Practical Security Radio

BE SAFE...BE SECURE...BE PRACTICAL.

Teresa discusses the ISSA 2020 Speaker Series and Warren Holston, author “Beware the Predator: The American’s Guide to Personal Security” who speaks about the Deep Dark Web.

https://www.mixcloud.com/Practical_Security/guest-teresa-allison-vp-programs-events-issa-dc-discusses-2020-speaker-series-deep-dark-web/

 

 January 16, 2018 at 6:30 PM

Advanced Persistent Security
by Ira Winkler

This talk will feature Ira's new book 
Advanced Persistent Security: A Cyberwarfare Approach to Implementing
Adaptive Enterprise Protection, Detection, and Reaction Strategies.
Make sure to bring your copy and have it signed by the author.   

Abstract
There is a great deal of hype out there regarding Advanced Persistent Threats, sophisticated attackers, and otherwise unstoppable attackers. The reality is that just about all attackers can be stopped with the appropriate security programs in place. The problem is however that few security programs are designed in a way to be effective at stopping any committed attacker. Another problem is that there is a failing in security programs as to what they should actually do. In this presentation, Ira contends that security programs should be designed to stop attackers from getting out; not necessarily stopping them from getting in. This presentation will discuss how to create the appropriate mindset within your organization, and how to create a security program that stops even the most advanced adversaries.

About the Speaker
Ira Winkler, CISSP is President of Secure Mentem and author of Advanced Persistent Security. He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media. He did this by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs. Ira also won the Hall of Fame award from the Information Systems Security Association, as well as several other prestigious industry awards. Most recently, CSO Magazine named Ira a CSO Compass Award winner as The Awareness Crusader.

Ira is also author of the riveting, entertaining, and educational books, Advanced Persistent Security, Spies Among Us and Zen and the Art of Information Security. He is also a columnist for ComputerWorld, and writes for several other industry publications.

Mr. Winkler has been a keynote speaker at almost every major information security related event, on 6 continetnts, and has keynoted events in many diverse industries. He is frequently ranked among, if not the, top speakers at the events.

Mr. Winkler began his career at the National Security Agency, where he served as an Intelligence and Computer Systems Analyst. He moved onto support other US and overseas government military and intelligence agencies. After leaving government service, he went on to serve as President of the Internet Security Advisors Group, Chief Security Strategist at HP Consulting, and Director of Technology of the National Computer Security Association. He was also on the Graduate and Undergraduate faculties of the Johns Hopkins University and the University of Maryland. Mr. Winkler was recently elected the International President of the Information Systems Security Association, which is a 10,000+ member professional association.

Mr. Winkler has also written the book Corporate Espionage, which has been described as the bible of the Information Security field, and the bestselling Through the Eyes of the Enemy. Both books address the threats that companies face protecting their information. He has also written hundreds of professional and trade articles. He has been featured and frequently appears on TV on every continent. He has also been featured in magazines and newspapers including Forbes, USA Today, Wall Street Journal, San Francisco Chronicle, Washington Post, Planet Internet, and Business 2.0.

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, January 16, 2018 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

Join us on Tuesday, September 20 for our monthly chapter meeting with a special guest speakers:

 

Panel Discussion: 
Day in the Life of a Cyber Founder

Abstract
Join us as we explore how our Women Founder panelists are preparing our Workforce of the future, as well as their dedication in providing cybersecurity services in protection of our global citizens in an increasingly digital world. We will discuss the major cybersecurity drivers creating the most entrepreneurial opportunity, as well as how they are positively impacting the global ecosystem going forward. Our pioneering industry veterans boast decades of salient leadership and technology experience and constantly work to innovate and develop across many global programs.

 

Panelists:
kim farringtonKim Farington is an experienced Chief Executive Officer (CEO) with a demonstrated history of working in the cybersecurity industry and with Federal Government systems. She founded KTech to provide federal agencies and related organizations with the edge they need to stay on top of cyber threats and preparations.
As a former Board member of the Excelsior College National Cybersecurity Institute in Washington, DC, Kim is skilled in cybersecurity, public speaking, and leadership. She has professional expertise in cybersecurity and keeping clients’ systems, data and files safe and secure.
Kim earned a Kennedy School of Government Executive Certificate focused in Public Leadership from Harvard University. She is also the inventor of the USB EZ Storage Case, a tool that has proven benefits for data and file security for all types of organizations.

jessica gulickJessica Gulick is Commissioner of the US Cyber Games, a multi-phased cybersecurity program recruiting the US Cyber Team; CEO of Katzcy, a woman-owned growth strategy and marketing firm; and, founder of PlayCyber, a new business line promoting cyber games and tournaments. An MBA, CISSP and PMP, Gulick is a 20-year veteran in the cybersecurity industry with proven experience in starting businesses, leading cross-functional cyber teams, co-authoring NIST Special Publications, capturing commercial and government business and running epic cybersecurity games and tournaments. She is passionate about cybersecurity as an esport where players, fans, and companies can collaborate, and strongly advocates for diversity in the workforce. She is also the president of the board at the Women's Society of Cyberjutsu and a member of the Bay Path University Cybersecurity Education Advisory Council.

 

sharon brownMs. Sharon Brown Jacob’s community activism is a testament to who she is and she plays an active role in her community as the Chief Executive Officer of Strategic Alliances Group, Inc, Founder of New-Service Training Employment Program, Inc., Chair of Harford Community College Foundation Board of Directors, Bel Air, MD, and Former President, Women in Defense Mid-Atlantic Chapter, Aberdeen Proving Ground, MD.

Sharon retired from the United States Army in 2011 as a Lieutenant Colonel after serving as a PATRIOT Air Defense Artillery and Acquisition Corp officer for 22 years. She has a Bachelor of Science degree in Industrial Engineering Technology from Georgia Southern College, and a Master of Science degree in Systems Acquisition Management from the Naval Postgraduate School in Monterey, California.

Sharon received her military commission through the Georgia Southern College, Statesboro, Georgia Reserve Officer Training Corps program as a Second Lieutenant in 1989 and completed two tours in Germany and one deployment to Desert Shield/Storm. Sharon completed the United States Army Combined Arms and Staff School and is a resident graduate of the United States Army Command and General Staff College.

Moderator:
rhonda farrellDr. Rhonda Farrell is an entrepreneur, innovator, transformation strategist, change agent and evangelist, influencer, and technology and management consultant.
Her leadership career has spanned 30+ years, serving the USMC and Fortune 500, state, civil, and Federal government agencies. Innovation-oriented methodologies, principles, and approaches have been applied in the areas of cybersecurity, engineering, operations, quality, change, management, and organizational development.
She is the CEO of Global Innovation Strategies (GIS), and the Founder of Cyber & STEAM Global Innovation Alliance (CSTGIA), a partnership of 50+ organizations providing awareness, education, apprenticeships, and elevation opportunities for girls, youth, women, and veterans.
She is active in industry working groups and has contributed to the DoD CIO body of knowledge on Digital Modernization, Cloud Strategy, and the DoD Enterprise DevSecOps Reference Design, as well as being a contributing author for many ISSA Journal articles, the Women in Security, Changing the Face of Technology and Innovation within the Women in Engineering and Science series, and the Guide to Security Assurance for Cloud Computing.
Connect with her at linkedin.com/in/rhondafarrell or at her website www.gblinnovstratllc.com

 

Must register here if you plan to attend.

Join us on Tuesday, July 19 for our monthly chapter meeting with a special guest speaker:

 

Back Doors and Breaches
by Alex Grohmann

Abstract
Come to this interactive session to learn how to learn the Incident Response with Backdoors & Breaches, an Incident Response online game, created by Black Hills Information Security and Active Countermeasures. Backdoors & Breaches contains 52 unique cards to help you conduct incident response tabletop exercises and learn attack tactics, tools, and methods. The session will open with a review of the rules of the game, and then participants will go through one of the risk scenarios with the facilitator.

 
Speaker Bio
alex grohmann
Alex Grohmann has over two decades of experience in technology-related information security, risk management and data privacy.  During his career, he has worked at both the state and Federal level, and his private sector involvement has spanned from energy to financial services. He is the founder and operator of Sicher Consulting, LLC. Mr. Grohmann holds industry certifications of CISSP, CISA, CISM and CIPT. He holds two undergraduate degrees from Florida State University as well as an MBA from UMUC.  
 
Mr. Grohmann is a Fellow at the Information Systems Security Association (ISSA), an international organization of information security professionals. He is the recipient of their international ‘Honor Roll’ for his lifetime contributions to the information security community. He has served on the board of directors for the Northern Virginia chapter of ISSA for over ten years, including as president for three.  During his time, the chapter won the Chapter of Year. 
 
He is a graduate of the FBI’s Citizens’ Academy and served on the board of directors for the Washington DC chapter of InfraGard for four years. Currently Mr. Grohmann serves on the board directors of Northern Virginia Community College’s Workforce Development taskforce, NOVA Cybersecurity Advisory Board and is a mentor at MACH 37, the Virginia cyber security accelerator. He also sits on the IT sector coordinating council (IT-SCC).
 

 

Register here.  

Must use the link above to register if you plan to attend.

Join us on Tuesday, June 21 for our monthly chapter meeting with a special guest speaker:

 

Launching Your Career in the Cloud Computing
by Prem Jadhwani, CEO Intellectual Point

Abstract
Cloud computing is one of the hottest technologies with a high demand for qualified professionals. The median salary for IT pros currently in a cloud computing career in the U.S. is $124,300. However, it is not the easiest of jobs to acquire because it is a specialty area. To secure a job in this field, a candidate must have several specific skills. Let’s see what they are so you can get your cloud computing career started!

Amazon's (AWS) selection of Crystal City (Arlington VA) for its new headquarters will bring $15 billion and 62,000 jobs by 2025. Are you ready for being part of this lucrative career?

There is a great deal of interest from those with traditional IT skills—such as help desk technicians, data center admins, enterprise architects, developers, and networking engineers—to steer themselves into a cloud computing career that will not only provide job protection but pay better as well. However, the path to cloud computing riches is not that clear for most.

 The good news: There is a path for many IT pros into the cloud. In this meetup, we will show you how to map a path to those cloud computing jobs from your current state if you are a Helpdesk or datacenter admin, enterprise architect, database admin, application developer, system admin, test/QA engineer, or networking engineer.

The patterns for getting from traditional IT to cloud IT are basically the same for most IT roles: Get smart on specific cloud technology and do it fast. Take advantage of the AWS and Azure training, boot camps, and exam readiness workshops.

 

Speaker Bio

prem jadhwaniPrem Jadhwani works as a Chief Executive Officer (CEO) & Founder of Intellectual Point – a Reston VA based professional IT Training, Education & Solutions Provider. He also serves as a Chief Technology Officer (CTO) for Government Acquisitions - an IT Solutions Provider & Trusted Advisor to the Federal Government. His primary responsibilities include defining, developing and delivering professional, hands-on IT Trainings and Solutions in the areas of Cyber Security, Cloud Computing, Data Center, Networking, Big Data Analytics, Mobility, Internet of Everything and Emerging Technologies.

Mr. Jadhwani possesses over 20 years of experience working in the enterprise IT space with both commercial and Federal customers. He has a strong blend of technology and marketing background and has worked with a number of Technology and Software firms, including TIBCO Software, See Beyond Technology Corporation (now acquired by Sun/Oracle), Infogix Systems Inc., GTSI Corporation and Unicom Government Inc.

 Prem has a well-rounded and extensive product management experience and has a proven track record of successfully training, coaching and mentoring people and with hands-on marketable skills in areas such as Cyber Security, Cloud Computing and Project Management and preparing them for highly skilled IT and management careers in rapidly growing IT space. He provides technical and business expertise in Data Center, Green IT, Enterprise Networking, Information Assurance & Network Security, Unified Communications, Wireless, Virtualization & Cloud Computing solutions to customers and is a prominent speaker at various trade-shows and conferences. Prem was nominated and has served as a Commissioner for the 2012 TechAmerica STLG Cloud Computing Commission as well as 2012 TechAmerica Big Data Commission. Prem is an active contributor to various industry discussions, panels and his work and articles have been published in numerous journals and periodicals. Prem has an intuitive ability to be able to envision technological changes and provide technical direction and trainings to the companies and customers.

Prem is also involved as an adjunct faculty for instructing graduate level degree courses in Cyber Forensics, Big Data, Virtualization and Cloud Computing at various reputable universities like University of Maryland University College (UMUC), Strayer University and several others. Prem holds several advanced academic credentials including MS in Computer Science, MBA in Marketing and has completed his coursework towards a Ph.D. in Cyber Security from George Mason University. He also holds 100+ advanced IT Certifications and Credentials including CISSP, CISM, CISA, CEH, CSM, CHFI, VCP, GIAC, GCIH, ITILv3, CCSP, CCNP, CCVP and several others.

 

 

Register here.  

Must use the link above to register if you plan to attend.

Join us on Tuesday, May 17 for our monthly chapter meeting with a special guest speaker:

 

Ransomware Response, A Lawyer’s Perspective,
Presented by Mark Rasch, Computer Security and Privacy Lawyer

Abstract
Typically, response to ransomware attacks is considered to be a technical issue for CISO’s and technical staff. This session will focus on the legal issues associated with ransomware - who has responsibility for prevention of attacks, who has responsibility for response, what standards should be used? It will also discuss topics like ransomware insurance (the good, the bad and the ugly), liability for paying (or not paying) ransom, duties to customers, clients, and third parties, and other associated legal issues.

Speaker Bio
mark raschMark Rasch is a lawyer and computer security and privacy expert and a lawyer in Bethesda, Maryland and a Professor of Cyberlaw and Cyber-crime at George Washington University School of Law.

Rasch’s career spans more than 35 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response. Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division.  He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris.

Mark is a frequent commentator in the media on issues related to information security, and is the author of hundreds of articles about the Internet, Internet privacy, hacking, cryptocurrency, blockchain and ransomware.

 

 

Register here.  

Must use the link above to register if you plan to attend.

Join us on Tuesday, April 19 for our monthly chapter meeting with a special guest speaker: 

Regulatory Developments, AI and Cybersecurity
by Charlyn Ho and Cassandra Carley

Abstract
The California Privacy Rights Act (CPRA), one of the most comprehensive privacy rights legislation in the country, was adopted by a majority of California voters on November 3, 2020, and goes into effect January 1, 2023. The CPRA amends the California Consumer Privacy Act (CCPA) and, among other things, adds new opt-out and access requirements for “profiling” and automated decision making. Join us for a timely discussion with Perkins Coie technology transactions and privacy attorney Charlyn Ho and privacy litigation attorney Cassandra Carley regarding how the new California ballot initiative will affect AI and the intersection of privacy and data security. 

Speaker Bio
ho charlynPerkins Coie Technology Transactions and Privacy Partner, Charlyn Ho counsels clients on legal issues related to technology and privacy, including those affecting e-commerce sites, mobile devices and applications, artificial intelligence (AI)/machine learning (ML), virtual reality (VR), mixed reality (MR) and augmented reality (AR) platforms, cloud services, enterprise software, cryptocurrency platforms and Internet of Things devices. Charlyn serves as the co-lead of the firm’s Immersive Technology vertical. She provides strategic advice and counseling to all types of technology companies throughout their lifecycle, from startup to established enterprises. She also has represented domestic and international clients on banking, acquisition financing, mergers and acquisitions and securities transactions.

Charlyn presents regularly on topics related to her practice including teaching courses to in-house counsel and non-lawyers on negotiating technology agreements and transactions. 
 
Prior to becoming an attorney, Charlyn served as an active duty supply corps officer in the U.S. Navy, where she gained firsthand experience negotiating with some of the world’s largest defense contractors and extensive project management skills. Charlyn was a lead business manager for shipbuilding contracts in the Naval Nuclear Propulsion Program. In her role, she was responsible for developing, negotiating and implementing budgets and contracts to refuel nuclear powered aircraft carriers and submarines, which required collaboration with senior level policymakers and technical experts.
 
cassi carleyCassandra (Cassi) Carley is an associate at Perkins Coie in the privacy litigation group. Cassi attended New York University School of Law where she was a Birnbaum Women’s Leadership Network fellow, Journal of Intellectual Property and Entertainment Law staff editor, OUTLaw member, and Cyber Scholar. She also co-founded Rights over Tech (R/T), an organization for NYU Law students interested in open conversations about the impact of technology on human and civil rights, and served as president. While at NYU, Cassi also externed with the Bureau of Internet and Technology (BIT) of the New York Attorney General's Office, as well as with the NYU Technology Law & Policy Clinic.
 
Before entering law school, Cassi earned her Ph.D. in computer science from Duke University. Her thesis focused on computer vision and machine learning. Cassi also earned her undergraduate degree from Duke University, where she was a member of Duke’s NCAA Division I women’s lacrosse team and Baldwin Scholar.

 

 

Register here.  

Must use the link above to register if you plan to attend.

ira winkler march 23 2022

Join us on Tuesday, March 15 for our monthly chapter meeting with a special guest speaker:

 

The 2022 Annual Non-Profit Security Incident Report
by Matthew Eshleman, Chief Technology Officer at Community IT

Abstract
Most small-to-medium sized nonprofit organizations do not prioritize cybersecurity, despite the risks faced by many of these organizations. The threat landscape continues to evolve and grow and most organizations are at greater risk than they realize. This report shares some of our experiences and insights from the front lines. We establish a solid business case for making nonprofit cybersecurity an organizational priority. In our unique role as a managed services provider to over 140 organizations representing 6500 devices, we have the unique insights into how nonprofits are targeted and how they can defend themselves.

You’ll be treated to an early preview of Community IT Innovators 4th Annual Nonprofit Cybersecurity Incident Report, which will be released formally in April. Our goal is to help nonprofits establish a credible business case for taking cybersecurity seriously and to provide specific and meaningful recommendations for threat mitigation and incident response, in language accessible to any nonprofit executive, decision-maker, or IT staff person.
 
Speaker Bio
As the Chief Technology Officer at Community IT, Matthew Eshleman is responsible for shaping Community IT’s strategy around the technology platforms used by organizations to be secure and productive. With a deep background in network infrastructure he fundamentally understands how secure technology works and interoperates both in the office and in the cloud.
 
Matt joined Community IT as an intern in the summer of 2000 and after finishing his dual degrees in Computer Science and Computer Information Systems at Eastern Mennonite University he rejoined Community IT as a network administrator in January of 2002. Matt has steadily progressed at Community IT and while working full time received his MBA from the Carey School of Business at Johns Hopkins University. He now serves as CTO and Cybersecurity expert.
 
Available for speaking engagements
 
Matt is a frequent speaker on cybersecurity topics. In addition to numerous cybersecurity webinars for the Community IT monthly webinar series, he has also given cybersecurity talks at these organizations:
 
NTEN/NTC events
Inside NGO conference
Non-Profit Risk Management Summit
Credit Builders Alliance Symposium
Jewish Federation IT Operations Conference
New York State Grantmakers Association
AkoyaGO Empowered User Conference
LGBT MAP CFO conference
Land Trust Rally
He is also the session designer and trainer for TechSoup’s Digital Security and Cloud Security courses, and our resident Cybersecurity expert. To request Matt for a webinar, as a guest on your podcast, or to give a cybersecurity talk to your organization, contact him here.

 

Register here.  

Must use the link above to register if you plan to attend.

Join us on Tuesday, February 15 for our monthly chapter meeting with a special guest speaker:

 

Mentoring Cybersecurity Professionals
By Mari Galloway, CEO Women’s Society of Cyberjutsu

Abstract
The growth of the Cybersecurity profession is expanding exponentially, as a result there is a strong need to mentor the next generation of Cyber professionals. What do these emerging professionals require to help them grow within the Cybersecurity field? What does it take to be an exceptional mentor? How can we expand the pool of mentors within Cyber? What are the special mentorship needs of diverse populations? Mari Galloway CEO and a Founding Board Member for the Women's Society of Cyberjutsu (WSC) will discuss these issues.

 
Speaker Bio
mari gallowayMari is the CEO and a founding board member for the Women's Society of Cyberjutsu (WSC), one of the fastest growing 501c3 non-profit cybersecurity communities dedicated to bringing more women and girls to cyber. WSC provides its members with the resources and support required to enter and advance as a cybersecurity professional. 
 
Mari began her cyber career with Accenture where she excelled as a Network Engineer. Mari is also the inaugural ISC2 Diversity Award winner for 2019. With over 12 years of Information Technology, 10 of which are in cybersecurity, her experience spans network design and security architecture, risk assessments, vulnerability management, incident response and policy development across government and commercial industries. 
 
She holds a variety of technical and management certifications (CISSP, GIAC, CCNA, etc.) as well as a bachelor’s degree in Computer Information Systems from Columbus State University and a Master of Science in Information Systems from Strayer University. 
 
Mari is currently a resident of Las Vegas working as a Customer Success Architect for Palo Alto Networks. She regularly contributes content to security blogs and training companies across the country as well as an Adjunct Professor for UMGC. She also lends her time to various organizations as an award judge, mentor, and advisor. Outside of being a geek, Mari enjoys arts, puzzles, and legos! @marigalloway mostlymimi.com

 

 

Register here.  

Must use the link above to register if you plan to attend.

Do you have what it takes to be a champion of cyber security knowledge? Join the ISSA DC, ISSA NOVA, and ISSA Central MD chapters for a Trivia Night and you can prove your cyber security knowledge and may even win a prize!

 

Cyber Trivia Competition
Jim Broad



Schedule for the Event
• Opening remarks 6:30 PM - 6:45 PM
• Competition Time 6:45 PM - 8:00 PM

Individual Competition
Round 1: 20-minutes / 10 Questions (1st Place, 2nd Place, 3rd Place Winner)
Round 2: 20-minutes / 10 Questions (1st Place, 2nd Place, 3rd Place Winner)
Round 3: 20-minutes / 10 Questions (1st Place, 2nd Place, 3rd Place Winner)
ISSA Chapter Competition
ISSA Chapter Trophy Winner (ISSA DC, ISSA NOVA, and ISSA Central MD)

Jim Broad, Cyber Trivia Competition Host
james broadMr. James Broad (CISSP, C|EH, CPTS, Security+, MBA), authored the NIST RMF text book, Risk Management Framework: A Lab-Based Approach to Securing Information Systems which is utilized in cybersecurity MBA and graduate certificate programs focusing on risk management. He also co-authored Hacking with Kali. Mr. Broad serves as a faculty member for Concordia University SP. In that capacity he mentors and teaches online cybersecurity graduate certificate and MBA students to develop and apply the most current risk management methods embodied in the NIST RMF. He works with Mission Critical Institute to enable students to participate in the cloud based NIST RMF internship offered through Cyber-Recon. When they successfully complete internship students have a NIST RMF e- project portfolio which represents their cybersecurity risk management project experience. Mr. Broad is an experienced cybersecurity professional with a strong and proven background in leading people, managing programs and projects and driving improvement and change.
Mr. Broad established Cyber-Recon in 2008. Cyber-Recon provides information security consulting services as well as training and volunteer opportunities which enable security professionals to enhance their security skills while providing needed services to the community.
Mr. Broad has had extensive experience in implementing security at all phases of the development lifecycle. His expertise includes: Penetration Testing, Certification and Accreditation, Change Management, Vulnerability Assessment, Documentation and Instruction as well as compliance standards including Sarbanes Oxley (SOX), Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), Department of Defense DoD), National Security Agency (NSA) and National Institute of Standards and Technology (NIST). Further, his experience extends to support risk management initiatives at the largest global hedge fund.

 

Register here.  

Must use the link above to register if you plan to attend.

Join us on Tuesday, January 18 for our monthly chapter meeting with a special guest speaker:

 

Controlling Privacy and the Use of Data Assets
Ulf Matteson

Abstract

ulf mattesonUlf Matteson will be discussing his new book, “Controlling Privacy and the Use of Data Assets – The New World Currency: Data and Trust”. He will share some valuable lessons learned from companies about the safeguards and approaches that organizations need to take in order to successfully implement data privacy and security.

About the Author
Ulf Mattsson is a recognized information security and data privacy expert with a strong track record of more than two decades implementing cost-effective data security and privacy controls for global Fortune 500 institutions, including Citigroup, Goldman Sachs, GE Capital, BNY Mellon, AIG, Visa USA, Mastercard Worldwide, American Express, The Coca Cola Company, Wal-Mart, BestBuy, KOHL's, Microsoft, IBM, Informix, Sybase, Teradata, and RSA Security.

He is currently the Chief Security Strategist and earlier the Chief Technology Officer at Protegrity, a data security company he co-founded after working 20 years at IBM in software development. Ulf holds a Master's degree in Physics in Engineering from Chalmers University of Technology in Sweden. Ulf is an inventor of more than 70 issued U.S. patents in data privacy and security.

Ulf is active in the information security industry as a contributor to the development of data privacy and security standards in the Payment Card Industry Data Security Standard (PCI DSS) and American National Standards Institute (ANSI) X9 for the financial industry. He is on the
advisory board of directors at PACE University, NY, in the area of cloud security and a frequent speaker at various international events and conferences, including the RSA Conference, and the author of more than 100 in-depth professional articles and papers on data privacy and security, including IBM Journals, IEEE Xplore, ISSA Journal and ISACA Journal.

Do you have what it takes to be crowned the king or queen of cyber security knowledge? Join us for a Trivia Night and you can prove your cyber security knowledge and may even win a prize!

 

Register here.  

Must use the link above to register if you plan to attend.

  Join us on Tuesday, November 11 for our monthly chapter meeting with a special guest speaker:  

 

ISSA Mid-Atlantic Summit
CISO Panel Discussion: Cyber Supply Chain Risk Management 

 

Must register here to attend.

Abstract
The Solarwinds Attack has caused government and private sector organizations to renew their focus on strengthening Cybersecurity Supply Chain Risk Management. By statute, federal agencies must use NIST’s C-SCRM and other cybersecurity standards and guidelines to protect non-national security federal information and communications infrastructure. The SECURE Technology Act and FASC Interim Final Rule gave NIST specific authority to develop C-SCRM guidelines. Matthew Butkovic, Technical Manager of the Cybersecurity Assurance, Software Engineering Institute will moderate a discussion with Dr. George Duchak, Chief Information Officer, DLA Information Operations and Robert S. Metzger, Shareholder at the Rogers, Joseph, O’Donnell Washington, D.C. law firm’s Cybersecurity and Privacy Practice Group to share their thoughts about designing stronger cybersecurity risk management strategies and approaches.

issa dc november11 2021

Matthew J. Butkovic (Panel Moderator)
Technical Manager of the Cybersecurity Assurance, Software Engineering Institute
Matthew Butkovic is the Technical Manager of the Cybersecurity Assurance team within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Butkovic performs critical infrastructure protection research and develops methods, tools, and techniques for evaluating capabilities and managing risk.
Butkovic has more than 15 years of managerial and technical experience in information technology (particularly information systems security, process design and audit) across the banking and manufacturing sectors. Prior to joining CERT in 2010, Butkovic was leading information security and business continuity efforts for a Fortune 500 manufacturing organization.
Butkovic is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA)

Dr. George Duchak (Panelist)
Chief Information Officer, DLA Information Operations
Dr. George Duchak is the Chief Information Officer for the Defense Logistics Agency (DLA). He was previously the Deputy Assistant Secretary of Defense (DASD) for Command, Control, Communications, Cyber & Business Systems (C3CB). Prior to becoming a DASD, he was the founding Director of the Defense Innovation Unit Experimental (DIUx) in Mountain View, CA, where he served as a conduit between leading edge Silicon Valley innovators and the Department of Defense. Prior to that, he led the Air Force's and nation's premier research organization for command, control, communications, computers and intelligence (C4I) and cyber technologies as the Director of the Air Force Research Laboratory’s Information Directorate, Rome, NY. There, he was selected as the Federal Laboratory Director of the Year from over 300 federal lab directors. He is also a former DARPA Program Manager where he conceived of, developed, and transitioned to the services a portfolio of programs in the broad area of C4I and Cyber. He was a private sector entrepreneur and businessman with more than a decade of private industry experience starting several companies that served the US Government by providing technical consultancy or product. His private sector experience was software product focused principally in the area of intelligence exploitation using crowd sourcing techniques, big data analytics and cloud services well before industry in general and DoD began to move in this direction. Finally, and most importantly, he is a retired naval officer.

Dr. Duchak is a graduate of the U.S. Naval Academy, the Naval Postgraduate School, The Ohio State University, George Mason University and University of Chicago Booth Graduate School of Business earning degrees in Mechanical Engineering, Aerospace Avionics, Aeronautical Engineering, Public Policy, and Business Administration. He completed the Program Management Course at the Defense Acquisition University and is a certified level 1 in Program Management as well as Systems Engineering, and level 2 in Test & Evaluation and Budgeting. He is a licensed Professional Engineer and has completed the Carnegie Mellon University Chief Information Security Officer (CISO) course and Harvard’s Information Security course. He is a senior fellow Auburn University’s McCrary Center for Cyber Security, a member of the Intelligence and National Security Alliance Cyber Security Committee, and a current board member of the Blue Cross and Blue Shield Cybersecurity Subcommittee. Dr. Duchak is married to Sonya Milley, Esq., an attorney, and they have two grown children, Alexander and Tatiana.

Robert S. Metzger, Shareholder - (Panelist)
Shareholder, RJO – Rogers| Joseph | O'Donnell, PC
Mr. Metzger heads the Rogers, Joseph, O’Donnell Washington, D.C. office. He co-chairs the law firm’s Cybersecurity and Privacy Practice Group and is a member of the Government Contracts Practice Group. His practice includes cyber and related national security matters in addition to a wide range of public procurement and regulatory matters. In his litigation practice, he is counsel of record for Microsoft Corporation in the Court of Federal Claims litigation brought by Amazon Web Services protesting the $10B DoD award of the “JEDI” cloud services contract to Microsoft. He has represented other class-leading, international technology firms in a variety of administrative controversies, as well as state and federal litigation. He has advised U.S. aerospace and defense and international technology companies on export control laws, on CFIUS and FIRRMA, and on sanctions issues. He also represents leading information technology hardware, software and solution providers in state and local procurements.

Co-Sponsored by ISSA DC, ISSA NOVA, ISSA Central Maryland Chapters and Carnegie Mellon Heinz College CISO program

Must use the link above to register if you plan to attend.

 

 

  Join us on Tuesday, October 19 for our monthly chapter meeting with a special guest speaker:  

 

Security Implications: Schrems II, CCPA, and Brexit
by K Royal

https://attendee.gotowebinar.com/register/8476871129791789326

Abstract
On July 16, 2020, the Court of Justice for the European Union published their opinion on Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems (called "Schrems II"). This decision invalidated the EU-US Privacy Shield and provided requirements for data transfer mechanisms. This decision has had far-reaching consequences for US companies doing business in the EU, but also for companies globally. What does this mean for companies and specifically, for security professionals? Will the EU drive global security requirements? And if so, how does it align with the new California laws or with the UK withdrawal from the EU? Join us as we discuss global developments in privacy and put them in context of managing a forward-looking security program.

 

Speaker bio

k royalK Royal is an attorney and global privacy professional with 25 years of experience in the legal and health-related fields. She has the distinct honor of filing the first successful joint controller / processor Binding Corporate Rules for data transfers out of the European Union and founded a program for women in house attorneys that is now a Global Women in Law and Leadership annual summit held at the United Nations in New York. As an attorney, she has received numerous honors for her leadership in both technology and diversity, including Forty-under-40 recipient for Phoenix, named an Outstanding Woman in Business, and Member of the Year for the Association of Corporate Counsel (out of 43k members globally). K received her law degree from the Sandra Day O'Connor College of Law at Arizona State University and is in the dissertation phase of her PhD in public policy from the University of Texas at Dallas.

She is currently the Associate General Counsel at TrustArc and is an adjunct law professor at her alma mater teaching privacy law. She is certified through the IAPP as a Fellow of Information Privacy (FIP), Privacy Management (CIPM), and US and EU Privacy Law (CIPP/US, CIPP/E) and as a Data Privacy Solutions Engineer through ISACA. K also serves on the boards of several non-profit organizations.

Must use the link above to register if you plan to attend.

  Join us on Tuesday, September 21 for our monthly chapter meeting with a special guest speaker:  

 

Balanced Attacker Model
by Dr. Earl Crane PhD, CEO, Earl Crane LLC,
Adjunct Professor at Carnegie Mellon University CISO Certificate program

 

Must register here to attend. 

 

Abstract

Cybersecurity risk management is a constant struggle of insufficient resources against almost unlimited attackers. What makes a cybersecurity professional successful is balancing attackers with the right controls protecting the right assets. This is the “Balanced Attacker Model”.

In this session we will walk through a table-top exercise of the Balanced Attacker Model using a “risk deck” of cybersecurity loss scenarios. This exercise helps leadership identify and plan a course of action to address cybersecurity risks before an incident happens. This exercise has been taught to 100’s of government and commercial cybersecurity professionals, through Carnegie Mellon University and the University of Texas at Austin. 

The risk deck is available for purchase for $20 here:

https://www.earlcrane.com/card-decks

 

Speaker bio
Dr. Earl Crane is a cybersecurity executive and trusted advisor to public and private sector organizations, having worked at early security startups, Homeland Security, and the White House National Security Council. Dr. Crane has delivered this exercise to 100’s of government and commercial cybersecurity professionals, through Carnegie Mellon University and the University of Texas at Austin.

Must use the link above to register if you plan to attend.

  Join us on Tuesday, August 31 for our monthly chapter meeting with a special guest speaker:  

 

Creating the Next Generation of Cyber Professionals
by Prem Jadhwani, CEO, Intellectual Point

Conference Call Information: 
https://attendee.gotowebinar.com/register/4253667857370550800 

Abstract
The cyber threat landscape is evolving rapidly and the corporations are scrambling to find skilled people to fill the cyber positions. There is clearly an acute shortage of skilled cyber professionals. Cybersecurity workforce training and development is going through a major transformation today with the changing threat landscape as well as rapidly evolving technologies such as machine learning, artificial intelligence and big data analytics. This presentation will bring real world best practices from the trenches on how cyber security education and training can be both affordable and effective in helping people fill the cyber security job openings with the right skills. The presentation will highlight critical skills required in the next generation of cyber professionals and how is the role of a security analyst rapidly evolving with the advent of advanced targeted attacks and zero day attacks. Attendees will walk away with a clear understanding of practical cyber security training solutions as well as best practices in developing and delivering an effective cyber security program from a pragmatic perspective within the commercial and federal organizations. Attendees will learn how an accredited training provider (Intellectual Point) has been leveraging the Workforce Innovation Opportunity Act (WIOA) program to effectively impart cyber security education to the unemployed and underemployed folks and help them transition to a lucrative and stable career in cyber security with the help of hands-on professional short courses and IT certifications.

 

Speaker bio
prem jadhwani
Prem works as a Chief Executive Officer (CEO) & Founder of Intellectual Point – a Reston VA based professional IT Training, Education & Solutions Provider. He also serves as a Chief Technology Officer (CTO) for Government Acquisitions - an IT Solutions Provider & Trusted Advisor to the Federal Government. His primary responsibilities include defining, developing and delivering professional, hands-on IT Trainings and Solutions in the areas of Cyber Security, Cloud Computing, Data Center, Networking, Big Data Analytics, Mobility, Internet of Everything and Emerging Technologies.

Mr. Jadhwani possesses 20 years of experience working in the enterprise IT space with both commercial and Federal customers. He has a strong blend of technology and marketing background and has worked with a number of Technology and Software firms, including TIBCO Software, See Beyond Technology Corporation (now acquired by Sun/Oracle), Infogix Systems Inc., GTSI Corporation and Unicom Government Inc.

Prem has a well-rounded and extensive product management experience and has a proven track record of successfully training, coaching and mentoring people and with hands-on marketable skills in areas such as Cyber Security, Cloud Computing and Project Management and preparing them for highly skilled IT and management careers in rapidly growing IT space. He provides technical and business expertise in Data Center, Green IT, Enterprise Networking, Information Assurance & Network Security, Unified Communications, Wireless, Virtualization & Cloud Computing solutions to customers and is a prominent speaker at various tradeshows and conferences. Prem was nominated and has served as a Commissioner for the TechAmerica STLG Cloud Computing Commission as well as TechAmerica Big Data Commission. Prem is an active contributor to various industry discussions, panels and his work and articles have been published in numerous journals and periodicals.

Prem has an intuitive ability to be able to envision technological changes and provide technical direction and trainings to the companies and customers. Prem is also involved as an adjunct faculty for instructing graduate level degree courses in Cyber Forensics, Big Data, Virtualization and Cloud Computing at various reputable universities like University of Maryland University College (UMUC), Strayer University and several others. Prem holds several advanced academic credentials including MS in Computer Science, MBA in Marketing and has completed his coursework towards a Ph.D. in Cyber Security from George Mason University. He also holds 100+ advanced IT Certifications and Credentials including CISSP, CISM, CISA, CEH, Security+, CSM, CHFI, VCP, GIAC, GCIH, ITILv3, CCSP, CCNP, CCVP and several others.

Must use the link above to register if you plan to attend.

  Join us on Tuesday, July 20 for our monthly chapter meeting with a special guest speaker:  

Making the Cyber World a Safer Place for Everyone
by Pat Craven

We will be hosting the meeting virtually

Conference Call Information: 
https://attendee.gotowebinar.com/register/1522782239003077389

Abstract
The Center for Cyber Safety and Education www.IAmCyberSafe.org, formerly (ISC)² Foundation, is a non-profit charitable trust committed to making the cyber world a safer place for everyone. It works to ensure that people across the globe have a positive and safe experience online through its educational programs, scholarships, and research. The Center’s Director Pat Craven will explain:

• How you can help the community now utilizing the Center programs
• What resources available for teaching cyber safety to children, parents and senior citizens
• The newly launched “Garfield at Home“ distance learning program
• What you can do to bring “Cyber Safety Day” to your city
• How companies and individual can get involved in delivering Cyber Safety Education

 

Speaker bio
pat cravenPat Craven has over 35 years of experience working within the non-profit industry and has held various C-Level executive leadership roles across the country at notable charitable organizations such as the Boy Scouts of America (24 years), Big Brothers Big Sisters, and the Vietnam Veterans Memorial Fund in Washington D.C. He is now the Director for the (ISC)2 nonprofit Center for Cyber Safety and Education with world headquarters in Clearwater, Fl. Pat is a sought-after speaker and writer on how to keep children and families safe and secure online and is a regular guest on radio, TV and podcast around the world.

He has a BS in Communication from Xavier University (Cincinnati, OH). Pat is also a member of the ECPI University Program Advisory Board for Cyber and Network Security and board of directors for the FBI Citizen’s Academy – Tampa. He was awarded the international SC Media Reboot Leadership Award for his innovation and leadership in cyber safety.

At the Center, he is responsible for all business operations, supporting the Board of Trustees, service delivery, providing leadership to employees and volunteers, managing multiple income streams, overseeing marketing and business development functions, new program development and liaising with external agencies. Mr. Craven has been successful across the country developing innovative and award-winning educational, marketing, advertising, sales, management and fundraising programs.

Must use the link above to register if you plan to attend.

  Join us on Tuesday, June 15 for our monthly chapter meeting with a special guest speaker:  

ISSA-DC Hosts Understanding the Block Chain and its Impacts on the Future, Facilitated by Ms. Camila Salkov

We will be hosting the meeting virtually
Conference Call Information: 

https://attendee.gotowebinar.com/register/2883961140985587212

Abstract
The panel discussion will cover various dimensions of the blockchain industry including technology, decentralization, trust, governance, regulation, token economics, network security, funding, ecosystem development and other aspects that need to be managed to create a successful layer one blockchain. Various applications of the technology, including cryptocurrencies, NFTs etc. and the overall societal impact of the technology will be touched upon. A computational framework to evaluate the myriad blockchain projects will be presented, to help the audience get a sense of the state of the industry and the potential of the underlying technology.

After registering, you will receive a confirmation email containing information about joining the webinar.

Speaker bio
V. Rao Bhamidipati | Founder | VP Software Products | Services @ Software Products & Services Strategies Worldwide | F6S Profile

Rao Bhamidipati is a Board member and VP Product and Platform Governance at RChain. He has been managing RChain core development since July 2019 and successfully delivered the mainnet in February 2020. He leads the techno-economic governance of the platform and ecosystem development.

Rao has over 30 years of technology and business experience in both Fortune 100 companies and startups. He has several award winning 'industry first' innovations to his credit including the first fully virtual internet bank and a DARPA and IBM funded group communications system in the pre-Lotus Notes era. Rao has led many business and digital transformation projects and turned around many projects and organizations.

Rao has a Bachelor's in Electrical Engineering, an MBA from the Indian Institute of Management and a Masters in Computer Science from NJIT.   

Camila Salkov is the first woman in the board of directors of RChain – a Cooperative building a blockchain platform, and key social coordination technologies. She is the Operations Manager of TheDream.US - The nation's largest college access and success program for immigrant youth; and the Chief Financial Officer of the animal rescue SUSAN (Step Up to Save Animal Network).

Camila Graduated from Trinity W. University with a Bachelor of Science (BS) in Accounting, and a Master’s degree with a concentration in Management from Fitchburg State University.

Camila is an experienced financial consultant, an investment banking expert, and a leader that brings a diverse background to her professional endeavors.

Lucius Gregory (Greg) Meredith is the president of the RChain Cooperative. Greg is a mathematician, and the discoverer of the rho-calculus, a co-inventor of the LADL algorithm, and the inventor of the ToGL approach to graph theory.

Must use the link above to register if you plan to attend.

  Join us on Tuesday, May 18 for our monthly chapter meeting with a special guest speaker:  

Enumerating and Attacking w/ IPv6
Tyrone Wilson, CEO, Cover6 Solutions

We will be hosting the meeting virtually
Conference Call Information: 
https://register.gotowebinar.com/register/2048147584971774479

Abstract
In 1998, the Internet Protocol Version 6 (IPv6) was developed as a next generation Internet Protocol (IP) standard to replace IPv4, when it was believed that the Internet was running out of IP addresses. The new IPv6 protocol was built to handle packets more efficiently, improve performance, increase security, and reduce the size of routing tables by making them more hierarchical. Companies reported that complexity, costs, and time hindered their efforts to move to IPv6. The adoption of IPv6 was delayed because many organizations have been using Network Address Translation (NAT) as a way to extend the life of their IPv4 addresses, but this temporary work around is no longer sustainable. Twenty-Five years later, it’s about time we put more focus on expanding the availability of IP addresses to accommodate the explosion in the number of internet devices and implementing a more secure internet protocol. Tyrone E. Wilson will discuss how you can use open-source tools to provide a better understanding of the IPv6 Protocol. He will also demonstrate how to perform network enumeration and attacks over IPv6. 

Speaker bio
Mr. Tyrone E. Wilson is a cybersecurity professional with 24 years of experience in information technology and systems configuration, including information systems and network security. In addition, Wilson possesses extensive knowledge in conducting computer network defense, vulnerability assessments, cyber threat analysis, and incident response activities. As a former United States Army Cybersecurity Analyst, Wilson developed security structures to protect American intelligence systems from foreign threats. Currently, Wilson is the Founder and President of Cover6 Solutions, which teaches companies and cybersecurity professionals various aspects of information security, penetration testing, and IPv6.

Must use the link above to register if you plan to attend.

  Join us on Tuesday, April 20 for our monthly chapter meeting with a special guest speaker:  

Promoting Diversity and Inclusion in Cyber Panel Discussion

We will be hosting the meeting virtually
Conference Call Information: 
https://attendee.gotowebinar.com/register/8853899160706352910 

Abstract
According to the Bureau of Labor Statistics, the rate of growth for jobs in Cybersecurity is projected at 37% from 2012–2022—that’s much faster than the average for all other occupations. However, the industry still struggles with issues of diversity, inclusion, and equity. What strategies can organizations adopt to cultivate a more diverse workplace? How can organizations recruit and retain a diverse pools of candidates and help them to thrive within the organization? The panel will explore ways to reimagine recruitment, hiring, visibility, mentorship, allyship, training, pay equity, Executive Leadership programs/pipelines, as well as company awards & recognition programs.

 

Speaker bios

Panel Moderator
deidre diamondTalent and technology veteran, Deidre Diamond, Founder, and CEO of CyberSN and Secure Diversity, has created the largest cybersecurity talent acquisition service and technology firm in the U.S while focusing on the cybersecurity talent shortage, specifically the shortage of women. Deidre's mission is to remove the pain from job searching and matching for everyone. Deidre cares tremendously about people loving where they work and has been working to create cultures that have high EQ (emotional intelligence) skills. These skills focus on words and behaviors. Deidre is known in the D/I community as someone who works hard at making sure words and behaviors are inclusive for all so that inclusive environments can also be diverse environments. 

 

Panelists

larry whiteside Larry Whiteside Jr. is a veteran CISO, former USAF Officer, and thought leader in the Cybersecurity field. He has 25+ years of experience in building and running cybersecurity programs, holding C-Level Security executive roles in multiple industries including DoD, Federal Government, Financial Services, Healthcare, and Critical Infrastructure.
Whiteside is the Co-Founder, President, and on the Board of Directors at the International Consortium of Minority Cybersecurity Professionals (ICMCP), a 501(c)3 non-profit association that is dedicated to increase the number of minorities and women in the cybersecurity career field through providing workforce development that includes skills assessment, training, education, mentorship, and opportunity.
He also serves as the Chief Technology Officer and Chief Security Officer at CyberClan, a full service Global Incident Response and Managed Security Services Provider for the small to medium-sized businesses.
As the 2009 founder of Whiteside Security, Larry advised several corporate security executives and companies across the cybersecurity industry on how to make Cyber Security a number one objective to their businesses. He has helped CEOs and board members of private cybersecurity companies achieve their goals in sales, marketing, and customer retention.
Larry has presented to the C-Level leadership and Board of Directors of some of the largest private and public sector organizations in America. He is a thought leader in the industry with extensive experience presenting at conferences such as the Gartner Security Summit, RSA Conference, and SC World Congress, Larry has been featured in many articles relating to information security and risk management.
Larry received his Bachelor of Science degree in Computer Science at Huston-Tillotson University.

mark casper Mark Casper is the President and Executive Director of Tech For Troops (T4T) a nonpartisan, nonprofit based in Richmond, VA. Tech For Troops Mission is dedicated to empowering Veterans with computers, skills, and Information Technology (IT) work force training. While located in Richmond, Tech For Troops has National reach.

He believes that working computers can provide a new life to struggling veterans rather than being discarded. Many veterans face two significant barriers when competing in the modern workforce: the lack of a computer and the lack of the skills needed to effectively use that computer. Under his guidance, Tech For Troops gifts refurbished computers and instituted a Veteran Improvement Program to teach computer literacy.
He is a United States Marine Corps veteran and a career IT expert who focused on large-scale government and civilian IT projects. and has worked with Northrup Grumman, Capital One and as a contractor CPIC planner for the Veterans Affairs

Mark was the owner of a small consulting firm until Tech For Troops recruited him. Married for 35 years to his soulmate, a father of two young women and a proud “grampy” to two amazing grand-daughters, Mark has found his place in life (for work) at Tech For Troops.

nathan chungNathan Chung is a cloud security specialist with more than 20 years of experience in IT and Cybersecurity. He is an advocate for women in cyber and Neurodiversity. He serves on multiple boards including WiCyS (Women in Cybersecurity) Colorado, IGNITE Worldwide, and Spark Mindset. He is also the host of the NeuroSec podcast. Voted Male Ally of the year in 2020.

 

 

Must use the link above to register if you plan to attend.

 

First Mid-Atlantic Quarterly Summit: National Cybersecurity Budget Priorities and Operational Objectives


Join us on Tuesday, March 16 for our monthly chapter meeting with a special guest speaker:  

Secure Cloud
by Wayne Dennis Jr
Senior Manager, Accenture security practice

We will be hosting the meeting virtually
Conference Call Information: 
https://attendee.gotowebinar.com/register/6800931730198916364 

Abstract
Explores how security can accelerate a cloud-first journey. It examines the key pillars that define the minimum requirements an organization needs to securely place workloads in the cloud. It identifies the dimensions of complexity that influence a security strategy. And recommends four steps to introduce security at speed and scale.

 

Speaker bio
wayne dennisWayne is a Strategy, and Architecture leader who brings an innovation based approach to cyber security.  He brings deep security expertise in disruptive technologies such as Artificial Intelligence, Embedded & Real Time Systems, Industrial Control Systems, Medical Devices, Connected Cars, and the Internet of Things.  Wayne is a noted speaker and presenter at cyber security conferences around the world and frequently participates on panels, forums and thought groups on developing new best practices. Wayne brings organizations a mixture of deep technical, product and business skills; This combination allows to engage both business and technology leaders as a peer.

Must use the link above to register if you plan to attend.

  Join us on Tuesday, February 16 for our monthly chapter meeting with a special guest speaker:  

Security Implications: Schrems II, CCPA, and Brexit
by K Royal

We will be hosting the meeting virtually
Conference Call Information: 
https://attendee.gotowebinar.com/register/2741988898267781647

Abstract
On July 16, 2020, the Court of Justice for the European Union published their opinion on Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems (called "Schrems II"). This decision invalidated the EU-US Privacy Shield and provided requirements for data transfer mechanisms. This decision has had far-reaching consequences for US companies doing business in the EU, but also for companies globally. What does this mean for companies and specifically, for security professionals? Will the EU drive global security requirements? And if so, how does it align with the new California laws or with the UK withdrawal from the EU? Join us as we discuss global developments in privacy and put them in context of managing a forward-looking security program.

 

Speaker bio
k royal
K Royal is an attorney and global privacy professional with 25 years of experience in the legal and health-related fields. She has the distinct honor of filing the first successful joint controller / processor Binding Corporate Rules for data transfers out of the European Union and founded a program for women in house attorneys that is now a Global Women in Law and Leadership annual summit held at the United Nations in New York. As an attorney, she has received numerous honors for her leadership in both technology and diversity, including Forty-under-40 recipient for Phoenix, named an Outstanding Woman in Business, and Member of the Year for the Association of Corporate Counsel (out of 43k members globally). K received her law degree from the Sandra Day O'Connor College of Law at Arizona State University and is in the dissertation phase of her PhD in public policy from the University of Texas at Dallas.

She is currently the Associate General Counsel at TrustArc and is an adjunct law professor at her alma mater teaching privacy law. She is certified through the IAPP as a Fellow of Information Privacy (FIP), Privacy Management (CIPM), and US and EU Privacy Law (CIPP/US, CIPP/E) and as a Data Privacy Solutions Engineer through ISACA. K also serves on the boards of several non-profit organizations.

Must use the link above to register if you plan to attend.

  Join us on Tuesday, January 19 for our monthly chapter meeting with a special guest speaker:  

Cyber Threat Intelligence Briefing
by Marcelle Lee

We will be hosting the meeting virtually
Conference Call Information: 
https://attendee.gotowebinar.com/register/4202793449484613133

Abstract
Join Marcelle Lee, Senior Security Researcher from Secureworks' Counter Threat Unit™ Research team, for an overview of the cyber threat landscape. Topics covered will include:

  • Lessons learned from Secureworks incident response practice
  • eCrime threat landscape
  • Emerging and global threat landscape
  • Marcelle’s briefing will include tales from the trenches and reference the extensive research done by the CTU team.

 

Speaker bio

Marcelle is a Senior Security Researcher specializing in cybercrime for Secureworks in the Counter Threat Unit and is also an adjunct professor in digital forensics and network securityShe specializes in network traffic analysis, malware analysis, and threat hunting and intelligence. She is involved with many industry organizations, working groups, and boards, including the Women’s Society of Cyberjutsu, the NIST Cyber Competitions Working Group, and the Cybersecurity Association of Maryland Advisory Council. She also both builds and participates in cyber competitions.

Marcelle has earned the CISSP, CSX-P, GCFA, GCIA, GCIH, GPEN, GISF, GSEC, GCCC, C|EH, CCNA, PenTest+, Security+, Network+, and ACE industry certifications. She holds four degrees, including a master’s degree in cybersecurity. She has received the Chesapeake Regional Tech Council Women in Tech (WIT) Award and the Volunteer of the Year award from the Women’s Society of Cyberjutsu. Marcelle frequently presents at conferences and training events, and is an active volunteer in the cybersecurity community. 

Must use the link above to register if you plan to attend.

  Join us on Wednesday, December 16 for two special joint chapter events with ISSA Northern Virginia and Central Maryland:  

O365 Security Lunch & Learn
By Chris Morales of Vectra
at 12:00 pm

and

Powershell JEA
By James Honeycutt - Sponsored by Red CanaryAbstract
at 5:00 pm

 

Both meetings will be hosted virtually. Registration is required. 

We are happy to be partnering with the Central Maryland and Northern Virginia ISSA Chapters.

O365 Security Lunch & Learn

Must RSVP if you plan to attend. 

 

Wednesday, December 16, 2020 at 12:00 pm

Abstract
We'll navigate through uncharted security territory by analyzing the attack lifecycle in the cloud and dissecting a real-world attack. The same technology that makes the cloud dynamic can have the opposite effect on an organization’s ability to implement detection and response in cloud environments. This includes the adding additional layer of preventative controls in addition to MFA, because it's increasingly being bypassed in O365 as an example. Chris Morales, Head of Analytics with Vectra, will help us navigate through the uncharted security territory by analyzing the attack lifecycle in the cloud, reviewing the top cloud security threats, and dissecting a real-world cloud attack. Additionally, he'll provide key takeaways for managing access, detection and response, and security operations.

Speaker Bio
Chris Morales, Is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Chris is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.

Powershell JEA

Must RSVP if you plan to attend. 

 

Wednesday, December 16, 2020 at 5:00 pm

 

Abstract
Abstract - PowerShell Just Enough Administration (JEA) allows us Systems Administrators to empower our fellow admins, developers, and security personal to accomplish what they need to on our systems. Give them just enough administrative permissions to accomplish their duties without interrupting your day or night. This talk shows how to assign roles and give the appropriate permissions to those roles.

The presentation will start off with a little bit of JEA background and what problem it solves. We will discuss what planning and considerations are involved with implementing JEA. We will discuss the different resource files needed and how to create them. We will talk about how granular or liberal we can get with creating our rules. We will look at an example of the various resource files then create our own. I will show the commands need to enable JEA. We will do a walkthrough of setting up JEA, creating our files and enabling JEA, and demo how you can give a developer elevated permission on certain PowerShell commands. I will show how you can assign a group of commands with wild cards like get-IIS and specific commands like stopping a specific service with specific arguments and switches. We will have to talk about where the audience can get some more in-depth training on this subject, there is no way to learn it in an hour.

About the speaker
James Honeycutt is a hardworking and dedicated cybersecurity professional who enjoys scripting and participating in capture the flags. James has served over 20 years in the military in various technical and leadership positions. In his current assignment, he am part of a Cyber Protection Team and serve as the Microsoft Windows Expert. See James full bio at https://honeycuttjames.wixsite.com/mysite/about. 

  Join us on Tuesday, October 20 for our monthly chapter meeting with a special guest speaker:  

Growing in Cyber Panel
Moderator - Leslie Taylor

We will be hosting the meeting virtually
Conference Call Information: 

https://attendee.gotowebinar.com/register/837573183761453068 

Abstract
Ms. Leslie Taylor, Human Resource Consultant and Career Coach will moderate a panel of early career professionals and career changers who are currently working in cybersecurity. The panelists will discuss their early careers, how they made the choice to work in Cyber, how they obtained their first job within Cyber, the training and education programs that they pursued to prepare for their current positions, and the work experience that they have gained on the job. They will each share their advice to individuals who want to learn how to launch a career in Cyber as well as those who want to learn how to grow their Cyber careers over time.
 

Speaker bios
leslietaylor

Leslie Taylor, Panel Moderator
Prior to launching her own entrepreneurial business venture, Leslie Taylor was a Talent Acquisition Recruiting Leader at ICF with a focus on Cyber Security and Critical Infrastructure. She has more than 15 years of experience in IT, cleared and cybersecurity recruiting. Her passion is recruiting top talent to meet the needs of the business. Leslie is a member of Leadership Fairfax and has a Master’s degree in Human Resources.
Leslie speaks regularly to local groups, colleges, military career transition groups and conferences. She is an active member in several professional associations and leverages participation in a variety of IT/Cyber, university/college, association and military career fairs and networking events.
Leslie has also managed the Military Recruiting and sourcing strategy to attract and hire veterans and military candidates from all IT services for the Cyber Industry. She has created Military recruiting pipelines while leveraging partnerships with military, social media and Military hiring websites. Leslie has conducted screenings of applicants to ensure qualified for positions including tracking and participating in local military events.

 

leslie hamilton

Leslie Hamilton, Panelist
Ms. Leslie Hamilton is an Associate Cyber Security Information Assurance Analyst/ISSO with Northrop Grumman in the Enterprise Services Sector on the Collateral side. Prior to joining Northrop Grumman, she worked at the Pentagon with the Airforce as an IT Journeyman. Ms. Hamilton is new to the Information Security Technology field and focused on growing her career in cybersecurity. Ms. Hamilton has a degree from Nyack College in Organizational Management and will be pursuing a Master’s Degree in Cyber Security.

ShivaniKarikarShivani Karikar, Panelist
Shivani Karikar is an Application Security Engineer at Digital Infuzion working on a CMS project. She focuses on InSpec profile development as a part of a security automation framework. She is experienced in areas like vulnerability assessment, cloud security, pentesting, risk analysis, and project management. Shivani has a Master's degree in Information Systems along with security certifications like CompTIA Security+ and Certified Ethical Hacker. She has a diverse background that consists of business management, app development, and IT training. Shivani has won an NY Hackathon and several CTF events. Her passion is to specialize in Cryptology. She also loves to volunteer and enjoys hobbies like solving puzzles, biking and playing drums.

RoncsEtame Ese

Linda Moise, Panelist
Linda Moise received his Bachelor of Science in Computer Information Systems at Virginia Union University on May 2017. Mr. Moise was blessed with the opportunity of becoming a GEM 2017 fellow, he had two summer internship with the company Lexmark International. Mr. Moise worked as an intern at the company’s headquarters in Lexington, Kentucky as a Cybersecurity Analyst in the Platform Security Department.
After graduating with his masters in cyber security in 2019 from the University of Maryland Baltimore County (UMBC), Mr. Moise took a position at WMATA as an Information system security Engineer ISSE , where he worked in the Risk management team. Mr. Moise hold security + and Certified ethical Hacker certifications. He is still growing his career in Cybersecurity, his focus areas are cloud security, risk management, and penetration testing. Mr. Moise enjoyed mentoring and helping other students to discover their career path and go after their dreams and goals. 

Must use the link above to register if you plan to attend.

  Join us on Tuesday, September 15 for our monthly chapter meeting with a special guest speaker:  

The NIST Security and Privacy Controls Catalog (800-53): What’s New in the Draft and Looking Ahead
By Victoria Yan Pillitteri

We will be hosting the meeting virtually:

Conference Call Information: 

https://attendee.gotowebinar.com/register/2098167662344609291 

Abstract
Draft NIST Special Publication (SP) 800-53, Revision 5 provides a comprehensive catalog of next-generation security and privacy controls to safeguard systems and organizations, and the personal privacy of individuals. This long anticipated update includes changes to improve usability, promote alignment with the Cybersecurity Framework and Privacy Framework, and new and updated controls to address privacy and supply chain risk management, and security engineering. This presentation will highlight the significant changes in draft SP 800-53, Revision 5 and feature a preview of additional new supporting resources and publications in the NIST pipeline.

 

Speaker bio

Victoria Yan PillitteriVictoria Yan Pillitteri is a senior computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST). Ms. Pillitteri is the team lead of the Federal Information Security Modernization Act (FISMA) Implementation Project. The FISMA team is responsible for conducting the research and development of the suite of risk management guidance used for managing information security risk in the federal government, and associated stakeholder outreach and public-private coordination/collaboration efforts.

Ms. Pillitteri previously worked on the Privacy Framework, Cybersecurity Framework, led the NIST Smart Grid and Cyber Physical Systems Cybersecurity Research Programs, served on the board of directors of the Smart Grid Interoperability Panel, served as Chair of the Federal Computer Security Managers’ Forum, and completed a detail in the office of the NIST Director as an IT policy advisor. She has co-authored a number of NIST Special Publications (SPs) and Interagency Reports (IRs) on information security. Ms. Pillitteri holds a B.S. in Electrical Engineering from the University of Maryland, a M.S in Computer Science, with a concentration in Information Assurance, from the George Washington University, and is a Certified Information Systems Security Professional (CISSP).

 

Must use the link above to register if you plan to attend.

 

  Join us on Tuesday, August 18 for our monthly chapter meeting with a special guest speaker:  

Incident Handling & Threat Hunting w/ Security Onion
by Tyrone E. Wilson

We will be hosting the meeting virtually:

Conference Call Information: 

https://attendee.gotowebinar.com/register/3393445135608649228

Abstract
Mr. Wilson will discuss how to use a free and open source tool like Security Onion (SO) to provide hands-on experience and increase our knowledge in incident response and threat hunting. This event is for those with minimal experience working with detection alerts, pcap files, and log management. We will learn how to setup Security Onion at home or on an enterprise network and use its features to complete various network defense challenges. Attendees will leave with a higher level of confidence in network defense as well as the ability to crush their next analyst interview. Participants will also receive a booklet of instructions and credentials to a live SO server which will allow them to continue to practice their new found skills from anywhere in the world.

 

Speaker bio
Mr. Tyrone E. Wilson is an information security professional with 24 years of experience in information technology and systems configuration, including information systems and network security. Wilson also has extensive knowledge in computer network defense, vulnerability assessments, cyber threat analysis, and incident response. As a former cybersecurity analyst for the United States Army, Wilson developed security structures to ensure American intelligence systems were protected from foreign threats. Currently, Wilson is the Founder and President of Cover6 Solutions; which teaches companies and professionals various aspects of information security, penetration testing, and IPv6.

 

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, August 18, 2020 at 6:30 pm

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

  Join us on Tuesday, July 28 for our monthly chapter meeting with a special guest speaker:  

An overview of the NSA's Cybersecurity Directorate
by Greg Bednarski

We will be hosting the meeting virtually:

Conference Call Information: 

https://attendee.gotowebinar.com/register/5222410160482360592 

Abstract
On October 1st, 2019, the NSA formally established the Cybersecurity Directorate to “prevent & eradicate” threats - right in our own back yard. What does it look like when an intelligence agency decides to do cybersecurity? Let’s go beyond the talking points to understand the organization, why it was created, what it does, and how it does it. NSA’s Cybersecurity Directorate encompasses activities that go well beyond the scope of traditional cybersecurity organizations. This presentation will be structured to introduce each of the seven major mission activities, how they operate, and examples of real and significant problems we're tackling. Key points to be covered include what makes this different from previous information assurance efforts at the NSA; the use of NSA’s foreign signals intelligence activities to power the cybersecurity mission; the directorate’s move to take the fight to the bad guys; why we’re growing our public presence and collaboration efforts; and where we’re most focusing our efforts today.

 

Speaker bio
greg bednarskiGreg Bednarski is the head of Cyber Policy & Strategy for the National Security Agency's Cybersecurity Directorate, where he leads the development, coordination, and execution of cyber-related policy with the National Security Council and other US Government departments and agencies on behalf of the NSA. Over the course of the last fourteen years, Greg has been responsible for the management and execution of computer network exploitation activities, capability development, and network analysis for foreign intelligence and cybersecurity purposes, and has provided direct support to offensive cyberspace operations

 

Must use the link above to register if you plan to attend.

 

  Join us on Tuesday, June 16 for our monthly chapter meeting with a special guest speaker:  

Artificial Intelligence & Machine Learning
Overview for Decision Makers
By Prem Jadhwani

We will be hosting the meeting virtually:

Conference Call Information: 

https://attendee.gotowebinar.com/register/8201660060435608847

Abstract
Artificial Intelligence, Machine Learning, Deep Learning and Blockchain are all emerging technological advances that are making a debut within the Federal Government for such use cases as Fraud Detection & Mitigation, Fraud Detection and Mitigation; Geo-spatial Intelligence using Drone and Satellite Imagery Fusion Platform Sustainment; Insider Threat Detection and Mitigation; Smart Video Analytics; Autonomous Sensors and Large Scale Object Detection Predictive Cyber Analytics & Next Gen Threat Mitigation; AI & ML for Healthcare; GPU Accelerated HPC Applications; and Robotic Process Automation. AI will transform Cybersecurity by creating next gen cyber tools that will be able to use AI, ML and Natural Language Processing to be able to better detect, contain and predict sophisticated cyber-attacks and advanced persistent threats. Learn about the Artificial Intelligence Roadmap to success. Hear about the potential return on investment and financial payback for AI/ML projects. Gain insights into approaches for successfully implementing AI/ML.

 

Speaker bio
rebholz headshotPrem Jadhwani, Chief Technology Officer (CTO), brings 20 years of experience working in the enterprise IT space with both commercial and Federal customers to Government Acquisitions, Inc. (GAI). He is also a founder and CEO of Intellectual Point, an IT Training and Workforce Development firm based in Northern VA. As a CTO, Mr. Jadhwani provides solution vision, strategy, thought leadership, and subject matter expertise around data centers, cyber security, cloud computing, data analytics, mobile and wireless, IoT, SDN and other emerging technologies like Artificial Intelligence and Machine Learning. Mr. Jadhwani has served as a Commissioner for TechAmerica Cloud and Big Data Commission. He has published numerous papers and is an active speaker at industry conferences. He holds an MS in Computer Science from Illinois Institute of Technology, an MBA in Marketing & Strategy from Stuart School of Business in Chicago, and has completed coursework for a Ph.D. in Cyber Security from George Mason University. He also holds 100+ reputable certifications including CISSP, CISM, CySA+, CISA, CEH, CCNP, VCP, ITIL, GCIH, and GSLC and is a professional Cyber Security Trainer and sought-after speaker and panelist.

 



 

Tuesday, June 16, 2020 at 6:30 pm

Must use the link above to register if you plan to attend.

  Join us on Tuesday, May 26 for our monthly chapter meeting with a special guest speaker:  

The Next Big Thing In Cyber Security
By Dean Lane

We will be hosting the meeting virtually:

Conference Call Information:

https://attendee.gotowebinar.com/register/3005581412221155084

Abstract
2019 had many headlines covering the latest data breach, ransomware attack, or advanced hacking exploit. Unfortunately, those headlines are nothing out of the ordinary anymore – they represent our new status quo. Cyber Security, or any technical field, is ever evolving and will change in coming years; but for now, the answer for the next big thing is Cyber Intelligence. Come to this interactive session / discussion to learn the concepts of how to minimize security blind spots. This session will introduce the basic concepts of Cyber Intelligence as an enhanced method of Cyber Security. We will discuss Cyber Intelligence as an interdisciplinary look at Cyber Security and Intelligence that considers not only software, hardware, and fire walls, but also the human side of the equation. There will always be hackers and state sponsored attacks. Since it is a war that never ends we must ensure that we win every battle by staying ahead of the opposition.

 

Speaker bio

dean laneMr. Lane serves as the Senior Vice President of The Institute of World Politics’ (IWP) Cyber Intelligence Initiative. In this capacity, he is responsible for ten Cyber Intelligence Certifications offered by the University. Prior to joining IWP Mr. Lane was the founder and CEO of the Office of the CIO®; an influential consultancy and community of CIOs well known throughout the Silicon Valley and beyond. Members of the Office of the CIO included CIOs from Symantec, Facebook, Polycom, Brocade, Peet’s Coffee and 45 other top Silicon Valley companies. Mr. Lane has 30 years of hands on experience in the Cyber world, having been a CIO, as a practitioner, at four different companies: Honeywell Aerospace, ATK, Plantronics, and Masters Institute of Technology. Additionally, he held the Senior IT Director position at Symantec. Mr. Lane has also been a consultant for Gartner, AT&T (Teradata) and Ernst & Young. His experience is global and as found on the internet, he is considered an expert on Cyber.

Mr. Lane obtained his undergraduate degree from the University of California (UCLA) and his MBA from National University. He is Certified in the Governance of Enterprise IT (CGEIT) by ISACA and is also certified as a Master Project Manager. Mr. Lane served on the advisory boards of the State of California Veteran’s Affairs, Comtrade Inc, TachTech, and SFSU’s Center for Electronic Business. Mr. Lane’s first book, CIO Wisdom, is a Prentice Hall World-wide #1 Best Seller and a sequel, CIO Perspectives was published by Kendall-Hunt. His most recent book CIO’s Body of Knowledge was published by Wiley & Sons. During a Hi-Tech Economic Mission to Israel, he consulted with former Israeli Prime Minister Ehud Barach. Mr. Lane is a highly decorated U.S. Naval Special Warfare Officer who served as the SEAL Team Officer for the Commander In Chief, Pacific Fleet.

 

Must use the link above to register if you plan to attend.

Join us on Tuesday, April 28 for our monthly chapter meeting with a special guest speaker:  

 

Cyber Resilience: “Risk Management” is not enough
by John Eckenrode

We will be hosting the meeting virtually:

Conference Call Information:
 https://attendee.gotowebinar.com/rt/6860298754366550795


Abstract

Business operations, enterprise risk management, and cybersecurity are critical functions that require integration to effectively understand, communicate, and manage risk. These functions are usually isolated organizationally, resulting in uninformed risk and resource decisions that can reduce resiliency, and impair efficient execution of mission and business objectives. Organizations must institute organizational tools and behaviors to develop consumable cyber-focused risk intelligence and next-generation resilience methods to respond to the challenges posed by the evolving cyber threat landscape.

Come to this interactive session to gain insights on ensuring continued mission fulfillment and added illumination of “shadow resources” that support mission essential functions.

 

Speaker bio

john eckenrodeJohn Eckenrode leads the Guidehouse DOD Cyber business and heads up multiple Solution areas in Cyber Resilience, CMMC Pre-Assessment and Mitigation Support, as well as the development of the ICS/SCADA and IOT capabilities. John brings more than 30 years of experience supporting client cybersecurity challenges at the operational, mission, and strategic level, and excels at “connecting the dots” and opening organizational lines of communication to facilitate greater data flow and understanding of both security imperatives, and organizational objectives, leading to greater efficiency and efficacy.

John has worked for a variety of firms leading consulting engagements to Chief Information and Financial Officers, and Chief Information Security Officers in both the Defense, and Civilian markets
to include Homeland Security’s U.S. Citizenship and Immigrations Services (USCIS), US Department of the Navy, US Department of Labor, Office of the Secretary of Defense, Defense Logistics Agency, Department of State, and the Center for Medicare and Medicaid Services.

John holds a Bachelor of Arts in History from the Virginia Military Institute and is a former Marine, and Diplomatic Security Service Officer. He holds the Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), and certified SCADA Security Architect certifications.

 

Must use the link above to register if you plan to attend.

  Join us on Tuesday, March 17 for our monthly chapter meeting with a special guest speaker:  

Deep Dark Web
By Warren Holston

We will be hosting the meeting virtually in light of recent
developments with the Coronavirus (COVID-19):


Conference Call Information:
https://register.gotowebinar.com/register/5498358988864251916

You will be connected to audio using your computer's microphone and speakers (VoIP).  

Alternatively, you may select "Use Telephone" after joining the Webinar.

Dial +1 (562) 247-8321
Access Code: 535-681-978
Audio PIN: Shown after joining the Webinar

Abstract
Over 96% of the web is hidden behind gates of the Deep Dark Web. Breached data often ends up in data dumps on these hidden corners, sold, traded, or offered for free. These decisions are made based on adversarial motivating factors. As such, it is important for IT auditors, cyber operations professionals, Open Source Intelligence (OSINT) analysts, and security managers to understand the real threats. Join this talk to learn more about what lies within the Deep Dark Web.

 

Speaker bio
As a career Technical Operations Officer, Mr. Warren Holston has worked throughout the Intelligence Community, Department of Defense, and defense industry for more than 30 years. He has served as a U.S. Navy Explosive Ordnance Disposal Diver, a collection officer and senior manager in the Central Intelligence Agency, and a Subject Matter Expert for the Department of Defense U.S. Special Operations Command. He has managed and conducted counterterrorism, covert action, and technical collection operations worldwide. He is recognized as having contributed significantly to the national security of the United States of America. Mr. Holston was awarded the CIA’s Intelligence Commendation Medal for “conceiving of, and implementing, a clandestine sensor operation against a high priority denied area intelligence target” and the Distinguished Career Intelligence Medal for “superior performance in the conduct of clandestine operations in the CIA.” Mr. Holston is the author of the personal security book “Beware the Predator”. He lectures extensively on the application of personal tradecraft in a digital world. He is also the author of the poetic artwork of “Peace in Darkness, A Study of the Darkness in Humanity”.

 

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, March 17, 2020 at 6:30 pm

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

  Join us on Tuesday, February 18 for our monthly chapter meeting with a special guest speaker:  

A CISO Approach: Securely Facilitating the Business
By Sal Montemarano

Abstract
The implementation of a cyber security program can take many forms. An organization may implement a compliance based program, a tools based program, or more often a combination of both. This presentation will discuss the different approaches to implementing a cyber security program and the pitfalls which may occur through this implementation.

 

Speaker bio

Mr. Montemarano has been an examiner within the SEC’s Office of Compliance Inspections and Examinations for 3 years. Prior to joining the Commission, he was the Chief Information Security Officer for the Overseas Private Investment Corporation (OPIC). Mr. Montemarano has worked in the information technology field for over 20 years, 12 years focused on cybersecurity. Mr. Montemarano has a degree from George Mason University and a Masters in Information Security from the University of Maryland University College.

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, February 18, 2020 at 6:30 pm

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

  Join us on Tuesday, January 21 for our monthly chapter meeting with a special guest speaker:  

Teaching Incident Response with Back Doors & Breaches
By Teresa Allison

Abstract
Come to this interactive session to learn how to teach Incident Response with Backdoors & Breaches, an Incident Response Card Game, created by Black Hills Information Security and Active Countermeasures. Backdoors & Breaches contains 52 unique cards to help you conduct incident response tabletop exercises and learn attack tactics, tools, and methods. The session will open with going over the rules of the game, next there will be a question and answer period, and then the participants will divide into teams to play the game. After the games end we will reconvene to discuss lessons learned and how we can use the game to better teach incident response in our workplaces and the community.

 

Speaker bio

teresa allisonTeresa Allison is Vice President of Programs for the Information System Security Association (ISSA) DC Chapter. She has worked in the field of information technology consulting for over 18 years. She provides clients with solutions for managing multi-billion dollar IT programs. She specializes in strategic planning, budgeting, performance management, portfolio management, governance, risk management, legal & regulatory compliance, project management, program management, process improvement, business operations transformation, strategic communications and stakeholder management.

Allison has supported clients in the domain areas of Health & Human Services, Homeland Security, Transportation, Financial Regulatory Agencies, Veterans Affairs, Diplomacy & Foreign Affairs, as well as International Development & Foreign Assistance. She assisted a global strategy consulting firm in implementing IT security and privacy policies to comply with the European General Data Protection Regulation (GDPR). She has also taught CISSP certification classes at ASM Educational Center.

Teresa received her bachelor’s degree in Political Science from Xavier University. She graduated from Carnegie Mellon University’s H. John Heinz III School of Public Policy with a Master of Science in Public Policy and Management with a concentration in Management of Information Systems. She is certified IT professional who currently holds the PMP, CSM, ITIL, Security+, CGEIT, CISA, CISSP, CCSK, and Lean Six Sigma certifications.

Teresa Allison is the Past President of the Carnegie Mellon University Heinz College Alumni Association comprised of over 11,000 alumni from around the world. She currently serves as a volunteer for the Women’s Society of Cyberjutsu which encourages women to pursue careers in Cybersecurity. She also coordinates higher education outreach programs for the Project Management Institute (PMI) as a member of the Higher Education Partnerships committee. Allison is also a member Information System Audit and Control Association (ISACA) DC Chapter and the Healthcare Information Management Systems Society (HIMSS).

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, January 21, 2020 at 6:30 pm

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

  Join us on Friday, December 13 for our special chapter meeting:

The National Capital Chapter has partnered with the SANS Institute again this year to offer exclusive access for its members to SANS@Night events at Cyber Defense Initiative 2019. The event will take place at Washington Hilton on Friday, December 13, 2019.

Please note that the event is free but you must RSVP at least 24 hours before the event so we can have your badge ready for you. 

The chapter members and their guests will have access to the following events:

  

SessionSpeakerTimeType
Vendor Solutions Expo 5:15pm - 6:15pm Vendor Event
GIAC Overview Presentation Kim Lucht 6:15pm - 7:00pm Special Events

Women's CONNECT Reception, 6:15pm - 7:15pm
ISSA-DC and SANS would like to invite you to attend a Women's CONNECT reception. This is a great opportunity to learn more about SANS programs supporting women and to network with other attendees. All are welcome, regardless of gender. We look forward to many connections being made by those looking to support, advance, mentor, learn and network. 

SessionSpeakerTimeType
OSINT Missing Persons CTF Hosted by Micah Hoffman in partnership with Trace Labs 6:30pm - 9:30pm Special Events
Evolving Threats Paul Henry 7:15pm - 8:15pm SANS@Night
Cloud Security Automation: From Infrastructure to App Frank Kim 7:15pm - 8:15pm SANS@Night
Virtuous Cycles: Rethinking the SOC for Long-Term Success John Hubbard 8:15pm - 9:15pm SANS@Night
SIEMtervention - Moving SIEM from collection to detection Justin Henderson 8:15pm - 9:15pm SANS@Night

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Friday, December 13, 2019 at 6:00 pm

Location Information

Washington Hilton
1919 Connecticut Ave. NW
WashingtonDC  20009 US
Phone: 202-483-3000

  Join us on Tuesday, November 19 for our monthly chapter meeting with a special guest speaker:  

Better Identity Coalition
by Jeremy A. Grant
of Venable LLP

Abstract
2017’s massive Equifax breach raised some tough questions on the limitations of America’s approach to digital identity. When 147 million Social Security Numbers are compromised, can we still assume the SSN has any value? Can we trust Knowledge Based Authentication (KBA) for remote identity proofing if one of the biggest providers of KBA has been breached? And if not, what can we use instead? The lack of good answers to these questions from industry or government led leading firms in financial services, health care, fintech, technology, payments and security to band together in 2018 to launch the Better Identity Coalition – an organization focused on developing and advancing consensus-driven, cross-sector policy solutions that promote the development and adoption of better solutions for identity verification and authentication.

 The Coalition’s “Policy Blueprint for Better Identity in America” – released in July 2018 – has earned attention from industry and government alike as providing the most sensible path forward for government’s role in improving digital identity. Jeremy Grant – who serves as the Coordinator of the Better Identity Coalition, and who previously led the National Strategy for Trusted Identities in Cyberspace (NSTIC) in his role at NIST – will discuss the work of the Coalition and the path to “Better Identity.”

 jeremy grant

Speaker bio
As a member of Venable’s Cybersecurity Risk Management Group, Jeremy Grant combines federal government and private sector experience to help clients develop growth strategies, identify and exploit market trends, and advise on policy impacts across the IT, cybersecurity, identity, and payments sectors. In this role, Jeremy utilizes his diverse background and deep understanding of business, technical, policy, and finance issues related to identity, privacy, and cybersecurity, having served in a range of leadership positions spanning government and industry. Jeremy joined Venable after serving as a managing director at The Chertoff Group. Before that, he established and led the National Program Office for the National Strategy for Trusted Identities in Cyberspace (NSTIC), housed in the National Institute of Standards and Technology (NIST); NSTIC was the first new cybersecurity program launched by the Obama administration. There he directed the administration’s activities across private and public sectors to drive a marketplace of more secure, privacy-enhancing identity solutions for online services. He also served as NIST’s senior executive advisor for identity management, and led efforts to improve identity and authentication for individuals and devices in the NIST Roadmap for Improving Critical Infrastructure Cybersecurity.

Before leading NSTIC, Jeremy was the chief development officer for government services consulting firm ASI Government. He spent three years with Washington Research Group as an equities and market analyst focused on identity, cybersecurity, and government technology. Earlier in his career, he served as vice president for Enterprise Solutions at Maximus, where he led the division's Security and Identity Management practice, playing a major role in a number of major federal identity and security programs. Jeremy began his career as a legislative aide in the U.S. Senate – focused on health and technology policy – where he drafted legislation that laid the groundwork for the Department of Defense (DOD) and civilian agency smart card and PKI efforts.

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, November 19, 2019 at 6:30 pm

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 Join us on Tuesday, October 15 for our monthly chapter meeting with a special guest speaker:  

Think Like the Adversary - A Threat Based Approach to Cyber Architecture

Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) developed the .govCAR methodology to take a threat-based approach to cybersecurity risk management. .govCAR represents an evolution in managing cybersecurity —an advancement from the traditional consequence (compliance) and vulnerability (cyber hygiene) based approaches. This next-generation approach looks at cybersecurity capabilities the same way an adversary does to directly identify areas where mitigations should be applied for best defense. .govCAR creates opportunities for organizations to make their own threat-informed risk decisions and develop a prioritized approach to reducing risk to known threats. .govCAR is vendor agnostic and does not evaluate specific vendors or products.The speaker will walk the audience through the concept of threat based architecture reviews and will discuss how cybersecurity threat framework and architectural cybersecurity capabilities come together to allow organizations to improve their cybersecurity posture.

 

branko bokan

Speaker bio
Branko Bokan is a Cybersecurity specialist with the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS). In his role, Branko assists federal agencies to adopt the .govCAR methodology. A proud holder of all three ISC2 CISSP concentrations (ISSAP, ISSEP, ISSMP), Branko also teaches cybersecurity as an adjunct professor at a local university.

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, October 15, 2019 at 6:30 pm

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 Join us on Tuesday, September 17 for our monthly chapter meeting with a special guest speaker:  

Expecting Secure, High-Quality Software: Minimizing Technical Debt and Mitigating Risks with Better Measures for Test and Audit
by Joe Jarzombek

Abstractjoe jarzombek
As external dependencies grow more complex, managing risks attributable to exploitable software includes requirements for security and quality with ‘sufficient’ test and audit regimes throughout the software supply chain. The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure. With IoT increasingly dependent upon third-party software, software composition analysis and other forms of testing are used to determine 'fitness for use' and trustworthiness of assets. Standards for measuring and sharing information about software security and quality are used in tools and services that detect weaknesses and vulnerabilities. Test and audit programs provide means upon which organizations use to reduce risk exposures attributable to exploitable software. Ultimately, addressing software supply chain dependencies and leveraging high assurance test regimes enable enterprises to provide more responsive mitigations.

Learning Objectives - Attendees will learn how:

  • External dependencies contribute risks in the form of technical debt throughout the software supply chain;
  • Standards can be used to convey expectations and measure software security and quality, and they can provide criteria for more relevant audits;
  • Software composition, static code analysis, fuzzing, and other forms of testing can be used to determine weaknesses and vulnerabilities that represent vectors for attack and exploitation;
  • Testing can support procurement and enterprise risk management to reduce risk exposures attributable to exploitable software.

Speaker bio
Joe Jarzombek is Director for Government, Aerospace & Defense Programs in Synopsys, Inc., the Silicon to Software™ partner for innovative organizations developing microelectronic products and software applications. He guides efforts to focus Synopsys’ global leadership in electronic design automation (EDA), silicon IP, and software integrity solutions in addressing technology challenges of the public sector, aerospace and defense, and critical infrastructure. He participates in consortia, public-private collaboration groups, trade associations, standards groups, and R&D projects to assist in accelerating technology adoption.

Previously, Joe served as Global Manager for Software Supply Chain Solutions in the Software Integrity Group at Synopsys. He led efforts to enhance capabilities to mitigate software supply chain risks via software security and quality test technologies and services that integrate within acquisition and development processes; enabling detection, reporting, and remediation of defects and security vulnerabilities to gain assurance and visibility within the software supply chain.

Jarzombek has more than 30 years focused on software security, safety and quality in embedded and networked systems. He has participated in industry consortia such as ITI, SAFECode, NDIA and CISQ; test and certification organizations such as Underwriters Labs’ Cybersecurity Assurance Program, standards bodies, and government agencies to address software assurance and supply chain challenges.

Prior to joining Synopsys, Jarzombek served in the government public sector; collaborating with industry, federal agencies, and international allies in addressing cybersecurity challenges. He served in the US Department of Homeland Security Office of Cybersecurity and Communications as the Director for Software & Supply Chain Assurance, and he served in the US Department of Defense as the Deputy Director for Information Assurance (responsible for Software Assurance) in the Office of the CIO and the Director for Software Intensive Systems in the Office of Acquisition, Technology and Logistics.

Jarzombek is a retired Lt Colonel in US Air Force and a Certified Secure Software Lifecycle Professional (CSSLP) and project management professional. He received an MS in Computer Information Systems from the Air Force Institute of Technology, and a BA in Computer Science and BBA in Data Processing and Analysis from the University of Texas - Austin.

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, September 17, 2019 at 6:30 pm

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 ISSA National Capital Chapter has partnered with Cyber Security Summit USA to offer our members an exclusive access to Cyber Security Summit DC Metro on July 16. First 25 members to register will receive a complimentary admission (standard price is $350). After, the code grants $95 admission. Please read below for details. 

 

Complimentary Admission to the Cyber Security Summit

Register Now:
CyberSummitUSA.com

Complimentary Admission with
Promo Code: ISSA19DC

(Standard Price $350)

Complimentary Admission for First 25 Members to Register. After, Code grants $95 Admission.

Admission is for C-Suite / Senior Level Executives & Directors / Managers of IT only.
Sales / Marketing & Students are Not granted admission.

You are invited to the Sixth Annual Cyber Security Summit: DC Metro.
This exclusive conference is designed to enlighten Senior Executives on the latest threat landscape through interactive discussion based sessions & demonstrations with experts from best in class cyber security companies.


Engage with fellow industry executives and business leaders during a catered
breakfast, lunch, and cocktail & cigar reception.

Register Now

You will be eligible to receive up to 6 CPE Credits with your full day attendance.

See Demonstrations & Evaluate Cutting-Edge Solutions From: (PARTIAL LIST)

View all Solution Providers at CyberSummitUSA.com

Interactive Panels & Discussions Include: (PARTIAL LIST)

Morning Security Briefing with Adam Hickey, Deputy Assistant Attorney General of the National Security Division at The U.S. Department of Justice

Closing Keynote with Curtis Dukes, Former Director at The NSA, and current Executive VP & GM, Security Best Practices & Automation at Center for Internet Security

IBM: The Security Implications of Moving to the Cloud

ServiceNow: How Government Can Transform Cyber Security Leveraging Automation and Orchestration

IDMWORKS: Best Practices for IAM Assessments, Blueprints & Roadmaps

Google Chrome Enterprise Interactive Discussion

Incident Response: What to do Before, During and After a Breach

Cloud INsecurity: Common Pitfalls that Organizations Make when Moving to the Cloud and How to Avoid Them

Insider Threat: What the CISO and Every IT Security Management Team Must Face & Govern 24/7

If you are interested in showcasing and/or speaking at the Cyber Security Summit contact Megan Hutton at 212.655.4505 x241 or This email address is being protected from spambots. You need JavaScript enabled to view it.

 

 

 

 

 Join us on Tuesday, June 18 for our monthly chapter meeting with a special guest speaker:  

Macintosh Forensics
by Simson Garfinkel

Abstract
Macintosh is a hard operating system on which to do about forensics. The operating system is a mix of BSD Unix, the Mach kernel from CMU, utilities and functionality that have been cross-ported from GNU/Linux, and a whole bunch of custom code written by Apple. Some of that code has been written for desktop operating system, and some has been written for iOS, which started out as a fork of MacOS, diverged, and now seems to be coming back. And there are four fundamental kinds of programs on the Mac worthy of forensic analysis: the kernel, background processes (daemons), command-line tools, and programs that run under the Mac graphical user interface.

To make matters worse, the Macintosh operating system is changing fast, but it is changing incrementally. This means that some information published a few years ago is still current, but other information is hopeless out of date. Some old forensics techniques work just fine, others don’t work at all, and some work incompletely, as they access system data using legacy APIs.

This talk gives an overview of Macintosh forensics based on the course CFRS 764 — Mac Forensics, which I taught this spring at George Mason University. I will provide information about the kinds of information that the Mac records, discusses tools and resources for those interest in Mac forensics, and suggest opportunities for future research.

Speaker bio
Simson Garfinkel is the Senior Computer Scientist for Confidentiality and Data Access at the US Census Bureau. He holds seven US patents and has published more than 50 research articles in computer security and digital forensics. He is a fellow of the Association for Computing Machinery (ACM) and the Institute of Electrical and Electronics Engineers (IEEE), and a member of the National Association of Science Writers. His most recent book is The Computer Book, which features 250 chronologically arranged milestones in the history of computing. As a journalist, he has written about science, technology, and technology policy in the popular press since 1983, and has won several national journalism awards.

Garfinkel received three Bachelor of Science degrees from MIT in 1987, a Master's of Science in Journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005.

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, June 18, 2019 at 6:30 pm

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 Join us on Tuesday, May 21 for an incredible double bill:  

Authentication Beyond SMS
by Kelley Robinson

&

Confidence as Code: Automated Security Testing in Cloud Environments
by Brad Geesaman

Abstract
In an age when a new data breach is revealed with frightening regularity, developers have a responsibility to secure our applications' user data more than ever. But fear not, YOU have the power to deter the hackers! You may recognize Two-factor Authentication (2FA) as an additional safeguard for protecting accounts, but do you really know how it works? This talk will show you how to implement One Time Passwords (including what's happening under the hood of those expiring tokens) and even provide a legitimate use case for QR codes! You'll come away recognizing the different approaches to implementing a 2FA solution and have a better understanding of the one that's right for your application. Together, we'll make the web a more secure place.

Speaker bio
Kelley works on the Account Security team at Twilio in NYC, helping developers manage and secure customer identity in their software applications.

Abstract
Given the extreme focus on delivery velocity in cloud-native environments, one of the biggest challenges for security and compliance teams is simply to keep up with the state of their highly dynamic infrastructure. Assessing a constantly-moving target without the right approach can result in insecure configurations and increased organizational risk. With a slight change in mindset and a increased focus on automated security testing, we can gain a more complete picture of the environment and continuously ensure security policy conformance. In this talk, we will outline a strategy for testing a sample cloud environment running a Kubernetes cluster from several different user perspectives and demonstrate automated testing to validate conformance to a desired state.

Speaker bio
Brad is an Independent Security Consultant helping clients improve the security of their Kubernetes clusters and supporting cloud environments. He was recently the Cyber Skills Development Engineering Lead at Symantec Corporation where he supported the operations and delivery of ethical hacking learning simulations on top of Kubernetes in AWS. Although he spent several years as a penetration-tester, his real passion is educating others on the real-world security risks inherent in complex infrastructure systems through demonstration followed by practical, usable advice on detection and prevention.

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, May 21, 2019 at 6:30 pm

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 Join us on Tuesday, April 16 for our monthly chapter meeting:  

Appsec in your Clouds
Jack Mannino, CEO of nVisium

Abstract
As cloud infrastructure and platform (IaaS/PaaS) providers differentiate their offerings, many organizations are adopting a multi-cloud strategy to leverage the best of what each world offers. Securing a multi-cloud environment presents challenges, as we need to ensure core controls are replicated across different stacks. We need to protect serverless functions, container orchestration systems, Identity & Access Management (IAM), big data workloads, DevOps pipelines, and secure networking & content delivery across different operating environments.

This presentation focuses on managing security in a multi-cloud operating environment targeting AWS, Azure, GCP and Oracle Cloud. We'll discuss the key architectural and procedural controls to focus on for strengthening your multi-cloud strategy and security posture. You will walk away with a better understanding of the nuances between cloud offerings, which controls can be applied quickly and consistently, and which controls may differ with competing clouds.

 

Speaker Bio
Jack is the CEO at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium in 2009 to invent new and more efficient ways of protecting software. He focuses on solutions for making secure development scale within the SDLC.
   

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, April 16, 2019 at 6:30 pm

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 Join us on Tuesday, March 19 for our monthly chapter meeting:  

FAIL SAFE
20 Ways to undermine your security program
by Tom Hallewell

Abstract
There's policy, and then there's reality. All too often, security teams find their efforts overridden or bypassed. Here are some tips on how to engage your stakeholders and keep your program moving forward. 

 

Speaker Bio
Tom Hallewell works for the Government. He's worked in just about every area of cybersecurity, and has scars to prove it.

He's also VP of Programs for ISSA-DC.  Hopefully this talk will help you avoid getting them yourself.  
 

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, March 19, 2019 

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 Join us for a special joint event with Cover6 Solutions on March 12:  

Breaking into #Cyber / Lab Setup & Tools

Abstract
It's that time again! After a few months off for some much-needed rest, we're back at it and ready to start the year off right!


Join us on Tuesday, March 12th as we discuss how to Break into the Cybersecurity industry and how to set up a lab at home or work to practice using tools to gain valuable hands-on experience.

These two "Beginner" sessions are perfect for anyone looking to either transition into the information security field or gain more knowledge on educational resources, mentorship, and job opportunities.

This will also be a great opportunity to practice your networking skills :-).

For those with a little more experience, we will have a lab set up so you can practice scanning, identifying vulnerabilities with various tools, and if you're up to it ... exploiting what you've found. Not only that, we will have a Capture the Flag server up and running so you can compete as an individual or on a team! It's sure to be lots of fun as well as educational so come on out if you can and spread the word!

Agenda
5:30 - 6:15 - Networking
6:15 - 7:00 - Breaking into Cyber
7:00 - 7:20 - Networking
7:20 - 8:00 - Home Lab Setup & Tools
8:00 - 8:30 - Networking & Clean Up

Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, March 12, 2019 

Center for American Progress (CAP)

1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 Join us on Tuesday, February 19 for our monthly chapter meeting:  

Enterprise API Management Platform
by Aqeel Butt and Naresh Patel of Optimoz, Inc.

Abstract:
An API (Application Programming Interface) is a set of functions that allow the sharing of data between independently run applications. Over the past 24 months, more enterprises have begun to modernize their applications by adopting Microservices and API first strategy. Companies can quickly end up with hundreds or thousands of APIs embedded in their applications. With this, it has become essential to have an enterprise grade API management platform, not just to host their APIs but also control the exposure and consumption of those APIs. With the increase of public APIs in the market, how can we leverage an API management platform to handle the complexity of governance for multiple consumers?

About the Speakers
Aqeel Butt, Director of Engineering at OPTIMOZ is a passionate IT Professional with ten+ years of experience in enterprise architecture, systems administration, and virtualization. A proven track record of success leading complex projects while managing cross-functional resources to drive efficiency in enterprise technology operations. Recognized by peers for skillful leadership and execution of projects related to cloud architecture, cloud migrations, devsecops, automation, microservices and API driven development.

Naresh Patel, President of OPTIMOZ is a serial entrepreneur and technologist. He focuses on the delivery of Agile DevSecOps solutions leveraging heavily on the public cloud. OPTIMOZ enables enterprises and federal agencies to accelerate development and delivery of applications that engage customers and drive revenue. OPTIMOZ specializes in all aspects of cloud computing, DevSecOps (CI/CD), applications development, systems integration, system administration, database administration, data warehousing and information security. Prior to founding OPTIMOZ, Mr. Patel co-founded a Silicon Valley based successful company, GetHired.Com. He founded OPTIMOZ to share his passion for Agile DevOps development and start-up experience with commercial enterprises and federal agencies. OPTIMOZ is a Amazon AWS Advanced Consulting Partner.

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, February 19, 2019 at 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

   
   

January 15, 2019

 Join us on Tuesday, January 15 for our monthly chapter meeting:  

RMF 2.0 for non-Federal Users
by Alex Grohmann 

 

Also on January 29 - Special Joint Event with Cover6 Solutions

Breaking into #Cyber / Lab Setup & Tools

Click here for more info.

 

Abstract:
Learning objectives
1) Understanding of the NIST Risk Management Framework
2) Briefing on the updates to Revision 2.0 of NIST 800-37
3) Walk through of a fictitious Federal Agency system undergoing the RMF process

The target audience are those who have not yet dealt with the NIST RMF and would like to understand the various components and how it would apply to a specific computer system. The talk will start with the steps included in the RMF process and will end with the review of the controls within one or two control families.

Speaker
Alex Grohmann has over two decades of experience in technology-related information security, risk management and data privacy. During his career, he has worked at both the state and Federal level, and his private sector involvement has spanned from energy to financial services. He is the founder and operator of Sicher Consulting, LLC. Mr. Grohmann holds industry certifications of CISSP, CISA, CISM and CIPT. He holds two bachelor degrees from Florida State University as well as an MBA from UMUC.

Mr. Grohmann is a Fellow at the Information Systems Security Association (ISSA), an international organization of information security professionals. He is the recipient of their international ‘Honor Roll’ for his lifetime contributions to the information security community. He has served on the board of directors for the Northern Virginia chapter of ISSA for over ten years, including as president for three. During his time, the chapter won the Chapter of Year.

He is a graduate of the FBI’s Citizens’ Academy and served on the board of directors for the Washington DC chapter of InfraGard for four years. Currently Mr. Grohmann serves on the board directors of Northern Virginia Community College’s Workforce Development taskforce, NOVA Cybersecurity Advisory Board and is an mentor at MACH 37, the Virginia cyber security accelerator. He also sits on the IT sector coordinating council (IT-SCC).

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, January 15, 2019 at 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

   
   

Featuring two events in December:

 

December 14, 2018

The National Capital Chapter has partnered with the SANS Institute again this year to offer exclusive access for its members to SANS@Night events at Cyber Defense Initiative 2018. The chapter meeting will take place at Washington Hilton on Friday, December 14, 2018.
Click here for more information.

 

December 18, 2018

 Join us on Tuesday, December 18 for our monthly chapter meeting:  

Future Shock: Four Cyber-startups talk about the future

future shock 

Contrast Security
Uses deep security instrumentation to identify vulnerabilities during development and protect enterprise applications in production, and it does this without application security expertise, the biggest challenge in any application security program.

Rali Kettani is a Solutions Architect with Contrast Security. He has a background in software development with extensive experience with SAST, IAST and RASP technologies. Rali holds a Master’s degree in Management Information Systems from The George Washington University and a Bachelor’s degree in Computer Science from Georgia College.

Fugue
Identifies security and compliance violations in cloud infrastructure and ensures they are never repeated. Fugue leverages a DevSecOps strategy that is underpinned by a platform that is designed to enable teams to effectively build cloud-native applications on secure and compliant cloud infrastructure.

Josh Stella is Co-founder and CTO of Fugue. Previously, Josh was a Principal Solutions Architect at Amazon Web Services, where he supported customers in the area of national security. He has served as CTO for a technology startup and in numerous other IT leadership and technical roles over the past 25 years. 

Savyint
Enables enterprises to secure applications, data, and infrastructure for Cloud and Enterprise. Saviynt pioneered Identity Governance & Administration (IGAaaS) 2.0 by integrating advanced risk analytics and intelligence with fine-grained privilege management.

Matt Schmidt has more than 20 years of business leadership experience. Matt is responsible for Saviynt's US Public Sector business. Matt's software sales career has spanned most industry verticals with a focus on delivering simplified solutions for highly engineered products, programs and enterprise initiatives.

Expanse
(formerly Qadium) is a SaaS company that continuously discovers, tracks, and monitors the dynamic global Internet Edge for the world’s largest organizations. We surface and help remediate Internet Edge risks to prevent breaches and successful attacks. Expanse shows you a complete, real-time view of all your Internet assets and what's talking to them.

Sean Donnelly leads cybersecurity research at Expanse, Inc. Sean is a passionate cybersecurity researcher with extensive experience in the industry. He holds a B.S. and M.S. from the United States Naval Academy and Boston University, respectively. As an active-duty U.S. Navy Cryptologic Warfare Officer, Sean worked for the National Security Agency (NSA) before becoming the Technical Director of Navy Blue Team at Fleet Cyber Command.

 

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, December 18, 2018 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 Join us on Tuesday, November 20 for our monthly chapter meeting:

Approaching Cybersecurity Law - A Guide for Information Security Professionals
by David Jackson  

Abstract
Cybersecurity law is a confusing subject. There are many different types of laws, which affect different organizations in different ways. This presentation provides insight in how to consider cybersecurity law as a discipline, and dispels the notion that law as a tool is all powerful. In fact, law can be quite limited, slow, and backward looking. Finally, the presentation ends with a discussion of the future of cybersecurity law, and how to identify the coming trends.

About the Speaker

David R. Jackson is a member of the ISSA DC and NOVA chapters, and he holds CISSP, CEH, and CIPP certifications. He works as a regulatory attorney for a government contractor in the Washington DC area, and he is a regular contributor to the ISSA Journal. Mr. Jackson has a JD from the University of Kansas, and an LL.M. from the University of Arkansas.

david jackson

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, November 20, 2018 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 

 Join us on Wednesday, October 17 for our special event:

Cyber Career Panel: Getting Hired in Cyber
ISSA DC Chapter – Cyber Week Event 

Description
A panel of cybersecurity recruiters will share their tips and advice for successfully getting job in cyber. They will discuss the current hiring landscape, networking strategies, the importance of gaining the right qualifications (certifications, training, and education), building your professional experience, developing your resume, and preparing for interviews. Learn how to stand out from the crowd!

Panel Moderator
Elena Steinke, MBA | CISSP | Security+ | C|EH | Threat Intelligence Analyst, Cybersecurity Strategic & Tactical Architect, Geek, Cybersecurity Enthusiast, and its Champion of Diversity

Director, on the National Board of Women’s Society of Cyberjutsu (WSC)

Industry recognized Jane-of-All-Trades Security Technologist expert, specializing in providing strategic direction, designing, building, and directing cybersecurity operations across continents on multi-national projects, in the financial, healthcare, and federal industries. Stood up and directed multiple 24/7 Security Operation Centers (SOC), Network Operation Centers (NOC), Data Centers, and management of virtualized storage technologies, and elastic cloud environments. Security operations include, establishing, and leading, Threat Intelligence, Hunting, Detection, & Response; Vulnerability Management; Security Assessment; Penetration Testing; Risk Management; Secure Credential Management; Key Management; Security & Awareness Training; Information Assurance; and Governance, Compliance & Policy programs across industries. Lead global efforts for Automotive and Mobile Security, Banknote Processing Systems, Electronic Payments, eSIM, and IoT Technologies She holds a Bachelors in IT, an MBA, and is pursuing her second Masters from Mercyhurst University in Applied Intelligence. Her certifications include CISSP, CEHv9, Security+, and Intel Threat Analyst. When Elena is not being a geek, she enjoys racing triathlons.

Panelists
Leslie Taylor, Senior Cleared Talent Recruiter for Cybersecurity & Emergency Management, ICFS

Tina Atwell, SPHR, SHRM-SCP, Vice President of Administration, G+D Mobile Security, Inc.

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Wednesday, October 17, 2018 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

october 17 2018 get hired panel

 Join us on Tuesday, October 16 for our monthly chapter meeting:

Topic:
Weaponized Information, crafting reality, and targeting the world's most exploitable information systems

Speaker:
Dr. Richard Forno

Abstract:
Some believe 'cyberspace' is an operational environment that involves aspects of the physical, informational, and cognitive. In recent years, we have seen how these environments can be targeted, attacked, and/or exploited for nefarious purposes by adversaries ranging from criminals to foreign nations. Although some argue this represents a new form of warfare, it actually has its roots deep in history and simply is the latest example of adversaries using all available tools to acheive their goals.

From social media, so-called 'fake news', partisan echo chambers, marketing, disinformation, and good old fashioned hacking, this talk discusses the three-dimensional construct of cyberspace and how technology helps blur the lines between the digital and physical. In particular, we will discuss how adversaries, both foreign and domestic, can use these constructs in combination to disrupt the social fabric of both userdom and citizenry to influence political, commercial and/or cybersecurity outcomes. After all, the human mind is the most complicated information system in the world -- but sadly one of the most exploitable ones, too.

 

About the Speaker:
richard fornoDr. Richard Forno is a Senior Lecturer in the UMBC Department of Computer Science and Electrical Engineering, where he directs the UMBC Graduate Cybersecurity Program, serves as the Assistant Director of UMBC's Center for Cybersecurity, and is an Affiliate of the Stanford Law School's Center for Internet and Society (CIS). His twenty-year career in operational cybersecurity spans the government, military, and private sector, including helping build the first formal cybersecurity program for the US House of Representatives, serving as Chief Security Officer for Network Solutions (then, the global center of the internet DNS system), and co-founding the CyberMaryland conference. From 2005-2012 he was a Visiting Scientist at the Software Engineering Institute at Carnegie Mellon University where he served as a course instructor for the CERT Coordination Center (CERT/CC). As a technologist and student of national security studies, Richard has multiple interdisciplinary research and professional interests in the influence of technology upon national security, individuals, and global society.

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, October 16, 2018 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 

 Join us on Tuesday, September 18 for our monthly chapter meeting:

Topic:
Access Control Systems

Speaker:
Roger Roehr

Abstract:
Access control should comprise something you have, something you know, and something you are. Barcode, barium ferrite, magnetic strip, Weigland, proximity, and Hollerith are types of card or badge readers. Barriers restrict or impede access, are continuous, and deter threats. Locks are mechanical or electrical. Containers are classified by the Underwriters Association and categorized as burglary, record, and media. Area classification is controlled, limited, and exclusion.
Roger Roehr will present detail of each providing insight to what goes on behind the scenes with access control.

 

About the Speaker:
roger roehrRoger Roehr is a director at Integrated Security Technologies, Inc. Roger’s core competencies are in the design, installation, and maintenance of electronic physical security, security video and access control systems. He is actively involved in developing standards for the integration of biometrics and smart card technology in Physical Access Control Systems (PACS). Previously he was involved in developing, testing, and implementing a wide range of integration and consulting engagements for identity management and electronic physical security. Roger was a member of the team that delivered the GSA’s FIPS 201 shared service solution. Lead the team that developed the GSA Approved Products List (APL) test harness and NIST Special Publication 800-96. He was the technical lead for physical access control on the Transportation Works Identification Credential (TWIC) smart card identity program. Developed the medium security method that was published in the Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems by the Government Interagency Advisory Board (IAB). Held the position of senior system integrator for the Department of State’s roll out of smart card enabled PASC. Roger severed for two years as the Chair of the Smart Card Alliance Physical Access Control council and currently serves as a member of the council’s steering comity. Prior to becoming a independent consultant, Roger held a number of engineering and technical positions at Tyco, BearingPoint, M.C. Dean, Battelle Memorial Labs, Siemens Building Technology and Security Technology Group. Roger served in the Air Force Security Police. Specialties: HSPD-12 Identity management, smart card and physical access.

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, September 18, 2018 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 

 Join us on Tuesday, August 21 for our monthly chapter meeting:

Topic:
Cybersecurity: No longer just an IT issue.

Speaker:
Mark Fearer

Abstract:
Information security and physical security share at least the domains of insider threat, access control, and awareness training. Protecting the keys to the kingdom involves safeguarding assets. What do you wish to protect? How valuable is what you wish to protect? An Impact Analysis identifies valuable assets via Risk Assessment. In comparing and contrasting information security with physical security we have in common at least gatekeepers, authentication, insider threats, awareness training, and the issues of factory defaults.

Mark Fearer will discuss the domains of insider threat, access control, and awareness training then compare and contrast information security with physical security.

 

About the Speaker:
mark fearerMark Fearer, CISA, CISSP leads a team of information technology auditors at the US Securities & Exchange Commission who examine infrastructure of stock exchanges for good practices in efforts to keep them available and secure. Mark and his team reference NIST standards for baseline information security. With three decades of system and network administration experience Mark holds a masters degree in computer science, several industry certifications, and is currently pursuing a doctorate in cyber-security at Capitol Technology University in Laurel. Mark has been active with ISSA for six years.

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, August 21, 2018 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 

 Join us on Tuesday, June 19 for our monthly chapter meeting:

Topic:
Incorporating Enterprise Priorities to the Risk Management Framework

Speaker:
Noel A Nazario 
Federal Cyber Security Senior Director for Annuk Inc.

Abstract:
On September 28th, the National Institute of Standards and Technology (NIST) announced the release of a discussion draft of Special Publication (SP) 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. A key goal of this document is to institutionalize critical enterprise-wide risk management preparatory activities to facilitate a more efficient and cost-effective execution of the Risk Management Framework at the system and operational level.

This presentation will discuss this organizational preparation step and propose implementation strategies that facilitate better communication between system owners and senior leaders and executives at the enterprise and mission/business process levels. We will also discuss outputs of the organizational preparation step including the clear definition of organizational risk tolerance and acceptable limits for the implementation of security and privacy controls; identification of common controls and the development of organization-wide tailored security and privacy control baselines; reductions to the complexity of the IT infrastructure; and identification of high-value assets and high-impact systems to prioritize their protection.

 

About the Speaker: 
noel nazarioNoel A. Nazario is Federal Cyber Security Senior Director for Annuk Inc. He is focused on growing Annuk's presence within the U.S. Federal market and supporting the Washington Metropolitan Area Transit Authority (WMATA) by leading their IT Architecture Review Board. As ARB Lead, he brings a wealth of technical and leadership experience to steer WMATA towards a coherent IT Enterprise Architecture that is closely aligned with organization-wide goals and supports the integration of best-in-class practices and new technologies.



Mr. Nazario currently holds a Certified Information Security Manager (CISM) designation. He participates in multiple industry groups and is a frequent conference host and speaker for organizations such as the ISACA Greater Washington, DC Chapter.



Specialties: 
Cyber Security; IT Enterprise Architecture; IT Governance; Federal Cloud; FedRAMP; Federal Information Security Management Act (FISMA); IT Program Management; IT Strategy and Risk Management; Public Key Infrastructure (PKI); security labels and data categorization; development of IT security standards and secure communications protocols; IT controls and risk assessment; shared service provider assessments; compliance with Federal cyber security requirements.

 

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, June 19, 2018 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

issa mid atlantic conference 2018 

 Join us on Tuesday, May 15 for a special ISSA National Capital Chapter meeting and make your voice heard. ISSA-DC is your chapter and we want you to help us shape the future of our meetings.

As always, we'll serve some light refreshments and then, we will have an engaging discussion on a series of topics including future speakers you would like to see and hear, chapter mentoring program, field trips, even the food options. We will also introduce a candidate for the ISSA International board of directors and hear about this vision for the future of the association. 

Topic:
Make Your Voice Heard 

 

 

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, May 15, 2018 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

issa mid atlantic conference 2018 

 Due to inclement weather, the meeting is rescheduled to
March 27, 2018 at 6:30 PM

The Battle for Cyberspace
by Samuel S. Visner

 

Abstract
Samuel S. Visner, Director of the National Cybersecurity Federally Funded Research and Development Center and Professor of cybersecurity policy, operations, and technology at Georgetown University, will speak on changes in the way in cyberspace is regarded by different countries, and the consequences of these changes for information security professionals. The talk will discuss the following topics:
• The forces shaping the future of cybersecurity
• Cybersecurity as an instrument of statecraft; the “sovereignty” of cyberspace
• Efforts by other countries to control and govern the cyberspace on which we depend.

The talk will include a high-level history of cyberspace, the rise of integrated computer networks, and the role cybersecurity plays in the international system, with particular attention given to the “new normal” in which hostile computer network exploitation and attack, coupled to “computer network influence,” have emerged as daily phenomena with which information security professionals and the C-Suite must deal.

About the Speaker
Samuel Sanders Visner is the Director of the National Cybersecurity Federally Funded Research and Development Center (MITRE), sponsored by the National Institute of Science and Technology (appointed October 30, 2017). Sam also serves as member of the Cyber and Domestic Security Councils of the Intelligence and National Security Alliance, and the Cyber Committee of the Armed Forces Communications and Electronics Association. Sam is an adjunct professor of Science and Technology in International Affairs at Georgetown University, where he teaches a course on cybersecurity policy, operations, and technology. Sam is also a member of the Council on Foreign Relations, the Atlantic Council, and an Intelligence Associate of the National Intelligence Council, and is a member of the Intelligence Community Studies Board, sponsored by the National Academy of Science and serving the Office of the Director of National Intelligence. Sam served previously as Senior Vice President and General Manager, Cybersecurity and Resilience, ICF International. Prior to ICF, Sam served as Vice President and General Manager, CSC Global Cybersecurity, as a Senior Vice President at SAIC, and as Chief of Signals Intelligence Programs at the National Security Agency, from which he received the Agency's highest award for civilian service. Sam also served as a member of the Board of Directors, CVG/Avtec (2008- 2010). Sam holds a Bachelor's degree in International Politics from Georgetown University and a Master's degree in Telecommunications from George Washington University. Sam served twice on the Intelligence, Surveillance, and Reconnaissance Task Force of the Defense Science Board, and has published articles on national and cybersecurity in World Politics Review, the Georgetown Journal of International Affairs, and the Defense Intelligence Journal. Sam is married to Antoinette (Toni) Burnham, Washington DC's leading urban beekeeper.

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, March 27, 2018 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

issa mid atlantic conference 2018 

 Join us for our monthly meeting
on April 17, 2018 at 6:30 PM

Developing Your Cyber Career Action Plan
by Teresa Allison

 

Abstract
Have you been thinking about transitioning to a career in cybersecurity, but are not quite sure how to make your dream a reality? Are you currently working a cyber job but want to make a plan for advancement? This program walks you through the steps that you need to take in order to explore your cyber career options. It gives you a structured framework for exploring your interest in cyber, researching cyber positions, learning about cyber policies and standards, learning cyber tools, obtaining cyber / IT certifications, as well as applying for cyber jobs. This approach helps you to create your own cyber career action plan so that you can position yourself to join the field of cybersecurity.

About the Speaker
teresa allisonTeresa Allison is an Independent Consultant with MBO Partners. She has worked in the field of information technology consulting for over 18 years. She provides clients with solutions for managing multi-billion dollar IT programs. She specializes in strategic planning, budgeting, performance management, portfolio management, governance, risk management, legal & regulatory compliance, project management, program management, process improvement, business operations transformation, strategic communications and stakeholder management.

Allison has supported clients in the domain areas of Health & Human Services, Homeland Security, Transportation, Financial Regulatory Agencies, Veterans Affairs, Diplomacy & Foreign Affairs, as well as International Development & Foreign Assistance. On her most recent project she assisted a global strategy consulting firm in implementing IT security and privacy policies to comply with the European General Data Protection Regulation (GDPR). She also teaches CISSP certification classes at ASM Educational Center.

Teresa received her bachelor’s degree in Political Science from Xavier University. She graduated from Carnegie Mellon University’s H. John Heinz III School of Public Policy with a Master of Science in Public Policy and Management with a concentration in Management of Information Systems. She is certified IT professional who currently holds the PMP, CGEIT, CSM, ITIL, Security+, CISA, CISSP, and Lean Six Sigma certifications. 

Teresa Allison is the Past President of the Carnegie Mellon University Heinz College Alumni Association comprised of over 11,000 alumni from around the world. She currently serves as a volunteer for the Women’s Society of Cyberjutsu which encourages women to pursue careers in Cybersecurity. She also coordinates higher education outreach programs for the Project Management Institute (PMI) as a member of the Higher Education Partnerships committee and Information System Security Association (ISSA) as the Vice President of Strategic Relations. Allison is also a member Information System Audit and Control Association (ISACA) DC Chapter and the Healthcare Information Management Systems Society (HIMSS).

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, April 17, 2018 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

issa mid atlantic conference 2018 
Please note the new venue below.

February 20, 2018 at 6:30 PM

IoT the Next Frontier of Cyber Risk
by Amber Schroader & Greg Kipper

Please note the new venue below.

 

Abstract
The landscape of cyber is constantly changing and those changes are coming faster than ever before. The new Internet of Things area is one of these areas that are adding billions of devices that all create a true cyber-impact in our lives. Business Insider forecasts that by 2020, 75 percent of new cars will come with built-in IoT connectivity. This is only one of the 9 environments of IoT that we will see unprecedented growth. So, what do we do to prepare our cyber policies and forensic response for this emerging technology. Learn what areas are growing and how to watch for the associated risks. Learn what is required for a digital forensics response plan when it comes to IoT devices.

About the Speakers

Amber Schroader, CEO & Founder, Paraben Corporation
Throughout the past two decades Ms Schroader has been a driving force for innovation in digital forensics. Ms. Schroader has developed over two-dozen software programs designed for the purposes of recovering digital data from mobile phones, computer hard drives, email, and live monitoring services. Ms. Schroader has taught and designed the established protocols for the seizure and processing of digital evidence that have been used by numerous organizations throughout the world. Ms. Schroader has coined the concept of the “360-degree approach to digital forensics” as well as started the momentum and push to the “Forensics of Everything-FoE” with her focus to unique problems in digital evidence and solutions in the area of IoT devices. Ms. Schroader has been a huge industry influence in pushing for a big-picture consideration of the digital evidence and the acquisition process and analysis techniques used. An accomplished curriculum developer and instructor; Ms. Schroader has written and taught numerous classes for this specialized field as well as founded multiple certifications. Ms. Schroader continues support through book contributions and other industry speaking engagements.

Greg Kipper, Cyber-Futurist
Greg Kipper is an accomplished solutions architect, emerging technology strategist, certified security professional, and five-time published author with strong practical experience in all aspects of information technology, cyber security, and proactive cyber threat response. He is also a recognized cyber forensics expert and investigator who has worked several high-profile cases to include the Bernie Madoff scandal. The combination of these two disciplines is both rare and comprehensive in of itself and invaluable to any organization. Greg has also established himself as a creative and strategic thought leader in emerging information technologies gaining the attention and trusted advisor status with the CTO offices of the U.S. Army, Air Force and Coast Guard as well as major financial institutions, Elsevier Publishing, and other Fortune 500 companies. Greg is also a keynote speaker and presenter at conferences and forums around the world and encompasses one of the most difficult things to find in today’s market...someone with proven technical abilities and insights coupled with business sense and strong business communication skills.

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, February 20, 2018 6:30 PM

Please note the new venue:
DC Department of General Services
441 4th Street, NW,
Washington, DC  20001,
Room 1117
(Judiciary Square Metro - Red line)
Click here for a map.

 

March 17, 2015 at 6:30 PM

ISSA National Capital Chapter February meeting topic:

Verizon 2015 Annual Data Breach Investigations Report
by Wade Baker

 

Abstract
Wade will go “off script” from the main DBIR to explore some side alleys of the underlying data and try to answer some big picture questions about information security management. He’s not exactly sure yet what those will be, but promises it will be interesting and instructive. He also promises to give a light taste of what’s cooking for the 2015 DBIR (which is in the works now and the reason this abstract is so short).

About the Speaker 
wade bakerWade Baker is the Director of Cybersecurity Strategy & Research at Verizon Security Solutions. In this role, he is responsible for the overall direction of security services, technology capabilities, intelligence operations, and research programs. He is also the creator and lead author of Verizon’s annual Data Breach Investigations Report ("DBIR"). Baker has over 15 years of experience in the IT and security field. His background spans the technical-managerial spectrum from system administration and web development to intelligence operations and risk management. Prior to his tenure at Verizon, he spent 5 years on the faculty of two major research universities, most recently in the Pamplin College of Business at Virginia Tech.

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, March 17, 2015 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
Washington, DC, 20005

Click here for details.

March 16, 2010

The Watchers - Talk and Book signing
by Shane Harris

Abstract
Despite billions of dollars spent on this electronic since the Reagan era, we still can’t discern future threats in the vast data cloud that surrounds us all. But the government can now spy on its citizens with an ease that was impossible-and illegal-just a few years ago. Drawing on unprecedented access to the people who pioneered this high-tech spycraft, Harris shows how it has moved from the province of right-wing technocrats into the mainstream, becoming a cornerstone of the Obama administration’s war on terror.

Harris puts us behind the scenes where twenty-first-century spycraft was born. We witness Poindexter quietly working from the private sector to get government to buy in to his programs in the early nineties. We see an Army major agonize as he carries out an order to delete the vast database he’s gathered on possible terror cellsand on thousands of innocent Americans-months before 9/11. We follow National Security Agency Director Mike Hayden as he persuades the Bush administration to secretly monitor Americans based on a flawed interpretation of the law. And we see Poindexter return to government with a seemingly implausible idea: that the authorities can collect data about citizens and at the same time protect their privacy. After Congress publicly bans the Total Information Awareness program in 2003, we watch as it secretly becomes a “black program” at the NSA, then engaged in a massive surveillance of Americans’ phone calls and e-mails. 

Shane Harris

Shane Harris writes feature and investigative stories about intelligence, homeland security, and counterterrorism. He is a staff correspondent for National Journal, and writes for other national publications and frequently speaks to the public and the news media. He is the author of the forthcoming book The Watchers, a narrative about the rise of terrorism surveillance in the United States, told through the stories of five men who’ve played instrumental roles in some of the most important and controversial intelligence programs of the past quarter century. It will be published February 18, 2010, by The Penguin Press.

March 16, 2010 6:30 PM

George Washington University
801 22nd Street NW
Room B149 (One floor below lobby)
Washington, DC 20052
View details

Please RSVP if you plan to attend.   

March 17, 2009 6:30 PM

Join us to learn about best strategies for data destruction. And bring a colleague!  Non-members are welcome without charge.  There is no cost except some time and the results could easily be worth your investment. We'll have light refreshments (sandwiches / pizza and soft drinks).

Click here to download presentation in PDF.

March Meeting Topic
Panel Discussion
Data Doesn't Die: Strategies for Data Decommissioning

Perry Dollar - Media Sanitization Project Manager, Department of Veterans Affairs
Clarence Labor -Director of Engineering Services, Intelligent Decisions, Inc

Moderator: Sean Steele, CISSP, CISA, Sr. Security Consultant, infoLock Technologies

Abstract
This panel discussion will highlight best practices for establishing and verifying controls for data destruction on HDDs (magnetic media), including degaussing, triple overwrite/DOD Standard 5220, physical shredding, and Secure Erase methods. The panel presenters, including a federal media sanitization program manager, a data security consultant, and a physical destruction services provider -- will discuss practical and operational considerations, as well as available open source tools, COTS applications, and commercial services.

About Perry Dollar
Awards – CISSP, VACSP
Publications: Sans Library
Information Security Officer and Program Manager of Media Sanitization – 2 years
IT Engineer - Office of Research and Development Computing Center – 18 years
Northrop Electronics – Aerospace Test Engineer – 5 years
General Dynamics Electronics Division – Test Engineer – 5 years
U.S. Navy Aviation Electronics Technician – 10 years.

About Sean Steele
Sean Steele, CISSP, CISA is a Sr. Security Consultant and co-founder of infoLock Technologies, a data lifecycle security consulting & solutions provider headquartered in Arlington, Virginia. The firm focuses on innovative strategies, services, and solutions for managing lifecycle data security – data discovery, encryption, access controls, auditing, and end-of-life destruction. Mr. Steele has over 12 years of IT and information security experience, including as founding employee of GlobalCerts, an email encryption appliance company, and with MicroStrategy, a data mining and business intelligence software company. He has spoken at numerous industry events and meetings, is an occasional information security columnist for NetworkWorld and Information Systems Security Journal (ISSJ). Mr. Steele is co-authoring a book on enterprise IT security programs. He lives in Washington, DC.

March 17, 2009 6:30 PM
Radio Free Asia Conference Room
2025 M St. NW – Street Level
Washington DC
Click here for details.
Please email your RSVP if you plan to attend.