connecting the Dots!

Cyber and Physical Security Working Together by SRP

Southwest CyberSec Forum

Monday August 5th, 2019 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

 

Sponsor: Check Point Software Technologies 

Our thanks to Check Point Software Technologies for sponsoring this months meeting!

Check Point Logo
Check Point Software Technologies

Sponsor Contacts:

Enterprise Team: AZ,NM,NV
Brian Besse: Territory Manager BBesse@CheckPoint.com 949-521-3590
Jon Fallon: Security Engineer JFallon@CheckPoint.com
Michael Reuland: Business Development MReuland@checkpoint.com
Katie Schweger Renewals Specialist KSchwege@checkpoint.com

Presentation 1: The New Norm – Cyber and Physical Security Working Together – The SRP Example (7:15-8:00 PM)

by Jay Spradling and Kevin Wruble from the Salt River Project (SRP)

Jay Spradling Profile Picture

Jay Spradling

Manager over Security & Business Continuity

As the Manager over Security & Business Continuity for Salt River Project (SRP), Jay Spradling is responsible for the physical security at eight dams, seven power generating stations, and numerous facilities and substations around Arizona. SRP maintains a service territory of 2,900-square miles spanning portions of Maricopa, Gila and Pinal counties. He is the Past Chair of a regional working group of utility security directors and managers from around the west coast.

Prior to SRP, Jay had a 30 year career in law enforcement. During his 25 years with the Tempe (AZ) Police Department, he served in virtually every Bureau or Division of that department. Among his assignments were Detective, Motorcycle Officer, Gang Sergeant, Basic Training Sergeant, Narcotics Commander, and SWAT Team Commander. He retired as an Assistant Chief of Police and then moved over to the Arizona State University (ASU) Police Department, where he served as their Assistant Chief of Police for another five years.

Jay is a graduate of the FBI National Academy and continues to be active with the Board of their Arizona Chapter.

Jay is a long time member and Past President of the Tempe South Rotary Club. He has been active in numerous other charitable organizations, including Tempe Leadership, American Cancer Society, Paz de Cristo, the Boy Scouts of America, Feed My Starving Children, and the Desert Southwest Chapter of the Alzheimerís Association. Jay is married and has two adult children.

Kevin Wruble

Kevin Wruble

Manager over Cyber Security Identity and Access Management

As the Manager over Cyber Security Identity and Access Management for Salt River Project (SRP), Kevin is responsible for the systems and processes which manage access to SRPís electronic assets. SRP maintains a service territory of 2,900-square miles spanning portions of Maricopa, Gila and Pinal counties.

During his 23 years of experience in the information technology and cyber security industries, Kevin has served in a variety of technical and management roles. Kevin has earned CISSP, GLEG, and ITPM certifications, is a graduate of the University of New Mexico, and is married with two children.

Session Content:

This will be an abbreviated content session based on content at the ASIS Phoenix Chapter Bi-Monthly April 2019 Meeting

  • Quick overview of our what we protect for SRP from a physical and cyber perspective
    • How our specific roles differ and align
    • Backgrounds
    • Terminations
    • Investigations
    • Compliance Requirements
    • A need for common vernacular – “We need everything!”
  • C-Suite Perceptions & Issues
  • Insider Threat
  • Q&A

Presentation 2: PENDING (8:00-8:45 PM)

by TBD

We currently have an open slot for the second presentation and will provide updates throughout the month.

 

FBI Cyber Task Force Update and Lethal Software Bugs

Monday July 1st, 2019 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

 

Sponsor: 

Our thanks to General Dynamics for sponsoring this months meeting!

General Dynamics Logo
General Dynamics

Sponsor Contact:

John E. Alschuler, CISSP, ISSEP
Systems Engineer, Principal
General Dynamics Mission Systems
8201 E. McDowell Rd, M.S. H2220
Scottsdale, AZ 85257

Presentation 1: FBI Cyber Task Force Update (6:45-8:15 PM)

by FBI Special Agent Paul Schaaf, also Phoenix Co-Infragard Coordinator

FBI Seal
Federal Bureau of Investigation

Paul and team will provide an update on the FBI Cyber Task Force and relevant issues we all face as we collectively work together to keep our national infrastructure safe and secure.

 

Presentation 2: Lethal Software Bugs (8:15-9:00 PM)

Elio Profile Picture
Elio Grieco
No one is perfect, but software should be. As we continue to add software into more aspects of our lives, the impact of bugs becomes increasingly more dangerous. Well cover the history of bugs that have killed people, what can be done to prevent such tragedies, and likely future industry trends. We’ll also talk about various policies and techniques that can be used to create software that is trustworthy and bug free.

This plays into last months presentation on the CISSP Domain One and how human life should be priority one when balancing decisions on cyber security.

Building Elegant Security Dashboards for your NOC or SOC & CISSP Domain 1 Security & Risk Management

Phreedom Leadership Photo

Monday June 3rd, 2019 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum
WHEN: 1st Monday of each month 6:00 PM – 9:00 PM
WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283
WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

 

Sponsor: 

Oracle
Sponsorship by Oracle

Sponsor Contact:

Dan Krpata dan.krpata@oracle.com
Security and Management Specialist
602-549-5197

 

Cyber Threat Rundown with Erik Graham

We have video of our presentations on YouTube!

 

Presentation 1: Building Security Dashboards from Elasticsearch Log Data (7:00-7:45 PM)

by Dean Moore and John Nash of Phreedom Technologies

 

We have video of our presentations on YouTube!

 

John R. Nash Bio Pick
John R. Nash

With the relentless increase in speed and capacity of networks and systems, the logs that are generated can exceed thousands of events per second or more!  Is there any hope for an understaffed security team to keep up with the constant flow of user activity and system events, and hope to make any sense out of it?

John and Dean will show how to build sophisticated security dashboards, sourced from firewall and windows event log data stored in Elasticsearch.  The focus will be on the use of open source tools to build time series histograms and heat maps to identify important data that will highlight how your infrastructure is operating and quickly identify patterns and anomalies that may require further investigation.

Examples:

Dashboard 1
Firewall session for most active users over a 2 day period
Dasboard 3
ISP Daily Bandwidth by Netblock Owner (ASN)
Security Dashboard 2
Daily Heat map of Firewall Policy Events

 

Presentation 2: CISSP Domain 1 Security & Risk Management presented by Tim Hoffman (7:45-8:00 PM)

We have video of our presentations on YouTube!

 

Tim Hoffman
Tim Hoffman

The security & risk management domain is a complex domains that accounts for a total of 16% of the score on the examination. This domain often confuses the more technical personnel because it speaks to business. The intent of the domain puts focus directly on business executives and security personnel who must work together to agree on the proper security activities to perform to achieve optimum governance. The Board and Executive Management will involve themselves with providing strategic direction and making decisions based on risk – then managing risks appropriately while concurrently verifying that the enterprise’s resources are used responsibly.

Mr. Timothy Hoffman is a Healthcare Cybersecurity Executive with an extensive US Navy cryptologic background, a serial entrepreneur, and Founder of Tim Hoffman & Associates, LLC. His professional credentials include an MS from Central Michigan University and certifications including: CISSP, GCIH, CCSK, Security+(CE), Network+(CE), ITIL v3, ISO 27001, C|EH, CNDA, Expert Rating PM, ISP, and many others.

Mr. Hoffman’s strength is found in alignment of technology solutions to business needs so as to support business through risk management. His team translates technical speak into everyday language that is easy to understand and has won praise for security program creation, policy & procedure writing, Cloud system design, and network architecture.

Notable career accomplishments include 5 books, radio show host in Italy & US, multiple language facility with fluency in Italian, and platform training to thousands of students on IT & cybersecurity topics for nearly 30 years. He is a competitive level dancer on the global UCWDC scale placing 4th in 2016 and 8th at a higher level in 2019.

 

Presentations on Intel AMT and NGFW Next Generation Firewalls

Presentation 1: Security Implications of Intel’s Active Management Technology (AMT)

Presented by Gorden Bader, CISSP

Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers, running on the Intel Management Engine, a separate microprocessor not exposed to the user, in order to monitor, maintain, update, upgrade, and repair them.

Presentation 2: Review of Modern Next Generation Firewalls (NGFW)

by John Nash, VP of Technology, Phreedom Technologies

John R. Nash, VP of Technology Picture
John R. Nash, VP of Technology, LLC

 

John Nash of Phreedom Technologies presents a feature round up of modern perimeter firewalls. There is a lot of confusion and misconceptions, even among security professionals about what modern firewalls do.  Even the terms Next Generation, NGFW or 4th Generation Firewall which are commonly thrown around by vendors can be confusing and misleading.  John breaks down the features of a sampling of the the leading firewall vendors giving you a clear picture of what the proper role of a perimeter firewall plays in your organization and how it ties into your overalls security strategy. This is tailored to professionals at every stage in their career.