Thursday, August 9, 2018

First  Presentation: Security Leadership Tabletop

Speaker: David Sims – CI-ISSA Board Member

Abstract: These leadership tabletop exercises are custom designed to provide excellent learning and observation opportunities. During this session we will explore:
– Storming, Norming and Performing
– Integrity models
– System Thinking

Bio: David Sims is a healthcare Cyber Security leader with a proven track record building and leading teams that win.

Thursday, July 12, 2018

First  Presentation: FBI Overview and Cyber Investigations

Speaker: J. Douglas Kouns “Doug” + Brett Baughman

Abstract: A brief overview of the Indianapolis Division FBI and a brief history of cybercrime and investigations from the perspective of presenters 23-year career. Segues into a more specific focus on current cyber investigations, trends, and issues. Any remaining time left for questions and discussion. The presentation will be supplemented by SA Bret Baughman a newer employee with a stronger background in IT and assigned specifically to the Cyber Investigation Squad.

Bio: Special Agent Kouns is currently assigned to the Indianapolis Field Office / Intelligence Collection Division. In Indianapolis Kouns has also served as the Team Leader of the Special Operations Group, the Supervisor of the Field Intelligence Group and was previously an investigator in the Bloomington Resident Agency. Prior to that, he was a Supervisor in the Weapons of Mass Destruction Directorate at FBIHQ in Washington DC. His first office with the Bureau was in the Minneapolis Field office where he investigated a variety of criminal and national security matters. Prior to the FBI, SA Kouns worked as a Chemist in the electroplating industry in Indianapolis, IN., and as a High School Chemistry Teacher in Muncie, IN. He is a 2012 MBA Graduate of Grantham University, a 1991 Graduate of Ball State University, and a 1987 Graduate of Blackford County High School.

Thursday, May 10, 2018

First  Presentation: Unite Data Privacy with Security to Reduce Risk & Liability

Speaker: Adam Rubenstein, Compliance Specialist, Carbon Black

Abstract: As the impending EU General Data Protection Regulation (GDPR) goes into effect in May, organizations will need to have their data privacy program in place to reduce risk. How do organizations go about measuring and managing cyber risk associated with privacy data loss and compliance regulations? This talk will address how organizations can identify and manage the risk around their customer data for privacy concerns, the controls that impact privacy and are required by a compliance program and how to develop a plan to manage risk at the control level to incur the least risk for a company.  There are 4 main ways to help you filter out the noise and simplify your GDPR process:

Understand your data
Monitor and Control Data Access
Access Data Security Controls
Data Protection Impact Assessments

Ultimately this talk is trying to answer, why, even the most sophisticated security teams, using the best technology and following some of the strictest regulatory mandates still have gaps in their security strategy around protecting personal identifiable information and the impact GDPR will have on these organizations.

Second Presentation: Ransomware: The Anatomy of Paying the Ransom

Speaker: Mike Weber, VP, Coalfire Labs

Abstract: This presentation is an overview of how to respond when a company is the victim of a ransomware attack. The talk will discuss how to deal with hackers ransoming valuable company information. Attendees will learn how hackers respond when companies choose to comply with demands or refuse to pay. Weber will also discuss how companies obtain cryptocurrency, what delays are to be expected, and if companies can expect to see their customers’ compromised data again. This talk includes description of real events encountered working with companies faced with no other option.

Thursday, April 12, 2018

First  Presentation: Advancing without a traditional security perimeter – the new reality of network security

Speaker: Todd Harcourt, Sr. Systems Engineer – Zscaler Private Access

Abstract: IT has struggled mightily the past couple of decades to ensure trusted access to business assets on the enterprise network. It’s been a mostly futile battle as criminals and insiders have learned how to leverage that trust to gain virtually unfettered access inside the network.  As the business network proliferates outside the security perimeter to encompass the internet and cloud services, it’s time to turn from trusted network access, to verified services consumption. Many IT organizations have relied on virtual private networks (VPN) and network access control (NAC) to give “trusted users” virtually unfettered access to enterprise network resources. As we’ve seen with innumerable network breaches, outside interlopers can exploit that trust factor to gain access, while insiders find cracks in defenses that allow them to tap into enterprise assets they have no rights to.  The security model of the cloud era must focus on verified identity of users, their devices, and their roles. In this manner, a verified user only gains access to the application services for which he or she has been authorized. Unless such users have been granted these rights to an application or service, they will never be able to “see it” by navigating the network – this essentially forms a “dark network” that cannot be exploited. In adopting this model, we can focus on the techniques to verify users, whether they are inside or outside the network.

Bio: LinkedIn Profile

Second Presentation: Security Awareness Training

Speaker: Tim O’Connor, Cybersecurity Liaison, Cadre Information Systems

Abstract: What is Security Awareness, is there a benefit and if so to whom? What differentiates effective Security Awareness? How is Security Awareness different for C-level employees, verses information workers and IT professionals? Time permitting: Discussion on promoting a positive SA posture in
various kinds of organizations.

Bio: LinkedIn Profile

Thursday, March 8, 2018

First  Presentation: Privilege Account Management: A Sprint Approach

Speaker: TJ Adams, District Manager, CyberArk

Abstract: The session will cover best practices for the management of privileged accounts and why managing these credentials is a critical aspect in any layered security strategy. Finally, I will offer a sprint methodology for quickly reducing the risk of privilege misuse in an environment.

Bio: Through seventeen years in information technology and ten focused on information security, TJ Adams has become a trusted advisor for companies throughout the country. At CyberArk, TJ has spent the last 4 years focused on building privilege account programs with enterprises of all sizes.

TJ holds the CISSP certification and is GIAC certified in Windows, Incident Handling, Intrusion Analysis and Penetration Testing.

Second Presentation: Looking Under the Rock: Deployment Strategies for TLS Decryption

Speaker: Chris Farrell, Sr. Information Security Architect, Navient

Abstract: Attackers can freely exfiltrate confidential information all while under the guise of ordinary web traffic. A remedy for businesses concerned about these risks is to decrypt the communication to inspect the traffic, then block it if it presents a risk to the organization. However, these solutions can be challenging to implement. Existing infrastructure, privacy and legal concerns, latency, and differing monitoring tool requirements are a few of the
obstacles facing organizations wishing to monitor encrypted traffic. TLS decryption projects can be successful with proper scope definition, an understanding of the architectural challenges presented by decryption, and the options available for overcoming those obstacles.

Bio:A senior information security architect, Chris leads the incident response program for Navient, Inc., a leading provider of financial services in the education, healthcare, and government sectors. His daily responsibilities include security architecture, risk assessments, threat hunting, incident response, digital forensics, and reverse-engineering. He has a B.S in Computer Information Technology, an M.S. in Information Security Engineering, and over 10 years experience in information security. He holds many industry certifications including the GIAC Security Expert designation. Chris is passionate about getting something to do more than it was ever originally intended to do, and being able to come up with that perfect analogy at the right moment to help someone understand a tough topic.


Thursday, February 8, 2018

Primary Presentation: Foundations of Cyber Threat Intelligence

Speaker: A.J. Nash, Manager, Intelligence Services, Symantec

Abstract: In today’s highly interconnected world the threats posed in cyberspace are always evolving and expanding. Cyber criminals steal and sell personal information, compromise bank accounts,and hold networks hostage for ransom on a daily basis. Nation-state actors have stolen billions of dollars in intellectual property, remaining difficult to identify and even harder to deter. Hacktivists employ botnets to conduct distributed denial of service (DDoS) attacks that cripple corporate websites. Protecting against all of these threats requires a systematic approach that makes existing defenses smarter while maturing our overall defensive posture from reactive to proactive. That’s the value of cyber threat intelligence. My talk will explain the foundations of cyber threat intelligence, including differences between data, information, and intelligence, analytic standards and tradecraft, the intelligence cycle, and how to operationalize threat intelligence to improve an organization’s cybersecurity posture. Additionally, there will be a question and answer session where I will gladly discuss how to get started in threat intelligence, how to improve an existing intelligence program, or just about anything else I can help with.