Past meetings
This is a list of meetings prior to October 2020 when we started making a separate subpage for each meeting.
September 2020 Virtual Chapter Meeting
September 8 Speaker:
Gideon Rasmussen – Cybersecurity Program Maturity
Bio: Gideon Rasmussen is an Information Security Consultant with 20 years of experience in corporate and military organizations. Gideon has designed and led programs including Information Security (as a CISO), PCI - Payment Card Security, Supplier Assessment, Application Security and Information Risk Management. Gideon has authored over 30 information security articles. He is a veteran of the United States Air Force, a graduate of the FBI Citizens Academy and a recipient of the Microsoft Most Valuable Professional award. Gideon has also completed the Bataan Memorial Death March (4 occurrences). His websites are www.gideonrasmussen.com and www.virtualcso.com.
Abstract: Program Maturity - Cybersecurity and Operational Risk Management
Business executives leverage cybersecurity programs to understand residual risk. That helps them make informed decisions to mitigate risk to an acceptable level. This session provides guidance to improve program maturity in stages. A risk-prioritized approach can be used to obtain funding.
Pre-registration required
Where: online Zoom meeting
When: Tue Sep 8, 2020 06:00 PM Pacific Time (US & Canada)
https://us02web.zoom.us/meeting/register/tZAlcemvrjMjHNeD4LLHXc7IY1MGHGdssqnm
In order to process your CPEs, please double check your ISC² member number is entered correctly.
After registering, you will receive a confirmation email containing information about joining the meeting.
August 2020 Virtual Chapter Meeting
Aug 11, 2020 06:00 PM Pacific Time
Agenda
6:00PM – 6:15PM: Chapter Updates
6:15PM – 7:30PM: OWASP Top Threat, SQL Injection - Chris Romeo
7:30:PM - 8:00PM: Member Round Table
Speaker Information
Chris Romeo
CEO, Security Journey
https://www.linkedin.com/in/securityjourney/
Topic: OWASP Top Threat - SQL Injection
Chris Romeo is the CEO and co-founder of Security Journey. Security Journey specializes in online application security training organized as a security belt program.
Before Security Journey, Chris was the Chief Security Advocate at a Fortune 100 company with over 60,000 employees where he built the most massive security training program that has ever constructed, industry-wide. He left to found Security Journey and bring the lessons I learned teaching developers about security to the entire industry.
“Remember, security is a journey—not a destination."
You can email Chris at hello@securityjourney.com
Registration Information
You are invited to a Zoom meeting.
When: Aug 11, 2020 06:00 PM Pacific Time (US and Canada)
Register in advance for this meeting:
https://us02web.zoom.us/meeting/register/tZ0kf-Cpqz8vGtcRMSpARE2YYCGFRc0LbdeX
After registering, you will receive a confirmation email containing information about joining the meeting.
CPEs submitted for you if you pre-register
If you pre-register with your (ISC)² member number, the CPEs for this meeting will be submitted for you by (ISC)² Silicon Valley Chapter. Please allow 4 weeks for the CPEs to show up since that's done by volunteers.
General advice for our online meetings:
Though the plan is the chapter will submit the CPEs for you, it doesn't hurt to make some preparations in case you need to self-submit.
Please double-check you've entered your (ISC)² member number correctly.
If for any reason the CPEs don't show up, self-submission of your CPEs to (ISC)² can be done at https://cpe.isc2.org/
Grab a screenshot during the meeting to include as proof of your attendance, as a precaution in case you need to self-submit. You can attach the image to the CPE submission.
You can claim up to 2 Group A CPEs for this meeting, if you attend from beginning to end. Otherwise pro-rate the time as 1 CPE per hour attended rounded down to the nearest 0.25 hour increment.
See the CPE Handbook for the full rules. Be honest about how much time you attended.
Make sure to meet your CPE requirements well before your certification renewal time. (ISC)² has additional online CPE opportunities, some of which are automatically submitted on your behalf. Other options require self-submission. See https://www.isc2.org/Member-Resources/CPE-Opportunities .
Monthly Meeting: Online with Pre-registration
JULY 2020 VIRTUAL CHAPTER MEETING:
Zoom Meeting - JULY 14, 2020, 6PM – 7:30PM (2 CPEs)
You must pre-register for this event. See the link below. Enter your name and ISC2 certification number during registration to have your CPEs auto-entered for you.
Meeting agenda
6-6:15 - Club updates
from ISC² SV Chapter President John MacInnis
6:15-7:15 – Presentation: "Implementing PCI P2PE version 3.0"
by Rick Allen
7:15-7:30 - round table discussion on topics for upcoming meetings
moderated by ISC² SV Chapter Communications Director Ian Kluft
Presentation: Implementing PCI P2PE version 3.0
Rick Allen CISSP, PCI ISA, PCI QIR is Director of Payment Technology Compliance at Global Payments Inc. (NYSE: GPN)
Session Abstract:
Implementing P2PE can be difficult for any organization, but bringing legacy processes and systems into P2PE compliance can be especially challenging. In this session, hear from a leading processing expert on how he helped empower teams to leverage changes to P2PE version 3.0 to overcome unique P2PE solution challenges.
Key Takeaways:
Migrating legacy systems to P2PE provide greater security for card-present users
Changes released in P2PE v3.0 can open new paths to compliance for legacy solutions
Interoperability between solution/component providers requires clear communication, but allows each entity to leverage their unique strengths
Glossary:
P2PE is the Payment Card Industry standard for Point-to-Point Encryption
Meeting pre-registration information
Meeting type: Zoom meeting
When: Jul 14, 2020 06:00 PM Pacific Time (US and Canada)
Register in advance for this meeting at this link:
https://us02web.zoom.us/meeting/register/tZwodO-rqTMiG9SMPRVtwSFT3oObYVX7_iZt
After registering, you will receive a confirmation email containing information about joining the meeting.
CPEs submitted for you if you pre-register
If you pre-register with your (ISC)² member number, the CPEs for this meeting will be submitted for you by (ISC)² Silicon Valley Chapter. Please allow 4 weeks for the CPEs to show up since that's done by volunteers.
General advice for our online meetings:
Though the plan is the chapter will submit the CPEs for you, it doesn't hurt to make some preparations in case you need to self-submit.
Please double-check you've entered your (ISC)² member number correctly.
If for any reason the CPEs don't show up, self-submission of your CPEs to (ISC)² can be done at https://cpe.isc2.org/
Grab a screenshot during the meeting to include as proof of your attendance, as a precaution in case you need to self-submit. You can attach the image to the CPE submission.
You can claim up to 2 Group A CPEs for this meeting, if you attend from beginning to end. Otherwise pro-rate the time as 1 CPE per hour attended rounded down to the nearest 0.25 hour increment.
See the CPE Handbook for the full rules. Be honest about how much time you attended.
Make sure to meet your CPE requirements well before your certification renewal time. (ISC)² has additional online CPE opportunities, some of which are automatically submitted on your behalf. Other options require self-submission. See https://www.isc2.org/Member-Resources/CPE-Opportunities
Monthly Meeting: Online with Pre-registration
JUNE 2020 VIRTUAL CHAPTER MEETING:
Zoom Webinar - JUNE 9, 2020, 6PM – 7:30PM
An Interactive Review of the OWASP Top 10.
Test your knowledge with the interactive quiz questions.
Share your questions and experience through the live chat.
You have the choice of sharing your identity or remaining anonymous.
You must pre-register for this event. Enter your name and ISC2 certification number during registration to have your CPEs auto-entered for you.
AGENDA:
6:00PM – 6:15PM: (ISC)2 Global Report + Chapter Updates - President
6:15PM – 7:00PM: Interactive Review of the OWASP Top Ten - President with special guest Chris Romeo
7:00PM – 7:30:PM: Open Forum
Guest Information:
Chris Romeo
CEO, Security Journey
https://www.linkedin.com/in/securityjourney/
Chris Romeo is the CEO and co-founder of Security Journey. Security Journey specializes in online application security training organized as a security belt program.
Before Security Journey, Chris was the Chief Security Advocate at a Fortune 100 company with over 60,000 employees where he built the most massive security training program that has ever constructed, industry-wide. He left to found Security Journey and bring the lessons I learned teaching developers about security to the entire industry.
“Remember, security is a journey—not a destination.”
You can email Chris at hello@securityjourney.com
REGISTRATION INFORMATION:
When: Jun 9, 2020 06:00 PM Pacific Time (US and Canada)
Topic: ISC^2 Silicon Valley JUNE MEETING
Register in advance for this webinar:
https://us02web.zoom.us/webinar/register/WN_TiDFagCITVOZXlw6y2c2qg
After registering, you will receive a confirmation email containing information about joining the webinar.
MAY VIRTUAL CHAPTER MEETING
In accordance with the recent shift in reality, our May meeting will be in Virtual Reality. The Chapter is excited to announce we will have a full on virtual cybersecurity escape room challenge hosted by this month’s meeting sponsor livingsecurity.
Registration is limited. As before, please do NOT register if you are not committed to attending as that would deprive someone else the opportunity.
REGISTRATION LINK: https://zoom.us/meeting/register/tJwqdeivrD4vH92nXZy0D2X_agxPBp-rpfm3
Privacy Policy: Living Security takes privacy seriously. We collect your contact information for our internal records to track your experience with our products, and will never sell or distribute your information without your consent.
AGENDA: Tuesday, May 12, 2020
6:00PM – 6:15PM: Logon to the Escape Room
6:15PM – 6:30PM: Chapter Business – President
6:30PM-8PM: livingsecurity Cybersecurity Escape Room Challenge
MORE INFORMATION:
The Cyber Escape platform counters the culture of checkbox compliance security awareness training that simply tells users what behaviors to discontinue. Replacing that approach with behavioral science-backed gamification and immersive learning, the Cyber Escape platform increases training participation and retention which ultimately results in behavior change. “A solution that delivers gamification and competition is a huge factor because competition is challenge and that challenge drives participation and retention,” said Walter. “With Cyber Escape, when employees started to solve the puzzles and overcome the challenge, it built their self-confidence and the idea that I can do this, not just in this platform but in real life, which reinforces the learning and confidence to know what to do in real-life situations.”
LINKS:
video trailer: https://vimeo.com/407179374
Cancellation Policy: If you cannot attend please cancel AT LEAST 24 hours in advance. NO-SHOWS may be banned from future limited events for the rest of the year. That includes folks who cancel at the last minute.
CPEs must be self-submitted for this virtual meeting
We can't verify your attendance at an online meeting. You will have to self-submit your CPEs to (ISC)² at https://cpe.isc2.org/ . You can claim up to 2 Group A CPEs for this meeting, 1 CPE per hour attended rounded down to the nearest 0.25 hour increment. See the CPE Handbook for the full rules. Be honest about how much time you attended.
Grab a screenshot during the meeting to include as proof of your attendance. You can attach the image to the CPE submission.
(ISC)² also has online CPE opportunities which have solved the problem of accounting for minimum viewing time and automatically submitting them on your behalf. See https://www.isc2.org/Member-Resources/CPE-Opportunities .
MONTHLY MEETING:
Next Meeting Tuesday, March 10
Digital Trust: 2350 Mission College Blvd, Santa Clara, Suite#1000 [note different location than usual!]
Only space for 20, so Eventbrite registration required: https://www.eventbrite.com/e/isc2-sv-march-meeting-tickets-98308803277
5:30pm - 6:00pm - Food & Networking
6:00pm - 6:30pm - John Macinnis, ISC² Silicon Valley Chapter President with chapter business and updates from officers
6:30pm - 7:30pm : Speaker: Ramesh Kesanupalli on Global Association for Digital Identity (GADI)
7:30pm - 8:30pm : Speaker: Gabriel Jerome Solomon on Blockchain-based Owner-Controlled Secure Software Updates for Resource-Constrained IoT
BIO: Ramesh Kesanupalli
Ramesh is the CEO and founder of Digital Trust. Digital Trust is in the Global Digital Identity Space. Focusing on Establishing Trust and Accountability in the Digital world. Previously Ramesh was CEO of Nok Nok Labs and Co-founder of the fido alliance.
Executive Summary:
The Global Association for Digital Identity (GADI) is the operational division of the DID Alliance. GADI’s purpose is to achieve true interoperability among decentralized identity (DID) systems by deploying requisite technologies and processes that are outside the scope of existing interoperability efforts such as W3C, DIF, and Hyperledger Aries. In pursuit of this objective, GADI’s efforts are directed to three main areas:
• Trust sourcing
• Cross-ledger transaction support
• Inclusiveness
************************************************
BIO: Gabriel Jerome Solomon
Gabriel Jerome Solomon is a new researcher in Cyber Security in his second year of pursuing his Ph.D. at Santa Clara University. His current research interests are in blockchain technologies. He received his Bachelor of Science in Computer Engineering from UCLA and a Master of Science in Computer Science at Georgia Institute of Technology. He is an Associate Professor and Dean of Education at Cogswell Polytechnical College. He has 17 years of industry experience in computer graphics. He is also a recipient of the Silicon Valley NAACP Circle of Friends Award.
Bachelor of Science, Computer Engineering - UCLA
Master of Science, Computer Animation - Georgia Institute of Technology
WEBSITES:
RESEARCH GROUP: https://www.scu.edu/engineering/faculty/liu-yuhong/research-group/
LINKEDIN: https://www.linkedin.com/in/jeromesolomon/
[for presentation, go to https://sites.google.com/a/isc2-siliconvalley-chapter.org/orig/presentations]
[remember - Eventbrite registration required due to limited seating]
MONTHLY MEETING:
Next Meeting Tuesday, February 11
Hacker Dojo
3350 Thomas Road, ste 150 Santa Clara, CA 95054
5:30pm - 6:00pm - Food & Networking
6:00pm - 6:30pm - John Macinnis, ISC² Silicon Valley Chapter President with chapter business and updates from officers
6:30pm - 8:00pm : Speaker: Ian Kluft on "Securing a Raspberry Pi and other DIY IoT devices"
ABSTRACT:
It's easy to experiment with your own Internet of Things (IoT) devices using a variety of cheap computer boards such as a Raspberry Pi. As an ISC²-certified security professional, you already know it's a best practice to consider security from the design stage on any new project. But it helps to get niche-specific security advice when diving into a Do-It-Yourself (DIY) project. And many DIY projects may not be designed but instead start with an idea that evolves as you learn from what you're building. This advice is also useful if a friend or family member asks for help with their DIY project. These projects can be prototypes at work, hobbies at home or educational projects for kids.
This is the first of what we hope will be a recurring series of presentations by ISC² Silicon Valley Chapter members of our own projects. Ian has previously written about Raspberry Pi projects for OpenSource.com.
SPEAKER BIO:
Ian Kluft is a software engineer with a Master of Science degree from California State University, Chico. He has worked for companies as large as Cisco and as small as tiny startups. He has worked on Linux systems as small as handheld devices and up to the largest servers. His emphasis is on "back-end" software development such as networking, embedded, container, security, middleware and server software.
Ian is certified by ISC² as a CSSLP, Certified Secure Software Lifecycle Professional. He is serving as the 2020 Director of Communications for ISC² Silicon Valley Chapter.
Ian also has varied technical interests including mapping/cartography, radio, aviation and rocketry. He's a licensed pilot and holds an FAA-issued flight instructor certificate for single-engine airplanes. As a licensed Ham Radio operator, he participated in radio tracking and recovery of rockets including the first amateur (all volunteer) rocket launch to space, and high altitude balloons including some launched from San Jose that circumnavigated the globe. Ian is an avid cyclist and regularly volunteers with San Jose Bike Party.
MONTHLY MEETING:
Next Meeting Tuesday, January 14
Hacker Dojo
3350 Thomas Road, ste 150 Santa Clara, CA 95054
5:30pm - 6:00pm - Food & Networking
6:00pm - 6:30pm - John Macinnis, ISC² Silicon Valley Chapter President with chapter business and updates from officers
6:30pm - 7:30pm : Speaker: Olaf-Gerd Gemein on "FIWARE Cybersecurity for Smart Cities"
7:30pm - 8:30pm Second Speaker: Shreyans Mehta, on "How APIs Simplify Automated Attacks"
Speaker: Olaf-Gerd Gemein
Title: CEO of Smart Cities Lab and Board Member of FIWARE Foundation
Topic: FIWARE Cybersecurity for Smart Cities
BIO:
FIWARE is a European nonprofit project with global importance. About one billion Euro have been invested in development and dissemination from 2011-2019. All components are open source and the framework is constantly evolving. We will discuss with you, the experts, which security requirements and best practices have been incorporated, and which may still need to be included.
We'll also explore how security fits with the other modular components, and how to use the FIWARE technology stack to develop Smart City platforms. We will show how we imagine a secure framework from the HIRTE security framework (based on the German Toll collect system). We are also interested in the California IoT law and what exactly is meant by "security feature" in this sense. We hope for a lively discussion and welcome meaningful collaboration.
ABSTRACT:
Olaf is currently a member of the Board of Directors of FIWARE Foundation and the Financing Working Group; also the chairman of the Smart Cities Domain Committee. Smart Cities Lab, of which Olaf is a co-founder, supports and directs multiple global partnerships to raise awareness and promote open source technologies and implementation of FIWARE and OpenStack, in Germany, Austria, India, and the US.
He is also currently the advisor for the R&D program "Smart MaaS" which aims to build the FIWARE backbone for Smart Mobility, and lends his expertise to“Expert Bot,” a project for legal artificial intelligence and chatbots. As founder of the Think Tank “Smart Cities Lab”, he has been a Gold Member of the FIWARE Foundation since its inception and supports FIWARE in various activities such as serving on the FIWARE Mundus Mission Support Committee in India, Canada and the US and furthering the inception of the quality assurance task; admission of new members; and advancements of the existing as well as integration of new software components.
Recently he has been leading activities in Europe, the USA, and India, and the establishment of communities in several other Asian countries. Olaf has also given keynote addresses, moderated workshops, headed the establishment of FIWARE Labs / Innovation Hubs / Cloud-Nodes, and led the development of academic cooperation with several institutions, while promoting the data economy concepts around these communities. He has also acted as personal advisor to the European Commission in the Smart City sector since 2017.
Second Session
Shreyans Mehta, CTO and co-founder of Cequence Security
How APIs Simplify Automated Attacks: Prying-Eye Direct-to-API Enumeration Attack
Bio:
Shreyans Mehta is the co-founder and CTO at Cequence Security. He is an innovator in network security and holds several patents in the field. Before co-founding Cequence, he was Architect and Technical Director at Symantec, where he led the development of one of the most advanced network security platforms and intrusion prevention technologies based on real-time packet inspection and cloud-based big data analytics. It’s responsible for detecting more than half of the billions of threats that Symantec identifies every year. At Symantec, Shreyans started the Safeweb initiative for marking malicious sites in search results and played a key role in making it a successful standalone product. In partnership with VMware, he developed one of the first agentless IPS engines that transparently protect virtual machines. Before that, he was a lead engineer at VPN Dynamics, a VPN/firewall startup. Shreyans has a Masters in Computer Science from the University of Southern California.
Session Description
The Prying-Eye enumeration vulnerability recently discovered in leading web conferencing applications by the CQ Prime research team highlights how APIs used in your public facing applications provide bad actors with the same ease of use, efficiency and flexibility benefits that APIs bring to the development community. Rather than scripting a web form fill, to launch an attack, bad actors will analyze the web or mobile application to understand the business logic while discovering the APIs in use. Armed with that information, bad actors can then create a bot that will execute an automated attack directly against the APIs. In this session, Shreyans Mehta, CTO and Co-founder of Cequence Security will share recent details of the Prying-Eye attack and the prevalence of using APIs for automated attacks. He will close with security recommendations and how Cequence Security can help.
MONTHLY MEETING:
Tuesday, December 10
Hacker Dojo
3350 Thomas Road, ste 150 Santa Clara, CA 95054
5:30pm - 6:00pm - Food & Networking
6:00pm : Tim O'Brien & Wen Lu - 2020 Election of Board Members
7:00pm - Speaker: Edward Chang - Updates on Santa Clara Election Systems
Speaker: Edward Chang
Title: Updates on the evolving Santa Clara US Election Systems
BIO:
Edward Chang has been an IT professional for two decades+. He has performed in various IT roles with companies in different industries. Starting as a system admin he then added extra duties: network admin, Oracle DBA, Software QA, IT Compliance, IT manager, and IT Specialist in semiconductor, E-Commerce, and global electronics company.
He has served the ISC2 Silicon Valley Chapter as the president in 2015 and the membership chair in 2013. Since 2004, Edward has volunteered as an election officer for the Registrar of Voters in County of Santa Clara for about 10 election events.
ABSTRACT:
Updates on the coming California primary election. Santa Clara county is the first county in the US to adapt the new way of voting and Edward is physically involved in the still developing process. He would like to share the process with members, explain what the procedures might be and if anyone has concerns.
_____________
MONTHLY MEETING:
Tuesday, November 12th 2019 @ 5:30PM <note new location>
Hacker Dojo
3350 Thomas Road, ste 150 Santa Clara, CA 95054
SCHEDULE:
5:30-6:00 Networking & Food
6:00-6:15 Group Business
6:00pm - Speaker: Saumitra Das, CTO Blue Hexegon
7:00pm - Speaker: Rajiv Raghunarayan, Senior VP Cyberinc
Speaker:
Saumitra Das - CTO and co-founder of Blue Hexagon
Deep Learning: A Radical New Way to Detect Advanced Threats
Bio
Saumitra Das is the CTO and co-founder of Blue Hexagon. He has worked on machine learning and cybersecurity for 18 years. As an engineering leader at Qualcomm, he led teams of ML scientists and developers in the development of machine learning based products shipped in hundreds of millions of devices from phones to wearables and IoT. He has also worked on machine learning and security at US-CERT, Intel and Microsoft Research. He is a prolific inventor with 368 worldwide and 163 U.S. granted patents and an additional 400 patents pending. He has published peer-reviewed original research extensively (15 journal, 26 conference, 2 book chapters, IETF networking standards contributions) with more than 2400 citations including a best paper award. He holds an M.S. from Carnegie Mellon and a PhD from Purdue University.
Abstract:
The collective efforts of hackers have fundamentally changed the cyberdefense game. Today, adversarial automation is being used to create and launch new attacks at such a rate and volume that every strain of malware is "new" and bypassing traditional perimeter defenses like IDS and Sandboxes. In this session, hear from Saumitra Das CTO and co-founder of Blue Hexagon about the volume and velocity challenges in the threat landscape today and why deep learning can effectively solve these challenges. In this session, hear about how deep learning has evolved, why advances are possible today, and why it is ideal to address the new threat landscape of automated attacks without having to rely on an army of security analysts.
Rajiv Raghunarayan, Senior Vice President of Product Management, Cyberinc
Elevate your endpoint security from 0 to 70 in one simple stride
Bio:
Rajiv serves as Senior Vice President of Products at Cyberinc. He is responsible for product vision & strategy, go-to-market, and alliances. He brings over 20 years of experience in building products, marketing and engineering functions at startups and Fortune 500 organizations. Prior to Cyberinc, Rajiv held various product development and leadership roles at SentinelOne, FireEye and Cisco. Rajiv has a Master’s degree in Software Systems from BITS, Pilani and an MBA from UC Berkeley’s Haas School of Business.
Synopsis:
Cyber security solutions are dime a dozen. And with every new innovation comes a splurge in marketing gobbledygook & jargon. Solutions to core problems - "how can I stay ahead of the next attack?", "how can I use this solution without needing an army?", "can this enable me to scale my security & the business?" don't quite get answered.
In this presentation, our goal is to "show" you that security need not be complex or jargony. Simple things can go a long way in solving your largest security problems and can in fact make your teams more efficient and nimble. Join us to learn how browser isolation can help transform your security and why Gartner believes it can reduce 70% of your endpoint compromises."
MONTHLY MEETING:
Tuesday, October 15th 2019 @ 5:30PM <note different week of month than usual due to schedule conflict>
Palo Alto Networks
Building 1: 3000 Tannery Way, Santa Clara
SCHEDULE:
5:30-6:00 Networking & Food
6:00-6:15 Group Business
6:15 Speaker
Speaker: Dimitri Stiliadis
Title: Identity as the Security Perimeter
The nature of application delivery now spans public and private clouds and edge computing, while the end clients accessing these applications are people and machines. Securing these diverse environments while maintaining productivity and minimizing errors is challenging, to say the least. The classic models of arranging everything inside a perimeter, whether this is a private DC or a virtual private cloud (VPC), and providing access over a VPN are falling apart under the weight of complexity and inadequacy.
In this talk we will dive into an identity based model for managing security and access between applications, machines, and users. The idea is to provide a consistent mechanism for distributing identities to applications and machines as we do with users, and using these identities for enforcing end-to-end authentication and authorization as opposed of network centric techniques. The challenges are in creating a consistent identity distribution policy, managing globally the authorization policies and enforcing authorization. We will identify the challenges and provide some ideas on how using OAUTH and x509 can provide a standardized way for addressing this problem.
Bio:
Dimitri is the CTO and Co-Found of Aporeto Inc. He brings a multidisciplinary background in distributed systems, security and networking and has been the inventor of several ground-breaking technologies in these areas. Before Aporeto, he was the co-founder and CTO of Nuage Networks, where he led the development of the industry-leading Virtualized Services Platform. He was also the CTO and Co-Founder of the NonStop Laptop Guardian, an end-point security solution. He has held several leading roles in Bell Labs Research, where he led a series of research programs with fundamental contributions in networking, algorithms, and distributed systems, and was instrumental in the commercialization of these technologies.
MONTHLY MEETING:
Tuesday, September 10th 2019 @ 5:30PM
Palo Alto Networks
Building 1: 3000 Tannery Way, Santa Clara
SCHEDULE:
5:30-6:00 Networking & Food
6:00-6:15 Group Business
6:15 Edward Chang - Vulnerabilities of U.S. Elections
7:15 Professor Yuhong Lui - Trust and Privacy Attacks in Online Social Networks
Speaker: Edward Chang
Title: Vulnerabilities of the US Election Systems/Processes
BIO:
Edward Chang has been an IT professional for two decades+. He has performed in various IT roles with companies in different industries. Starting as a system admin he then added extra duties: network admin, Oracle DBA, Software QA, IT Compliance, IT manager, and IT Specialist in semiconductor, E-Commerce, and global electronics company.
Edward served the ISC2 Silicon Valley Chapter as the president in 2015 and the membership chair in 2013.
Since 2004, Edward has volunteered as an election officer for the Registrar of Voters in County of Santa Clara for about 10 election events.
Abstract:
Trying to answer a question: “Should we believe the election results?” by opening the discussions to review the current and new processes on before, during, and after the Election Day.
While most of the discussions of the election security are focusing on the systems (hardware, software…), the human sides of the election are also vulnerable if not the most. In the presentation, we will discuss the vulnerabilities in our election system and what have been done to mitigate the issues. Have we done enough? What are the new changes being made? What have been done to influence the voters? And what techniques are possible to be used as an influence.
Speaker: Professor Yuhong Liu
Title: Trust and Privacy Attacks in Online Social Networks
BIO:
Yuhong Liu, assistant Professor at Department of Computer Engineering Santa Clara University, received her B.S. and M.S. degree from Beijing University of Posts and Telecommunications in 2004 and 2007 respectively, and the Ph.D. degree from University of Rhode Island in 2012. She is the recipient of the 2013 University of Rhode Island Graduate School Excellence in Doctoral Research Award. Her research interests include trustworthy computing and cyber security of emerging applications, such as online social media, Internet-of-things, cloud computing and multimedia. Her work on securing online reputation systems received the best paper award at the IEEE International Conference on Social Computing 2010 (acceptance rate = 13%), and the 9th International Conference on Ubi-Media Computing (UMEDIA 2016). She also receives the Researcher of the Year Award at School of Engineering, Santa Clara University, 2019.
Abstract: As we move further into the big data era, people are motivated in numerous ways to proactively generate, share and exchange diverse digital content. While the increasing amount of information greatly facilitates people’s lives, it also brings great challenges. For example, driven by the huge profits, malicious attacks are emerging rapidly to mislead normal users’ by providing carefully designed false information. In addition, retrieving tremendous amount of user private information has become a popular attack target.
This talk will discuss the security, trust and privacy issues in online social networks through two sample projects from the attack perspective, as (1) Efficiently Promoting Product Online Outcome: An Iterative Rating Attack Utilizing Product and Market Property; and (2) Retrieving Hidden Friends: A Collusion Privacy Attack Against Online Friend Search Engine.
Thank you 2019 sponsors:
HOST:
MEETING SPONSORS:
MONTHLY MEETING:
Tuesday, August 13th 2019 @ 5:30PM CANCELLED (meeting space is unavailable & no alternative found)
MONTHLY MEETING:
Tuesday, July 9th 2019 @ 5:30PM
Palo Alto Networks
Building 1: 3000 Tannery Way, Santa Clara
SCHEDULE:
5:30-6:00PM - Networking & Food
6:00 PM - Marcelo P - San Jose CISO
Speaker: Dr. Marcelo Peredo, CISO, San Jose City
Title: A Silicon Valley Original's Cybersecurity Quest
Abstrct:
As the first ever Chief Information Security Officer in San Jose City, Dr. Peredo has the work cut out for him. San Jose is the 10th largest city in the US, yet has one of the leanest city administration anywhere. Where did Dr. Peredo even begin? Come and hear a rare inside recount of a major city's vision, approach, and where the team is on their quest. Additionally, feel free to get Dr. Peredo's perspectives on how to grow a career in the government or private business. Dr. Peredo has extensive experience in both sectors.
Bio:
Dr. Peredo has over 28 years of experience as a C level executive as well as in the areas of information security, software engineering, and IT program management. Currently support the City of San Jose as the Chief Information Security Officer (CISO). Prior roles include supporting the County of San Diego 1.2 billion dollar account as the Chief Information Security Officer (CISO). Worked at the Federal Bureau of Investigation (FBI) as a Program Manager. Also worked at the United States Secret Service (USSS) as the Project Manager for the Information Systems Security Officer (ISSO) team under the CISO where won the ISSO of the year award. Served as DHS FISMA Inventory Management System team lead at the Department of Homeland Security (DHS) under the Office of the Chief Information Officer (OCIO). Other organizations include TSA, HUD, and the DC Government.
MONTHLY MEETING:
Tuesday, June 11th 2019 @ 5:30PM
Palo Alto Networks
Building 1: 3000 Tannery Way, Santa Clara
SCHEDULE:
5:30-6:00PM - Networking (sorry no food will be provided for this meeting)
6:00-7:00PM - Wayne Dennis - Build Pervasive Cyber Resilience Now
7:00-8:00PM - Anna Pasupathy - Application Security
Speaker:
Wayne Dennis, Global Google Cloud Security Practice Lead at Accenture
BIO:
Wayne is a Strategy, and Architecture leader who brings an innovation based approach to cyber security.
He brings deep security expertise in disruptive technologies such as Artificial Intelligence, Embedded & Real Time Systems, Industrial Control Systems, Medical Devices, Connected Cars, and the Internet of Things. He has worked across several industries, including Products & Manufacturing, Resources & Energy, Government, Healthcare, Banking & Financial Services and Technology.
Wayne is a noted speaker and presenter at cyber security conferences around the world and frequently participates on panels, forums and thought groups on developing new best practices.
He brings organizations a mixture of deep technical, product and business skills; This combination allows to engage both business and technology leaders as a peer. This interaction has led to identification of both business and technology opportunities that have resulted in significant financial benefits to the business.
As of late, Wayne is currently focused on helping his clients leverage artificial intelligence solutions and machine learning techniques to enhance threat detection, optimize processes and reduce costs.
Title:
Build Pervasive Cyber Resilience Now
ABSTRACT:
With the proliferation of more and more sensitive data, expanding connectivity, and the adoption of automated processes, new research from Accenture(NYSE: ACN) reveals that C-suite and IT decision makers need to embrace a different approach to cybersecurity to effectively protect against future cyber risks. While most companies have a chief information security officer (CISO) or assigned cybersecurity to a C-suite executive, such as a chief information officer (CIO), often, these leaders have limited influence on cybersecurity strategy outside their departments. Additionally, nearly half of CISOs acknowledge that their responsibilities for securing the organization are growing faster than their ability to address security issues.
In the study “Securing the Future Enterprise Today - 2018", 73 percent of the more than 1,400 C-level executives polled, agreed that cybersecurity staff and activities need to be dispersed and executed throughout all parts of the organization, but cybersecurity remains centralized in 74 percent of companies. Moreover, there is little indication that C-suite executives expect to shift more responsibility for cybersecurity to business units. For example, 25 percent of non-CISO executives say business unit leaders are accountable for cybersecurity today and a similar number believe business unit leaders should be responsible in the future.
Speaker:
Anna Pasupathy
Bio:
Anna Pasupathy is a technologist and product leader with wide industry experience. She is versatile across technology and business and has led products to $MM revenue in global organizations and startups. She has a Masters and Bachelors in Computer Engineer and Electronics Communication respectively. Anna was in software development for many years prior to her roles in Solutions, Architecture and Product Management. Security, Cloud/Edge, Artificial Intelligence, and IoT are some of Anna’s areas of interest. Her work is in applying new technologies to create a positive impact that is a win-win for all.
Title:
Application Security
Abstract:
Today Internet, Cloud and Connected devices together provide great opportunities. They also exhibit a bigger attack surface more than ever before. When not secured appropriately they expose everything from personal, business and national information and makes them vulnerable for attacks halting economies. All the above have some form of application software that perform a group of coordinated tasks benefit its user. As application software enrich our lives making them inevitable, it is evident that we need to maximize the reward and minimize the risk they create.
Producing a robust software, deploying and maintaining it on an ongoing basis need attention, good processes and adherence to best practices throughout its life cycle. The threat due to application insecurity can only be minimized but not dismissed. Various aspects and approaches showing what can be done to secure web applications, mobile applications, APIs, containers and open source will be discuss
MONTHLY MEETING:
Tuesday, May 14th 2019 @ 5:30PM
Palo Alto Networks
Building 1: 3000 Tannery Way, Santa Clara
SCHEDULE:
5:30-6:00PM - Food and Networking.
6:00-7:00PM - Wen-Pai Lu - Browser Isolation & Container Security.
7:00-8:00PM - Jonathan Reichental - Cybersecurity and the Fourth Industrial Revolution
TITLE: Cybersecurity and the Fourth Revolution
ABSTRACT:
A fourth industrial revolution is underway that will eventually impact every one of us and our organizations. The implications are significant and must be understood. Every aspect of society will shift and this will include implications for cyber security. This short talk will introduce the core concepts behind this global transformation and what it might mean to information security professionals.
BIO:
Dr. Jonathan Reichental is a global business and technology leader. He is the former Chief Information Officer (CIO) for the City of Palo Alto, and has won multiple awards worldwide, including Top 100 CIOs in the world (2017) and Top 20 most influential CIO’s in the United States (2016). Dr. Reichental is also recognized as a global thought leader on a number of emerging trends including urban innovation and blockchain technology. He was recognized as one of the 25 doers, dreamers, and drivers in government in America (2013). He also won a best CIO in Silicon Valley award and a national IT leadership prize. His innovative work in government has also been recognized by the White House. Dr. Reichental is also a prolific educator. Dr. Reichental is an adjunct professor at several universities including the University of San Francisco. He is a popular writer and online host, producing several highly successful online courses with LinkedIn Learning. He co-authored The Apps Challenge Playbook and he is a frequent public speaker on a wide range of technology and business-related topics. He co-hosts the popular podcast, Drinking Wine Talking Tech. @reichental
SPEAKER
Wen-Pai Lu
Browser Isolation and Container Security
(ISC)2 Silicon Valley 2019 Board of Directors
President:
John MacInnis
Secretary:
Anna Pasupathy (former Treasurer)
Treasurer:
Aloke Bhandia
Communications Director: Lan Jenson (incumbent)Membership Chair: Peter Ngo (former Secretary)Training Director (new): Vishal Mehta
April 9th 2019
MONTHLY MEETING:
Tuesday, April 9th 2019 @ 5:30PM
Palo Alto Networks
Building 1: 3000 Tannery Way, Santa Clara
SCHEDULE:
5:30-6:00PM - Food and Networking.
6:00-7:00PM - Board Intro, Member News, Chapter Mission Discussion
7:00-8:00PM - Ian Shiff, How can SOAR make your SecOps team and tools more effective?
SPEAKER
Ian Shiff - Swimlane
How can SOAR make your SecOps team and tools more effective?
ABSTRACT:
Automation is sweeping through security operations, but many teams are stuck trying to figure out how to break from their existing secops models. By assessing years of lessons learned, best practices and real-world use cases, we will provide not only a glimpse of what your secops program could be, but also how to get there.
BIO:
Ian Shiff, Cloud & Next Generation IT Security Sales Professional
SPONSOR:
Thank you to our April monthly sponsor, Swimlane https://swimlane.com/
(ISC)2 Silicon Valley 2019 Board of Directors
President:
John MacInnis
Secretary:
Anna Pasupathy (former Treasurer)
Treasurer:
Aloke Bhandia
Communications Director:
Lan Jenson (incumbent)
Membership Chair:
Peter Ngo (former Secretary)
Training Director (new):
Vishal Mehta
ALLIANCES:
@Si1isec and www.si1isec.org
First Thursday, 7 PM at The Firehouse brewpub, Sunnyvale
Baysec - https://www.baysec.net/
Third Tuesday, Patriot House in SF
HoodSec - @hoodsec and www.hoodsec.org
Last Thursday of every month at Radio Bar, Oakland
ISACA Silicon Valley Chapter, meetings usually held mid-month, with education and training events throughout the year: http://www.isaca.org/chapters8/silicon-valley/Pages/default.aspx
Pacific Hackers Meetup https://www.meetup.com/pacifichackers/
Hosted by Rod Soto of JASK. Live training and information exchange with ethical hackers.
CHAPTER JOB BOARD:
Have a cybersecurity related job to post? Please email board@isc2-siliconvalley-chapter.org
Looking for a job? Check out the chapter job board for new listings.
WE WANT TO HEAR FROM YOU:
If you have an isc2.org certificate in good standing then you are considered an active member with voting rights, and we value your input!
If you are interested in presenting or suggesting a talk, or have suggestions and/or concerns, please email board@isc2-siliconvalley-chapter.org. Volunteers welcome (earn extra CPE's)!
MONTHLY MEETING:
Tuesday, MAR 12th 2019 @ 5:30PM
We have two speakers so will begin the club part of the meeting ~5:45 - John
Palo Alto Networks
Building 1: 3000 Tannery Way, Santa Clara
SCHEDULE:
5:30-6:00PM - Food and Networking.
6:00-7:00PM - Chris Morales - Building security that thinks
7:00-8:00PM - M.K. Palmore - FBI SF Cyber Branch
MACHINE LEARNING FUNDAMENTALS FOR CYBERSECURITY PROFESSIONALS
Bio: Chris Morales is Head of Security Analytics at Vectra, where he analyzes attacker behaviors across millions of hosts inside enterprise networks globally to identify patterns and trends in cybersecurity. He has two decades of information security experience in an array of cybersecurity engineering, architecture, consulting, sales, and research roles with a primary focus on incident response and security operations. Chris is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.
SPEAKER
M. K. Palmore, CISM, CISSP
Assistant Special Agent in Charge
Information Security Executive
FBI San Francisco - Cyber Branch
(ISC)2 Silicon Valley 2019 Board of Directors
President:
John MacInnis
Secretary:
Anna Pasupathy (former Treasurer)
Treasurer:
Aloke Bhandia
Communications Director:
Lan Jenson (incumbent)
Membership Chair:
Peter Ngo (former Secretary)
Training Director (new):
Vishal Mehta
ALLIANCES:
@Si1isec and www.si1isec.org
First Thursday, 7 PM at The Firehouse brewpub, Sunnyvale
Baysec - https://www.baysec.net/
Third Tuesday, Patriot House in SF
HoodSec - @hoodsec and www.hoodsec.org
Last Thursday of every month at Radio Bar, Oakland
ISACA Silicon Valley Chapter, meetings usually held mid-month, with education and training events throughout the year: http://www.isaca.org/chapters8/silicon-valley/Pages/default.aspx
Pacific Hackers Meetup https://www.meetup.com/pacifichackers/
Hosted by Rod Soto of JASK. Live training and information exchange with ethical hackers.
CHAPTER JOB BOARD:
Have a cybersecurity related job to post? Please email board@isc2-siliconvalley-chapter.org
Looking for a job? Check out the chapter job board for new listings.
WE WANT TO HEAR FROM YOU:
If you have an isc2.org certificate in good standing then you are considered an active member with voting rights, and we value your input!
If you are interested in presenting or suggesting a talk, or have suggestions and/or concerns, please email board@isc2-siliconvalley-chapter.org. Volunteers welcome (earn extra CPE's)!
February 12th 2019
MONTHLY MEETING:
Tuesday, FEB 12th 2019 @ 5:30PM
Palo Alto Networks
Building 1: 3000 Tannery Way, Santa Clara
SCHEDULE:
5:30-6:00PM - Food and Networking.
6:00-6:45PM - Member News, Cybersecurity Training Sessions
6:45-8:00PM - Chris Morales - Building security that thinks
MACHINE LEARNING FUNDAMENTALS FOR CYBERSECURITY PROFESSIONALS
Bio: Chris Morales is Head of Security Analytics at Vectra, where he analyzes attacker behaviors across millions of hosts inside enterprise networks globally to identify patterns and trends in cybersecurity. He has two decades of information security experience in an array of cybersecurity engineering, architecture, consulting, sales, and research roles with a primary focus on incident response and security operations. Chris is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.
Vishal Mehta
Training Director
(ISC)² Silicon Valley Chapter
Dear Members,
On Saturday 01/26 the board discussed the Training Director role in more detail. As per bylaws, the goal is to provide chapter members a valuable resource for continuous learning in the field of cybersecurity.
Following is our draft proposal to add two 30 min training sessions in the monthly meeting agenda beginning in March. During the FEB meeting, the board would like to get your input on potential topics .
In each chapter meeting, we can have two 30-45 minutes slots of presentations: (assuming core of our meeting is from 6-7:30 pm)
I. Refresh each ISC2 domain (one per session) in addition to new trends seen in each domain along with practical implementations.
Goal: This will help to keep domain level knowledge current and refreshed among the members and also help non-members to learn these domains and achieve their CISSP goal.
II. Invite guest speakers to focus on latest security trends or cover curriculum of new certification such as CCSP.
Goal: This will be again beneficial for existing members as well as value addition to new members.
Current hot security trends such as Container Security, Public Cloud security, Application security,... are in demand and covering this topics will help all of us.We can poll the members on what are the top 5 topics they would like to be covered for II. initiative and we can chalk out plan accordingly.For CCSP curriculum, we can reach out to parent ISC2 organization training to help our chapter get started.We should also come up with an incentive to invite other individuals to come present in our chapter.
Vishal Mehta
Training Director
(ISC)² Silicon Valley Chapter
(ISC)2 Silicon Valley 2019 Board of Directors
President:
John MacInnis
Secretary:
Anna Pasupathy (former Treasurer)
Treasurer:
Aloke Bhandia
Communications Director:
Lan Jenson (incumbent)
Membership Chair:
Peter Ngo (former Secretary)
Training Director (new):
Vishal Mehta
ALLIANCES:
@Si1isec and www.si1isec.org
First Thursday, 7 PM at The Firehouse brewpub, Sunnyvale
Baysec - https://www.baysec.net/
Third Tuesday, Patriot House in SF
HoodSec - @hoodsec and www.hoodsec.org
Last Thursday of every month at Radio Bar, Oakland
ISACA Silicon Valley Chapter, meetings usually held mid-month, with education and training events throughout the year: http://www.isaca.org/chapters8/silicon-valley/Pages/default.aspx
Pacific Hackers Meetup https://www.meetup.com/pacifichackers/
Hosted by Rod Soto of JASK. Live training and information exchange with ethical hackers.
CHAPTER JOB BOARD:
Have a cybersecurity related job to post? Please email board@isc2-siliconvalley-chapter.org
Looking for a job? Check out the chapter job board for new listings.
WE WANT TO HEAR FROM YOU:
If you have an isc2.org certificate in good standing then you are considered an active member with voting rights, and we value your input!
If you are interested in presenting or suggesting a talk, or have suggestions and/or concerns, please email board@isc2-siliconvalley-chapter.org. Volunteers welcome (earn extra CPE's)!
Copyright © *2018* *(ISC)² Silicon Valley Chapter*, All rights reserved.
(ISC)2 Silicon Valley Chapter online presence and social media:
Web Site: http://www.isc2-siliconvalley-chapter.org/
LinkedIn page: https://www.linkedin.com/company-beta/17986642
Linkedin Group: https://www.linkedin.com/groups/13517368
Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.
Meetings
Meetings are scheduled for the 2nd Tuesday of every month.
***********
When
***********
Starting at 5:30 PM PT
***********
NEW Where
***********
Building 1, training room #6
Palo Alto Networks
3000 Tannery Way
Santa Clara, CA 95054
Nearest cross street is Bowers Ave & Scott Blvd
Note: you will need to sign in and agree to their NDA at the physical security desk.
January 8th 2019 Monthly Meeting
WHEN:
Tuesday, January 8th 2019 @ 5:30PM
WHERE:
Palo Alto Networks - Building 1: 3000 Tannery Way, Santa Clara, 95054
SCHEDULE:
5:30-6:00PM - Food and Networking
6:00-7:00PM - Board Intro, Member News, Chapter Mission Discussion
7:00-8:00PM - Rod Soto - Defining Security Strategy in a 'Cloud Age'
PRESENTATION TITLE:
Visibility as a buzzword: defining a strategy in a 'Cloud Age'
ABSTRACT:
Many mature and sophisticated security teams are taking a 'back-to-basics' approach to security. In this talk, we will discuss what visibility has meant in the past and how it has and will continue to evolve based on technology convergence in the future.
As the recent explosion in technology adoption has created a wave of new security hardware/software purchases many issues faced by security teams are still rooted in a lack of security fundamentals including the basic need to acquire visibility on the activities and assets you are trying to protect.
Stories and examples given will show activity which appears suspicious when it is actually normal. Showing not so obvious way where gaps exist? And why does it matter and what threat does it pose to your organization?
BIO:
Rod Soto has over 15 years of experience in information technology and security. Currently working as a Director of Security Research at JASK. He has spoken at ISSA, ISC2, OWASP, DEFCON, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Rod Soto was the winner of the 2012 BlackHat Las vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll competitive hacking Tournament series.
SPONSOR:
Thank you to our JAN monthly sponsor, JASK https://jask.com.