• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Information Systems Security Association

Los Angeles Chapter, cybersecurity, InfoSec, CISO, Privacy

  • Home
  • About
    • About ISSA-LA
    • Our Mission
    • ISSA LA Bylaws
    • Board Members
    • Advisory Board Members
    • Contact Us
  • Events
    • Upcoming Events
    • Past Events
    • Event Archive
    • Speaker Guide
  • Security Tracks
    • Management
    • Privacy
    • Proactive
    • Reactive
    • Technical
  • Security Summits
    • Summit XII 2022
    • Summit XI 2019
    • Summit X 2018
  • Membership
  • Become a Sponsor
    • Become Monthly Meeting Sponsor
    • Become 2022 Summit Sponsor
  • Resources
    • Information Security Links
    • Keeping Kids and Families Safe Online

Management

February – By Lori Cole and Kory Fear

February 18, 2020 By Technology Director

Offensive Cyber Operations Abroad – February20Download

Filed Under: ISSA Monthly Journal Articles, Management, Proactive

January – By Stephen Berk

January 20, 2020 By Technology Director

The 2019 NIST Risk Management Framework update incorporates a critical paradigm shift requiring greater C-suite involvement and oversight, bringing a formal preparation step to the process that permeates every level of the organization and requires that management drives assessment and authorization efforts going forward.

January20Download

Filed Under: ISSA Monthly Journal Articles, Management, Proactive

January – Andy Kim

January 20, 2020 By Technology Director

January2020_SpeakerSlidesDownload

Topic: All Eyes On You: Cyber security in the Age of Innovation

Digital Transformation and Innovation are profoundly impacting the way businesses operate today. Time to market, speed, and agility are necessary requirements just to stay competitive in today’s marketplace. But, just as businesses are moving  fast into the future, cyber threats continue to multiply exponentially, challenging cyber security professionals and the businesses they support. What can cyber security professionals do given these seemingly incompatible objectives and how can they position the business for success? In this session, we’ll cover the reality of digital transformation, the impact of privacy, and the importance of the customer journey among many others topics that will position your cyber security program for success in 2020.

Speaker: Andy Kim, CISO eBusiness, Allstate

Andy is a strategic business partner to the C-Suite, implementing business vision within acceptable business risk. He is an avid technologist with the understanding that cyber security risks are fundamentally a human problem. A conclusion he has drawn from successfully implementing information security programs across heavily regulated industries including banking, investments, insurance, and healthcare for the past 18 years. Andy currently serves as the CISO for the digital brands and innovation businesses at Allstate. Andy helps insurance innovators deliver their capabilities in the cloud, while managing risk within acceptable tolerances.

Previously, Andy led the Risk Solutions group at Neustar. As Director, he supported multi-million dollar anti-fraud deals involving the internet and call center consumer channels for the top 10 financial institutions in the US. As a thought leader, he has been featured on American Banker http://pages.marketing.americanbanker.com/20180208_abp_neustar_ws_lp.html?source=client and has had published thought leadership blogs on identity and GDPR: https://www.risk.neustar/blog/authors/andy-kim

Before Neustar, Andy served as Director of Technology Risk Consulting Services at FIS (NYSE: FIS), in the Risk Information Security and Compliance business, which attained the #1 ranking in the Chartis RiskTech 100, where he was responsible for leading a team of subject matter experts that provided expert advisory and consulting services focusing on fraud, digital crime and cybersecurity to hundreds of financial services clients in the U.S.  He also led the design and product marketing of CyberForce, an innovative next generation fraud and cybersecurity anomalous activity detection solution in the U.S. and EMEA markets.  

Other positions include CISO of a large regional bank in Los Angeles, CISO supporting the CTO and CIO of a major US bank, CISO and HIPAA Security Officer at a pharmacy benefit management software company, Americas Security Officer of one of largest asset management firms, and Group IT Risk Officer to the third largest insurance company in the US.

Andy is highly regarded in the industry for his subject matter expertise and thought leadership and is a frequent speaker at industry conferences.  He also holds multiple certifications such as CGEIT, CISA, CISSP, CISM, ISSAP and ISSMP. 

Filed Under: Management, Monthly Meeting Speakers, Privacy

December – Neil Daswani

December 15, 2019 By Technology Director

Topic: The Biggest Breaches And What They Mean For The Future Of Cybersecurity Investment

This talk covers the key lessons learned and root causes from the biggest mega-breaches over the past several years, and analyzes their correlation to the over $45 billion invested in cybersecurity thus far. Based on hard data of over 4,000 cybersecurity companies that have been funded thus far, and what they have focused on to-date, some hypotheses on where future investment is required will be presented. Whether you’re interested in how your current company is positioned for the future of cybersecurity, considering a job change, or even potentially starting a cybersecurity company yourself, this talk will arm you with the information that you need about the security landscape, both on the business and technology fronts. Future trends in cybersecurity will also be discussed.

Speaker: Neil Daswani

Neil Daswani is currently an Executive-in Residence at Trinity Ventures, and is a Co-Director of the Stanford Advanced Security Certification Program. He has in the past served in a variety of research, development, teaching, and executive roles at Symantec, LifeLock, Twitter, Dasient, Google, NTT DoCoMo USA Labs, Yodlee, and Bellcore. Neil has been both a security entrepreneur having co-founded Dasient which was acquired by Twitter, and has also served as a Chief Information Security Officer at LifeLock and at Symantec’s Consumer Business Unit. His DNA is deeply rooted in security research and development, he has dozens of technical articles published in top academic and industry conferences (ACM, IEEE, USENIX, RSA, BlackHat, and OWASP), and he has been granted over a dozen U.S. patents. Neil is also co-author of “Foundations of Security: What Every Programmer Needs To Know” (http://tinyurl.com/33xs6g), He earned Ph.D. and M.S. degrees in Computer Science at Stanford University, and he holds a B.S. in Computer Science with honors with distinction from Columbia University.

Filed Under: Management, Monthly Meeting Speakers, Proactive

November – Michael Gold

November 21, 2019 By Technology Director

Topic: California Consumer Privacy Act (CCPA)

MAG-CCPA-Slides-November-2019Download

The California Consumer Privacy Act of 2018 is the most comprehensive law of its kind ever enacted in the United States, setting forth rules for companies that buy, collect, transfer or sell consumers’ personal information. Because of the size and reach of the California economy – the 6th largest in the world – and the number of companies that may need to comply – estimated at about 500,000 worldwide – the CCPA is effectively a national, if not international, law. This program will address the salient features of the CCPA, who must comply, the new rights consumers have under the CCPA, legal exposures for violations, likely impacts of the law, and what companies should do to comply with the law.

Speaker: Michael Gold

Michael Gold is co-chair of JMBM’s Cybersecurity and Privacy Group and counsels businesses in a wide variety of matters, including data breach responses and investigations, crisis management, development of computer-based information retention systems, forensic investigations of computer systems, and computer and internet privacy matters.

Michael assists clients in developing and implementing information management and governance best practices and developing policies and compliance structures for protecting personal and company information. He counsels clients on information security and privacy law compliance issues; assists clients in developing policies and processes to comply with information security and privacy laws (including the E.U.’s General Data Protection Regulation, the California Consumer Privacy Act of 2018, and other state and industry-sectoral privacy laws in the U.S.); negotiates technology agreements relating to information security and privacy; and defends litigation and arbitrations, including class actions, arising from data breach and privacy claims.

Michael was named one of California’s “Top 20 Cyber – Artificial Intelligence Lawyers” by the Daily Journal (2018), one of the “Most Influential Lawyers: Digital Media and E-Commerce Law” by the Los Angeles Business Journal, and has been designated a “Top Rated Lawyer in Technology Law” by Martindale Hubbell. He is the author of the upcoming Bloomberg BNA portfolio Enterprise Cybersecurity Governance, and co-author of the Bloomberg BNA Portfolio Records Retention for Enterprise Knowledge Management.

Filed Under: Management, Monthly Meeting Speakers, Privacy, Proactive

October – By Kevin A. Sesock

October 8, 2019 By Technology Director

Immaturity & Moral Hazard in the Cyber Insurance Market

October19Download

Filed Under: ISSA Monthly Journal Articles, Management, Proactive, Reactive

September – Neela Jacques

September 21, 2019 By Technology Director

Topic: Sophisticated Spear Phishing
96% of attacks start with an Email. This session, Neela will focus on understanding the types of attacks you are likely receiving and the various ways you can protect your organization. A specific area of focus will be the rise in sophisticated Spear Phishing and the way we now have to rely on Machine Learning and Artificial intelligence to stay ahead of the hackers.

Speaker: Neela Jacques
Neela Jacques joined Barracuda Networks in 2018, bringing more than 20 years’ experience of bringing innovative enterprise software products to market. Neela has global responsibility for all aspects of Go-to-Market for Barracuda’s complete portfolio of award-winning, cloud enabled security products. Prior to Barracuda, Neela was Executive Director of the OpenDaylight project and VP at the Linux Foundation. There, Neela led a community of thousands of developers around the world to drive innovations in SDN and NFV with a developer-driven open source platform. He oversaw and provided guidance for all aspects of the project, from governance and technology to community and marketing. Prior to that, Neela was part of the core VMware team that took virtualization from a niche development and testing product to ubiquitous use. He developed and took to market the company’s Software-Defined Data Center (SDDC) vision and strategy. Neela also founded and launched VMware’s first cloud computing initiative in 2007.

Filed Under: Management, Monthly Meeting Speakers, Proactive, Technical

September – By Stephen Berk

September 21, 2019 By Technology Director

NIST Ushers In a New Era of IT Risk Management

Filed Under: ISSA Monthly Journal Articles, Management, Proactive

August – Dr. Paulo Shakarian

September 4, 2019 By Technology Director

Topic: Artificial Intelligence Research for Forecasting Exploit Usage
Vulnerability disclosure rates are at an all-time high – averaging over 1,000 per month in 2019 – more than twice as much as in 2016. But while disclosure rates have remained at this high level, hackers still only exploit a small fraction ranging from 2%-3% by most studies. Ironically, the fact that exploited vulnerabilities make up such a small portion mean that this a particularly challenging machine learning problem. In this talk will review a series of peer-reviewed research papers that were produced under U.S. government grant funding that have investigated this problem. Through a combination of machine learning, graph theory, and data mining (from sources including social media, deepweb, open web, and Tor sites), these approaches provided promising results. These techniques leveraged an understanding of not only the content of hacker discussions, but also the underlying social structure of these communities as well as technical information about the vulnerabilities themselves. This, in-turn, enabled successful forecasting of exploits before they become available – providing a 20-fold improvement in terms of precision. This talk not only reviews the peer reviewed research, but also gives insight into how machine learning can be used to address cybersecurity problems and provides examples of exploit usage successfully predicted ahead of time.

Filed Under: Management, Monthly Meeting Speakers, Privacy, Proactive, Reactive, Technical

July – Gary Asplund

September 2, 2019 By Technology Director

Topic: My CEO Told Me We Have To Move Our Datacenter to the Public Cloud…So, What’s the Big Deal?

Abstract:

Consider the following:

– You don’t own any of it but, it is your responsibility to control and secure everything in it

– You don’t own any of it, but you critically depend on what’s in it

– You don’t maintain any of it, but you trust all of it is properly maintained at all times 

– You can’t touch any of it, but it’s up to you to completely orchestrate, control and secure what’s in it

– You can’t physically walk in anywhere but you (and anyone else on the planet with the right access) can virtually access from everywhere 

At first blush, a seasoned and experienced network / security director may not fully appreciate the significant differences and challenges his/her staff will experience in trying to fulfill their job duties when their datacenter is in the public cloud. The old strategy of ‘lift and shift’ – creating VM’s of all of your current/existing hardware and ‘shifting’ it to the cloud – will fail. Further evidence of the urgent need for purpose-built tools to secure public cloud infrastructures can be seen in the multiple and repeated data leaks and misconfiguration compromises we have seen in the last year – According to Gartner, “Through 2022, at least 95% of cloud security failures will be the customer’s fault.” 

And in a world which is rapidly becoming completely ‘software defined’ new skills and tools are required. 

In this session, we will discuss why today’s IT organizations require mature and complete native tools – built in the cloud for the cloud – which provide: 

– Complete visibility
– Configuration management – Identity protection
– Secure DevOps
– Compliance Automation
– Governance Enforcement
– Environment Lockdown 

We will discuss the subtle yet profound differences in operating your datacenter in the public cloud vs operating your own datacenter. We will discuss the ’Shared Responsibility Model’ and what it really means to you and your IT department as you expand the number of workloads you move to the public cloud. And, as your sophistication increases, and you expand your use of PaaS and IaaS, the complexities follow in tandem. We will show how today’s IT organizations require new, purpose-built tools designed and capable of ’speaking the same language’ as the public cloud infrastructures and built to leverage the extensive API’s they provide.

Filed Under: Management, Monthly Meeting Speakers, Proactive, Technical

  • Go to page 1
  • Go to page 2
  • Go to Next Page »

Primary Sidebar

Join Our Mailing List and Meetup

Email Subscription

Follow ISSA LA

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Listen to ISSA-LA President Richard Greenberg Being Interviewed by Ron Burgundy (Will Ferrell)

Grant funds are now available: Get exclusive access to Information Security Leaders: ask questions and obtain guidance; get policies, procedures and governance

We are Proud to Present our Educational Sponsors

ISSA Education Foundation

ISSA Los Angeles Follow

Information Systems Security Association Los Angeles Chapter

issala
issala ISSA Los Angeles @issala ·
1h

Come join us in-person this evening at our Dinner meeting to listen to Mark Keelan, Director of the Compliance Practice at UST Global talk about Cyber Supply Chain Risk Management! Register here! https://issala.org/event/issa-la-august-17-2022-in-person-dinner-meeting/

Reply on Twitter 1559929048628953088 Retweet on Twitter 1559929048628953088 1 Like on Twitter 1559929048628953088 2 Twitter 1559929048628953088
issala ISSA Los Angeles @issala ·
12 Aug

CAPTCHA tests across the web are becoming increasingly complex, irritating internet users. https://www.wired.com/story/smiling-dogs-horses-made-of-clouds-captcha-has-gone-too-far/?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew

Reply on Twitter 1558212114677993473 Retweet on Twitter 1558212114677993473 Like on Twitter 1558212114677993473 1 Twitter 1558212114677993473
issala ISSA Los Angeles @issala ·
12 Aug

The U.S. Department of Labor is partnering with the White House and the U.S. Department of Commerce, and other federal agencies to address the cybersecurity field's current job openings and longer-term job quality and retention issues! https://www.apprenticeship.gov/cybersecurity-apprenticeship-sprint?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew

Reply on Twitter 1558181695303598081 Retweet on Twitter 1558181695303598081 1 Like on Twitter 1558181695303598081 2 Twitter 1558181695303598081
issala ISSA Los Angeles @issala ·
12 Aug

Come join us at the ISSA LA Summit and learn from Michael Wylie about "Wireshark for Incident Response and Threat Hunting Workshop Setup"!

Click here to register! https://summit.issala.org/#register

Reply on Twitter 1558163751458803715 Retweet on Twitter 1558163751458803715 2 Like on Twitter 1558163751458803715 2 Twitter 1558163751458803715
issala ISSA Los Angeles @issala ·
11 Aug

Mirroring Actual Landing Pages for Convincing Credential Harvesting https://www.avanan.com/blog/mirroring-actual-landing-pages-for-convincing-credential-harvesting?hs_preview=ZRrrHzFP-79205635387

Reply on Twitter 1557759114515824640 Retweet on Twitter 1557759114515824640 Like on Twitter 1557759114515824640 1 Twitter 1557759114515824640
issala ISSA Los Angeles @issala ·
9 Aug

Come join us in-person at our August 17 Dinner meeting to listen to Mark Keelan, Director of the Compliance Practice at UST Global talk about Cyber Supply Chain Risk Management! Register here! https://issala.org/event/issa-la-august-17-2022-in-person-dinner-meeting/

Reply on Twitter 1557077829799526400 Retweet on Twitter 1557077829799526400 2 Like on Twitter 1557077829799526400 2 Twitter 1557077829799526400
Load More

Website Sponsors

Harassment Free Environment

ISSA-LA is dedicated to providing a harassment-free experience for everyone, regardless of gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, race, age, religion, or political affiliation. We have a zero tolerance policy for harassment in any form. Violations by any registered attendee or participant at any ISSA-LA events may result in expulsion and possible ban from future ISSA-LA events.


© Copyright 2019 ISSA LA · All Rights Reserved · Privacy Policy · Terms of Use