Thursday, February 9th, 2023

Presentation: Mystery of the 8 Second Breach

Abstract: How is it that when the average time it takes to detect and contain a breach is 230 days, a contractor to AmeriGas was able to address theirs in 8 seconds?

This presentation will compare and contrast two breaches that have been reported on publicly in 2021 to identify how each took a different approach to security, and how those approaches yielded differing results. Using the NIST CSF as a model for discussing these different approaches, the presentation will make the case for rebalancing security spending to emphasize detection and remediation capabilities, and look at how as an industry we in information security have conditioned ourselves to focus on prevention to the detriment of most of the other domains in the NIST CSF.

In addition, the presentation will touch on the problems with paying ransoms, and the limitations of cyber insurance as a curative measure.

Speaker: Bill Bernard, Deepwatch

Thursday, January 12th, 2023

Presentation: SOAR Outside the Box – An Insider’s Look at Automation Beyond Phishing & SIEM

Abstract: Using examples and discussion, this talk is designed to demonstrate the vast opportunities that lay beyond today’s traditional applications of Security Orchestration Automation and Response (SOAR) engines. Topics such as work effort/skill set requirements, operational cost savings, etc. are covered in this talk.

Speaker: James Kelly, Mandiant

Thursday, November 10th, 2022

Presentation: Lean Six Sigma and Security

Abstract: If you don’t have repeatable and reliable processes for your security posture, polish your incident response plan and prepare to get breached! Everybody knows that Lean and Six Sigma are for manufacturing. What if the principles apply to other things like IT systems? Could they be used to improve your security posture? The answer is yes! We will talk briefly about Lean and Six Sigma philosophy and how the toolsets can be used to improve any process..

Speaker: Quentin Gurney, Executive Advisor InfoSec Client Engagement at Elevance Health

Thursday, October 13th, 2022

Presentation: Threat Actors, TTPs and mitigations

Abstract: Threat actors are constantly changing their initial entry vectors and strategies as they push to compromise networks across the globe. From initial malware droppers to business email compromise (“BEC”), we’ll explore the initial access tactics threat actors are exploiting to breach organizations. We’ll also discuss the various campaigns and threat actor TTPs as well as ways to mitigate your exposure based on real world detections observed.

Speaker: Jason Barnhizer, Pondurance and “Rich Rumble”, Pondurance

Thursday, September 8th, 2022

Presentation: Security Operations in the Current Global State

Abstract: The events of the last month, the last year, and even the last 3 years has proven that we are a part of a sinister new world. The idea of a best of breed security stack being enough to protect your environment is not only outdated, but it is also a dangerous belief. Security teams are overworked and outgunned in today’s world, but there are ways to shore up defenses. Learn how from Arctic Wolf!

Speaker: Ryan Archer, Arctic Wolf and Greg Coy, Arctic Wolf

Thursday, August 18th 2022

Presentation: Why XDR?

Abstract: This conversation will revolve around breaking down what XDR is and why it is important. We will touch on the origins of XDR, its components and how it has evolved in its short history. In order to fully grasp XDR, the conversation will touch on other security products in the space and we will review the similarities and differences between them all. Finally, we will touch on how XDR can affect and improve organizations day to day operations.

Speaker: Cole Beaulieu, Red Canary and Matt White, Red Canary

Thursday, July 14th 2022

Presentation: T

Abstract: D

Speaker: 

Thursday, June 14th 2022

Presentation: T

Abstract: D

Speaker: 

Thursday, May 12th 2022

Presentation: T

Abstract: D

Speaker: 

Thursday, April 14th 2022

Presentation: The Evolution of Cyber Threats today and why EDR is failing

Abstract: During this session, we will discuss the evolution and ever-increasing sophistication of cyber-attacks today. With organizations adaptation and swift migration to the cloud and adaptation of hybrid environments, the threat attack surface is growing exponentially.  We will look at why current security defenses, including EDR, are failing to identify and prevent these new and sophisticated cyber threats.

Speaker: Chuck Everette, Director of Cybersecurity Advocacy

Thursday, March 10th 2022

Panel Discussion

The past few months have been rife with cyber security escalations involving supply chain vulnerabilities and attacks, nation state espionage and nation state cyber attacks.  This panel discussion will cover a number of topics, but will be focused on organizational response to the escalations of the past few months.

Discussion topics will include but are not limited to:

  • Did your response to the Solarwinds incident better prepare you for the log4j escalation?
  • In what ways have you enhanced (or plan to enhance) your supply chain program?
  • Did the FTC’s threat to fully use their authority against companies that do not take proper steps to secure consumer data have any impact on your response to the log4j escalation?
  • Is your organization on heightened alert due to the War in Ukraine?
  • What is your organizational response to intel regarding previously unknown tools used by nation states for cyber espionage?
  • How is your organization leveraging threat intel to better prepare and respond to the recent escalations?
  • What are your thoughts regarding the Senate passed legislation requiring critical infrastructure operators to report major cyberattacks to CISA?

As with all our panel discussions, the dialogue will be moderated, but questions and comments are welcome from attendees.

Panelists:

  • Steve Lodin, Sr. Director, IAM and Cybersecurity Operations in Corporate Security, Sallie Mae Bank

BIO:

Steve Lodin is the Senior Director of IAM and Cyber Security Operations in Corporate Security at Sallie Mae.  Mr. Lodin is focused on managing identity and access management, perimeter security, endpoint protection, application security, vulnerability management, and threat intelligence to reduce risk and ensure compliance.  As an accomplished information security professional, Mr. Lodin has been published in numerous information security publications.  He has been a speaker at many security conferences, as well as numerous local security chapter meetings.  He has a Master’s degree in Computer Science from Purdue University where he was a member of the COAST/CERIAS program.

    • CISSP since 1998
    • Worked in IT and security leadership roles at GM/Delco/Delphi, EY, Roche, Forsythe
    • Member of ISSA, Infragard
    • Board treasurer for the Ohio River Valley regional chapter of the Cloud Security Alliance
    • Member of the Security Advisor Alliance
  • Rick Clark

BIO:

Rick Clark serves as the Director, Corporate Security for Finvi, a software development company based in Muncie, IN. Mr. Clark holds the Certified Information Systems Security Professional certification and had seventeen years experience in managing Information Technology where he implemented multi-office networks from the ground up, designed and managed data centers, and managed Cisco firewalls, routers, IDS, and VPN devices.   

 Mr. Clark is currently responsible for all phases of corporate security and implemented the security program that is SSAE16 Level II certified, PCI-DSS certified, ISO 9001 certified, and ISO 27001 certified. In his capacity, Mr. Clark leads the internal efforts to ensure that Finvi products meet regulatory and best practices compliance in security, including PCI, FISMA, IRS1075. 

 Mr. Clark is a recognized advocate on issues of security, compliance and data privacy and actively teaches fellow associates and the community at large about the practical methods to ensure personal and corporate privacy and protection of data through company blogs, newsletters, and lunch and learns. 

  • Andy Marsh

Moderator:

  • Bob Sipes

BIO:

Bob Sipes is an established security professional supporting DXC Technology clients across multiple industry sectors in Security Operations, Security Architecture and Incident Response.  Bob is a CI-ISSA charter member, an ISSA Fellow and holds a variety of security certifications.  Bob is married and has 2 adopted, teenage children. He is a life-long antiquarian book collector, amateur photographer, hiker and cyclist.  His newest project is trying to learn to play bluegrass on the banjo.

Thursday, February 10th 2022

First  Presentation: Demystify Security Compliance – SOC 2 from Start to Finish

Speaker: Ben Phillips, KSM

Abstract: 

During this session, Ben will provide an overview of what a SOC 2 report can provide from an end-user perspective, including what areas to look at and ask questions about. In addition, Ben will discuss what companies need to do to get a SOC 2 report completed and the common challenges that present themselves as they complete their first SOC 2 report.

Speaker Bio: 

Ben Phillips is a director in Katz, Sapper & Miller’s Audit & Assurance Services Group and a member of the firm’s SOC Services Group. Ben is primarily responsible for the planning, execution, and delivery of SOC reporting engagements, cybersecurity assessments, and internal controls consulting projects to meet clients’ various compliance needs and service commitments. He is a frequent presenter and author on topics related to cybersecurity risk management and SOC.

 

Thursday, October 14th 2021

First  Presentation: Demystifying MDR and XDR for Security Conscious Buyers

Speaker:  Lyndon Brown, Pondurance Chief Strategy Officer

Abstract: Cyberattacks are becoming a day-to-day struggle for businesses with the average cost of a breach estimated at $3.8 million by the Ponemon Institute. Trends such as ransomware and the rapid acceleration of digital transformation are causing security-conscious customers to reassess their security plans. Limited access to expensive security talent, frustration with managed security service providers (MSSPs), and constrained budgets are leading security and IT leaders to seek out alternatives, such as managed detection and response (MDR).

 

Lyndon will discuss:

· The biggest cybersecurity challenges for midmarket and enterprise organizations.

· The difference between a SIEM, MSSP, MDR, and XDR.

· Components of MDR and how to choose the right provider for your organization.

Speaker Bio: Lyndon Brown brings a career focus in building high-growth technology companies to Pondurance where he is responsible for product management, corporate development, marketing, and driving cross-functional performance. Prior to joining Pondurance, Lyndon served as Vice President of Business Development at FireEye Mandiant, where he focused on strategic growth initiatives. As an executive, Lyndon has successfully led product management, mergers and acquisitions, and global partnerships at firms such as Verodin (acquired by FireEye) and Endgame (acquired by Elastic).

 

Second Presentation: Access Defense Techniques on Windows Endpoints

Speaker: Rush Vyas, Pondurance Senior Security Analyst

Abstract: Initial access for many of the intrusions or breaches we have witnessed is done via a malicious document or malicious files. Rush will discuss several of the techniques we can employ, using Windows capabilities, to reduce the risk of these generic and popular attacks successfully executing. He will also highlight some of the methods we can use to reduce the chances of successful lateral movement after a compromise. These defenses don’t stop all attacks but they are interesting to apply and study their impact.

Speaker Bio: Rush Vyas is a Senior Security Analyst at Pondurance. He handles a wide range of responsibilities including detection, threat research, and malware analysis. Rush also spends a significant amount of time on development and automation projects.

Thursday, September 9th 2021

Speaker: Segio Gonzalez, Red Canary

Presentation: Why EDR?

Abstract:

Why is EDR important? We’ll cover what it is, why it’s important, Pro’s and Con’s and helpful things to think about.

Speaker Bio: 

Sergio Gonzalez is a 20-year veteran of IT with a background in Systems Engineering focusing on Networking, Virtualization, Storage and Cloud. When he’s not at his day job, Sales Engineer for Red Canary, you can find him and his wife training for half marathons, cooking, or exploring Cincinnati’s newest places to eat.

Thursday, July 8th 2021

Speaker: Glen Roebuck, Thales CPL

Presentation: Discover, Protect & Control: in an Age of Uncertainty

Abstract:

Overview of products to use to protect your data in the times of Malware.

Speaker Bio: 

Glen Roebuck is a Senior Sales Engineer with Thales. He has been with the company three years. Prior to that he was a customer with 20 plus years of IT infrastructure experience, from endpoint to network.


Speaker: Leon Ravenna, CISO KAR Auction Services

Presentation: Surviving the Regulators

Abstract:

As more Personally Identifiable Information is collected, stored or created, the specter of customer privacy issues are looming large. Privacy and Security methodologies are starting to be dictated by those in State houses, Congress and Supra-regional governments.

Enterprises need to take a long hard look at the information they are capturing and how they secure it to determine whether the potential value outweighs the potential risk.- How do your current Security and Privacy practices match up against upcoming laws in Europe, US other parts of the world?

– Are you prepared to deal with new laws with huge fines? What about Private Right of Action?
– Are you anticipating what is coming down the road?
Takeaways:
– Understand the implications of new laws are as well as your risks
– Understand how to comply with upcoming laws
– Understand how contracts and data flow will be impacted
– Ways to drive your organization to implement
– How can this be beneficial for you personally

Speaker Bio:

Leon Ravenna, CISO – KAR Auction Services – Leon has over 30 years’ experience in Healthcare, Financial Services and Technology companies. He leads Global Security Strategy, Execution, Privacy and Compliance services. Leon is currently CISO of a $2.5B multi-national company in the auto auction and financial services space. Providing Security, Privacy & Compliance expertise for over 15,000 employees. Leon has led nationwide support, Web & CRM development efforts, data center builds, heavy infrastructure for SaaS companies in the medical and financial space.
Leon has extensive experience in Regulatory, Compliance & Privacy having managed ISO27001, HIPAA, SSAE-16, PCI and NIST system builds and audits. In addition to holding a PMP. Leon holds a CISSP and PMP and is one of a very small group world-wide to hold 6 major Global Privacy certifications including CIPM, CIPP/ C and CIPP/ E, CIPP/ G, CIPP/ US and FIP.

Surviving the Regulators
Surviving the Regulators

Thursday, June 10th 2021

Speaker: Brian Quick, Advisory CISO at Trace3

Presentation: Keep ’em Separated – How micro-segmentation can support your zero-trust journey and keep you from getting owned.

Abstract:

2020 was an unprecedented year for ransomware and state sponsored supply chain attacks. After gaining an initial foothold within an organization, threat actors typically seek to accomplish lateral movement within an internal network to elevate access, exfiltrate data or deploy additional malicious code.

A thoughtful micro-segmentation strategy allows organizations to create multiple security zones, establish granular security and access control policies, and isolate specific workloads. This reduces the company attack surface and keeps hackers or malicious insiders from accessing sensitive systems and data.

Speaker Bio: 

Brian is a seasoned IT executive with 25 years of experience leading cybersecurity and IT operations groups. He has deep personal experience in the Healthcare, Online Services and Education sectors. Significant career accomplishments include leading cybersecurity threat management and data protection functions at a Fortune 50 health insurer, building a comprehensive cybersecurity and fraud prevention program at large online company and leading IT and security functions for one of the largest academic medical systems in the US.

Brian currently works at Trace3, an industry-leading firm within the systems integration and value-added reseller space, where he advises clients on developing successful cybersecurity and IT operations programs.

Brian holds a Bachelor of Science degree from Indiana University and an MBA from Butler University. He is a native Hoosier and currently resides in Noblesville, Indiana where he enjoys activities like kayaking, hiking, and spending time with his wife and three sons.

Thursday, May 13th 2021

Speaker: John Bloomer, CISSP Director of Engineering, North Central Region, Office of the CTO

Presentation: Down the Rabbit Hole – A Tour into the Dark Web  

Abstract:

“Life is like an onion…” this is a quote by the famous American poet and three times Pulitzer winner, Carl Sandburg.

By the time Sandburg wrote these lyrics in the 19th century, he could have never imagined how close to reality those words would become in the 21st century and specifically in the context of the Dark Web.

Frequently, Alice in Wonderland is used as the main analogy to the Dark Web, but just like in the book, no one tells us how this magical world was made and what the motive for its creation was.

If one wants to become wise on a matter and have a solid opinion on a subject, one needs to learn its historical events and evolution.

In our journey through this session, we take you through the evolution, goals and motivation of the Dark Web. I will share with you what and whom you can find on the platforms as well as the major conflicts individuals face while exploring this web.

The session also exposes you to the syndicates and structures running on the platforms. Surprisingly we see how those groups were among the first to embrace and implement Blockchain technology and created a major global demand for crypto currencies.

This is the time to listen, learn and be exposed to the deepest secrets of the Dark Web.

Thursday, April 8th 2021

Speaker: Chris Fenning, Communications instructor/author

Presentation: This Is How To Create Compelling Presentations

Abstract:

If you have been looking for a set of specific, repeatable steps that help to create persuasive, clear, and concise presentations, this is the talk for you. I believe that presentations can be simpler to create, more compelling, and easier to deliver, with the application of two simple methods. The audience will leave this short talk with tangible tools they can apply when creating and delivering their next presentation, or important conversation.

Thursday, March 11th 2021

Speaker: Kyle Dimitt, Senior Compliance Research Engineer

Presentation: Securing the DIB – CMMC

Abstract: 

DoD has created a mandate for the Defense Industrial Base (DIB) to meet minimum thresholds of cybersecurity, in order to minimize supply chain risk and protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). The Cybersecurity Maturity Model Certification (CMMC), issued by OUSD(A&S), will be fully rolled-out by 2025. Join us in our discussion around the CMMC framework, updates since introduction (including DFARS rule changes), the current status of implementation, and how CMMC relates to other well-known federal frameworks like FedRAMP.

Speaker: Amanda Berlin, Lead Incident Detection Engineer

Presentation: Five Easy Ways to Test your SIEM’s Detections

Abstract:

There are a lot of challenges with SIEMs today. Alert fatigue, ease of use and setup, cost, and knowing if they are covering what your business needs. One of the activities that aren’t performed nearly enough are testing the detections that are said to be in place. We’ll walk through some common detection types and easy ways to test to see if your SIEM is providing you with the alerting you require.

Thursday, February 11th 2021

Speaker: Scott J. Shackelford

Presentation: IoT and the State of Hoosier Cybersecurity

Abstract: 

The Internet of Things (IoT) is the notion that nearly everything we use, from gym shorts to streetlights, will soon be connected to the Internet. Industry and financial analysts have predicted that the number of Internet-enabled devices will increase from 11 billion to upwards of 25 billion in coming years. Regardless of the number, the end result looks to be a mind-boggling explosion in Internet connected stuff. Yet, there has been relatively little attention paid to how we should go about regulating smart devices, and still less about how cybersecurity should be enhanced. Similarly, now that everything from refrigerators to stock exchanges can be connected to a ubiquitous Internet, how can we better safeguard privacy across networks and borders? This talk will explore these issues by pulling from the recently published book, ‘The Internet of Things: What Everyone Needs to Know.’ Our discussion will also be couched by the findings of a recent report for the Indiana Executive Council on Cybersecurity entitled, ‘State of Hoosier Cybersecurity 2020.’

Securing Everything (CERIAS)

Speaker: Brian Carter

Presentation: Death Note: Ryuk’s Successful Ransomware Enterprise

Abstract:  

Brian Carter and Vitali Kremez conducted joint research into the operations of the Ryuk Ransomware crime enterprise and discovered several key findings including tehir approximate worth ($150m) and how they negotiate with victims. Brian will share some methods for monitoring Ryuk activities and give recommendations for preventing a Ryuk intrusion. Ryuk is a character from an anime called Death Note.

Death Note: Ryuk

Thursday, January 14th 2021

We will have an interactive group discussion  regarding the recent Sunburst campaign involving many government agencies, security vendors and IT providers.  How does this widespread campaign change how organizations manage supply chain security.  While this is not the first supply chain compromise, it is arguably the most stealthy, targeted and pervasive.  We will discuss the attack and campaign, detection, response, impact and changes to supply chain security.  Some questions for attendees to consider are:
 
– How did your organization respond?
– What long-term changes are you considering to improve the integrity of your supply chain?
– How has your risk profile changed?  What actions are being taken in response to the increased risk?
– Are you expanding your threat intel to include your supply chain?
– What are your supply chain security best practices?
– What changes are you considering to protect/detect/react against a similar attack (assume you’re similarly compromised through your supply chain)?
Supply Chain Security CIISSA_2021
Supply Chain Security Presentation

Thursday, December 10th 2020

Holiday Party Speakers

Speaker: J. Wolfgang Goerlich

Presentation: Change Culture, Change Risk

Abstract: 

People performing contentiously and consistently is a lofty goal. Information Risk Management gives us the process to follow. Controls frameworks gives us the standards to set and meet. Yet it is the people who ultimately decide our security posture. In this presentation, we will introduce culture frameworks. Culture frameworks provide a means to accelerate building a risk management program. For programs that are maturing, culture provides a means to communicate and drive behaviors. To illustrate this point, case studies will be shared that illustrate the challenges and successes of applying culture management to a risk program. Attendees will leave with new insights into how to leverage the people aspect of information risk management.

 

Speaker: Teri Radichel

Presentation: Real World Cloud Compromise

Abstract:  

Learn about vulnerabilities, misconfigurations, and security problems that may affect your cloud accounts, applications, and systems. This talk will include real world findings from security incidents, penetration testing, bug bounty reports, and data breaches. Teri Radichel will share sample findings from 2nd Sight Lab pentest and security assessment reports. Learn about common security problems in cloud environments and how to prevent them.

Thursday, October 8th, 2020

First  Presentation: Intel Briefing – 2020 DFIR Case Studies

Speaker: Max Henderson & Greg Bursic – Pondurance

Abstract: 

Ransomware attacks have been devastating to the private sector, and now they are even exfiltrating sensitive data to purposely cause a data breach and further extort the victim. The Pondurance DFIR team has responded to countless ransomware attacks in recent years and has developed a total war strategy for taking back control of a network. In this presentation our analysts will discuss some of the common tactics of Ransomware threat actors seen in the latest attacks and how we combat them to contain, eradicate and recover back to a state of normalcy.


Second Presentation: Devops, Automation, and Data Processing for Infosec Teams

Speaker: Rush Vyas, Pondurance

Abstract:  

This presentation focuses on utilizing some of the DevOps tools, automation tools, and data processing frameworks for information security purposes. The goal of this presentation is to introduce infosec people to tools and frameworks that can help reduce repetitive work and help with the automation of data processing/analysis. We will look at things such as automating C2 deployment, building AD lab for offensive/defensive testing, automating recon, malware analysis, forensic data processing, and more!

Thursday, September 10th 2020

First Presentation: A Practical Guide to Identity Centric Zero Trust

Speaker: Eric Avigdor, Directory of Product Management IAM Global Market Owner – Thales

Abstract: 

Now that working from home has become the new normal, organizations are facing increasing complexities around secure access to cloud applications. Constraints in scaling legacy on-premises solutions, lack of visibility, as well as the threat of data breaches are hindering enterprises from being able to fully benefit from cloud efficiencies. Identity centric zero trust security can provide a practical approach to addressing these challenges and can offer a blueprint for organizations that need to rethink their IAM strategy as they expand their cloud adoption.

Second Presentation: Commodification of Cyber Capabilities: A Grand Cyber Arms Bazaar

Speaker: Guillermo Christensen, Partner Ice Miller

Abstract:

The proliferation and commodification of cyber offensive capabilities, through emergence of a “grand cyber arms bazaar,” is reshaping the cyber balance of power, enabling an expanded array of actors to use cyber for geopolitical impact or economic gain. This session will discuss the growing range of actors and explore the current dearth of deterrence, lack of redlines, and inherent unintended consequences of cyber engagement. Attendees will learn how proliferation of cyber capabilities change the cyber threat landscape, how they can prioritize among an expanding array of threat actors who have access to sophisticated technical capabilities, what policy challenges may arise from cyber proliferation, and what are some alternative outcomes for the trends identified.

Thursday, August

13th 2020

Speaker: Sean Deuby

Abstract: 

Disaster Recovery (DR) strategies have traditionally focused on natural disasters, then expanded into other physical events such as terrorism. Today, cyber weaponization is everywhere, and the “extinction event” is a genuine threat with no respect for geographic boundaries.

In 2017 the NotPetya ransomware attack impacted Maersk worldwide in under 10 minutes and cost the company over $300M. The 2018 Winter Olympics were hit by a targeted cyber attack. Ransomware attacks have become commonplace. Cyber risk directly correlates to business risk. And cyber disasters strike more frequently with broader impact than their physical counterparts. Thus, modern DR strategies must prioritize cyber scenarios.

Takeaways

  • Denial-of-availability malware is now the #1 risk to business operations
  • Cyber insurance policies are not the magic bullet they position themselves to be
  • New “cyber-first” DR technologies automate recovery of complex systems, facilitate recovery to the cloud, and eliminate the risk of reinfection from system state and bare-metal backups
Thursday, June 11th, 2020

Speaker: Doug Rapp

Join us for a special treat, Douglas Rapp will share with us a new services available to companies around the state.

As a Land Grant University, Purdue has an obligation to provide value back to the community. Here are two of many opportunities where Purdue can provide value to you and your organization:

  • Purdue provides no-cost training to SOC teams/security professionals on the world’s most advanced commercial cyber range.
  • Purdue will be launching employee Cybersecurity awareness training within the next sixty days. Developed by Purdue faculty and practitioners in conjunction with Rolls-Royce and the State of Indiana, this training is no-cost to Indiana based businesses and local governments.
CyberTap Course Flyer
CyberTap Course Flyer
CyberTap NLJ Flyer
CyberTap NLJ Flyer
CyberTap Workshop Flyer
CyberTap Workshop Flyer

 

Thursday, May 14th, 2020

First  Presentation:  Best Practices, PAM Security, Data Privacy and Busting the Six Myths about PAM

Speaker: Christopher Hills, BeyondTrust

Abstract:

What is best practice? Best practice ranges from organization to organization as a result of each organizations risk appetite and risk tolerance. Answering the questions around what, how and why. As a leader in the Privileged Access Management (PAM) market, BeyondTrust is constantly challenged with questions surrounding strategy, maturity and priorities, while managing security risks. In this revealing presentation you’ll learn:

•           Analyzing Best Practice
•           Security considerations
•           Key components for a successful PAM strategy
•           How six widely held beliefs about PAM are in fact wrong
•           Why the typical IT environment is a hacker’s playground?
•           Where the current threat landscape is heading and how to prepare

Second Presentation: AI vs AI: The Good, the Bad, and the Ugly

Speaker: Nadav Maman, Deep Instinct

Abstract:

The day hackers start using AI and how to protect against it
Think about what would happen when hackers start using the power of AI for their malicious ends? With the dissemination of AI knowledge and resources, this has become not a theoretical question of if, but when. In this discussion, we draw out the implications of this; the risks it holds to the retail sector and what organizations can do to ensure ongoing protection.
From this session you will:
• Understand the future cyber-threat landscape
• Understand the role that advanced AI will play in the development of future malware
• Hear deep learning experts provide a break-down of different types of AI attacks and how they will work
• Gather valuable information that will be useful when planning your future focused security strategy
• Hear recommendations from other cyber experts on how they protected their enterprise against
advanced AI cyber threats
Thursday, April 9, 2020

The Coronavirus has changed the game for everyone. The entire workforce is forced to work remote and many were not ready. What’s next is really going to test companies as they begin to think about how the future might look.

Blue Voyant’s Chris White, Global Co-Head of Managed Security Services, and Sadiq Khan, CISO, will share with us short and long term best practices for running your business securely in a post COVID-19 world. Registered attendees will receive Zoom meeting details the day of the event. Going Remote!

Chris joined BlueVoyant with a decade of experience consulting to Fortune 500 and US Intelligence Community organizations. Prior to joining BlueVoyant, Chris was Booz Allen’s Chief Engineer for Commercial Cyber Engineering Services and Data Protection Solutions. He is an experienced adviser in the realm of cryptography, data discovery, metadata analysis, risk metrics/analytics, data visualization, and reporting.

Sadiq Khan is the Chief Information Security Officer at BlueVoyant. Sadiq came to BlueVoyant from Booz Allen Hamilton where he served as lead technologist in the firm’s data protection practice. He has significant experience designing comprehensive data management strategies and in developing enterprise encryption solutions that enable end-to-end protection of sensitive information.

Thursday, March 12, 2020

First  Presentation:  Datinglover and Me: A platonic look into the private data of others

Speaker: Brian Carter, Anthem

Abstract:

A lot can be learned from the data that is collected by infostealer malware. This presentation covers findings from one million stealer logs that have been helpful at identifying criminals, sandboxes, researchers, and Chinese fentanyl distributors.

Second Presentation: An Introduction to Infrastructure as Code

Speaker: Fred Zanto

 

Abstract: 

With more organizations adopting a DevOps mindset, it is becoming important for Operations and Security to adapt to modern practices. Infrastructure as Code can help teams enable Continuous Delivery while controlling environment sprawl and direct access to Cloud resources. We will talk about what IaC is, how it can benefit Ops and Security in DevOps, and see examples using Terraform by HashiCorp.

PRESENTATION: 

Thursday, February 13, 2020

First  Presentation:  Current Trends in NIST Digital Identity & MFA

Speaker: Michael Vance,  Navient

Abstract: NIST 800-63-3 has been out for two and a half years, but some of the most important shifts in thinking about authentication and other aspects of digital identity that it introduces are just now beginning to get traction. We will discuss the key concepts of NIST 800-63-3, and where current authentication methods fit into the new digital identity model.

Second Presentation: Eleven Fifty Cybersecurity Overview

Speaker: Dewand Neely, Eleven Fifty Academy

Abstract: Overview of Eleven Fifty Academy. It’s mission, vision, and ways to level up your cybersecurity training.

Thursday, January 8, 2020

As tensions with Iran escalates there is a growing concern on how increased geopolitical tensions and threats of aggression might affect our businesses.

Today, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), released a document to help companies consider and prepare for possible retaliatory cyber and physical attacks. Knowing how you may be exposed or targeted will help you to be better prepared to act, collaborate, and report.

Join us this Thursday for an open discussion on the Iran and Cybersecurity consequences, likely threat scenarios, how this might impact our companies, and how we should prepare to protect our personnel and businesses.

Thursday, November 12, 2019

First  Presentation:  Privacy Primer for Security Admins

Speaker: Nick Merker, Partner at Ice Miller, LLP

Second Presentation: Reclaiming your Digital Privacy

Speaker: Chris Collins, Former FBI SA and current Cybersecurity Professional

Thursday, October 10, 2019

First  Presentation: Wanted: Bugs – Dead or Alive

Speaker: Curtis Brazzell, Principal Security Consultant, Pondurance

Abstract: Depending on the security maturity level of your organization, you have some options when it comes to squashing bugs.  Maybe your security posture is hardened and you’re ready to participate in a bug bounty program or red team assessment.  Perhaps you’re just getting started and need to begin with vulnerability scans or penetration testing first.  Wherever you are, there are options you have to continue strengthening that posture and we’ll discuss the pros and cons of each.  The end goal is the same either way, we want to exterminate these bugs before an adversary can use them against you!

Second Presentation: Reverse Engineering Malware

Speaker: Rushahb “Rush” Vyas, Security Analyst, Pondurance

Abstract: This presentation will discuss the basics of malware analysis. Then we’ll discuss whether you always need it and if you do, how you can reduce the time spent doing it. We will also discuss the benefits of doing malware analysis (+ some OSINT) during an incident response scenario and how to use data obtained from the analysis to aid in your incident response efforts.

Thursday, July 11, 2019

First  Presentation:  Encrypted Things – Network Detection and Response in an Encrypted World

Speaker: TJ Biehle, Gigamon

Abstract: There has been tremendous growth in the percentage of network traffic that is encrypted over the last decade. With this comes many challenges for incident responders. Decrypting the traffic is often hard, if not impossible. The rise in encrypted traffic has undoubtedly increased privacy for users but we know that threat actors take advantage of it as well. As network defenders our visibility is impacted, and traditional network monitoring detection will not always work.

In this talk we will discuss the problem of encrypted traffic as it pertains to network detection and response, educate you on new developments in SSL/TLS, and demonstrate how you can still hunt for and detect badness in encrypted traffic. This talk will be relevant to junior analysts all the way up to senior analysts at mature SOCs.

Second Presentation: Securing Cloud and DevOps Systems

Speaker: David Sims, Anthem

Abstract: This is a primer for Security and Privacy professionals on the topic of Cloud and Development Operations activities. It touches the broad history, financial argument for and provides delimitation and understanding of topics that are frequently misstated and grouped together within Information Technology Operations.

Thursday, June 13, 2019

First  Presentation:  Zero to Owned in 1-Hour: Securing Privilege In Cloud and DevOps Workflows

Speaker: Alex Flores, Principal Solutions Engineer – CyberArk Software, Inc.

Abstract: In this session, we’ll look at a decade of environment evolution and share a few war stories/fails. Most importantly, we’ll discuss tips to help reduce the attack surface by securing privileged organic and inorganic secrets that allow access into Cloud environments as well as ones that are used by orchestration, automation and CI/CD supporting pipelines.

Second Presentation: Take your Incident Response Tabletop to the next level

Speaker: Aaron West, Consulting Director at Reveal Risk

Abstract: The term “tabletop” is commonly used in the information security world, but it’s not formally defined so approaches vary widely. This presentation is designed to help bring the industry closer to a standard terminology and purpose for tabletops within the information security community.

Thursday, May 9, 2019

First  Presentation:  Evaluating and Managing threat models for Business and Digital Transformation

Speaker: James Robinson – Deputy, CISO at Netskope

Abstract: Business Transformation brings many opportunities and challenges which we as practitioners are not ready for and transitioning from the office of no to know does not meet the challenge. In this session, we will evaluate new threat models developed for cloud security, data sciences, and the evolution of traditional threats with these new businesses enabling technologies.

Presentation

Second Presentation: Third-Party Vendor Management

Speaker: Siddharth “Sid” Bose is an attorney in Ice Miller’s Data Security and Privacy Practice, and a current board member of the CI-ISSA

Abstract: Working with vendors is essential for every academic institution.  However, the same vendors relied on by institutions can quickly become their greatest cyber threat.  Vendors may have access to critical and sensitive data, or may be integral to the day-to-day operations of your institution.  This presentation will discuss the various challenges and practice aids in drafting vendor agreements, performing due diligence on vendors, and on various areas of concern including: data confidentiality, risk identification and assessment, information security standards, data breach response and notification, privacy concerns, downstream obligations (e.g. subcontractors), risk mitigation and transfer, and data destruction.

Presentation

Thursday, April 11, 2019

First  Presentation:  The fun way to learn PKI Encryption and Authentication!

Speaker: Tim O’Connor – Manager of Knowledge Services (vCISO) at Cadre Information Security.

Abstract: A fun interactive role playing session to learn about PKI. Many people in IT, even those the use PKI components daily don’t understand how the overall PKI architecture works. This fun interaction lecture will remedy that!

Thursday, March 14, 2019

First  Presentation:  First Came the Hackers, Then Came the Lawyers: Responding to Litigation and Enforcement Actions Following a Data Breach

Speaker: Doug Swetnam, Office of the Indiana Attorney General

Abstract: 

The Indiana Attorney General’s Office is committed to enforcing Indiana’s Disclosure of Security Breach law to better protect Hoosiers from identity theft. This law requires Indiana businesses inform their customers about security breaches that have placed their personal information in jeopardy. As many of our members know, security breaches involving your personal information – also referred to as data breaches – can create a significant risk of fraud or identity theft if the information is acquired by the wrong person. 

This session will feature Doug Swetnam, Section Chief of the Data Privacy & Identity Theft Unit in the Office of Indiana Attorney General, and Stephen Reynolds, co-chair of Ice Miller’s Data Security and Privacy Group. The speakers will cover incident response considerations for security professionals in view of future regulatory and litigation concerns, how to work with regulators investigating a breach, and how to handle data breach litigation.

Presentation 

Eddie Bauer Complaint 

Thursday, February 21, 2019

First  Presentation:  Threat Intel, Something For Everyone

Speaker: Christian Nicholson

Abstract: : This talk will discuss some of the basic principles of threat intelligence, and touch on how you can get started with a threat intel program of your own. We will then dive into the main focus of this talk, operationalizing the data via automation and a centralized platform of your choosing. This talk will make use of some free and commercial tools, and offer up some alternative options in the commercial and open source space that allow you to achieve the same goal. We will talk about the pros and cons of a few architecture variations, and most importantly how to use this solution to maximize your return on investment into the threat intel program, and minimize the amount of analyst hours needed to gather data to reach an incident close. Half this talk will be spent on the big “So Whats”, what does it cost, and what does it get me, alongside the basic input and outputs for a typical organization. We will also touch on who is the right consumer of this information, and to what degree, before diving in to a scenario in which the intelligence is leveraged, and show the difference between having and not having it.

Bio:

christian@indelible.global via email

https://indelible.global (company website)

@GuardianCosmos on Twitter

www.linkedin.com/in/christian-nicholson (LinkedIn)


Second Presentation: Six Degrees to Domain Admin Revisited, BloodhoundAD for Offense and Defense

Speaker: Christian Nicholson

Abstract:  This talk is an expansion on the original talk given at BSidesLV 2016, We touch on the original topic of six degrees to domain admin, and then take it a step further. Many focus on the offensive uses for BloodhoundAD, but what about the defensive uses? This talk aims to answer that question, and provide a brief list of usecases that are suitable for both red teamers and pentesters, as well as blue team forensicators and incident responders. We also talk about the ups and downs of the current tools iteration, how we can overcome them, and how we can build the tool into our processes to leverage the data for automation.

Bio:

christian@indelible.global via email

https://indelible.global (company website)

@GuardianCosmos on Twitter

www.linkedin.com/in/christian-nicholson (LinkedIn)

Thursday, January 10, 2019

First  Presentation:  Relevant Risks to Fortune 1000

Speaker: Christopher Collins (formerly at the FBI), KAR Auctions

Abstract: TBD

Bio: Website

 Second Presentation: The role of cyber insurance in security and risk management

Speaker: Nick Reuhs, Partner, IceMiller

Abstract: In this session, we will survey the spectrum of cyber insurance products and outlining what events these products are (and are not) intended to cover. We will also discuss underwriting problems and how these underwriting problems are causing insurers to increasingly dictate security practices and behavior. Finally, we will discuss the future of cyber-liability insurance and how a major event could shift the markets focus or even lead to government intervention.

Thursday, November 8, 2018

First  Presentation:  Fidelis Overview

Speaker: TBD

Abstract: An overview of Fidelis

Second Presentation: Threat Intelligence Applied

Speaker: Danny Pickens, Director of Threat Research, Fidelis Cybersecurity

Abstract: Threat Intelligence Applied shows how intelligence doctrine can be used in cyber defense operations. Using a few real-world examples, attendees will see how they can incorporate a doctrinal approach to applying threat intelligence for decision advantage in defense and testing scenarios.

  • Threat Model Framework
  • Intelligence Defined
  • Intelligence Cycle and Processes
  • Threat Actor Identification
  • TTPs and COAs

Presentation 

Thursday, October 11, 2018

First Presentation: Demystifying proactive threat hunting – What is threat hunting?

Speaker: Brian Gittinger, Senior Sales Engineer, Endgame

Abstract: Threat hunting is the process of actively looking for signs of malicious activity within enterprise networks without prior knowledge of those signs. It is a proactive approach to uncovering bad actors before they can steal your data or disrupt your business. Endgame’s hunt expert Brian Gittinger will be presenting on a practitioners guide to threat hunting for analysts who want to begin hunting today. This presentation provides analysts with hands-on tips on how to start hunting for techniques across the MITRE ATT&CK matrix.

* Basics of standing up a threat hunting operation

* What skills, data + tools are useful for reaching success

* Can I do this with the staff I have? What about external consulting services?

* Advanced Hunting: Evolving the threat hunting program

Presentation

Second Presentation: IoT – Exploring the Threat Surface

Speaker: Jason Ortiz, Senior Integration Engineer, Pondurance

Abstract: The internet of things is now a household term and technologists have come to grips with the fact that there will be billions of non traditional devices connecting to the internet in the coming years. These devices will produce petabytes of data and require more and more advancements in infrastructure. The simplicity, ubiquity, availability and relatively low cost of these devices along with the unprecedented size of their network creates an enormous new threat surface. We are going to explore that threat surface with special emphasis on implementing security on the edge for these devices.

Presentation

Thursday, September 13, 2018

First  Presentation: Security Hygiene:  Putting out fires before they start

Speaker: Jim Wojno, Tanium

Abstract: In security we obsess about vulns, exploits and attacks with headline grabbing names like Petya / Nyetya, WannaCry, Eternal Blue, or Meltdown / Spectre and not enough on the fundamentals. Sexy technospeak marketing names dominate a field where dozens of companies compete to sell you the latest Silver Bullet One-Size-Fits-All miracle cure widget. This tabloid-esque fixation with style over substance creates a “Shiny Object Effect” that produces little long term value and burns precious resources better used on a Back to Basics approach. This talk will discuss the benefits of a fundamental security hygiene program both from a technology and a business perspective as well as provide attendees with practical advice on how to improve their own operations using tools you probably already own. Examples discussed will highlight how Blue Team members can become a force multiplier through a return to basics and security 101 and how a focus on the basics can pay higher dividends than the latest glitzy next-gen widget.

Second Presentation: Cosplay for RFID, Deception in plain sight

Speaker: Rich Rumble, Security Samurai

Abstract: We had a wacky idea, take the concept of an ATM skimmer, and apply it to the RFID badge readers. That simple concept, proved effective, too effective. What would the employees’ notice? Do they even know who to contact if they did get wise to the skimmer? What else could be done with physical access to the outside of a building?  Could we get users to willingly give us their data, and their badge? Yes, yes we could. How can we empower the employees to catch us?  We had a lot of fun with this, too much. We had a much harder time in educating and
preventing the success of such an attack. As with all Social-Engineering exercises, you walk a fine ethics line, I will share the dilemmas and issues that arose from these exercises.

Thursday, August 9, 2018

First  Presentation: Security Leadership Tabletop

Speaker: David Sims – CI-ISSA Board Member

Abstract: These leadership tabletop exercises are custom designed to provide excellent learning and observation opportunities. During this session we will explore:
– Storming, Norming and Performing
– Integrity models
– System Thinking

Thursday, July 12, 2018

First  Presentation: FBI Overview and Cyber Investigations

Speaker: J. Douglas Kouns “Doug” + Brett Baughman

Abstract: A brief overview of the Indianapolis Division FBI and a brief history of cybercrime and investigations from the perspective of presenters 23-year career. Segues into a more specific focus on current cyber investigations, trends, and issues. Any remaining time left for questions and discussion. The presentation will be supplemented by SA Bret Baughman a newer employee with a stronger background in IT and assigned specifically to the Cyber Investigation Squad.

Thursday, May 10, 2018

First  Presentation: Unite Data Privacy with Security to Reduce Risk & Liability

Speaker: Adam Rubenstein, Compliance Specialist, Carbon Black

Abstract: As the impending EU General Data Protection Regulation (GDPR) goes into effect in May, organizations will need to have their data privacy program in place to reduce risk. How do organizations go about measuring and managing cyber risk associated with privacy data loss and compliance regulations? This talk will address how organizations can identify and manage the risk around their customer data for privacy concerns, the controls that impact privacy and are required by a compliance program and how to develop a plan to manage risk at the control level to incur the least risk for a company.  There are 4 main ways to help you filter out the noise and simplify your GDPR process:

Understand your data
Monitor and Control Data Access
Access Data Security Controls
Data Protection Impact Assessments

Ultimately this talk is trying to answer, why, even the most sophisticated security teams, using the best technology and following some of the strictest regulatory mandates still have gaps in their security strategy around protecting personal identifiable information and the impact GDPR will have on these organizations.

Second Presentation: Ransomware: The Anatomy of Paying the Ransom

Speaker: Mike Weber, VP, Coalfire Labs

Abstract: This presentation is an overview of how to respond when a company is the victim of a ransomware attack. The talk will discuss how to deal with hackers ransoming valuable company information. Attendees will learn how hackers respond when companies choose to comply with demands or refuse to pay. Weber will also discuss how companies obtain cryptocurrency, what delays are to be expected, and if companies can expect to see their customers’ compromised data again. This talk includes description of real events encountered working with companies faced with no other option.

Thursday, April 12, 2018

First  Presentation: Advancing without a traditional security perimeter – the new reality of network security

Speaker: Todd Harcourt, Sr. Systems Engineer – Zscaler Private Access

Abstract: IT has struggled mightily the past couple of decades to ensure trusted access to business assets on the enterprise network. It’s been a mostly futile battle as criminals and insiders have learned how to leverage that trust to gain virtually unfettered access inside the network.  As the business network proliferates outside the security perimeter to encompass the internet and cloud services, it’s time to turn from trusted network access, to verified services consumption. Many IT organizations have relied on virtual private networks (VPN) and network access control (NAC) to give “trusted users” virtually unfettered access to enterprise network resources. As we’ve seen with innumerable network breaches, outside interlopers can exploit that trust factor to gain access, while insiders find cracks in defenses that allow them to tap into enterprise assets they have no rights to.  The security model of the cloud era must focus on verified identity of users, their devices, and their roles. In this manner, a verified user only gains access to the application services for which he or she has been authorized. Unless such users have been granted these rights to an application or service, they will never be able to “see it” by navigating the network – this essentially forms a “dark network” that cannot be exploited. In adopting this model, we can focus on the techniques to verify users, whether they are inside or outside the network.

Bio: LinkedIn Profile

Second Presentation: Security Awareness Training

Speaker: Tim O’Connor, Cybersecurity Liaison, Cadre Information Systems

Abstract: What is Security Awareness, is there a benefit and if so to whom? What differentiates effective Security Awareness? How is Security Awareness different for C-level employees, verses information workers and IT professionals? Time permitting: Discussion on promoting a positive SA posture in
various kinds of organizations.

Bio: LinkedIn Profile

Thursday, March 8, 2018

First  Presentation: Privilege Account Management: A Sprint Approach

Speaker: TJ Adams, District Manager, CyberArk

Abstract: The session will cover best practices for the management of privileged accounts and why managing these credentials is a critical aspect in any layered security strategy. Finally, I will offer a sprint methodology for quickly reducing the risk of privilege misuse in an environment.

Second Presentation: Looking Under the Rock: Deployment Strategies for TLS Decryption

Speaker: Chris Farrell, Sr. Information Security Architect, Navient

Abstract: Attackers can freely exfiltrate confidential information all while under the guise of ordinary web traffic. A remedy for businesses concerned about these risks is to decrypt the communication to inspect the traffic, then block it if it presents a risk to the organization. However, these solutions can be challenging to implement. Existing infrastructure, privacy and legal concerns, latency, and differing monitoring tool requirements are a few of the
obstacles facing organizations wishing to monitor encrypted traffic. TLS decryption projects can be successful with proper scope definition, an understanding of the architectural challenges presented by decryption, and the options available for overcoming those obstacles.

 

Thursday, February 8, 2018

Primary Presentation: Foundations of Cyber Threat Intelligence

Speaker: A.J. Nash, Manager, Intelligence Services, Symantec

Abstract: In today’s highly interconnected world the threats posed in cyberspace are always evolving and expanding. Cyber criminals steal and sell personal information, compromise bank accounts,and hold networks hostage for ransom on a daily basis. Nation-state actors have stolen billions of dollars in intellectual property, remaining difficult to identify and even harder to deter. Hacktivists employ botnets to conduct distributed denial of service (DDoS) attacks that cripple corporate websites. Protecting against all of these threats requires a systematic approach that makes existing defenses smarter while maturing our overall defensive posture from reactive to proactive. That’s the value of cyber threat intelligence. My talk will explain the foundations of cyber threat intelligence, including differences between data, information, and intelligence, analytic standards and tradecraft, the intelligence cycle, and how to operationalize threat intelligence to improve an organization’s cybersecurity posture. Additionally, there will be a question and answer session where I will gladly discuss how to get started in threat intelligence, how to improve an existing intelligence program, or just about anything else I can help with.