Thursday, November 8, 2018

First  Presentation:  Fidelis Overview

Speaker: TBD

Abstract: An overview of Fidelis

Second Presentation: Threat Intelligence Applied

Speaker: Danny Pickens, Director of Threat Research, Fidelis Cybersecurity

Abstract: Threat Intelligence Applied shows how intelligence doctrine can be used in cyber defense operations. Using a few real-world examples, attendees will see how they can incorporate a doctrinal approach to applying threat intelligence for decision advantage in defense and testing scenarios.

  • Threat Model Framework
  • Intelligence Defined
  • Intelligence Cycle and Processes
  • Threat Actor Identification
  • TTPs and COAs


Thursday, October 11, 2018

First Presentation: Demystifying proactive threat hunting – What is threat hunting?

Speaker: Brian Gittinger, Senior Sales Engineer, Endgame

Abstract: Threat hunting is the process of actively looking for signs of malicious activity within enterprise networks without prior knowledge of those signs. It is a proactive approach to uncovering bad actors before they can steal your data or disrupt your business. Endgame’s hunt expert Brian Gittinger will be presenting on a practitioners guide to threat hunting for analysts who want to begin hunting today. This presentation provides analysts with hands-on tips on how to start hunting for techniques across the MITRE ATT&CK matrix.

* Basics of standing up a threat hunting operation

* What skills, data + tools are useful for reaching success

* Can I do this with the staff I have? What about external consulting services?

* Advanced Hunting: Evolving the threat hunting program


Second Presentation: IoT – Exploring the Threat Surface

Speaker: Jason Ortiz, Senior Integration Engineer, Pondurance

Abstract: The internet of things is now a household term and technologists have come to grips with the fact that there will be billions of non traditional devices connecting to the internet in the coming years. These devices will produce petabytes of data and require more and more advancements in infrastructure. The simplicity, ubiquity, availability and relatively low cost of these devices along with the unprecedented size of their network creates an enormous new threat surface. We are going to explore that threat surface with special emphasis on implementing security on the edge for these devices.


Thursday, September 13, 2018

First  Presentation: Security Hygiene:  Putting out fires before they start

Speaker: Jim Wojno, Tanium

Abstract: In security we obsess about vulns, exploits and attacks with headline grabbing names like Petya / Nyetya, WannaCry, Eternal Blue, or Meltdown / Spectre and not enough on the fundamentals. Sexy technospeak marketing names dominate a field where dozens of companies compete to sell you the latest Silver Bullet One-Size-Fits-All miracle cure widget. This tabloid-esque fixation with style over substance creates a “Shiny Object Effect” that produces little long term value and burns precious resources better used on a Back to Basics approach. This talk will discuss the benefits of a fundamental security hygiene program both from a technology and a business perspective as well as provide attendees with practical advice on how to improve their own operations using tools you probably already own. Examples discussed will highlight how Blue Team members can become a force multiplier through a return to basics and security 101 and how a focus on the basics can pay higher dividends than the latest glitzy next-gen widget.

Second Presentation: Cosplay for RFID, Deception in plain sight

Speaker: Rich Rumble, Security Samurai

Abstract: We had a wacky idea, take the concept of an ATM skimmer, and apply it to the RFID badge readers. That simple concept, proved effective, too effective. What would the employees’ notice? Do they even know who to contact if they did get wise to the skimmer? What else could be done with physical access to the outside of a building?  Could we get users to willingly give us their data, and their badge? Yes, yes we could. How can we empower the employees to catch us?  We had a lot of fun with this, too much. We had a much harder time in educating and
preventing the success of such an attack. As with all Social-Engineering exercises, you walk a fine ethics line, I will share the dilemmas and issues that arose from these exercises.

Thursday, August 9, 2018

First  Presentation: Security Leadership Tabletop

Speaker: David Sims – CI-ISSA Board Member

Abstract: These leadership tabletop exercises are custom designed to provide excellent learning and observation opportunities. During this session we will explore:
– Storming, Norming and Performing
– Integrity models
– System Thinking

Thursday, July 12, 2018

First  Presentation: FBI Overview and Cyber Investigations

Speaker: J. Douglas Kouns “Doug” + Brett Baughman

Abstract: A brief overview of the Indianapolis Division FBI and a brief history of cybercrime and investigations from the perspective of presenters 23-year career. Segues into a more specific focus on current cyber investigations, trends, and issues. Any remaining time left for questions and discussion. The presentation will be supplemented by SA Bret Baughman a newer employee with a stronger background in IT and assigned specifically to the Cyber Investigation Squad.

Thursday, May 10, 2018

First  Presentation: Unite Data Privacy with Security to Reduce Risk & Liability

Speaker: Adam Rubenstein, Compliance Specialist, Carbon Black

Abstract: As the impending EU General Data Protection Regulation (GDPR) goes into effect in May, organizations will need to have their data privacy program in place to reduce risk. How do organizations go about measuring and managing cyber risk associated with privacy data loss and compliance regulations? This talk will address how organizations can identify and manage the risk around their customer data for privacy concerns, the controls that impact privacy and are required by a compliance program and how to develop a plan to manage risk at the control level to incur the least risk for a company.  There are 4 main ways to help you filter out the noise and simplify your GDPR process:

Understand your data
Monitor and Control Data Access
Access Data Security Controls
Data Protection Impact Assessments

Ultimately this talk is trying to answer, why, even the most sophisticated security teams, using the best technology and following some of the strictest regulatory mandates still have gaps in their security strategy around protecting personal identifiable information and the impact GDPR will have on these organizations.

Second Presentation: Ransomware: The Anatomy of Paying the Ransom

Speaker: Mike Weber, VP, Coalfire Labs

Abstract: This presentation is an overview of how to respond when a company is the victim of a ransomware attack. The talk will discuss how to deal with hackers ransoming valuable company information. Attendees will learn how hackers respond when companies choose to comply with demands or refuse to pay. Weber will also discuss how companies obtain cryptocurrency, what delays are to be expected, and if companies can expect to see their customers’ compromised data again. This talk includes description of real events encountered working with companies faced with no other option.

Thursday, April 12, 2018

First  Presentation: Advancing without a traditional security perimeter – the new reality of network security

Speaker: Todd Harcourt, Sr. Systems Engineer – Zscaler Private Access

Abstract: IT has struggled mightily the past couple of decades to ensure trusted access to business assets on the enterprise network. It’s been a mostly futile battle as criminals and insiders have learned how to leverage that trust to gain virtually unfettered access inside the network.  As the business network proliferates outside the security perimeter to encompass the internet and cloud services, it’s time to turn from trusted network access, to verified services consumption. Many IT organizations have relied on virtual private networks (VPN) and network access control (NAC) to give “trusted users” virtually unfettered access to enterprise network resources. As we’ve seen with innumerable network breaches, outside interlopers can exploit that trust factor to gain access, while insiders find cracks in defenses that allow them to tap into enterprise assets they have no rights to.  The security model of the cloud era must focus on verified identity of users, their devices, and their roles. In this manner, a verified user only gains access to the application services for which he or she has been authorized. Unless such users have been granted these rights to an application or service, they will never be able to “see it” by navigating the network – this essentially forms a “dark network” that cannot be exploited. In adopting this model, we can focus on the techniques to verify users, whether they are inside or outside the network.

Bio: LinkedIn Profile

Second Presentation: Security Awareness Training

Speaker: Tim O’Connor, Cybersecurity Liaison, Cadre Information Systems

Abstract: What is Security Awareness, is there a benefit and if so to whom? What differentiates effective Security Awareness? How is Security Awareness different for C-level employees, verses information workers and IT professionals? Time permitting: Discussion on promoting a positive SA posture in
various kinds of organizations.

Bio: LinkedIn Profile

Thursday, March 8, 2018

First  Presentation: Privilege Account Management: A Sprint Approach

Speaker: TJ Adams, District Manager, CyberArk

Abstract: The session will cover best practices for the management of privileged accounts and why managing these credentials is a critical aspect in any layered security strategy. Finally, I will offer a sprint methodology for quickly reducing the risk of privilege misuse in an environment.

Second Presentation: Looking Under the Rock: Deployment Strategies for TLS Decryption

Speaker: Chris Farrell, Sr. Information Security Architect, Navient

Abstract: Attackers can freely exfiltrate confidential information all while under the guise of ordinary web traffic. A remedy for businesses concerned about these risks is to decrypt the communication to inspect the traffic, then block it if it presents a risk to the organization. However, these solutions can be challenging to implement. Existing infrastructure, privacy and legal concerns, latency, and differing monitoring tool requirements are a few of the
obstacles facing organizations wishing to monitor encrypted traffic. TLS decryption projects can be successful with proper scope definition, an understanding of the architectural challenges presented by decryption, and the options available for overcoming those obstacles.


Thursday, February 8, 2018

Primary Presentation: Foundations of Cyber Threat Intelligence

Speaker: A.J. Nash, Manager, Intelligence Services, Symantec

Abstract: In today’s highly interconnected world the threats posed in cyberspace are always evolving and expanding. Cyber criminals steal and sell personal information, compromise bank accounts,and hold networks hostage for ransom on a daily basis. Nation-state actors have stolen billions of dollars in intellectual property, remaining difficult to identify and even harder to deter. Hacktivists employ botnets to conduct distributed denial of service (DDoS) attacks that cripple corporate websites. Protecting against all of these threats requires a systematic approach that makes existing defenses smarter while maturing our overall defensive posture from reactive to proactive. That’s the value of cyber threat intelligence. My talk will explain the foundations of cyber threat intelligence, including differences between data, information, and intelligence, analytic standards and tradecraft, the intelligence cycle, and how to operationalize threat intelligence to improve an organization’s cybersecurity posture. Additionally, there will be a question and answer session where I will gladly discuss how to get started in threat intelligence, how to improve an existing intelligence program, or just about anything else I can help with.