Category Archives: Events

March, 2017 Chapter Meeting

Our March chapter meeting is on Wednesday, March 1st, 2017 at 5:45PM. Please RSVP if you plan on attending!

Bug bounties – Don’t hate the player, hate the game

Abstract: Recent attacks provide insight on cyber assaults which require immense planning and fortitude. While some assaults took advantage of opportunistic findings, many did not. Companies are constantly striving to improve their security posture, but no system is vulnerability free and external scrutiny is a bonus. It is increasingly more difficult to find some of those most critical types of security vulnerabilities. Better testing is needed. To attract attention for the special kind of testing needed, a bug bounty program will go a long way. Security researchers, hackers, and enthusiasts from all over the world participate for the benefit of all parties. However, cracking bug bounties is harder than it looks. John Menerick shows how certain methodologies can affect institutions, researchers, and might even have an impact on our chances for success.

Speaker Biography:

John Menerick’s interests include cracking clouds, modeling complex systems, developing massive software-defined infrastructures, automating deceptive incident responses, designing zero trust security architectures, and is the outlier in your risk model. While John is the founding security team member of many successful institutions, currently, John is Lake Michigan Credit Union’s CISO and Research Something’s Chief Cyber Security Researcher.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

February, 2017 Chapter Meeting

Our February chapter meeting is on Wednesday, February 1st, 2017 at 5:45PM. Please RSVP if you plan on attending!

Something from Nothing – Building a Holistic Privacy and Information Security Awareness Program from the Ground Up

Download presentation slide deck here.

Abstract: The presentation will cover the lessons learned when preparing a privacy and information security awareness training plan that will successfully convert end users to security champions. We will deliver an interactive presentation that discusses end user roles, prescribing security topics, retention strategies and privacy and security awareness lifecycle management including different methods and techniques to staff, define, manage, present, and measure the program. The presenters will engage with the audience to have them define methods for their individual companies and industries. Audience participation and information sharing of related lessons learned, resources, and techniques is encouraged for the benefit of all participants.

Speaker Biographies:

Aphrodite (Apple) Jones has been serving the technology field for over 25 years. She is a graduate of Davenport University with a BBA in Network Management and a MBA with a focus in E-Business. She is currently working to build the comprehensive and holistic privacy and information security awareness training plan for Spectrum Health and Priority Health as the Lead IS Training Specialist. She is also helping to build the talent pipeline options for the information security department by working with area colleges, universities and high schools and Michigan Works. She previously served as the Associate Dean for Davenport University’s College of Technology with responsibilities that included overseeing the undergraduate and graduate technology curriculum including the cyber defense curriculum and government designations for its Center of Academic Excellence in Cyber Defense Education (CAE/CDE). She spent over 20 years in higher education both as an administrator and professor who was passionate about diversity initiatives promoting technology careers to both women and people of color. She served as the advisor for Davenport University’s Women in Technology student organization. She currently serves on technology program advisory boards for Grand Rapids Community College, Kent Career Technology Center and Careerline Technical Center high school programs. She serves as a member of the Michigan Healthcare Cybersecurity Council’s (MiHCC) information security awareness group and a member of the Michigan Council of Women in Technology’s (MCWT) Western Michigan’s planning committee and is the recently elected Vice President for the Grand Rapids Information Systems Security Association (GR-ISSA).

Joshua VanderWeide began his career in education, graduating from Grand Valley State University with a degree in music education. After 3 years of teaching middle school choir and elementary general music, he transferred his skills in education to training teachers on the use of technology in the classroom. His background in education and training and his personal affinity for technology led to his current position at Spectrum Health, where he is helping to build the Privacy and Information Security Awareness Training department by both designing and delivering curriculum covering a vast array of awareness topics geared at end users.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

December, 2016 Chapter Meeting

Our December chapter meeting is on Wednesday, December 7th, 2016 at 5:45PM. Please RSVP if you plan on attending!

Top 10+ Security Risks at Financial Institutions – 5 years and 100 IT Compliance Audits / Security Assessments Later, An IT Auditor’s / Assessors Findings

Abstract: Over 30 years of experience in the area of Information Systems and Technologies (IT) has provided knowledge and skills that are both varied and extensive. Efforts have focused on providing IT compliance audit and security assessment services, systems/network design and administration, secure and reliable collaboration solutions, and telecommunications integration.

Recent accomplishments have included the design and administration of comprehensive, multi-level, risk-focused audit and assessment programs for financial, healthcare, and technology based organizations (GLBA, HIPAA, and PCI); administration of IT compliance audits and security assessments; installation, upgrade, and maintenance of highly secure and robust Microsoft Windows based networks enabling file services, email/collaboration services (Exchange Server and SharePoint Server), digital assistant services (ActiveSync and BlackBerry Enterprise Server), and web services (Internet Information Services and SQL Server); installation and maintenance of remote office networks utilizing various VPN technologies (IPsec, SSL, and PPTP); and participated with large multi-national corporations in strategic, and tactical, search engine optimization/marketing efforts against antagonistic web and social media sites.

Speaker BiographiesDamian Walters, Principal – Damian Walters & Associates, LLC, specializes in the following:

  • SOC 2, GLBA, HIPAA, and PCI Compliance Audits
  • Security Assessments
  • Network and System Design and Administration
    Web Site Hosting, Design and Administration
  • Data and Disaster Recovery
  • Cloud Services
  • Virtualization Services
  • Search Engine Optimization and Marketing (SEO/SEM)
  • Telecommunications (iPhone, Android, BlackBerry) Integration

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

November, 2016 Chapter Meeting

Our November chapter meeting is on Wednesday, November 2nd, 2016 at 5:45PM. Please RSVP if you plan on attending!

Two Perspectives on Implementing a Phishing Program

Abstract: Join us November 2nd, 2016 as we explore two approaches to changing behaviors within the user base. Matt Somers will present lessons learned and first-hand experiences in selecting and roll-out of an Enterprise Phishing Program. Robert VanDyke will walk through how we setup an Open Source internal Phishing Campaign. Both presentations will provide real world experiences from local chapter members. With Phishing attempts one of the highest risk areas, these sessions are sure to provide valuable and current insight.

Speaker BiographiesMatt Somers, CISSP resides in West Michigan and is the CISO for a global company headquartered in the US. Matt has over 14 years experience in the Information Security field. Matt is also a founding Board Member and Secretary of the (ISC)2 West Michigan Chapter. Robert Van Dyke is a senior at Ferris State University studying Information Security and Intelligence. He is also employed at Metro Health Hospital as a Security Analyst for almost one year. He loves all things tech related. In his free time he enjoys working in his home “Lab”, pen testing various boot2root, ctfs, and installing and playing with new software. He has participated in the GrrCon OSINTCTF the past two years and placed 6th and 4th respectively.

Presentations
Phishing Implementation

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

GrrCon 2016 recap

The board of (ISC)² West Michigan Chapter were very happy to again receive the support of the GrrCon community. All attendees received a (ISC)² flyer in their conference bags and the fine folks at GrrCon were nice enough to donate booth space to the Chapter on the exhibition floor.  We were glad to be able to meet so many of you.

img_1291

We’re looking forward to welcoming all of the new members and hope to see you at a meeting soon. Once again we’re all lucky to have such an awesome infosec con right in our backyard. Looking forward to GrrCon 2016 already!

October, 2016 Chapter Meeting

Our October chapter meeting is on Wednesday, October 5th, 2016 at 5:45PM. Please RSVP if you plan on attending!

FBI Agent Presentation Surrounding Ransomware

Abstract: Special Agent Don Whitt will be providing a technical presentation on the increased issues the FBI has seen surrounding Ransomware.

Speaker Biography: Special Agent Don Whitt is the Grand Rapids-based Cyber Agent for the Federal Bureau of Investigation. SA Whitt has worked for the FBI for over six years researching and addressing cyber threats. He has published reports on advanced persistent threats, cyber-terrorism, malware analysis and social media vulnerabilities. He also has extensive experience pertaining to threats and vulnerabilities to the confidentiality, integrity and availability of telecommunication providers.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

September, 2016 Chapter Meeting

Our September chapter meeting is on Wednesday, September 7th, 2016 at 5:45PM. Please RSVP if you plan on attending!

Incident Response Safari: An expedition to build your own First Responder Toolkit

Abstract: The presentation will cover the lessons learned when preparing and planning for incident response. We will go over incident handling lifecycle management including different tools and techniques to detect, record, contain, and analyze cyber security incidents. The presenter will share a First Responder toolkit with cheatsheets, process flows, and open source tools to help those getting started with triaging, sniper forensics, and traditional forensics to preserve, document, collect, and even analyze digital artifacts and evidence. The presenter encourages audience participation and information sharing of related lessons learned, tools, and techniques for the benefit of all participants.

Update: content from Vel’s presentation can be found here.

Speaker Biography: Vel Pavlov is West Michigan information security professional with over 10 years of experience in the field. He is currently IT Security Coordinator managing a team of four (three full-time and one part-time) employees and all IT Security related initiatives for Ferris State University. Outside of the management responsibilities, Vel’s focus is on risk and vulnerability assessment, incident handling lifecycle management, and building information security program based on ISO27001/27002 framework. Vel holds a number of certifications including CISSP, C|EH, C|HFI, C)PTE, ITILv3 Foundations, Security+, A+, Rapid7 Certified Nexpose Administrator, and Metasploit Pro Certified Specialist. He is also chapter co-author in reference books on the subjects of mobile malware (Mobile Technology Consumption: Opportunities and Challenges authored by Dr. Barbara Ciaramitaro) and digital antiforensics (Digital Forensics Explained by Dr. Greg Gogolin). Vel serves as an adjunct faculty and cyber security course designer for Excelsior College, Ferris State, and most recently Walsh College. His motivation is to help the learners to diversify the theoretical curriculum with applicable hands-on experience in cyber security offense and defense.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

May, 2016 Chapter Meeting

Our May chapter meeting is on Wednesday, May 4th, 2016 at 5:45PM. Please RSVP if you plan on attending!

An IT auditor’s Perspective On Auditing IT Security Departments and Professionals

Abstract: I am being audited, what should I know before the auditors arrive? Who gets interviewed? Are there different types of audits and does this one matter? The auditors are using unfamiliar terms! Should I prepare? What are “findings” and “observations” and am I getting fired? How long do I have to correct the items?

Speaker Biography: John Weller, CISSP, CSSLP, CISA, CGEIT. With 30 years IT experience, I have safe guarded corporate data assets in various roles, including nine years as an IT auditor/manager and currently as Chief Information Security Officer for Metro Health Hospital. My approach is to continually assess our strengths, weaknesses, and compliance requirements and work within the culture of the organization to achieve manageable change. This is the best job ever as every day I get to utilize my auditing and geek skills. My favorite part of my job is reviewing our cyber security strengths and weaknesses and working on shoring up the gaps. Securing a hospital with thousands of medical devices and workforce members and hundreds of vendors can oftentimes be exciting, and we make it manageable through the use of refined strategies and project plans, and a heavy reliance on the skilled systems administrators.

A few thoughts: When confronted with new equipment on the network, the first answer is not “no”, but more about how can we secure it. When reviewing a new vendor access request, the conversation focuses on how our organization can control when the vendor is accessing our systems. When we send data externally, we verify it is encrypted or de-identified, and that the vendor is capable of managing the data within their systems. Deliver one strategy power point per month to communicate and align efforts. Practice incident response frequently even on low risk events to keep the process alive.

Industries covered: Financial services “Gramm-Leach-Bliley Act (GLB Act or GLBA) regulated”, healthcare “HIPAA regulated”, and food distribution (mostly unregulated for IT).

Graduate of Ferris State University with Bachelors in Computer Information Systems (CIS)

Memberships:
ISC2 West Michigan Chapter
ISACA West Michigan Chapter
WMCSC West Michigan Cyber Security Consortium
MiHCC Michigan Healthcare Cyber Security Counsel

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

April, 2016 Chapter Meeting

Our April chapter meeting is on Wednesday, April 6th, 2016 at 5:45PM. Please RSVP if you plan on attending!

Raising Your Awareness On The Importance Of Awareness

Abstract: SIEMS, FIMS, IDS/IPS, Network Forensics, Vulnerability Management, Micro Segmentation, IAM and multi-factor auth. Fundamental technology that is vital to any robust security program….yet despite the amount we are spending on technology we continue to be plagued with ransomware, credential theft and data exfiltration. When we look at how the traditional attack surface has been hardened it’s easy to see why our enemies have shifted to the softest target, the human. The good news is there is hope for a better future! The most effective thing we can do to minimize these attacks is bring a new level of awareness to our organizations.

Speaker Biography: Philip Keibler, CISSP has spent more than 20 years building very successful information security programs and teams for the retail, aerospace, finance, insurance, major league sports, and manufacturing industries. Currently Philip is the Vice President of Information Security, Risk and Control for superstore retailer, Meijer. Most recently he served as the CISO for Bass Pro Shops in Springfield, MO. Previous to his role with Bass Pro Philip served as the CISO for the retailer “Finish Line”. During his time in the field he has seen information security evolve from a reactive, compliance driven ‘requirement’ to a proactive, risk based function that is critical to the success of every organization. His diverse background provides him with an endless amount of real world experience to draw from when facing challenges integrating security into the business.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map