Meeting are held every 2nd Tuesday of the month from 3-5 pm CST at the New Berlin Ale House


Topic: Threat Intelligence-moderated open forum discussion

Description: Ken will moderate an open forum discussion on the gathering, and use of Threat Intelligence in the pursuit of cybersecurity.

Date/Time: Tuesday, April 25, 2017, 3-5 pm

Location: New Berlin Ale House. 16000 W. Cleveland Ave. New Berlin, WI 53151

Speaker Bio: Ken Shaurette

Ken is a past President of the ISSA-Milwaukee Chapter and is currently the Director of IT Services for FIPCO (Financial Institution Products Company).


Topic: SANS Lunch and Learn

Description: SANS Lunch and Learn

Date/Time: May 12th, 2017, 12-1 pm. 2pm Monthly meeting.

Location: New Berlin Ale House. 16000 W. Cleveland Ave. New Berlin, WI 53151

Speaker Bio: James Arndt

“Our May meeting will be held on May 12th this year, and in cooperation with SANS. SANS will be sponsoring a "lunch and learn" from 12:00 PM-1:00 PM. Our presenter will be SANS instructor, James Arndt. Immediately after the SANS presentation there will a networking period, and at 2:00 PM we will hold our May meeting.  

 


Previous Meetings and Events


Topic: Cloud Security: Recurring Challenges and Solutions

Date/Time: Tuesday, March 14, 2017, 3-5 pm

Location: New Berlin Ale House. 16000 W. Cleveland Ave. New Berlin, WI 53151

Speaker Bio: Jonathan Villa, Practice Lead, Cloud Security at GuidePoint Security

Jonathan Villa has over 17 years of experience as a technology consultant including 13 years of working experience in the information security field. For over 10 years Jonathan consulted to a large municipality as a senior consultant in several competencies including PCI compliance and training, web application architecture and security, vulnerability assessments, and secure code developer training, web application firewall administration, and co-architected and managed an automated continuous integration environment that included static and dynamic code analysis for over 150 applications deployed to several distinct environments and platforms. Jonathan has worked with virtualization and cloud technologies since 2005 and his main focus has been on cloud security since 2010.

Jonathan has worked with clients across the USA, in South America, and Asia to review and architect secured public and hybrid cloud environments, integrate security into continuous integration and continuous delivery methodologies, write custom security tools using the AWS SDK, and guide customers in understanding how to manage their environments under the Shared Responsibility Model.

Date & Time:  Tuesday, February 14, 2017, 3-5 pm 

What:  Securing and Penetration Testing Microservices and Containers

 

Please join us for an interesting presentation on protecting microservices and containerization platforms, and the tools techniques for pentesting these technologies

 

Topic: Securing and Penetration Testing Microservices and Containers

Microservices are a way of designing software applications as suites of independently deployable services. Containers are structures used to wrap software in a complete filesystem that contains everything an application needs to run. Development teams are frequently turning away from traditional three-tier server architectures and monolithic web applications to microservices and containers to create applications for today’s increasingly mobile, interconnected and cloud-hosted world. 

This talk will:

  • Provide an overview of microservices and containerization
  • Demonstrate popular microservice and container platforms such as Docker and Node.js
  • Outline key security challenges for these technologies
  • Show some tools and techniques for penetration testing these technologies

About the Speaker: Kevin Bong, GSE, PMP, QSA, GCIH, GCIA, GPPA, GSEC, GCFA, GAWN

Kevin is a Manager at Sikich focusing on information security and compliance issues faced by institutions across numerous industry verticals. Prior to joining Sikich, Kevin spent 12 years as a Vice President of a multi-billion-dollar financial group, leading the bank’s security and IT risk management activities. With his experience performing audits, penetration testing, risk assessments and forensic investigations, Kevin provides invaluable guidance to institutions affected by standards such as those related to the FFIEC, NIST, HIPAA and PCI. 

Kevin is the creator of the MiniPwner, a pocket-size penetration testing device used to get remote access to a network. He’s also an author, instructor and a speaker at conferences like RSA, DerbyCon, Security BSides and WACCI. 

Kevin has a Master of Science Degree in Information Security Engineering from the SANS Institute. In addition, he is a Payment Card Industry Qualified Security Assessor (QSA) and a Project Management Professional (PMP) who holds numerous Global Information Assurance Certifications (GIAC), including GIAC Security Expert (GSE), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Perimeter Protection Analyst (GPPA), GIAC Security Essentials (GSEC), GIAC Certified Forensic Analyst (GCFA) and GIAC Assessing and Auditing Wireless Networks (GAWN).

Upcoming Events:

1) March Meeting Jonathan Villa, Practice Lead, Cloud Security at GuidePoint Security will be our March speaker. Jonathan has an extensive background in Technology, including 13 years in the field of Information Security. We can look forward to an interesting presentation. I will include more details in the March newsletter.

2) Student360 The Upper Midwest Security Alliance (UMSA) is presenting a new student-focused education event. This event, modeled after the Secure360 Conference, will be held on Saturday, February 11, 2017 and is focused on three "track" areas for learning including hands-on demonstrations, professional advancement/career sessions, and a career pavilion for recruiting. Find out more here: https://secure360.org/student360/. If you know of any students that might benefit from attendance at this event, please furnish them with the link.

3) Cyphercon 2.0 Mark your calendars for this event being held right here in Milwaukee on March 30-31, 2017. Cyphercon focuses strongly on hacking. You can find out more about it at: https://cyphercon.com/cyphercon-20/.

4) TrendMicro will be presenting at the Lake Country ISC2 meeting on February 9th at 6:00 PM. The meeting will be held at the New Berlin Ale House. The presentation will be focused on changes to security in the cloud

 

As always, if you, or anyone you know, is interested in presenting information of interest to the chapter, please let me or any other chapter officer know. We are always interested in finding topics of current interest in the area of Information Security. Also, if you have ideas that you believe would work well for a round table or moderated panel discussion send those our way.

 

Please RSVP. We look forward to seeing you at the February meeting.

 

Mike Block, President 


 

ISSA January Meeting

Date & Time: Tuesday, January 10, 2017, 3-5 pm  

What:  Enterprise Java: Just What It Is, and the Risks, Threats, and Exposures It Poses

Location:         New Berlin Ale House 

                        16000 W. Cleveland Ave.

                        New Berlin, WI 53151

  http://www.newberlinalehouse.com/Contact.html  

Please join us for an interesting presentation on enterprise Java implementations and the risks, threats and exposures that they are subject to. Alex Senkevitch, CISSP, CISM and co-founder of Securilytics will speak on this topic.

Topic: Enterprise Java: Just What It Is, and the Risks, Threats, and Exposures It Poses

"Enterprise Java" is a term we hear daily. However, how many of us actually--empirically--know what that represents from a risk, threat, and exposure basis? From the asset(s) it's on and data it accesses to the enterprise at-large that it sits within. This talk will explore the size, scope, and omnipresence of "Enterprise Java" in all its forms; and seek to give it a quantifiable attack surface. This talk will encompass various exemplars of where Enterprise Java appears in the enterprise. From the overt and ubiquitous application servers to the not so overt (but still ubiquitous) use in network appliances and "devices" (IoT) emerging today; and what this means to the threat profiles and attack surfaces of your organization.


About the Speaker: Alex Senkevitch, CISSP, CISM


Alex Senkevitch is the Co-Founder and Chief Technical Officer at Securilytics, a security data analytics and intelligence company. Prior to joining Securilytics, Mr. Senkevitch was a principal security researcher and tester for several Fortune 500 companies and consultancies; having twice been the practice manager for the penetration testing practice. In his over 20 years in the cybersecurity industry, he's worked primarily with Fortune 500 and Global 2000 companies, having in-depth knowledge of security programs in such key industries as: financial services, healthcare, insurance, utilities, and manufacturing. His primary security research interest areas have been: data acquisition and manipulation, embedded systems and devices, and enterprise class application "stacks"--such as Enterprise Java. He also holds the CISM and CISSP certifications in good standing.


We recently held a conference call with SANS with the goal of partnering with that organization to provide informative presentations and educational opportunities for our membership. From that discussion we learned that we would be able to get SANS speakers to present at our chapter meetings. They would also assist us with any events that the chapter would organize such as a security conference. We would also be able to participate in training sessions with SANS at discounted pricing. We plan on moving our chapter forward with a SANS partnership, and we will be announcing any planned events here in our newsletter.


 ISSA December Meeting

Date & Time:  

 Tuesday, December 13, 2016, 3-5 pm 

What:  

 Open Forum Discussion of Information Security Topics

Location:  

 New Berlin Ale House

 16000 W. Cleveland Ave.

  New Berlin, WI 53151

 http://www.newberlinalehouse.com/Contact.html 

Please join us for an open forum member's meeting. As we did last December, this meeting will be dedicated to a discussion of information security topics suggested by you, our members. Some possible areas up for discussion might be in the area of Cloud Security. Are you implementing it? Do you find it to be mature and trustworthy, or not? Another area that is gaining traction with security practitioners is surrounding the use of Social Media by many organizations. As we saw with ZeroFOX, who presented here just a couple of months ago, Social Media is being used by bad people to leverage a breach into an organization. Another area that is interesting has to do with machine learning being incorporated into antimalware products and suites, and the relative effectiveness of these newer products in terms of "killing" malware before it can even get started. These are just a few topics that came to me as I am preparing this newsletter. I know that this membership has many other comments and questions that they can bring to this entertaining and informative discussion.

 

Some light snacks and beverages will be on hand, and I look forward to seeing everyone on the 13th.

 


 

ISSA November Meeting

Date & Time:    Tuesday, November 8, 2016, 3-5 pm 

What:  

 1. Adventures in Embedded Device Exploration and Exploitation

 2. GPS Spoofing and You

 

Location:  

New Berlin Ale House

 16000 W. Cleveland Ave.

 New Berlin, WI 53151

 http://www.newberlinalehouse.com/Contact.html 

 

Please join us for presentations by Bobby Kuzma from Core Security. Bobby will speak on analyzing embedded and networked devices for security vulnerabilities and, we will also hear about GPS spoofing. See the summaries below for more information.

 

Topic 1: Adventures in Embedded Device Exploration and Exploitation - Bobby Kuzma (presenter).

Join Core Security's Bobby Kuzma as he demonstrates techniques for analyzing embedded, network enabled devices for security vulnerabilities, and introduce the tools and methodologies for conducting effective security assessments on novel devices.

You'll learn the best tools to get started with, and learn from Bobby's extensive mistakes in getting started in hardware reverse engineering.

 

Topic 2: GPS Spoofing and You! - Bobby Kuzma (presenter)

Welcome to the future, where you can spoof civilian GPS systems easily and cheaply (For under $600!). In this talk Bobby will discuss the concepts and technologies for low cost GPS spoofing, and methodologies for detecting it after the fact. This talk is based on material that was presented by Bobby at the 2016 RSA Conference.

 

About the Speaker: Bobby Kuzma, Core Security.

Here are some other topics Bobby loves to speak about:

-Physical Security for Hackers

-10 Stupid Vulnerabilities I keep seeing on every pentest I do

-Identity Management and Asset Disposal: How NOT to do it.

-Digital Forensics Fails

-Other off the wall security topics as requested

Upcoming Events:

1) December Meeting. Our December meeting will once again be in a round table discussion format. Last year's discussion topics were quite engaging, and everyone's participation in the discussions is wanted. from your questions, to your comments and experiences; it is all very interesting. So, think about a few discussion topics that you'd like the group to address and send them over. I'll compile a list and we can get the conversation going with your questions/comments.

The ISSA-Milwaukee chapter has been approached by SANS to consider a partnership with them. SANS wants to be involved in the community and local organizations, and opportunities for SANS hosted meetings and/or events as well as educational opportunities for members are possible. We will have a meeting with the SANS representative in the very near future and as we find out more in terms of the partnership, we will be sharing that information with you.

As always, if you, or anyone you know, is interested in presenting information of interest to the chapter, please let me or any other chapter officer know. We are always interested in finding topics of current interest in the area of Information Security. Also, if you have ideas that you believe would work well for a round table or moderated panel discussion send those our way.

Please RSVP. We look forward to seeing you at the November meeting.

 

Mike Block, President