APT Who/What/How + Data Sciences and Cybersecurity

Monday March 2nd, 2020 / 6 PM - 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM - 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: Vound Software

Our thanks to Vound-Software for sponsoring this months meeting!

Vound Software

Vound is a leading global vendor of technology used for forensic search, e-discovery and information governance. Our software suite is used by the world’s best-known enterprises, banks, law enforcement, and government agencies for compliance verification, internal audits, and criminal and legal investigations.

Our unique technology graphically displays relationships between custodians and electronically stored information, enabling users to drill down through terabytes of data to find and export the most pertinent information. This innovative approach to forensic search helps to significantly reduce the amount of time and money organizations need to carry out compliance and audit requests, digital investigations, and eDiscovery inquiries.

Contact:
Jaclyn Clark
Sales Support Specialist
jaclyn.clark@vound-software.com
480-401-0856

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Review of Community CyberEvents (~5 min)
  • Short presentation by our sponsor, Fortinet (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7:00-8:00 PM]

Advanced Persistent Threats (APTs) and Nation-state APT Groups

Bill Curdby Bill Curd

Bio:

Our own Dr. Bill Curd has been a pioneer in cybersecurity and related disciplines within global high-tech enterprises for decades. As President of Synesys Group, he is an invited instructor, speaker, analyst, investigator and mentor in cyber security, privacy, national security intelligence and geopolitical matrix – best known for his highly-evaluated CISSP boot camps (next one the week of March 30th).

Less known is his involvement with the intelligence community. He is a frequent mentor for national security intelligence analyst internships including a compartmented one now concerning Counter-Intelligence and occasionally participates in Red Cell exercises for three-letter agencies.

His Top Secret clearance was from the IC. He is a member of the Association of Former Intelligence Officers and FBI InfraGard, and alumni of FBI Citizens’ Academy. Bill is the Qualifying Party for Synesys Group, an AZ PI agency, and an associate of National Security Consulting & Investigations PLLC.

Checkout his extensive professional education, certifications, and affiliations on LinkedIn, and connect with him there if you haven’t already.

John resides in Seattle, Washington, holds a bachelor’s degree in business management, and will obtain his master’s degree in cybersecurity and information assurance in 2020. .

Topic:

  • What is an APT and an APT group?
  • How are these groups named?
  • To which nation-state do we best attribute each?
  • Whom do each target with what motivations, using what attack vectors?
  • What isn’t an APT (an acceptable excuse for your protections having failed)?
  • Then, we will look at some specific APT activities.

Time permitting, he will put some information concerning Advanced Persistent Threats on Dropbox to be shared for a window of time to those requesting access. Fortunately, a lot of information that we could only initially recover from the Darknet is now easily accessible on Wikipedia, MITRE ATT&CK, FireEye, and Crowdstrike.

At session end, Bill will briefly highlight the cybersecurity certifications that factor most prominently in job postings, their open positions, salaries, etc. For example, the CISSP is the third most requested certification in job postings for all occupations (after PMP and before Automotive Service Excellence).

[8:00-8:45 PM]

A Brief Overview of Data Science and the Intersection with Cybersecurity

by Mark Borbour, founder of Data Science Consulting

(Image Intentionally Pixelated)

Bio:

Mark is the founder of a Data Science Consulting firm that has served clients in a wide array of Government, Corporate, Non-Profit and Small Business environments.
Mark and his colleagues use Data Science to help organizations gather, process and structure data so that meaningful patterns can be analyzed, explored, and communicated to the organization, their stakeholders, clients, and contractors.

He started his career at 19 as a 911 Dispatcher for Phoenix Police Dept. There, he learned how powerful information and communication can be. He developed a curiosity for computer science that ultimately lead to doing freelance IT consulting for JP Morgan Chase, Berkshire Hathaway, and various other regional corporations and small businesses. While working for these companies, Mark's programming skills converged on Data Science to handle the massive amount of information that must be dealt with on a daily basis for these organizations. This lead to an increasing interest alongside the emerging field of Data Science. Seeing how generally useful these tools were, a couple of years ago he switched his business focus from IT to Applied Data Science, and has since served clients in Education, AI-Security Implementation, Politics, and Real Estate.

Topic:

The amount and importance of data in our daily lives is increasing at an accelerated rate. What are the security implications of large, international, public entities (state actors, corporations, etc) accumulating so much information in such a concentrated and centralized way? What kind of liability becomes apparent when large amounts of data are leaked? Even the most routine, mundane data (in large enough quantities) can be dangerous in very subtle and unpredictable ways. The best method of addressing these concerns is through education and data literacy. Spreading that knowledge will be the primary motivation of this talk.

I will go over the basic Data Science Process, some common industry vocabulary (especially common buzzwords), and provide some additional resources to learn more about Data Science.

[8:45-9:00 PM]

Networking

 

Crowdstrike presents on the current e-crime landscape and procedures used by APT actors

Monday January 6th, 2020 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: CrowdStrike 

Our thanks to CrowdStrike for sponsoring this months meeting!

Contact: Grace Bergen
SLED Marketing Manager
M: 805-699-5809
grace.bergen@crowdstrike.com

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Review of Community CyberEvents (~5 min)
  • Short presentation by our sponsor, Luke Zeman of Crowdstrike (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7-7:45 PM]

The Not So Itsy Bitsy Spider

by Matt Russell, Threat Intelligence Advisory Lead- The Americas, Crowdstrike

Bio:

Matt Russell an internationally seasoned business and technology executive. He combines the exceptional leadership skills he learned leading and training intelligence teams in US Special Operations, with his commercial experience in consulting and industry to successfully operate across a variety of business domains, geographic boundaries, and cultural landscapes. Matt spent 5 years living and working in Asia and possesses advanced fluency in both Korean and Spanish.

Topic:

Wizard Spider, made famous by their commodity banking malware “TrickBot” and “Ryuk”, is a notorious threat actor that conducts high impact attacks across a variety of industry verticals and sectors. We’ll start off with an overview of the current e-crime landscape and emerging trends, and the begin to breakdown the tactics, techniques, and procedures that Wizard Spider leverages as they conduct operations across the globe. Focus will be on the TrickBot, Ryuk, and AnchorDNS malware families, providing high-level overviews of their functionality and deployment. A victimology case study will provide a deep-dive into a real world scenario where both the failures and lessons learned will be on display. This talk will conclude with defensive strategies to help mitigate the threat, as well as, an interactive question and answer session.

[7:45-8:45 PM]

The Need for Advanced Incident Response Tools and Capabilities

Michael McAndrews Bio Pic

by Michael McAndrews, Vice President, Network Security Services, WGM Associates

Bio:

Michael McAndrews has been involved in Information Technology and Security for more than 25 years. Michael worked in the financial services, manufacturing and pharmaceutical industries before joining the Federal Bureau of Investigation in 2006 as a Special Agent. During his time with the FBI, he investigated numerous violations, but focused primarily on computer crimes such as intrusions, Internet frauds and intellectual property violations. He was also a member of the FBI’s Cyber Action Team, a group of selected agents who would deploy worldwide for the most critical of intrusions. With experience in both the National Security and Criminal arenas, Michael left the FBI in December 2013 to rejoin the private sector. He now works as an expert in the field using leading edge security devices and performing awareness training to groups worldwide.

Michael is a Certified Information Systems Security Professional (CISSP) and has been certified by GIAC as a GSEC professional, an Intrusion Analyst (GCIA), and Incident Handler (GCIH). Michael also holds the A+ and Network+ certifications from Comptia.

Topic:

With the ongoing epidemic of cyber security breaches, the need to successfully execute an incident response plan is of the utmost importance to shorted the time between breech and recovery and lower the overall risk to the organization. Michael will discuss incident response and how full network packet capture and end-point detection/response technologies can be leveraged together as a powerful combination to improve the investigative and remediation process. Actual scenarios will be shared where WGM and CrowdStrike have worked together on an international Incident Response engagement.

 

[8:45-9:00 PM]

Networking

 

FBI Cyber update & Advanced Persistent Threats (APT)

FBI

Monday December 2nd, 2019 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: Palo Alto 

Our thanks to Palo Alto for sponsoring this months meeting!

Palo Alto Logo

Contact: Amy Looper | Named Account Manager | Palo Alto Networks
Phoenix, AZ | www.paloaltonetworks.com
Mobile: 480.431.3870
Email: alooper@paloaltonetworks.com

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-7:00 PM]

Cyber Security Community updates

  • Cyber community updates (~5 min)
  • Sponsor segment (~15 min)
  • Cyber threat update with Erik Graham (~15 min)

[7-7:45 PM]

Defending against APT with Secure DevOps

Ford Winslow

by Ford Winslow, CEO of ICE Cybersecurity

Topic

Ford will discuss the importance of engaging the Development and Architecture teams at the early stages to build security into your products and systems so you can effectively defend, detect and prevent compromises from Advanced Persistent Threats as well as the hard lessons learned performing incident response for large clients.

Bio

With over two decades of professional experience in Information Technology and Business Management, Ford Winslow has been a thought leader in the related fields of cybersecurity, cloud and IT Services since their inception.

ICE Cybersecurity, the San Diego-based firm he founded in 2016, specializes in managed cybersecurity and advanced cyber protection programs for organizations in heavily regulated industries.

Over the past two decades, Mr. Winslow has held technology leadership positions in the Cybersecurity, Cloud, Information Technology, Risk Management, Life Sciences, Financial Services, Healthcare, Non-Profit and Retail Industries, where he has consistently delivered value through the latest break-throughs in technology.

Prior to launching ICE Cybersecurity, Mr. Winslow served as Chief Risk Officer, of a San Diego-based Cloud and Managed Services Provider. He is the co-author of “Good Informatics Practices,” a best-practices training guide for the Life Sciences and Healthcare industries. Prior to CentrexIT

In addition to his professional duties, Mr. Winslow serves as an advisor to a number of startups focused on Cybersecurity, Blockchain, Internet of Things (IoT) and Emerging Technologies. He is an advisor and mentor with CyberTECH, a San Diego-based network of tech-inspired startups and early-stage firms.

Mr. Winslow is an active member of the local community, supporting social organizations and charities benefiting a variety of worthy causes. His spare time is spent with family, on the golf course, playing music, or cooking. Ford studied Computer Science and Information Systems Management at University of Maryland.

[7:45-8:45 PM]

FBI Cyber update

FBI Seal
Federal Bureau of Investigation

by FBI Special Agent Paul Schaaf, also Phoenix Co-Infragard Coordinator, Federal Bureau of Investigation

Paul and team will provide an update on the FBI Cyber Task Force and relevant issues we all face as we collectively work together to keep our national infrastructure safe and secure.

[8:45-9:00 PM]

Networking

 

Detecting APT with NAC, Sandboxing & SIEM-Part I + Zeek/Bro Log Collection

Monday November 4th, 2019 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

 

Sponsor: Fortinet 

Our thanks to Fortinet for sponsoring this months meeting!

Fortinet Logo
Fortinet

 

Debbie Lite Trauter
Channel Account Manager – Mountain Desert
E: dlite@fortinet.com
M: 714.336.9695
Skype: Debbie Lite Trauter
NSE Certified : Level 3
899 Kifer Road | Sunnyvale, CA 94086

[7:15-8 PM]

Detecting APT with NAC, Sandboxing and SIEM – Part 1

Bio Placeholder Pic
Image Pending

by Cory  Sober, Systems Engineering Manager, Fortinet

Join Cory for the first in a two part series on Advanced Persistent Threats and how to detect them is something every large organization struggles with.  Yes, you have a wide variety of tools but how do you get them to all work together to get rapid answers to the time critical question of “Do I have a compromise and what is my exposure?”   Join Cory in this first of a two part series where he does a deep dive in how to use modern commercial tools including Network Access Control, Sandbox technology and full fledged Security Information and Event Management (SIEM) to detect Advanced Persistent Threats so you can quickly isolate and remediate compromises.

Cory is a Systems Engineering Manager at Fortinet with decades of hands on experience and holds several technical certifications relating to security, networking and systems.

In addition to being a security and networking expert, Cory is a graduate of the Reserve Officers Law Enforcement Academy and a member of Infragard

[8-8:45 PM]

Security Monitoring with Zeek and Bro IDS

Tim Garcia Profile Pic

by Tim Garcia, SANS instructor (Tool Time with Tim) VP-CISSP,GSEC,GCDA,GCCC,GMON,GCED

Can a 20 year old technology help give you strategic visibility into a modern enterprise netowork?  The answer is yes!.  Welcome to a powerful network monitoring/logging tool most people have never heard of.

Tim Garcia will review the capabilities and use of the the Zeek and Bro IDS (two seperte tools that are often used together) for security threat hunting.

(Originally the presentation was to be on the use of the Yara scripting tool to identify maleware signatures but the Zeek/Bro topic won out due to popular demand).

Tim is SANS Instructor primarily focused on blue team activities, ethical hacking, incident handling, security management and general information security principles.   Instructor in Information Systems Security, Systems Analysis and Project Management for several local universities in the Phoenix area.