Meetings are scheduled for the 2nd Tuesday of every month.  




12 September 2017

(The second Tuesday of the month)

Starting at 5:30 PM PT




HP Gigabyte Café

1140 Enterprise Way

Sunnyvale, CA 94089

Note you will need to be escorted into the building. If one of our chapter hosts are not at the front doors to escort you in, stand nearby; they will be out shortly to get you.

12 September 2017 Chapter Meeting

Hello chapter members and fellow information security professionals,

Welcome to September – where the children are back into school, the summer vacations have worn off. Of note, September is National Preparedness Month [] – how have you and your family – as well as your organization – prepared for physical disasters? Is your BC/DR plan up to date, and have you practiced it recently?

Hopefully you have your preparations taken care for your Cyber Security Awareness Month activities within your organization in October. If not, why not?

In the newsletter:

- Chapter elections

- Chapter meeting details

- Events of note: SecureWorld Bay Area

- Chapter booth at SecureWorld Bay Area

- (ISC)² Chapter Leadership Meeting (CLM) Delegates

Chapter elections 

Here is your opportunity: Reluctant to attend meetings for some reason? Would like to see the chapter be better? Are you in good standing with (ISC)2 and the chapter; and have an (ISC)2 certification? Your chance to help influence the chapter is by participating in the election – and by running for one of our board positions.

The October meeting starts the chapter's election cycle; with nominations taken during the October & November chapter meetings, and elections occurring in the December chapter annual meeting. The chapter election will be conducted by the election committee, headed by the election committee chairperson Tim Tegarden, assisted by committee members Lan Jenson and Joe Park. Those that are interested in running for or nominating a chapter member for a board position should review our chapter bylaws, and talk with the election committee.

All voting and board members must be in good standing with the chapter and (ISC)2. Further details on the election process, responsibilities for each board member as well as the election committee can be found in our chapter bylaws:

There are chapter board members that are looking to move on, providing an opportunity for chapter members (you, the reader) to focus on areas and efforts of the chapter they feel need improvement. Currently the board has two open roles to be decided for 2018:

  • President (due to term limits established in the chapter bylaws)
  • Membership chairperson

Though these two roles are open for 2018, all board positions can receive nominations – these are two roles that must be filled for the upcoming year. Every one of the board positions are key for the success of the chapter – and you the chapter member getting a worthwhile local chapter experience. The board strongly urges you to step up and participate – step up and help lead your fellow information security professionals into 2018.

Chapter meeting 
This month we have our friends from JASK to discuss how Machine Learning is useful in security monitoring.

Presentation: Behavioral Intrusion Detection at Scale: Case Studies in Machine Learning


Intrusion detection at scale is one of the most challenging problems a modern enterprise will face while maintaining a global IT infrastructure. Building defensive systems that help automate some of the pain points, in this space, has been a goal since the early days of enterprise security. From an artificial intelligence standpoint, the problem of designing a model to predict adversarial behavior is part of a class of problems that is impossible to automate completely. At the core of the problem lies an underlying no-go principle: threat actors change tactics to evolve with the technological threat surface. This means that to build pattern recognition systems, for cyber defense, we have to design a solution that is capable of learning behaviors of the attackers and to programmatically evolve that learning over time.

In our presentation we outline a solution to this problem using an elastic architecture to scale to the largest corporate datasets. We will deep dive on how we have used elastic architectures and machine learning to build models for detecting 0-day attacks as well as compromised perimeter assets. The first use case is important for current trends because we have seen the delivery of both ransomware and banking Trojans, targeting fortune 500 customers using exploit kits that easily get past IDS. The second use case we highlight is the detection of attacks against the DMZ using a meta graph modeling approach. This is important for the finding more stealthily and advanced actors that engage in long term attack campaigns. We will describe the way we have approached the mitigation of these two types of attacks, along with sharing some related open source data sets that capture these behaviors:

Presenter: Joseph Zadeh, Director of Data Science at JASK

Joseph Zadeh is the Director of Data Science at JASK. Zadeh has an M.S. in Mathematics, Computational Finance and a PhD in Mathematics from Purdue University. Zadeh comes to JASK as one of the foremost experts on AI and security operations. Prior to JASK, he served as Senior Data Scientist at Splunk through the aquisition of Caspida, where he developed behavior-based analytics for intrusion detection. He applied his mathematics background to artificial intelligence and cybersecurity, delivering presentations, such as Multi-Contextual Threat Detection via Machine Learning at Bsides Las Vegas, Defcon, Blackhat and RSA. Previously, Zadeh was part of the data science consulting team on Cyber Security analytics at Greenplum/Pivotal, as well as part of Kaiser Permanente’s first Cyber Security R&D team.


Thanks to our chapter meeting sponsor


Thank you to JASK for committing to the Custom participation level for the chapter. JASK is a startup in San Francisco producing the first AI powered security operations platform. For more information, check out their web site:


Upcoming events of note: Bay Area SecureWorld Conference, October 5 - Santa Clara Convention Center


The organizers of Bay Area SecureWorld Conference have offered discount codes for their conference on October 5 at the Santa Clara Convention Center. For further details, and the discount codes check out the special invite page they established for chapter members:


Chapter booth at Bay Area SecureWorld Conference, October 5


With our invite to Bay Area SecureWorld Conference, the organizers have offered a booth for the chapter at the event. Our communications chairperson Amir is organizing this effort, looking for at least six individuals to man the booth through the day. The conference fees would be waived, with the expectation for those chapter members who volunteered to help promote our chapter to attendees, taking part in the conference after their booth duty is complete.

If you are interested in volunteering, contact the chapter communications chairperson (Amir): communications (at)


Chapter delegates to (ISC)² Chapter Leadership Meeting (CLM)


Joining our chapter president Tim O'Brien at the (ISC)² Chapter Leadership Meeting (CLM) in Austin, Texas will be delegates Lan Jenson and Rene Kolga. Thank you Lan and Rene for steeping up to represent your chapter. If you have issues or concerns at the national or international level that need attention during this gathering, please reach out to one of these individuals. 

Previous Meetings

08 August 2017 Chapter Meeting

Welcome to August – the local farmer's markets are overflowing with 
bounty, and with it being Happiness Happens Month as well as National 
Win with Civility Month. Two areas we could use a reminder of as of 
late; considering the battlefield many of us have to work in daily. 
And, do not forget your system administrators on 28 July for SysAdmin 
day: and 
Hopefully we all return from Vegas and “hacker summer camp” safe and 
sound, as well as rejuvenated for the next year by what we have learned, 
and quality time with friends old & new. 

This month we have our friends from FireEye to discuss how we can 
improve our tabletop exercises and use case scenarios. 

Presentation: Cyber Security Use Case Workshop 
Detection and prevention is critical, however the job doesn’t stop 
there. Attack preparedness is key! During this workshop, Bruce will link 
use-case scenarios with the anatomy of a targeted attack to demonstrate 
the gaps often overlooked, ultimately saving your team valuable time and 
resources. Additionally, he will dive into real-world examples of cyber 
threat intelligence and how to apply it to all stages of attack 

Presenter: Bruce Heard 
Manager, Security Consulting Services 
Provide engagement leadership on a variety of security consulting 
service offerings to our clients, including Security Program Assessments 
and Response Readiness Assessments. 
Prior to joining Mandiant, Mr. Heard had multiple roles with IBM and 
Accenture working as a Global Security Architect, Cyber Security 
Solutions Services Sales Black Belt, Security Manager, and Senior 
Managing Security Consultant. The past five years, he has spent 
developing multi-vendor cyber security solutions for clients involving 
one or more cyber security domains and multi-vendor products, working 
with cross-delivery teams to develop comprehensive client cyber security 
solutions. In addition, he has provided cyber security consulting 
services to clients including SOC, SIEM system architecture, design, 
implementation, and system integration and troubleshooting to ensure 
successful solution delivery. He has supported all phases of building a 
Security Operations Center (SOC) and Security Information and Event 
Management (SIEM) strategy, design, implementation, consulting 
engagements, and governance processes. He has also worked for both 
Electronic Data Systems (EDS) and Hewlett-Packard (HP), providing 
network security architectural design, engineering and implementation 
services for integrated SIEM and SOC security solutions for the 
enterprise and operational business lines based on strategic business 

5:30 PM PT - Nosh and networking 
6 PM PT - Chapter business and announcements 
with presentation(s) following 
Chapter board synch up afterwards

Thanks to our chapter meeting sponsor 
Thank you to FireEye for committing to the Supporting (Level 1) 
participation level for the chapter. FireEye is an enterprise 
cybersecurity company[1] that provides products and services to protect 
against advanced cyber threats, such as advanced persistent threats and 
spear phishing. For more information, check out their web site: 

LinkedIn presence 
Some chapter members asked if the chapter can have a LinkedIn presence. 
The board has similar privacy concerns to many board members about using 
the web site; more so now that Microsoft owns the site and with the 
latest privacy policy changes. Though, for those of you that would like 
to help promote the chapter and partake of communications with fellow 
chapter members we have a Group set up for chapter members. 
Additionally, for those who have had leadership roles in the chapter we 
set up a profile so that when adding your leadership experience it can 
be linked back to the chapter. 

LinkedIn page: 
LinkedIn Group: 
If you have any questions, please reach out to the communications 
chairperson or chapter president. 

Upcoming events of note 
(ISC)² Chapter Leadership Meeting (CLM) 
The (ISC)² Chapter Leadership Meeting (CLM) in Austin, Texas during the 
seventh annual (ISC)² Security Congress on Saturday, September 23 from 
1pm-5pm. It’s a great opportunity to meet face-to-face with (ISC)² 
chapter leaders and (ISC)² staff to share ideas, experiences and 
resources while building relationships during the meeting and throughout 
the week! 
With every CLM, (ISC)² provides company and chapter program updates, and 
offers you the opportunity to present to other leaders about on your 
chapter’s accomplishments and even challenges. The meeting is designed 
to give you the opportunity to share and learn from others. 

The tentative meeting agenda for this meeting includes: 
Welcome & Overview 
Roundtable Introductions 
(ISC)² Announcement and Updates 
Chapter Presentations 
Open Discussion 
Chapter officers and/or delegates (appointed chapter members) are 
invited to attend, and will earn CPEs for participating. If you would 
like to join the Board members that will be attending, please reach out 
to a Board member to become a delegate. 

We look forward to seeing you at the meeting.

11 July 2017 Chapter Meeting

Hello chapter members,

Welcome to July, and National Cell Phone Courtesy Month. Hope you all

have your travel plans taken care of for “hacker summer camp” and Vegas

at the end of the month – the lineup for talks at Black Hat, DEFCON,

BSidesVegas, and Tiaracon are looking interesting and thought provoking

as they tend to do.


Chapter meeting


This month we have a special treat from AppSec Consulting – a panel

conversation with some special guests, as well as a presentation.

Presentation 1 – European Data Privacy Laws; the Crossroads of Security

and Privacy

Abstract:  Do you sometimes feel overwhelmed by the scope of information

security and wondered if it’s even possible to be responsible for more

things? Well friends, the answer is yes it’s possible, because European

Privacy requirements are getting some BIG updates. The changes bring

some good news, bad news, and plenty of gray areas to get lost in. So

grab some Tums and come on out to this month’s ISC2 meeting where Ryan

Hogan from AppSec Consulting will try to break it down for you.  If

nothing else you can share the information to line up a bunch of “I told

you so’s”, or maybe get real lucky and leverage it to get a budget for

the things that you need to do to get ready for EU Privacy requirements.

Presenter: Ryan Hogan, Director of Strategic Advisory Services, AppSec


Presentation 2 – Panel Discussion – Service Organization Controls (SOC)

and why InfoSec Should Care

Abstract: The AICPA recently introduced a new audit standard (SSAE18)

for SOC Reports. These improvements were implemented to strengthen

reporting on service providers and subservices (for outsourced

providers), require data validation of external reporting to ensure

independent analysis of content, and to require a detailed risk

assessment for the service organization. The panel will also discuss the

value of SOC 2 reports from the perspective of auditors, information

security professionals and service organizations. We invite you to bring

that laundry list of questions you have about SOC reports.

Moderator:     Brian Bertacini, CEO, AppSec Consulting


Doug Barbin, Principal, Shellman LLP

Ryan Hogan, Director of Strategic Advisory Services, AppSec Consulting

Nathaniel S. Hartman, Corporate Risk Assurance / Internal Audit,

Symantec Corporation

Alexander Anoufriev, Chief Information Security Officer, Thousand Eyes




5:30 PM PT - Nosh and networking

6 PM PT - Chapter business and announcements

with presentation(s) following

Chapter board synch up afterwards


Thanks to our chapter meeting sponsor


Thank you to AppSec Consulting for committing to the Supporting (Level

1) participation level for the chapter. AppSec Consulting provides

world-class web application security services, penetration testing, PCI

compliance services, and web application security training. For more

information, check out their web site:

13 June 2017 Chapter Meeting

Hello chapter members,

June – the start of summer, Ramadan, hurricane season, and graduations. I

hope you are progressing in your summer travel and for your security

conference plans. This month's meeting has a really interesting technical

topic that ties to the topic of the last few meetings.


Chapter meeting


This month we welcome Katie Murphy, Security Operations Engineer at Credit

Karma who will be talking about using DMARC, SPF, and DKIM to protecting

your companies reputation and email.

Abstract: Spoof-Proof with DMARC

Bring your mail security into 2017 and protect your brand with DMARC.

Review how the foundational technologies SPF and DKIM work, why DMARC is

necessary, and how it's part of a balanced breakfast to stop business

email compromise. Discover shadow IT, create custom threat intel feeds

from would-be spoofers, and gain control over how mail from your domain is

handled. Bonus content on the bleeding-edge ARC available for audiences

that move quickly.


Thanks to our chapter meeting sponsor


Unfortunately, we do not have a sponsor for this month's chapter meeting.

If your employer would be willing to sponsor, have them reach out.


LinkedIn presence


Some chapter members asked if the chapter can have a LinkedIn presence.

The board has similar privacy concerns to many board members about using

the web site; more so now that Microsoft owns the site and with the latest

privacy policy changes. Though, for those of you that would like to help

promote the chapter and partake of communications with fellow chapter

members we have a Group set up for chapter members. Additionally, for

those who have had leadership roles in the chapter we set up a profile so

that when adding your leadership experience it can be linked back to the


LinkedIn page:

LinkedIn Group:

If you have any questions, please reach out to the communications

chairperson or chapter president.

Previous Meetings

9 May 2017 Chapter Meeting

Hello chapter members,

May the forth be with you, fellow chapter members. This month's meeting
has a distinguished member of the community lined up.

This month we welcome Dr. Paul Vixie, the Chairman, CEO and cofounder of
award-winning Farsight Security who will be talking about using DNS as a
defense vector.

Abstract: DNS As a Defense Vector

DNS enables everything else on the Internet -- both good and bad. By
watching what bad guys do with their DNS configurations and offering
them differentiated (that is to say, poor) service, defenders can
re-level the playing field in our favor. In this presentation, Internet
pioneer Dr. Paul Vixie, CEO of Farsight Security, will explain what
DNSSEC and TSIG (Secure DNS and Transaction Signatures) are and why you
might want them, explain what RRL and RPZ (Response Rate Limiting and
Response Policy Zones) do and why you absolutely do want them, and the
importance of passive DNS monitoring and how it can significantly
advance cyberinvestigations by hunt teams and other security professionals.

Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman,
CEO and cofounder of award-winning Farsight Security, Inc. He was
inducted into the Internet Hall of Fame in 2014 for his work related to
DNS.  Dr. Vixie is a prolific author of open source Internet software
including BIND, and of many Internet standards documents concerning DNS
and DNSSEC. In addition, he founded the first anti-spam company (MAPS,
1996), the first non-profit Internet infrastructure software company
(ISC, 1994), and the first neutral and commercial Internet exchange
(PAIX, 1991). He earned his Ph.D. from Keio University for work related
to DNS and DNSSEC in 2010.
Thanks to our chapter meeting sponsor
Unfortunately, we do not have a sponsor for this month's chapter
meeting. If your employer would be willing to sponsor, have them reach out.

11 April 2017 chapter meeting 

Hello chapter members,

Spring is here – birds are singing, flowers are in bloom, the first Electronics Flea Market (EFM) provided us some interesting finds for our projects, and those of us with allergies are loving life. Another interesting topic and great presenter lined up for this month's meeting.  

This month we welcome Jason Truppi, the Director of Endpoint Detection and Response at Tanium who will be talking about his insights being an FBI agent and now working in a startup. 


I will be sharing illusions and realities that I have observed as a veteran FBI agent, who has worked hundreds of cyber incidents, and what I see today having assimilated into the innovative world of Silicon Valley tech. We all know that cybersecurity threats are evolving faster than the world can consume them and that requires passionate and dedicated people to help advance us forward and protect our assets. The reality is government alone cannot move at the pace that is needed to protect their constituents. Often there is a disconnect from what government perceives as a problem versus what private industry categorizes as a risk. Government and technology companies must work together to solve the breach pandemic we have today. I will be highlighting how enterprises are truly preparing their security teams, what valuable metrics they are capturing, what tools are most useful, and what government best practices and standards have been the most sticky. I will be covering the realities of applying threat intelligence, big data analytics and artificial intelligence at scale. Then we will take a step forward and think about what new security problems might be awaiting us in the near future. My goal is to expose the facts of what organizations are actually experiencing, which should help government focus their efforts in the areas that will be most effective at combating the threats that face us daily.

Jason Truppi is a career technologist turned FBI agent and now tech entrepreneur. Jason has many years of experience working in information systems and security. More recently, Jason was an FBI Cyber Agent in New York City where he worked some of the Nation's largest national security and criminal cyber intrusions. He was later promoted as Supervisory Special Agent in Washington D.C. where he was responsible for major data breaches, hactivism and cyber extortion cases across the country. As a Director at Tanium and CSIS Fellow, Jason is helping to advance the security industry to enable corporate network defenders on an even larger scale. He is applying his skills and experience in incident response, investigations, penetration testing, analysis and threat intelligence to help solve the cyber crime epidemic that we face today.

Twitter: @NotTruppi


Nosh and networking

Chapter business and announcements


Chapter board synch up afterwards

14 March, 2017 Chapter Meeting


Nosh and networking

Chapter business and announcements


Chapter board synch up afterwards


This month we welcome Karthik Venna, Product Manager from BitGlass who will be presenting on “Protecting Cloud Apps From Malware”.


Cloud applications have garnered widespread adoption from enterprises in part due to their advantages such as ease of deployment, lower TCO, and high scalability. These apps are also popular because end-users can rely on them to work and collaborate from anywhere and on any device. The industry question becomes whether or not enterprises should trust cloud app providers to protect their data from malware or ransomware. Currently, there are only a handful of enterprise cloud apps that can provide these solutions natively, but in almost all cases, they have no zero-day protection.

In this session we will discuss malware protection solutions that are offered by various cloud app providers, how malware can make its way into cloud apps, and how CASBs can help protect enterprise cloud apps from malware attacks.


Thank you to Bitglass [] for being a supporting sponsor. We appreciate your efforts to improve the information security community in the silicon valley and Bay area.

Other upcoming events

Spring is here – and that means the start of the Electronics Flea Market (EFM). This coming Saturday morning (the weekend before our chapter meeting), fellow hackers, makers, ham radio enthusiasts, and the like with be converging at DeAnza College on the hunt for (or selling their) items you have been looking for – or never realised you absolutely had to have. Many chapter members attend this event, both for the bargain hunting and the social aspects.

Held the second Saturday of the Month, March through September. 0500 AM -1200 PM

For more information:

January 10, 2016

We hope everyone had a merry Christmas, relaxing and full of family. Looking forward to seeing everyone again for our January meeting on the 10th – with our special guest speaker. 


Nosh and networking

Chapter business and announcements:

   - Chapter elections results

   - January meeting details

   - February meeting canceled due to RSA Conference and Valentine's Day 


Chapter Elections
Thank you Tim Tegarden and the rest of the election committee for your assistance conducting the chapter annual meeting and elections; and welcome our new board members. The board members for 2017 are: 

President: Tim O'Brien

Secretary: Wen-Pai Lu

Communications: Amir Jabri

Treasurer: Anna Pasupathy

Membership: Bill Burke

Thank you Stephen McCallum and Ravi Ramaanujan for your efforts on the board. 

January chapter meeting: Stalking the Wily Hacker, 30 years later.
This month we are excited to have Clifford Stoll, the author of The Cuckoo's Egg and Silicon Snake Oias our guest speaker. 

Abstract: Stalking the Wily Hacker, 30 years later.

Cliff will be sharing with us his insights, looking back to his experiences and forward to what we face. From geolocation of 4th generation cellphones and how corporations & gov't are beginning to monitor public social media to watch for trouble, the more things change the threats we face stay the same.

Who (from 
Clifford Stoll gained worldwide attention as a cyberspace sleuth when he wrote his bestselling book, The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, the page-turning true story of how he caught a ring of hackers who stole secrets from military computer systems and sold them to the KGB. He has become a leading authority on computer security. His lecture presentations are energetic and entertaining, and showcase Clifford’s dry wit and penetrating views. Clifford Stoll is a commentator for MSNBC and an astronomer at the University of California Berkeley. 

The Cuckoo’s Egg inspired a whole category of books on capturing computer criminals. He began by investigating a 75-cent error in time billing for the university computer lab for which he was systems manager and ended up uncovering a ring of industrial espionage. Working for a year without support from his employers or the government, he eventually tracked the lead to a German spy hacking into American computer networks involved with national security and selling the secrets to the KGB for money and cocaine. 

Since catching the "Hanover Hacker" (Hanover, West Germany), Stoll has become a leading expert on computer security and has given talks for both the CIA and the National Security Agency, as well as the U.S. Senate. 

Stoll is also the author of two engaging and counter-intuitive critiques of technology’s role in culture written in his trademark quiet and folksy style full of droll wit and penetrating insights. In Silicon Snake Oil: Second Thoughts on the Information Highway, Stoll, who has been netsurfing for fifteen years, does an about-face, warning that the promises of the Internet have been oversold and that we will pay a high price for its effects on real human interaction. High Tech Heretic: Why Computers Don’t Belong in the Classroom and Other Reflections by a Computer Contrarian asks readers to check the assumptions that dominate our thinking about technology and the role of computers, especially in our classrooms. As one who loves computers as much as he disdains them, he admits to being deeply ambivalent about computers, and questions the role of networks in our culture. 

For additional information:

Cliff's klein bottle web site: 


Thanks to our chapter meeting sponsor


Unfortunately, we do not have a sponsor for this month's chapter meeting. If your employer would be willing to sponsor, have them reach out. 


February chapter meeting canceled

Due to the RSA Conference as well as Valentines Day being February 14th, the board voted to cancel the chapter meeting for February. Hope everyone enjoys their RSA Conference experience. The next planned chapter meeting will be March 14, 2017. 

December 13th , 2016 

Emerging Trends in Cyber Security and Risk Management

This month we have Dr. Srinivas Mukkamala, the Co-Founder and CEO of RiskSense, Inc. talking about the Emerging Trends in Cyber Security and Risk Management; as well as RiskSense being the chapter sponsor for the month of December.

According to Gartner, organizations will spend approximately $92 billion on IT Security in 2016. Despite these investments, new data breaches are disclosed almost on a daily basis.  Keeping abreast of emerging trends in cyber security is essential for securing the expanding attack surface of enterprises and aligning information security plans with business risks. Unfortunately, facing on average hundreds of thousands of vulnerabilities across thousands of machines, puts those security practitioners assigned to identify and remediate these security gaps at an immediate disadvantage. Lengthy dwell times and asynchronous iterations are the result, limiting the effectiveness of any cyber security program. In this ISC2 seminar, renowned cyber security expert Dr. Srinivas Mukkamala will discuss emerging trends in network security, including big data in security, threat and business intelligence as factors to determine cyber risk exposure, and the role of human-interactive machine learning in orchestrating remediation actions.

Dr. Srinivas Mukkamala is co-founder and CEO of RiskSense. He has been researching and developing security technologies for over 15 years, working on malware analytics (focuses on medical control systems and non-traditional computing devices), breach exposure management, Web application security, and enterprise risk reduction. Mukkamala was one of the lead researchers for Computational Analysis of Cyber Terrorism against the U.S. (CACTUS). He has been published in over 120 peer-reviewed publications in the areas of information assurance, malware analytics, digital forensics, data mining, and bio-informatics. He has a patent on Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing. Mukkamala received his Bachelor of Engineering in Computer Science and Engineering from the University of Madras, before obtaining his Master of Science and Ph.D. in Computer Science from New Mexico Tech.

November 8th , 2016 


November chapter meeting - CANCELED

Since the date of the chapter meeting for November falls on election day,
the Silicon Valley chapter board members have decided to cancel the
meeting for November. Please remember to vote in our country's elections,
and nominate someone for the chapter's elections in December.

October 11th , 2016 

Bryan Lee from Palo Alto Networks provides insight on the Sofacy group, aka APT28, Fancy Bear, Pawn Storm, etc.

Earlier this June, we published a blog documenting an obscure DLL
sideloading technique in use by a well-known state sponsored group, the
Sofacy group, aka APT28, Fancy Bear, Pawn Storm, etc. We will take an
in-depth look at the analysis Unit 42 performed on that attack, as well as
a freshly discovered attack exhibiting not only ties to the attack in
June, but also an evolution of tactics in what may seem like a cat and
mouse game.

Bryan Lee is a Threat Intelligence Researcher with Unit 42 at Palo Alto
Networks. His areas of expertise are in cyber espionage threats, cyber
security operations, and threat collection. Prior to joining Unit 42 at
Palo Alto Networks, Bryan worked at the NASA Security Operations Center,
first as a real time detection analyst, transitioning into the threat
intelligence team at the NASA SOC, and ultimately moving into leading the
real time detection team. Bryan’s diverse set of experiences provides a
unique perspective on the viability of people, processes and technology
from both an operational and theoretical capacity.

September 20th , 2016 - Social Event

6 PM

Harry's Hofbrau

3900 Saratoga Avenue

San Jose, CA 95129

August 9th , 2016:

Topic: Ransomware, RATs & other Big Trends in Cybersecurity

 Summary: Advanced threats are changing so often it is getting harder and harder to keep up! In addition to new attacks, hackers are reinventing older ones, making it even more difficult to detect. We will discuss at a high-level some of biggest cybersecurity threats happening right now, including:

The Resurgence of Ransomware - Locky and other new cryptolockers;

Malvertising, oh My! - No website is safe from unknowingly spreading malware to visitors

I have RATs - How to defend against Remote Access Trojans stealing your data


Nick Bilogorskiy is a founding team member at Cyphort, a next-generation anti-malware startup, and is currently leading threat operations there. He came to Cyphort from Facebook where he was the chief malware expert and a security spokesperson for the company, keeping 1 billion active users safe and secure. Nick is skilled in reverse engineering, analysis, writing patterns and tracking malware, frequently quoted in the media. He recently presented on IOT security at SKBI-BFI conference. He holds a Bachelor of Science degree in computing science and philosophy from Simon Fraser University in Vancouver, Canada, and a GIAC Reverse Engineering Malware (GREM) certification. He holds several patents in computer security.

July 12 , 2016:

Hope the start of your summer has gone well, and you're planning for the annual migration to Vegas for “hacker summer camp” (Bsides Vegas, Black Hat & DEFCON) is also going well. Look forward to seeing you all in Vegas, as well as our upcoming meeting. This month we have Ryan Russell from Phantom providing us insight on their security automation and orchestration platform; as well as Phantom being the chapter sponsor for July.

Title: Phantom

This presentation will introduce the Phantom security automation and orchestration platform, and tell attendees how to get a copy of the free community edition to try out themselves. Ryan will introduce the product itself, including the general problems it's trying to address (enhancing incident responders), basic product UI, and some of the Phantom jargon. The remainder of the presentation will cover use-cases for incident response and forensic investigation. Technology integrations demonstrated will include Splunk, VirusTotal, Shodan, VMware, Volatility, DomainTools, and others. Finally, we will touch on writing code for Phantom in the form of Playbooks and Apps, and then take questions.


Ryan Russell has worked in the information security field for over 20 years, alternating between the product development and operations teams. He is currently the Director of Technical Operations for Phantom, where he runs the lab with all the products that Phantom talks to. Just prior to Phantom, he was internal incident response for FireEye and ran their public security bug reporting presence. He is also sometimes known for being the lead author and series editor for the Stealing the Network book series from Syngress.

Phantom, an award-winning company, automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger, Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit:

June 14, 2016:

Title: "Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergency Response"


Effectively responding to modern disasters and humanitarian emergencies
requires a substantial amount of connectivity. Whether for cloud, social
media, GIS, or other critical access, emergency managers increasingly
rely upon Internet access as a key service alongside traditional
emergency and humanitarian response, such as search and rescue and
medical support.

"Hastily Formed Networks" are the networks that are created in the
immediate aftermath of a disaster. While they perform vital services,
most HFN deployments are significantly lacking in security management
and oversight. This talk will discuss HFNs, and the evolution of
security on these networks using examples from Hurricane Katrina to last
year’s Ebola crisis in West Africa and the ongoing Syrian Refugee Crisis
in Europe.


Rakesh Bharania is the West Coast lead for Cisco Tactical Operations
(TACOPS) – Cisco’s primary technology response team for disaster relief
and humanitarian assistance. Additionally, he serves as chairman for the
Global VSAT Forum’s (GVF) Cybersecurity Task Force, and is a recognized
leader in the field of satellite security.With TACOPS, Rakesh is
responsible for the design and implementation of secure emergency
networks to support first responders, NGOs, and governments, and also
works to restore critical infrastructure in the midst of disasters.
Rakesh is also a Cisco representative to international forums on
disaster relief and resiliency including the United Nations and FEMA / DHS.

Team URL:

May 10, 2016:

Title: Data-Driven Threat Intelligence: Metrics on IOC Effectiveness and Sharing

 For the past 18 months, Niddel have been collecting threat intelligence indicator data from multiple sources in order to make sense of the ecosystem and try to find a measure of efficiency or quality in these feeds. This initiative culminated in the creation of Combine and TIQ-test, two of the open source projects from MLSec Project. These projects have been improved upon for the last year, and are able to gather and compare data from multiple Threat Intelligence sources on the Internet.

We take this analysis a step further and extract insights form more than 12 months of collected threat intel data to verify the overlap and uniqueness of those sources. If we are able to find enough overlap, there could be a strategy that could put together to acquire an optimal number of feeds, but as Niddel demonstrated on the 2015 Verizon DBIR, that is not the case.

We also gathered aggregated usage information from intelligence sharing communities in order to determine if the added interest and "push" towards sharing is really being followed by the companies and if its adoption is putting us in the right track to close these gaps.

 Join us in a data-driven analysis of over an year of collected Threat Intelligence indicators and their sharing communities!

Alex Pinto is the Chief Data Scientist of Niddel and the lead of MLSec Project. He is currently dedicating his waking hours to the development of machine learning algorithms and data science techniques to automate threat hunting (I know) and the making threat intelligence "actionable" (I know, I know). He has presented the results of his ongoing research at multiple conferences, including Black Hat USA 3 years in a row, demonstrating a fun but informative take on very technical subjects.

He has almost 15 years dedicated to all things defensive information security, and 3 years in Data Science related work. Alex is currently a CISSP-ISSAP, CISA, CISM, and PMP. He was also a PCI-QSA for almost 7 years, but is a mostly ok person in spite of that.

April 12, 2016:

CASB: Cloud Access Security Broker or: how I learned to stop worrying and love the Cloud.

Topics discussed:

- Limitations of Cloud Services Security

- Introduction to CASB

- Types of Cloud Access Security Brokers (CASB)

- How CASBs work

- Open Discussion

Mr. Kyong An has 20 years’ experience in Information Technology and Information Security. He previously worked at Intuit, PricewaterhouseCoopers, and Booz Allen & Hamilton. He has led and deployed several Access Controls and Identity Management implementations across multiple industries, including Entertainment, Consumer Products, Energy and Financial, most recently, a Roles Based Access Control framework to manage UNIX operating system service accounts. Mr. Kyong is currently the Director of Consulting Services at Palerra, Inc., a cloud security company in Santa Clara, CA..

FIDO (Fully Integrated Defense Operation) by Rob Fry from Netflix

Demonstrate the value of Netflix's Open Source initiative FIDO (Fully Integrated Defense Operation) and how it integrates with security tools, networking, and endpoints to secure our corporate network from malicious intrusions.

For information:

Rob Fry is an accomplished architect, inventor and public speaker with 19 years experience primarily in large scale Internet companies and the utility industry. In his current role he specializes in security orchestration and building cloud security solutions. While at Netflix he invented FIDO, a patent pending open source incident response and remediation platform and at Yahoo created the DUBS configuration and automation framework for production servers. In his free time he enjoys working on advisor boards, CABs and engineering steering teams with a passion for helping create products in the cloud and security space by working with venture capitalist to develop stealth and startup companies.

March 8, 2016:

"What's the real risk of mobile to the enterprise? What should you do about it?  Leveraging Behavioral and Predictive Security to Prevent Threats Before they occur."


*Proposed Topics *(not necessarily segments, but the topics we will cover)

- The Increasing Need for Mobile Security: outline the shift to mobile and inherent risks faced in the enterprise, reference recent studies, Lookout perspective

- How to prevent threats before they happen - predictive/behavioral approach through big data, protecting enterprise assets and assuring app driven services

- Enterprise Research and Response - insight to the problem statement of identifying threats and then deciding what to do about them.



Bharath Rangarajan, VP Product - responsible for Lookout Mobile Security product development related to mobile threat protection and threat intelligence

Mike Murray, VP Research and Response - responsible for threat analysis and response, evaluating the evolving threatscape of mobile, partners with product dev

Chris Tow, Sr Sales Engineer - responsible for customer engagement and helping to define ways to enhance protection of digital assets and bus processess.

February 9, 2016:

Hackers Hiring Hackers—How to Do Things Better


There are few talks that address what some consider to be the hardest part of getting a job in InfoSec: the hiring process. Information security is in desperate need of people with the technical skills hackers have to fill a myriad of roles within organizations across the world. However, both sides of the table are doing horribly when it comes to hiring and interviewing. Organizations are doing poorly trying to communicate expectations for a job, there are people going to interviews without knowing how to showcase their (limited or vast) experience, and some people posture themselves so poorly that the hiring managers don’t think the candidates are really interested in the job. This talk takes the experiences of the speakers as both interviewers & interviewees (as well as from others) in order to help better prepare to enter (or move within) “the industry” as well as hiring managers know what they can do to get the people & experience they need for their teams.


Tim O’Brien is Director of Threat Research at Palerra. As a 16-year information security professional, O’Brien is a subject matter expert in risk and incident management, intrusion and data analysis, secure architecture design, and systems management. O’Brien is well versed in developing technical solutions, determining the best options for the business and its goals, and creating comprehensive implementation plans that minimize risk for the organization. His excellent analytical and problem solving skills, with emphasis on understanding relationships among technical problems, result in sound and effective business solutions while reducing risk. He enjoys mentoring others and helping them develop their skills through supervisory positions, coursework development, mentoring, presenting at and helping run information security conferences, as well as instructional positions.

January 12, 2016:

Presenter:    Mr Kyong J An, Director of Professional Services at Palerra, Inc.

Title:    A Practical Deployment: RBAC & Privileged Access Mgmt for UNIX in the Cloud


Extending Privileged Access Management to Cloud-based UNIX servers provides a meaningful opportunity to flex an existing RBAC implementation.

RBAC plays a crucial part in controlling UNIX service account entitlements in an elastic environment. This session will cover a real-world deployment and is relevant if you already have an RBAC framework or are planning a future deployment.

 The attendees will learn how the solution was built and how the RBAC model can be extended to manage off-premise UNIX service accounts. The lessons learned and examples will provide design input into their RBAC framework.

December 8, 2015:

A:    2016 Chapter board election

On site candidates registration and voting; in person only.

B:    Presentation from United States Department of Homeland Security 

Topic: Mobile Security R&D with DHS Science & Technology

Description: DHS S&T's Vincent Sritapan, PM for Mobile Security R&D, will provide an in-depth overview of the current strategy and R&D investments for the Mobile Device Security Program.  Vincent will brief on the challenges in mobile security for the Federal Government and provide insights into current R&D initiatives funded by DHS Science & Technology.

November 10, 2015:

Toward Cybersecurity in Business Terms: Quantifying the Risk in Dollars

Corporate executives know that while cyber risk cannot be eliminated, it can and must be managed so as to minimize impact on the business. But it is difficult to manage a risk that cannot be measured. Unless companies can identify and quantify cyber risks in dollars, they cannot effectively allocate security resources, justify investments, weigh competing priorities, or communicate risk with internal stakeholders or concerned customers.

In January the World Economic Forum and Deloitte proposed a framework for a quantitative, risk-based approach to cybersecurity focusing on asset value at risk. Earlier frameworks, notably the FAIR taxonomy, have also tried to put risk  assessment on a quantitative footing. Like all assessment frameworks, these approaches are based on an exhaustive set of subjective human judgments, and as a result they are laborious and of limited accuracy.

We propose an automated approach using actuarial science and empirical data to quantify risk. Data on rates of occurrence and financial impact of cyber incidents are extracted from industry reports, census data, SEC filings, insurance claims, and other sources, aggregated using Bayesian statistics and combined with automatically measured local IT factors to build a risk profile for an organization. Value at risk can be calculated for both structured and unstructured data assets; for the latter, a statistical approach is used based on department ownership and document access patterns.

Risk can be managed and mitigated strategically when quantified in dollars. Progress can be measured, and hypothetical actions can be modeled and evaluated in terms of risk. Even potential black swan events can be anticipated and managed. With quantitative risk projections companies can plan ahead to minimize impact of the most extreme cyber events.

Speaker:  Thomas Lee, PhD

Thomas is a serial entrepreneur, co-founder and CEO of VivoSecurity Inc. His interest in risk quantification stems from his experience in IT and software development combined with a background in applying novel computational techniques to biological problems. He has a PhD and MS in biophysics from the University of Chicago, a BS in physics and a BS EE from the University of Washington.

October 13, 2015:

The Future of Endpoint Threat Detection, Response & Prevention


The battleground has changed. Advanced attackers are routinely penetrating perimeter defenses and averting antivirus technologies to successfully launch attacks against endpoints and servers. Compromise is inevitable but a massive data breach doesn’t have to be. The Bit9 + Carbon Black Security Solution is the industry’s first and only integrated Endpoint Threat Prevention, Detection and Response solution. The Bit9 + Carbon Black Security Solution consists of two industry-leading products and the Threat Intelligence Cloud. Independently, each product is a leader in its category. Together, they provide security and risk professionals with the ultimate advanced threat protection solution for Windows, Mac and Linux endpoints and servers. This meeting will explore both solutions to help the audience understand and appreciate Bit9 + Carbon Black’s approach in the context of securing their enterprise environment.

Speaker Bio:

Manoj Khiani, CISSP-ISSAP, is a Senior Systems Engineer with Bit9 + Carbon Black.  He has spent his career in Internet security focused companies over the last 20 years at leading companies such as Netscape, VeriSign, and Check Point.  Mr. Khiani holds a degree in Electrical Engineering from the University of California, Berkeley and has held his CISSP certification since 2001.  He is also a co-founder of the Silicon Valley ISC(2) chapter.

September 8, 2015:

Two part presentation: 

1. Attivo Networks CEO, Tushar Kothari, will discuss a new category of security - "deception" 

2. After Tushar's talk of "deception", Mahendra from the VC group will join him to have a "fire-side" talk about startups in the security field, including startup/funding and team building

August 11, 2015:

This was an "all hands meeting and open discussion".

- board members will share experiences/stories in their field

- discussions about future chapter activities

- members are encouraged to provide input about the chapter or share experiences.

July 14, 2015:

 Software Defined Network (SDN): What is SDN? What are SDN security issues?

As SDN builds momentum to be  implemented in both cloud and in-house environments, it's time for us to know what SDN is and what the potential security risks are for the SDN.

Wen-Pai Lu is our current chapter board member and shared his experiences regarding the SDN during the July 14 chapter monthly meeting.

June 9 2015:

 1. A brief presentation on "DHS Transition to Practice (TTP) program" from Michael Pozmantier, Program Manager

 2. "Managing Security Risks Affecting Robots, Implantable Devices, and Other Disruptive Technologies" By Stephen S. Wu, Attorney at Law

What are the new information security legal challenges in an era of rapid, sweeping change in technology? 

Enterprises face compliance and liability issues from the use of robots, artificial intelligence systems, non-traditional mobile devices......

The talk covers the intersection among legal, business, and technology issues from the development of those disruptive technology and ways enterprise can manage their legal risks.

May 12, 2015 - Henry Yeh, chapter's 2014 president will discuss the topic of "Malware": Polymorphic, Metamorphic malware in the research format--not  focus on how commercial vendors are doing their detection.

Discussion will focus on the detection techniques being researched. Demonstration on how to create a worm, and detection malware using Microsoft tools on Windows OS. 

April 14, 2015 - 1. Cybersecurity startups: The good, bad and the ugly:  Mahendra Ramsinghani will share case studies of a few security startups. (Presentation)

                2. 'Preparing for an Imminent Terabit DDoS Attack’ by Orion Cassetto, Director of Product Marketing at Incapsula

March 10th 2015 - Section 1: "Market trends in IT and Information Security careers" from career advisor's points of view by KFORCE

                               Section 2: "What is FaaS? (not a typo of SaaS)"  by Puneet Thapliyal, Co-founder, Verasynth FaaS 

February 10th 2015 - Kelly Harward, Director of Product Management at Raytheon Cyber Products on Insider Threat - Deconstructing the Insider Threat & Mitigating the Associated Risk

January 13th 2015 - Wen-Pai Lu on Cloud Security: A Different Perspective.

October 14th 2014 - Edward Chang on (ISC)2 Foundation's Safe and Secure Online (SSO) Program

September 9th 2014 - Henry Yeh on Defense Security Service (DSS)

August 12th 2014 - HP Atalla on “Cloud Security Challenges”

July 8th 2014 - Seagate Technology on "Enhancing Enterprise Security with Self-Encrypting Drives" & "Security Awareness Metrics at RekenaarCorp"

June 10th 2014-Pindrop Security on "Phone Channel Fraud and Acoustical Fingerprinting"

May 13th 2014-Cloudflare on "Mitigating DDoS Attacks"

April 8th 2014-Thales e-Security on "Data Protection and Mobile Payments"

March 11th 2014-Hewlett Packard on "The Outsourcing of Application Security"

February 11th 2014-FBI on "Cyber National Investigation"

December 10th, 2013-SANS Top 20 Critical Control

November 12th, 2013-Board Elections and Bear Data Systems

October 8th, 2013-Fortinet

September 10th, 2013-United States Secret Service

August 13th, 2013-Checkpoint Software Technologies

July 9th, 2013-Barchie Consulting and Shuh Chang

June 11,2013-Radware (Presentation)

May 14th, 2013-Cisco

April 9th, 2013-Tripwire

Mar 12th, 2013-Stonesoft Network Security

Feb 12th 2013-Thales Security

Jan 8th 2013-Board Meeting

Meetings are worth 2 CPEs.

Copyright 2011, International Information Systems Security Certification Consortium, Inc. (“(ISC)²), in website format and trade dress only. All Rights Reserved.  (ISC)², CISSP, ISSAP, ISSEP, ISSMP, CSSLP, CAP, SSCP, and CBK are registered certification, service, and trademarks of (ISC)². Disclaimer: (ISC)²” does not own, operate, or moderate this website.  All content of this site, exclusive of licensed trademarks or copyright, is the property of the designated (ISC)² Chapter organization, which is not owned, managed, or controlled by (ISC)² and operates independent of (ISC)².