Meeting Information

August 2017 Quarterly Meeting

>> Register here<<

August 15

12:00pm to 5:00pm

Speaker: James Trainior - Senior Vice President - Aon’s Cyber Solutions Group
Title: Cyber Threat Landscape 2017 and Beyond

Bio: James Trainor is Senior Vice President within Aon’s Cyber Solutions Group and joined Aon after a distinguished career at the Federal Bureau of Investigation.  Jim was the FBI’s highest-ranking cyber expert.  During his 20-year career with the FBI, he played a critical role in devising strategies to combat ransomware and additional emerging forms of cybercrime, spearheaded major high-profile investigations, and managed numerous incidents at the nexus of cybercrime and national security.

Jim is a graduate of Assumption College in Worcester, Massachusetts and obtained a master’s degree from the University of Connecticut.  He is also a certified Chief Information Security Officer (CISO) from Carnegie Mellon University and has GIAC certifications in GISP, GSLC and GISF.

Abstract: The presentation includes a discussion of the evolution of the cyber threat landscape, significant intrusions over the past few years, phases of a cyber-attack and cyber threat actors. Regardless of industry or size, it is important that organizations are able to recognize when an attack happens and the proper steps to take once under attack. Mr. Trainor will speak about many different ways to prevent and mitigate cyber risk including control frameworks, when to contact law enforcement, types of attacks and tools to fight cyber actors.


Speaker: Marcus Carey - CEO - Threatcare

Title: Next Generation Fail


BioMarcus J. Carey is the founder and CEO of Threatcare. He is a hacker who helps people not suck at cybersecurity. Marcus started his technology voyage in U.S. Navy Cryptology and working at the National Security Agency (NSA). Threatcare is a software-as-a-service platform that performs intrusion simulations to continuously fine-tune and audit an organization’s cybersecurity stack.


Speaker: Ben Holder - Senior Principal Consultant - Forsythe Technologies

TitleFinding the Death Star’s Exhaust Port using DXL and Neo4j


BioBen Holder has nearly two decades of IT security experience, working as a penetration tester, security researcher, and all-around "breaker of things". He spent 10 years in the U.S. Navy, and led the CCNA/MCSE education courses that submariners went through prior to assuming IT leadership positions within the fleet. He subsequently worked in submarine weapon system R&D for General Dynamics as the security implementation and design lead. For the last five years, he has focused on penetration testing, gap and regulatory assessments (GRC), and security team development. He is currently helping to manage and develop Forsythe's Threat Assessment Program.


Maggiano's Little Italy


May 2017 Quarterly Meeting

>> Register Here<<


Speaker: Daniel Sweet - Director Endpoint Detection and Response Team


Title: Needle in the Heap Stack - Spotting Anomalies in Memory

Abstract: This talk will focus on using open source memory forensics tools such as Rekall or Volatility to look through memory structures and spot artifacts that are out of place. In this talk we will examine an advanced piece of malware that is built to hide from the native operating system, then examine the constructs it creates in memory and how to find them with repeatable hunting techniques. Last we will take a look scaling these techniques to the enterprise for practical hunting at scale.



Speaker: Daryl Cox - Checkmarx


Title: Could a few lines of code <F!#ck> it all up!

Abstract: Recently, an anonymous open source developer decides to remove his code (left-pad) from a public repository.  Shortly thereafter, several large organizations felt the impact of his actions. Facebook, AirBnB and others experienced errors impacting the functionality of their services. Packages using “left-pad” wouldn’t properly execute.

Today, we embrace both the open source community and the growth of open source projects, modules and packages but… Dependencies and recursive dependencies might become a risk or even a new attack vector which we didn’t foresee.

Could there be other cases of common and popular open source packages depending on open source modules that might not be there tomorrow or, even worse, could they be maliciously modified?

Join us for an insightful session that will reveal our research on this topic where you will learn:
  • Which common open source packages might not be there tomorrow and how this can affect you?
  • How packages you use could be maliciously modified impact on your app Discuss the risks introduced by hybrid application development
  • How intertwined and complex dependencies have become



Speaker: John Byers - CISO @ IBC

Title: The Religion of Security

AbstractIs security the religion of IT or has it become the religion of business.  There is a bit of dark humor imbedded in today’s “I’m all about Security” talk from folks today.  Senior IT (CIO/CTO) have all caught the religion of security.  What’s more interesting is these are the same folks that 5 or so years ago, not only couldn’t spell security it was the farthest from the minds.  The last thought of any project, application or system deployment.  And while some might take issue with that, the truth is it was all about getting the technology out the door.  Today, things have changed, business and the real driver for technology is Security.  Security is the enabler of business in this 21st century.



Maggiano's Little Italy



Mixer to follow at Maggiano's Bar
4:30 to 6:30
2 Free drinks plus appetizers