FBI Cyber Task Force Update + Implementing Security Compliance Through DevOps Automation / Splunk My Logs Please!

REGISTER HERE

A Zoom account is required for this special event.

Monday June 1st, 2020 / 6:30 PM (PST)

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:30 PM (MST)

WHERE: Virtual Zoom Meeting: Register Here or use  Direct Link to Meeting.

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s

Sponsor: Check Point Software

Our thanks to Check Point Software for sponsoring this months meeting!

Check Point Infinity is the first consolidated security across networks, cloud and mobile, providing the highest level of threat prevention against both known and unknown targeted attacks to keep you protected now and in the future.

Contact:
Enterprise Team: AZ,NM,NV
Brian Besse: Territory Manager BBesse@CheckPoint.com 949-521-3590
Jon Fallon: Security Engineer JFallon@CheckPoint.com
Michael Reuland: Business Development MReuland@checkpoint.com
Katie Schweger Renewals Specialist KSchwege@checkpoint.com

[6:30-6:35 PM]

Announcements

  • Announcements and Updates (~5 min)

[6:35-6:50 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[6:50-7:05 PM]

Sponsor Segment

  • Short presentation by our sponsor (~15 min)

[7:05-7:50 PM]

Implementing Security Compliance Through Automation

Joseph Bennet - Lead Consultant Contino,
Aaron Brock - Lead Consultant Contino,
Jason Lutz, NPA - Senior DevOps Consultant, Security

Topic:

Hybrid cloud change control and compliance can be manual, cumbersome and not scale well.  Joseph, Aaron and Jason will present how they migrated a manual process of log ingestion for clients AWS flow logs into an automated process driven by what are typically considered DevOps tools such as Git, Ansible, Jenkins, Terraform and Trumpet.  This reduced the process timeline from days to hours, and allowed different teams to more effectively collaborate in managing the process.  This mash-up of tools and how they were used provides important lessons for the future of Security Automation.  Don’t miss this highly technical presentation which will include demo code and interactive chat session with the presenters.

Bio:

Joseph:  Joseph Bennet has 14 years working in the IT industry, and 7 years as a consultant ups killing clients and their staff in the deployment, management, and use of various technologies. Joseph Bennet's includes a wide range of industries including financial, entertainment as well as public sector experience working with organizations such as the US Patent and Trademark Office and the Army Research Laboratory.

Aaron:  Aaron N. Brock, is passionate about delivering solutions which create business value for clients. His forte is to tightly integrate iterative technological improvements with people-focused learning and upskilling, creating an environment where positive change is encouraged. He continues to evangelize a Cloud-First approach following DevOps best practices. Aaron has extensive experience in Docker, K8s, Jenkins, Ansible, Terraform and more. He continues to work with a wide breadth of companies across a variety of industries ranging from gaming to large financial institutions, and has experience at every level of the software development lifecycle.

Jason: Passionate in building cloud security programs, implementing open source technologies, and addressing information security risk. As a certified ISO 27001 Lead Implementer: he understands what it takes to build and reinforce information security management systems (ISMS) with a specialized focus on cloud implementations. He continuously increases his security, compliance and technical skills; combining these skills to create a unique amalgamate of knowledge to offer to our clients.

 

[7:50-8:40 PM]

FBI Cyber Task Force Update

FBI Seal
Federal Bureau of Investigation

by FBI Special Agent Paul Schaaf, also Phoenix Co-Infragard Coordinator

Topic:

Paul and team will provide an update from the FBI Cyber Task Force on the onslaught of on-line misinformation and how it is going to force our society to change the way we consume information and trust sources.

[8:40PM]

End

 

Complexities of Incident Response + Real Time Defender Velocity

Monday May 4th, 2020 / 6:30 PM (PST)

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:30 PM (PST)

WHERE: Online

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s

Sponsor: SentinelOne

Our thanks to SentinelOne for sponsoring this months meeting!

A group of defense and intelligence experts saw savvy attackers compromising endpoints seemingly at will. Traditional approaches failed to provide sufficient protection. They founded SentinelOne to develop a dramatic new approach to endpoint protection. It’s one that applies AI and machine learning to thwart known and unknown threats.

Our team understands how much endpoints matter. When attackers come after our privacy, intellectual property, infrastructure, and collaborative modes of working, they assault more than just data. We’re under attack, and so are our values. That’s why we’re dedicated to keeping our breakthrough platform ahead of threats from every vector. Gartner, NSS Labs, and industry leading organizations recognize that our approach sets us apart.

Contact:
Shaq Misra
Enterprise Sales
shaqm@sentinelone.com
801-414-9641

[6:30-6:35 PM]

Announcements

  • Announcements and Updates (~5 min)

[6:35-6:50 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[6:50-7:05 PM]

Sponsor Segment

  • Short presentation by our sponsor (~15 min)

[7:05-7:50 PM]

Real Time Defender Velocity

by David Gold – Sr. Director, Sales Engineering – West SentinelOne

Bio:

David Gold recently joined SentinelOne as Sr. Director of Sales Engineering for the West. David has more than 15 years experience in enterprise information security and brings a strong track record of innovation and customer focus to SentinelOne. Previous to SentinelOne he was the VP of Product and VP of Solutions Architecture at ProtectWise and helped launch and build the company from stealth to a successful exit to Verizon.  David helped define the network detection and response market and has helped many organizations develop detection and response strategies and to embrace cloud delivered technologies. He has also led Firewall Product Management at McAfee and has held various roles in sales engineering, product management and support at Websense, Intel, McAfee and Secure Computing.

Topic:

Organizations spend more money on cyber security tools every year, yet the number of breaches and the cost of these breaches continues to increase. A new approach is needed that relies on autonomous analysis that can respond at machine speed. By embracing automation, AI and big data analytics organizations can better prevent threats, find and detect what is missed, provide contextual linking for forensic and threat hunting – and even more importantly self heal and fully recover when necessary.

[7:50-8:40 PM]

Complexities of Incident Response

 

by Chris Pavan; Security Professional, Helios Group

Bio:

Chris Pavan is a veteran incident responder with experience supporting the US military and working in national forensics projects. He is a previous SWSCF speaker and is heavily invested in the Phoenix cyber security community.

Topic:

Chris Pavan will review a forensic case involving a vulnerable minor which touches on a lot of the standard items inherent in any cyber-security forensic case.  This particular case ran into a number of unique challenges relating to victims’ rights, the inherent bureaucracy and sometimes siloed mentality of law enforcement agencies and the complex and sometimes conflicting legal framework that must be navigated by the investigator to juggle all these competing dynamics.  The presentation will highlight some of the entrenched challenges we still need to deal with not only as cyber security professionals but as a society.

[8:40PM]

End

 

Deep Dive into the CISM Certification + Anatomy of an Incident Response

Monday April 6th, 2020 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: Arctic Wolf Networks

Our thanks to Arctic Wolf Networks for sponsoring this months meeting!

Arctic Wolf

Through the industry’s original Concierge Security Team, Arctic Wolf provides the scalable managed cybersecurity protection IT-constrained companies need to keep their critical data, networks, web-based applications, and devices safe. Working as an extension of your internal team, highly-trained and coveted security experts deliver 24×7 cloud-based monitoring, risk management, threat detection, and response services that protect you from ever-evolving methods of cyber attack. By escalating only the issues that require action, Arctic Wolf eliminates noise, enabling your limited IT resources on other priority initiatives. Personal, predictable protection – It’s the Arctic Wolf difference

Contact:
Amy Judge
Field Marketing Manager
amy.judge@arcticwolf.com
408-497-6112

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Announcements and Updates (~5 min)
  • Short presentation by our sponsor (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7:00-8:00 PM]

Deep Dive into the CISM Certification

Ilene Klein

by Ilene Kein, CISSP, CISM, CIPP/US, Cybersecurity Program Coordinator Urban Area Security Initiative City of Phoenix Office of Homeland Security and Emergency Management

Bio:

For over 20 years, Ilene Klein has been evangelizing security to anybody who would listen … and to management.  During this time, she built and led compliance, governance, incident response, privacy, policy, security awareness, threat intelligence, and vulnerability management programs and frameworks.  Ilene started her career as an electronics instructor and then traveled from Honolulu to Heidelberg as a systems engineer installing proprietary software for the U.S. Army and resolving system crashes before focusing on cybersecurity.  Ilene has earned multiple security and privacy certifications, and she’s won awards such as the CISM Geographic Excellence Award for earning the highest score in the North America geographical region on the December 2011 CISM examination and a 2018 Warrior Award for fighting on the “front lines” of cybersecurity.

Topic:

Congratulations — You’re in cybersecurity, one of the best and most in-demand careers.  But there’s an entire alphabet soup full of cyber-related certifications out there.  During this presentation we’ll discuss the CISM certification, including what it is, how it differs from the CISSP, who might be interested in earning a CISM, the domains covered, and whether it’s worth it.

[8:00-8:45 PM]

Anatomy of an Incident Response

Niko Zivanovich

by Niko Zivanovich, Security Engineer specializing in Incident Response, Check Point Software

Bio:

Niko Zivanovich is a Security Engineer for Check Point based in the South West US, specializing in Incident Response. Check Point is based in Tel Aviv, Israel and is one of the largest cyber security firms in the world. Previously at Johns Manville in Denver, Colorado working in network security and security operations focusing on ICS environments. While at Johns Manville, Niko and his colleagues helped to form the Berkshire Hathaway Information Security Group in order to facilitate the sharing of intelligence across the organization. He most recently worked for Berkshire Hathaway Inc. focusing on Incident Response preparation throughout the subsidiaries globally. He holds multiple certifications through the SANS GIAC organization.

Topic:

Anatomy of an Incident Response Event An Incident Response (IR) Plan is where tools, skills and process all come together in a high pressure, time-critical environment. Advance planning and experience are critical to a successful outcome. Niko will walk through a real-world Incident Response event and highlight at each key stage in the process where specific tools, people and skills and the structured response plan came into play and the how deficiencies at any point can hobble the organization. Attendees will be able to overlay this presentation onto their own organizations capabilities and identify where they may have shortcomings in their own IR Plan.

[8:45-9:00 PM]

Networking

 

APT Who/What/How + Data Sciences and Cybersecurity

Monday March 2nd, 2020 / 6 PM - 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM - 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: Vound Software

Our thanks to Vound-Software for sponsoring this months meeting!

Vound Software

Vound is a leading global vendor of technology used for forensic search, e-discovery and information governance. Our software suite is used by the world’s best-known enterprises, banks, law enforcement, and government agencies for compliance verification, internal audits, and criminal and legal investigations.

Our unique technology graphically displays relationships between custodians and electronically stored information, enabling users to drill down through terabytes of data to find and export the most pertinent information. This innovative approach to forensic search helps to significantly reduce the amount of time and money organizations need to carry out compliance and audit requests, digital investigations, and eDiscovery inquiries.

Contact:
Jaclyn Clark
Sales Support Specialist
jaclyn.clark@vound-software.com
480-401-0856

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Review of Community CyberEvents (~5 min)
  • Short presentation by our sponsor, Fortinet (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7:00-8:00 PM]

Advanced Persistent Threats (APTs) and Nation-state APT Groups

Bill Curdby Bill Curd

Bio:

Our own Dr. Bill Curd has been a pioneer in cybersecurity and related disciplines within global high-tech enterprises for decades. As President of Synesys Group, he is an invited instructor, speaker, analyst, investigator and mentor in cyber security, privacy, national security intelligence and geopolitical matrix – best known for his highly-evaluated CISSP boot camps (next one the week of March 30th).

Less known is his involvement with the intelligence community. He is a frequent mentor for national security intelligence analyst internships including a compartmented one now concerning Counter-Intelligence and occasionally participates in Red Cell exercises for three-letter agencies.

His Top Secret clearance was from the IC. He is a member of the Association of Former Intelligence Officers and FBI InfraGard, and alumni of FBI Citizens’ Academy. Bill is the Qualifying Party for Synesys Group, an AZ PI agency, and an associate of National Security Consulting & Investigations PLLC.

Checkout his extensive professional education, certifications, and affiliations on LinkedIn, and connect with him there if you haven’t already.

John resides in Seattle, Washington, holds a bachelor’s degree in business management, and will obtain his master’s degree in cybersecurity and information assurance in 2020. .

Topic:

  • What is an APT and an APT group?
  • How are these groups named?
  • To which nation-state do we best attribute each?
  • Whom do each target with what motivations, using what attack vectors?
  • What isn’t an APT (an acceptable excuse for your protections having failed)?
  • Then, we will look at some specific APT activities.

Time permitting, he will put some information concerning Advanced Persistent Threats on Dropbox to be shared for a window of time to those requesting access. Fortunately, a lot of information that we could only initially recover from the Darknet is now easily accessible on Wikipedia, MITRE ATT&CK, FireEye, and Crowdstrike.

At session end, Bill will briefly highlight the cybersecurity certifications that factor most prominently in job postings, their open positions, salaries, etc. For example, the CISSP is the third most requested certification in job postings for all occupations (after PMP and before Automotive Service Excellence).

[8:00-8:45 PM]

A Brief Overview of Data Science and the Intersection with Cybersecurity

by Mark Borbour, founder of Data Science Consulting

(Image Intentionally Pixelated)

Bio:

Mark is the founder of a Data Science Consulting firm that has served clients in a wide array of Government, Corporate, Non-Profit and Small Business environments.
Mark and his colleagues use Data Science to help organizations gather, process and structure data so that meaningful patterns can be analyzed, explored, and communicated to the organization, their stakeholders, clients, and contractors.

He started his career at 19 as a 911 Dispatcher for Phoenix Police Dept. There, he learned how powerful information and communication can be. He developed a curiosity for computer science that ultimately lead to doing freelance IT consulting for JP Morgan Chase, Berkshire Hathaway, and various other regional corporations and small businesses. While working for these companies, Mark's programming skills converged on Data Science to handle the massive amount of information that must be dealt with on a daily basis for these organizations. This lead to an increasing interest alongside the emerging field of Data Science. Seeing how generally useful these tools were, a couple of years ago he switched his business focus from IT to Applied Data Science, and has since served clients in Education, AI-Security Implementation, Politics, and Real Estate.

Topic:

The amount and importance of data in our daily lives is increasing at an accelerated rate. What are the security implications of large, international, public entities (state actors, corporations, etc) accumulating so much information in such a concentrated and centralized way? What kind of liability becomes apparent when large amounts of data are leaked? Even the most routine, mundane data (in large enough quantities) can be dangerous in very subtle and unpredictable ways. The best method of addressing these concerns is through education and data literacy. Spreading that knowledge will be the primary motivation of this talk.

I will go over the basic Data Science Process, some common industry vocabulary (especially common buzzwords), and provide some additional resources to learn more about Data Science.

[8:45-9:00 PM]

Networking

 

Cyberwarfare vs Conventional and how AI is empowering our adversaries

Monday Feburary 3rd, 2020 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: Fortinet 

Our thanks to Fortinet for sponsoring this months meeting!

Fortinet Logo
Fortinet

 

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Review of Community CyberEvents (~5 min)
  • Short presentation by our sponsor, Fortinet (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7:00-8:00 PM]

Warfare: Cyber vs.  Conventional

by John Jacobs, VP of Systems Engineering , Fortinet.

Bio:

As Vice President of Systems Engineering, John currently leads teams for a number of Fortinet’s largest customers and service providers. With 20 years of experience in network design, engineering and global operations, he continuously works to strategize, construct and operate data and content delivery that can scale and survive modern business needs.

As the industry has shifted from a focus of simple connectivity to one of continuous access, real-time security, and expanded platforms, he is proud to be part of a leading security organization as a consultative member of the Fortinet Security Fabric team, offering direct feedback from the field to help best determine not only how we shape our technology, but also the ecosystem growth through partners and their complimentary solutions.

John resides in Seattle, Washington, holds a bachelor’s degree in business management, and will obtain his master’s degree in cybersecurity and information assurance in 2020. .

Topic:

What is cyber warfare?  How is cyber warfare different from a conventional war?  How would a modern conflict between nation states manifest it self with todays technical landscape.  How would a cyber war impact the private sector?

Join John as he reviews the new landscape of warfare and how most countries are preparing for the likelihood that the next war will be a hybrid between cyber and conventional, and the impact to all of us that are in the line of fire.

[8:00-8:45 PM]

How AI and Deep Learning are Empowering our Adversaries

Bio Placeholder Pic
Image Pending

by Gavin Klondike , Sr. Security Consultant

Bio:

Gavin is a senior consultant and researcher who has a passion for network security, both attack and defense. Through that passion, he runs NetSec Explained; a blog and YouTube channel which covers intermediate and advanced level network security topics, in an easy to understand way. His work has given him the opportunity to be published in industry magazines and speak at conferences such as Defcon and CactusCon. Currently, he is researching ways to address the cybersecurity skills gap, by utilizing machine learning to augment the capabilities of current security analysts.

Gavin has presented to the group before in Jan of 2019 on Machine Learning with very positive reviews.

Topic:

There’s no question that modern advances in AI and Deep Learning technologies have allowed organizations to greatly scale their defensive capabilities. Between detecting evolving threats, automating discovery, fighting dynamic attacks, and even freeing up time for IT professionals; AI-fueled automation has been a boon for system defenders. But before we get too comfortable, we need to remember that there is another side to this fight.

In this talk, we’ll take a look at how AI technologies are enhancing adversarial capabilities and how challenges in defensive machine learning are opening up new attack surfaces.

[8:45-9:00 PM]

Networking

 

Crowdstrike presents on the current e-crime landscape and procedures used by APT actors

Monday January 6th, 2020 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: CrowdStrike 

Our thanks to CrowdStrike for sponsoring this months meeting!

Contact: Grace Bergen
SLED Marketing Manager
M: 805-699-5809
grace.bergen@crowdstrike.com

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Review of Community CyberEvents (~5 min)
  • Short presentation by our sponsor, Luke Zeman of Crowdstrike (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7-7:45 PM]

The Not So Itsy Bitsy Spider

by Matt Russell, Threat Intelligence Advisory Lead- The Americas, Crowdstrike

Bio:

Matt Russell an internationally seasoned business and technology executive. He combines the exceptional leadership skills he learned leading and training intelligence teams in US Special Operations, with his commercial experience in consulting and industry to successfully operate across a variety of business domains, geographic boundaries, and cultural landscapes. Matt spent 5 years living and working in Asia and possesses advanced fluency in both Korean and Spanish.

Topic:

Wizard Spider, made famous by their commodity banking malware “TrickBot” and “Ryuk”, is a notorious threat actor that conducts high impact attacks across a variety of industry verticals and sectors. We’ll start off with an overview of the current e-crime landscape and emerging trends, and the begin to breakdown the tactics, techniques, and procedures that Wizard Spider leverages as they conduct operations across the globe. Focus will be on the TrickBot, Ryuk, and AnchorDNS malware families, providing high-level overviews of their functionality and deployment. A victimology case study will provide a deep-dive into a real world scenario where both the failures and lessons learned will be on display. This talk will conclude with defensive strategies to help mitigate the threat, as well as, an interactive question and answer session.

[7:45-8:45 PM]

The Need for Advanced Incident Response Tools and Capabilities

Michael McAndrews Bio Pic

by Michael McAndrews, Vice President, Network Security Services, WGM Associates

Bio:

Michael McAndrews has been involved in Information Technology and Security for more than 25 years. Michael worked in the financial services, manufacturing and pharmaceutical industries before joining the Federal Bureau of Investigation in 2006 as a Special Agent. During his time with the FBI, he investigated numerous violations, but focused primarily on computer crimes such as intrusions, Internet frauds and intellectual property violations. He was also a member of the FBI’s Cyber Action Team, a group of selected agents who would deploy worldwide for the most critical of intrusions. With experience in both the National Security and Criminal arenas, Michael left the FBI in December 2013 to rejoin the private sector. He now works as an expert in the field using leading edge security devices and performing awareness training to groups worldwide.

Michael is a Certified Information Systems Security Professional (CISSP) and has been certified by GIAC as a GSEC professional, an Intrusion Analyst (GCIA), and Incident Handler (GCIH). Michael also holds the A+ and Network+ certifications from Comptia.

Topic:

With the ongoing epidemic of cyber security breaches, the need to successfully execute an incident response plan is of the utmost importance to shorted the time between breech and recovery and lower the overall risk to the organization. Michael will discuss incident response and how full network packet capture and end-point detection/response technologies can be leveraged together as a powerful combination to improve the investigative and remediation process. Actual scenarios will be shared where WGM and CrowdStrike have worked together on an international Incident Response engagement.

 

[8:45-9:00 PM]

Networking

 

FBI Cyber update & Advanced Persistent Threats (APT)

FBI

Monday December 2nd, 2019 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: Palo Alto 

Our thanks to Palo Alto for sponsoring this months meeting!

Palo Alto Logo

Contact: Amy Looper | Named Account Manager | Palo Alto Networks
Phoenix, AZ | www.paloaltonetworks.com
Mobile: 480.431.3870
Email: alooper@paloaltonetworks.com

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-7:00 PM]

Cyber Security Community updates

  • Cyber community updates (~5 min)
  • Sponsor segment (~15 min)
  • Cyber threat update with Erik Graham (~15 min)

[7-7:45 PM]

Defending against APT with Secure DevOps

Ford Winslow

by Ford Winslow, CEO of ICE Cybersecurity

Topic

Ford will discuss the importance of engaging the Development and Architecture teams at the early stages to build security into your products and systems so you can effectively defend, detect and prevent compromises from Advanced Persistent Threats as well as the hard lessons learned performing incident response for large clients.

Bio

With over two decades of professional experience in Information Technology and Business Management, Ford Winslow has been a thought leader in the related fields of cybersecurity, cloud and IT Services since their inception.

ICE Cybersecurity, the San Diego-based firm he founded in 2016, specializes in managed cybersecurity and advanced cyber protection programs for organizations in heavily regulated industries.

Over the past two decades, Mr. Winslow has held technology leadership positions in the Cybersecurity, Cloud, Information Technology, Risk Management, Life Sciences, Financial Services, Healthcare, Non-Profit and Retail Industries, where he has consistently delivered value through the latest break-throughs in technology.

Prior to launching ICE Cybersecurity, Mr. Winslow served as Chief Risk Officer, of a San Diego-based Cloud and Managed Services Provider. He is the co-author of “Good Informatics Practices,” a best-practices training guide for the Life Sciences and Healthcare industries. Prior to CentrexIT

In addition to his professional duties, Mr. Winslow serves as an advisor to a number of startups focused on Cybersecurity, Blockchain, Internet of Things (IoT) and Emerging Technologies. He is an advisor and mentor with CyberTECH, a San Diego-based network of tech-inspired startups and early-stage firms.

Mr. Winslow is an active member of the local community, supporting social organizations and charities benefiting a variety of worthy causes. His spare time is spent with family, on the golf course, playing music, or cooking. Ford studied Computer Science and Information Systems Management at University of Maryland.

[7:45-8:45 PM]

FBI Cyber update

FBI Seal
Federal Bureau of Investigation

by FBI Special Agent Paul Schaaf, also Phoenix Co-Infragard Coordinator, Federal Bureau of Investigation

Paul and team will provide an update on the FBI Cyber Task Force and relevant issues we all face as we collectively work together to keep our national infrastructure safe and secure.

[8:45-9:00 PM]

Networking

 

Detecting APT with NAC, Sandboxing & SIEM-Part I + Zeek/Bro Log Collection

Monday November 4th, 2019 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

 

Sponsor: Fortinet 

Our thanks to Fortinet for sponsoring this months meeting!

Fortinet Logo
Fortinet

 

Debbie Lite Trauter
Channel Account Manager – Mountain Desert
E: dlite@fortinet.com
M: 714.336.9695
Skype: Debbie Lite Trauter
NSE Certified : Level 3
899 Kifer Road | Sunnyvale, CA 94086

[7:15-8 PM]

Detecting APT with NAC, Sandboxing and SIEM – Part 1

Bio Placeholder Pic
Image Pending

by Cory  Sober, Systems Engineering Manager, Fortinet

Join Cory for the first in a two part series on Advanced Persistent Threats and how to detect them is something every large organization struggles with.  Yes, you have a wide variety of tools but how do you get them to all work together to get rapid answers to the time critical question of “Do I have a compromise and what is my exposure?”   Join Cory in this first of a two part series where he does a deep dive in how to use modern commercial tools including Network Access Control, Sandbox technology and full fledged Security Information and Event Management (SIEM) to detect Advanced Persistent Threats so you can quickly isolate and remediate compromises.

Cory is a Systems Engineering Manager at Fortinet with decades of hands on experience and holds several technical certifications relating to security, networking and systems.

In addition to being a security and networking expert, Cory is a graduate of the Reserve Officers Law Enforcement Academy and a member of Infragard

[8-8:45 PM]

Security Monitoring with Zeek and Bro IDS

Tim Garcia Profile Pic

by Tim Garcia, SANS instructor (Tool Time with Tim) VP-CISSP,GSEC,GCDA,GCCC,GMON,GCED

Can a 20 year old technology help give you strategic visibility into a modern enterprise netowork?  The answer is yes!.  Welcome to a powerful network monitoring/logging tool most people have never heard of.

Tim Garcia will review the capabilities and use of the the Zeek and Bro IDS (two seperte tools that are often used together) for security threat hunting.

(Originally the presentation was to be on the use of the Yara scripting tool to identify maleware signatures but the Zeek/Bro topic won out due to popular demand).

Tim is SANS Instructor primarily focused on blue team activities, ethical hacking, incident handling, security management and general information security principles.   Instructor in Information Systems Security, Systems Analysis and Project Management for several local universities in the Phoenix area.

In-House Risk-Based Security Controls Assessment (SCA) Process and Blockchain Security

Monday October 7th, 2019 / 6 PM - 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM - 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

 

Sponsor: Ventech Solutions 

Our thanks to Ventech Solutions for sponsoring this months meeting!

Ventech Solutions Logo

 

Sponsor Contact: Jennifer White
Senior Account Executive
Mobile: 480-297-8016
Jennifer.White@ventechsolutions.com

Presentation 1: In-House Risk-Based Security Controls Assessment (SCA) Process (7:00 - 8:00 PM)

Dr Jerry Craig Logo
Dr. Jerry Craig, D.Sc. CCSP, CISSP, InTP, PMP, ITILv3 Intermediate VP, Security Services of Ventech

Session Content:

Most organizations utilize third-party auditors as well as vulnerability and compliance-based assessments to determine the health of their systems prior to receiving an Authority to Operate (ATO) from a designated authority. Each organization in a specific business sector must follow federally mandated frameworks and processes. This is true whether it’s a healthcare organization utilizing frameworks to satisfy HIPAA and HITRUST requirements, military organizations satisfying the Department of Defense’s Certification and Accreditation (C&A) process, or a federal contractor who is required to maintain a security boundary for a Federal Information Security Management Act (FISMA) system.

Dr. Jerry Craig will review a new process in which Security Controls Assessments (SCA) are managed and operated by in-house assessor teams—which allows the federal government to reduced engagement periods and costs, continuous monitoring, deeper knowledge into control families and individual controls, greater visibility into systems, risk-based system vulnerabilities analysis, and most importantly, the ability to stand in a defensible position in the event of a data breach.

Bio:

As Ventech Solutions’ HIDS Security Director, Dr. Craig is responsible for managing the security operations for the Health Care Quality Information Systems (HCQIS) Infrastructure and Data Center Support (HIDS), a program of the Centers for Medicare and Medicaid Services (CMS). His area of responsibilities includes a Security Operations Center, Security Engineering Team, an Identity & Access Management Team, and a Compliance/Audit Team. In addition to his time supporting CMS, Dr. Craig serves as Ventech Solutions’ Vice President of Security Services.

Dr. Craig has over 20 years of experience delivering mission critical systems, services, and IT security solutions to a wide range of Department of Defense customers, universities, and private sector businesses. Dr. Craig led the implementation of the Armed Forces Health Longitudinal Technology Application (AHLTA) for the United States Navy and Air Force and led the deployment of the United States Marine Corps’ Combat Operations Centers for multiple DoD Special Operations units operating in Southeast Asia. For the past 10 years, Dr. Craig has served as an Adjunct Associate Professor for the University of Maryland University College (UMUC), as well as an Adjunct Professor for Capital Technology University (CTU).

Dr. Craig currently holds a Doctor of Science in Cybersecurity, a Master of Science in Network Security, a Master of Arts in Economics and Business Management, and a Bachelor of Science in Computer Studies. Dr. Craig maintains numerous certifications including ISC2’s Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP), PMI’s Project Management Professional (PMP), CompTIA’s Security+ and A+, and is a certified Insider Threat Program Manager via Carnegie Mellon University’s Software Engineering Institute.

Presentation 2: Blockchain Security (8:00-8:45 PM)

by Michael Noel

Mike Noel Bio Picture

 

Session Content:

Is blockchain really secure?

“Secure” It turns out is very hard to define in the context of blockchains.
Secure from whom?
Secure for what?
Blockchain Security depends on your perspective, Today we will be covering several different blockchain perspectives including,

A. The centralization question, Centralization is at least part of the problem. Data stored in a large depository is far more attractive to a potential hacker.

B. Permissioned systems, Building private or community systems AKA Permissioned blockchains for increased security is a severely misguided one. Permissioned systems, STILL raise questions.

C. The Centralization of Decentralized Systems, Despite blockchain technology being decentralized, there are still centralized aspects of it, such as cryptocurrency exchanges.

D. eclipse attack, Nodes on the blockchain must remain in constant communication to compare data, is this a strength, or a vulnerability?

E. Tokenomics is not Economics, Approaching Blockchain Security from the coding perspective is very important, and just like any other form of security, the human factor must be considered. Tokenomics is another important factor we need to understand with any blockchain implementation.

F. Tokenized Assets, Security Tokens are coming, what steps are necessary to protect Digital representations of your organization's equity and therefore control?

Bio:

Michael Noel - Certified Blockchain Professional, Building Distributed Ledger Architected Organizations

Michael is the Co-Founder and CEO of Blockinetics, Founder of Blockchain Equities, Blockchain Weekly Host, Cryptonite Ventures Founding Member, facilitator for three monthly Phoenix Meetups, and one of the first candidates to be Certified by the EC-Council as a Certified Blockchain Professional.

He is on numerous Advisory Boards such as Swift Harvest, Ethera Labs, Lannister Holdings, and Hemp Harvest. Michael is a Member of BizIt M&A and has multiple connections to Private Equity groups, Angel and VC Groups.

In 2011 a friend introduced him to cryptocurrency mining and they started a Crypto mining operation In 2014. Later that year the discovery of Ethereum nurtured a hard pivot to rationalizing workflows and developing Smart Contracts. Michael Co-Founded Blockchain Consultants, Inc. in 2016 and has been helping multiple companies in multiple industries, adopt Distributed Ledger Technology ever since.

Specialties: Blockchain, Distributed Ledger, Cyber Security, Marketing, Entrepreneurship, Information Technology, Big Data, Graph Processing, Micron Automata Processor, Disruptive Technologies, Disruptive Innovation, Growth Hacking and Connecting the Dots!

Cyber and Physical Security Working Together by SRP

Southwest CyberSec Forum

Monday August 5th, 2019 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

 

Sponsor: Check Point Software Technologies 

Our thanks to Check Point Software Technologies for sponsoring this months meeting!

Check Point Logo
Check Point Software Technologies

Sponsor Contacts:

Enterprise Team: AZ,NM,NV
Brian Besse: Territory Manager BBesse@CheckPoint.com 949-521-3590
Jon Fallon: Security Engineer JFallon@CheckPoint.com
Michael Reuland: Business Development MReuland@checkpoint.com
Katie Schweger Renewals Specialist KSchwege@checkpoint.com

Presentation 1: The New Norm – Cyber and Physical Security Working Together – The SRP Example (7:15-8:00 PM)

by Jay Spradling and Kevin Wruble from the Salt River Project (SRP)

Jay Spradling Profile Picture

Jay Spradling

Manager over Security & Business Continuity

As the Manager over Security & Business Continuity for Salt River Project (SRP), Jay Spradling is responsible for the physical security at eight dams, seven power generating stations, and numerous facilities and substations around Arizona. SRP maintains a service territory of 2,900-square miles spanning portions of Maricopa, Gila and Pinal counties. He is the Past Chair of a regional working group of utility security directors and managers from around the west coast.

Prior to SRP, Jay had a 30 year career in law enforcement. During his 25 years with the Tempe (AZ) Police Department, he served in virtually every Bureau or Division of that department. Among his assignments were Detective, Motorcycle Officer, Gang Sergeant, Basic Training Sergeant, Narcotics Commander, and SWAT Team Commander. He retired as an Assistant Chief of Police and then moved over to the Arizona State University (ASU) Police Department, where he served as their Assistant Chief of Police for another five years.

Jay is a graduate of the FBI National Academy and continues to be active with the Board of their Arizona Chapter.

Jay is a long time member and Past President of the Tempe South Rotary Club. He has been active in numerous other charitable organizations, including Tempe Leadership, American Cancer Society, Paz de Cristo, the Boy Scouts of America, Feed My Starving Children, and the Desert Southwest Chapter of the Alzheimerís Association. Jay is married and has two adult children.

Kevin Wruble

Kevin Wruble

Manager over Cyber Security Identity and Access Management

As the Manager over Cyber Security Identity and Access Management for Salt River Project (SRP), Kevin is responsible for the systems and processes which manage access to SRPís electronic assets. SRP maintains a service territory of 2,900-square miles spanning portions of Maricopa, Gila and Pinal counties.

During his 23 years of experience in the information technology and cyber security industries, Kevin has served in a variety of technical and management roles. Kevin has earned CISSP, GLEG, and ITPM certifications, is a graduate of the University of New Mexico, and is married with two children.

Session Content:

This will be an abbreviated content session based on content at the ASIS Phoenix Chapter Bi-Monthly April 2019 Meeting

  • Quick overview of our what we protect for SRP from a physical and cyber perspective
    • How our specific roles differ and align
    • Backgrounds
    • Terminations
    • Investigations
    • Compliance Requirements
    • A need for common vernacular – “We need everything!”
  • C-Suite Perceptions & Issues
  • Insider Threat
  • Q&A

Presentation 2: PENDING (8:00-8:45 PM)

by TBD

We currently have an open slot for the second presentation and will provide updates throughout the month.