Meetings

Meetings are scheduled for the 2nd Tuesday of every month.  

***********

When

***********

(The second Tuesday of the month)

Starting at 5:30 PM PT

***********

NEW Where

***********

Building 1, training room #6

Palo Alto Networks
3000 Tannery Way
Santa Clara, CA 95054
Nearest cross street is Bowers Ave & Scott Blvd

Note you will need to sign in and agree to their NDA at the physical
security desk.

*************************
12 December 2017 Chapter Meeting
*************************

Hello chapter members and fellow information security professionals,

Welcome to National Critical Infrastructure Protection Month, at least
by presidential proclamation. The end of the fiscal year for many, with
the end of the year and the holidays adds opportunities for family and
fun – and more stress for many of us.

This month's meeting will be the first meeting at our new meeting
location – the training center at Palo Alto Networks (PAN) in Santa
Clara. Additionally, our meeting on 12 December is the final opportunity
for 2018 chapter board member nominations, with the election of 2018
board members following. Details on chapter members nominated, as well
as our technical, educational topic for the meeting is detailed below.

In the newsletter:
- New Chapter meeting location & new attendance procedures
- Chapter elections
- Chapter meeting details for 12 December
- Local InfoSec & hacker social gatherings of note
- Other upcoming events
 

***********
Chapter elections
***********
The December 12 meeting completes our chapter's election process; with
final nominations taken during chapter meeting, and then our election
occurring. The chapter election will be conducted by the election
committee, headed by the election committee chairperson Tim O'Brien.
Those that are interested in running for or nominating a chapter member
for a board position should review our chapter bylaws, and talk (or
email) with a representative of the election committee.

Currently the election committee has registered the nominations for the
election of 2018 chapter board members listed as follows. Those
candidates that submitted a blurb detailing their underground and wishes
are also included.

President
-Forrest Foster
Forrest Foster is a veteran cyber security risk and assurance
professional with nearly 28 years' experience in the technology and
telecommunications market sectors.  Forrest develops strategies to align
organizational goals to people, process, and technology systems with a
bias for action, and long history of demonstrated results.
Forrest’s career spans nearly 3 decades working with global Fortune 500
enterprises; he brings specialization in the area of IT systems risk and
compliance management for large scale distributed heterogeneous networks
and datacenters operating in a global cloud partner ecosystem.
From an extracurricular perspective, Forrest is a guest lecturer and
speaker for educational organizations and industry events including the
McCombs School of Business at UT Austin, ISC2 Congress, ISC2 Chapter
Leadership forums at RSA, and the Austin IT Symposium.  Forrest
co-founded and led the ISC2 Austin Chapter as president from 2013 to
2015, and has contributed to the CISSP education and exam tracks and
CCSP exam and standards tracks as an item writer and developer for ISC2,
and developer / contributor for the GTAG on cyber security for the IIA.
Forrest currently leads the Governance, Risk, and Compliance function
within the Product Security Group at Veritas Technologies, LLC – a
privately held company, and is an active member of International
Information Systems Security Certification Consortium (ISC2), the
Information Systems Audit and Control Association (ISACA), and Institute
of Internal Auditors (IIA), with active CISSP, CISA, and CNSS-I
certifications.  Forrest lives in Cupertino with his wife and two sons,
and enjoys spending time with family, cooking, and playing music in his
free time.

My ISC2 Silicon Valley Chapter Goals:

My goals for the ISC2 Silicon Valley chapter are to ensure the chapter
has the personnel, facilities, processes, and funding necessary to carry
the chapter forward into the next phase of its lifecycle, so that it may
optimally serve the needs of the member community to which it belongs.
Immediate post-election goals would be to guarantee the chapter has
secured a venue for the 2018 meetings, and that we have filled all open
positions on the board – as these are top risks and concerns today.
From there, we would perform bylaw and documentation reviews and a high
level risk/gap assessment so that we have a prioritized list of
actionable items to work off-of.  From there we set goals to ensure the
chapter remains operationally sound through the handoff and transition
to new leadership.

Some items that I am aware of a need for immediate attention are:

•      Meeting venue for 2018.
•      Speakers/talks/panels for 2018.
•      Fund raising / treasury enhancement events/opportunities /
sponsorships.
•      Website / portal hosting strategy (review/keep/change?).
•      Adapting to changes related to governance and administration
with ISC2 national chapter leadership in 2018.

Qualifications for candidacy:

What I bring to the chapter is the experience and knowledge of what it
takes to build an ISC2 chapter from the ground up, an established
relationship with ISC2 national and several regional chapters, and a
wealth of knowledge gained during my long career working for technology
and telecommunications companies in Silicon Valley.  My passions are
governance and administration, and my management beliefs are strongly
rooted in service-based leadership principles - where leadership focus
is on serving the needs of the community and organization being
supporting at any given time.  If elected chapter president I will
strive to serve the ISC2 Silicon Valley chapter members in alignment
with ISC2 national and global leadership, as well as our regional
partner ecosystem.

Thank you for your time and consideration.

-Forrest R. Foster

Treasurer
The current treasurer, Anna has nominated herself for re-election.

Secretary
-Peter Ngo
Peter Ngo currently leads Governance and Risk Management within
Information Security at Palo Alto Networks.  His professional
certification includes CISSP, CISM and CISA.  His professional
experiences included stints with Hewlett Packard Inc., ABB, Warner Bros,
Disney and Ernst & Young and spans across SE Asia (Vietnam, Cambodia and
Laos), and US.

Peter is an active member of ISC2 and ISACA Silicon Valley chapter since
2016, and was assistant membership chairperson for ISACA Los Angeles in
2013.  He was also an active member of ISACA Houston chapter from 2013-2016.

-Aloke Bhandia
(not submitted by press time)

-Joe Park
Fellows,
I am Joe Park.  I am running for a secretary of ISC2 of Silicon Valley
Chapter for the 2018.  I am running my cybersecurity company that
programs endpoint encryption software.  I have been a member since July
2017.  Over several months of participations, I have realized that
greater challenges of our chapter face are two things: revenues and
industry involvement including guest speakers.
If I am elected I would like to solve these two problems.

Here is what I will do:
-Reach out to venture capital/startup community and sets up
relationships in exchange of our views/advices on cybersecurity
companies they evaluate/fund.
-We invite them to our meetings to offer our advices, relationships and
as potential customers.  In return, they will pay small contributions
and dinners for our members. They would love to do this!
-The goal is to solve the said problems and have our chapter known to
other professional communities.  And I will do this if I am elected as a
secretary.

I know several of VCs and they have a skill gap in evaluation what's the
right companies/investments for them.  We can help and grow ourselves as
being the real premium ISC2 chapter.

Communications
-Lan Jenson
Lan has been an active chapter member and volunteer for several years.
Lan volunteered at conference booths and introduced two of the speakers
to the chapter last year. As a chapter delegate, Lan attended ISC2’s
Security Congress 2017, where she spoke with chapter leaders and ISC2
leadership and built productive connections with them.

Lan has experience building social media presence from scratch. For
example, Lan’s twitter received Cisco’s Chief Security and Trust Officer
John Stewart’s appreciation, and LinkedIn account received San Jose
CIO’s appreciation.

As the CEO of Adaptable Security (Ada for short), Lan is committed to
spreading cybersecurity to government agencies, nonprofits and small and
medium-sized businesses, as well as consumers through neighbor-speak.
In the Communications role on the Chapter Board, Lan is committed to
implementing the Board’s directives timely and contributing her
communications, social media and project management skills for the best
outcome.


Membership chairperson
-Wen -Pai Lu
(not submitted by press time)

-Aloke Bhandia
(not submitted by press time)

If there are omissions, corrections, or you wish to nominate someone –
or even yourself – please email the election committee chairperson at
president at isc2-siliconvalley-chapter.org before December 11, 2017.
All chapter members are eligible for nomination and to vote, as long as
they are in good standing with the chapter and (ISC)2. Further details
on the election process, responsibilities for each board member, as well
as the election committee can be found in our chapter bylaws:
http://www.isc2-siliconvalley-chapter.org/Silicon_Valley_Chapter_Bylaws.pdf

***********
Chapter meeting
***********

This month we have Matthew Brazil to provide an overview of things to
know about doing business in China, how Xi Jinping's ascent has changed
business conditions for foreign companies, and how to mitigate rising
business risk there.

Title:
ROI, China: Opportunity and Risk in the Era of Xi Jinping.

Abstract:
As China’s relations with the U.S., Japan, and other trading partners
come under increasing political pressure, the risk for American firms in
China is on the rise. Americans there feel “less welcomed,” according to
the 2016 U.S. – China Business Council’s authoritative annual survey.
Moreover, foreign investment appears to be cooling off as the Chinese
economy permanently shifts away from double-digit growth.
Meanwhile, stricter regulations and a seemingly desperate anti-spy
campaign by Chinese security agencies may have led to detentions of
foreigners, including the recent beating by PRC State Security agents of
an American diplomat.
Nonetheless, China remains a compelling international business priority.
Though there is clearly heightened risk in China for American and other
foreign business people, there are also clear steps that firms can take
to mitigate risk on the ground and better understand official Chinese
and American cyber collection priorities.

Presenter:  Matthew Brazil, Ph.D.; Madeira Security Consulting

Matthew Brazil, Ph.D. is a non-resident Fellow at The Jamestown
Foundation. He worked in Asia for over 20 years as an Army officer,
American diplomat, and corporate security manager. Matt runs Madeira
Security Consulting, in San Jose, California, specializing in advice to
Silicon Valley companies doing business in China. With Peter Mattis, he
is the co-author of a work on Chinese intelligence operations to be
published in 2018-19 by The Naval Institute Press.
 

Previous Meetings

*************************
14 November 2017 Chapter Meeting
*************************

Hello chapter members and fellow information security professionals,

Welcome to NoSHAVEmber (AKA NoShaveNovember, or Movember) – though the better 
half in our life would prefer that we males do not participate in such 
shenanigans. It is also adopt a turkey month – but that is more in
line with the holidays rather than the coworker that came to mind.
This is another important month for the chapter. At our chapter meeting 
on 14 November we will continue nominations for 2018 chapter officers; as well 
as have another intriguing topic for your enjoyment.

In the newsletter:
- Results of Special Board meeting
- Chapter elections
- Chapter meeting details for 14 November
- Silicon Valley ISACA announces their Fall 2017 Conference
- Local InfoSec & hacker social gatherings of note
- Other upcoming events

***********
Results of Special Board meeting
***********
Due to the resignation of our Membership chair, we conducted a special meeting 
of the board to elect a replacement after our October chapter meeting. In this 
meeting, the board voted to accept the nomination of Forrest Foster. Forrest 
will be fulfilling the Membership chairperson role for the completion of 2017. 
With his background and experience as a member of (ISC)2 (including founding 
president for the Austin (ISC)2 chapter); Forrest should be a great addition 
to the board and to our chapter.

Thank you Forrest for your assistance, and to the Board for their time and 
assistance in working a resolution.

Additionally, our the board discussed the resignation of Tim Tiegarden as the 
election committee chairperson due to work obligations in early December; 
preventing him from facilitating the chapter elections. The board concurred 
with the President's suggestion: since the current president (Tim O'Brien) is 
terming out and not running for a different position on the board, it would 
be appropriate (and inline with our bylaws) for Tim O'Brien to chair the 
election committee. Thanks to Tim O'Brien for his assistance in the election 
process, and facilitating the chapter's path into 2018.

***********
Chapter elections
***********
Here is your opportunity: Reluctant to attend meetings for some reason? Would 
like to see the chapter be better? Are you in good standing with (ISC)2 and 
the chapter; and have an (ISC)2 certification? Your chance to help influence 
the chapter is by participating in the election – and by running for one of 
our board positions.

The November meeting continues our chapter's election process; with nominations 
taken during chapter meeting, and our election occurring the December chapter 
annual meeting. The chapter election will be conducted by the election 
committee, headed by the election committee chairperson Tim O'Brien, assisted 
by committee members Lan Jenson and Joe Park.
Those that are interested in running for or nominating a chapter member for 
a board position should review our chapter bylaws, and talk (or email) with a 
representative of the election committee.

All chapter members are eligible for nomination and to vote, as long as they 
are in good standing with the chapter and (ISC)2. Further details on the 
election process, responsibilities for each board member, as well
as the election committee can be found in our chapter bylaws:
http://www.isc2-siliconvalley-chapter.org/Silicon_Valley_Chapter_Bylaws.pdf

All positions on the chapter board are up for nominations. There are board 
members that are looking to move on (or have termed out), providing an 
opportunity for chapter members (you, the reader) to focus on areas and 
efforts of the chapter they feel need improvement. Everyone of the board 
positions are key for the success of the chapter – and you the chapter member 
getting worthwhile leadership and local chapter experience. The board strongly 
urges you to step up and participate – step up and help lead your fellow 
information security professionals into 2018.

Currently the election committee has registered the nominations for the 
election of 2018 chapter board members as:
President
Forrest Foster
Treasurer
The current treasurer, Anna has nominated herself for re-election.
Secretary
Peter Ngo
Communications
Bill Casti
Membership chairperson
Wen -Pai Lu
If there are omissions, corrections, or you wish to nominate someone –
or even yourself – please email the election committee chairperson at
president at isc2-siliconvalley-chapter.org before November 20, 2017.

***********
Chapter meeting
***********

This month we have Bam Azizi to discuss the Zero Trust model and how 
authentication is a key piece to this model.

Title:
Future of authentication with Zero Trust model

Abstract:
Despite the massive investments poured into cybersecurity, data breaches keep 
happening. 15% of companies globally stated that sensitive data was probably 
breached in 2016, and that’s probably an underestimate. There are many causes 
for the surge in data breaches, but many common cybersecurity problems come 
down to this: The old paradigm of cybersecurity— focused on protecting the 
perimeter of a network — just doesn’t work well in a modern computing 
environment. We need a new framework, the Zero Trust model. While older forms 
of cybersecurity rest upon the old adage “trust but verify,” the Zero Trust 
model can be better defined as “never trust and always verify.” Forrester 
Research first coined the term “Zero Trust.” The basic idea behind the paradigm 
is that no one should be automatically trusted with sensitive data, end users 
included. Therefore, the default should be to provide users with access that is 
as limited as possible. Internal activity needs to be monitored carefully and 
users must authenticate themselves multiple times when necessary.
Zero Trust acknowledges the reality of today’s networking environment. The 
uncomfortable truth is that many data breaches are caused by internal users’ 
actions, whether accidental or deliberate. Verizon’s 2016 Data Breach 
Investigations Report found that 30% of all users will open phishing emails, 
with 12% clicking on malicious attachments. Only 3% of targets will report the 
phishing incident to upper management.
The Zero Trust model is recommended by a report issued by the U.S. House of 
Representatives Committee on Oversight and Government Reform. By implementing 
a Zero Trust network, organizations can accommodate new technology trends such 
as BYOD and the cloud without providing open access to sensitive data.
To improve your cyber safety and begin the process of implementing Zero Trust, 
start by taking these three steps:
Rethink your reliance on passwords and two-factor authentication. As long as 
passwords remain your primary method of authentication, you are reliant on 
users to secure company data—a dubious proposition. Consider no password 
authenticators that doesn’t rely on manual entry of credentials.
Next, implement continuous authentication. This is the only method to ensure 
that the end user really is the same person who has access to corporate data 
and remains so throughout a user session. Although some methods of continuous 
authentication can be ineffective or onerous for users, NoPassword leverages 
AI technology to provide continuous and adaptive authentication of users.
In conjunction with continuous authentication, adopt best practices for user 
provisioning. Robust user provisioning practices will ensure that the only 
users who receive access to sensitive data are those who must receive access.

Presenter:  Bam Azizi, Co-Founder & CTO, NoPassword 
Bam Azizi is the CTO and co-founder of NoPassword. Prior to joining NoPassword, 
he was working on his PhD at Technical University of Munich, and Johns Hopkins 
University. In several research projects, he has
gained experience running research and development labs with over 30 
researchers, scientists, and software developers.

Bam has more than ten years of experience in designing and building complex 
software driven products. As a computer scientist with a deep knowledge and 
experience in cyber security, cryptography, and machine learning, Bam 
designed the architecture and backbone of a complex software driven system 
that provides a highly available modern authentication service to enterprises 
- NoPassword.

Bam worked closely with his development team, partners and customers to build 
the next generation of Identity and Access Management solution. Bam and his 
team continue to work on the biggest challenge in cyber security industry 
which is replacing traditional password-based authentication. NoPassword, 
replaces passwords with human factors like biometrics, which prevents 85% of 
today’s cyber-attacks.
***********
Thanks to our chapter meeting sponsor
***********
Unfortunately, we do not have a sponsor for this month's chapter meeting. If 
you know an organization or employer that would be interested and willing to 
sponsor, have them reach out to the chapter treasurer.

***********
Silicon Valley ISACA announces their Fall 2017 Conference
***********
Silicon Valley ISACA announces their Fall 2017 Conference, November 2 & 3, 
2017 at the Biltmore Hotel, 2151 Laurelwood Rd, Santa Clara,CA 

The Silicon Valley ISACA Fall conference will focus on internal audit's 
critical role in cybersecurity. The threat from cyberattacks is significant, 
increasing, and continuously evolving. Internal audit can play an ongoing 
role in reviewing security measures and controls to better understand and 
assess the organization's ability to manage relevant risks, and to identify 
opportunities to strengthen overall security and incident recovery 
capabilities. Internal audit has a duty to inform the audit committee and 
board responsible for mitigating legal and financial liabilities that 
enterprise cybersecurity and privacy controls are adequate and functioning 
correctly. Topics covered will include Developing a cyber security strategy 
and policy Identify, assess and mitigate cyber security risk to an 
acceptable level Cybersecurity auditing  Collaboration between security 
and internal audit Recognize external, internal and business partner threats 
Align organization's cyber security program to Cybersecurity Framework

Please join us in making this meeting of minds a success!
Register to attend.  Sponsors are welcome.
Please visit the website to learn more! 
Sponsorship package is off the conference page 
http://www.isaca.org/chapters8/silicon-valley/Pages/default.aspx
https://isacasv.wixsite.com/2017fallconference


***********
Local InfoSec & hacker social gatherings of note
***********
@Si1isec and www.si1isec.org
First Thursday, 7 PM at The Firehouse brewpub, Sunnyvale

Baysec - https://www.baysec.net/
Third Tuesday, Patriot House in SF

HoodSec - @hoodsec and www.hoodsec.org
last Thursday of every month at Radio Bar, Oakland

***********
Other upcoming events of note
***********
SANS SFO Winter 11/27-12/2
Hushcon West, Dec 8 – 9, 2017, Seattle, WA, USA
SANS Cyber Defense Initiative 2017, Dec 12 – 19, 2017, Washington, DC US

*************************
10 October 2017 Chapter Meeting
*************************

Hello chapter members and fellow information security professionals,

Welcome to October – and Cyber Security Awareness Month, the annual

campaign to raise awareness about the importance of cybersecurity. Would

love to hear what events and initiatives you are implementing in your

organizations, and how the efforts are being received.

This is a busy month for the chapter. Our chapter delegation just returned

from the (ISC)2 Security Congress in Austin, where we were one of the

larger contingents from a west coast chapter. We have a booth at

SecureWorld Bay Area on Thursday, 5 October as well as our chapter meeting

on 10 October where we kick off nominations for 2018 chapter officers as

well as another intriguing topic.

In the newsletter:

- Results of Special Board meeting

- Events of note: SecureWorld Bay Area on 5 October

- Chapter booth at SecureWorld Bay Area

- Chapter elections

- Chapter meeting details

- SAP National Cybersecurity awareness month events

- Local InfoSec & hacker social gatherings of note

- Other upcoming events

***********

Results of Special Board meeting

***********

Due to the resignation of our Membership chair, we conducted a special

meeting of the board to elect a replacement on 12 September 2018, directly

after our September chapter meeting. Unfortunately, the candidates that

volunteered or were nominated all withdrew. Unless a chapter member is

nominated (and voted on by the board), we will not a have a Membership

chair for the rest of 2017 and those duties/responsibilities will not be

covered.

***********

Upcoming events of note: Bay Area SecureWorld Conference, October 5 -

Santa Clara Convention Center

***********

The organizers of Bay Area SecureWorld Conference have offered discount

codes for their conference on October 5 at the Santa Clara Convention

Center. For further details, and the discount codes check out the special

invite page they established for chapter members: https://goo.gl/KE5Mxx

***********

Chapter booth at Bay Area SecureWorld Conference, October 5

***********

With our invite to Bay Area SecureWorld Conference, the organizers have

offered a booth for the chapter at the event. Our communications

chairperson Amir is organizing this effort, looking for at least six

individuals to man the booth through the day. The conference fees would be

waived, with the expectation for those chapter members who volunteered to

help promote our chapter to attendees, taking part in the conference after

their booth duty is complete.

If you are interested in volunteering, contact the chapter communications

chairperson (Amir): communications (at) isc2-siliconvalley-chapter.org

***********

Chapter elections

***********

Here is your opportunity: Reluctant to attend meetings for some reason?

Would like to see the chapter be better? Are you in good standing with

(ISC)2 and the chapter; and have an (ISC)2 certification? Your chance to

help influence the chapter is by participating in the election – and by

running for one of our board positions.

The October meeting starts the chapter's election cycle; with nominations

taken during the October & November chapter meetings, and elections

occurring in the December chapter annual meeting. The chapter election

will be conducted by the election committee, headed by the election

committee chairperson Tim Tegarden, assisted by committee members Lan

Jenson and Joe Park. Those that are interested in running for or

nominating a chapter member for a board position should review our chapter

bylaws, and talk with the election committee.

All voting and board members must be in good standing with the chapter and

(ISC)2. Further details on the election process, responsibilities for each

board member as well as the election committee can be found in our chapter

bylaws:

http://www.isc2-siliconvalley-chapter.org/Silicon_Valley_Chapter_Bylaws.pdf

There are chapter board members that are looking to move on, providing an

opportunity for chapter members (you, the reader) to focus on areas and

efforts of the chapter they feel need improvement. Currently the board has

two open roles to be decided for 2018:

President (due to term limits established in the chapter bylaws)

Membership chairperson

Though these two roles are open for 2018, all board positions can receive

nominations – these are two roles that must be filled for the upcoming

year. Every one of the board positions are key for the success of the

chapter – and you the chapter member getting worthwhile leadership and

local chapter experience. The board strongly urges you to step up and

participate – step up and help lead your fellow information security

professionals into 2018.

***********

Chapter meeting

***********

This month we have our friends from Venafil to discuss machine identities

is useful in security monitoring.

Abstract:

There are two kinds of actors on every network—people and machines—and

both need to be secured. People rely on user names and passwords, but

machines don’t. They use keys and certificates for machine-to-machine

communication and authentication. We spend billions each year securing

user names and passwords, but almost nothing on protecting keys and

certificates.  Cyber criminals take advantage of this. They use

unprotected keys and certificates to eavesdrop on private communications,

make phishing sites or malicious code look valid, and hide their nefarious

activity in encrypted traffic—getting malware in and sensitive data out.

In this session, we’ll discuss the different types of machines identities

and where they proliferate in your network. You’ll see the role and

lifecycle of machine identities, and where we’re falling short in

protecting them.  We’ll then look at where there are current risks as well

as where new risks are emerging. We’ll conclude with steps you can take

immediately to get these risks under control.

5 bullet points that describe what the attendee will learn from your session:

- They’ll understand what comprises machine identities and how these

relate to human identities in the digital world

- They’ll know current risks that leverage unprotected machine identities,

and real-world examples of business impacts

- They’ll recognize where most organizations are falling short in

protecting machine identities

- They’ll get a roadmap on how to gain control of machine identities,

detailing a 4-level process

- They’ll be able to create a customized roadmap that considers the

emerging risks to machine identities

Presenter: Ted Heiman, Account Executive with Venafil

Ted Heiman has over 25 years of experience in the field of cyber security.

His career includes significant experience in secure networking and

access control, as well as data protection and applied cryptography.  Best

known for his role in the deployment of the Common Access Card (CAC) for

the Department of Defense, Ted received a letter of recommendation for his

role in the Gracie award-winning project. Ted also played a critical role

in the deployment of the first online banking solution ever deployed in

the US with Sumitomo Bank of California as well as successful deployment

of the first ever supermarket banking project with Wells Fargo Bank and

Safeway Supermarkets.

***********

Itinerary

***********

5:30 PM PT - Nosh and networking

6 PM PT - Chapter business and announcements

with presentation(s) following

Chapter board sync up afterwards

***********

Thanks to our chapter meeting sponsor

***********

Thank you to Venafil for committing to the Custom participation level for

the chapter. Venafil provides key management & certificate management

solutions for the enterprise and their computing environments. For more

information, check out their web site: https://www.venafi.com/about-us

***********

SAP National Cyber Security awareness month events

***********

In Oct 2017, SAP is inviting security practitioners to join half day

events at multiple bay area locations to celebrate National Cybersecurity

awareness month 2017. All events are free to attend. Register and be a

part of NCSAM initiative by registering at the following URL:

http://events.sap.com/us/2017-cyber-security-month/en/home

***********

Local InfoSec & hacker social gatherings of note

***********

@Si1isec and Si1isec.org

First Thursday, 7 PM at The Firehouse brewpub, Sunnyvale

Baysec - https://www.baysec.net/

Third Tuesday, Patriot House in SF

HoodSec - @hoodsec and hoodsec.org

last Thursday of every month at Radio Bar, Oakland

Pacificon swap meet - http://www.pacificon.org/

Sunday, Oct. 22, 2017, 6:00 AM to 12:00 Noon

San Ramon Marriott Hotel back parking lot

***********

Other upcoming events of note

***********

SecureWorld Bay Area 10/5

PuppetConf San Fran 10/10-12

SANS PHX 10/9-14

SANS DecOps Summit DEN 10/10-17

GrrCON Grand Rapids 10/26-27

O'Reilley Security Conference NY 10/29-11/1

SANS San Diego 10/30-11/4

Community SANS Redwood City (Informatica) SEC573 10/12-17

SANS SFO Winter 11/27-12/2

Hushcon West, Dec 8 – 9, 2017, Seattle, WA, USA

SANS Cyber Defense Initiative 2017, Dec 12 – 19, 2017, Washington, DC US

Previous Meetings

*************************
12 September 2017 Chapter Meeting
*************************

Hello chapter members and fellow information security professionals,

Welcome to September – where the children are back into school, the summer vacations have worn off. Of note, September is National Preparedness Month [https://en.wikipedia.org/wiki/National_Preparedness_Month] – how have you and your family – as well as your organization – prepared for physical disasters? Is your BC/DR plan up to date, and have you practiced it recently?

Hopefully you have your preparations taken care for your Cyber Security Awareness Month activities within your organization in October. If not, why not?

In the newsletter:

- Chapter elections

- Chapter meeting details

- Events of note: SecureWorld Bay Area

- Chapter booth at SecureWorld Bay Area

- (ISC)² Chapter Leadership Meeting (CLM) Delegates

***********
Chapter elections 
***********

Here is your opportunity: Reluctant to attend meetings for some reason? Would like to see the chapter be better? Are you in good standing with (ISC)2 and the chapter; and have an (ISC)2 certification? Your chance to help influence the chapter is by participating in the election – and by running for one of our board positions.

The October meeting starts the chapter's election cycle; with nominations taken during the October & November chapter meetings, and elections occurring in the December chapter annual meeting. The chapter election will be conducted by the election committee, headed by the election committee chairperson Tim Tegarden, assisted by committee members Lan Jenson and Joe Park. Those that are interested in running for or nominating a chapter member for a board position should review our chapter bylaws, and talk with the election committee.

All voting and board members must be in good standing with the chapter and (ISC)2. Further details on the election process, responsibilities for each board member as well as the election committee can be found in our chapter bylaws:
http://www.isc2-siliconvalley-chapter.org/Silicon_Valley_Chapter_Bylaws.pdf

There are chapter board members that are looking to move on, providing an opportunity for chapter members (you, the reader) to focus on areas and efforts of the chapter they feel need improvement. Currently the board has two open roles to be decided for 2018:

  • President (due to term limits established in the chapter bylaws)
  • Membership chairperson

Though these two roles are open for 2018, all board positions can receive nominations – these are two roles that must be filled for the upcoming year. Every one of the board positions are key for the success of the chapter – and you the chapter member getting a worthwhile local chapter experience. The board strongly urges you to step up and participate – step up and help lead your fellow information security professionals into 2018.

***********
Chapter meeting 
***********
This month we have our friends from JASK to discuss how Machine Learning is useful in security monitoring.

Presentation: Behavioral Intrusion Detection at Scale: Case Studies in Machine Learning

Abstract: 

Intrusion detection at scale is one of the most challenging problems a modern enterprise will face while maintaining a global IT infrastructure. Building defensive systems that help automate some of the pain points, in this space, has been a goal since the early days of enterprise security. From an artificial intelligence standpoint, the problem of designing a model to predict adversarial behavior is part of a class of problems that is impossible to automate completely. At the core of the problem lies an underlying no-go principle: threat actors change tactics to evolve with the technological threat surface. This means that to build pattern recognition systems, for cyber defense, we have to design a solution that is capable of learning behaviors of the attackers and to programmatically evolve that learning over time.

In our presentation we outline a solution to this problem using an elastic architecture to scale to the largest corporate datasets. We will deep dive on how we have used elastic architectures and machine learning to build models for detecting 0-day attacks as well as compromised perimeter assets. The first use case is important for current trends because we have seen the delivery of both ransomware and banking Trojans, targeting fortune 500 customers using exploit kits that easily get past IDS. The second use case we highlight is the detection of attacks against the DMZ using a meta graph modeling approach. This is important for the finding more stealthily and advanced actors that engage in long term attack campaigns. We will describe the way we have approached the mitigation of these two types of attacks, along with sharing some related open source data sets that capture these behaviors: https://github.com/jasklabs/blackhat2017

Presenter: Joseph Zadeh, Director of Data Science at JASK

Joseph Zadeh is the Director of Data Science at JASK. Zadeh has an M.S. in Mathematics, Computational Finance and a PhD in Mathematics from Purdue University. Zadeh comes to JASK as one of the foremost experts on AI and security operations. Prior to JASK, he served as Senior Data Scientist at Splunk through the aquisition of Caspida, where he developed behavior-based analytics for intrusion detection. He applied his mathematics background to artificial intelligence and cybersecurity, delivering presentations, such as Multi-Contextual Threat Detection via Machine Learning at Bsides Las Vegas, Defcon, Blackhat and RSA. Previously, Zadeh was part of the data science consulting team on Cyber Security analytics at Greenplum/Pivotal, as well as part of Kaiser Permanente’s first Cyber Security R&D team.

***********

Thanks to our chapter meeting sponsor

***********

Thank you to JASK for committing to the Custom participation level for the chapter. JASK is a startup in San Francisco producing the first AI powered security operations platform. For more information, check out their web site: https://jask.ai

***********

Upcoming events of note: Bay Area SecureWorld Conference, October 5 - Santa Clara Convention Center

***********

The organizers of Bay Area SecureWorld Conference have offered discount codes for their conference on October 5 at the Santa Clara Convention Center. For further details, and the discount codes check out the special invite page they established for chapter members: https://goo.gl/KE5Mxx

***********

Chapter booth at Bay Area SecureWorld Conference, October 5

***********

With our invite to Bay Area SecureWorld Conference, the organizers have offered a booth for the chapter at the event. Our communications chairperson Amir is organizing this effort, looking for at least six individuals to man the booth through the day. The conference fees would be waived, with the expectation for those chapter members who volunteered to help promote our chapter to attendees, taking part in the conference after their booth duty is complete.

If you are interested in volunteering, contact the chapter communications chairperson (Amir): communications (at) isc2-siliconvalley-chapter.org

***********

Chapter delegates to (ISC)² Chapter Leadership Meeting (CLM)

***********

Joining our chapter president Tim O'Brien at the (ISC)² Chapter Leadership Meeting (CLM) in Austin, Texas will be delegates Lan Jenson and Rene Kolga. Thank you Lan and Rene for steeping up to represent your chapter. If you have issues or concerns at the national or international level that need attention during this gathering, please reach out to one of these individuals. 

*************************
08 August 2017 Chapter Meeting
*************************

Welcome to August – the local farmer's markets are overflowing with 
bounty, and with it being Happiness Happens Month as well as National 
Win with Civility Month. Two areas we could use a reminder of as of 
late; considering the battlefield many of us have to work in daily. 
And, do not forget your system administrators on 28 July for SysAdmin 
day: http://sysadminday.com/ and 
https://en.wikipedia.org/wiki/System_Administrator_Appreciation_Day 
Hopefully we all return from Vegas and “hacker summer camp” safe and 
sound, as well as rejuvenated for the next year by what we have learned, 
and quality time with friends old & new. 

*********** 
Abstract
*********** 
This month we have our friends from FireEye to discuss how we can 
improve our tabletop exercises and use case scenarios. 

Presentation: Cyber Security Use Case Workshop 
Abstract: 
Detection and prevention is critical, however the job doesn’t stop 
there. Attack preparedness is key! During this workshop, Bruce will link 
use-case scenarios with the anatomy of a targeted attack to demonstrate 
the gaps often overlooked, ultimately saving your team valuable time and 
resources. Additionally, he will dive into real-world examples of cyber 
threat intelligence and how to apply it to all stages of attack 
preparedness. 

Presenter: Bruce Heard 
Manager, Security Consulting Services 
MANDIANT ROLE 
Provide engagement leadership on a variety of security consulting 
service offerings to our clients, including Security Program Assessments 
and Response Readiness Assessments. 
PROFESSIONAL EXPERIENCE 
Prior to joining Mandiant, Mr. Heard had multiple roles with IBM and 
Accenture working as a Global Security Architect, Cyber Security 
Solutions Services Sales Black Belt, Security Manager, and Senior 
Managing Security Consultant. The past five years, he has spent 
developing multi-vendor cyber security solutions for clients involving 
one or more cyber security domains and multi-vendor products, working 
with cross-delivery teams to develop comprehensive client cyber security 
solutions. In addition, he has provided cyber security consulting 
services to clients including SOC, SIEM system architecture, design, 
implementation, and system integration and troubleshooting to ensure 
successful solution delivery. He has supported all phases of building a 
Security Operations Center (SOC) and Security Information and Event 
Management (SIEM) strategy, design, implementation, consulting 
engagements, and governance processes. He has also worked for both 
Electronic Data Systems (EDS) and Hewlett-Packard (HP), providing 
network security architectural design, engineering and implementation 
services for integrated SIEM and SOC security solutions for the 
enterprise and operational business lines based on strategic business 
goals.

*********** 
Itinerary 
*********** 
5:30 PM PT - Nosh and networking 
6 PM PT - Chapter business and announcements 
with presentation(s) following 
Chapter board synch up afterwards

*********** 
Thanks to our chapter meeting sponsor 
*********** 
Thank you to FireEye for committing to the Supporting (Level 1) 
participation level for the chapter. FireEye is an enterprise 
cybersecurity company[1] that provides products and services to protect 
against advanced cyber threats, such as advanced persistent threats and 
spear phishing. For more information, check out their web site: 
http://www.FireEye.com 

*********** 
LinkedIn presence 
*********** 
Some chapter members asked if the chapter can have a LinkedIn presence. 
The board has similar privacy concerns to many board members about using 
the web site; more so now that Microsoft owns the site and with the 
latest privacy policy changes. Though, for those of you that would like 
to help promote the chapter and partake of communications with fellow 
chapter members we have a Group set up for chapter members. 
Additionally, for those who have had leadership roles in the chapter we 
set up a profile so that when adding your leadership experience it can 
be linked back to the chapter. 

LinkedIn page: https://www.linkedin.com/company-beta/17986642 
LinkedIn Group: https://www.linkedin.com/groups/13517368 
If you have any questions, please reach out to the communications 
chairperson or chapter president. 

*********** 
Upcoming events of note 
*********** 
(ISC)² Chapter Leadership Meeting (CLM) 
The (ISC)² Chapter Leadership Meeting (CLM) in Austin, Texas during the 
seventh annual (ISC)² Security Congress on Saturday, September 23 from 
1pm-5pm. It’s a great opportunity to meet face-to-face with (ISC)² 
chapter leaders and (ISC)² staff to share ideas, experiences and 
resources while building relationships during the meeting and throughout 
the week! 
With every CLM, (ISC)² provides company and chapter program updates, and 
offers you the opportunity to present to other leaders about on your 
chapter’s accomplishments and even challenges. The meeting is designed 
to give you the opportunity to share and learn from others. 

The tentative meeting agenda for this meeting includes: 
Welcome & Overview 
Roundtable Introductions 
(ISC)² Announcement and Updates 
Chapter Presentations 
Open Discussion 
Chapter officers and/or delegates (appointed chapter members) are 
invited to attend, and will earn CPEs for participating. If you would 
like to join the Board members that will be attending, please reach out 
to a Board member to become a delegate. 

We look forward to seeing you at the meeting.

*************************
11 July 2017 Chapter Meeting
*************************

Hello chapter members,

Welcome to July, and National Cell Phone Courtesy Month. Hope you all

have your travel plans taken care of for “hacker summer camp” and Vegas

at the end of the month – the lineup for talks at Black Hat, DEFCON,

BSidesVegas, and Tiaracon are looking interesting and thought provoking

as they tend to do.

***********

Chapter meeting

***********

This month we have a special treat from AppSec Consulting – a panel

conversation with some special guests, as well as a presentation.

Presentation 1 – European Data Privacy Laws; the Crossroads of Security

and Privacy

Abstract:  Do you sometimes feel overwhelmed by the scope of information

security and wondered if it’s even possible to be responsible for more

things? Well friends, the answer is yes it’s possible, because European

Privacy requirements are getting some BIG updates. The changes bring

some good news, bad news, and plenty of gray areas to get lost in. So

grab some Tums and come on out to this month’s ISC2 meeting where Ryan

Hogan from AppSec Consulting will try to break it down for you.  If

nothing else you can share the information to line up a bunch of “I told

you so’s”, or maybe get real lucky and leverage it to get a budget for

the things that you need to do to get ready for EU Privacy requirements.

Presenter: Ryan Hogan, Director of Strategic Advisory Services, AppSec

Consulting.

Presentation 2 – Panel Discussion – Service Organization Controls (SOC)

and why InfoSec Should Care

Abstract: The AICPA recently introduced a new audit standard (SSAE18)

for SOC Reports. These improvements were implemented to strengthen

reporting on service providers and subservices (for outsourced

providers), require data validation of external reporting to ensure

independent analysis of content, and to require a detailed risk

assessment for the service organization. The panel will also discuss the

value of SOC 2 reports from the perspective of auditors, information

security professionals and service organizations. We invite you to bring

that laundry list of questions you have about SOC reports.

Moderator:     Brian Bertacini, CEO, AppSec Consulting

Panelists:     

Doug Barbin, Principal, Shellman LLP

Ryan Hogan, Director of Strategic Advisory Services, AppSec Consulting

Nathaniel S. Hartman, Corporate Risk Assurance / Internal Audit,

Symantec Corporation

Alexander Anoufriev, Chief Information Security Officer, Thousand Eyes

***********

Itinerary

***********

5:30 PM PT - Nosh and networking

6 PM PT - Chapter business and announcements

with presentation(s) following

Chapter board synch up afterwards

***********

Thanks to our chapter meeting sponsor

***********

Thank you to AppSec Consulting for committing to the Supporting (Level

1) participation level for the chapter. AppSec Consulting provides

world-class web application security services, penetration testing, PCI

compliance services, and web application security training. For more

information, check out their web site: https://www.appsecconsulting.com/

*************************
13 June 2017 Chapter Meeting
*************************

Hello chapter members,

June – the start of summer, Ramadan, hurricane season, and graduations. I

hope you are progressing in your summer travel and for your security

conference plans. This month's meeting has a really interesting technical

topic that ties to the topic of the last few meetings.

***********

Chapter meeting

***********

This month we welcome Katie Murphy, Security Operations Engineer at Credit

Karma who will be talking about using DMARC, SPF, and DKIM to protecting

your companies reputation and email.

Abstract: Spoof-Proof with DMARC

Bring your mail security into 2017 and protect your brand with DMARC.

Review how the foundational technologies SPF and DKIM work, why DMARC is

necessary, and how it's part of a balanced breakfast to stop business

email compromise. Discover shadow IT, create custom threat intel feeds

from would-be spoofers, and gain control over how mail from your domain is

handled. Bonus content on the bleeding-edge ARC available for audiences

that move quickly.

***********

Thanks to our chapter meeting sponsor

***********

Unfortunately, we do not have a sponsor for this month's chapter meeting.

If your employer would be willing to sponsor, have them reach out.

***********

LinkedIn presence

***********

Some chapter members asked if the chapter can have a LinkedIn presence.

The board has similar privacy concerns to many board members about using

the web site; more so now that Microsoft owns the site and with the latest

privacy policy changes. Though, for those of you that would like to help

promote the chapter and partake of communications with fellow chapter

members we have a Group set up for chapter members. Additionally, for

those who have had leadership roles in the chapter we set up a profile so

that when adding your leadership experience it can be linked back to the

chapter.

LinkedIn page:  https://www.linkedin.com/company-beta/17986642

LinkedIn Group: https://www.linkedin.com/groups/13517368

If you have any questions, please reach out to the communications

chairperson or chapter president.

Previous Meetings

*************************
9 May 2017 Chapter Meeting
*************************

Hello chapter members,

May the forth be with you, fellow chapter members. This month's meeting
has a distinguished member of the community lined up.

This month we welcome Dr. Paul Vixie, the Chairman, CEO and cofounder of
award-winning Farsight Security who will be talking about using DNS as a
defense vector.

Abstract: DNS As a Defense Vector

DNS enables everything else on the Internet -- both good and bad. By
watching what bad guys do with their DNS configurations and offering
them differentiated (that is to say, poor) service, defenders can
re-level the playing field in our favor. In this presentation, Internet
pioneer Dr. Paul Vixie, CEO of Farsight Security, will explain what
DNSSEC and TSIG (Secure DNS and Transaction Signatures) are and why you
might want them, explain what RRL and RPZ (Response Rate Limiting and
Response Policy Zones) do and why you absolutely do want them, and the
importance of passive DNS monitoring and how it can significantly
advance cyberinvestigations by hunt teams and other security professionals.

Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman,
CEO and cofounder of award-winning Farsight Security, Inc. He was
inducted into the Internet Hall of Fame in 2014 for his work related to
DNS.  Dr. Vixie is a prolific author of open source Internet software
including BIND, and of many Internet standards documents concerning DNS
and DNSSEC. In addition, he founded the first anti-spam company (MAPS,
1996), the first non-profit Internet infrastructure software company
(ISC, 1994), and the first neutral and commercial Internet exchange
(PAIX, 1991). He earned his Ph.D. from Keio University for work related
to DNS and DNSSEC in 2010.
***********
Thanks to our chapter meeting sponsor
***********
Unfortunately, we do not have a sponsor for this month's chapter
meeting. If your employer would be willing to sponsor, have them reach out.

*************************
11 April 2017 chapter meeting 
*************************

Hello chapter members,

Spring is here – birds are singing, flowers are in bloom, the first Electronics Flea Market (EFM) provided us some interesting finds for our projects, and those of us with allergies are loving life. Another interesting topic and great presenter lined up for this month's meeting.  

This month we welcome Jason Truppi, the Director of Endpoint Detection and Response at Tanium who will be talking about his insights being an FBI agent and now working in a startup. 

Abstract:

I will be sharing illusions and realities that I have observed as a veteran FBI agent, who has worked hundreds of cyber incidents, and what I see today having assimilated into the innovative world of Silicon Valley tech. We all know that cybersecurity threats are evolving faster than the world can consume them and that requires passionate and dedicated people to help advance us forward and protect our assets. The reality is government alone cannot move at the pace that is needed to protect their constituents. Often there is a disconnect from what government perceives as a problem versus what private industry categorizes as a risk. Government and technology companies must work together to solve the breach pandemic we have today. I will be highlighting how enterprises are truly preparing their security teams, what valuable metrics they are capturing, what tools are most useful, and what government best practices and standards have been the most sticky. I will be covering the realities of applying threat intelligence, big data analytics and artificial intelligence at scale. Then we will take a step forward and think about what new security problems might be awaiting us in the near future. My goal is to expose the facts of what organizations are actually experiencing, which should help government focus their efforts in the areas that will be most effective at combating the threats that face us daily.

Jason Truppi is a career technologist turned FBI agent and now tech entrepreneur. Jason has many years of experience working in information systems and security. More recently, Jason was an FBI Cyber Agent in New York City where he worked some of the Nation's largest national security and criminal cyber intrusions. He was later promoted as Supervisory Special Agent in Washington D.C. where he was responsible for major data breaches, hactivism and cyber extortion cases across the country. As a Director at Tanium and CSIS Fellow, Jason is helping to advance the security industry to enable corporate network defenders on an even larger scale. He is applying his skills and experience in incident response, investigations, penetration testing, analysis and threat intelligence to help solve the cyber crime epidemic that we face today.

Twitter: @NotTruppi

Itinerary: 

Nosh and networking

Chapter business and announcements

Presentation

Chapter board synch up afterwards

*************************
14 March, 2017 Chapter Meeting
*************************

Itinerary:

Nosh and networking

Chapter business and announcements

Presentation

Chapter board synch up afterwards

***********

This month we welcome Karthik Venna, Product Manager from BitGlass who will be presenting on “Protecting Cloud Apps From Malware”.

Abstract:

Cloud applications have garnered widespread adoption from enterprises in part due to their advantages such as ease of deployment, lower TCO, and high scalability. These apps are also popular because end-users can rely on them to work and collaborate from anywhere and on any device. The industry question becomes whether or not enterprises should trust cloud app providers to protect their data from malware or ransomware. Currently, there are only a handful of enterprise cloud apps that can provide these solutions natively, but in almost all cases, they have no zero-day protection.

In this session we will discuss malware protection solutions that are offered by various cloud app providers, how malware can make its way into cloud apps, and how CASBs can help protect enterprise cloud apps from malware attacks.

***********

Thank you to Bitglass [www.bitglass.com] for being a supporting sponsor. We appreciate your efforts to improve the information security community in the silicon valley and Bay area.

***********
Other upcoming events
***********

Spring is here – and that means the start of the Electronics Flea Market (EFM). This coming Saturday morning (the weekend before our chapter meeting), fellow hackers, makers, ham radio enthusiasts, and the like with be converging at DeAnza College on the hunt for (or selling their) items you have been looking for – or never realised you absolutely had to have. Many chapter members attend this event, both for the bargain hunting and the social aspects.

Held the second Saturday of the Month, March through September. 0500 AM -1200 PM

For more information: http://www.electronicsfleamarket.com/

January 10, 2016

We hope everyone had a merry Christmas, relaxing and full of family. Looking forward to seeing everyone again for our January meeting on the 10th – with our special guest speaker. 

Itinerary:

Nosh and networking

Chapter business and announcements:

   - Chapter elections results

   - January meeting details

   - February meeting canceled due to RSA Conference and Valentine's Day 

Presentation

**********
Chapter Elections
**********
Thank you Tim Tegarden and the rest of the election committee for your assistance conducting the chapter annual meeting and elections; and welcome our new board members. The board members for 2017 are: 

President: Tim O'Brien

Secretary: Wen-Pai Lu

Communications: Amir Jabri

Treasurer: Anna Pasupathy

Membership: Bill Burke

Thank you Stephen McCallum and Ravi Ramaanujan for your efforts on the board. 

***********
January chapter meeting: Stalking the Wily Hacker, 30 years later.
***********
This month we are excited to have Clifford Stoll, the author of The Cuckoo's Egg and Silicon Snake Oias our guest speaker. 

Abstract: Stalking the Wily Hacker, 30 years later.

Cliff will be sharing with us his insights, looking back to his experiences and forward to what we face. From geolocation of 4th generation cellphones and how corporations & gov't are beginning to monitor public social media to watch for trouble, the more things change the threats we face stay the same.

Who (from http://www.leighbureau.com/speakers/CStoll/): 
Clifford Stoll gained worldwide attention as a cyberspace sleuth when he wrote his bestselling book, The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, the page-turning true story of how he caught a ring of hackers who stole secrets from military computer systems and sold them to the KGB. He has become a leading authority on computer security. His lecture presentations are energetic and entertaining, and showcase Clifford’s dry wit and penetrating views. Clifford Stoll is a commentator for MSNBC and an astronomer at the University of California Berkeley. 

The Cuckoo’s Egg inspired a whole category of books on capturing computer criminals. He began by investigating a 75-cent error in time billing for the university computer lab for which he was systems manager and ended up uncovering a ring of industrial espionage. Working for a year without support from his employers or the government, he eventually tracked the lead to a German spy hacking into American computer networks involved with national security and selling the secrets to the KGB for money and cocaine. 

Since catching the "Hanover Hacker" (Hanover, West Germany), Stoll has become a leading expert on computer security and has given talks for both the CIA and the National Security Agency, as well as the U.S. Senate. 

Stoll is also the author of two engaging and counter-intuitive critiques of technology’s role in culture written in his trademark quiet and folksy style full of droll wit and penetrating insights. In Silicon Snake Oil: Second Thoughts on the Information Highway, Stoll, who has been netsurfing for fifteen years, does an about-face, warning that the promises of the Internet have been oversold and that we will pay a high price for its effects on real human interaction. High Tech Heretic: Why Computers Don’t Belong in the Classroom and Other Reflections by a Computer Contrarian asks readers to check the assumptions that dominate our thinking about technology and the role of computers, especially in our classrooms. As one who loves computers as much as he disdains them, he admits to being deeply ambivalent about computers, and questions the role of networks in our culture. 

For additional information: https://en.wikipedia.org/wiki/Clifford_Stoll

Cliff's klein bottle web site: http://www.kleinbottle.com/ 
 

***********

Thanks to our chapter meeting sponsor

***********

Unfortunately, we do not have a sponsor for this month's chapter meeting. If your employer would be willing to sponsor, have them reach out. 


Notes:

***********
February chapter meeting canceled
***********

Due to the RSA Conference as well as Valentines Day being February 14th, the board voted to cancel the chapter meeting for February. Hope everyone enjoys their RSA Conference experience. The next planned chapter meeting will be March 14, 2017. 

December 13th , 2016 

Emerging Trends in Cyber Security and Risk Management

This month we have Dr. Srinivas Mukkamala, the Co-Founder and CEO of RiskSense, Inc. talking about the Emerging Trends in Cyber Security and Risk Management; as well as RiskSense being the chapter sponsor for the month of December.

Abstract:
According to Gartner, organizations will spend approximately $92 billion on IT Security in 2016. Despite these investments, new data breaches are disclosed almost on a daily basis.  Keeping abreast of emerging trends in cyber security is essential for securing the expanding attack surface of enterprises and aligning information security plans with business risks. Unfortunately, facing on average hundreds of thousands of vulnerabilities across thousands of machines, puts those security practitioners assigned to identify and remediate these security gaps at an immediate disadvantage. Lengthy dwell times and asynchronous iterations are the result, limiting the effectiveness of any cyber security program. In this ISC2 seminar, renowned cyber security expert Dr. Srinivas Mukkamala will discuss emerging trends in network security, including big data in security, threat and business intelligence as factors to determine cyber risk exposure, and the role of human-interactive machine learning in orchestrating remediation actions.

Who:
Dr. Srinivas Mukkamala is co-founder and CEO of RiskSense. He has been researching and developing security technologies for over 15 years, working on malware analytics (focuses on medical control systems and non-traditional computing devices), breach exposure management, Web application security, and enterprise risk reduction. Mukkamala was one of the lead researchers for Computational Analysis of Cyber Terrorism against the U.S. (CACTUS). He has been published in over 120 peer-reviewed publications in the areas of information assurance, malware analytics, digital forensics, data mining, and bio-informatics. He has a patent on Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing. Mukkamala received his Bachelor of Engineering in Computer Science and Engineering from the University of Madras, before obtaining his Master of Science and Ph.D. in Computer Science from New Mexico Tech.

November 8th , 2016 

NOTE:

November chapter meeting - CANCELED

Since the date of the chapter meeting for November falls on election day,
the Silicon Valley chapter board members have decided to cancel the
meeting for November. Please remember to vote in our country's elections,
and nominate someone for the chapter's elections in December.

October 11th , 2016 

Bryan Lee from Palo Alto Networks provides insight on the Sofacy group, aka APT28, Fancy Bear, Pawn Storm, etc.

Abstract:
Earlier this June, we published a blog documenting an obscure DLL
sideloading technique in use by a well-known state sponsored group, the
Sofacy group, aka APT28, Fancy Bear, Pawn Storm, etc. We will take an
in-depth look at the analysis Unit 42 performed on that attack, as well as
a freshly discovered attack exhibiting not only ties to the attack in
June, but also an evolution of tactics in what may seem like a cat and
mouse game.


Bryan Lee is a Threat Intelligence Researcher with Unit 42 at Palo Alto
Networks. His areas of expertise are in cyber espionage threats, cyber
security operations, and threat collection. Prior to joining Unit 42 at
Palo Alto Networks, Bryan worked at the NASA Security Operations Center,
first as a real time detection analyst, transitioning into the threat
intelligence team at the NASA SOC, and ultimately moving into leading the
real time detection team. Bryan’s diverse set of experiences provides a
unique perspective on the viability of people, processes and technology
from both an operational and theoretical capacity.

September 20th , 2016 - Social Event

6 PM

Harry's Hofbrau

3900 Saratoga Avenue

San Jose, CA 95129

August 9th , 2016:

Topic: Ransomware, RATs & other Big Trends in Cybersecurity

 Summary: Advanced threats are changing so often it is getting harder and harder to keep up! In addition to new attacks, hackers are reinventing older ones, making it even more difficult to detect. We will discuss at a high-level some of biggest cybersecurity threats happening right now, including:

The Resurgence of Ransomware - Locky and other new cryptolockers;

Malvertising, oh My! - No website is safe from unknowingly spreading malware to visitors

I have RATs - How to defend against Remote Access Trojans stealing your data

BIO:

Nick Bilogorskiy is a founding team member at Cyphort, a next-generation anti-malware startup, and is currently leading threat operations there. He came to Cyphort from Facebook where he was the chief malware expert and a security spokesperson for the company, keeping 1 billion active users safe and secure. Nick is skilled in reverse engineering, analysis, writing patterns and tracking malware, frequently quoted in the media. He recently presented on IOT security at SKBI-BFI conference. He holds a Bachelor of Science degree in computing science and philosophy from Simon Fraser University in Vancouver, Canada, and a GIAC Reverse Engineering Malware (GREM) certification. He holds several patents in computer security.

July 12 , 2016:

Hope the start of your summer has gone well, and you're planning for the annual migration to Vegas for “hacker summer camp” (Bsides Vegas, Black Hat & DEFCON) is also going well. Look forward to seeing you all in Vegas, as well as our upcoming meeting. This month we have Ryan Russell from Phantom providing us insight on their security automation and orchestration platform; as well as Phantom being the chapter sponsor for July.

Title: Phantom

This presentation will introduce the Phantom security automation and orchestration platform, and tell attendees how to get a copy of the free community edition to try out themselves. Ryan will introduce the product itself, including the general problems it's trying to address (enhancing incident responders), basic product UI, and some of the Phantom jargon. The remainder of the presentation will cover use-cases for incident response and forensic investigation. Technology integrations demonstrated will include Splunk, VirusTotal, Shodan, VMware, Volatility, DomainTools, and others. Finally, we will touch on writing code for Phantom in the form of Playbooks and Apps, and then take questions.

Who:

Ryan Russell has worked in the information security field for over 20 years, alternating between the product development and operations teams. He is currently the Director of Technical Operations for Phantom, where he runs the lab with all the products that Phantom talks to. Just prior to Phantom, he was internal incident response for FireEye and ran their public security bug reporting presence. He is also sometimes known for being the lead author and series editor for the Stealing the Network book series from Syngress.

Phantom, an award-winning company, automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger, Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit: www.phantom.us.

June 14, 2016:

Title: "Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergency Response"

Abstract:


Effectively responding to modern disasters and humanitarian emergencies
requires a substantial amount of connectivity. Whether for cloud, social
media, GIS, or other critical access, emergency managers increasingly
rely upon Internet access as a key service alongside traditional
emergency and humanitarian response, such as search and rescue and
medical support.

"Hastily Formed Networks" are the networks that are created in the
immediate aftermath of a disaster. While they perform vital services,
most HFN deployments are significantly lacking in security management
and oversight. This talk will discuss HFNs, and the evolution of
security on these networks using examples from Hurricane Katrina to last
year’s Ebola crisis in West Africa and the ongoing Syrian Refugee Crisis
in Europe.

Bio:

Rakesh Bharania is the West Coast lead for Cisco Tactical Operations
(TACOPS) – Cisco’s primary technology response team for disaster relief
and humanitarian assistance. Additionally, he serves as chairman for the
Global VSAT Forum’s (GVF) Cybersecurity Task Force, and is a recognized
leader in the field of satellite security.With TACOPS, Rakesh is
responsible for the design and implementation of secure emergency
networks to support first responders, NGOs, and governments, and also
works to restore critical infrastructure in the midst of disasters.
Rakesh is also a Cisco representative to international forums on
disaster relief and resiliency including the United Nations and FEMA / DHS.

Team URL: www.cisco.com/go/tacops

May 10, 2016:

Title: Data-Driven Threat Intelligence: Metrics on IOC Effectiveness and Sharing

 For the past 18 months, Niddel have been collecting threat intelligence indicator data from multiple sources in order to make sense of the ecosystem and try to find a measure of efficiency or quality in these feeds. This initiative culminated in the creation of Combine and TIQ-test, two of the open source projects from MLSec Project. These projects have been improved upon for the last year, and are able to gather and compare data from multiple Threat Intelligence sources on the Internet.

We take this analysis a step further and extract insights form more than 12 months of collected threat intel data to verify the overlap and uniqueness of those sources. If we are able to find enough overlap, there could be a strategy that could put together to acquire an optimal number of feeds, but as Niddel demonstrated on the 2015 Verizon DBIR, that is not the case.

We also gathered aggregated usage information from intelligence sharing communities in order to determine if the added interest and "push" towards sharing is really being followed by the companies and if its adoption is putting us in the right track to close these gaps.

 Join us in a data-driven analysis of over an year of collected Threat Intelligence indicators and their sharing communities!

Alex Pinto is the Chief Data Scientist of Niddel and the lead of MLSec Project. He is currently dedicating his waking hours to the development of machine learning algorithms and data science techniques to automate threat hunting (I know) and the making threat intelligence "actionable" (I know, I know). He has presented the results of his ongoing research at multiple conferences, including Black Hat USA 3 years in a row, demonstrating a fun but informative take on very technical subjects.

He has almost 15 years dedicated to all things defensive information security, and 3 years in Data Science related work. Alex is currently a CISSP-ISSAP, CISA, CISM, and PMP. He was also a PCI-QSA for almost 7 years, but is a mostly ok person in spite of that.

April 12, 2016:

CASB: Cloud Access Security Broker or: how I learned to stop worrying and love the Cloud.

Topics discussed:

- Limitations of Cloud Services Security

- Introduction to CASB

- Types of Cloud Access Security Brokers (CASB)

- How CASBs work

- Open Discussion

Mr. Kyong An has 20 years’ experience in Information Technology and Information Security. He previously worked at Intuit, PricewaterhouseCoopers, and Booz Allen & Hamilton. He has led and deployed several Access Controls and Identity Management implementations across multiple industries, including Entertainment, Consumer Products, Energy and Financial, most recently, a Roles Based Access Control framework to manage UNIX operating system service accounts. Mr. Kyong is currently the Director of Consulting Services at Palerra, Inc., a cloud security company in Santa Clara, CA..

FIDO (Fully Integrated Defense Operation) by Rob Fry from Netflix

Demonstrate the value of Netflix's Open Source initiative FIDO (Fully Integrated Defense Operation) and how it integrates with security tools, networking, and endpoints to secure our corporate network from malicious intrusions.

For information: http://techblog.netflix.com/2015/05/introducing-fido-automated-security.html

Rob Fry is an accomplished architect, inventor and public speaker with 19 years experience primarily in large scale Internet companies and the utility industry. In his current role he specializes in security orchestration and building cloud security solutions. While at Netflix he invented FIDO, a patent pending open source incident response and remediation platform and at Yahoo created the DUBS configuration and automation framework for production servers. In his free time he enjoys working on advisor boards, CABs and engineering steering teams with a passion for helping create products in the cloud and security space by working with venture capitalist to develop stealth and startup companies.

March 8, 2016:

"What's the real risk of mobile to the enterprise? What should you do about it?  Leveraging Behavioral and Predictive Security to Prevent Threats Before they occur."

 

*Proposed Topics *(not necessarily segments, but the topics we will cover)

- The Increasing Need for Mobile Security: outline the shift to mobile and inherent risks faced in the enterprise, reference recent studies, Lookout perspective

- How to prevent threats before they happen - predictive/behavioral approach through big data, protecting enterprise assets and assuring app driven services

- Enterprise Research and Response - insight to the problem statement of identifying threats and then deciding what to do about them.

 

Presenters:

Bharath Rangarajan, VP Product - responsible for Lookout Mobile Security product development related to mobile threat protection and threat intelligence

Mike Murray, VP Research and Response - responsible for threat analysis and response, evaluating the evolving threatscape of mobile, partners with product dev

Chris Tow, Sr Sales Engineer - responsible for customer engagement and helping to define ways to enhance protection of digital assets and bus processess.

February 9, 2016:

Hackers Hiring Hackers—How to Do Things Better

ABSTRACT:

There are few talks that address what some consider to be the hardest part of getting a job in InfoSec: the hiring process. Information security is in desperate need of people with the technical skills hackers have to fill a myriad of roles within organizations across the world. However, both sides of the table are doing horribly when it comes to hiring and interviewing. Organizations are doing poorly trying to communicate expectations for a job, there are people going to interviews without knowing how to showcase their (limited or vast) experience, and some people posture themselves so poorly that the hiring managers don’t think the candidates are really interested in the job. This talk takes the experiences of the speakers as both interviewers & interviewees (as well as from others) in order to help better prepare to enter (or move within) “the industry” as well as hiring managers know what they can do to get the people & experience they need for their teams.

BIO:

Tim O’Brien is Director of Threat Research at Palerra. As a 16-year information security professional, O’Brien is a subject matter expert in risk and incident management, intrusion and data analysis, secure architecture design, and systems management. O’Brien is well versed in developing technical solutions, determining the best options for the business and its goals, and creating comprehensive implementation plans that minimize risk for the organization. His excellent analytical and problem solving skills, with emphasis on understanding relationships among technical problems, result in sound and effective business solutions while reducing risk. He enjoys mentoring others and helping them develop their skills through supervisory positions, coursework development, mentoring, presenting at and helping run information security conferences, as well as instructional positions.

January 12, 2016:

Presenter:    Mr Kyong J An, Director of Professional Services at Palerra, Inc.

Title:    A Practical Deployment: RBAC & Privileged Access Mgmt for UNIX in the Cloud

Abstract:

Extending Privileged Access Management to Cloud-based UNIX servers provides a meaningful opportunity to flex an existing RBAC implementation.

RBAC plays a crucial part in controlling UNIX service account entitlements in an elastic environment. This session will cover a real-world deployment and is relevant if you already have an RBAC framework or are planning a future deployment.

 The attendees will learn how the solution was built and how the RBAC model can be extended to manage off-premise UNIX service accounts. The lessons learned and examples will provide design input into their RBAC framework.

December 8, 2015:

A:    2016 Chapter board election

On site candidates registration and voting; in person only.

B:    Presentation from United States Department of Homeland Security 

Topic: Mobile Security R&D with DHS Science & Technology

Description: DHS S&T's Vincent Sritapan, PM for Mobile Security R&D, will provide an in-depth overview of the current strategy and R&D investments for the Mobile Device Security Program.  Vincent will brief on the challenges in mobile security for the Federal Government and provide insights into current R&D initiatives funded by DHS Science & Technology.

November 10, 2015:

Toward Cybersecurity in Business Terms: Quantifying the Risk in Dollars

Corporate executives know that while cyber risk cannot be eliminated, it can and must be managed so as to minimize impact on the business. But it is difficult to manage a risk that cannot be measured. Unless companies can identify and quantify cyber risks in dollars, they cannot effectively allocate security resources, justify investments, weigh competing priorities, or communicate risk with internal stakeholders or concerned customers.

In January the World Economic Forum and Deloitte proposed a framework for a quantitative, risk-based approach to cybersecurity focusing on asset value at risk. Earlier frameworks, notably the FAIR taxonomy, have also tried to put risk  assessment on a quantitative footing. Like all assessment frameworks, these approaches are based on an exhaustive set of subjective human judgments, and as a result they are laborious and of limited accuracy.

We propose an automated approach using actuarial science and empirical data to quantify risk. Data on rates of occurrence and financial impact of cyber incidents are extracted from industry reports, census data, SEC filings, insurance claims, and other sources, aggregated using Bayesian statistics and combined with automatically measured local IT factors to build a risk profile for an organization. Value at risk can be calculated for both structured and unstructured data assets; for the latter, a statistical approach is used based on department ownership and document access patterns.

Risk can be managed and mitigated strategically when quantified in dollars. Progress can be measured, and hypothetical actions can be modeled and evaluated in terms of risk. Even potential black swan events can be anticipated and managed. With quantitative risk projections companies can plan ahead to minimize impact of the most extreme cyber events.

Speaker:  Thomas Lee, PhD

Thomas is a serial entrepreneur, co-founder and CEO of VivoSecurity Inc. His interest in risk quantification stems from his experience in IT and software development combined with a background in applying novel computational techniques to biological problems. He has a PhD and MS in biophysics from the University of Chicago, a BS in physics and a BS EE from the University of Washington.

October 13, 2015:

The Future of Endpoint Threat Detection, Response & Prevention

Synopsis:

The battleground has changed. Advanced attackers are routinely penetrating perimeter defenses and averting antivirus technologies to successfully launch attacks against endpoints and servers. Compromise is inevitable but a massive data breach doesn’t have to be. The Bit9 + Carbon Black Security Solution is the industry’s first and only integrated Endpoint Threat Prevention, Detection and Response solution. The Bit9 + Carbon Black Security Solution consists of two industry-leading products and the Threat Intelligence Cloud. Independently, each product is a leader in its category. Together, they provide security and risk professionals with the ultimate advanced threat protection solution for Windows, Mac and Linux endpoints and servers. This meeting will explore both solutions to help the audience understand and appreciate Bit9 + Carbon Black’s approach in the context of securing their enterprise environment.

Speaker Bio:

Manoj Khiani, CISSP-ISSAP, is a Senior Systems Engineer with Bit9 + Carbon Black.  He has spent his career in Internet security focused companies over the last 20 years at leading companies such as Netscape, VeriSign, and Check Point.  Mr. Khiani holds a degree in Electrical Engineering from the University of California, Berkeley and has held his CISSP certification since 2001.  He is also a co-founder of the Silicon Valley ISC(2) chapter.

September 8, 2015:

Two part presentation: 

1. Attivo Networks CEO, Tushar Kothari, will discuss a new category of security - "deception" 

2. After Tushar's talk of "deception", Mahendra from the VC group will join him to have a "fire-side" talk about startups in the security field, including startup/funding and team building

August 11, 2015:

This was an "all hands meeting and open discussion".

- board members will share experiences/stories in their field

- discussions about future chapter activities

- members are encouraged to provide input about the chapter or share experiences.

July 14, 2015:

 Software Defined Network (SDN): What is SDN? What are SDN security issues?

As SDN builds momentum to be  implemented in both cloud and in-house environments, it's time for us to know what SDN is and what the potential security risks are for the SDN.

Wen-Pai Lu is our current chapter board member and shared his experiences regarding the SDN during the July 14 chapter monthly meeting.

June 9 2015:

 1. A brief presentation on "DHS Transition to Practice (TTP) program" from Michael Pozmantier, Program Manager

 2. "Managing Security Risks Affecting Robots, Implantable Devices, and Other Disruptive Technologies" By Stephen S. Wu, Attorney at Law

What are the new information security legal challenges in an era of rapid, sweeping change in technology? 

Enterprises face compliance and liability issues from the use of robots, artificial intelligence systems, non-traditional mobile devices......

The talk covers the intersection among legal, business, and technology issues from the development of those disruptive technology and ways enterprise can manage their legal risks.

May 12, 2015 - Henry Yeh, chapter's 2014 president will discuss the topic of "Malware": Polymorphic, Metamorphic malware in the research format--not  focus on how commercial vendors are doing their detection.

Discussion will focus on the detection techniques being researched. Demonstration on how to create a worm, and detection malware using Microsoft tools on Windows OS. 

April 14, 2015 - 1. Cybersecurity startups: The good, bad and the ugly:  Mahendra Ramsinghani will share case studies of a few security startups. (Presentation)

                2. 'Preparing for an Imminent Terabit DDoS Attack’ by Orion Cassetto, Director of Product Marketing at Incapsula

March 10th 2015 - Section 1: "Market trends in IT and Information Security careers" from career advisor's points of view by KFORCE

                               Section 2: "What is FaaS? (not a typo of SaaS)"  by Puneet Thapliyal, Co-founder, Verasynth FaaS 

February 10th 2015 - Kelly Harward, Director of Product Management at Raytheon Cyber Products on Insider Threat - Deconstructing the Insider Threat & Mitigating the Associated Risk

January 13th 2015 - Wen-Pai Lu on Cloud Security: A Different Perspective.

October 14th 2014 - Edward Chang on (ISC)2 Foundation's Safe and Secure Online (SSO) Program

September 9th 2014 - Henry Yeh on Defense Security Service (DSS)

August 12th 2014 - HP Atalla on “Cloud Security Challenges”

July 8th 2014 - Seagate Technology on "Enhancing Enterprise Security with Self-Encrypting Drives" & "Security Awareness Metrics at RekenaarCorp"

June 10th 2014-Pindrop Security on "Phone Channel Fraud and Acoustical Fingerprinting"

May 13th 2014-Cloudflare on "Mitigating DDoS Attacks"

April 8th 2014-Thales e-Security on "Data Protection and Mobile Payments"
 

March 11th 2014-Hewlett Packard on "The Outsourcing of Application Security"

February 11th 2014-FBI on "Cyber National Investigation"

December 10th, 2013-SANS Top 20 Critical Control

November 12th, 2013-Board Elections and Bear Data Systems

October 8th, 2013-Fortinet

September 10th, 2013-United States Secret Service

August 13th, 2013-Checkpoint Software Technologies

July 9th, 2013-Barchie Consulting and Shuh Chang

June 11,2013-Radware (Presentation)

May 14th, 2013-Cisco

April 9th, 2013-Tripwire

Mar 12th, 2013-Stonesoft Network Security

Feb 12th 2013-Thales Security

Jan 8th 2013-Board Meeting

 
Meetings are worth 2 CPEs.

Copyright 2011, International Information Systems Security Certification Consortium, Inc. (“(ISC)²), in website format and trade dress only. All Rights Reserved.  (ISC)², CISSP, ISSAP, ISSEP, ISSMP, CSSLP, CAP, SSCP, and CBK are registered certification, service, and trademarks of (ISC)². Disclaimer: (ISC)²” does not own, operate, or moderate this website.  All content of this site, exclusive of licensed trademarks or copyright, is the property of the designated (ISC)² Chapter organization, which is not owned, managed, or controlled by (ISC)² and operates independent of (ISC)².