The board of (ISC)² West Michigan Chapter were very happy to again receive the support of the GrrCon community. All attendees received a (ISC)² flyer in their conference bags and the fine folks at GrrCon were nice enough to donate booth space to the Chapter on the exhibition floor.  We were glad to be able to meet so many of you.

We’re looking forward to welcoming all of the new members and hope to see you at a meeting soon. Once again we’re all lucky to have such an awesome infosec con right in our backyard. Looking forward to GrrCon 2016 already!

Our October chapter meeting is on Wednesday, October 5th, 2016 at 5:45PM. Please RSVP if you plan on attending!

FBI Agent Presentation Surrounding Ransomware

Abstract: Special Agent Don Whitt will be providing a technical presentation on the increased issues the FBI has seen surrounding Ransomware.

Speaker Biography: Special Agent Don Whitt is the Grand Rapids-based Cyber Agent for the Federal Bureau of Investigation. SA Whitt has worked for the FBI for over six years researching and addressing cyber threats. He has published reports on advanced persistent threats, cyber-terrorism, malware analysis and social media vulnerabilities. He also has extensive experience pertaining to threats and vulnerabilities to the confidentiality, integrity and availability of telecommunication providers.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Our September chapter meeting is on Wednesday, September 7th, 2016 at 5:45PM. Please RSVP if you plan on attending!

Incident Response Safari: An expedition to build your own First Responder Toolkit

Abstract: The presentation will cover the lessons learned when preparing and planning for incident response. We will go over incident handling lifecycle management including different tools and techniques to detect, record, contain, and analyze cyber security incidents. The presenter will share a First Responder toolkit with cheatsheets, process flows, and open source tools to help those getting started with triaging, sniper forensics, and traditional forensics to preserve, document, collect, and even analyze digital artifacts and evidence. The presenter encourages audience participation and information sharing of related lessons learned, tools, and techniques for the benefit of all participants.

Update: content from Vel’s presentation can be found here.

Speaker Biography: Vel Pavlov is West Michigan information security professional with over 10 years of experience in the field. He is currently IT Security Coordinator managing a team of four (three full-time and one part-time) employees and all IT Security related initiatives for Ferris State University. Outside of the management responsibilities, Vel’s focus is on risk and vulnerability assessment, incident handling lifecycle management, and building information security program based on ISO27001/27002 framework. Vel holds a number of certifications including CISSP, C|EH, C|HFI, C)PTE, ITILv3 Foundations, Security+, A+, Rapid7 Certified Nexpose Administrator, and Metasploit Pro Certified Specialist. He is also chapter co-author in reference books on the subjects of mobile malware (Mobile Technology Consumption: Opportunities and Challenges authored by Dr. Barbara Ciaramitaro) and digital antiforensics (Digital Forensics Explained by Dr. Greg Gogolin). Vel serves as an adjunct faculty and cyber security course designer for Excelsior College, Ferris State, and most recently Walsh College. His motivation is to help the learners to diversify the theoretical curriculum with applicable hands-on experience in cyber security offense and defense.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

(ISC)² WEST MICHIGAN CHAPTER meetings will resume September 7th, 2016! Please contact us if you would like to present to the Chapter later this year.

Thanks for your support and have a great summer.

Our May chapter meeting is on Wednesday, May 4th, 2016 at 5:45PM. Please RSVP if you plan on attending!

An IT auditor’s Perspective On Auditing IT Security Departments and Professionals

Abstract: I am being audited, what should I know before the auditors arrive? Who gets interviewed? Are there different types of audits and does this one matter? The auditors are using unfamiliar terms! Should I prepare? What are “findings” and “observations” and am I getting fired? How long do I have to correct the items?

Speaker Biography: John Weller, CISSP, CSSLP, CISA, CGEIT. With 30 years IT experience, I have safe guarded corporate data assets in various roles, including nine years as an IT auditor/manager and currently as Chief Information Security Officer for Metro Health Hospital. My approach is to continually assess our strengths, weaknesses, and compliance requirements and work within the culture of the organization to achieve manageable change. This is the best job ever as every day I get to utilize my auditing and geek skills. My favorite part of my job is reviewing our cyber security strengths and weaknesses and working on shoring up the gaps. Securing a hospital with thousands of medical devices and workforce members and hundreds of vendors can oftentimes be exciting, and we make it manageable through the use of refined strategies and project plans, and a heavy reliance on the skilled systems administrators.

A few thoughts: When confronted with new equipment on the network, the first answer is not “no”, but more about how can we secure it. When reviewing a new vendor access request, the conversation focuses on how our organization can control when the vendor is accessing our systems. When we send data externally, we verify it is encrypted or de-identified, and that the vendor is capable of managing the data within their systems. Deliver one strategy power point per month to communicate and align efforts. Practice incident response frequently even on low risk events to keep the process alive.

Industries covered: Financial services “Gramm-Leach-Bliley Act (GLB Act or GLBA) regulated”, healthcare “HIPAA regulated”, and food distribution (mostly unregulated for IT).

Graduate of Ferris State University with Bachelors in Computer Information Systems (CIS)

Memberships:
ISC2 West Michigan Chapter
ISACA West Michigan Chapter
WMCSC West Michigan Cyber Security Consortium
MiHCC Michigan Healthcare Cyber Security Counsel

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Our April chapter meeting is on Wednesday, April 6th, 2016 at 5:45PM. Please RSVP if you plan on attending!

Raising Your Awareness On The Importance Of Awareness

Abstract: SIEMS, FIMS, IDS/IPS, Network Forensics, Vulnerability Management, Micro Segmentation, IAM and multi-factor auth. Fundamental technology that is vital to any robust security program….yet despite the amount we are spending on technology we continue to be plagued with ransomware, credential theft and data exfiltration. When we look at how the traditional attack surface has been hardened it’s easy to see why our enemies have shifted to the softest target, the human. The good news is there is hope for a better future! The most effective thing we can do to minimize these attacks is bring a new level of awareness to our organizations.

Speaker Biography: Philip Keibler, CISSP has spent more than 20 years building very successful information security programs and teams for the retail, aerospace, finance, insurance, major league sports, and manufacturing industries. Currently Philip is the Vice President of Information Security, Risk and Control for superstore retailer, Meijer. Most recently he served as the CISO for Bass Pro Shops in Springfield, MO. Previous to his role with Bass Pro Philip served as the CISO for the retailer “Finish Line”. During his time in the field he has seen information security evolve from a reactive, compliance driven ‘requirement’ to a proactive, risk based function that is critical to the success of every organization. His diverse background provides him with an endless amount of real world experience to draw from when facing challenges integrating security into the business.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Our March chapter meeting is on Wednesday, March 2nd, 2015 at 5:45PM. Please RSVP if you plan on attending!

Security Research and Adventures in Responsible Disclosure

Abstract: The biggest security holes are the ones we don’t know about. To find these weaknesses we have to think like the bad guys do. Even as security researchers, we must look at everyday applications through the eyes of a malicious hacker. After learning basic functionality, we can come up with creative methods of (ab)using the application. This presentation details our findings along with the process we go through, challenges we face, and risks we take to responsibly disclose them.

Speaker biography: Presented by Adam Logue and Ryan Griffin.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Our February chapter meeting is on Wednesday, February 3rd, 2015 at 5:45PM. Please RSVP if you plan on attending!

Application Threat Modeling in Risk Management

Abstract: Business and government organizations have wised up to the need for a risk-based management approach to info / cyber / <buzzword>-security. But most security risk assessment efforts get mired in excessive analysis or produce results with little substance to them. Should we be using a kill-chains approach? NIST or ISO frameworks? This presentation examines organizational impact of assets based on value and profiles threat agents from their motivations, capabilities, resources and tactics. We’ll step through using the Microsoft Threat Modeling Tool to make data-flow diagrams and gain insight into the soft spots where these threat agents can make contact, cover insider threats and draw threat profiles that make them real for management. Then we’ll show you how to pull this all together in a form that drives home your point.

Speaker biography: Mel Drews has been security consultant to hospitals, government agencies, universities, electric utilities and financial institutions large and small all around the country. He’s used and built risk assessment tools in many teams with a wide range of capabilities. He also claims expertise in penetration testing, software security, system
hardening, and audit. Mel is a SANS Institute Mentor instructor planning his next course to deliver on web application defense. He’s currently working on software security and risk assessment with a large financial services firm in Michigan.

UPDATE: Download the presentation from Mel’s site here.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Our December chapter meeting is on Wednesday, December 2nd, 2015 at 5:45PM. Please RSVP if you plan on attending!

How to Adapt What We Have Now to the IoT (The Internet of Things)

Abstract: Information Security Professionals are fast realizing that they are facing new challenges:

• How do I strategize, budget, & execute today for a world that I can’t even imagine five years from now?
• How do I sleep at night when after 99 successes, one small miscalculation could put my name on the front page of the Wall Street Journal or the headline of the Drudge Report?
• Now that the guys in the high-back chairs in the corner offices want to invite me to their meetings, how do I put all this craziness into words that they can understand?
  In this fast changing world, let’s be honest, the pocketbooks have opened & IT Security is getting the funds <<yea!>> & the attention <<boo!>> that we need. The bottom line? You’ll leave this discussion with four or five things you can do that will keep you on the road to those 99 successes while making that story above the fold a little less likely.

Speaker biography: Caston Thomas brings perspective, knowledge and a practicality to how to combine technology and process change for improving security & management of mobile & the cloud. Caston has pioneered communications & workflow technologies in a number of healthcare organizations. With almost 30 years in corporate information technology, he is sought by business leaders as an expert helping to fill the gap between mobile security frameworks and the operational processes & technologies that make them work.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map

Our November chapter meeting is on Wednesday, November 4th, 2015 at 5:45PM. Please RSVP if you plan on attending!

IT Security Update from FBI

Abstract: Special Agent Joliffe will be giving a general update on current matters related to IT security and will touch on issues and incidents that have affected organizations both locally and globally.

Speaker biography: Special Agent Peter Jolliffe has been assigned to the FBI’s counter intelligence matters in West Michigan for the past 6 years.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

NEW LOCATION Location Information

Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519

Map