• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Information Systems Security Association

Los Angeles Chapter, cybersecurity, InfoSec, CISO, Privacy

  • Home
  • About
    • About ISSA-LA
    • Our Mission
    • ISSA LA Bylaws
    • Board Members
    • Advisory Board Members
    • Contact Us
  • Events
    • Upcoming Events
    • Past Events
    • Event Archive
    • Speaker Guide
  • Security Tracks
    • Management
    • Privacy
    • Proactive
    • Reactive
    • Technical
  • Security Summits
    • Summit XII 2022
    • Summit XI 2019
    • Summit X 2018
  • Membership
  • Become a Sponsor
    • Become Monthly Meeting Sponsor
    • Become 2022 Summit Sponsor
  • Resources
    • Information Security Links
    • Keeping Kids and Families Safe Online

Technical

December – By Jaret Langston, Dale W. Callahan, and Joseph Popinski

December 15, 2019 By Technology Director

December19Download

Filed Under: ISSA Monthly Journal Articles, Privacy, Technical

November – By Tony Rice

November 19, 2019 By Technology Director

Secure DevOps Before DevSecOps

November19Download

Filed Under: ISSA Monthly Journal Articles, Proactive, Technical

October – Art Poghosyan

October 8, 2019 By Technology Director

Topic: Closing the Cloud Security Gap with Privileged Access GovernanceDownload

Privileged access has been one of the most complex issues organizations have had to address. Breaches of privileged access can have profound impact on IT infrastructure, expose large volumes of confidential data and cause devastating consequences for the business. The rapid evolution of the public cloud technologies in the past few years has introduced even more complexity and has challenged the existing methods and tools for securing privileged access. As a result, we are witnessing an exponential increase in cloud access breaches that leave terabytes of confidential data exposed and cost businesses billions of dollars every year.
In this talk, we will review key examples of how the growing public cloud ecosystems have re-defined privileged access security requirements which, in turn, created the need for new and innovative approaches to securing privileged access. We will also review the best practices for cloud privileged access governance that are already emerging and are being adopted by the industry leading organizations. We will conclude with recommendations for security professionals to help identify their cloud privileged access exposures and define a methodical approach for addressing this critical risk in their environments.

Speaker: Art Poghosyan
Art has spent nearly two decades of his professional career in Information Security. The first 8 years of his career Art spent at Big 4 firms, serving global enterprises across many industries. In 2010, Art co-founded Advancive, a market leading brand for Identity & Access Management (IAM) consulting and solutions implementation. Art led the company’s exponential growth and eventual acquisition by Optiv Security in 2016. At Optiv, Art built and launched Optiv’s first managed IAM service offering focused on Privileged Access Management (PAM). In 2018, Art left Optiv to start his next business venture, Britive, where he is serving as the CEO. Art is a frequent industry contributor, recognized for sponsorships and speaking engagements at events such as Identiverse, RSA Charge, ISSA LA Summit, and ISACA Orange County conference. He is a regular volunteer and contributor at (ISC)2 CISSP and ISSAP certification exam development workshops.

Filed Under: Monthly Meeting Speakers, Proactive, Technical

September – Neela Jacques

September 21, 2019 By Technology Director

Topic: Sophisticated Spear Phishing
96% of attacks start with an Email. This session, Neela will focus on understanding the types of attacks you are likely receiving and the various ways you can protect your organization. A specific area of focus will be the rise in sophisticated Spear Phishing and the way we now have to rely on Machine Learning and Artificial intelligence to stay ahead of the hackers.

Speaker: Neela Jacques
Neela Jacques joined Barracuda Networks in 2018, bringing more than 20 years’ experience of bringing innovative enterprise software products to market. Neela has global responsibility for all aspects of Go-to-Market for Barracuda’s complete portfolio of award-winning, cloud enabled security products. Prior to Barracuda, Neela was Executive Director of the OpenDaylight project and VP at the Linux Foundation. There, Neela led a community of thousands of developers around the world to drive innovations in SDN and NFV with a developer-driven open source platform. He oversaw and provided guidance for all aspects of the project, from governance and technology to community and marketing. Prior to that, Neela was part of the core VMware team that took virtualization from a niche development and testing product to ubiquitous use. He developed and took to market the company’s Software-Defined Data Center (SDDC) vision and strategy. Neela also founded and launched VMware’s first cloud computing initiative in 2007.

Filed Under: Management, Monthly Meeting Speakers, Proactive, Technical

August – Dr. Paulo Shakarian

September 4, 2019 By Technology Director

Topic: Artificial Intelligence Research for Forecasting Exploit Usage
Vulnerability disclosure rates are at an all-time high – averaging over 1,000 per month in 2019 – more than twice as much as in 2016. But while disclosure rates have remained at this high level, hackers still only exploit a small fraction ranging from 2%-3% by most studies. Ironically, the fact that exploited vulnerabilities make up such a small portion mean that this a particularly challenging machine learning problem. In this talk will review a series of peer-reviewed research papers that were produced under U.S. government grant funding that have investigated this problem. Through a combination of machine learning, graph theory, and data mining (from sources including social media, deepweb, open web, and Tor sites), these approaches provided promising results. These techniques leveraged an understanding of not only the content of hacker discussions, but also the underlying social structure of these communities as well as technical information about the vulnerabilities themselves. This, in-turn, enabled successful forecasting of exploits before they become available – providing a 20-fold improvement in terms of precision. This talk not only reviews the peer reviewed research, but also gives insight into how machine learning can be used to address cybersecurity problems and provides examples of exploit usage successfully predicted ahead of time.

Filed Under: Management, Monthly Meeting Speakers, Privacy, Proactive, Reactive, Technical

July – Gary Asplund

September 2, 2019 By Technology Director

Topic: My CEO Told Me We Have To Move Our Datacenter to the Public Cloud…So, What’s the Big Deal?

Abstract:

Consider the following:

– You don’t own any of it but, it is your responsibility to control and secure everything in it

– You don’t own any of it, but you critically depend on what’s in it

– You don’t maintain any of it, but you trust all of it is properly maintained at all times 

– You can’t touch any of it, but it’s up to you to completely orchestrate, control and secure what’s in it

– You can’t physically walk in anywhere but you (and anyone else on the planet with the right access) can virtually access from everywhere 

At first blush, a seasoned and experienced network / security director may not fully appreciate the significant differences and challenges his/her staff will experience in trying to fulfill their job duties when their datacenter is in the public cloud. The old strategy of ‘lift and shift’ – creating VM’s of all of your current/existing hardware and ‘shifting’ it to the cloud – will fail. Further evidence of the urgent need for purpose-built tools to secure public cloud infrastructures can be seen in the multiple and repeated data leaks and misconfiguration compromises we have seen in the last year – According to Gartner, “Through 2022, at least 95% of cloud security failures will be the customer’s fault.” 

And in a world which is rapidly becoming completely ‘software defined’ new skills and tools are required. 

In this session, we will discuss why today’s IT organizations require mature and complete native tools – built in the cloud for the cloud – which provide: 

– Complete visibility
– Configuration management – Identity protection
– Secure DevOps
– Compliance Automation
– Governance Enforcement
– Environment Lockdown 

We will discuss the subtle yet profound differences in operating your datacenter in the public cloud vs operating your own datacenter. We will discuss the ’Shared Responsibility Model’ and what it really means to you and your IT department as you expand the number of workloads you move to the public cloud. And, as your sophistication increases, and you expand your use of PaaS and IaaS, the complexities follow in tandem. We will show how today’s IT organizations require new, purpose-built tools designed and capable of ’speaking the same language’ as the public cloud infrastructures and built to leverage the extensive API’s they provide.

Filed Under: Management, Monthly Meeting Speakers, Proactive, Technical

June – Kevin Albano

September 2, 2019 By Technology Director

Topic: Effective Threat Intelligence Sharing

Many organizations struggle with creating threat intelligence for a variety of reasons – availability of data, trust of the data, and effective integration with other sources, among others.  Further compounding the challenge is the need to convert the information into meaningful and actionable actions. With the possibility of mounting cyber threats to several densely populated areas, many municipalities across the world face a growing need for insightful information to act and react to real-time dangers.

In this presentation, we will present approaches to effective sharing of threat intelligence and how we create new threat intelligence every day using commercial data sources for malware, surface web, dark web and open data sources.

Speaker: Kevin Albano
Kevin Albano, Global Lead, Threat Intelligence, IBM X-Force IRIS
Kevin Albano has more than 17 years of experience working in information technology, law enforcement, and security consulting. Throughout his career, he has focused on investigating computer network intrusions, notifying impacted organizations, and disrupting some of the largest cyber espionage campaigns.

At IBM, Kevin is responsible for threat intelligence collections, managing advanced threat research and directing information analysis – all focused on helping customers understand their cyber threat risk and make decisions to protect their organization.

Prior to IBM, Kevin held prominent roles at the Federal Bureau of Investigation (FBI) and Mandiant. As a Special Agent at the Los Angeles FBI Field Office, Kevin developed the investigative process for examining computer network attack operations. He identified large-scale organized data theft operations and created the field guide for how cyber espionage investigators notify data breach victims.

Kevin joined Mandiant from the FBI to help defend commercial and government entities against cyber espionage. While at Mandiant, Kevin developed programs to analyze criminal attack infrastructures, notify victim commercial entities, and define threats. He also supported incident responders by categorizing and organizing threat information to identify sophisticated threat groups.

Kevin has also made significant contributions to the Information Sharing and Analysis Organization (ISAO) Standards Organization ISAO 300-1

Filed Under: Monthly Meeting Speakers, Proactive, Technical

August – By Clara Andress and Jason Andress

August 12, 2019 By Technology Director

Filed Under: ISSA Monthly Journal Articles, Reactive, Technical

July – By Clara Andress and Jason Andress

July 7, 2019 By Technology Director

Filed Under: ISSA Monthly Journal Articles, Privacy, Technical

Primary Sidebar

Join Our Mailing List and Meetup

Email Subscription

Follow ISSA LA

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Listen to ISSA-LA President Richard Greenberg Being Interviewed by Ron Burgundy (Will Ferrell)

Grant funds are now available: Get exclusive access to Information Security Leaders: ask questions and obtain guidance; get policies, procedures and governance

We are Proud to Present our Educational Sponsors

ISSA Education Foundation

ISSA Los AngelesFollow

Information Systems Security Association Los Angeles Chapter

ISSA Los Angeles
issalaISSA Los Angeles@issala·
20 May

Microsoft says it’s noticed an increase in malware (dubbed “cryware”) targeting internet-connected cryptocurrency wallets, and they’re using some surprisingly sophisticated tools to do it. https://www.microsoft.com/security/blog/2022/05/17/in-hot-pursuit-of-cryware-defending-hot-wallets-from-attacks/?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew

Reply on Twitter 1527439012054679552Retweet on Twitter 1527439012054679552Like on Twitter 15274390120546795522Twitter 1527439012054679552
issalaISSA Los Angeles@issala·
19 May

Nearly five months after the announcement of a major vulnerability in the Java-based logging platform Log4J, two reports show that Web servers and applications—thousands of them, in fact—are still exposed to Log4J-specific exploits. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

Reply on Twitter 1527378606367813632Retweet on Twitter 1527378606367813632Like on Twitter 15273786063678136321Twitter 1527378606367813632
issalaISSA Los Angeles@issala·
19 May

Emergency alert from CISA directs federal agencies to deploy VMware updates or remove the company's software. https://www.cisa.gov/emergency-directive-22-03?mod=djemCybersecruityPro&tpl=cy

Reply on Twitter 1527316769085730817Retweet on Twitter 1527316769085730817Like on Twitter 15273167690857308171Twitter 1527316769085730817
issalaISSA Los Angeles@issala·
17 May

ISSA LA | Join us ~In Person~ TOMORROW Evening - Securing the Factories of Tomorrow - May 18 @ 5:30 pm - 8:30 pm PST - $50 Raffle! RSVP Here: https://issala.org/event/issa-la-may-2022-in-person-dinner-meeting-securing-the-factories-of-tomorrow/

Reply on Twitter 1526695976311873536Retweet on Twitter 15266959763118735361Like on Twitter 15266959763118735361Twitter 1526695976311873536
issalaISSA Los Angeles@issala·
13 May

ISSA LA | Join us ~In Person~ in May on the 18th - Securing Smart Factories and Data Driven IOT with Speaker:
Wendy Frank - May 18 @ 5:30 pm - 8:30 pm PST - $50 Raffle! @ Deloitte in Manhattan Beach! Register here! https://issala.org/event/issa-la-may-2022-in-person-dinner-meeting-securing-the-factories-of-tomorrow/

Reply on Twitter 1525176339992567812Retweet on Twitter 15251763399925678122Like on Twitter 15251763399925678122Twitter 1525176339992567812
issalaISSA Los Angeles@issala·
5 May

18+ months. That’s how long cyber-espionage group UNC3524 was able to hide inside IoT networks, taking advantage of devices unsupported by security options like anti-virus software. https://www.zdnet.com/article/this-sneaky-hacking-group-hid-inside-networks-for-18-months-without-being-detected/ https://www.zdnet.com/article/this-sneaky-hacking-group-hid-inside-networks-for-18-months-without-being-detected/?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew

Reply on Twitter 1522305170763358209Retweet on Twitter 1522305170763358209Like on Twitter 15223051707633582091Twitter 1522305170763358209
Load More...

Website Sponsors

Harassment Free Environment

ISSA-LA is dedicated to providing a harassment-free experience for everyone, regardless of gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, race, age, religion, or political affiliation. We have a zero tolerance policy for harassment in any form. Violations by any registered attendee or participant at any ISSA-LA events may result in expulsion and possible ban from future ISSA-LA events.


© Copyright 2019 ISSA LA · All Rights Reserved · Privacy Policy · Terms of Use