ISSA-NE.org
  • Home
  • Events
    • 2021 ISSA NE Chapter Events
  • Sponsors
    • Cybereason
    • Sayers
    • digital shadows
    • Semperis
  • Call for Speakers
  • About
  • Archive
    • 2020 Archive >
      • 2020 September Webinar
      • Cyber Security Summit POWERHOUR - July 2020
      • 2020 June Webinar
      • 2020 May Webinar
      • 2020 April Webinar
      • 2020 February Zoom Meeting
      • SkiCon New England - Feb. 2020
    • 2019 Archives >
      • ISSA NE December 2019 Members-Only Roundtable
      • SANS Boston event - April 2019
      • 2019 November Chapter Meeting
      • 2019 ISSA NE February Tech Talk
      • 2019 May Chapter Meeting
      • 2019 July Chapter Meeting
      • ISSA NE Chapter Meeting at SecureWorld Boston
      • Cloud Security Alliance 2019 Boston Chapter Forum
      • October 2019 Cybereason event > Prevent Cyber Stalking
      • 2019 SecureWorld Boston
    • 2018 Archives >
      • 2018 November 7 Chapter Meeting
      • 2018 Cybereason > The AI Hunting Tour
      • 2018 September Chapter Meeting
      • 2018 ISSA NE Briefing
    • 2017 Archives >
      • 2017 Annual Chapter Meeting & 30th Anniversary Celebration
      • 2017 September Chapter Meeting
      • 2017 Annual Sponsor Expo and Chapter Meeting
      • 2017 April Chapter Meeting
      • 2017 March ISSA-NE Breakfast and Presentation at SecureWorld
  • Contact

2018 November 7th Chapter Meeting

You are invited to The ISSA New England Chapter's 2018 Annual Meeting for a day packed with well-
known practitioners in the field of Information Security as well as networking with your peers.

Attendees will earn 4 CPEs

Where: O’Neil Cinemas, 1208 Constitution Ave, Littleton, MA 01460
When: Wednesday November 7th, 2018

AGENDA:
10.00 –  10:45 am   Offensive & Defensive Open-source Intelligence (OSINT) by Roy Wattanasin
10.50 - 11.30 am      Account Takeover & Credential Stuffing: What’s Yours is Mine by David Shear
11.30 – 12.30 pm     Board announcements and Lunch 
12.30 – 1.10 pm        Rapidly Changing Data Protection Landscape by Bill Brunt
1.15 - 2 pm                   Security Issues on TOR by Shukong Ou
SPEAKER BIOs

Roy Wattanasin
 is a healthcare information security professional and faculty member of over 10 years.
He has experience in many industries and has lots of international work experience. He is a former
security officer of a medical, healthcare center for many years. Roy spends most of his time developing
information security programs, teaching students, performing incident response and helping to build the
local communities. Roy is a longtime ISSA member, OWASP Boston board member and a
member/contributor to many groups. He has presented at many conferences such as Defcon Groups,
HOPE, Derbycon, BSides conferences, ISSA, ISACA, Secureworld, OWASP, BASC and Infosec World.

Open source intelligence (OSINT) is using and analyzing publicly available data for intelligence. Tools are
used in the reconnaissance phase to gather as much information about the target (s) as possible. OSINT
can be used for effective target discovery and for other stages. The first half of the talk will focus on
offensive OSINT (ways to get information) and the 2nd half of the talk will focus on defensive OSINT
(ways to protect yourself or reduce your footprint online.) A hands-on tools demo will be demonstrated
per time permitting. This presentation will focus on giving an in-depth overview of some of the different
tools that are available (combined in to this one-talk for your reference, review and sharing needs).
Bring your questions and comments as we will have an open discussion about some of your favorite
tools for sharing.

David Shear is an Analyst at Flashpoint who researches cybercrime communities, actors, and threats
originating primarily from North and South America. A Deep & Dark Web subject matter expert, he
specializes in analyzing threat actors’ tactics, engagement, and targeting patterns to help organizations
across multiple industries address and mitigate cyber threats. Prior to Flashpoint, David served as a
Systems Administrator for SecureWorks’s Networks Operations Center before joining the Counter
Threat Unit within the company’s Surveillance Division. His research on threat intelligence and
information security has been featured in numerous publications including Ars Technica, Dark Reading,
SecurityWeek, SC Magazine, and Wired, among others.

Account takeover (ATO) attacks use previously compromised credential pairs to automate login
attempts. Also known as “identity testing” or “credential stuffing”, these attacks use data that may have
been procured from paste sites like Pastebin, or directly by the attackers themselves in previous
operations. With the wide range of available attack tools and stolen credentials available within the
Deep and Dark Web, account takeover is on the rise, and actors of all sophistication levels can start their
own ATO campaign. This presentation will cover: What is Account Takeover (ATO)?, Different methods
of ATO, Overview of threat actors associated with these types of attacks and Demo of credential stuffing
attack from attacker and defender sides

Bill Brunt is a solution architect for TITUS, the world’s leading provider of classification and protection
solutions. Bill has travelled the world over, providing services which have helped the largest commercial
enterprises as well as the most sensitive parts of government in their pursuit of diligent data handling
techniques.
Bill has approached the Data Protection challenge from many angles as a CIO, Product
Manager, Solution Architect, Manager of Enterprise Data Services for a Global F25 Company.

Now, more than ever, there is an expectation for organizations to holistically manage an individual’s
data. Not just protect but actually manage. Essentially, we are seeing the emergence of data rights. This
presentation will review key concepts in the regulatory landscape including right to forget, disclose data
held, retention periods and more. Furthermore, specific techniques for managing other kinds of data,
i.e. that involving sensitivity drift and other concepts. Takeaways include Understanding the regulatory
trends, Best practices for data handling/governance for unstructured data and Protection of existing and
future investments in the security eco-system.

Shukong Ou has worked for AT&T's Chief Security Office for 18 years, and in the computer and
engineering departments of Stone&Webster for 19 years before that. He has had an interest in
communications and security for a few decades and loves to do things hands-on. He has a five-digit
CISSP number.

Today he will talk about what TOR (aka the Dark Web) is, some security uses for TOR and some
suggestions of what network owners should do about it. We will also take a digression to talk about
what privacy means to you.
Presentations below:
issa_rw_11072018.pdf
File Size: 1606 kb
File Type: pdf
Download File

2018-11-07_issa_rapidly_changing_data_protection_landscape.pptx
File Size: 2483 kb
File Type: pptx
Download File

torforsecurity20181101.odp
File Size: 748 kb
File Type: odp
Download File

Powered by Create your own unique website with customizable templates.
  • Home
  • Events
    • 2021 ISSA NE Chapter Events
  • Sponsors
    • Cybereason
    • Sayers
    • digital shadows
    • Semperis
  • Call for Speakers
  • About
  • Archive
    • 2020 Archive >
      • 2020 September Webinar
      • Cyber Security Summit POWERHOUR - July 2020
      • 2020 June Webinar
      • 2020 May Webinar
      • 2020 April Webinar
      • 2020 February Zoom Meeting
      • SkiCon New England - Feb. 2020
    • 2019 Archives >
      • ISSA NE December 2019 Members-Only Roundtable
      • SANS Boston event - April 2019
      • 2019 November Chapter Meeting
      • 2019 ISSA NE February Tech Talk
      • 2019 May Chapter Meeting
      • 2019 July Chapter Meeting
      • ISSA NE Chapter Meeting at SecureWorld Boston
      • Cloud Security Alliance 2019 Boston Chapter Forum
      • October 2019 Cybereason event > Prevent Cyber Stalking
      • 2019 SecureWorld Boston
    • 2018 Archives >
      • 2018 November 7 Chapter Meeting
      • 2018 Cybereason > The AI Hunting Tour
      • 2018 September Chapter Meeting
      • 2018 ISSA NE Briefing
    • 2017 Archives >
      • 2017 Annual Chapter Meeting & 30th Anniversary Celebration
      • 2017 September Chapter Meeting
      • 2017 Annual Sponsor Expo and Chapter Meeting
      • 2017 April Chapter Meeting
      • 2017 March ISSA-NE Breakfast and Presentation at SecureWorld
  • Contact