Our November chapter meeting is on Wednesday February 5th, 2014 at 5:45PM. Please RSVP if you plan on attending!

Social Engineering And Its Role In Breaches

Abstract: The discussion will be focused on social engineering. Social engineering played a part in nearly every major hack or breach in 2013 yet it still stays in the background when we consider security controls. This is something that needs to change as we move forward and everyone, every single employee, co-worker, etc, is a living breathing open port into our systems just waiting to be compromised.

Speaker biography: R. Jason Toy is a Security Engineer & Splunk Architect at CentraComm.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

Location Information

Metro Health Conference Center
2225 Main Street
Wyoming, MI, 49519

Map

Our November chapter meeting is on Wednesday November 6th, 2013 at 5:45PM. Please RSVP if you plan on attending!

Engineering Value in an Information Security Practice

Abstract: This platitude is bandied about by security professionals; advice that recognizes the need for customer engagement without describing how to do this. Practitioners are left to rely on their own acumen and interpersonal skills to discern these priorities – a challenge that yields mixed results. This session offers a structured approach to understand business needs ,discern their connection to the security program, market that vision in a palatable manner to management, and finally sell the resulting controls to customers.

Attendees will learn about a healthcare organization’s security team that employed branding principles to inform its risk management and control architecture priorities. This allowed the team to create a program that reflected the brand values espoused by its company. The team then employed marketing techniques to promote the program’s value in supporting patient care to management. Lastly, the team socialized its customer-facing controls utilizing sales techniques that respected patients’ needs and concerns.

Speaker biography: Steven F. Fox offers security guidance to ensure compliance with Federal standards and requirements as a Sr. Security Architecture and Engineering Advisor for the U.S. Treasury. He contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup, and the Security and Privacy workgroup. Mr. Fox brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, a Sr. IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. Steven is a syndicated blogger covering IT Governance, Risk Management, and IT-Business fusion topics. His speaking engagements include Blackhat’s Executive Summit, ISSA, ISC2, and ISACA events, SecureWorld Dallas/Detroit, Hacker Halted, Security B-Sides Chicago/Detroit/Las Vegas, and GrrCon. He also volunteers his time to the Ponemon Institute, Security BSides Detroit and the MichSec security organization.

Schedule

5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

Location Information

Metro Health Conference Center
2225 Main Street
Wyoming, MI, 49519

Map

Our October chapter meeting is on Wednesday October 2nd, 2013 at 5:45PM. Please RSVP if you plan on attending!

Dr. Strangecloud or: How I Learned to Stop Worrying and Love the BYoD, presented by Caston Thomas & Paul Cochran

Abstract: Ten to fifteen years ago, the life of a corporate security manager was easy. Firewall… Check… Virus protection… Check… WEP… Check…Then, the attacks became a little more sophisticated. IDS… Check… IPS… Check… WPA2… Check… 2-factor… Check… Check… Check… It became more complex, yet the basic premise of our security infrastructure was the same… Keep the bad guys out… Keep the data in… Over the last few years, profoundly different challenges have arisen and increase exponentially the demands placed on corporate information security… Cloud… Mobile… Compliance… Privacy… Advanced Persistent Threats… DLP… SIEM…

How Do We Fill In the Blanks From the Dissolving Perimeter?
We’re now called to secure data that’s no longer inside our domain. We’re asked to secure users and devices that could be anywhere in the world at any given time. We’re expected to be able to produce a report on the state of every device & every user on the network – possibly even what it looked like six months ago. “Oh yes, we’ll give you an increase in budget. More staff? We’ll get back with you.”

Some would call this a paradigm shift. Some would call it a disaster waiting to happen. Most of us don’t quite yet know what to call it.

In this presentation, we’ll cover:

1. how the combination of BYoD/cloud/mobile and the changing threat landscape present new challenges to InfoSec
2. updating our security framework & infrastructure components without obsoleting what we already have
3. how NAC & mobile management tools can play a pivotal role in bringing the pieces together (includes a demonstration of ForeScout)

Presentation Material

•  Love the BYoD (pdf)

Speaker biography
Caston Thomas brings perspective, knowledge and a practicality to how to combine technology and process change for improving security & management of mobile & the cloud. Caston has pioneered communications & workflow technologies in a number of healthcare organizations. With almost 30 years in corporate information technology, he is sought by business leaders as an expert helping to fill the gap between mobile security frameworks and the operational processes & technologies that make them work. Caston is president of InterWorks, LLC.

A businessman with a heart and commitment to his family and community, Caston has contributed his talents and time to a variety of humanitarian organizations including the Salvation Army, Capuchin Soup Kitchen, and building clinics & orphanages in Ghana.

Schedule

• 5:45-6:15PM Networking/Membership signup / Dinner
• 6:15-7:15PM Presentation
• 7:15-7:45PM Q&A

Location Information

Metro Health Conference Center
2225 Main Street
Wyoming, MI, 49519
Map

Our September chapter meeting is on Wednesday September 4th, 2013 at 5:45PM. Please RSVP if you plan on attending!

Nobody Ever Got Fired For Implementing a Risk Management Program – But they Should Be, presented by Richard Stiennon.

Abstract: Risk Management has become the staple of IT security organizations. Adopted from financial and life insurance models Risk Management makes some unsupportable assumptions of predictability, and knowledge. The three tenets of Risk Management, discovery, ranking, and patching are all impossible to achieve. Therefore Risk Management thinking should be abandoned in favor of threat management.

Schedule

• 5:45-6:15PM Networking/Membership signup / Dinner
• 6:15-7:15PM Presentation
• 7:15-7:45PM Q&A

Location Information

Metro Health Conference Center
2225 Main Street
Wyoming, MI, 49519
Map