Our May chapter meeting is on Wednesday May 7th, 2014 at 5:45PM. Please RSVP if you plan on attending!

Social Engineering and its Role in Breaches

Abstract: The discussion will be focused on social engineering. Social engineering played a part in nearly every major hack or breach in 2013 yet it still stays in the background when we consider security controls. This is something that needs to change as we move forward and everyone, every single employee, co-worker, etc, is a living breathing open port into our systems just waiting to be compromised.

Speaker biography: R. Jason Toy is a Security Engineer & Splunk Architect at CentraComm.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

Location Information

Metro Health Conference Center
2225 Main Street
Wyoming, MI, 49519

Map

Our April chapter meeting is on Wednesday April 2nd, 2014 at 5:45PM. Please RSVP if you plan on attending!

To Catch a Thief: Preventing the Next Fortune 500 Data Breach

Abstract: The evolution of the threat landscape continues to challenge security programs within organizations worldwide. With the increasing complexity of advanced persistent threats and BYOD culture, organizations must adapt to protect critical assets from both internal and external threats. Last year, a major medical manufacturing company was targeted by one of its own employees and prevented the breach. Topics discussed include the following: anatomy of the attempted breach; Designing and implementing a critical asset protection program; How to leverage Data Loss Prevention (DLP) technology to safeguard your organization’s critical assets.

Speaker biography: With over 20 years of experience heading up major initiatives for leading organizations around the globe, Robert Eggebrecht’s knowledge and understanding of business development, information security and global product and service launches is extensive. Prior to founding BEW Global, Robert Eggebrecht was an integral part of several high-technology businesses offering solutions including enterprise business applications, communications and information security. He held positions with TicketMaster businesses offering solutions including enterprise business applications, communications and information security. He held positions with TicketMaster, Qwest, Level 3 Communications, Gemplex and Virtela, working domestically throughout the US as well as internationally on assignments in Tokyo, London and Denmark. In these positions Rob was primarily focused on corporate finance, product management, business development and technology based service delivery. He holds a degree in International Business from the University of Denver and management certificates from Georgetown and Stanford University. Rob is an active member in the ISO 27000 community and successfully completed the ISO 27001 Lead Auditor Course and exam.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

Location Information

Metro Health Conference Center
2225 Main Street
Wyoming, MI, 49519

Map

Our March chapter meeting is on Wednesday March 5th, 2014 at 5:45PM. Please RSVP if you plan on attending!

Next Generation of Protection for Network and Endpoint Security – Application Whitelisting & Advanced Threat Detection

Abstract: Over the past decade, the volume of malware produced and potentially infecting organizations, has multiplied by orders of magnitude. The scope of the threat, in conjunction with little to no innovation by traditional security vendors has left organizations like yours vulnerable. Join Brian to discuss the emergence of endpoint malware and the new class of security solutions that can detect threats early and across more points in the kill chain.

Speaker biography: Brian Orr is a Certified Security Professional with over 20+ years of experience in the IT community. The vast majority of his career has been spent as a technical representative for various vendors that offer either business-critical or mission-critical software-based enterprise solutions. Each of the various technologies addresses a certain aspect / layer of a Defense-in-Depth Security Strategy. His diverse & extensive background includes best-of-breed offerings in the areas of Middleware, SOA, J2EE, EAI, SNA, VoIP, FIM, Compliance, DLP, Encryption, & AWL. He is currently working as a Systems Engineer for Bit9 – specializing in Advanced Threat Protection for Endpoint & Server Security.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

Location Information

Metro Health Conference Center
2225 Main Street
Wyoming, MI, 49519

Map

Our November chapter meeting is on Wednesday February 5th, 2014 at 5:45PM. Please RSVP if you plan on attending!

Social Engineering And Its Role In Breaches

Abstract: The discussion will be focused on social engineering. Social engineering played a part in nearly every major hack or breach in 2013 yet it still stays in the background when we consider security controls. This is something that needs to change as we move forward and everyone, every single employee, co-worker, etc, is a living breathing open port into our systems just waiting to be compromised.

Speaker biography: R. Jason Toy is a Security Engineer & Splunk Architect at CentraComm.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

Location Information

Metro Health Conference Center
2225 Main Street
Wyoming, MI, 49519

Map

Our November chapter meeting is on Wednesday November 6th, 2013 at 5:45PM. Please RSVP if you plan on attending!

Engineering Value in an Information Security Practice

Abstract: This platitude is bandied about by security professionals; advice that recognizes the need for customer engagement without describing how to do this. Practitioners are left to rely on their own acumen and interpersonal skills to discern these priorities – a challenge that yields mixed results. This session offers a structured approach to understand business needs ,discern their connection to the security program, market that vision in a palatable manner to management, and finally sell the resulting controls to customers.

Attendees will learn about a healthcare organization’s security team that employed branding principles to inform its risk management and control architecture priorities. This allowed the team to create a program that reflected the brand values espoused by its company. The team then employed marketing techniques to promote the program’s value in supporting patient care to management. Lastly, the team socialized its customer-facing controls utilizing sales techniques that respected patients’ needs and concerns.

Speaker biography: Steven F. Fox offers security guidance to ensure compliance with Federal standards and requirements as a Sr. Security Architecture and Engineering Advisor for the U.S. Treasury. He contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup, and the Security and Privacy workgroup. Mr. Fox brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, a Sr. IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. Steven is a syndicated blogger covering IT Governance, Risk Management, and IT-Business fusion topics. His speaking engagements include Blackhat’s Executive Summit, ISSA, ISC2, and ISACA events, SecureWorld Dallas/Detroit, Hacker Halted, Security B-Sides Chicago/Detroit/Las Vegas, and GrrCon. He also volunteers his time to the Ponemon Institute, Security BSides Detroit and the MichSec security organization.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

Location Information

Metro Health Conference Center
2225 Main Street
Wyoming, MI, 49519

Map

Our October chapter meeting is on Wednesday October 2nd, 2013 at 5:45PM. Please RSVP if you plan on attending!

Dr. Strangecloud or: How I Learned to Stop Worrying and Love the BYoD, presented by Caston Thomas & Paul Cochran

Abstract: Ten to fifteen years ago, the life of a corporate security manager was easy. Firewall… Check… Virus protection… Check… WEP… Check…Then, the attacks became a little more sophisticated. IDS… Check… IPS… Check… WPA2… Check… 2-factor… Check… Check… Check… It became more complex, yet the basic premise of our security infrastructure was the same… Keep the bad guys out… Keep the data in… Over the last few years, profoundly different challenges have arisen and increase exponentially the demands placed on corporate information security… Cloud… Mobile… Compliance… Privacy… Advanced Persistent Threats… DLP… SIEM…

How Do We Fill In the Blanks From the Dissolving Perimeter?
We’re now called to secure data that’s no longer inside our domain. We’re asked to secure users and devices that could be anywhere in the world at any given time. We’re expected to be able to produce a report on the state of every device & every user on the network – possibly even what it looked like six months ago. “Oh yes, we’ll give you an increase in budget. More staff? We’ll get back with you.”

Some would call this a paradigm shift. Some would call it a disaster waiting to happen. Most of us don’t quite yet know what to call it.

In this presentation, we’ll cover:

1. how the combination of BYoD/cloud/mobile and the changing threat landscape present new challenges to InfoSec
2. updating our security framework & infrastructure components without obsoleting what we already have
3. how NAC & mobile management tools can play a pivotal role in bringing the pieces together (includes a demonstration of ForeScout)

Presentation Material

•  Love the BYoD (pdf)

Speaker biography
Caston Thomas brings perspective, knowledge and a practicality to how to combine technology and process change for improving security & management of mobile & the cloud. Caston has pioneered communications & workflow technologies in a number of healthcare organizations. With almost 30 years in corporate information technology, he is sought by business leaders as an expert helping to fill the gap between mobile security frameworks and the operational processes & technologies that make them work. Caston is president of InterWorks, LLC.

A businessman with a heart and commitment to his family and community, Caston has contributed his talents and time to a variety of humanitarian organizations including the Salvation Army, Capuchin Soup Kitchen, and building clinics & orphanages in Ghana.

Schedule

• 5:45-6:15PM Networking/Membership signup / Dinner
• 6:15-7:15PM Presentation
• 7:15-7:45PM Q&A

Location Information

Metro Health Conference Center
2225 Main Street
Wyoming, MI, 49519
Map

Our September chapter meeting is on Wednesday September 4th, 2013 at 5:45PM. Please RSVP if you plan on attending!

Nobody Ever Got Fired For Implementing a Risk Management Program – But they Should Be, presented by Richard Stiennon.

Abstract: Risk Management has become the staple of IT security organizations. Adopted from financial and life insurance models Risk Management makes some unsupportable assumptions of predictability, and knowledge. The three tenets of Risk Management, discovery, ranking, and patching are all impossible to achieve. Therefore Risk Management thinking should be abandoned in favor of threat management.

Schedule

• 5:45-6:15PM Networking/Membership signup / Dinner
• 6:15-7:15PM Presentation
• 7:15-7:45PM Q&A

Location Information

Metro Health Conference Center
2225 Main Street
Wyoming, MI, 49519
Map