Meeting Information

November 2017 Quarterly Meeting

>> Register here<<


November 14

12:00pm to 5:00pm


SpeakerMark Matthews - Senior Security Engineer - Secureworks
 
Title/AbstractCybercrime Report released in August. An excellent thought leadership presentation on all that is going on in the world of Cybercrime and some best practices that we have gathered from working with all of our clients over the last year. 

Bio: Mark Matthews is a Senior Security Engineer and has been with the organization for 15 years, 12 of which was working in the Secureworks Operations Center focusing on firewall and perimeter management.
Mark oversaw a global 24x7 team of analysts and engineers who supported thousands of security appliances for large and small organizations.
 
For the past 3 years, Mark has assisted clients and prospects design security solutions for their organization and enabled them leverage their existing security technology investments.
Mark’s specialty is in managed security services and in architecting the proper visibility and countermeasures to help mitigate security threats.



-------


SpeakerPaul Guido - Senior Network Security Engineer for Broadway National Bank


Title/Abstract:  "Securing your Domain" - The Domain Name System, more commonly known as DNS, translates domain names into IP addresses. This is a basic Internet function that allows for modern web browsing. Without DNS, we'd have to type an IP address instead of 

 

BioPaul Guido was introduced to computer networking as a hobby through Amateur Packet Radio in 1986. This hobby evolved into a full-time computer career in 1993 that continues today. Paul works in the financial services industry with a background in network security, systems security, VMware infrastructure, and business continuity. Paul currently works as a Senior Network Security Engineer for Broadway National Bank.


-------


SpeakerSam Yoon 


Title/Abstract: "Steganography, Forensics and Threat Intel" Intro to Steganography and where and how it has been used, how I gather and leverage Threat Intelligence, and do live demonstrations of various Steganography tools and Forensic tools.

 

BioSam Yoon began his career in IT in 2001 while he was obtaining his Masters in Information Technology. He worked his way up from help desk support to becoming a Sales Engineer and Trainer in his early career. The next few years were spent doing Systems Administration and Application Support at various companies in the Pharmaceutical/BioTech and Oil & Gas industries.

 

After obtaining his Certified Computer Examiner (CCE) and GIAC Certified Incident Handler (GCIH) certifications he brought his expertise to the eDiscovery and Forensics industry supporting Corporate investigations. He is knowledgeable about collecting, processing, and producing ESI. In addition, he is well versed in conducting Incident Response Investigations and proper Forensic procedures and evidence handling.

 

As a consultant for a Forensic company he obtained his EnCase Certified Examiner (EnCE) certification and worked on Corporate Forensic, Incident Response, and eDiscovery cases.

 

A few years later Sam obtained the Certified Ethical Hacker (CEH) and GIAC Certified Forensic Examiner (GCFE) certifications. Being a System Engineer on the front lines, he is able to work with Security Teams in top Fortune organizations and assist with investigations. As a result, he is able to see many malware attack vectors & trends and work with researchers on piecing together the infection life cycle and attack trends. 



-------



Where
Maggiano's
 

Maggiano's Little Italy

 
 



May 2017 Quarterly Meeting

>> Register Here<<
 

 

Speaker: Daniel Sweet - Director Endpoint Detection and Response Team

 

Title: Needle in the Heap Stack - Spotting Anomalies in Memory

Abstract: This talk will focus on using open source memory forensics tools such as Rekall or Volatility to look through memory structures and spot artifacts that are out of place. In this talk we will examine an advanced piece of malware that is built to hide from the native operating system, then examine the constructs it creates in memory and how to find them with repeatable hunting techniques. Last we will take a look scaling these techniques to the enterprise for practical hunting at scale.

 

 

Speaker: Daryl Cox - Checkmarx

 

Title: Could a few lines of code <F!#ck> it all up!

Abstract: Recently, an anonymous open source developer decides to remove his code (left-pad) from a public repository.  Shortly thereafter, several large organizations felt the impact of his actions. Facebook, AirBnB and others experienced errors impacting the functionality of their services. Packages using “left-pad” wouldn’t properly execute.

 
Today, we embrace both the open source community and the growth of open source projects, modules and packages but… Dependencies and recursive dependencies might become a risk or even a new attack vector which we didn’t foresee.

Could there be other cases of common and popular open source packages depending on open source modules that might not be there tomorrow or, even worse, could they be maliciously modified?

 
Join us for an insightful session that will reveal our research on this topic where you will learn:
  • Which common open source packages might not be there tomorrow and how this can affect you?
  • How packages you use could be maliciously modified impact on your app Discuss the risks introduced by hybrid application development
  • How intertwined and complex dependencies have become

 



 

Speaker: John Byers - CISO @ IBC


Title: The Religion of Security

AbstractIs security the religion of IT or has it become the religion of business.  There is a bit of dark humor imbedded in today’s “I’m all about Security” talk from folks today.  Senior IT (CIO/CTO) have all caught the religion of security.  What’s more interesting is these are the same folks that 5 or so years ago, not only couldn’t spell security it was the farthest from the minds.  The last thought of any project, application or system deployment.  And while some might take issue with that, the truth is it was all about getting the technology out the door.  Today, things have changed, business and the real driver for technology is Security.  Security is the enabler of business in this 21st century.


 


Where
Maggiano's
 

Maggiano's Little Italy

 
 



 


Mixer to follow at Maggiano's Bar
4:30 to 6:30
2 Free drinks plus appetizers


Comments