Building Elegant Security Dashboards for your NOC or SOC & CISSP Domain 1 Security & Risk Management

Phreedom Leadership Photo

Monday June 3rd, 2019 / 6 PM - 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM - 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Presentation 1: Building Security Dashboards from Elasticsearch Log Data (7:00-7:45 PM)

by Dean Moore and John Nash of Phreedom Technologies

 

John R. Nash Bio Pick
John R. Nash

With the relentless increase in speed and capacity of networks and systems, the logs that are generated can exceed thousands of events per second or more!  Is there any hope for an understaffed security team to keep up with the constant flow of user activity and system events, and hope to make any sense out of it?

John and Dean will show how to build sophisticated security dashboards, sourced from firewall and windows event log data stored in Elasticsearch.  The focus will be on the use of open source tools to build time series histograms and heat maps to identify important data that will highlight how your infrastructure is operating and quickly identify patterns and anomalies that may require further investigation.

Examples:

Dashboard 1
Firewall session for most active users over a 2 day period

Dasboard 3
ISP Daily Bandwidth by Netblock Owner (ASN)

Security Dashboard 2
Daily Heat map of Firewall Policy Events

 

Presentation 2: CISSP Domain 1 Security & Risk Management presented by Tim Hoffman (7:45-8:00 PM)

Tim Hoffman
Tim Hoffman

The security & risk management domain is a complex domains that accounts for a total of 16% of the score on the examination. This domain often confuses the more technical personnel because it speaks to business. The intent of the domain puts focus directly on business executives and security personnel who must work together to agree on the proper security activities to perform to achieve optimum governance. The Board and Executive Management will involve themselves with providing strategic direction and making decisions based on risk – then managing risks appropriately while concurrently verifying that the enterprise's resources are used responsibly.

Mr. Timothy Hoffman is a Healthcare Cybersecurity Executive with an extensive US Navy cryptologic background, a serial entrepreneur, and Founder of Tim Hoffman & Associates, LLC. His professional credentials include an MS from Central Michigan University and certifications including: CISSP, GCIH, CCSK, Security+(CE), Network+(CE), ITIL v3, ISO 27001, C|EH, CNDA, Expert Rating PM, ISP, and many others.

Mr. Hoffman’s strength is found in alignment of technology solutions to business needs so as to support business through risk management. His team translates technical speak into everyday language that is easy to understand and has won praise for security program creation, policy & procedure writing, Cloud system design, and network architecture.

Notable career accomplishments include 5 books, radio show host in Italy & US, multiple language facility with fluency in Italian, and platform training to thousands of students on IT & cybersecurity topics for nearly 30 years. He is a competitive level dancer on the global UCWDC scale placing 4th in 2016 and 8th at a higher level in 2019.

 

Presentations on Intel AMT and NGFW Next Generation Firewalls

 

Presentation 1: Security Implications of Intel’s Active Management Technology (AMT)

Presented by Gorden Bader, CISSP

Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers, running on the Intel Management Engine, a separate microprocessor not exposed to the user, in order to monitor, maintain, update, upgrade, and repair them.

 

You Tube Presentation:

Interl AMT Security Overvier
Intel AMT Security Overview

 

Original PowerPoint:

 

Intel AMT Security Overvier
Intel AMT Security Overview

 

Presentation 2: Review of Modern Next Generation Firewalls (NGFW)

by John Nash, VP of Technology, Phreedom Technologies

John R. Nash, VP of Technology Picture
John R. Nash, VP of Technology, LLC

 

John Nash of Phreedom Technologies presents a feature round up of modern perimeter firewalls. There is a lot of confusion and misconceptions, even among security professionals about what modern firewalls do.  Even the terms Next Generation, NGFW or 4th Generation Firewall which are commonly thrown around by vendors can be confusing and misleading.  John breaks down the features of a sampling of the the leading firewall vendors giving you a clear picture of what the proper role of a perimeter firewall plays in your organization and how it ties into your overalls security strategy. This is tailored to professionals at every stage in their career.

You Tube Presentation:

(Pending)

Interl AMT Security Overvier
Next Generation Firewall Feature Roundup

 

 

Review of Modern Firewalls and the Security implications of Intel’s Active Management Technology (AMT)

Metro Area

Monday May 6th, 2019

This month we have Gordon Bader provide an overview of the Security Implications of Intel's Active Management Technology (AMT) which is an embedded technology in many of the system we all use which provides out-of-band vectors for attack that most companies are not aware of along with John Nash who will be perform a feature round up of modern perimeter firewalls.

Erik Graham will be presenting his popular cyber threat update as usual.

This meeting is free and open to the public, so please invite your friends & bring your best questions. Our goal is to foster the exchange of information between businesses, government and educational institutions.

Free to the public, no RSVP's, food and drinks provided by our sponsors.

2625 W Baseline Rd, Tempe, AZ 85283 (Map)

Sponsor: 

 

At this time we have an open sponsorship slot.  If you would like to sponsor this meeting information on our sponsorship page or contact John Nash

AGENDA

Networking, Food and Drinks

  • 6:00 to 6:30 pm
  • No Entry into the UAT Theater until 6:30 as classes are in session
  • No Food or Drink inside the UAT theater at any time

General Announcements & Sponsor Segment

  • 6:30 to 6:50 pm
  • Sponsorship pending

Cyber Threat Updates by Erik Graham

  • 6:50 to 7:00 pm
  • Erik will be presenting his cyber update in his usual entertaining style.

An overview of the Security Implications of Intel's Active Management TechnologySecurity Management with Gordon Bader

  • 7:00 to 7:45 pm

Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers, running on the Intel Management Engine, a separate microprocessor not exposed to the user, in order to monitor, maintain, update, upgrade, and repair them.

Gordon is a recently retired systems architect with over 40 years of experience in software/systems engineering, with an emphasis in real time embedded systems, as applied to electronic warfare, flight management systems, GPS, GIS systems, encryption systems, satellite communication systems (SBS, Iridium, Celestri, Teledesic) and system security architectures (multiple levels of security (MLS), multiple independent levels of security (MILS), separation and cross domain).

Join Gordon  he reviews the security implications of this ubiquitous, but not commonly understood technology.

A Feature Round Up of Modern Perimeter Firewalls with John Nash

  • 7:45 to 8:45 pm

John R. Nash Bio Pick
John R. Nash

John Nash of Phreedom Technologies will present the feature round up of modern perimeter firewalls.

There is a lot of confusion and misconceptions, even among security professionals about what modern firewalls do.  Even the terms Next Generation, NGFW or 4th Generation Firewall which are commonly thrown around by vendors can be confusing and misleading.  John will break down the features of a sampling of the the leading firewall vendors and allow you to leave with a clear picture of what the proper role of a perimeter firewall plays in your organization and how it ties into your overalls security strategy. This is open to professionals at every stage in their career.

Over the last 34 years, John has worked for Rockwell International in the R&D labs for the GPS system, as a field engineer for communication carriers deploying packet switched technologies and is now VP of Technology for Phreedom Technologies with his business partner Dean Moore.

Wrap Up and Networking

  • 8:45 to 9:00 pm