Threat Hunting and Vendor Cyber Contracts

Monday August 3rd, 2020 / 6:30 PM (PST)

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:30 PM (MST)

WHERE: Virtual Zoom Meeting : Direct Link

Meeting ID: 851 5567 0745
Password: SWCSF

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s

[6:30-6:35 PM]

Announcements

  • Announcements and Updates (~5 min)

[6:35-6:50 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[6:50-7:05 PM]

Sponsor Segment

Phreedom now offers expanded professional services for Networking, Fortinet and Palo Alto Firewall Technology

[7:05-7:50 PM]

Threat Hunting

Tim Garcia - Instructor, SANS Institute

Topic:

SANS Instructor, Tim Garcia will be presenting on the broad topic of Threat hunting.  So you have purchased manageable assets, deployed agents and configured logging on everything you can think of, including your local and cloud workloads and bringing it all into your central data lake / SIEM.  What questions should you be asking it?  How do you make sense of it and where do you even start?  Tim, a cyber security veteran, will provide a the strategic direction combined tactical knowledge of how to approach the general topic of threat hunting in modern corporate environments.

Bio:

Timothy Garcia is a seasoned security professional who loves the challenge and continuously changing landscape of defense. Tim started his career as an engineer in IT and after working on a few security incidents related to Code Red and Nimda; he realized he had found his calling. Tim currently works as an Information Security Engineer for a Fortune 100 financial institution where he provides security consulting to project teams to ensure security of IT operations and compliance with policies and regulations.

[7:50-8:40 PM]

Security Vendors and Contracts (The Un-Sexy Side of Cyber)

Ilene Klein
Ilene Kein

by Ilene Kein, CISSP, CISM, CIPP/US, Cybersecurity Program Coordinator Urban Area Security Initiative City of Phoenix Office of Homeland Security and Emergency Management

Topic:

Security Vendors and Contracts (The Un-Sexy Side of Cyber)

So, you run a cyber security program and have done everything reasonable you can, or at least have budget for, to secure your environment. Now, how about your vendors? As more and more of our data, operations and service delivery model rely on 3rd parties, we have an increasing need to understand those vendors risk profile, and codify that understanding in a contract.

Ilene will walk through the process of doing just that and touch on frameworks, audit dynamics and the important contact provisions you should push in order to keep your compliance program, and your vendor risk landscape, in order.

Bio:

For over 20 years, Ilene Klein has been evangelizing security to anybody who would listen … and to management. During this time, she built and led compliance, governance, incident response, privacy, policy, security awareness, threat intelligence, and vulnerability management programs and frameworks. Ilene started her career as an electronics instructor and then traveled from Honolulu to Heidelberg as a systems engineer installing proprietary software for the U.S. Army and resolving system crashes before focusing on cybersecurity. Ilene has earned multiple security and privacy certifications, and she’s won awards such as the CISM Geographic Excellence Award for earning the highest score in the North America geographical region on the December 2011 CISM examination and a 2018 Warrior Award for fighting on the “front lines” of cybersecurity.

 

FBI Cyber Task Force Update + Implementing Security Compliance Through DevOps Automation / Splunk My Logs Please!

REGISTER HERE

A Zoom account is required for this special event.

Monday June 1st, 2020 / 6:30 PM (PST)

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:30 PM (MST)

WHERE: Virtual Zoom Meeting: Register Here or use  Direct Link to Meeting.

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s

Sponsor: Check Point Software

Our thanks to Check Point Software for sponsoring this months meeting!

Check Point Infinity is the first consolidated security across networks, cloud and mobile, providing the highest level of threat prevention against both known and unknown targeted attacks to keep you protected now and in the future.

Contact:
Enterprise Team: AZ,NM,NV
Brian Besse: Territory Manager BBesse@CheckPoint.com 949-521-3590
Jon Fallon: Security Engineer JFallon@CheckPoint.com
Michael Reuland: Business Development MReuland@checkpoint.com
Katie Schweger Renewals Specialist KSchwege@checkpoint.com

[6:30-6:35 PM]

Announcements

  • Announcements and Updates (~5 min)

[6:35-6:50 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[6:50-7:05 PM]

Sponsor Segment

  • Short presentation by our sponsor (~15 min)

[7:05-7:50 PM]

Implementing Security Compliance Through Automation

Joseph Bennet - Lead Consultant Contino,
Aaron Brock - Lead Consultant Contino,
Jason Lutz, NPA - Senior DevOps Consultant, Security

Topic:

Hybrid cloud change control and compliance can be manual, cumbersome and not scale well.  Joseph, Aaron and Jason will present how they migrated a manual process of log ingestion for clients AWS flow logs into an automated process driven by what are typically considered DevOps tools such as Git, Ansible, Jenkins, Terraform and Trumpet.  This reduced the process timeline from days to hours, and allowed different teams to more effectively collaborate in managing the process.  This mash-up of tools and how they were used provides important lessons for the future of Security Automation.  Don’t miss this highly technical presentation which will include demo code and interactive chat session with the presenters.

Bio:

Joseph:  Joseph Bennet has 14 years working in the IT industry, and 7 years as a consultant ups killing clients and their staff in the deployment, management, and use of various technologies. Joseph Bennet's includes a wide range of industries including financial, entertainment as well as public sector experience working with organizations such as the US Patent and Trademark Office and the Army Research Laboratory.

Aaron:  Aaron N. Brock, is passionate about delivering solutions which create business value for clients. His forte is to tightly integrate iterative technological improvements with people-focused learning and upskilling, creating an environment where positive change is encouraged. He continues to evangelize a Cloud-First approach following DevOps best practices. Aaron has extensive experience in Docker, K8s, Jenkins, Ansible, Terraform and more. He continues to work with a wide breadth of companies across a variety of industries ranging from gaming to large financial institutions, and has experience at every level of the software development lifecycle.

Jason: Passionate in building cloud security programs, implementing open source technologies, and addressing information security risk. As a certified ISO 27001 Lead Implementer: he understands what it takes to build and reinforce information security management systems (ISMS) with a specialized focus on cloud implementations. He continuously increases his security, compliance and technical skills; combining these skills to create a unique amalgamate of knowledge to offer to our clients.

 

[7:50-8:40 PM]

FBI Cyber Task Force Update

FBI Seal
Federal Bureau of Investigation

by FBI Special Agent Paul Schaaf, also Phoenix Co-Infragard Coordinator

Topic:

Paul and team will provide an update from the FBI Cyber Task Force on the onslaught of on-line misinformation and how it is going to force our society to change the way we consume information and trust sources.

[8:40PM]

End

 

Cyberwarfare vs Conventional and how AI is empowering our adversaries

Monday Feburary 3rd, 2020 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: Fortinet 

Our thanks to Fortinet for sponsoring this months meeting!

Fortinet Logo
Fortinet

 

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Review of Community CyberEvents (~5 min)
  • Short presentation by our sponsor, Fortinet (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7:00-8:00 PM]

Warfare: Cyber vs.  Conventional

by John Jacobs, VP of Systems Engineering , Fortinet.

Bio:

As Vice President of Systems Engineering, John currently leads teams for a number of Fortinet’s largest customers and service providers. With 20 years of experience in network design, engineering and global operations, he continuously works to strategize, construct and operate data and content delivery that can scale and survive modern business needs.

As the industry has shifted from a focus of simple connectivity to one of continuous access, real-time security, and expanded platforms, he is proud to be part of a leading security organization as a consultative member of the Fortinet Security Fabric team, offering direct feedback from the field to help best determine not only how we shape our technology, but also the ecosystem growth through partners and their complimentary solutions.

John resides in Seattle, Washington, holds a bachelor’s degree in business management, and will obtain his master’s degree in cybersecurity and information assurance in 2020. .

Topic:

What is cyber warfare?  How is cyber warfare different from a conventional war?  How would a modern conflict between nation states manifest it self with todays technical landscape.  How would a cyber war impact the private sector?

Join John as he reviews the new landscape of warfare and how most countries are preparing for the likelihood that the next war will be a hybrid between cyber and conventional, and the impact to all of us that are in the line of fire.

[8:00-8:45 PM]

How AI and Deep Learning are Empowering our Adversaries

Bio Placeholder Pic
Image Pending

by Gavin Klondike , Sr. Security Consultant

Bio:

Gavin is a senior consultant and researcher who has a passion for network security, both attack and defense. Through that passion, he runs NetSec Explained; a blog and YouTube channel which covers intermediate and advanced level network security topics, in an easy to understand way. His work has given him the opportunity to be published in industry magazines and speak at conferences such as Defcon and CactusCon. Currently, he is researching ways to address the cybersecurity skills gap, by utilizing machine learning to augment the capabilities of current security analysts.

Gavin has presented to the group before in Jan of 2019 on Machine Learning with very positive reviews.

Topic:

There’s no question that modern advances in AI and Deep Learning technologies have allowed organizations to greatly scale their defensive capabilities. Between detecting evolving threats, automating discovery, fighting dynamic attacks, and even freeing up time for IT professionals; AI-fueled automation has been a boon for system defenders. But before we get too comfortable, we need to remember that there is another side to this fight.

In this talk, we’ll take a look at how AI technologies are enhancing adversarial capabilities and how challenges in defensive machine learning are opening up new attack surfaces.

[8:45-9:00 PM]

Networking

 

ISO 27001 Information Security Management and Hacking Hired

Metro Area

Monday April 1st, 2019

This month we have Dave Anders presenting on Information Security Management with an emphasis on ISO 27001 along with Rachel Harpley who will be presenting Hacking Hired: Work the Vectors, Get the offer.

Erik Graham will be presenting his popular cyber threat update as usual.

This meeting is free and open to the public, so please invite your friends & bring your best questions. Our goal is to keep you, your co-workers, and your family informed and safe

Free to the public, no RSVP’s, food and drinks provided by our sponsors.

2625 W Baseline Rd, Tempe, AZ 85283 (Map)

Sponsor: 

 

At this time we have an open sponsorship slot.  If you would like to sponsor this meeting information on our sponsorship page or contact John Nash

AGENDA

Networking, Food and Drinks

  • 6:00 to 6:30 pm
  • No Entry into the UAT Theater until 6:30 as classes are in session
  • No Food or Drink inside the UAT theater at any time

General Announcements & Sponsor Segment

  • 6:30 to 6:50 pm
  • Sponsorship pending

Cyber Threat Updates by Erik Graham

  • 6:50 to 7:00 pm
  • Erik will be presenting his cyber update in his usual entertaining style.

Information Security Management with Dave Anders

  • 7:00 to 7:45 pm

As CEO/Partner of iCertWorksISO Manager and SecuraStar, Dave Anders has worked for decades managing a broad spectrum of risk management products and services for some of the largest organizations in the world

Join Dave as he reviews the method and approach used to apply the ISO 27001 framework to multinational organizations with complex risk models.

 

 

Hacking Hired: Work the Vectors, Get the Offer with Rachel Harpley

  • 7:45 to 8:45 pm

Rachel Harpley of Recruit Bit Security will present the insider track on how to manage your cyber security career trajectory.

There are no traditional career paths in cyber security, but the recruiting process often lacks transparency. Come learn from an insider to build your own career. This talk, “Hacking Hired,” identifies the four primary vectors of your job search and shares insights on how to work these vectors to your advantage to create the career you want. From a high-level, these vectors are the tools, technology, organizations and people. This is open to professionals at every stage in their career.

 

Wrap Up and Networking

  • 8:45 to 9:00 pm

Meeting 2019-Jan

FBI

Monday January 7th, 2019

WHO: Southwest CyberSec Forum
WHEN: 1st Monday of each month (excluding holidays)
WHERE:  UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283 (NEW LOCATION!)
WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.
FREE: No membership fees, no RSVP's, food and drinks provided by our sponsors.

 

Our FBI forum is always our most attended meeting and we expect a good turnout for this one as well. Be sure and invite all your friends for a very informative and timely presentation from Paul Schaaf, Special Agent. He will be proceeded by Casey Reid of Tenable (Provider of Nessus) presenting "Vulnerability Management 2.0." And of course Erik Graham will be presenting his popular cyber threat update as well.

This meeting is free and open to the public, so please invite your friends & bring your best questions. Our goal is to keep you, your co-workers, and your family informed and safe

Notice: Until Further Notice, all future meetings will be at the University of Advancing Technology in Tempe, AZ.

2625 W Baseline Rd, Tempe, AZ 85283

Sponsor: 

Nuix Logo

NUIX Endpoint security, governance, risk and compliance

Contact:

David Petty
SVP Commercial Sales
David.Petty@nuix.com | http://www.nuix.com
Ph: 1-703-969-5056
Herndon, VA

LinkedIn

 

AGENDA

*6:00 to 6:30*
Networking outside the UAT theater

(No Food Inside Theater Please per UAT rules)

*6:30 to 6:50 pm* 
General Announcements & Sponsor Segment

*6:50 to 7:00 pm*
Cyber Threat Updates by Erik Graham

*7:00 to 7:45 pm*
Vulnerability Management 2.0

Presented By

Casey Reid, Principle Security Engineer

Tenable (Maker of Nessus Software)

LinkedIn

*7:45 to 8:45 pm*
Paul Schaaf presents FBI Year End Review and What's Coming for 2019

*8:45 to 9:00 pm*
Wrap Up and Networking