Thursday, March 12, 2020
First Presentation: Datinglover and Me: A platonic look into the private data of others
Speaker: Brian Carter, Anthem
A lot can be learned from the data that is collected by infostealer malware. This presentation covers findings from one million stealer logs that have been helpful at identifying criminals, sandboxes, researchers, and Chinese fentanyl distributors.
Second Presentation: An Introduction to Infrastructure as Code
Speaker: Fred Zanto
With more organizations adopting a DevOps mindset, it is becoming important for Operations and Security to adapt to modern practices. Infrastructure as Code can help teams enable Continuous Delivery while controlling environment sprawl and direct access to Cloud resources. We will talk about what IaC is, how it can benefit Ops and Security in DevOps, and see examples using Terraform by HashiCorp.
Thursday, February 13, 2020
First Presentation: Current Trends in NIST Digital Identity & MFA
Speaker: Michael Vance, Navient
Abstract: NIST 800-63-3 has been out for two and a half years, but some of the most important shifts in thinking about authentication and other aspects of digital identity that it introduces are just now beginning to get traction. We will discuss the key concepts of NIST 800-63-3, and where current authentication methods fit into the new digital identity model.
Second Presentation: Eleven Fifty Cybersecurity Overview
Speaker: Dewand Neely, Eleven Fifty Academy
Abstract: Overview of Eleven Fifty Academy. It’s mission, vision, and ways to level up your cybersecurity training.
Thursday, January 8, 2020
As tensions with Iran escalates there is a growing concern on how increased geopolitical tensions and threats of aggression might affect our businesses.
Today, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), released a document to help companies consider and prepare for possible retaliatory cyber and physical attacks. Knowing how you may be exposed or targeted will help you to be better prepared to act, collaborate, and report.
Join us this Thursday for an open discussion on the Iran and Cybersecurity consequences, likely threat scenarios, how this might impact our companies, and how we should prepare to protect our personnel and businesses.
Thursday, November 12, 2019
First Presentation: Privacy Primer for Security Admins
Speaker: Nick Merker, Partner at Ice Miller, LLP
Second Presentation: Reclaiming your Digital Privacy
Speaker: Chris Collins, Former FBI SA and current Cybersecurity Professional
Thursday, October 10, 2019
First Presentation: Wanted: Bugs – Dead or Alive
Speaker: Curtis Brazzell, Principal Security Consultant, Pondurance
Abstract: Depending on the security maturity level of your organization, you have some options when it comes to squashing bugs. Maybe your security posture is hardened and you’re ready to participate in a bug bounty program or red team assessment. Perhaps you’re just getting started and need to begin with vulnerability scans or penetration testing first. Wherever you are, there are options you have to continue strengthening that posture and we’ll discuss the pros and cons of each. The end goal is the same either way, we want to exterminate these bugs before an adversary can use them against you!
Second Presentation: Reverse Engineering Malware
Speaker: Rushahb “Rush” Vyas, Security Analyst, Pondurance
Abstract: This presentation will discuss the basics of malware analysis. Then we’ll discuss whether you always need it and if you do, how you can reduce the time spent doing it. We will also discuss the benefits of doing malware analysis (+ some OSINT) during an incident response scenario and how to use data obtained from the analysis to aid in your incident response efforts.
Thursday, July 11, 2019
First Presentation: Encrypted Things – Network Detection and Response in an Encrypted World
Speaker: TJ Biehle, Gigamon
Abstract: There has been tremendous growth in the percentage of network traffic that is encrypted over the last decade. With this comes many challenges for incident responders. Decrypting the traffic is often hard, if not impossible. The rise in encrypted traffic has undoubtedly increased privacy for users but we know that threat actors take advantage of it as well. As network defenders our visibility is impacted, and traditional network monitoring detection will not always work.
In this talk we will discuss the problem of encrypted traffic as it pertains to network detection and response, educate you on new developments in SSL/TLS, and demonstrate how you can still hunt for and detect badness in encrypted traffic. This talk will be relevant to junior analysts all the way up to senior analysts at mature SOCs.
Second Presentation: Securing Cloud and DevOps Systems
Speaker: David Sims, Anthem
Abstract: This is a primer for Security and Privacy professionals on the topic of Cloud and Development Operations activities. It touches the broad history, financial argument for and provides delimitation and understanding of topics that are frequently misstated and grouped together within Information Technology Operations.
Thursday, June 13, 2019
First Presentation: Zero to Owned in 1-Hour: Securing Privilege In Cloud and DevOps Workflows
Speaker: Alex Flores, Principal Solutions Engineer – CyberArk Software, Inc.
Abstract: In this session, we’ll look at a decade of environment evolution and share a few war stories/fails. Most importantly, we’ll discuss tips to help reduce the attack surface by securing privileged organic and inorganic secrets that allow access into Cloud environments as well as ones that are used by orchestration, automation and CI/CD supporting pipelines.
Second Presentation: Take your Incident Response Tabletop to the next level
Speaker: Aaron West, Consulting Director at Reveal Risk
Abstract: The term “tabletop” is commonly used in the information security world, but it’s not formally defined so approaches vary widely. This presentation is designed to help bring the industry closer to a standard terminology and purpose for tabletops within the information security community.
Thursday, May 9, 2019
First Presentation: Evaluating and Managing threat models for Business and Digital Transformation
Speaker: James Robinson – Deputy, CISO at Netskope
Abstract: Business Transformation brings many opportunities and challenges which we as practitioners are not ready for and transitioning from the office of no to know does not meet the challenge. In this session, we will evaluate new threat models developed for cloud security, data sciences, and the evolution of traditional threats with these new businesses enabling technologies.
Second Presentation: Third-Party Vendor Management
Speaker: Siddharth “Sid” Bose is an attorney in Ice Miller’s Data Security and Privacy Practice, and a current board member of the CI-ISSA
Abstract: Working with vendors is essential for every academic institution. However, the same vendors relied on by institutions can quickly become their greatest cyber threat. Vendors may have access to critical and sensitive data, or may be integral to the day-to-day operations of your institution. This presentation will discuss the various challenges and practice aids in drafting vendor agreements, performing due diligence on vendors, and on various areas of concern including: data confidentiality, risk identification and assessment, information security standards, data breach response and notification, privacy concerns, downstream obligations (e.g. subcontractors), risk mitigation and transfer, and data destruction.
|Thursday, April 11, 2019
First Presentation: The fun way to learn PKI Encryption and Authentication!
Speaker: Tim O’Connor – Manager of Knowledge Services (vCISO) at Cadre Information Security.
Abstract: A fun interactive role playing session to learn about PKI. Many people in IT, even those the use PKI components daily don’t understand how the overall PKI architecture works. This fun interaction lecture will remedy that!
|Thursday, March 14, 2019
First Presentation: First Came the Hackers, Then Came the Lawyers: Responding to Litigation and Enforcement Actions Following a Data Breach
Speaker: Doug Swetnam, Office of the Indiana Attorney General
The Indiana Attorney General’s Office is committed to enforcing Indiana’s Disclosure of Security Breach law to better protect Hoosiers from identity theft. This law requires Indiana businesses inform their customers about security breaches that have placed their personal information in jeopardy. As many of our members know, security breaches involving your personal information – also referred to as data breaches – can create a significant risk of fraud or identity theft if the information is acquired by the wrong person.
This session will feature Doug Swetnam, Section Chief of the Data Privacy & Identity Theft Unit in the Office of Indiana Attorney General, and Stephen Reynolds, co-chair of Ice Miller’s Data Security and Privacy Group. The speakers will cover incident response considerations for security professionals in view of future regulatory and litigation concerns, how to work with regulators investigating a breach, and how to handle data breach litigation.
|Thursday, February 21, 2019
First Presentation: Threat Intel, Something For Everyone
Speaker: Christian Nicholson
Abstract: : This talk will discuss some of the basic principles of threat intelligence, and touch on how you can get started with a threat intel program of your own. We will then dive into the main focus of this talk, operationalizing the data via automation and a centralized platform of your choosing. This talk will make use of some free and commercial tools, and offer up some alternative options in the commercial and open source space that allow you to achieve the same goal. We will talk about the pros and cons of a few architecture variations, and most importantly how to use this solution to maximize your return on investment into the threat intel program, and minimize the amount of analyst hours needed to gather data to reach an incident close. Half this talk will be spent on the big “So Whats”, what does it cost, and what does it get me, alongside the basic input and outputs for a typical organization. We will also touch on who is the right consumer of this information, and to what degree, before diving in to a scenario in which the intelligence is leveraged, and show the difference between having and not having it.
email@example.com via email
https://indelible.global (company website)
@GuardianCosmos on Twitter
Speaker: Christian Nicholson
Abstract: This talk is an expansion on the original talk given at BSidesLV 2016, We touch on the original topic of six degrees to domain admin, and then take it a step further. Many focus on the offensive uses for BloodhoundAD, but what about the defensive uses? This talk aims to answer that question, and provide a brief list of usecases that are suitable for both red teamers and pentesters, as well as blue team forensicators and incident responders. We also talk about the ups and downs of the current tools iteration, how we can overcome them, and how we can build the tool into our processes to leverage the data for automation.
firstname.lastname@example.org via email
https://indelible.global (company website)
@GuardianCosmos on Twitter
Thursday, January 10, 2019
First Presentation: Relevant Risks to Fortune 1000
Speaker: Christopher Collins (formerly at the FBI), KAR Auctions
Second Presentation: The role of cyber insurance in security and risk management
Speaker: Nick Reuhs, Partner, IceMiller
Abstract: In this session, we will survey the spectrum of cyber insurance products and outlining what events these products are (and are not) intended to cover. We will also discuss underwriting problems and how these underwriting problems are causing insurers to increasingly dictate security practices and behavior. Finally, we will discuss the future of cyber-liability insurance and how a major event could shift the markets focus or even lead to government intervention.
Thursday, November 8, 2018
First Presentation: Fidelis Overview
Abstract: An overview of Fidelis
Second Presentation: Threat Intelligence Applied
Speaker: Danny Pickens, Director of Threat Research, Fidelis Cybersecurity
Abstract: Threat Intelligence Applied shows how intelligence doctrine can be used in cyber defense operations. Using a few real-world examples, attendees will see how they can incorporate a doctrinal approach to applying threat intelligence for decision advantage in defense and testing scenarios.
|Thursday, October 11, 2018
First Presentation: Demystifying proactive threat hunting – What is threat hunting?
Speaker: Brian Gittinger, Senior Sales Engineer, Endgame
Abstract: Threat hunting is the process of actively looking for signs of malicious activity within enterprise networks without prior knowledge of those signs. It is a proactive approach to uncovering bad actors before they can steal your data or disrupt your business. Endgame’s hunt expert Brian Gittinger will be presenting on a practitioners guide to threat hunting for analysts who want to begin hunting today. This presentation provides analysts with hands-on tips on how to start hunting for techniques across the MITRE ATT&CK matrix.
* Basics of standing up a threat hunting operation
* What skills, data + tools are useful for reaching success
* Can I do this with the staff I have? What about external consulting services?
* Advanced Hunting: Evolving the threat hunting program
|Second Presentation: IoT – Exploring the Threat Surface
Speaker: Jason Ortiz, Senior Integration Engineer, Pondurance
Abstract: The internet of things is now a household term and technologists have come to grips with the fact that there will be billions of non traditional devices connecting to the internet in the coming years. These devices will produce petabytes of data and require more and more advancements in infrastructure. The simplicity, ubiquity, availability and relatively low cost of these devices along with the unprecedented size of their network creates an enormous new threat surface. We are going to explore that threat surface with special emphasis on implementing security on the edge for these devices.
|Thursday, September 13, 2018
First Presentation: Security Hygiene: Putting out fires before they start
Speaker: Jim Wojno, Tanium
Abstract: In security we obsess about vulns, exploits and attacks with headline grabbing names like Petya / Nyetya, WannaCry, Eternal Blue, or Meltdown / Spectre and not enough on the fundamentals. Sexy technospeak marketing names dominate a field where dozens of companies compete to sell you the latest Silver Bullet One-Size-Fits-All miracle cure widget. This tabloid-esque fixation with style over substance creates a “Shiny Object Effect” that produces little long term value and burns precious resources better used on a Back to Basics approach. This talk will discuss the benefits of a fundamental security hygiene program both from a technology and a business perspective as well as provide attendees with practical advice on how to improve their own operations using tools you probably already own. Examples discussed will highlight how Blue Team members can become a force multiplier through a return to basics and security 101 and how a focus on the basics can pay higher dividends than the latest glitzy next-gen widget.
Second Presentation: Cosplay for RFID, Deception in plain sight
Speaker: Rich Rumble, Security Samurai
Abstract: We had a wacky idea, take the concept of an ATM skimmer, and apply it to the RFID badge readers. That simple concept, proved effective, too effective. What would the employees’ notice? Do they even know who to contact if they did get wise to the skimmer? What else could be done with physical access to the outside of a building? Could we get users to willingly give us their data, and their badge? Yes, yes we could. How can we empower the employees to catch us? We had a lot of fun with this, too much. We had a much harder time in educating and
|Thursday, August 9, 2018
First Presentation: Security Leadership Tabletop
Speaker: David Sims – CI-ISSA Board Member
Abstract: These leadership tabletop exercises are custom designed to provide excellent learning and observation opportunities. During this session we will explore:
Thursday, July 12, 2018
First Presentation: FBI Overview and Cyber Investigations
Speaker: J. Douglas Kouns “Doug” + Brett Baughman
Abstract: A brief overview of the Indianapolis Division FBI and a brief history of cybercrime and investigations from the perspective of presenters 23-year career. Segues into a more specific focus on current cyber investigations, trends, and issues. Any remaining time left for questions and discussion. The presentation will be supplemented by SA Bret Baughman a newer employee with a stronger background in IT and assigned specifically to the Cyber Investigation Squad.
Thursday, May 10, 2018
First Presentation: Unite Data Privacy with Security to Reduce Risk & Liability
Speaker: Adam Rubenstein, Compliance Specialist, Carbon Black
Abstract: As the impending EU General Data Protection Regulation (GDPR) goes into effect in May, organizations will need to have their data privacy program in place to reduce risk. How do organizations go about measuring and managing cyber risk associated with privacy data loss and compliance regulations? This talk will address how organizations can identify and manage the risk around their customer data for privacy concerns, the controls that impact privacy and are required by a compliance program and how to develop a plan to manage risk at the control level to incur the least risk for a company. There are 4 main ways to help you filter out the noise and simplify your GDPR process:
Understand your data
Ultimately this talk is trying to answer, why, even the most sophisticated security teams, using the best technology and following some of the strictest regulatory mandates still have gaps in their security strategy around protecting personal identifiable information and the impact GDPR will have on these organizations.
Second Presentation: Ransomware: The Anatomy of Paying the Ransom
Speaker: Mike Weber, VP, Coalfire Labs
Abstract: This presentation is an overview of how to respond when a company is the victim of a ransomware attack. The talk will discuss how to deal with hackers ransoming valuable company information. Attendees will learn how hackers respond when companies choose to comply with demands or refuse to pay. Weber will also discuss how companies obtain cryptocurrency, what delays are to be expected, and if companies can expect to see their customers’ compromised data again. This talk includes description of real events encountered working with companies faced with no other option.
|Thursday, April 12, 2018
First Presentation: Advancing without a traditional security perimeter – the new reality of network security
Speaker: Todd Harcourt, Sr. Systems Engineer – Zscaler Private Access
Abstract: IT has struggled mightily the past couple of decades to ensure trusted access to business assets on the enterprise network. It’s been a mostly futile battle as criminals and insiders have learned how to leverage that trust to gain virtually unfettered access inside the network. As the business network proliferates outside the security perimeter to encompass the internet and cloud services, it’s time to turn from trusted network access, to verified services consumption. Many IT organizations have relied on virtual private networks (VPN) and network access control (NAC) to give “trusted users” virtually unfettered access to enterprise network resources. As we’ve seen with innumerable network breaches, outside interlopers can exploit that trust factor to gain access, while insiders find cracks in defenses that allow them to tap into enterprise assets they have no rights to. The security model of the cloud era must focus on verified identity of users, their devices, and their roles. In this manner, a verified user only gains access to the application services for which he or she has been authorized. Unless such users have been granted these rights to an application or service, they will never be able to “see it” by navigating the network – this essentially forms a “dark network” that cannot be exploited. In adopting this model, we can focus on the techniques to verify users, whether they are inside or outside the network.
Bio: LinkedIn Profile
Second Presentation: Security Awareness Training
Speaker: Tim O’Connor, Cybersecurity Liaison, Cadre Information Systems
Abstract: What is Security Awareness, is there a benefit and if so to whom? What differentiates effective Security Awareness? How is Security Awareness different for C-level employees, verses information workers and IT professionals? Time permitting: Discussion on promoting a positive SA posture in
Bio: LinkedIn Profile
Thursday, March 8, 2018
First Presentation: Privilege Account Management: A Sprint Approach
Speaker: TJ Adams, District Manager, CyberArk
Abstract: The session will cover best practices for the management of privileged accounts and why managing these credentials is a critical aspect in any layered security strategy. Finally, I will offer a sprint methodology for quickly reducing the risk of privilege misuse in an environment.
Second Presentation: Looking Under the Rock: Deployment Strategies for TLS Decryption
Abstract: Attackers can freely exfiltrate confidential information all while under the guise of ordinary web traffic. A remedy for businesses concerned about these risks is to decrypt the communication to inspect the traffic, then block it if it presents a risk to the organization. However, these solutions can be challenging to implement. Existing infrastructure, privacy and legal concerns, latency, and differing monitoring tool requirements are a few of the
|Thursday, February 8, 2018
Primary Presentation: Foundations of Cyber Threat Intelligence
Abstract: In today’s highly interconnected world the threats posed in cyberspace are always evolving and expanding. Cyber criminals steal and sell personal information, compromise bank accounts,and hold networks hostage for ransom on a daily basis. Nation-state actors have stolen billions of dollars in intellectual property, remaining difficult to identify and even harder to deter. Hacktivists employ botnets to conduct distributed denial of service (DDoS) attacks that cripple corporate websites. Protecting against all of these threats requires a systematic approach that makes existing defenses smarter while maturing our overall defensive posture from reactive to proactive. That’s the value of cyber threat intelligence. My talk will explain the foundations of cyber threat intelligence, including differences between data, information, and intelligence, analytic standards and tradecraft, the intelligence cycle, and how to operationalize threat intelligence to improve an organization’s cybersecurity posture. Additionally, there will be a question and answer session where I will gladly discuss how to get started in threat intelligence, how to improve an existing intelligence program, or just about anything else I can help with.