2017 September Chapter Meeting
ISSA NE Chapter Meeting – Thursday 9/28/17
“4 CPEs”
Venue: Showcase Cinemas http://patriot-place.com/cinemadelux
24 Patriot Place, Foxboro, MA, 02035
Come join us as at Gillette Stadium with a full day packed with well-known and established practitioners in the field of information security: Ira Winkler, Former President, ISSA International and author of 6 books on cyber security, and April Wright, who has spoken at Boston DEFCON Group, Founder and speaker at BSides, Cloud Security Alliance and similar industry events, Mich Kabay Director MSIA Online Program at Norwich University and Jeff Stutzman, Founder Wapack Labs and our own Dave Dumas, Senior Network Security Engineer at Verizon Wireless! And earn 4 CPEs.
Meeting AGENDA:
10.30 AM to 11:00 AM Registration
11:00 AM to 11:45 AM Reality Trumps Theory: Security & Management-by-Walking-Around Dr. Mich Kabay, CISSP-ISSMP Norwich University Professor of Information Security
11.45 AM – 12.00PM Reducing Cost and Risk During an Investigation Terry Stewart, AccessData
12.00 PM - 1.00 PM Lunch and Networking
1:00 PM to 1:45 PM Fighting Sophisticated Threats with Advanced Persistent Security Ira Winkler Chief security strategist at HP Consulting, and director of technology of the National Computer Security Association
1:50 PM to 2:20 PM A Secure Foundation: Why building security into everything 'from the start’ matters April Wright Senior Security and Compliance Manager for Verizon Wireline
2:30 PM to 3:15 PM The “Daily Show”, a massive deployment of key loggers, Jeff Stutzman, CISSP, Chief, Intelligence Operations, Wapack Labs
3:20 PM to 4:00 PM Key Takeaways - Verizon Data Breach Report 2017, Dave Dumas, CISSP, CISM, ISSA Distinguished Fellow, Senior Network Security Engineer, Verizon's Wireline Security Operations
4.00 pm Onwards Networking Event
ISSA NE Chapter Meeting – Thursday 9/28/17
“4 CPEs”
Venue: Showcase Cinemas http://patriot-place.com/cinemadelux
24 Patriot Place, Foxboro, MA, 02035
Come join us as at Gillette Stadium with a full day packed with well-known and established practitioners in the field of information security: Ira Winkler, Former President, ISSA International and author of 6 books on cyber security, and April Wright, who has spoken at Boston DEFCON Group, Founder and speaker at BSides, Cloud Security Alliance and similar industry events, Mich Kabay Director MSIA Online Program at Norwich University and Jeff Stutzman, Founder Wapack Labs and our own Dave Dumas, Senior Network Security Engineer at Verizon Wireless! And earn 4 CPEs.
Meeting AGENDA:
10.30 AM to 11:00 AM Registration
11:00 AM to 11:45 AM Reality Trumps Theory: Security & Management-by-Walking-Around Dr. Mich Kabay, CISSP-ISSMP Norwich University Professor of Information Security
11.45 AM – 12.00PM Reducing Cost and Risk During an Investigation Terry Stewart, AccessData
12.00 PM - 1.00 PM Lunch and Networking
1:00 PM to 1:45 PM Fighting Sophisticated Threats with Advanced Persistent Security Ira Winkler Chief security strategist at HP Consulting, and director of technology of the National Computer Security Association
1:50 PM to 2:20 PM A Secure Foundation: Why building security into everything 'from the start’ matters April Wright Senior Security and Compliance Manager for Verizon Wireline
2:30 PM to 3:15 PM The “Daily Show”, a massive deployment of key loggers, Jeff Stutzman, CISSP, Chief, Intelligence Operations, Wapack Labs
3:20 PM to 4:00 PM Key Takeaways - Verizon Data Breach Report 2017, Dave Dumas, CISSP, CISM, ISSA Distinguished Fellow, Senior Network Security Engineer, Verizon's Wireline Security Operations
4.00 pm Onwards Networking Event
Agenda:
Speaker Presentation Synopsis and Bios :
REALITY TRUMPS THEORY: Security & Management-by-Walking-Around, By Dr. Mich Kabay,
Norwich University Professor of Information Security; http://mekabay.com/
Mich Kabay has been programming computers since 1965, teaching applied statistics since 1975, and teaching computer science since 1977. Mich was the Director of the online Master's Program in Information Assurance (MSIA) in the School of Graduate and Continuing Studies (SGCS) at Norwich University, Northfield, Vermont where he was also the Chief Technical Officer of the SGCS.
A Secure Foundation: Why building security into everything 'from the start' matters – By April Wright
Just as the roof of a building cannot be stable without a strong foundation and carefully considered frame, technology cannot be complete without being created with security in mind at every step. Reliance on post-implementation testing and quality assurance models essentially ignores the impact of security on the architecture and design of a solution. Pragmatic steps can be employed to build resiliency and security into software, products, and services, in order to help protect customers and businesses from threats.
April C. Wright is a Senior Security and Compliance Manager for Verizon Wireline, building and maturing secure Software Development Lifecycle (SDLC) programs, implementing Governance, Risk, and Compliance (GRC), spearheading threat intelligence, and performing risk reduction with a vengeance via leadership of comprehensive security efforts for massive global infrastructures. She is a hacker who has spent the last 25 years as a generalist, breaking, making, fixing, and defending all the things, while playing roles on offensive, defensive, operational, and development teams throughout her career. Specializing in seemingly nothing (except maybe learning about everything in the hope of sharing and employing knowledge), April has collected dozens of certifications to add letters at the end of her name, from Social Engineering to Cloud Security to First Aid to Photography. She once read on 'the interwebs' that researchers at the University of North Carolina released a comprehensive report in 2014 confirming that she is the “most significant and interesting person currently inhabiting the earth”, so it must be true.
Fighting Sophisticated Threats with Advanced Persistent Security – By Ira Winkler
It appears that any successful attack these days is labeled, Sophisticated. The implication is that the attacks were unpreventable. The reality is very different. In this presentation, Ira dissects recent attacks, and then go through how they could have been prevented. Advanced Persistent Security principles are applied to demonstrate how even successful breaches can be contained to significantly reduce loss
Ira Winkler, CISSP, is President of Secure Mentem and author of Advanced Persistent Security. He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media. He did this by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs. Ira also won the Hall of Fame award from the Information Systems Security Association, as well as several other prestigious industry awards. Most recently, CSO Magazine named Ira a CSO Compass Award winner as The Awareness Crusader.
Ira is also author of the riveting, entertaining, and educational books, Advanced Persistent Security, Spies Among Us and Zen and the Art of Information Security. He is also a columnist for ComputerWorld, and writes for several other industry publications.
Reducing Cost and Risk During an Investigation
Terry Stewart will walk through user scenarios that help highlight current challenges in managing investigations across the corporation, and provide best practices for improving collaboration, reducing cost and accelerating digital investigation.
“Interconnectness - The ease in which access can happen.” By Jeff Stutzman, CISSP, Chief, Intelligence Operations, Wapack Labs
As seen on CNN, Jeff Stutzman will discuss the “Daily Show”, massive deployment of key loggers. This paper lead to the discovery of massive intrusions, starting in the maritime sector, spreading into manufacturing, transportation/logistics and financial industry.
Jeff Stutzman is co-founder and president of Wapack Labs, a ‘hands on’ intelligence and analysis end of the Red Sky Alliance operation.
Key Takeaways - Verizon Data Breach Report 2017, By David Dumas, CISSP, CISM, ISSA Distinguished Fellow
Verizon has been creating this report for 10 years now. David will give you an overview of the highlights from this year’s report and discuss the basic security hygiene that we all must promote in our companies. He will summarize the 8 sectors evaluated and the 9 attack patterns most commonly used.
David is a Senior Network Security Engineer working directly for the Chief Network Security Officer of Verizon's Wireline Security Operations group. He has 31 years in the security field, working at Digital Equipment and Verizon. He will be presenting on the 2017 Verizon Data Breach Report.
Norwich University Professor of Information Security; http://mekabay.com/
Mich Kabay has been programming computers since 1965, teaching applied statistics since 1975, and teaching computer science since 1977. Mich was the Director of the online Master's Program in Information Assurance (MSIA) in the School of Graduate and Continuing Studies (SGCS) at Norwich University, Northfield, Vermont where he was also the Chief Technical Officer of the SGCS.
A Secure Foundation: Why building security into everything 'from the start' matters – By April Wright
Just as the roof of a building cannot be stable without a strong foundation and carefully considered frame, technology cannot be complete without being created with security in mind at every step. Reliance on post-implementation testing and quality assurance models essentially ignores the impact of security on the architecture and design of a solution. Pragmatic steps can be employed to build resiliency and security into software, products, and services, in order to help protect customers and businesses from threats.
April C. Wright is a Senior Security and Compliance Manager for Verizon Wireline, building and maturing secure Software Development Lifecycle (SDLC) programs, implementing Governance, Risk, and Compliance (GRC), spearheading threat intelligence, and performing risk reduction with a vengeance via leadership of comprehensive security efforts for massive global infrastructures. She is a hacker who has spent the last 25 years as a generalist, breaking, making, fixing, and defending all the things, while playing roles on offensive, defensive, operational, and development teams throughout her career. Specializing in seemingly nothing (except maybe learning about everything in the hope of sharing and employing knowledge), April has collected dozens of certifications to add letters at the end of her name, from Social Engineering to Cloud Security to First Aid to Photography. She once read on 'the interwebs' that researchers at the University of North Carolina released a comprehensive report in 2014 confirming that she is the “most significant and interesting person currently inhabiting the earth”, so it must be true.
Fighting Sophisticated Threats with Advanced Persistent Security – By Ira Winkler
It appears that any successful attack these days is labeled, Sophisticated. The implication is that the attacks were unpreventable. The reality is very different. In this presentation, Ira dissects recent attacks, and then go through how they could have been prevented. Advanced Persistent Security principles are applied to demonstrate how even successful breaches can be contained to significantly reduce loss
Ira Winkler, CISSP, is President of Secure Mentem and author of Advanced Persistent Security. He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media. He did this by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs. Ira also won the Hall of Fame award from the Information Systems Security Association, as well as several other prestigious industry awards. Most recently, CSO Magazine named Ira a CSO Compass Award winner as The Awareness Crusader.
Ira is also author of the riveting, entertaining, and educational books, Advanced Persistent Security, Spies Among Us and Zen and the Art of Information Security. He is also a columnist for ComputerWorld, and writes for several other industry publications.
Reducing Cost and Risk During an Investigation
Terry Stewart will walk through user scenarios that help highlight current challenges in managing investigations across the corporation, and provide best practices for improving collaboration, reducing cost and accelerating digital investigation.
“Interconnectness - The ease in which access can happen.” By Jeff Stutzman, CISSP, Chief, Intelligence Operations, Wapack Labs
As seen on CNN, Jeff Stutzman will discuss the “Daily Show”, massive deployment of key loggers. This paper lead to the discovery of massive intrusions, starting in the maritime sector, spreading into manufacturing, transportation/logistics and financial industry.
Jeff Stutzman is co-founder and president of Wapack Labs, a ‘hands on’ intelligence and analysis end of the Red Sky Alliance operation.
Key Takeaways - Verizon Data Breach Report 2017, By David Dumas, CISSP, CISM, ISSA Distinguished Fellow
Verizon has been creating this report for 10 years now. David will give you an overview of the highlights from this year’s report and discuss the basic security hygiene that we all must promote in our companies. He will summarize the 8 sectors evaluated and the 9 attack patterns most commonly used.
David is a Senior Network Security Engineer working directly for the Chief Network Security Officer of Verizon's Wireline Security Operations group. He has 31 years in the security field, working at Digital Equipment and Verizon. He will be presenting on the 2017 Verizon Data Breach Report.