Vectra brought a special January bonus meeting this month! Thank you Vectra!
Monthly Meeting Speakers
Recap: January 2021 Virtual Chapter Meeting
Happy New Year Everyone! We are kicking things off with a special collaboration with our Law Enforcement counterparts. Catch it below!
Recap: September 2020 Virtual Chapter Meeting
Topic: Inclusion Before Diversity
Abstract: For far too long, the conversation of diversity and inclusion has lacked definition. Many believe the terms are synonymous, but they are not. Diversity is simply not possible unless our cultures foster inclusion, which are the behaviors and social norms that allow diversity to happen in our workforce. Join our panel of leaders who will discuss insights on what inclusion means to diversity as well as the behaviors of inclusion our cultures need to foster in order to have a diversity of people.
We had an exciting and refreshing conversation on diversity lead by Deidre Diamond in September. Together with Marci McCarthy, Jimmy Sanders, Mari Galloway and Anu Koshy, they really spearheaded a passionate conversation on inclusion before diversity.
If you missed the conversation, you may watch the replay below.
Recap: August 2020 Virtual Chapter Meeting
Topic: Those who do not learn history are doomed to repeat it.
Presenter: Jack Daniel
Summary: When frustrated we may ask ourselves “where are we going and why are we in this handbasket?”, but we rarely have the time to really reflect on where we’re going as an industry and how we got here- and who led the way. The people and ideas which were the foundations of information security are not ancient history, yet few of us know much about them. We are too busy running to keep up and never have time to look back. In this talk we will meet some of the people who founded and advanced our field, and hear some of their stories.
Watch the recap below:
Sponsors: Exabeam and Semperis
Recap: July 2020 Virtual Chapter Meeting
Topic: Hack The Vote!
Presenter: Chris Roberts
One person, one vote… that’s what we keep telling ourselves, although let’s be honest that really isn’t how it works, at least in the US because of the cockeyed electoral college thing, so it’s more like “some states, most of the votes” AND we can break that down even further by “Electoral College, ALL the votes” because they don’t have to give a damm what you think OR who’s most popular in your state…
So, face it, it really doesn’t matter what the hell you vote, it all comes down to a set of folks…
Which sucks
SO, lets change things
Let’s hack the voting systems, after all they’re controlled by three major companies who don’t give a toss about security, who, between them have more lawyers than programmers and with whom we entrust out futures….ALL secured by passwords such as “EVEREST” “ESS, Password or 1234
Splendid…
What DO we do about it? Watch the recap below:
February – Joshua Jacobson
Topic: Taking The Bugs Out of Bug Bounty
Bug Bounties are the new big “thing” in infosec with a diverse group companies of all sizes jumping in. While these programs can be highly effective, it is easier said than done. Using his experience building and running Aviation’s first bug bounty program, Josh discusses his trials and tribulations implementing a first of its kind Bug Bounty program. By the end of this talk you will know what to anticipate, do, and avoid while building a Bug Bounty program to be as successful as possible right out of the gate.
Speaker: Josh Jacobson
Josh is an ethical hacker and researcher based out of Los Angeles California. He began his career as an ethical hacker with a focus on internal and wireless network penetration testing before taking on application security. In his previous role at United Airlines he designed, built, and managed aviation’s first public bounty program which subsequently won multiple awards. While at United also lead digital forensics and conducted Aircraft and Avionics research as an ethical hacker. Josh now oversees vulnerability management for Sony Pictures Entertainment.
November – Michael Gold
Topic: California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act of 2018 is the most comprehensive law of its kind ever enacted in the United States, setting forth rules for companies that buy, collect, transfer or sell consumers’ personal information. Because of the size and reach of the California economy – the 6th largest in the world – and the number of companies that may need to comply – estimated at about 500,000 worldwide – the CCPA is effectively a national, if not international, law. This program will address the salient features of the CCPA, who must comply, the new rights consumers have under the CCPA, legal exposures for violations, likely impacts of the law, and what companies should do to comply with the law.
Speaker: Michael Gold
Michael Gold is co-chair of JMBM’s Cybersecurity and Privacy Group and counsels businesses in a wide variety of matters, including data breach responses and investigations, crisis management, development of computer-based information retention systems, forensic investigations of computer systems, and computer and internet privacy matters.
Michael assists clients in developing and implementing information management and governance best practices and developing policies and compliance structures for protecting personal and company information. He counsels clients on information security and privacy law compliance issues; assists clients in developing policies and processes to comply with information security and privacy laws (including the E.U.’s General Data Protection Regulation, the California Consumer Privacy Act of 2018, and other state and industry-sectoral privacy laws in the U.S.); negotiates technology agreements relating to information security and privacy; and defends litigation and arbitrations, including class actions, arising from data breach and privacy claims.
Michael was named one of California’s “Top 20 Cyber – Artificial Intelligence Lawyers” by the Daily Journal (2018), one of the “Most Influential Lawyers: Digital Media and E-Commerce Law” by the Los Angeles Business Journal, and has been designated a “Top Rated Lawyer in Technology Law” by Martindale Hubbell. He is the author of the upcoming Bloomberg BNA portfolio Enterprise Cybersecurity Governance, and co-author of the Bloomberg BNA Portfolio Records Retention for Enterprise Knowledge Management.
October – Art Poghosyan
Privileged access has been one of the most complex issues organizations have had to address. Breaches of privileged access can have profound impact on IT infrastructure, expose large volumes of confidential data and cause devastating consequences for the business. The rapid evolution of the public cloud technologies in the past few years has introduced even more complexity and has challenged the existing methods and tools for securing privileged access. As a result, we are witnessing an exponential increase in cloud access breaches that leave terabytes of confidential data exposed and cost businesses billions of dollars every year.
In this talk, we will review key examples of how the growing public cloud ecosystems have re-defined privileged access security requirements which, in turn, created the need for new and innovative approaches to securing privileged access. We will also review the best practices for cloud privileged access governance that are already emerging and are being adopted by the industry leading organizations. We will conclude with recommendations for security professionals to help identify their cloud privileged access exposures and define a methodical approach for addressing this critical risk in their environments.
Speaker: Art Poghosyan
Art has spent nearly two decades of his professional career in Information Security. The first 8 years of his career Art spent at Big 4 firms, serving global enterprises across many industries. In 2010, Art co-founded Advancive, a market leading brand for Identity & Access Management (IAM) consulting and solutions implementation. Art led the company’s exponential growth and eventual acquisition by Optiv Security in 2016. At Optiv, Art built and launched Optiv’s first managed IAM service offering focused on Privileged Access Management (PAM). In 2018, Art left Optiv to start his next business venture, Britive, where he is serving as the CEO. Art is a frequent industry contributor, recognized for sponsorships and speaking engagements at events such as Identiverse, RSA Charge, ISSA LA Summit, and ISACA Orange County conference. He is a regular volunteer and contributor at (ISC)2 CISSP and ISSAP certification exam development workshops.
July – Gary Asplund
Topic: My CEO Told Me We Have To Move Our Datacenter to the Public Cloud…So, What’s the Big Deal?
Abstract:
Consider the following:
– You don’t own any of it but, it is your responsibility to control and secure everything in it
– You don’t own any of it, but you critically depend on what’s in it
– You don’t maintain any of it, but you trust all of it is properly maintained at all times
– You can’t touch any of it, but it’s up to you to completely orchestrate, control and secure what’s in it
– You can’t physically walk in anywhere but you (and anyone else on the planet with the right access) can virtually access from everywhere
At first blush, a seasoned and experienced network / security director may not fully appreciate the significant differences and challenges his/her staff will experience in trying to fulfill their job duties when their datacenter is in the public cloud. The old strategy of ‘lift and shift’ – creating VM’s of all of your current/existing hardware and ‘shifting’ it to the cloud – will fail. Further evidence of the urgent need for purpose-built tools to secure public cloud infrastructures can be seen in the multiple and repeated data leaks and misconfiguration compromises we have seen in the last year – According to Gartner, “Through 2022, at least 95% of cloud security failures will be the customer’s fault.”
And in a world which is rapidly becoming completely ‘software defined’ new skills and tools are required.
In this session, we will discuss why today’s IT organizations require mature and complete native tools – built in the cloud for the cloud – which provide:
– Complete visibility
– Configuration management – Identity protection
– Secure DevOps
– Compliance Automation
– Governance Enforcement
– Environment Lockdown
We will discuss the subtle yet profound differences in operating your datacenter in the public cloud vs operating your own datacenter. We will discuss the ’Shared Responsibility Model’ and what it really means to you and your IT department as you expand the number of workloads you move to the public cloud. And, as your sophistication increases, and you expand your use of PaaS and IaaS, the complexities follow in tandem. We will show how today’s IT organizations require new, purpose-built tools designed and capable of ’speaking the same language’ as the public cloud infrastructures and built to leverage the extensive API’s they provide.