Membership Meetings

November 2018

Sponsor: Carbon Black

Speaker: Jason Madey – Security Strategist

“The Pilot’s Checklist – Suppressing risk in a new age of threats and regulation.”

Register

 

October 2018

Sponsor: ISSA

Speaker: Ken Dunham, Optiv, MSS Technical Director

Abstract: 

Orchestration and Automation in the Real World

With a massive gap in available talent and scale challenges in a big data world the industry is starting to embrace orchestration and automation as a solution.  There is no easy fix.  There is no affordable off the shelf solution.  Orchestration and automation, in the real world, involves real challenges, pitfalls, and opportunities to grow and mature as an organization.  Ken will introduce the concepts of O&A and share how Optiv has navigated application of these principles and solutions within MSS, with some failure and some success.

Register

 

March 2018

Sponsor: NCC Group

Speaker: Vic Bhatia, Regional Director for the RMG practice at NCC Group

Title: HITRUST CSF – Introduction, Critical Success Factors, and Key Gotchas

Abstract:  HIPAA is not prescriptive, which makes it open to interpretation and difficult to apply. Organizations must necessarily reference additional standards for guidance on how to implement the requirements specified by HIPAA. It is also not the only set of security requirements healthcare organizations need to address (e.g., PCI, state, business partner requirements etc.).

The Health Information Trust Alliance (HITRUST) exists to ensure that information security becomes a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. It has developed a CSF framework that addresses specific challenges such as concern over current breaches, numerous and sometimes inconsistent requirements and standards, compliance issues, and the growing risk and liability associated with information security in the healthcare industry. Organizations can use this CSF framework to create, access, store, or exchange Protected Health Information (PHI) safely and securely.

This presentation will give an introduction to the HITRUST CSF framework and how to implement it; and also, an overview of some of the critical success factors and ‘gotchas’ that NCC Group has encountered in its work as a HITRUST CSF Assessor.

BIO: Vic’s background is industry operator turned consultant. Earlier on in his career, Vic was the CISO of a global Fortune 500 company. He subsequently switched to consulting about 10 or so years ago; leveraging his  C | CISO leadership experience and board-level management skills to assist clients in the areas of information security, enterprise risk management, business continuity, compliance and governance.

Vic’s area of expertise is working with companies where “security fatigue” has set in – and executives are questioning the vision, value-add, execution, and ROI for security. Vic is a trusted advisor to the board and CISO-coach to “right-size”, align and fix under-performing security programs.

Vic is also a frequent speaker at various conferences and seminars, and the author of an upcoming book “CISO Essentials: Your First 90 Days”.

Lunch is $15 for non members, cash or check only.

Professional Credit: 1.5 CPE

Register

 

 

February 2018

Sponsor: Intrinium

Speaker: Kylie Martonik, Manager, Security Consulting

Title: “Don’t turn off that computer!”  The Top Mistakes That Will Disrupt a Forensic Investigation

 Abstract:  The most difficult aspect of Forensics Investigations is that MOST ALL well-intentioned remediation tactics like running virus scans, shutting off the suspect computer, disconnecting from the internet, moving devices to another network – are LIKELY THE WRONG STEPS TO TAKE and can severely impact the forensic investigation. The correct steps can be very counterintuitive, which makes trusting your instincts a risky proposition.

Handling a Forensic Investigation correctly requires a disciplined process executed by technical staff that have the appropriate expertise. From initial discovery to delivery of the findings, every step of an investigation should be meticulously planned and followed.

In this interactive conversation, Intrinium’s Security Consulting Manager, Kylie Martonik, will explore several actions that are often taken by well-intentioned personnel that will compromise your investigation. We will discuss what you and your company can start doing now to ensure you are prepared to CORRECTLY handle incidents in the future.

BIO: As a key penetration tester for Intrinium, Kylie has deep experience in ethical hacking and vulnerability analysis at institutions of all size throughout the Northwest and beyond. Kylie is adamant about information security and ensuring the so called “crown jewels” of a company are properly protected from both outsider and insider threats. She has been a first responder and investigator in forensic investigations ranging from small businesses to larger firms such as retail and financial institutions. Additionally, Kylie is an expert on a range of standards set forth by NIST, the NSA, HIPAA, and the SANS Institute. Kylie is a graduate of Eastern Washington University with a Bachelor’s degree in Computer Information Systems focused in the field of cyber security including Network Security and Information Warfare.

 

Register

 

 

 

January 2018 (This meeting is on January 11)

Sponsor: FireEye

Speaker: Terry Boedeker

Title: Battlefield 2018: Insights & Predictions for an Evolving Threat Landscape

BIO: Terry Boedeker is an award-winning, consultative solutions architect and sales engineering manager with a strong technical acumen and over 15 years of success in the high-tech sector. He has a proven ability to mentor and motivate high-performance technical teams and boasts a track record of achievement in delivering reduced costs, increased operational efficiency and delivering effective cybersecurity strategies and controls.

Terry regularly demonstrates strong relationship and team building abilities, is an excellent trainer and a highly-sought orator in the subjects of technology, cybersecurity, geopolitics and data governance.

Register

Lunch is $15 for non members, cash or check only.

December 2017

Sponsor: Trace3

Speaker: Josh McCarthy

BIO:Josh is a security industry veteran with over 15 year’s experience helping enterprises defend against emerging threats. He started with FireEye during their inception and led their engineering team for 8 years through their IPO. He left FireEye to join Crowdstrike to work with strategic accounts, and recently joined Demisto to lead the SE Team.

Title: Hacks for Hacking Attacks: Automate Threat Hunting & Response to Ransomware, Phishing

Abstract: 

Do you spend hours threat hunting and responding to phishing and ransomeware attacks?

Why not save some time and learn a few tips, tricks, and hacks by using Demisto’s interactive playbooks? They are so easy to build, it’s like playing a game. A game that’s fun and easy and more effective than ever to reduce the number of alerts that require human review.

Oh, and they save you tons of time. Literally from hours to minutes. So you can focus more of your time on the big, hairy, scary, and most interesting attacks that need your expert attention.

Attend this luncheon demo to see how easy it is to build a playbook in Demisto. You’ll snap workflows together to automate manual-intensive tasks and see how the product’s machine learning suggestions will help you resolve real-world, complex threats. Product details you’ll see in the demo include:

Threat hunting enrichment playbook,

Phishing playbook, and a

Level 3 interactive investigation using DBot’s machine learning suggestions.

See how you’ll get smarter and more efficient with every incident – as all knowledge acquired is kept within the product for future reference.

Lunch is $15 for non members, cash or check only.

Register

 

 

 

November 2017

Sponsor: Carbon Black

Speaker: Jason Madey

Title: “Evolving your security to defend against modern attacks”

Abstract: We will discuss the impact of the changing threat landscape, issues Administrators are seeing, what is needed today to better defend, and what can be done to mature your response processes.

Lunch is $15 for non members, cash or check only.

Register

October 2017

Sponsor: McAfee

Speaker: Pete Hebner
Pete has over 23 years of expereience in the telecommunications, data communications and Security industry. He has been with McAfee/Intel since 2003 starting as a senior security engineer and moving into the sales engineer manger position over the Western Region.

TitleSecurity Automation

Abstract: Driving the shift from Protection-only to an Integrated Threat Defense Lifecycle reducing business, operational, & financial risks.

Register

Lunch is $15 for non members, cash or check only.

 

September 2017

Sponsor: ForeScout

Speaker: Tony Velada

Title: The Internet of Things is not Coming. It is here!

Abstract: Discover What Your Peers Think about the State of IoT Security.The Internet of Things (IoT) is rapidly expanding the attack surface on corporate networks. Every “agentless” IoT device presents serious risk to the network, as it can serve as a potential attack or reconnaissance point.  How common are IoT devices on enterprise networks? How many unknown IoT devices exist? What are IT staffs doing to secure them? IT professionals responsible for enterprise networks were surveyed regarding their view about the prevalence and security of the Internet of Things (IoT).

Register

Lunch is $15 for non members, cash or check only.

 

February 2017

Sponsor: ASG

Speaker: Jeff Hooper, Systems Engineer at Gemalto (formerly SafeNet)

Topic: Digital Certificates and Key Management.  He will cover new laws requiring key management, give examples of specific breaches and how the solutions helped them recover or prevent the attacks.  

Register

Lunch is $15 for non members, cash or check only.

 

January 2017

Sponsor: Boise ISSA

Moderator: Vince Skinner and Fuli Chavez

Topic: Overcoming the difficulties of implementing effective protections

Register

Lunch is $15 for non members, cash or check only.

December 2016

Sponsor: Boise ISSA

Moderator: Vince Skinner, VP of Security, D.A. Davidson & Boise ISSA President 

Topic: Round Table Discussion. Topics to include: malware protections, incident response, penetration testing, Senior Management Support, and other related topics.

Register

November 2016

Sponsor: Tanium

Topic: Know your environment better than your adversary

Presenter: Jesse Harris, Director of Technical Account Management

Summary: 

  • Assumption of breach. We are existing in a world where the adversary is significantly better equipped than most security teams. Most only know what is supposed to be in the environment, the winning party will know what is actually in the environment
  • Good Hygiene: 99% of breaches come from known vulnerabilities. Seek a source of truth for patching, privileged credentials, autoruns, processes with md5’s, etc.
  • Know the outliers: applications, new files, changed files, 50 writes per second to a drive, etc
  • Script well – VBScript, Python, Powershell, etc.
  • IR at Scale – Basic anatomy of a mimikatz memory credential dump, how’d we get here??
  • Building an IOC for scalability, MD5 (message digest algorithm 5)
  • Our widgets have to play nice, don’t architect in silos, try to have a built in vs bolt on security architecture/strategy
  • There is a light at the end of the tunnel, but we can’t reinvent the wheel. We need to focus on ways to reinvent the road.

Register

 

 

October 2016

Sponsors: RSA & Datashield

Topic: Exposing the Terracotta VPN – Anatomy of an Advanced Campaign

Summary: In August 2015, RSA uncovered details of a massive malware-supported VPN network being used as a launch platform for APT activity, dubbed “Terracotta”.   This malicious service gave nation-state actors a way to obscure their true origin when acting on their objectives by tunneling their activities through VPN nodes silently installed on victim networks across the globe.  This session will explain what Terracotta VPN is, how it works, and how it was ultimately discovered.

Presenter: Sean Ennis, RSA

Sean Ennis is a Principal Systems Engineer at RSA with over 10 years of experience designing and building security solutions for organizations across North America.  With previous tenures at Bell Canada, Cisco (IronPort), and HP (TippingPoint), Sean has been at RSA for the last 5 years, focusing on consulting on the architecture, design, and operations of Security Operations and Critical Incident Response programs

Register

 

September 2016 

Topic: Next-Generation Antivirus: Evolving Your Security to Defend Against Modern Attacks

Summary: 2016 may go down as the year that the sun is finally setting on traditional antivirus. Driven largely by how easily ransomware can bypass traditional defenses, information security has become an issue on every organization’s radar. Enter next-generation antivirus (NGAV) and its promise to provide better protection from modern-day attacks like ransomware and beyond.

 In this session, you’ll learn about the current threat landscape and how NGAV protects against modern attacks. We will also discuss some of the exciting technologies being applied to today’s security problem, including machine learning, behavioral analysis, reputation analysis, and shared threat intelligence. Finally, we’ll share a framework for how to evaluate an NGAV solution for your organization.

Presenter: Sam Brigham, Carbon Black

Sam Brigham – Manager at Carbon Black –  Sam joined the Carbon Black Team by way of the acquisition of Confer. Sam spent two years at Confer and leading efforts in the Central, Mountain & Pacific territories and continues to do so as a member of the Carbon Black Team.  Confer’s NGAV product, named Cb Defense, is part of the industry’s most complete next-generation endpoint security platform, designed to create a world safe from cyber-attacks.

 

April 2016 – Conference Time

The 14th Annual Boise ISSA conference is upon us. Please visit conference.boiseissa.org to register, review the agenda, and read about the speakers.

We look forward to seeing you Thursday April 28th!!

Register

 

February 2016

Topic: Fifty Shades of Risks

Summary: In a day and age when advanced threats and active countermeasures are all the rage, topics such as a risk management may seem boring and pedestrian. However, a mature risk management approach is the bedrock of any effective cyber security program. Reid and Dustin will talk about St. Luke’s journey in establishing and maturing a risk management program.

Presenter: Reid Stephan, CISO, St. Luke’s Health System
Dustin Aldrich, Cyber Security Analyst, St. Luke’s Health System

Mr. Stephan the CISO at St. Luke’s Health System. He has over 16 years of experience in cyber security, including 9 years leading HP’s global corporate IT security incident response program. He has a Bachelor of Management Information Systems from the University of Idaho and an MBA in Technology Management from the University of Phoenix. He is a HealthCare Information Security and Privacy Practitioner (HCISPP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and a Certified Professional in Healthcare Information & Management Systems (CPHIMS). @rtstephan

 Register

 

January 2016

Topic: Continuous Monitoring to decrease your Mean-Time-To-Detect and Mean-Time-To-Respond

Summary: In this presentation I will address why a prevention-centric approach is insufficient and how and why continuous (machine based analytics) monitoring is essential to decreasing an organizations MTTD and MTTR.

Presenter: Dustin Vaughn | Sr Sales Engineer 

Dustin is a dynamic Information Security Professional with 18+ years of experience. Spanning his career, Dustin has demonstrated abilities for working at the design and planning as well as the operational and management level of Information Security. Dustin’s employment experience with companies and organizations such as LogRhythm, Coalfire Systems, CH2M HILL, Alcatel-Lucent, Northrop Grumman, the Department of Homeland Security, as well as the US Air Force has him well versed in both commercial and government information security. In his current position, Dustin is a Sales Engineer with LogRhythm. LogRhythm is a Security Information and Event Management solution that Gartner has identified and placed as a Leader in the SIEM Magic Quadrant for multiple year. Dustin currently holds & maintains multiple GIAC certifications and has been a CISSP since 2005. In addition, Dustin enjoys working as a SANS Mentor instructor because it gives him the opportunity to combine his passions for Information Security and teaching, while working with fellow security practitioners. 

Register

 

December 2015

Topic: Last Call for Attackers – You Don’t Have to Go Home, But You Can’t Stay Here

Summary:

It’s no secret that most targeted organizations are compromised for months or years before they discover for themselves, or are notified by an outside party, that an intrusion has occurred. But once the lights go on, how long should it take to kick out the bad guys?

These attackers are constantly evolving their TTPs using strategies to circumvent common defenses such as IDS/IPS, whitelisting solutions, DLP, and two-factor authentication VPN solutions. To make matters worse, they usually hide in plain site, using legitimate credentials.

The CrowdStrike remediation team has developed strategies to combat these adversaries and will share some of those countermoves in this session.  We’ll discuss real word cases we’ve recently worked and show you the defensive strategies we used to counter Bears and Pandas and Kittens in the wild.

Presenter: Christopher Scott

Director CrowdStrike Services
twitter: NetOpsGuru

Christopher Scott has over 15 years experience working with the Department of Defense and Fortune 500, and Defense Industrial Base companies to develop business and network security processes and procedures.  He has particular expertise in targeted threat detection and prevention.   As a Director at CrowdStrike Services, Christopher specializes in developing and implementing remediation plans for clients.  In addition, he supports a variety of other engagements including conducting security reviews, leading incident response teams, performing insider threat analysis and engineering threat detection systems, business continuity and disaster recovery processes. Christopher has presented several times to peers at closed-session DoD and DIB conferences. He frequently collaborates on techniques and processes to detect some of the most advanced targeted attacks companies face today.

 Register

 

November 2015

Topic: Splunking for Endpoint Security

Summary:

The front line in cybersecurity is the endpoint (and users).  In this talk I will be discussing methods often used as attack vectors and how to detect them using Splunk.  Learn how to improve your organization’s security posture by Splunking filesystem details, processes, services, hashes, ports, registry settings and more.

Presenter: Randy Trobock

Randy Trobock is a professional services security consultant for Splunk with 6+ years in IT and security fields. He currently holds CISSP, CEH, SSCP certifications, has security consultant experience in several industries including energy/utilities, retail, insurance, education, and finance. He likes to drink expensive scotch and owns many leather bound books. 

Register Here

 

October 2015

Topic: Network Visibility in the Next Generation Software Defined Data Center

Summary:

Arista Networks, an established leader in software driven cloud networking, is partnering closely with VMware to deliver the industry’s first scalable, best-of-breed solution for network virtualization in the data center. Arista and VMware’s vision leverages core data center virtualization technologies to transform data center economics and business agility. Their approach of automation and non-disruptive deployment embraces and extends existing infrastructure investments.

Arista also has developed joint solutions with partners like Palo Alto Networks to provide enhanced visibility and security solutions in the software defined data center. This integration provides a more scalable solution for virtual security appliances.

This session will walk you through some of the unique capabilities of these joint solutions. Additionally, the session will cover using Tap Aggregation devices to increase the visibility of your network while decreasing cost all while network speeds move from 1Gbps to 10G/40G/100G.

Presenter: Josh Frank

Josh Frank is a Systems Engineer with 8+ years experience in selling into major service providers and enterprise networks, as well as 8 years experience prior to that testing multi-vendor switching and routing architectures at a major Service Provider. He specializes in the architecture and implementation of a wide variety of network designs including Data Center and WAN solutions.

September 2015

Topic: The evolution of security, the evolving threat landscape and strategies for effective, security, compliance and risk management

Summary:

Dell SecureWorks understands cybersecurity is a critical focus for organizations, and technology alone cannot address the risks posed by cyberthreats. We combine elite intelligence and trusted security expertise, helping organizations solve complex security challenges, strengthen their security postures and reduce risk in the face of a dynamic threat landscape. Intelligence practices developed by our security experts enable a security resiliency methodology, ensuring you see the threat, thwart cyber-attacks and recover faster from security breaches.

Presenter: Paul Webb

Paul Webb is Security Specialist with Dell SecureWorks. For the past 17 years, Paul has supported his clients across a variety of sectors to meet their needs in the areas of IT security controls and related consulting services including, but not limited to: Security strategy, information security, network security, IT risk management, IT compliance (e.g. PCI, GLBA, HIPAA, CJIS), vulnerability testing, penetration testing, technical controls sourcing and implementation and managed security services.

May 2015

The 13th Annual Boise ISSA conference is upon us. Please visit conference.boiseissa.org to register, review the agenda, and read about the speakers.

We look forward to seeing you Thursday May 14th!

 

 

April 2015

We are trying to create a great InfoSec conference in May so there will not be a meeting for April.

Look forward to see you all in May!

 

 

March 5, 2015

March- Supported by ISSA

Topic: Microsoft EMET, a view from the trenches

Speaker: Branden Carter, Idaho Transportation Department

Branden is an IT Security Analyst with the Idaho Transportation department, an agency with 1600 employees and part of the larger Idaho state executive branch. He has worked there for 9 years, and has been in the CyberSecurity office since 2012. Previous to that he had a brief stint as a server administrator at ITD, spent a year as an IT Systems Administrator for an aquaculture company (where he had the unique opportunity to eat caviar that he could never afford otherwise), and before that again at ITD where he cut his teeth as a packet herder (Network Analyst) and spent some time as an intern doing desktop support. He has an Associates of Applied Science and Bachelors of Applied Science in Computer Network Technology from BSU. He has a SANS GSEC certification and a hopefully-soon-to-be-renewed Cisco CCNA.

 

Location Monthly meetings are held from 11:30 AM to 1:00 PM MST at the StoneHouse, unless otherwise stated: 665 Park Boulevard  Boise, ID 83712  The StoneHouse is located at 665 Park Blvd., next to the Ram, near the intersection of Broadway Ave. and Park Blvd.

 

Register

 

February – Supported by Fortinet

Title: Mitigating Network Borders: Balancing User Wants, Business Needs, and Security Requirements. Many companies find themselves in a position where balancing wants, needs, and requirements ends up compromising security in ways that leave them vulnerable to current threats. However, by digging deeper into the packets and the communications they comprise it’s possible to not only increase security, but fulfill business needs and user desires.

Speaker: Brian McLean
Bio: 14 year Sales Engineering veteran, most of those years spent in Layer 7 Firewalling. I have a background in Electrical Engineering, and have been involved in technology since the time that choosing between an 386SX and 386DX was a thing.

Location Monthly meetings are held from 11:30 AM to 1:00 PM MST at the StoneHouse, unless otherwise stated: 665 Park Boulevard Boise, ID 83712 The StoneHouse is located at 665 Park Blvd., next to the Ram, near the intersection of Broadway Ave. and Park Blvd.

Register

 

 

Supported by Right Systems

Speaker:Jordan Elbaum

Location Monthly meetings are held from 11:30 AM to 1:00 PM MST at the StoneHouse, unless otherwise stated: 665 Park Boulevard  Boise, ID 83712  The StoneHouse is located at 665 Park Blvd., next to the Ram, near the intersection of Broadway Ave. and Park Blvd.

 

Supported by Boise ISSA  – Holiday Mixer

Overview Bridging the Gap – Audit and Security

Speaker: Dan DeCloss – Sr. Security Consultant

Date: December 5th, 2013

 

 

Supported by Imperva

Overview The presentation will show brute force, privilege escalation, and exploit vulnerabilities in common content management systems.  The presentation will also show the commoditization of targets and that everyone is a potential target.

Speaker:Mike Sanders

Date:November 7th, 2013

 

Supported by RSA-EMC

Overview RSA-EMC will be presenting on SOC design/NextGen SOC(Security Operations Center). “The Art of Building a Next Generation Security Operations Center”

Speaker:Aaron B. Card – Aaron Card is a Practice Lead for the worldwide Advanced Cyber Defense Services Practice. In this capacity Aaron is responsible for overall professional services engagement for Global Incident Response/Discovery (IR/D), breach readiness, remediation, SOC/CIRC redesign and proactive computer network defense. Prior to RSA,  Aaron was a lead security engineer for the Mitre Corporation and earlier, led enterprise-wide cyber security incident response operations for the Raytheon Company .

Dat:October 3rd, 2013

Location Monthly meetings are held from 11:30 AM to 1:00 PM MST at the StoneHouse, unless otherwise stated: 665 Park Boulevard Boise, ID 83712 The StoneHouse is located at 665 Park Blvd., next to the Ram, near the intersection of Broadway Ave. and Park Blvd.

Register for the October Meeting

 

 

Supported by FireEye

Overview & Abstract FireEye will present on Advanced malware, zero-day and targeted APT attacks. This is the new status quo.

IMF, Citibank, RSA, Sony, Epsilon, Lockheed and many others have been attacked. In fact, over 95% of enterprises are easily compromised as advanced attacks simply bypass traditional signature-based defenses such as NGFW, IPS, AV and Web gateways. The security hole is real and it is pervasive Don’t be the next headline. Learn how to protect yourself .

The presentation will cover:

  • The new threat landscape – advanced, zero-day and targeted APT attacks
  • How advanced attacks easily bypass your current security
  • The hole left open by traditional signature-based technologies
  • Plugging the security hole
  • Next generation security for next generation threats

Speaker: Jason Gael, Senior Security Systems Engineer, is focused on educating customers to better protect themselves from modern malware, such as advanced persistent threats, spear–phishing attacks, and drive–by downloads. Jason has worked in security and software related industries for 20 years. He is currently Channel Systems Engineering Manager – US with FireEye Inc, a security company based in Milpitas, CA. Previous to FireEye, Jason held Senior roles at Websense, Catbird, Surfcontrol, Lightsurf, Magnifi, Santa Cruz Operation (SCO), and Borland. Jason lives in Santa Cruz, California where he enjoys sailing, skateboarding with his son, and world–class disc–golfing.

Location Monthly meetings are held from 11:30 AM to 1:00 PM MST at the StoneHouse, unless otherwise stated: 665 Park Boulevard  Boise, ID 83712  The StoneHouse is located at 665 Park Blvd., next to the Ram, near the intersection of Broadway Ave. and Park Blvd.

 

 

 

 

February – Fortinet

 

 

 

May 1st, 2014

12 Annual Boise ISSA Infosec Conference

Location: Boise State University