Our December chapter meeting is on Wednesday, December 6th, 2017 at 5:45PM. Please RSVP if you plan on attending!

FBI Cyber Agent Update

Abstract: Don Whitt, a Grand Rapids-based Cyber Agent for the Federal Bureau of Investigation’s Cyber Task Force will be presenting. Special Agent Whitt has worked for the FBI for over seven years researching and addressing cyber threats.

Schedule

5:45-6:00PM Networking, dinner
6:00-7:15PM Presentation
7:15-7:45PM Q&A

Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Our November chapter meeting is on Wednesday, November 1st, 2017 at 5:45PM. Please RSVP if you plan on attending!

You Want To Put What In The Cloud? Security Issues To Consider

Abstract: Our November speaker will be Dr. Faith Heikkila, presenting You Want to Put What in the Cloud? Security Issues to Consider, a practitioner’s view of how to evaluate cloud security risks when your company wants to place data in the cloud. She will provide insight into the process of evaluating the cloud provider’s security posture, including the use of Cloud Access Security Brokers (CASBs).

Benefits/Takeaways

• Insight into the process of working through the risks associated with placing Personally
• Identifiable Information (PII) or Personal Data (PD) in the cloud.
• Familiarity with cloud security challenges.
• Role of vendor reviews in managing cyber risk.

Speaker Biography: Faith Heikkila, Ph.D., CISM, FIP, CIPM, CIPP-US, ABCP is an Information Security Architect – Governance at a global pharmaceutical company. She has CISO and Privacy Officer practitioner experience in overall information security governance and compliance, and previously oversaw the protection of personal and financial information for clients. Dr. Heikkila is the past Chairman and past President of InfraGard Michigan Members Alliance, Inc. Dr. Heikkila served on the InfraGard National Members Alliance, Inc. (INMA) Board for three years as the INMA Secretary. Dr. Heikkila earned her Ph.D. in Information Systems from Nova Southeastern University specializing in Information Assurance. Dr. Heikkila has published numerous information security articles and is widely recognized as a subject matter expert in e-discovery, data privacy, information security policies/procedures, computer security breaches, financial regulatory compliance laws, ISO 27001/27002 framework, cybersecurity, and state data breach notification laws.

Schedule

5:45-6:00PM Networking, dinner
6:00-7:15PM Presentation
7:15-7:45PM Q&A

Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Our May chapter meeting is on Wednesday, September 6th, 2017 at 5:45PM. Please RSVP if you plan on attending!

Defending Against Pass-The-Hash

Abstract: Sure everyone in IT knows about ransomware, DDOS, and various sorts of malware. However many IT folks either don’t know or don’t know how to defend themselves against a flaw that affects all Microsoft Operating Systems. I’m talking about Pass-The-Hash. Pass-The-Hash has existed from the very beginning, and is a powerful technique that attackers can use to move laterally, and escalate privilege in your Windows Environment. We’ll be discussing why it’s possible, what are the business risks involved, and mitigation techniques.

Speaker Biography: Mikhail Burshteyn is a Security Consultant for CDW, performing penetration tests for various types of customers and industries. He has a passion for security, breaking things, and showing people the risks that can be involved with different technologies. He is a former graduate of Central Michigan University, and holds a number of certifications including CISSP and CCNA.

Schedule

5:45-6:00PM Networking, dinner
6:00-7:15PM Presentation
7:15-7:45PM Q&A

Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Hi all — we’re on break until September 6, 2017. We’re actively soliciting ideas for next year’s meetings, so please reach out to us if you’d like to be a part of the chapter.

Thanks and have a great summer.

Sincerely,
Board of Directors

Our May chapter meeting is on Wednesday, May 3rd, 2017 at 5:45PM. Please RSVP if you plan on attending!

Embedding Security in Embedded systems

Abstract: If security were easy, we’d have solved it 20 years ago. Unfortunately for complex systems, we need all-hands- on-deck: developer training, correct implementation, proper deployment and monitoring, secure updates, and response planning. Come be encouraged by Dr. DeMott to apply security best practices to the embedded specific domains.

Speaker Biography: Dr. Jared DeMott is former NSA and Microsoft BlueHat Prize winner. He’s frequently quoted in media, and invited to speak. He’s the founder of Vulnerability Discovery & Analysis (VDA) Labs. You’ll find fingerprints of VDA across the InfoSec community: fuzzing, code auditing, exploitation, incident response, malware analysis, pentests, threat intelligence, and security training. When DeMott isn’t leading a project, or bypassing a security control, he’s enjoying time with his family outdoors.

Schedule

5:45-6:00PM Networking, dinner
6:00-7:15PM Presentation
7:15-7:45PM Q&A

Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Our April chapter meeting is on Wednesday, April 5th, 2017 at 5:45PM. Please RSVP if you plan on attending!

Current threats presented by Michigan State Police Cyber Command Center

Abstract: Michigan State Police representatives will be discussing current cyber threats trends and the services that the Michigan Cyber Command Center and FBI can offer during and after an incident occurs.

Speaker Biography: D/Sgt Dan Cook has been employed with the Michigan State Police for the past 17 years. His career has involved a multitude of investigative topics. His current position is within the Michigan State Police, Michigan Cyber Command Center (MC3) and is assigned to the FBI Cyber Task Force. His investigations cover both state and national cyber related threats/criminal activity.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Our March chapter meeting is on Wednesday, March 1st, 2017 at 5:45PM. Please RSVP if you plan on attending!

Bug bounties – Don’t hate the player, hate the game

Abstract: Recent attacks provide insight on cyber assaults which require immense planning and fortitude. While some assaults took advantage of opportunistic findings, many did not. Companies are constantly striving to improve their security posture, but no system is vulnerability free and external scrutiny is a bonus. It is increasingly more difficult to find some of those most critical types of security vulnerabilities. Better testing is needed. To attract attention for the special kind of testing needed, a bug bounty program will go a long way. Security researchers, hackers, and enthusiasts from all over the world participate for the benefit of all parties. However, cracking bug bounties is harder than it looks. John Menerick shows how certain methodologies can affect institutions, researchers, and might even have an impact on our chances for success.

Speaker Biography:

John Menerick’s interests include cracking clouds, modeling complex systems, developing massive software-defined infrastructures, automating deceptive incident responses, designing zero trust security architectures, and is the outlier in your risk model. While John is the founding security team member of many successful institutions, currently, John is Lake Michigan Credit Union’s CISO and Research Something’s Chief Cyber Security Researcher.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Our February chapter meeting is on Wednesday, February 1st, 2017 at 5:45PM. Please RSVP if you plan on attending!

Something from Nothing – Building a Holistic Privacy and Information Security Awareness Program from the Ground Up

Download presentation slide deck here.

Abstract: The presentation will cover the lessons learned when preparing a privacy and information security awareness training plan that will successfully convert end users to security champions. We will deliver an interactive presentation that discusses end user roles, prescribing security topics, retention strategies and privacy and security awareness lifecycle management including different methods and techniques to staff, define, manage, present, and measure the program. The presenters will engage with the audience to have them define methods for their individual companies and industries. Audience participation and information sharing of related lessons learned, resources, and techniques is encouraged for the benefit of all participants.

Speaker Biographies:

Aphrodite (Apple) Jones has been serving the technology field for over 25 years. She is a graduate of Davenport University with a BBA in Network Management and a MBA with a focus in E-Business. She is currently working to build the comprehensive and holistic privacy and information security awareness training plan for Spectrum Health and Priority Health as the Lead IS Training Specialist. She is also helping to build the talent pipeline options for the information security department by working with area colleges, universities and high schools and Michigan Works. She previously served as the Associate Dean for Davenport University’s College of Technology with responsibilities that included overseeing the undergraduate and graduate technology curriculum including the cyber defense curriculum and government designations for its Center of Academic Excellence in Cyber Defense Education (CAE/CDE). She spent over 20 years in higher education both as an administrator and professor who was passionate about diversity initiatives promoting technology careers to both women and people of color. She served as the advisor for Davenport University’s Women in Technology student organization. She currently serves on technology program advisory boards for Grand Rapids Community College, Kent Career Technology Center and Careerline Technical Center high school programs. She serves as a member of the Michigan Healthcare Cybersecurity Council’s (MiHCC) information security awareness group and a member of the Michigan Council of Women in Technology’s (MCWT) Western Michigan’s planning committee and is the recently elected Vice President for the Grand Rapids Information Systems Security Association (GR-ISSA).

Joshua VanderWeide began his career in education, graduating from Grand Valley State University with a degree in music education. After 3 years of teaching middle school choir and elementary general music, he transferred his skills in education to training teachers on the use of technology in the classroom. His background in education and training and his personal affinity for technology led to his current position at Spectrum Health, where he is helping to build the Privacy and Information Security Awareness Training department by both designing and delivering curriculum covering a vast array of awareness topics geared at end users.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Our December chapter meeting is on Wednesday, December 7th, 2016 at 5:45PM. Please RSVP if you plan on attending!

Top 10+ Security Risks at Financial Institutions – 5 years and 100 IT Compliance Audits / Security Assessments Later, An IT Auditor’s / Assessors Findings

Abstract: Over 30 years of experience in the area of Information Systems and Technologies (IT) has provided knowledge and skills that are both varied and extensive. Efforts have focused on providing IT compliance audit and security assessment services, systems/network design and administration, secure and reliable collaboration solutions, and telecommunications integration.

Recent accomplishments have included the design and administration of comprehensive, multi-level, risk-focused audit and assessment programs for financial, healthcare, and technology based organizations (GLBA, HIPAA, and PCI); administration of IT compliance audits and security assessments; installation, upgrade, and maintenance of highly secure and robust Microsoft Windows based networks enabling file services, email/collaboration services (Exchange Server and SharePoint Server), digital assistant services (ActiveSync and BlackBerry Enterprise Server), and web services (Internet Information Services and SQL Server); installation and maintenance of remote office networks utilizing various VPN technologies (IPsec, SSL, and PPTP); and participated with large multi-national corporations in strategic, and tactical, search engine optimization/marketing efforts against antagonistic web and social media sites.

Speaker Biographies: Damian Walters, Principal – Damian Walters & Associates, LLC, specializes in the following:

• SOC 2, GLBA, HIPAA, and PCI Compliance Audits
• Security Assessments
• Network and System Design and Administration
  Web Site Hosting, Design and Administration
• Data and Disaster Recovery
• Cloud Services
• Virtualization Services
• Search Engine Optimization and Marketing (SEO/SEM)
• Telecommunications (iPhone, Android, BlackBerry) Integration

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Our November chapter meeting is on Wednesday, November 2nd, 2016 at 5:45PM. Please RSVP if you plan on attending!

Two Perspectives on Implementing a Phishing Program

Abstract: Join us November 2nd, 2016 as we explore two approaches to changing behaviors within the user base. Matt Somers will present lessons learned and first-hand experiences in selecting and roll-out of an Enterprise Phishing Program. Robert VanDyke will walk through how we setup an Open Source internal Phishing Campaign. Both presentations will provide real world experiences from local chapter members. With Phishing attempts one of the highest risk areas, these sessions are sure to provide valuable and current insight.

Speaker Biographies: Matt Somers, CISSP resides in West Michigan and is the CISO for a global company headquartered in the US. Matt has over 14 years experience in the Information Security field. Matt is also a founding Board Member and Secretary of the (ISC)2 West Michigan Chapter. Robert Van Dyke is a senior at Ferris State University studying Information Security and Intelligence. He is also employed at Metro Health Hospital as a Security Analyst for almost one year. He loves all things tech related. In his free time he enjoys working in his home “Lab”, pen testing various boot2root, ctfs, and installing and playing with new software. He has participated in the GrrCon OSINTCTF the past two years and placed 6th and 4th respectively.

Presentations
Phishing Implementation

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map