February 2017

February 2017

Sponsor: ASG

Speaker: Jeff Hooper, Systems Engineer at Gemalto (formerly SafeNet)

Topic: Digital Certificates and Key Management.  He will cover new laws requiring key management, give examples of specific breaches and how the solutions helped them recover or prevent the attacks.  



Lunch is $15 for non members, cash or check only.

December 2016

December 2016

Sponsor: Boise ISSA

Moderator: Vince Skinner, VP of Security, D.A. Davidson & Boise ISSA President 

Topic: Round Table Discussion. Topics to include: malware protections, incident response, penetration testing, Senior Management Support, and other related topics.


November 2016

Sponsor: Tanium

Topic: Know your environment better than your adversary

Presenter: Jesse Harris, Director of Technical Account Management


  • Assumption of breach. We are existing in a world where the adversary is significantly better equipped than most security teams. Most only know what is supposed to be in the environment, the winning party will know what is actually in the environment
  • Good Hygiene: 99% of breaches come from known vulnerabilities. Seek a source of truth for patching, privileged credentials, autoruns, processes with md5’s, etc.
  • Know the outliers: applications, new files, changed files, 50 writes per second to a drive, etc
  • Script well – VBScript, Python, Powershell, etc.
  • IR at Scale – Basic anatomy of a mimikatz memory credential dump, how’d we get here??
  • Building an IOC for scalability, MD5 (message digest algorithm 5)
  • Our widgets have to play nice, don’t architect in silos, try to have a built in vs bolt on security architecture/strategy
  • There is a light at the end of the tunnel, but we can’t reinvent the wheel. We need to focus on ways to reinvent the road.


Lunch is $15 for non members, cash or check only.



Professional Credit: 1.5 CPE
Hope to see you soon!

Vince Skinner, President

If you have any questions or need to cancel please email Rachel.

If you are a maybe please respond with a yes.

October 2016

Sponsors: RSA & Datashield

Topic: Exposing the Terracotta VPN – Anatomy of an Advanced Campaign

Summary: In August 2015, RSA uncovered details of a massive malware-supported VPN network being used as a launch platform for APT activity, dubbed “Terracotta”.   This malicious service gave nation-state actors a way to obscure their true origin when acting on their objectives by tunneling their activities through VPN nodes silently installed on victim networks across the globe.  This session will explain what Terracotta VPN is, how it works, and how it was ultimately discovered.

Presenter: Sean Ennis, RSA

Sean Ennis is a Principal Systems Engineer at RSA with over 10 years of experience designing and building security solutions for organizations across North America.  With previous tenures at Bell Canada, Cisco (IronPort), and HP (TippingPoint), Sean has been at RSA for the last 5 years, focusing on consulting on the architecture, design, and operations of Security Operations and Critical Incident Response programs


February 2016 – Fifty Shades of Risks

Topic: Fifty Shades of Risks

Summary: In a day and age when advanced threats and active countermeasures are all the rage, topics such as a risk management may seem boring and pedestrian. However, a mature risk management approach is the bedrock of any effective cyber security program. Reid and Dustin will talk about St. Luke’s journey in establishing and maturing a risk management program.

Presenter: Reid Stephan, CISO, St. Luke’s Health System
Dustin Aldrich, Cyber Security Analyst, St. Luke’s Health System

Mr. Stephan the CISO at St. Luke’s Health System. He has over 16 years of experience in cyber security, including 9 years leading HP’s global corporate IT security incident response program. He has a Bachelor of Management Information Systems from the University of Idaho and an MBA in Technology Management from the University of Phoenix. He is a HealthCare Information Security and Privacy Practitioner (HCISPP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and a Certified Professional in Healthcare Information & Management Systems (CPHIMS). @rtstephan


January 2016 –

Topic: Continuous Monitoring to decrease your Mean-Time-To-Detect and Mean-Time-To-Respond

Summary: In this presentation I will address why a prevention-centric approach is insufficient and how and why continuous (machine based analytics) monitoring is essential to decreasing an organizations MTTD and MTTR.


Presenter: Dustin Vaughn | Sr Sales Engineer 

Dustin is a dynamic Information Security Professional with 18+ years of experience. Spanning his career, Dustin has demonstrated abilities for working at the design and planning as well as the operational and management level of Information Security. Dustin’s employment experience with companies and organizations such as LogRhythm, Coalfire Systems, CH2M HILL, Alcatel-Lucent, Northrop Grumman, the Department of Homeland Security, as well as the US Air Force has him well versed in both commercial and government information security. In his current position, Dustin is a Sales Engineer with LogRhythm. LogRhythm is a Security Information and Event Management solution that Gartner has identified and placed as a Leader in the SIEM Magic Quadrant for multiple year. Dustin currently holds & maintains multiple GIAC certifications and has been a CISSP since 2005. In addition, Dustin enjoys working as a SANS Mentor instructor because it gives him the opportunity to combine his passions for Information Security and teaching, while working with fellow security practitioners. 



December 2015 – Last Call for Attackers – You Don’t Have to Go Home, But You Can’t Stay Here

Topic: Last Call for Attackers – You Don’t Have to Go Home, But You Can’t Stay Here


It’s no secret that most targeted organizations are compromised for months or years before they discover for themselves, or are notified by an outside party, that an intrusion has occurred. But once the lights go on, how long should it take to kick out the bad guys?

These attackers are constantly evolving their TTPs using strategies to circumvent common defenses such as IDS/IPS, whitelisting solutions, DLP, and two-factor authentication VPN solutions. To make matters worse, they usually hide in plain site, using legitimate credentials.

The CrowdStrike remediation team has developed strategies to combat these adversaries and will share some of those countermoves in this session.  We’ll discuss real word cases we’ve recently worked and show you the defensive strategies we used to counter Bears and Pandas and Kittens in the wild.

Presenter: Christopher Scott

Director CrowdStrike Services
twitter: NetOpsGuru 

Christopher Scott has over 15 years experience working with the Department of Defense and Fortune 500, and Defense Industrial Base companies to develop business and network security processes and procedures.  He has particular expertise in targeted threat detection and prevention.   As a Director at CrowdStrike Services, Christopher specializes in developing and implementing remediation plans for clients.  In addition, he supports a variety of other engagements including conducting security reviews, leading incident response teams, performing insider threat analysis and engineering threat detection systems, business continuity and disaster recovery processes. Christopher has presented several times to peers at closed-session DoD and DIB conferences. He frequently collaborates on techniques and processes to detect some of the most advanced targeted attacks companies face today.



November 2015 – Splunking for Endpoint Security

Topic: Splunking for Endpoint Security


The front line in cybersecurity is the endpoint (and users).  In this talk I will be discussing methods often used as attack vectors and how to detect them using Splunk.  Learn how to improve your organization’s security posture by Splunking filesystem details, processes, services, hashes, ports, registry settings and more.


Presenter: Randy Trobock

Randy Trobock is a professional services security consultant for Splunk with 6+ years in IT and security fields. He currently holds CISSP, CEH, SSCP certifications, has security consultant experience in several industries including energy/utilities, retail, insurance, education, and finance. He likes to drink expensive scotch and owns many leather bound books. 


Register Here