Crowdstrike presents on the current e-crime landscape and procedures used by APT actors

Monday January 6th, 2020 / 6 PM - 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM - 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: CrowdStrike 

Our thanks to CrowdStrike for sponsoring this months meeting!

Contact: Grace Bergen
SLED Marketing Manager
M: 805-699-5809
grace.bergen@crowdstrike.com

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Review of Community CyberEvents (~5 min)
  • Short presentation by our sponsor, Luke Zeman of Crowdstrike (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7-7:45 PM]

The Not So Itsy Bitsy Spider

by Matt Russell, Threat Intelligence Advisory Lead- The Americas, Crowdstrike

Bio:

Matt Russell an internationally seasoned business and technology executive. He combines the exceptional leadership skills he learned leading and training intelligence teams in US Special Operations, with his commercial experience in consulting and industry to successfully operate across a variety of business domains, geographic boundaries, and cultural landscapes. Matt spent 5 years living and working in Asia and possesses advanced fluency in both Korean and Spanish.

Topic:

Wizard Spider, made famous by their commodity banking malware “TrickBot” and “Ryuk”, is a notorious threat actor that conducts high impact attacks across a variety of industry verticals and sectors. We’ll start off with an overview of the current e-crime landscape and emerging trends, and the begin to breakdown the tactics, techniques, and procedures that Wizard Spider leverages as they conduct operations across the globe. Focus will be on the TrickBot, Ryuk, and AnchorDNS malware families, providing high-level overviews of their functionality and deployment. A victimology case study will provide a deep-dive into a real world scenario where both the failures and lessons learned will be on display. This talk will conclude with defensive strategies to help mitigate the threat, as well as, an interactive question and answer session.

[7:45-8:45 PM]

The Need for Advanced Incident Response Tools and Capabilities

Michael McAndrews Bio Pic

by Michael McAndrews, Vice President, Network Security Services, WGM Associates

Bio:

Michael McAndrews has been involved in Information Technology and Security for more than 25 years. Michael worked in the financial services, manufacturing and pharmaceutical industries before joining the Federal Bureau of Investigation in 2006 as a Special Agent. During his time with the FBI, he investigated numerous violations, but focused primarily on computer crimes such as intrusions, Internet frauds and intellectual property violations. He was also a member of the FBI's Cyber Action Team, a group of selected agents who would deploy worldwide for the most critical of intrusions. With experience in both the National Security and Criminal arenas, Michael left the FBI in December 2013 to rejoin the private sector. He now works as an expert in the field using leading edge security devices and performing awareness training to groups worldwide.

Michael is a Certified Information Systems Security Professional (CISSP) and has been certified by GIAC as a GSEC professional, an Intrusion Analyst (GCIA), and Incident Handler (GCIH). Michael also holds the A+ and Network+ certifications from Comptia.

Topic:

With the ongoing epidemic of cyber security breaches, the need to successfully execute an incident response plan is of the utmost importance to shorted the time between breech and recovery and lower the overall risk to the organization. Michael will discuss incident response and how full network packet capture and end-point detection/response technologies can be leveraged together as a powerful combination to improve the investigative and remediation process. Actual scenarios will be shared where WGM and CrowdStrike have worked together on an international Incident Response engagement.

 

[8:45-9:00 PM]

Networking

 

FBI Cyber update & Advanced Persistent Threats (APT)

FBI

Monday December 2nd, 2019 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: Palo Alto 

Our thanks to Palo Alto for sponsoring this months meeting!

Palo Alto Logo

Contact: Amy Looper | Named Account Manager | Palo Alto Networks
Phoenix, AZ | www.paloaltonetworks.com
Mobile: 480.431.3870
Email: alooper@paloaltonetworks.com

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-7:00 PM]

Cyber Security Community updates

  • Cyber community updates (~5 min)
  • Sponsor segment (~15 min)
  • Cyber threat update with Erik Graham (~15 min)

[7-7:45 PM]

Defending against APT with Secure DevOps

Ford Winslow

by Ford Winslow, CEO of ICE Cybersecurity

Topic

Ford will discuss the importance of engaging the Development and Architecture teams at the early stages to build security into your products and systems so you can effectively defend, detect and prevent compromises from Advanced Persistent Threats as well as the hard lessons learned performing incident response for large clients.

Bio

With over two decades of professional experience in Information Technology and Business Management, Ford Winslow has been a thought leader in the related fields of cybersecurity, cloud and IT Services since their inception.

ICE Cybersecurity, the San Diego-based firm he founded in 2016, specializes in managed cybersecurity and advanced cyber protection programs for organizations in heavily regulated industries.

Over the past two decades, Mr. Winslow has held technology leadership positions in the Cybersecurity, Cloud, Information Technology, Risk Management, Life Sciences, Financial Services, Healthcare, Non-Profit and Retail Industries, where he has consistently delivered value through the latest break-throughs in technology.

Prior to launching ICE Cybersecurity, Mr. Winslow served as Chief Risk Officer, of a San Diego-based Cloud and Managed Services Provider. He is the co-author of “Good Informatics Practices,” a best-practices training guide for the Life Sciences and Healthcare industries. Prior to CentrexIT

In addition to his professional duties, Mr. Winslow serves as an advisor to a number of startups focused on Cybersecurity, Blockchain, Internet of Things (IoT) and Emerging Technologies. He is an advisor and mentor with CyberTECH, a San Diego-based network of tech-inspired startups and early-stage firms.

Mr. Winslow is an active member of the local community, supporting social organizations and charities benefiting a variety of worthy causes. His spare time is spent with family, on the golf course, playing music, or cooking. Ford studied Computer Science and Information Systems Management at University of Maryland.

[7:45-8:45 PM]

FBI Cyber update

FBI Seal
Federal Bureau of Investigation

by FBI Special Agent Paul Schaaf, also Phoenix Co-Infragard Coordinator, Federal Bureau of Investigation

Paul and team will provide an update on the FBI Cyber Task Force and relevant issues we all face as we collectively work together to keep our national infrastructure safe and secure.

[8:45-9:00 PM]

Networking

 

Detecting APT with NAC, Sandboxing & SIEM-Part I + Zeek/Bro Log Collection

Monday November 4th, 2019 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

 

Sponsor: Fortinet 

Our thanks to Fortinet for sponsoring this months meeting!

Fortinet Logo
Fortinet

 

Debbie Lite Trauter
Channel Account Manager – Mountain Desert
E: dlite@fortinet.com
M: 714.336.9695
Skype: Debbie Lite Trauter
NSE Certified : Level 3
899 Kifer Road | Sunnyvale, CA 94086

[7:15-8 PM]

Detecting APT with NAC, Sandboxing and SIEM – Part 1

Bio Placeholder Pic
Image Pending

by Cory  Sober, Systems Engineering Manager, Fortinet

Join Cory for the first in a two part series on Advanced Persistent Threats and how to detect them is something every large organization struggles with.  Yes, you have a wide variety of tools but how do you get them to all work together to get rapid answers to the time critical question of “Do I have a compromise and what is my exposure?”   Join Cory in this first of a two part series where he does a deep dive in how to use modern commercial tools including Network Access Control, Sandbox technology and full fledged Security Information and Event Management (SIEM) to detect Advanced Persistent Threats so you can quickly isolate and remediate compromises.

Cory is a Systems Engineering Manager at Fortinet with decades of hands on experience and holds several technical certifications relating to security, networking and systems.

In addition to being a security and networking expert, Cory is a graduate of the Reserve Officers Law Enforcement Academy and a member of Infragard

[8-8:45 PM]

Security Monitoring with Zeek and Bro IDS

Tim Garcia Profile Pic

by Tim Garcia, SANS instructor (Tool Time with Tim) VP-CISSP,GSEC,GCDA,GCCC,GMON,GCED

Can a 20 year old technology help give you strategic visibility into a modern enterprise netowork?  The answer is yes!.  Welcome to a powerful network monitoring/logging tool most people have never heard of.

Tim Garcia will review the capabilities and use of the the Zeek and Bro IDS (two seperte tools that are often used together) for security threat hunting.

(Originally the presentation was to be on the use of the Yara scripting tool to identify maleware signatures but the Zeek/Bro topic won out due to popular demand).

Tim is SANS Instructor primarily focused on blue team activities, ethical hacking, incident handling, security management and general information security principles.   Instructor in Information Systems Security, Systems Analysis and Project Management for several local universities in the Phoenix area.