Topic: Fifty Shades of Risks
Summary: In a day and age when advanced threats and active countermeasures are all the rage, topics such as a risk management may seem boring and pedestrian. However, a mature risk management approach is the bedrock of any effective cyber security program. Reid and Dustin will talk about St. Luke’s journey in establishing and maturing a risk management program.
Presenter: Reid Stephan, CISO, St. Luke’s Health System
Dustin Aldrich, Cyber Security Analyst, St. Luke’s Health System
Mr. Stephan the CISO at St. Luke’s Health System. He has over 16 years of experience in cyber security, including 9 years leading HP’s global corporate IT security incident response program. He has a Bachelor of Management Information Systems from the University of Idaho and an MBA in Technology Management from the University of Phoenix. He is a HealthCare Information Security and Privacy Practitioner (HCISPP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and a Certified Professional in Healthcare Information & Management Systems (CPHIMS). @rtstephan
Topic: Continuous Monitoring to decrease your Mean-Time-To-Detect and Mean-Time-To-Respond
Summary: In this presentation I will address why a prevention-centric approach is insufficient and how and why continuous (machine based analytics) monitoring is essential to decreasing an organizations MTTD and MTTR.
Presenter: Dustin Vaughn | Sr Sales Engineer
Dustin is a dynamic Information Security Professional with 18+ years of experience. Spanning his career, Dustin has demonstrated abilities for working at the design and planning as well as the operational and management level of Information Security. Dustin’s employment experience with companies and organizations such as LogRhythm, Coalfire Systems, CH2M HILL, Alcatel-Lucent, Northrop Grumman, the Department of Homeland Security, as well as the US Air Force has him well versed in both commercial and government information security. In his current position, Dustin is a Sales Engineer with LogRhythm. LogRhythm is a Security Information and Event Management solution that Gartner has identified and placed as a Leader in the SIEM Magic Quadrant for multiple year. Dustin currently holds & maintains multiple GIAC certifications and has been a CISSP since 2005. In addition, Dustin enjoys working as a SANS Mentor instructor because it gives him the opportunity to combine his passions for Information Security and teaching, while working with fellow security practitioners.
Topic: Last Call for Attackers – You Don’t Have to Go Home, But You Can’t Stay Here
It’s no secret that most targeted organizations are compromised for months or years before they discover for themselves, or are notified by an outside party, that an intrusion has occurred. But once the lights go on, how long should it take to kick out the bad guys?
These attackers are constantly evolving their TTPs using strategies to circumvent common defenses such as IDS/IPS, whitelisting solutions, DLP, and two-factor authentication VPN solutions. To make matters worse, they usually hide in plain site, using legitimate credentials.
The CrowdStrike remediation team has developed strategies to combat these adversaries and will share some of those countermoves in this session. We’ll discuss real word cases we’ve recently worked and show you the defensive strategies we used to counter Bears and Pandas and Kittens in the wild.
Presenter: Christopher Scott
Director CrowdStrike Services
Christopher Scott has over 15 years experience working with the Department of Defense and Fortune 500, and Defense Industrial Base companies to develop business and network security processes and procedures. He has particular expertise in targeted threat detection and prevention. As a Director at CrowdStrike Services, Christopher specializes in developing and implementing remediation plans for clients. In addition, he supports a variety of other engagements including conducting security reviews, leading incident response teams, performing insider threat analysis and engineering threat detection systems, business continuity and disaster recovery processes. Christopher has presented several times to peers at closed-session DoD and DIB conferences. He frequently collaborates on techniques and processes to detect some of the most advanced targeted attacks companies face today.
Topic: Splunking for Endpoint Security
The front line in cybersecurity is the endpoint (and users). In this talk I will be discussing methods often used as attack vectors and how to detect them using Splunk. Learn how to improve your organization’s security posture by Splunking filesystem details, processes, services, hashes, ports, registry settings and more.
Presenter: Randy Trobock
Randy Trobock is a professional services security consultant for Splunk with 6+ years in IT and security fields. He currently holds CISSP, CEH, SSCP certifications, has security consultant experience in several industries including energy/utilities, retail, insurance, education, and finance. He likes to drink expensive scotch and owns many leather bound books.
Topic: Network Visibility in the Next Generation Software Defined Data Center
Arista Networks, an established leader in software driven cloud networking, is partnering closely with VMware to deliver the industry’s first scalable, best-of-breed solution for network virtualization in the data center. Arista and VMware’s vision leverages core data center virtualization technologies to transform data center economics and business agility. Their approach of automation and non-disruptive deployment embraces and extends existing infrastructure investments.
Arista also has developed joint solutions with partners like Palo Alto Networks to provide enhanced visibility and security solutions in the software defined data center. This integration provides a more scalable solution for virtual security appliances.
This session will walk you through some of the unique capabilities of these joint solutions. Additionally, the session will cover using Tap Aggregation devices to increase the visibility of your network while decreasing cost all while network speeds move from 1Gbps to 10G/40G/100G.
Presenter: Josh Frank
Josh Frank is a Systems Engineer with 8+ years experience in selling into major service providers and enterprise networks, as well as 8 years experience prior to that testing multi-vendor switching and routing architectures at a major Service Provider. He specializes in the architecture and implementation of a wide variety of network designs including Data Center and WAN solutions.
Topic: The evolution of security, the evolving threat landscape and strategies for effective, security, compliance and risk management
Dell SecureWorks understands cybersecurity is a critical focus for organizations, and technology alone cannot address the risks posed by cyberthreats. We combine elite intelligence and trusted security expertise, helping organizations solve complex security challenges, strengthen their security postures and reduce risk in the face of a dynamic threat landscape. Intelligence practices developed by our security experts enable a security resiliency methodology, ensuring you see the threat, thwart cyber-attacks and recover faster from security breaches.
Presenter: Paul Webb
Paul Webb is Security Specialist with Dell SecureWorks. For the past 17 years, Paul has supported his clients across a variety of sectors to meet their needs in the areas of IT security controls and related consulting services including, but not limited to: Security strategy, information security, network security, IT risk management, IT compliance (e.g. PCI, GLBA, HIPAA, CJIS), vulnerability testing, penetration testing, technical controls sourcing and implementation and managed security services.
We are waiting to get the slide deck from Dell, we will post it here and email it out when available.
The 13th Annual Boise ISSA conference is upon us. Please visit conference.boiseissa.org to register, review the agenda, and read about the speakers.
We look forward to seeing you Thursday May 14th!
We are trying to create a great InfoSec conference in May so there will not be a meeting for April.
Please register for the conference here. We look forward to seeing you all in May!
Supported by Boise ISSA
Topic: Microsoft EMET, a view from the trenches
Speaker: Branden Carter, Idaho Transportation Department
Branden is an IT Security Analyst with the Idaho Transportation department, an agency with 1600 employees and part of the larger Idaho state executive branch. He has worked there for 9 years, and has been in the CyberSecurity office since 2012. Previous to that he had a brief stint as a server administrator at ITD, spent a year as an IT Systems Administrator for an aquaculture company (where he had the unique opportunity to eat caviar that he could never afford otherwise), and before that again at ITD where he cut his teeth as a packet herder (Network Analyst) and spent some time as an intern doing desktop support. He has an Associates of Applied Science and Bachelors of Applied Science in Computer Network Technology from BSU. He has a SANS GSEC certification and a hopefully-soon-to-be-renewed Cisco CCNA.
Microsoft EMET – March 2015 ISSA Presentation – Branden Carter
Location Monthly meetings are held from 11:30 AM to 1:00 PM MST at the StoneHouse, unless otherwise stated: 665 Park Boulevard Boise, ID 83712 The StoneHouse is located at 665 Park Blvd., next to the Ram, near the intersection of Broadway Ave. and Park Blvd.