Meetings

Meetings


Meetings are scheduled for the 2nd Tuesday of every month.  
***********
When
***********
Starting at 5:30 PM PT
***********
NEW Where
***********
Building 1, training room #6
Palo Alto Networks
3000 Tannery Way
Santa Clara, CA 95054

Nearest cross street is Bowers Ave & Scott Blvd

Note: you will need to sign in and agree to their NDA at the physical security desk.



November 13th Meeting Announcement and Monthly Newsletter

In This Newsletter:

  • Chapter meeting details and agenda for 13 November
    • On-boarding to the Cloud Security Platform  by Prashant Saxena and Kevin Markley of Veritas Technologies cloud security team.
    • Change is simply an Act of Survival: How to move to the cloud safely by Bill Harmer by Bil Harmer, Zscaler America's CISO
  • Monthly chapter & cyber news:
    • Nominating committee for board elections at the December 11th, 2018 annual meeting.  
    • Speakers wanted - our calendar is full for this year, but please email board@isc2-siliconvalley-chapter if you have a talk or speaker to propose for future meetings. The next available slot is in January.
    • Local InfoSec & hacker social gatherings of note
    • Upcoming events: RSA 2019 discount codes, and isc2.org training seminars in Las Vegas on December 3rd.
  • Check out the job board for new listings, or email the board with job postings for your organization.

WHEN:

Tuesday, November 13th 2018 @ 5:30PM 

WHERE:

 Palo Alto Networks - Building 1: 3000 Tannery Way, Santa Clara, 95054


SCHEDULE:

  • 5:30-6:00PM - Nosh and networking
  • 6:00-6:15PM - Chapter updates: election and annual meeting preparation
  • 6:15-7:00PM - On-boarding to the Cloud Security Platform  by Prashant Saxena and Kevin Markley of Veritas Technologies cloud security team.
  • 7:00-7:45PM - Change is simply an Act of Survival: How to move to the cloud safely by Bill Harmer by Bil Harmer, Zscaler America's CISO

    SESSION 1 TITLE:
    On-boarding to the Cloud Security Platform

    SESSION 1 ABSTRACT:
    A Journey to Security as a Service with a Platform driven architecture for fast and secure creation of security services for consumption by product offerings in the cloud.

    SESSION 1 BIO:
    Prashant Saxena, is a Cloud Security Architect at Veritas Technologies, as a Security Solutions Architect at Veritas Technologies, Prashant focuses on web application and network security in a multi-cloud environment. He is the lead architect responsible for build, care and feed of the Cloud Security Platform that integrates applications moving to the cloud platforms such as AWS and Azure with platform capabilities that would greatly improve the risk posture of solutions hosted in the cloud environment.

    Kevin Markley is a Principal Cloud Security Architect at Veritas Technologies. Kevin focuses on designing, developing and implementing security tools and infrastructure. Kevin brings a DevSecOps mindset to the team and works to find innovative solutions for complex cloud solutions.


    SESSION 2 TITLE:
    Change is Simply an Act of Survival: How to move to the cloud safely by Bil Harmer, Zscaler America's CISO

    SESSION 2 ABSTRACT:
    This presentation will review the history and development of the corporate network and its interaction with the Internet.  How the adoption of SaaS and PaaS base solutions have rendered the network irrelevant from a security perspective. We will explore the developments in malware, how threat actors have taken on a business approach to creation, distribution, and management of their attack campaigns. We will then take a few steps into the future and explore some possibilities that have the potential to greatly affect corporations and how they protect themselves. Finally, we will explore some of the potential strategies that can be started now to lay time groundwork to ensure a more secure architecture in the future.

    SESSION 2 BIO:
    Bil has been in Information Technology for 30 years. He has been at the forefront of the Internet since 1995 and his work in security began in 1998. He has led security for Startups, Government and well established Financial Institutions. In 2007 he pioneered the use of the SAS70 coupled with ISO to create a trusted security audit methodology used by the SaaS industry until the introduction of the SOC2. He has presented on Security and Privacy in Canada, Europe and the US at conferences such as RSA, ISSA, GrrCon and the Cloud Security Alliance. He has been interviewed by and has written for various publications such as Dark Reading, Data Informed, SecureWorld and Security Intelligence. His vision and technical abilities have been used on advisory boards for Adallom, Trust Science, ShieldX, Resolve, Trustroot and Integris. He has served as Chief Security Office for GoodData, VP Security & Global Privacy Officer for the Cloud Division of SAP and now serves as Americas CISO for Zscaler.
    DECEMBER ANNUAL MEETING (TUESDAY December 11th): ELECTION AND BYLAW UPDATES

    The annual meeting and holiday party is scheduled for December 11th, the second Tuesday in December. Pre-registration is required to attend. Meeting announcements with Eventbrite registration links will be sent to this mailing list in mid-November. Please watch for the notifications. 

    BOARD ELECTIONS:
    Several board positions are open - we encourage you to submit your candidacy for these roles no later than Tuesday November 27th:
    * President
    * Secretary
    * Treasurer
    * Director of Professional Development (new)

     
    CHAPTER BYLAW REVIEW:
    The draft of the new 2018 chapter bylaws is located here. Please review and comment on bylaw revisions by no later than Tuesday November 27th to ensure your feedback is incorporated. Email: board@isc2-siliconvalley-chapter.org with feedback, comments, questions, etc.
    UPCOMING EVENTS:
    • RSA 2019 Discount Codes ($1300 before November 16th):
    Secure your spot before November 16 to get $1,100 of Early Bird savings on your Full Conference Pass. Plus, as an (ISC)2 member, you save an additional $200 for $1,300 in total savings when you use discount code 1U9ISC2FDRegister now.
    • ISC2 Training Seminars in Las Vegas on December 3rd (see email from Robert DiBlasi below):
    From: Robert DiBlasi
    Sent: Friday, October 26, 2018 8:25 AM
    To: membership@isc2-siliconvalley-chapter.org
    Subject: (ISC)2
     
     Good morning.
     (ISC)2 has five training seminars scheduled for Las Vegas on December 3rd.  They are for CISSP, CCSP, HCISPP, CSSLP and CAP.  Can you ask your members if they are interested in attending?
     
    I can offer a $300 discount off of the standard cost of the seminar for your members. The HCISPP standard cost is $1,795 and all the others are $2,995.
     
    Thank you so much for your help.
     
    Robert DiBlasi
    Inside Sales Representative
    (ISC)², Inc.
    1650 King Street

    Suite #200
    Alexandria, VA 22314
    United States
    Office:    +1 (571) 348-1195

    www.isc2.org | rdiblasi@isc2.org

    https://s3-us-west-2.amazonaws.com/emaillogos/ISC2-email-Logo.jpg
     
     
    Local InfoSec & hacker social gatherings of note:
    CHAPTER JOB BOARD:

    Have a cybersecurity related job to post? Please email board@isc2-siliconvalley-chapter.org

    Looking for a job? Check out the chapter job board for new listings.

     
    WE WANT TO HEAR FROM YOU:
    If you have an isc2.org certificate in good standing then you are considered an active member with voting rights, and we value your input!

    If you are interested in presenting or suggesting a talk, or have suggestions and/or concerns, please email board@isc2-siliconvalley-chapter.org. Volunteers welcome (earn extra CPE's)!




    October Chapter Meeting Details:



    WHEN: Tuesday, October 9th, 2018 @ 5:30PM
    WHERE: Palo Alto Networks - Building 1: 3000 Tannery Way, Santa Clara, 95054
    SCHEDULE:
    • 5:30-6:00PM - Nosh and networking
    • 6:00-6:15PM - Chapter updates including annual meeting preparation
    • 6:15-7:15PM - Considerations for Security in Product Development by Dick Hacking
    • 7:15-8:00PM - Networking and meeting close

    Session Title: 

    Considerations for Security in Product Development

    BIO: 

    Dick Hacking

    Dick Hacking has over 40 years in the computer business, with one foot in development, and the other in support, for most of that time. His deep technical and implementation experience serve him well in being a Qualified Security Assessor for PCI DSS  (Payment Card Industry Data Security Standard) assessments. He is also a CISM. He’s worked for such enterprises as Zilog, Unisys, Cap Gemini Ernst & Young, and NetApp. A 1984 Computerworld headline asked “Hacking: Pure Genius, or Sheer Theft?” He claims to be guilty of one, and victim of the other. The talk is borne of experience in many different situations where security of the product was missed.


     
     
    ABSTRACT:

    The talk is a look at all the aspects of developing a secure product, both from a product management, and an engineering point of view. It considers the entire software development lifecycle from concept to obsolescence. Originally developed as a primer for engineers working towards the European GDPR go-live date, it is still relevant to any software or hardware product team.


    September Chapter Meeting Details


    WHEN: Tuesday, September 11th, 2018 @ 5:30PM
    WHERE: Palo Alto Networks - Building 1: 3000 Tannery Way, Santa Clara, 95054
    SCHEDULE:
    • 5:30-6:00PM - Nosh and networking
    • 6:00-6:15PM - Chapter updates
    • 6:15-7:15PM - The state of Automated Cyber Security Risk Assessments by Manoj Asnani of Balbix, with introductions by John Barchie, VP of Cyber Security West Coast @ Tech Mahindra
    • 7:15-8:00PM - Networking and meeting close

    Speech Title

    The state of Automated Cyber Security Risk Assessments

    Bio

    MANOJ ASNANI
    VP of Product Management & Design
    Manoj leads Product Management and Design at Balbix. Prior to Balbix, Manoj ran Product Management for the Application Security (Fortify) portfolio at Hewlett Packard Enterprise. He brings 15+ years of technology experience in various roles including Product Management, Strategy/Operations & Engineering at Brocade, Booz & Company, Cisco and Force10. Manoj has a Bachelors and a Masters degree in Computer Science from Gujarat University and the University of Southern California, and an MBA from the Columbia Business School. 

    Abstract:
    The number of attack vectors and assets makes traditional manual risk assessment processes too cumbersome to be comprehensive.   As risk assessment methodologies become clearer automation can be used to predict breaches and perform ‘What If’ scenarios on production environments permitting risk assessment tools to become integral to creating security programs and supplementing SOC efforts.

    CHAPTER NEWS AND UPDATES:

    MEE
    TING FEES:
    • Meetings free to (ISC)² certificate holders in good standing. 2 x CPE's will be recorded and submitted to (ISC)² on your behalf.
    • Non-member entrance fee : $10.00
    DECEMBER GENERAL MEETING: BYLAW UPDATES AND ELECTION

    This chapter is fully member supported, and our bylaws require a 2/3 membership quorum to approve all bylaw changes. The board is proposing a small number of changes designed to enhance chapter operations and increase membership opportunity which will be presented to the membership for discussion and vote. This will take place as part of the annual chapter meeting and holiday celebration, scheduled for Tuesday December 11th.

    We will also be holding board elections for one or more open positions on the board. Feel free to reach out to any of the board members at the upcoming meetings to ask questions or submit your candidacy. This is an excellent opportunity for those who wish to gain experience in the area of non-profit board governance, and small business operations management.

    Stay tuned for additional details related to the proposed changes which will be discussed and disclosed at upcoming meetings and newsletters.

    WE WANT TO HEAR FROM YOU:
    If you have an isc2.org certificate in good standing then you are considered an active member with voting rights, and we value your input!

    If you are interested in presenting or suggesting a talk, or have suggestions and/or concerns, please email board@isc2-siliconvalley-chapter.org. Volunteers welcome!
    Local InfoSec & hacker social gatherings of note:
    UPCOMING EVENTS:

    Join us for the Cybersecurity Symposium for Smart Cities 2018!


    WHEN: October 3rd, 2018 
    WHERE: Fairmont Hotel, San Jose, CA

    (Exclusive (ISC)2 discount codes below)


    EVENT LINK:   https://adaptablesecurity.org/cybersecurity-symposium-for-smart-cities/ 

    The Symposium has a networking hour exclusively for members of ISC2, ISSA, ISACA, IAPP, OWASP and InfraGard chapters from 8:00 - 9:00 am.  Breakfast is served.  Come early, network and get your CPEs.

    The event is also an official event under NIST/DHS-led GCTC Smart Secure Cities and Communities: Cybersecurty and Privacy Advisory Committee.  You'll connect with visionary and pragmatic leaders from Washington DC to San Jose on strengthening cybersecurity and privacy for our small and medium businesses and governments (SMB-G). 

    As a benefit to (ISC)2 Chapter members, use code "ISC2" to receive 25% discount. It's free to volunteers, government and nonprofit personnel.  Besides receiving CPEs, you'll have opportunities to:

    •  Network with leaders and experts - Mayors/Councilmembers, CIOs/CISOs and implementors from both public and private sectors
    •  Sign up for opportunities to grow your career - help your government, schools and smaller businesses pro bono or for paid projects
    •  Mentor others in cybersecurity and privacy - practice leadership skills or pick up new domain






    August 2018 Meeting Announcement 

    In This Newsletter:

    • Chapter meeting details and agenda for 14 August :
      • Last Line of Defense or Marketing Hype? How to Effectively Deploy AI to Find and Remediate Attacks on the Inside, by Marc Ibanez and Larry Lunetta of HPE:Aruba Networks
      • Board meeting agenda:
        • Membership and treasury status review
        • Proposed bylaw amendments
          • Modifications to chapter board job roles from Chapter Leadership Task Force (CLTF)
          • New finance controls added to bylaws
      • Monthly chapter & cyber news:
    • Local InfoSec & hacker social gatherings of note
    • Other upcoming events - Secure World and SMB-G conferences

    August Chapter Meeting Details:


    WHEN: Tuesday, August 14th, 2018 @ 5:30PM
    WHERE: Palo Alto Networks - Building 1: 3000 Tannery Way, Santa Clara, 95054
    SCHEDULE:
    • 5:30-6:00PM - Nosh and Networking
    • 6:00-7:00PM - Last Line of Defense or Marketing Hype? How to Effectively Deploy AI to Find and Remediate Attacks on the Inside, by Marc Ibanez and Larry Lunetta of HPE:Aruba Networks
    • 7:00-8:00PM - Quarterly chapter board meeting - members welcome

    Speech Title

    Last Line of Defense or Marketing Hype? How to Effectively Deploy AI to Find and Remediate Attacks on the Inside

    Bio

    Marc Ibanez – Technical Marketing Engineer at Aruba covering Security
     
    Marc Ibanez has over 20 years of experience in both the wireless and wired communications space.  He has worked at companies both large and small, with roles spanning product development, product management, and technical sales.  Wireless experience includes both WiFi and 2G/3G/4G, and wired spans L1-3 stack from optical to switching & routing.  Previous stints largely focused on the service provider market and include Lucent Bell Labs, Cisco, Foundry/Brocade, BelAir/Ericsson, and Luminate. He is currently at HPE Aruba working on machine learning-based security analytics.
     
    Larry Lunetta - Vice President, Security Solutions Marketing
     
    Larry Lunetta is Vice President, Security Solutions Marketing and is a technology veteran with a track record of executive management in both public and private companies. He is responsible for the overall marketing strategy and go to market execution for the Aruba security portfolio including ClearPass and the recently acquired Niara UEBA solution. This includes positioning, messaging, asset development, field enablement and global marketing campaign support. Prior to joining Aruba Larry was VP Marketing and Business Development for Niara. Before that, he held a range of C-level positions in venture-backed companies including VP Marketing for ArcSight, where he launched the company, brand and product while helping grow the company from pre-revenue to IPO.
    Larry holds a BS in Electrical Engineering from Rutgers College and advanced degrees in engineering and business from Arizona State University where he currently is a guest lecturer in venture studies for the WP Carey School of Business.

    Abstract:

    AI is now a term that almost every security vendor must have in their marketing pitch. Let’s separate the hype from reality and focus on where AI can be effective and what types of AI technologies are required. Mobile, IoT, and cloud are key elements of the digital engagement required by customers, employees and partners. Unfortunately, what makes users happy also makes organizations more vulnerable. When attacks victimize users who will click on any email attachment and coopt their credentials, the only way to find and deal with them is to see small changes in behavior that indicate a compromised or rogue user or device. This is where an AI technique called unsupervised machine learning helps. But, most products, if they have AI at all, only utilize unsupervised ML. That’s not enough. Supervised machine learning is also required and it is rare because it is much more difficult to develop. But, it plays a key role in moving from another “white noise” maker to a system that finds attacks before they do damage. This session will cover:
    • How to separate AI hype from reality
    • Where AI-based solutions are most helpful
    • How supervised and unsupervised machine learning work in tandem
    • Why algorithms alone are not enough for successful AI outcomes

     
    MEETING FEES:
    • Meetings free to (ISC)² certificate holders in good standing. 2 x CPE's will be recorded and submitted to (ISC)² on your behalf.
    • Non-member entrance fee : $10.00
     
    Local InfoSec & hacker social gatherings of note:
    Upcoming events:
     

    Upcoming events:
     

    Join us for the 13th Annual SecureWorld Bay Area
    Cybersecurity Conference:
    WHEN: August 21, 2018  
    WHERE: Santa Clara Convention Center

    (exclusive (ISC)2 discount codes below)

    Conference link address: https://events.secureworldexpo.com/details/bay-area-ca-2018/

    Joint Association Presentation and Mixer
    ISSA Silicon Valley, ISSA San Francisco Bay Area, and (ISC)2 Silicon Valley chapters will be joining forces at SecureWorld.

    ISSA_Silicon ValleyISC2ISSA_BAY_xbt

    8:30 - 9:15 a.m. •  Room 201 
    Coffee and light breakfast served
    Guest Speaker: Lan Jensen, CEO, Adaptable Security and Communications Director for (ISC)2
    Please note, you must register for the conference to attend.

    Discount Codes
         MIXSWP for $100 off SecureWorld PLUS Pass
         MIXCP for $50 off Conference Pass
         MIXOS for $45 off Open Sessions Pass (Free)

    Bringing your security team? Discount rates are available for groups of five or more.
    Contact us for pricing details.

    SecureWorld PLUS Pass: ($525)
    Conference Pass included
    12 CPE credit hours & certificate of attendance
    6 hours of in-depth training with one instructor
    Access to all breakout sessions
    Gourmet lunch

    Conference Pass: ($145)
    6 CPE credit hours & certificate of attendance
    Access to all breakout sessions
    Gourmet lunch

    Open Sessions Pass: (Free)
    Access to Exhibitor Hall, keynotes, and limited sessions
     



    Join us for the Small - Medium Business & Government (SMB-G) Smart Cities and Communities Conference!

    WHEN: October 3rd, 2018 
    WHERE: Fairmont Hotel, San Jose, CA

    (Exclusive (ISC)2 discount codes below)


    EVENT LINK:   https://adaptablesecurity.org/smb-g-summit/

    The Summit is an official event under NIST/DHS-led Smart Secure Cities and Communities: Cybersecurty 
    and Privacy Advisory Committee.  You'll connect with visionary and pragmatic leaders from Washington 
    DC to San Jose on strengthening cybersecurity and privacy for our small and medium businesses and 
    governments (SMB-G). 

    As a benefit to (ISC)2 Chapter members, use code "ISC2" to receive 25% discount. It's free to volunteers, government and nonprofit personnel.  Besides receiving CPEs, you'll have opportunities to:

    •  Network with leaders and experts - CIOs/CISOs from private sector and 10+ Bay Area cities
    •  Sign up for opportunities to grow career - help your government, schools and smaller businesses
    •  Mentor others in cybersecurity and privacy - practice leadership skills or pick up new domains 







    July 2018 Meeting Announcement 

    In This Newsletter:

    • Chapter meeting details and agenda for 10 July :
      • Container Security: Fake news or opportunity - Anshul Arora of Palo Alto Networks
      • Board meeting agenda:
        • Membership and treasury status review
        • Proposed bylaw amendments
          • Modifications to chapter board job roles from Chapter Leadership Task Force (CLTF)
          • New finance control
      • Monthly chapter & cyber news:
    • Local InfoSec & hacker social gatherings of note
    • Other upcoming events

    July Chapter Meeting Details:


    WHEN: Tuesday, July 10th, 2018 @ 5:30PM
    WHERE: Palo Alto Networks - Building 1: 3000 Tannery Way, Santa Clara, 95054
    SCHEDULE:
    • 5:30-6:00PM - Nosh and Networking
    • 6:00-6:05PM - Chapter news and updates
    • 6:05-7:00PM - Anshul Arora presents Container Security: Fake news or opportunity?
    • 7:00-8:00PM - Chapter board meeting - members welcome

    Speech Title

    Container Security: Fake news or opportunity

    Bio

    Anshul graduated with a Master degree in Computer Science and has previously worked at Large corporations like Cisco, & SAP doing Network and Infrastructure security. Currently working at Palo Alto Networks as Infrastructure Security Architect as part of the InfoSec team - with responsibility to secure the on-prem, and cloud platforms.

    Abstract:  

    Infrastructure evolution is now a mandate for mid-to-large size enterprises. It was almost thought of as virtual reality a couple of years ago, but not anymore - especially due to advent of cloud and DevOps models. Some corporations are born in the cloud but there are still a large number that struggle with such migrations.
    This presentation will focus towards practical approaches to enhance the security posture of container based infrastructure deployments; be it bare metal with Docker, Kubenetes or any other tech based deployment. There are always critical security risks and opportunities that an enterprise must be cognizant about before laying out an actionable strategy. At the same time, it is vital to keep compliance and audit aspects in the forefront. The traditional approach to building physical data center is cumbersome in terms of time and resources along with high technology debt while the modern world focuses on economies of scale, standardization and automation.
    In summary, we’ll learn how to seal the leaky holes of Governance, Risk, Compliance (GRC) challenges that could potentially sink the ship the containers road in on.


     
    MEETING FEES:
    • Meetings free to (ISC)² certificate holders in good standing. 2 x CPE's will be recorded and submitted to (ISC)² on your behalf.
    • Non-member entrance fee : $10.00
     
    Local InfoSec & hacker social gatherings of note:
    Upcoming events:
     

    Join us for the 13th Annual SecureWorld Bay Area
    Cybersecurity Conference!
    August 21, 2018 • Santa Clara Convention Center
    Exclusive (ISC)2 discount codes below

    Conference link address: https://events.secureworldexpo.com/details/bay-area-ca-2018/

    Discount Codes
    ISC2P  $100 off SecureWorld PLUS Pass
    ISC2  $50 off Conference Pass
    ISC2E  $45 off Open Sessions Pass (FREE)
     

    Bringing your security team? Discount rates are available for groups of five or more.
    Contact us for pricing details.

    SecureWorld PLUS Pass: ($525)
    Conference Pass included
    12 CPE credit hours & certificate of attendance
    6 hours of in-depth training with one instructor
    Access to all breakout sessions
    Gourmet lunch

    Conference Pass: ($145)
    6 CPE credit hours & certificate of attendance
    Access to all breakout sessions
    Gourmet lunch

    Open Sessions Pass: (Free)
    Access to Exhibitor Hall, keynotes, and limited sessions




    June 2018 Meeting Announcement 

    In This Newsletter:

    • Chapter meeting details and agenda for 12 June :
      • AI for Cyber Defense: The Shift to Self-Learning, Self-Defending Networks by Christopher Coppock of Dark Trace
      • Passing PCI DSS Assessment by Dick Hacking of ISSA Silicon Valley Chapter
      • Monthly chapter & cyber news:
        • Silicon Valley Cybersecurity Alliance Update
        • GDPR is now in effect
        • Check out the job board for new listings
    • Local InfoSec & hacker social gatherings of note
    • Other upcoming events

    June Chapter Meeting Details:


    WHEN: Tuesday, June 12th, 2018 @ 5:30PM
    WHERE: Palo Alto Networks - Building 1: 3000 Tannery Way, Santa Clara, 95054
    SCHEDULE:
    • 5:30-6:00PM - Nosh and Networking
    • 6:00-6:05PM - Chapter news and updates
    • 6:05-6:45PM - Darktrace Presents by Christopher Coppock
    • 6:45-7:45PM - ISSA Silicon Valley Presents by Dick Hacking
    • 7:45-8:00PM - Q&A, Meeting Close

    Speech 1 Title

    AI for Cyber Defense: The Shift to Self-Learning, Self-Defending Networks

    Abstract:  

    The fight is no longer at the perimeter. In the new era of cyber-threats, machines fight machines on the battleground of corporate networks. No human security team can keep pace. From high-speed global ransomware attacks to sophisticated threats that disguise themselves for months on a network before taking action, these attacks call for a change in the way we protect our most critical assets.
     
    Self-learning, self-defending systems are now being deployed to secure complex enterprise networks across all environment types – ranging from physical, virtual, and cloud, through to the IoT and industrial control systems. Known as ‘immune system’ defense, this approach uncovers threats that have already penetrated the network border and then automatically fights back. Unlike legacy approaches that rely on rules or signatures, immune system security learns and responds autonomously, enables the security team to focus on high-value tasks, and can counter even fast-moving, automated attackers. 
     
    In this session, learn about: 

    • Why legacy approaches, like rules and signatures, are proving inadequate in the face of the current threat landscape 
    • How AI and machine learning can automate threat detection and response and, in the process, buy back time for security teams 
    • Real-world examples of detected threats, from fast moving ransomware to hacked fish tanks


    Speech 2 Title

    Passing PCI DSS Assessment

    Abstract:  

    Understanding the PCI DSS assessment process is crucial to getting a “Compliant” rating. This presentation tells people facing their first assessment what to expect and the kinds of assets that their assessor will be looking for.

    Speaker Bio:

    Dick Hacking has over 40 years in the computer business, with one foot in development, and the other in support, for most of that time. His deep technical and implementation experience serve him well in being a Qualified Security Assessor for PCI DSS  (Payment Card Industry Data Security Standard) assessments. He is also a CISM. He’s worked for such enterprises as Zilog, Unisys, Cap Gemini Ernst & Young, and NetApp. A 1984 Computerworld headline asked “Hacking: Pure Genius, or Sheer Theft?” He claims to be guilty of one, and victim of the other.


    MEETING FEES:
    • Meetings free to (ISC)² certificate holders in good standing. 2 x CPE's will be recorded and submitted to (ISC)² on your behalf.
    • Non-member entrance fee : $10.00
     
    Local InfoSec & hacker social gatherings of note:
    • Cornerstones of Trust Conference 2018 June 19th:
      or www.cornerstonesoftrust.com Information Systems Security Association chapters exist all over the world. The Silicon Valley chapter has monthly meetings on the third Tuesday of each month from 12-1:30pm with lunch and a speaker. This month, however, (June 19th)  we are running our annual one-day conference in connection with SF-ISSA and SFBay Infragard at the Crowne Plaza, Foster City from 8am to 6 or 9 pm (depending on whether you stay for a SANS technical session in the evening to avoid traffic). The conference theme is “Security in the age of Disruption” with keynote speakers Peter Wicher and Rick Howard. Registration is being offered at the ISSA membership rate to ISC2 members. Please go to www.Cornerstonesoftrust.com to see the full speaker lineup and to register.
    • @Si1isec and www.si1isec.org
      • First Thursday, 7 PM at The Firehouse brewpub, Sunnyvale
    • Baysec - https://www.baysec.net/
      • Third Tuesday, Patriot House in SF
    • HoodSec - @hoodsec and www.hoodsec.org
      • Last Thursday of every month at Radio Bar, Oakland
    •  ISACA Silicon Valley Chapter, meetings usually held mid-month, with education and training events throughout the year: http://www.isaca.org/chapters8/silicon-valley/Pages/default.aspx 



    May 2018 Meeting Announcement 

    In This Newsletter:

    • Chapter meeting details and agenda for 8 May:
      • Powering Trusted Identities - Presented by HID Global
      • Presidents update:
        • (ISC)²  04/27/18 Chapter Discussion Forum Review 
        • (ISC)² Self-Paced Online CCSP training
        • GDPR is coming 5/25/2018:
          • Data subject privacy rights considerations for application developers
        • ISO31000:2018 overview
        • Check out the Breach Level Index
        • Several jobs posted on the job board this month
    • Local InfoSec & hacker social gatherings of note
    • Other upcoming events

    May Chapter Meeting Details:

    WHEN: Tuesday, May 8th, 2018 @ 5:30PM
    WHERE: Palo Alto Networks - Building 1: 3000 Tannery Way, Santa Clara, 95054
    SCHEDULE:
    • 5:30-6:00PM - Nosh and Networking
    • 6:00-6:45PM - Presidents update 
    • 6:45-7:45PM - HID Presents: Powering Trusted Identities
    • 7:45-8:00PM - Q&A, Meeting Close

    Speakers Bio:
    James Reno

    Reno has an extensive background in security technology encompassing both physical and logical security technologies, business management, solution delivery, and pre and post-sales support. He spent most of his 20-year career working at HID Global and served in various management roles within HID Global’s IAM Business Unit.

    As the VP of Sales, Reno is responsible for defining go-to market strategy, sales processes, strategic alliances, and customer programs for APAC and the Americas. Reno joined HID Global in 2007 to work with the Americas Managing Director, leading an OEM channel initiative to extend the ECO system of partner integrations. He subsequently served as the Director of Solution Sales, developing a customer centric approach to customer engagement with sales and solution architects.

    Reno earned a Bachelor of Science in Business Administration from Utah State University, with an emphasis on Marketing and Communications.


    Raena Dhuy

    Raena Dhuy is a Senior Solutions Architect in HID Global’s Identity and Access Management Business Unit. In this position, Raena develops a technical relationship with customer and prospect security leads. She works closely with companies to understand various aspects of current solutions, security vulnerabilities, and gaps in the user experience to curate a holistic technical solution utilizing the IAM portfolio of HID.

    Dhuy participates in numerous internal and external forums and professional groups that are charting the course for next generation enterprise multifactor solutions. Prior to joining HID Global, Dhuy held a number of positions at a global Defense contractor and consulting firm. Under her management, the team was responsible for protecting the firm’s resources to include vendor selections, implementing and managing various PKIs, multi-factor authentication, single sign-on, incident plans and remediation.

    Dhuy has extensive experience educating users on best practices, user adoption, and the delivery of PKI solutions.


    Speech Title

    Powering Trusted Identities

    Abstract:  

    TRUSTED PEOPLE

    It's important to verify that the person requesting access is who they say they are. From employees to contractors, partners to customers, HID Global uses advanced multifactor authenticators to verify credentials comprehensively and seamlessly before granting access.

    TRUSTED TRANSACTIONS

    The transactions are ever-increasing, as are the risks for fraud. Whether it’s financial information, healthcare data, or simply sending emails and e signing documents securely, HID Global’s authentication solutions can handle.

    TRUSTED DEVICES

    With the growth of IoT, protecting the smart devices on any network is critical to avoiding security breaches. HID Global’s trusted solutions authenticate devices and infrastructure to protect communications and data while they’re being transmitted digitally.

    TRUSTED PLACES

    Securing both digital and physical spaces pose their own unique challenges. HID Global is the world leader in physical identity and access solutions, providing a safe environment for employees, visitors and contractors. HID Global can also protect communications and transactions to the website or portal, and increase the customer’s confidence.

    MEETING FEES:
    • Meetings free to (ISC)² certificate holders in good standing. 2 x CPE's will be recorded and submitted to (ISC)² on your behalf.
    • Non-member entrance fee : $10.00
     
    Local InfoSec & hacker social gatherings of note:
    CURRENT EVENTS:

    ISACA Silicon Valley Spring Conference

    Date: May 3 & 4 2018
    Location: Biltmore Hotel and Suites Santa Clara Hotel

    Theme: Cybersecurity, Governance & GDPR
    Conference Website https://isacasv.wixsite.com/2018springconf




    April 2018 Chapter Newsletter
    and Meeting Announcement

    In This Newsletter:

    • Chapter meeting details and agenda for 10 April:
      • Jonathan Hare - Quantum Privacy and Proof of Trust Blockchain - Eliminating the Conflict between Privacy, Policy Enforcement and Sharing
      • Lan Jenson - CyberSecure the US with the Ultimate Power of the Society
      • Presidents update:
        • (ISC)² Chapter Leadership Task Force update
        • Silicon Valley Cybersecurity Alliance 
        • Cybersecurity in the news this month (by member request)
        • Non-member entrance fee (new)
    • Local InfoSec & hacker social gatherings of note
    • Other upcoming events

    April Chapter Meeting Details:


    WHEN: Tuesday, April 10th, 2018 @ 5:30PM
    WHERE: Palo Alto Networks - Building 1: 3000 Tannery Way, Santa Clara, 95054
    SCHEDULE:
    • 5:30-6:00PM - Nosh and Networking
    • 6:00-6:30PM - Presidents update 
    • 6:30-7:15PM - Jonathan Hare - Quantum Privacy and Proof of Trust BlockChain – Eliminating the Conflict between Privacy, Policy Enforcement and Sharing
    • 7:15-7:45PM - Lan Jenson - CyberSecure the US with the Ultimate Power of the Society
    • 7:45-8:00PM - Q&A, Meeting Close
    Speaker 1 Details:
    Jonathan Hare, CEO of WebShield Inc. and co-founder of EP3 Foundation (Empowering People with Privacy and Personalization)

    Speaker Bio:
    Jonathan is a serial entrepreneur and technology executive and has broad expertise in Internet and enterprise software, security and privacy technology, electronic health records, healthcare, and education policy, etc. He has been a member of the Health IT Standards Panel's Security and Privacy Technical Committee, the Identity Credential Management Working Group, the Markle Foundation Consumer Authentication Working Group, and the Markle Foundation Personal Health Technology Council. He has testified before Congress on Health IT policies. He has broad expertise in privacy, cybersecurity, cloud technology, informatics, and legal and regulatory compliance.

    He has been granted three patents for trusted social networking, identity syndication, privacy-preserving data sharing and analytics. He was Founder, CTO and Executive Chairman of Resilient Network Systems, where he pioneered novel approaches to trusted networking. He was also founder and CEO of Consilient, Inc. an internet software firm which pioneered XML-based collaborative application technology. Earlier, he was founding CEO of Evolve Software, an enterprise software vendor which pioneered a new application market, and went public in 2000. Jonathan has held executive, management and technical positions at Teseract, Microsoft, Cornerstone Research, Strategic Planning Associates, and Impell Corporation. Jonathan received his MBA from Stanford Graduate School of Business, where he was an Arjay Miller Scholar. He was a Regents and Chancellors Scholar at UC Berkeley, where he majored in Industrial Engineering and Operations Research.

    Speech Title

    Quantum Privacy and Proof of Trust BlockChain – Eliminating the Conflict between Privacy, Policy Enforcement and Sharing

    Abstract:  

    Quantum Privacy and the Proof of Trust BlockChain enable organizations and individuals to anonymize, secure, combine, analyze, reuse and monetize sensitive private data.  The functionalities are performed in real-time and at global scale.   Simultaneously, all necessary regulatory, licensing, privacy and security requirements are inherently adhered to.  

    This empowers individuals to conveniently find, access and securely share information about themselves.  It also enables them to grant authorization, to directly control policies for privacy, security and personalization, hence effectively putting an end to identity theft and data breaches. Organizations gain the ability to pool their resources to support global big data analytics and precision personalization. 

    Proof of Trust BlockChain overcomes the performance, governance and cybersecurity limitations of traditional “Proof of Work” Block Chain. It unifies both the consumer cloud and enterprise technology ecosystems and creates a vast global exchange market and marketplace for anything.

    Speaker 2 Details:
    Lan Jenson 
    CEO, Adaptable Security (Ada for short)
    Board of Directors, ISC2 Silicon Valley Chapter

    Speaker Bio:
    Lan Jenson is a certified award winning cybersecurity leader with 15+ years of experience in Fortune 500 companies. As CEO of Adaptable Security, Lan is responsible for the first nonprofit platform that provides unbiased security ratings and enables better security for organizations by matching their needs with expert volunteers. 

    Prior to leading Ada, Lan led her team to track down hackers and enabled the Secret Service to make arrests.  Lan's responsibilities grew to include leading large-scale cybersecurity strategy, policy, compliance and awareness programs, as well as automating detection capabilities. 

    Lan also serves as the IoT cybersecurity lead in NIST and DHS-led Smart and Secure Cities and Communities Challenge besides the Board of Directors, ISC2 Silicon Valley Chapter. Lan holds a Master of Science in Management of Information Systems from Boston University.

    Title:
    CyberSecure the US with the Ultimate Power of the Society

    Abstract:
    Learned helplessness about cybersecurity is in the air. Millions of people are affected by data breaches, which continue to climb since 2005 despte increased cybersecurity investments; Six out of 10 smaller businesses go bankrupt after being hacked; 90% of data breaches are rooted in people behavior. 

    Einstein defines insanity as doing the same thing over and over again and expecting different results. We need a way to break out of the security insanity and learned helplessness. Adaptable Security (Ada for short) introduces a way to make cybersecurity relevant for people, hence different behavior and results.

    Use cases:
    Consumers: 76% want to switch to businesses with safe data practices, but have no idea which businesses are safer. Ada lets them know.
    Business decision makers: Ada enables them to see Return On Security Investment (ROSI), hence invest cost-effectively rather than after a severe data breach. 
    Non-member entrance fee starting April 10th:
    We are a 501(c)(6) non-profit trade association, and our bylaws specifically admit only those who have an (ISC)² certificate in good standing. However, due to the high number of recent non-member drop-ins to our meetings the board has decided to charge a $10.00 fee for one-time non-member access to our meetings. The $10 fee must be paid by check or in cash at the time of entrance. Make checks payable to: (ISC)² Silicon Valley Chapter. We thank you for your cooperation. 
    Local InfoSec & hacker social gatherings of note:
    Current Events:
    2018 Part I RSA Conference will begin on
    Monday, April 16
    and ends on
    Friday, April 20

    (ISC)² Registration Discount Code: 18UISC2FD ($200 off full conference pass)

    https://www.rsaconference.com/



    ****************

    March 2018 Chapter Newsletter and Meeting Announcement

    ****************


    We look forward to seeing you at the meeting next Tuesday, March 13th at Palo Alto Networks in Santa Clara!
    We are excited to announce that due to high attendance we are expanding into a second room starting at the next meeting. Thanks to chapter Secretary Peter Ngo for arranging this with PAN!


    In the newsletter:

    •  Chapter meeting details for 13 March - Chris Webber of SafeBreach
    •  Local InfoSec & hacker social gatherings of note
    •  Other upcoming events
       

    March 13th meeting:

    Heroes vs Villains: Winning by Understanding the Adversary

    From Marvel, to DC, to a galaxy far, far away -- we are currently inundated with stories of good triumphing over evil. Too bad the same can’t be said for the current state of cyber security. Our heroes are fighting valiantly, but the bad guys seem to have the upper hand. Join Chris Webber, Security Strategist from SafeBreach, for a session highlighting how we can all take a lesson from attackers, to rise above attacks, and start a new chapter in this cyber saga.
    In this session we’ll show:
     

    • How enterprises likely already have what they need to win
    • Why you should spend zero days worrying about 0days
    • How to prove security is working (before attackers prove it’s not)

     
    Highlighting the value of a new technology, called Breach and Attack Simulation, Webber will show how defenders can easily visualize the cyber kill chain, pinpoint where to stop attacks most easily, and prove their security effectiveness over time.  

    Highlighting the value of a new technology, called Breach and Attack Simulation, Webber will show how defenders can easily visualize the cyber kill chain, pinpoint where to stop attacks most easily, and prove their security effectiveness over time.  

    Webber will also cover recent trends in attacks, pulled from real production environments - and how these trends can be overcome with little effort, or investment.  It’s not too good to be true, and it’s not a fairy tale, it’s just time for the heroes to win.

    Bio:
    Chris Webber is a security wonk, a product guy, and a recovering IT professional. Having spent time at both Silicon Valley startups and global powerhouses before joining SafeBreach, Webber developed his particular slant on enterprise security at companies like Zscaler, Blue Coat Systems, Centrify, and Good Technology. Tweet him @WebberGS


    Chapter meeting location:

    We have locked in the venue at Palo Alto Networks as our confirmed meeting site for the first half of 2018 (with an option for the whole year). Thank you to Peter Ngo and PAN for arranging these facilities on behalf of the chapter!
    Newcomers should note that parking and access to facilities is simple and easy, and everyone is expected to sign an NDA at the door.
    When:
            13 February, 2018
            (The second Tuesday of the month)
            Starting at 5:30 PM PT
    Itinerary:

    •         5:30 PM PT - Nosh and networking
    •         6:00 PM PT - Chapter business and announcements with presentation(s) following
    •         Chapter board sync up afterwards
     Where:
            Palo Alto Networks
            Building 1, training room #6
            Address:
                3000 Tannery Way
                Santa Clara, CA 95054            
    •         Note you will need to sign in and agree to their NDA at the physica security desk (in building 1).
    •         Parking: ISC2 members can park in the visitor parking, or parking structure P1 South.

     Location and meeting details can also be found on our (new) website:
    https://sites.google.com/a/isc2-siliconvalley-chapter.org/isc2-silicon-valley-chapter/meetings 


    Local InfoSec & hacker social gatherings of note:


    Other upcoming events of note:

    As you are aware, ISACA Silicon valley chapter is a part of ISACA Global, a non profit organization with a mission to serve our membership by providing world-class training, networking opportunities, and guidance in the areas of IT audit, control and security.

    ISACA Silicon Valley has an upcoming one day training program "Building and Maintaining a Robust GDPR Program" on Friday March 23, 2018.

    Here is the link to the program : https://goo.gl/RfF7ft

    Early bird pricing is available until 10th March. Additionally our members get a special discount of $25 on non-member pricing by using coupon code 'ISACAPARTNER'.

    Please feel free to reach out to Sakthi (contact information below) if you have any questions. 
    -- 
    Sakthiswaran Rangaraju, CIA, CISA, CISSP
    ISACA - Silicon Valley
    Marketing & Communications Director
    https://www.linkedin.com/in/isacasv

    https://twitter.com/isacasv
    --

    The ISC2 East Bay Chapter is Hosting an Event this Friday:


    MARCH 9, 2018 – CYBERSECURITY IN THE GOVERNMENT SECTOR CONFERENCE
    Details available at: https://isc2-eastbay-chapter.org
    --

    RSA Conference 2018 takes place April 16 to 20 in San Francisco:

    https://www.rsaconference.com/events/us18

    --

    *************************

    13 February 2018 Chapter Newsletter and Meeting Announcement

    *************************

    Greetings fellow information security professionals,

    This month we are excited to announce a successful migration from our legacy hosting provider to the Google g-suite: now used for all chapter hosting, web, email, storage, & calendaring, the one exception to this suite is that mailchimp will be used for our mailing lists due to limitations in the G-suite mass mail capabilities. This move greatly simplifies chapter operations and workflows for the extended board, and sets us in the direction of the CMMI level 3 goals I discussed at the last meeting. Next steps are to focus on surveying members so that we can take a data-driven approach to delivering content you want to see at future meetings and events - more to come on this in the near future. 

    For this months talk I am delighted to welcome colleague Aftab Mahmood to present on the evolution of threat modeling in agile SDL environments. While many of you may be familiar with threat modeling methodologies, there is no single industry accepted practice today. This talk seeks to explore a more complete and holistic methodology for use in rapidly moving agile environments that are becoming commonplace. I expect this talk will be both fun and controversial as we explore the evolving world of threat modeling together.

    To add some additional context I will kick off the talk in the ‘President's Corner’ by first giving an overview of threat modeling and risk assessments based on NIST 800-30 three tier organizational risk assessment - with a goal of to helping to tie the technology process into the business ecosystem (the board level view).

    We look forward to seeing you at the meeting next Tuesday, Feb 13th at Palo Alto Networks in Santa Clara!
     


    In the newsletter:

    •  Chapter meeting details for 13 February - Aftab Mahmood
    •  Local InfoSec & hacker social gatherings of note
    •  Other upcoming events
       

    February 13th meeting:

    The Evolution of Threat Modeling in the Agile Secure Development Lifecycle - Aftab Mahmood, Veritas Technologies, LLC.
     

    Abstract:

    Threat modeling is traditionally referred as a structured process to assess security risks associated with a system. The risk is assessed by analyzing the impact of a threat and likelihood of its occurrence.

    Microsoft recommends applying this approach during design phase of software product development so that security vulnerabilities can be identified and appropriate mitigations can be established.

    Through our Product Security Group (PSG) experience we learned that this approach may not work well during software product development. It is due to the fact that a software product generally evolves through many iterations of development cycles. Undefined software requirements and unstable software architecture make it extremely difficult to follow a traditional approach to drive a threat model.

    In this presentation we will discuss threat modeling process, its activities, their order, and a structure to document it, in the context of software product development lifecycle (SDL/SDLC).
     

    Bio:

    Aftab Mahmood is a security architect with Product Security Group at Veritas Technologies, LLC. He has over 20 years of experience in software product development. He enjoys developing security sensitive software components. His areas of interest include key management, certificate-based identity management and multiparty encryption. His is passionate about secure software development and evangelizing others for the adoption of secure development practices. He is GIAC certified Secure Java Programmer(GSSP-JAVA) and IEEE Certified Software Development Professional (CSDP). He acquired his education in software security from Stanford University and degree in Computer Science from Asian Institute of Technology.

    Before joining Veritas, Aftab was as a principal engineer at Citrix where he developed Zenprise mobile device management server; prior to that he was as a staff engineer at Serena software where he developed multi tenant business workflow engine; and at Zeiss Meditech, he developed data integration server for distributed ophthalmology instruments.
     


    Local InfoSec & hacker social gatherings of note:


    Other upcoming events of note:

    Cyber Security Summit: Silicon Valley - Tuesday Feb 13th, 2018:

    https://cybersummitusa.com/siliconvalley18/

     RSA Conference 2018 takes place April 16 to 20 in San Francisco:

    https://www.rsaconference.com/events/us18

    Thank you,

    -Forrest

    Forrest R. Foster
    President, (ISC)2 Silicon Valley Chapter

    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    *************************
    9 January 2018 Chapter Meeting
    *************************
    Happy New Year and Welcome to 2018!

    This month is focused on transitions to help carry the chapter forward into 2018 - with new meeting facilities and a new board of directors now firmly established, and we are delighted to feature this months speaker Rene Kolga, with a talk on “Positive vs. Negative Security Model - Taking a Fresh Look at Endpoint Protection”.

    We look forward to seeing you at the meeting next Tuesday, Jan 9th at Palo Alto Networks in Santa Clara.

    In the newsletter:
    - New chapter meeting site - locked in at Palo Alto Networks (PAN) in Santa Clara
    - Chapter meeting details for 09 January - Rene Kolga
    - Chapter election results - new board
    - Website / Logo / Hosting changes - coming Jan/Feb 2018
    - Member surveys coming
    - Local InfoSec & hacker social gatherings of note
    - Other upcoming events

    ***********
    New chapter meeting location
    ***********
    We have locked in the venue at Palo Alto Networks as our confirmed meeting site for the first half of 2018 (with an option for the whole year). Thank you to Peter Ngo and PAN for arranging these facilities on behalf of the chapter!

    Newcomers should note that parking and access to facilities is simple and easy, and everyone is expected to sign an NDA at the door to release the host of liability.

    ***********
    January 09 meeting
    ***********

    Positive vs. Negative Security Model - Taking a Fresh Look at Endpoint Protection - Rene Kolga

    In 2005 The Six Dumbest Ideas in Computer Security article Marcus Ranum stated that “sometime around 1992 the amount of Badness in the Internet began to vastly outweigh the amount of Goodness”. So why more than two and a half decades later are we still chasing the “badness” and applying the Negative Security model in the vast majority of the security products? Even a 7-year old malware easily passes through traditional antivirus products after a basic obfuscation using a crypter or a packer or multitude of other off-the-shelf tools available. So called Next Generation antivirus (NGAV) products have promised the “silver bullet” against malware in a form of machine learning (ML)/artificial intelligence (AI). However, overall effectiveness of protection increased only marginally. 
    To detect unknown malware, organizations need a new approach that doesn’t rely on malware signatures and learning from what past malware looks like and how it behaves. This Negative Security Model approach that detects “the bad” falls short because it can’t keep up with a practically infinite number of new malware samples. A Positive Security Model that focuses on understanding a finite set of legitimate system behavior offers more foolproof protection. When behavior isn’t following a normal path, the Positive Security Model assumes it’s “bad” and prevents it from executing, no matter what attack vector or method is being used.
    This talk provides an overview of Positive and Negative Security models, their pro's and con's as well as suggests a new approach to the Positive Security application for endpoint protection.

    Rene Kolga heads Product Management for North America at Nyotron. Prior to working at Nyotron, Rene was Head of Product at ThinAir. Rene also spent eight years at Symantec, where he led multiple enterprise security product lines in the areas of encryption and endpoint security as well as endpoint management, backup and business intelligence. Additionally, Rene led dozens of product teams at SolarCity, Citrix and Altiris. He has also built European Support and QA teams for a number of US-based companies. 
    Rene earned his Computer Science degree from Tallinn University of Technology. He also received an MBA from University of Utah. Rene holds an up-to-date CISSP certification since 2011.  

    When:
            09 January 2018
            (The second Tuesday of the month)
            Starting at 5:30 PM PT

    Itinerary:
            5:30 PM PT - Nosh and networking (Food theme: Mexican)
            6 PM PT - Chapter business and announcements with presentation(s) following
            Chapter board sync up afterwards

    Where:
            Palo Alto Networks
            Building 1, training room #6

            Address:
                    3000 Tannery Way
                    Santa Clara, CA 95054
                    Nearest cross street is Bowers Ave & Scott Blvd

            Note you will need to sign in and agree to their NDA at the physical
            security desk (in building 1).

            Parking: ISC2 members can park in the visitor parking, or parking
            structure P1 South.

    Location and meeting details can be found on our website:

    Note that chapter meetings are held on the second Tuesday of the month,
    announced at least a week prior via email and our web site.

    ***********
    Chapter election results
    ***********
    We thank Tim O’Brien, the previous board of directors, and all of the unofficial volunteers (you know who you are) for all of the hard work they’ve done to keep the chapter up and running to this point, we are grateful for your time and efforts!

    The election results are in, and we welcome our new board to carry us through the 2018 calendar year:

    President:
    -Forrest Foster
    Secretary:
    -Peter Ngo
    Treasury:
    -Anna Pasupathy (incumbent)
    Membership Chair:
    -Ravi Ramaanujan
    Communications:
    -Lan Jenson

    ***********
    Website, logo, and hosting changes
    ***********
    Due to requirements by ISC2 National we are obligated to update our logos to the new official standard, and due to the need for new hosting provider for our email and web, we have decided to migrate the website, email, and hosting to Google G-Suite. This transition will provide the chapter with new data management capabilities that will help streamline and simplify chapter operations - these changes will be tied into workflow changes for the chapter officer roles, with a goal of making each role operate using turkey processes and automation where possible. Stay tuned for more information at the January 9th meeting on this topic.

    ***********
    Member surveys coming
    ***********
    The goal of this chapter is to serve the community of members, as such we will be conducting surveys in the first half of 2018 to help ensure the chapter is on par with it’s members needs and expectations. Please bring your thoughts and ideas for the type of chapter events you would like to see in the future to the upcoming meetings, then watch for the surveys and please take the time to fill them out so that your voice (as a voting member) can be included.

    ***********
    Thanks to our chapter meeting sponsor
    ***********
    Unfortunately, we do not have a sponsor for this month's chapter
    meeting. If you know an organization or employer that would be
    interested and willing to sponsor, have them reach out to the chapter
    treasurer.

    Please note that all members are welcome (and encouraged) to help identify sponsors and speakers for the chapter on an ongoing basis.

    ***********
    Local InfoSec & hacker social gatherings of note
    ***********
    @Si1isec and www.si1isec.org
    First Thursday, 7 PM at The Firehouse brewpub, Sunnyvale

    Third Tuesday, Patriot House in SF

    HoodSec - @hoodsec and www.hoodsec.org
    last Thursday of every month at Radio Bar, Oakland

    ISACA Silicon Valley Chapter, meetings usually held mid-month, with education and training events throughout the year: http://www.isaca.org/chapters8/silicon-valley/Pages/default.aspx

    ***********
    Other upcoming events of note
    ***********
    RSA Conference 2018 takes place April 16 to 20 in San Francisco

    I am delighted to work with all of you in this role, and look forward to the year ahead!

    -Forrest

    Forrest R. Foster
    President, ISC2 Silicon Valley Chapter

    (ISC)2 Silicon Valley Chapter online presence and social media:
    Previous Meetings
    *************************
    12 December 2017 Chapter Meeting
    *************************
    Hello chapter members and fellow information security professionals,

    Welcome to National Critical Infrastructure Protection Month, at least
    by presidential proclamation. The end of the fiscal year for many, with
    the end of the year and the holidays adds opportunities for family and
    fun – and more stress for many of us.

    This month's meeting will be the first meeting at our new meeting
    location – the training center at Palo Alto Networks (PAN) in Santa
    Clara. Additionally, our meeting on 12 December is the final opportunity
    for 2018 chapter board member nominations, with the election of 2018
    board members following. Details on chapter members nominated, as well
    as our technical, educational topic for the meeting is detailed below.

    In the newsletter:
    - New Chapter meeting location & new attendance procedures
    - Chapter elections
    - Chapter meeting details for 12 December
    - Local InfoSec & hacker social gatherings of note
    - Other upcoming events
     
    ***********
    Chapter elections
    ***********
    The December 12 meeting completes our chapter's election process; with
    final nominations taken during chapter meeting, and then our election
    occurring. The chapter election will be conducted by the election
    committee, headed by the election committee chairperson Tim O'Brien.
    Those that are interested in running for or nominating a chapter member
    for a board position should review our chapter bylaws, and talk (or
    email) with a representative of the election committee.

    Currently the election committee has registered the nominations for the
    election of 2018 chapter board members listed as follows. Those
    candidates that submitted a blurb detailing their underground and wishes
    are also included.

    President
    -Forrest Foster
    Forrest Foster is a veteran cyber security risk and assurance
    professional with nearly 28 years' experience in the technology and
    telecommunications market sectors.  Forrest develops strategies to align
    organizational goals to people, process, and technology systems with a
    bias for action, and long history of demonstrated results.
    Forrest’s career spans nearly 3 decades working with global Fortune 500
    enterprises; he brings specialization in the area of IT systems risk and
    compliance management for large scale distributed heterogeneous networks
    and datacenters operating in a global cloud partner ecosystem.
    From an extracurricular perspective, Forrest is a guest lecturer and
    speaker for educational organizations and industry events including the
    McCombs School of Business at UT Austin, ISC2 Congress, ISC2 Chapter
    Leadership forums at RSA, and the Austin IT Symposium.  Forrest
    co-founded and led the ISC2 Austin Chapter as president from 2013 to
    2015, and has contributed to the CISSP education and exam tracks and
    CCSP exam and standards tracks as an item writer and developer for ISC2,
    and developer / contributor for the GTAG on cyber security for the IIA.
    Forrest currently leads the Governance, Risk, and Compliance function
    within the Product Security Group at Veritas Technologies, LLC – a
    privately held company, and is an active member of International
    Information Systems Security Certification Consortium (ISC2), the
    Information Systems Audit and Control Association (ISACA), and Institute
    of Internal Auditors (IIA), with active CISSP, CISA, and CNSS-I
    certifications.  Forrest lives in Cupertino with his wife and two sons,
    and enjoys spending time with family, cooking, and playing music in his
    free time.

    My ISC2 Silicon Valley Chapter Goals:

    My goals for the ISC2 Silicon Valley chapter are to ensure the chapter
    has the personnel, facilities, processes, and funding necessary to carry
    the chapter forward into the next phase of its lifecycle, so that it may
    optimally serve the needs of the member community to which it belongs.
    Immediate post-election goals would be to guarantee the chapter has
    secured a venue for the 2018 meetings, and that we have filled all open
    positions on the board – as these are top risks and concerns today.
    From there, we would perform bylaw and documentation reviews and a high
    level risk/gap assessment so that we have a prioritized list of
    actionable items to work off-of.  From there we set goals to ensure the
    chapter remains operationally sound through the handoff and transition
    to new leadership.

    Some items that I am aware of a need for immediate attention are:

    •      Meeting venue for 2018.
    •      Speakers/talks/panels for 2018.
    •      Fund raising / treasury enhancement events/opportunities /
    sponsorships.
    •      Website / portal hosting strategy (review/keep/change?).
    •      Adapting to changes related to governance and administration
    with ISC2 national chapter leadership in 2018.

    Qualifications for candidacy:

    What I bring to the chapter is the experience and knowledge of what it
    takes to build an ISC2 chapter from the ground up, an established
    relationship with ISC2 national and several regional chapters, and a
    wealth of knowledge gained during my long career working for technology
    and telecommunications companies in Silicon Valley.  My passions are
    governance and administration, and my management beliefs are strongly
    rooted in service-based leadership principles - where leadership focus
    is on serving the needs of the community and organization being
    supporting at any given time.  If elected chapter president I will
    strive to serve the ISC2 Silicon Valley chapter members in alignment
    with ISC2 national and global leadership, as well as our regional
    partner ecosystem.

    Thank you for your time and consideration.

    -Forrest R. Foster

    Treasurer
    The current treasurer, Anna has nominated herself for re-election.

    Secretary
    -Peter Ngo
    Peter Ngo currently leads Governance and Risk Management within
    Information Security at Palo Alto Networks.  His professional
    certification includes CISSP, CISM and CISA.  His professional
    experiences included stints with Hewlett Packard Inc., ABB, Warner Bros,
    Disney and Ernst & Young and spans across SE Asia (Vietnam, Cambodia and
    Laos), and US.

    Peter is an active member of ISC2 and ISACA Silicon Valley chapter since
    2016, and was assistant membership chairperson for ISACA Los Angeles in
    2013.  He was also an active member of ISACA Houston chapter from 2013-2016.

    -Aloke Bhandia
    (not submitted by press time)

    -Joe Park
    Fellows,
    I am Joe Park.  I am running for a secretary of ISC2 of Silicon Valley
    Chapter for the 2018.  I am running my cybersecurity company that
    programs endpoint encryption software.  I have been a member since July
    2017.  Over several months of participations, I have realized that
    greater challenges of our chapter face are two things: revenues and
    industry involvement including guest speakers.
    If I am elected I would like to solve these two problems.

    Here is what I will do:
    -Reach out to venture capital/startup community and sets up
    relationships in exchange of our views/advices on cybersecurity
    companies they evaluate/fund.
    -We invite them to our meetings to offer our advices, relationships and
    as potential customers.  In return, they will pay small contributions
    and dinners for our members. They would love to do this!
    -The goal is to solve the said problems and have our chapter known to
    other professional communities.  And I will do this if I am elected as a
    secretary.

    I know several of VCs and they have a skill gap in evaluation what's the
    right companies/investments for them.  We can help and grow ourselves as
    being the real premium ISC2 chapter.

    Communications
    -Lan Jenson
    Lan has been an active chapter member and volunteer for several years.
    Lan volunteered at conference booths and introduced two of the speakers
    to the chapter last year. As a chapter delegate, Lan attended ISC2’s
    Security Congress 2017, where she spoke with chapter leaders and ISC2
    leadership and built productive connections with them.

    Lan has experience building social media presence from scratch. For
    example, Lan’s twitter received Cisco’s Chief Security and Trust Officer
    John Stewart’s appreciation, and LinkedIn account received San Jose
    CIO’s appreciation.

    As the CEO of Adaptable Security (Ada for short), Lan is committed to
    spreading cybersecurity to government agencies, nonprofits and small and
    medium-sized businesses, as well as consumers through neighbor-speak.
    In the Communications role on the Chapter Board, Lan is committed to
    implementing the Board’s directives timely and contributing her
    communications, social media and project management skills for the best
    outcome.


    Membership chairperson
    -Wen -Pai Lu
    (not submitted by press time)

    -Aloke Bhandia
    (not submitted by press time)

    If there are omissions, corrections, or you wish to nominate someone –
    or even yourself – please email the election committee chairperson at
    president at isc2-siliconvalley-chapter.org before December 11, 2017.
    All chapter members are eligible for nomination and to vote, as long as
    they are in good standing with the chapter and (ISC)2. Further details
    on the election process, responsibilities for each board member, as well
    as the election committee can be found in our chapter bylaws:

    ***********
    Chapter meeting
    ***********

    This month we have Matthew Brazil to provide an overview of things to
    know about doing business in China, how Xi Jinping's ascent has changed
    business conditions for foreign companies, and how to mitigate rising
    business risk there.

    Title:
    ROI, China: Opportunity and Risk in the Era of Xi Jinping.

    Abstract:
    As China’s relations with the U.S., Japan, and other trading partners
    come under increasing political pressure, the risk for American firms in
    China is on the rise. Americans there feel “less welcomed,” according to
    the 2016 U.S. – China Business Council’s authoritative annual survey.
    Moreover, foreign investment appears to be cooling off as the Chinese
    economy permanently shifts away from double-digit growth.
    Meanwhile, stricter regulations and a seemingly desperate anti-spy
    campaign by Chinese security agencies may have led to detentions of
    foreigners, including the recent beating by PRC State Security agents of
    an American diplomat.
    Nonetheless, China remains a compelling international business priority.
    Though there is clearly heightened risk in China for American and other
    foreign business people, there are also clear steps that firms can take
    to mitigate risk on the ground and better understand official Chinese
    and American cyber collection priorities.

    Presenter:  Matthew Brazil, Ph.D.; Madeira Security Consulting

    Matthew Brazil, Ph.D. is a non-resident Fellow at The Jamestown
    Foundation. He worked in Asia for over 20 years as an Army officer,
    American diplomat, and corporate security manager. Matt runs Madeira
    Security Consulting, in San Jose, California, specializing in advice to
    Silicon Valley companies doing business in China. With Peter Mattis, he
    is the co-author of a work on Chinese intelligence operations to be
    published in 2018-19 by The Naval Institute Press.
    *************************
    14 November 2017 Chapter Meeting
    *************************
    Hello chapter members and fellow information security professionals,

    Welcome to NoSHAVEmber (AKA NoShaveNovember, or Movember) – though the better 
    half in our life would prefer that we males do not participate in such 
    line with the holidays rather than the coworker that came to mind.
    shenanigans. It is also adopt a turkey month – but that is more in
    on 14 November we will continue nominations for 2018 chapter officers; as well 
    This is another important month for the chapter. At our chapter meeting 
    as have another intriguing topic for your enjoyment.

    - Silicon Valley ISACA announces their Fall 2017 Conference

    In the newsletter:
    - Results of Special Board meeting
    - Chapter elections
    - Chapter meeting details for 14 November
    Due to the resignation of our Membership chair, we conducted a special meeting 
    - Local InfoSec & hacker social gatherings of note
    - Other upcoming events

    ***********
    Results of Special Board meeting
    ***********
    will be fulfilling the Membership chairperson role for the completion of 2017. 
    of the board to elect a replacement after our October chapter meeting. In this 
    meeting, the board voted to accept the nomination of Forrest Foster. Forrest 
    Thank you Forrest for your assistance, and to the Board for their time and 
    With his background and experience as a member of (ISC)2 (including founding 
    president for the Austin (ISC)2 chapter); Forrest should be a great addition 
    to the board and to our chapter.
    assistance in working a resolution.
    with the President's suggestion: since the current president (Tim O'Brien) is 
    Additionally, our the board discussed the resignation of Tim Tiegarden as the 
    election committee chairperson due to work obligations in early December; 
    preventing him from facilitating the chapter elections. The board concurred 
    Chapter elections
    terming out and not running for a different position on the board, it would 
    be appropriate (and inline with our bylaws) for Tim O'Brien to chair the 
    election committee. Thanks to Tim O'Brien for his assistance in the election 
    process, and facilitating the chapter's path into 2018.

    ***********
    the chapter is by participating in the election – and by running for one of 
    ***********
    Here is your opportunity: Reluctant to attend meetings for some reason? Would 
    like to see the chapter be better? Are you in good standing with (ISC)2 and 
    the chapter; and have an (ISC)2 certification? Your chance to help influence 
    our board positions.

    Election committee, headed by the election committee chairperson Tim O'Brien, assisted 
    The November meeting continues our chapter's election process; with nominations 
    taken during chapter meeting, and our election occurring the December chapter 
    annual meeting. The chapter election will be conducted by the election 
    by committee members Lan Jenson and Joe Park.
    are in good standing with the chapter and (ISC)2. Further details on the 
    Those that are interested in running for or nominating a chapter member for 
    a board position should review our chapter bylaws, and talk (or email) with a 
    representative of the election committee.

    All chapter members are eligible for nomination and to vote, as long as they 
    election process, responsibilities for each board member, as well
    as the election committee can be found in our chapter bylaws:

    All positions on the chapter board are up for nominations. There are board 
    members that are looking to move on (or have termed out), providing an 
    efforts of the chapter they feel need improvement. Everyone of the board 
    opportunity for chapter members (you, the reader) to focus on areas and 
    getting worthwhile leadership and local chapter experience. The board strongly 
    positions are key for the success of the chapter – and you the chapter member 
    Currently the election committee has registered the nominations for the 
    urges you to step up and participate – step up and help lead your fellow 
    information security professionals into 2018.

    Secretary
    election of 2018 chapter board members as:
    President
    Forrest Foster
    Treasurer
    The current treasurer, Anna has nominated herself for re-election.
    Peter Ngo
    or even yourself – please email the election committee chairperson at
    Communications
    Bill Casti
    Membership chairperson
    Wen -Pai Lu
    If there are omissions, corrections, or you wish to nominate someone –
    This month we have Bam Azizi to discuss the Zero Trust model and how 
    president at isc2-siliconvalley-chapter.org before November 20, 2017.

    ***********
    Chapter meeting
    ***********

    authentication is a key piece to this model.

    Title:
    happening. 15% of companies globally stated that sensitive data was probably 
    Future of authentication with Zero Trust model

    Abstract:
    Despite the massive investments poured into cybersecurity, data breaches keep 
    down to this: The old paradigm of cybersecurity— focused on protecting the 
    breached in 2016, and that’s probably an underestimate. There are many causes 
    for the surge in data breaches, but many common cybersecurity problems come 
    of cybersecurity rest upon the old adage “trust but verify,” the Zero Trust 
    perimeter of a network — just doesn’t work well in a modern computing 
    environment. We need a new framework, the Zero Trust model. While older forms 
    model can be better defined as “never trust and always verify.” Forrester 
    included. Therefore, the default should be to provide users with access that is 
    Research first coined the term “Zero Trust.” The basic idea behind the paradigm 
    is that no one should be automatically trusted with sensitive data, end users 
    as limited as possible. Internal activity needs to be monitored carefully and 
    users must authenticate themselves multiple times when necessary.
    with 12% clicking on malicious attachments. Only 3% of targets will report the 
    Zero Trust acknowledges the reality of today’s networking environment. The 
    uncomfortable truth is that many data breaches are caused by internal users’ 
    actions, whether accidental or deliberate. Verizon’s 2016 Data Breach 
    Investigations Report found that 30% of all users will open phishing emails, 
    phishing incident to upper management.
    To improve your cyber safety and begin the process of implementing Zero Trust, 
    The Zero Trust model is recommended by a report issued by the U.S. House of 
    Representatives Committee on Oversight and Government Reform. By implementing 
    a Zero Trust network, organizations can accommodate new technology trends such 
    as BYOD and the cloud without providing open access to sensitive data.
    start by taking these three steps:
    that the end user really is the same person who has access to corporate data 
    Rethink your reliance on passwords and two-factor authentication. As long as 
    passwords remain your primary method of authentication, you are reliant on 
    users to secure company data—a dubious proposition. Consider no password 
    authenticators that doesn’t rely on manual entry of credentials.
    Next, implement continuous authentication. This is the only method to ensure 
    users who receive access to sensitive data are those who must receive access.
    and remains so throughout a user session. Although some methods of continuous 
    authentication can be ineffective or onerous for users, NoPassword leverages 
    AI technology to provide continuous and adaptive authentication of users.
    In conjunction with continuous authentication, adopt best practices for user 
    provisioning. Robust user provisioning practices will ensure that the only 

    Presenter: Bam Azizi, Co-Founder & CTO, NoPassword 
    software driven products. As a computer scientist with a deep knowledge and 
    Bam Azizi is the CTO and co-founder of NoPassword. Prior to joining NoPassword, 
    he was working on his PhD at Technical University of Munich, and Johns Hopkins 
    University. In several research projects, he has
    gained experience running research and development labs with over 30 
    researchers, scientists, and software developers.

    Bam has more than ten years of experience in designing and building complex 
    experience in cyber security, cryptography, and machine learning, Bam 
    replaces passwords with human factors like biometrics, which prevents 85% of 
    designed the architecture and backbone of a complex software driven system 
    that provides a highly available modern authentication service to enterprises 
    - NoPassword.

    Bam worked closely with his development team, partners and customers to build 
    the next generation of Identity and Access Management solution. Bam and his 
    team continue to work on the biggest challenge in cyber security industry 
    which is replacing traditional password-based authentication. NoPassword, 
    today’s cyber-attacks.
    ***********
    Thanks to our chapter meeting sponsor
    ***********
    Unfortunately, we do not have a sponsor for this month's chapter meeting. If 
    you know an organization or employer that would be interested and willing to 
    Silicon Valley ISACA announces their Fall 2017 Conference
    sponsor, have them reach out to the chapter treasurer.

    ***********
    ***********
    2017 at the Biltmore Hotel, 2151 Laurelwood Rd, Santa Clara,CA 
    Silicon Valley ISACA announces their Fall 2017 Conference, November 2 & 3, 

    The Silicon Valley ISACA Fall conference will focus on internal audit's 
    role in reviewing security measures and controls to better understand and 
    critical role in cybersecurity. The threat from cyberattacks is significant, 
    increasing, and continuously evolving. Internal audit can play an ongoing 
    board responsible for mitigating legal and financial liabilities that 
    assess the organization's ability to manage relevant risks, and to identify 
    opportunities to strengthen overall security and incident recovery 
    capabilities. Internal audit has a duty to inform the audit committee and 
    acceptable level Cybersecurity auditing  Collaboration between security 
    enterprise cybersecurity and privacy controls are adequate and functioning 
    correctly. Topics covered will include Developing a cyber security strategy 
    and policy Identify, assess and mitigate cyber security risk to an 
    Sponsorship package is off the conference page 
    and internal audit Recognize external, internal and business partner threats 
    Align organization's cyber security program to Cybersecurity Framework

    Please join us in making this meeting of minds a success!
    Register to attend.  Sponsors are welcome.
    Please visit the website to learn more! 

    ***********

    Local InfoSec & hacker social gatherings of note
    ***********
    @Si1isec and www.si1isec.org
    First Thursday, 7 PM at The Firehouse brewpub, Sunnyvale

    Baysec - https://www.baysec.net/
    Third Tuesday, Patriot House in SF

    HoodSec - @hoodsec and www.hoodsec.org
    last Thursday of every month at Radio Bar, Oakland

    ***********
    Other upcoming events of note
    Hushcon West, Dec 8 – 9, 2017, Seattle, WA, USA
    ***********
    SANS SFO Winter 11/27-12/2
    SANS Cyber Defense Initiative 2017, Dec 12 – 19, 2017, Washington, DC US
    *************************
    10 October 2017 Chapter Meeting
    *************************
    Hello chapter members and fellow information security professionals,
    Welcome to October – and Cyber Security Awareness Month, the annual
    campaign to raise awareness about the importance of cybersecurity. Would
    love to hear what events and initiatives you are implementing in your
    organizations, and how the efforts are being received.
    This is a busy month for the chapter. Our chapter delegation just returned
    from the (ISC)2 Security Congress in Austin, where we were one of the
    larger contingents from a west coast chapter. We have a booth at
    SecureWorld Bay Area on Thursday, 5 October as well as our chapter meeting
    on 10 October where we kick off nominations for 2018 chapter officers as
    well as another intriguing topic.
    In the newsletter:
    - Results of Special Board meeting
    - Events of note: SecureWorld Bay Area on 5 October
    - Chapter booth at SecureWorld Bay Area
    - Chapter elections
    - Chapter meeting details
    - SAP National Cybersecurity awareness month events
    - Local InfoSec & hacker social gatherings of note
    - Other upcoming events
    ***********
    Results of Special Board meeting
    ***********
    Due to the resignation of our Membership chair, we conducted a special
    meeting of the board to elect a replacement on 12 September 2018, directly
    after our September chapter meeting. Unfortunately, the candidates that
    volunteered or were nominated all withdrew. Unless a chapter member is
    nominated (and voted on by the board), we will not a have a Membership
    chair for the rest of 2017 and those duties/responsibilities will not be
    covered.
    ***********
    Upcoming events of note: Bay Area SecureWorld Conference, October 5 -
    Santa Clara Convention Center
    ***********
    The organizers of Bay Area SecureWorld Conference have offered discount
    codes for their conference on October 5 at the Santa Clara Convention
    Center. For further details, and the discount codes check out the special
    invite page they established for chapter members: https://goo.gl/KE5Mxx
    ***********
    Chapter booth at Bay Area SecureWorld Conference, October 5
    ***********
    With our invite to Bay Area SecureWorld Conference, the organizers have
    offered a booth for the chapter at the event. Our communications
    chairperson Amir is organizing this effort, looking for at least six
    individuals to man the booth through the day. The conference fees would be
    waived, with the expectation for those chapter members who volunteered to
    help promote our chapter to attendees, taking part in the conference after
    their booth duty is complete.
    If you are interested in volunteering, contact the chapter communications
    chairperson (Amir): communications (at) isc2-siliconvalley-chapter.org
    ***********
    Chapter elections
    ***********
    Here is your opportunity: Reluctant to attend meetings for some reason?
    Would like to see the chapter be better? Are you in good standing with
    (ISC)2 and the chapter; and have an (ISC)2 certification? Your chance to
    help influence the chapter is by participating in the election – and by
    running for one of our board positions.
    The October meeting starts the chapter's election cycle; with nominations
    taken during the October & November chapter meetings, and elections
    occurring in the December chapter annual meeting. The chapter election
    will be conducted by the election committee, headed by the election
    committee chairperson Tim Tegarden, assisted by committee members Lan
    Jenson and Joe Park. Those that are interested in running for or
    nominating a chapter member for a board position should review our chapter
    bylaws, and talk with the election committee.
    All voting and board members must be in good standing with the chapter and
    (ISC)2. Further details on the election process, responsibilities for each
    board member as well as the election committee can be found in our chapter
    bylaws:
    There are chapter board members that are looking to move on, providing an
    opportunity for chapter members (you, the reader) to focus on areas and
    efforts of the chapter they feel need improvement. Currently the board has
    two open roles to be decided for 2018:
    President (due to term limits established in the chapter bylaws)
    Membership chairperson
    Though these two roles are open for 2018, all board positions can receive
    nominations – these are two roles that must be filled for the upcoming
    year. Every one of the board positions are key for the success of the
    chapter – and you the chapter member getting worthwhile leadership and
    local chapter experience. The board strongly urges you to step up and
    participate – step up and help lead your fellow information security
    professionals into 2018.
    ***********
    Chapter meeting
    ***********
    This month we have our friends from Venafil to discuss machine identities
    is useful in security monitoring.
    Abstract:
    There are two kinds of actors on every network—people and machines—and
    both need to be secured. People rely on user names and passwords, but
    machines don’t. They use keys and certificates for machine-to-machine
    communication and authentication. We spend billions each year securing
    user names and passwords, but almost nothing on protecting keys and
    certificates.  Cyber criminals take advantage of this. They use
    unprotected keys and certificates to eavesdrop on private communications,
    make phishing sites or malicious code look valid, and hide their nefarious
    activity in encrypted traffic—getting malware in and sensitive data out.
    In this session, we’ll discuss the different types of machines identities
    and where they proliferate in your network. You’ll see the role and
    lifecycle of machine identities, and where we’re falling short in
    protecting them.  We’ll then look at where there are current risks as well
    as where new risks are emerging. We’ll conclude with steps you can take
    immediately to get these risks under control.
    5 bullet points that describe what the attendee will learn from your session:
    - They’ll understand what comprises machine identities and how these
    relate to human identities in the digital world
    - They’ll know current risks that leverage unprotected machine identities,
    and real-world examples of business impacts
    - They’ll recognize where most organizations are falling short in
    protecting machine identities
    - They’ll get a roadmap on how to gain control of machine identities,
    detailing a 4-level process
    - They’ll be able to create a customized roadmap that considers the
    emerging risks to machine identities
    Presenter: Ted Heiman, Account Executive with Venafil
    Ted Heiman has over 25 years of experience in the field of cyber security.
    His career includes significant experience in secure networking and
    access control, as well as data protection and applied cryptography.  Best
    known for his role in the deployment of the Common Access Card (CAC) for
    the Department of Defense, Ted received a letter of recommendation for his
    role in the Gracie award-winning project. Ted also played a critical role
    in the deployment of the first online banking solution ever deployed in
    the US with Sumitomo Bank of California as well as successful deployment
    of the first ever supermarket banking project with Wells Fargo Bank and
    Safeway Supermarkets.
    ***********
    Itinerary
    ***********
    5:30 PM PT - Nosh and networking
    6 PM PT - Chapter business and announcements
    with presentation(s) following
    Chapter board sync up afterwards
    ***********
    Thanks to our chapter meeting sponsor
    ***********
    Thank you to Venafil for committing to the Custom participation level for
    the chapter. Venafil provides key management & certificate management
    solutions for the enterprise and their computing environments. For more
    information, check out their web site: https://www.venafi.com/about-us
    ***********
    SAP National Cyber Security awareness month events
    ***********
    In Oct 2017, SAP is inviting security practitioners to join half day
    events at multiple bay area locations to celebrate National Cybersecurity
    awareness month 2017. All events are free to attend. Register and be a
    part of NCSAM initiative by registering at the following URL:
    ***********
    Local InfoSec & hacker social gatherings of note
    ***********
    @Si1isec and Si1isec.org
    First Thursday, 7 PM at The Firehouse brewpub, Sunnyvale
    Third Tuesday, Patriot House in SF
    HoodSec - @hoodsec and hoodsec.org
    last Thursday of every month at Radio Bar, Oakland
    Pacificon swap meet - http://www.pacificon.org/
    Sunday, Oct. 22, 2017, 6:00 AM to 12:00 Noon
    San Ramon Marriott Hotel back parking lot
    ***********
    Other upcoming events of note
    ***********
    SecureWorld Bay Area 10/5
    PuppetConf San Fran 10/10-12
    SANS PHX 10/9-14
    SANS DecOps Summit DEN 10/10-17
    GrrCON Grand Rapids 10/26-27
    O'Reilley Security Conference NY 10/29-11/1
    SANS San Diego 10/30-11/4
    Community SANS Redwood City (Informatica) SEC573 10/12-17
    SANS SFO Winter 11/27-12/2
    Hushcon West, Dec 8 – 9, 2017, Seattle, WA, USA
    SANS Cyber Defense Initiative 2017, Dec 12 – 19, 2017, Washington, DC US
    Previous Meetings
    *************************
    12 September 2017 Chapter Meeting
    *************************
    Hello chapter members and fellow information security professionals,

    Welcome to September – where the children are back into school, the summer vacations have worn off. Of note, September is National Preparedness Month [https://en.wikipedia.org/wiki/National_Preparedness_Month] – how have you and your family – as well as your organization – prepared for physical disasters? Is your BC/DR plan up to date, and have you practiced it recently?
    Hopefully you have your preparations taken care for your Cyber Security Awareness Month activities within your organization in October. If not, why not?
    In the newsletter:
    - Chapter elections
    - Chapter meeting details
    - Events of note: SecureWorld Bay Area
    - Chapter booth at SecureWorld Bay Area
    - (ISC)² Chapter Leadership Meeting (CLM) Delegates
    ***********
    Chapter elections 
    ***********
    Here is your opportunity: Reluctant to attend meetings for some reason? Would like to see the chapter be better? Are you in good standing with (ISC)2 and the chapter; and have an (ISC)2 certification? Your chance to help influence the chapter is by participating in the election – and by running for one of our board positions.
    The October meeting starts the chapter's election cycle; with nominations taken during the October & November chapter meetings, and elections occurring in the December chapter annual meeting. The chapter election will be conducted by the election committee, headed by the election committee chairperson Tim Tegarden, assisted by committee members Lan Jenson and Joe Park. Those that are interested in running for or nominating a chapter member for a board position should review our chapter bylaws, and talk with the election committee.
    All voting and board members must be in good standing with the chapter and (ISC)2. Further details on the election process, responsibilities for each board member as well as the election committee can be found in our chapter bylaws:

    There are chapter board members that are looking to move on, providing an opportunity for chapter members (you, the reader) to focus on areas and efforts of the chapter they feel need improvement. Currently the board has two open roles to be decided for 2018:

                • President (due to term limits established in the chapter bylaws)
                • Membership chairperson
    Though these two roles are open for 2018, all board positions can receive nominations – these are two roles that must be filled for the upcoming year. Every one of the board positions are key for the success of the chapter – and you the chapter member getting a worthwhile local chapter experience. The board strongly urges you to step up and participate – step up and help lead your fellow information security professionals into 2018.
    ***********
    Chapter meeting 
    ***********
    This month we have our friends from JASK to discuss how Machine Learning is useful in security monitoring.
    Presentation: Behavioral Intrusion Detection at Scale: Case Studies in Machine Learning
    Abstract: 
    Intrusion detection at scale is one of the most challenging problems a modern enterprise will face while maintaining a global IT infrastructure. Building defensive systems that help automate some of the pain points, in this space, has been a goal since the early days of enterprise security. From an artificial intelligence standpoint, the problem of designing a model to predict adversarial behavior is part of a class of problems that is impossible to automate completely. At the core of the problem lies an underlying no-go principle: threat actors change tactics to evolve with the technological threat surface. This means that to build pattern recognition systems, for cyber defense, we have to design a solution that is capable of learning behaviors of the attackers and to programmatically evolve that learning over time.
    In our presentation we outline a solution to this problem using an elastic architecture to scale to the largest corporate datasets. We will deep dive on how we have used elastic architectures and machine learning to build models for detecting 0-day attacks as well as compromised perimeter assets. The first use case is important for current trends because we have seen the delivery of both ransomware and banking Trojans, targeting fortune 500 customers using exploit kits that easily get past IDS. The second use case we highlight is the detection of attacks against the DMZ using a meta graph modeling approach. This is important for the finding more stealthily and advanced actors that engage in long term attack campaigns. We will describe the way we have approached the mitigation of these two types of attacks, along with sharing some related open source data sets that capture these behaviors: https://github.com/jasklabs/blackhat2017
    Presenter: Joseph Zadeh, Director of Data Science at JASK
    Joseph Zadeh is the Director of Data Science at JASK. Zadeh has an M.S. in Mathematics, Computational Finance and a PhD in Mathematics from Purdue University. Zadeh comes to JASK as one of the foremost experts on AI and security operations. Prior to JASK, he served as Senior Data Scientist at Splunk through the aquisition of Caspida, where he developed behavior-based analytics for intrusion detection. He applied his mathematics background to artificial intelligence and cybersecurity, delivering presentations, such as Multi-Contextual Threat Detection via Machine Learning at Bsides Las Vegas, Defcon, Blackhat and RSA. Previously, Zadeh was part of the data science consulting team on Cyber Security analytics at Greenplum/Pivotal, as well as part of Kaiser Permanente’s first Cyber Security R&D team.
    ***********
    Thanks to our chapter meeting sponsor
    ***********
    Thank you to JASK for committing to the Custom participation level for the chapter. JASK is a startup in San Francisco producing the first AI powered security operations platform. For more information, check out their web site: https://jask.ai
    ***********
    Upcoming events of note: Bay Area SecureWorld Conference, October 5 - Santa Clara Convention Center
    ***********
    The organizers of Bay Area SecureWorld Conference have offered discount codes for their conference on October 5 at the Santa Clara Convention Center. For further details, and the discount codes check out the special invite page they established for chapter members: https://goo.gl/KE5Mxx
    ***********
    Chapter booth at Bay Area SecureWorld Conference, October 5
    ***********
    With our invite to Bay Area SecureWorld Conference, the organizers have offered a booth for the chapter at the event. Our communications chairperson Amir is organizing this effort, looking for at least six individuals to man the booth through the day. The conference fees would be waived, with the expectation for those chapter members who volunteered to help promote our chapter to attendees, taking part in the conference after their booth duty is complete.
    If you are interested in volunteering, contact the chapter communications chairperson (Amir): communications (at) isc2-siliconvalley-chapter.org
    ***********
    Chapter delegates to (ISC)² Chapter Leadership Meeting (CLM)
    ***********
    Joining our chapter president Tim O'Brien at the (ISC)² Chapter Leadership Meeting (CLM) in Austin, Texas will be delegates Lan Jenson and Rene Kolga. Thank you Lan and Rene for steeping up to represent your chapter. If you have issues or concerns at the national or international level that need attention during this gathering, please reach out to one of these individuals. 
    *************************
    08 August 2017 Chapter Meeting
    *************************
    Welcome to August – the local farmer's markets are overflowing with 
    bounty, and with it being Happiness Happens Month as well as National 
    Win with Civility Month. Two areas we could use a reminder of as of 
    late; considering the battlefield many of us have to work in daily. 
    And, do not forget your system administrators on 28 July for SysAdmin 
    Hopefully we all return from Vegas and “hacker summer camp” safe and 
    sound, as well as rejuvenated for the next year by what we have learned, 
    and quality time with friends old & new. 

    *********** 
    Abstract
    *********** 
    This month we have our friends from FireEye to discuss how we can 
    improve our tabletop exercises and use case scenarios. 

    Presentation: Cyber Security Use Case Workshop 
    Abstract: 
    Detection and prevention is critical, however the job doesn’t stop 
    there. Attack preparedness is key! During this workshop, Bruce will link 
    use-case scenarios with the anatomy of a targeted attack to demonstrate 
    the gaps often overlooked, ultimately saving your team valuable time and 
    resources. Additionally, he will dive into real-world examples of cyber 
    threat intelligence and how to apply it to all stages of attack 
    preparedness. 

    Presenter: Bruce Heard 
    Manager, Security Consulting Services 
    MANDIANT ROLE 
    Provide engagement leadership on a variety of security consulting 
    service offerings to our clients, including Security Program Assessments 
    and Response Readiness Assessments. 
    PROFESSIONAL EXPERIENCE 
    Prior to joining Mandiant, Mr. Heard had multiple roles with IBM and 
    Accenture working as a Global Security Architect, Cyber Security 
    Solutions Services Sales Black Belt, Security Manager, and Senior 
    Managing Security Consultant. The past five years, he has spent 
    developing multi-vendor cyber security solutions for clients involving 
    one or more cyber security domains and multi-vendor products, working 
    with cross-delivery teams to develop comprehensive client cyber security 
    solutions. In addition, he has provided cyber security consulting 
    services to clients including SOC, SIEM system architecture, design, 
    implementation, and system integration and troubleshooting to ensure 
    successful solution delivery. He has supported all phases of building a 
    Security Operations Center (SOC) and Security Information and Event 
    Management (SIEM) strategy, design, implementation, consulting 
    engagements, and governance processes. He has also worked for both 
    Electronic Data Systems (EDS) and Hewlett-Packard (HP), providing 
    network security architectural design, engineering and implementation 
    services for integrated SIEM and SOC security solutions for the 
    enterprise and operational business lines based on strategic business 
    goals.
    *********** 
    Itinerary 
    *********** 
    5:30 PM PT - Nosh and networking 
    6 PM PT - Chapter business and announcements 
    with presentation(s) following 
    Chapter board synch up afterwards
    *********** 
    Thanks to our chapter meeting sponsor 
    *********** 
    Thank you to FireEye for committing to the Supporting (Level 1) 
    participation level for the chapter. FireEye is an enterprise 
    cybersecurity company[1] that provides products and services to protect 
    against advanced cyber threats, such as advanced persistent threats and 
    spear phishing. For more information, check out their web site: 

    *********** 
    LinkedIn presence 
    *********** 
    Some chapter members asked if the chapter can have a LinkedIn presence. 
    The board has similar privacy concerns to many board members about using 
    the web site; more so now that Microsoft owns the site and with the 
    latest privacy policy changes. Though, for those of you that would like 
    to help promote the chapter and partake of communications with fellow 
    chapter members we have a Group set up for chapter members. 
    Additionally, for those who have had leadership roles in the chapter we 
    set up a profile so that when adding your leadership experience it can 
    be linked back to the chapter. 

    If you have any questions, please reach out to the communications 
    chairperson or chapter president. 

    *********** 
    Upcoming events of note 
    *********** 
    (ISC)² Chapter Leadership Meeting (CLM) 
    The (ISC)² Chapter Leadership Meeting (CLM) in Austin, Texas during the 
    seventh annual (ISC)² Security Congress on Saturday, September 23 from 
    1pm-5pm. It’s a great opportunity to meet face-to-face with (ISC)² 
    chapter leaders and (ISC)² staff to share ideas, experiences and 
    resources while building relationships during the meeting and throughout 
    the week! 
    With every CLM, (ISC)² provides company and chapter program updates, and 
    offers you the opportunity to present to other leaders about on your 
    chapter’s accomplishments and even challenges. The meeting is designed 
    to give you the opportunity to share and learn from others. 

    The tentative meeting agenda for this meeting includes: 
    Welcome & Overview 
    Roundtable Introductions 
    (ISC)² Announcement and Updates 
    Chapter Presentations 
    Open Discussion 
    Chapter officers and/or delegates (appointed chapter members) are 
    invited to attend, and will earn CPEs for participating. If you would 
    like to join the Board members that will be attending, please reach out 
    to a Board member to become a delegate. 

    We look forward to seeing you at the meeting.
    *************************
    11 July 2017 Chapter Meeting
    *************************
    Hello chapter members,
    Welcome to July, and National Cell Phone Courtesy Month. Hope you all
    have your travel plans taken care of for “hacker summer camp” and Vegas
    at the end of the month – the lineup for talks at Black Hat, DEFCON,
    BSidesVegas, and Tiaracon are looking interesting and thought provoking
    as they tend to do.
    ***********
    Chapter meeting
    ***********
    This month we have a special treat from AppSec Consulting – a panel
    conversation with some special guests, as well as a presentation.
    Presentation 1 – European Data Privacy Laws; the Crossroads of Security
    and Privacy
    Abstract:  Do you sometimes feel overwhelmed by the scope of information
    security and wondered if it’s even possible to be responsible for more
    things? Well friends, the answer is yes it’s possible, because European
    Privacy requirements are getting some BIG updates. The changes bring
    some good news, bad news, and plenty of gray areas to get lost in. So
    grab some Tums and come on out to this month’s ISC2 meeting where Ryan
    Hogan from AppSec Consulting will try to break it down for you.  If
    nothing else you can share the information to line up a bunch of “I told
    you so’s”, or maybe get real lucky and leverage it to get a budget for
    the things that you need to do to get ready for EU Privacy requirements.
    Presenter: Ryan Hogan, Director of Strategic Advisory Services, AppSec
    Consulting.
    Presentation 2 – Panel Discussion – Service Organization Controls (SOC)
    and why InfoSec Should Care
    Abstract: The AICPA recently introduced a new audit standard (SSAE18)
    for SOC Reports. These improvements were implemented to strengthen
    reporting on service providers and subservices (for outsourced
    providers), require data validation of external reporting to ensure
    independent analysis of content, and to require a detailed risk
    assessment for the service organization. The panel will also discuss the
    value of SOC 2 reports from the perspective of auditors, information
    security professionals and service organizations. We invite you to bring
    that laundry list of questions you have about SOC reports.
    Moderator:     Brian Bertacini, CEO, AppSec Consulting
    Panelists:     
    Doug Barbin, Principal, Shellman LLP
    Ryan Hogan, Director of Strategic Advisory Services, AppSec Consulting
    Nathaniel S. Hartman, Corporate Risk Assurance / Internal Audit,
    Symantec Corporation
    Alexander Anoufriev, Chief Information Security Officer, Thousand Eyes
    ***********
    Itinerary
    ***********
    5:30 PM PT - Nosh and networking
    6 PM PT - Chapter business and announcements
    with presentation(s) following
    Chapter board synch up afterwards
    ***********
    Thanks to our chapter meeting sponsor
    ***********
    Thank you to AppSec Consulting for committing to the Supporting (Level
    1) participation level for the chapter. AppSec Consulting provides
    world-class web application security services, penetration testing, PCI
    compliance services, and web application security training. For more
    information, check out their web site: https://www.appsecconsulting.com/
    *************************
    13 June 2017 Chapter Meeting
    *************************
    Hello chapter members,
    June – the start of summer, Ramadan, hurricane season, and graduations. I
    hope you are progressing in your summer travel and for your security
    conference plans. This month's meeting has a really interesting technical
    topic that ties to the topic of the last few meetings.
    ***********
    Chapter meeting
    ***********
    This month we welcome Katie Murphy, Security Operations Engineer at Credit
    Karma who will be talking about using DMARC, SPF, and DKIM to protecting
    your companies reputation and email.
    Abstract: Spoof-Proof with DMARC
    Bring your mail security into 2017 and protect your brand with DMARC.
    Review how the foundational technologies SPF and DKIM work, why DMARC is
    necessary, and how it's part of a balanced breakfast to stop business
    email compromise. Discover shadow IT, create custom threat intel feeds
    from would-be spoofers, and gain control over how mail from your domain is
    handled. Bonus content on the bleeding-edge ARC available for audiences
    that move quickly.
    ***********
    Thanks to our chapter meeting sponsor
    ***********
    Unfortunately, we do not have a sponsor for this month's chapter meeting.
    If your employer would be willing to sponsor, have them reach out.
    ***********
    LinkedIn presence
    ***********
    Some chapter members asked if the chapter can have a LinkedIn presence.
    The board has similar privacy concerns to many board members about using
    the web site; more so now that Microsoft owns the site and with the latest
    privacy policy changes. Though, for those of you that would like to help
    promote the chapter and partake of communications with fellow chapter
    members we have a Group set up for chapter members. Additionally, for
    those who have had leadership roles in the chapter we set up a profile so
    that when adding your leadership experience it can be linked back to the
    chapter.
    If you have any questions, please reach out to the communications
    chairperson or chapter president.
    Previous Meetings
    *************************
    9 May 2017 Chapter Meeting
    *************************
    Hello chapter members,

    May the forth be with you, fellow chapter members. This month's meeting
    has a distinguished member of the community lined up.

    award-winning Farsight Security who will be talking about using DNS as a
    This month we welcome Dr. Paul Vixie, the Chairman, CEO and cofounder of
    defense vector.

    Abstract: DNS As a Defense Vector

    watching what bad guys do with their DNS configurations and offering
    DNS enables everything else on the Internet -- both good and bad. By
    them differentiated (that is to say, poor) service, defenders can
    DNSSEC and TSIG (Secure DNS and Transaction Signatures) are and why you
    re-level the playing field in our favor. In this presentation, Internet
    pioneer Dr. Paul Vixie, CEO of Farsight Security, will explain what
    advance cyberinvestigations by hunt teams and other security professionals.
    might want them, explain what RRL and RPZ (Response Rate Limiting and
    Response Policy Zones) do and why you absolutely do want them, and the
    importance of passive DNS monitoring and how it can significantly

    DNS. Dr. Vixie is a prolific author of open source Internet software
    Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman,
    CEO and cofounder of award-winning Farsight Security, Inc. He was
    inducted into the Internet Hall of Fame in 2014 for his work related to
    (ISC, 1994), and the first neutral and commercial Internet exchange
    including BIND, and of many Internet standards documents concerning DNS
    and DNSSEC. In addition, he founded the first anti-spam company (MAPS,
    1996), the first non-profit Internet infrastructure software company
    to DNS and DNSSEC in 2010.
    (PAIX, 1991). He earned his Ph.D. from Keio University for work related
    ***********
    Thanks to our chapter meeting sponsor
    ***********
    Unfortunately, we do not have a sponsor for this month's chapter
    meeting. If your employer would be willing to sponsor, have them reach out.
    *************************
    11 April 2017 chapter meeting 
    *************************
    Hello chapter members,

    Spring is here – birds are singing, flowers are in bloom, the first Electronics Flea Market (EFM) provided us some interesting finds for our projects, and those of us with allergies are loving life. Another interesting topic and great presenter lined up for this month's meeting.  
    This month we welcome Jason Truppi, the Director of Endpoint Detection and Response at Tanium who will be talking about his insights being an FBI agent and now working in a startup. 
    Abstract:
    I will be sharing illusions and realities that I have observed as a veteran FBI agent, who has worked hundreds of cyber incidents, and what I see today having assimilated into the innovative world of Silicon Valley tech. We all know that cybersecurity threats are evolving faster than the world can consume them and that requires passionate and dedicated people to help advance us forward and protect our assets. The reality is government alone cannot move at the pace that is needed to protect their constituents. Often there is a disconnect from what government perceives as a problem versus what private industry categorizes as a risk. Government and technology companies must work together to solve the breach pandemic we have today. I will be highlighting how enterprises are truly preparing their security teams, what valuable metrics they are capturing, what tools are most useful, and what government best practices and standards have been the most sticky. I will be covering the realities of applying threat intelligence, big data analytics and artificial intelligence at scale. Then we will take a step forward and think about what new security problems might be awaiting us in the near future. My goal is to expose the facts of what organizations are actually experiencing, which should help government focus their efforts in the areas that will be most effective at combating the threats that face us daily.
    Jason Truppi is a career technologist turned FBI agent and now tech entrepreneur. Jason has many years of experience working in information systems and security. More recently, Jason was an FBI Cyber Agent in New York City where he worked some of the Nation's largest national security and criminal cyber intrusions. He was later promoted as Supervisory Special Agent in Washington D.C. where he was responsible for major data breaches, hactivism and cyber extortion cases across the country. As a Director at Tanium and CSIS Fellow, Jason is helping to advance the security industry to enable corporate network defenders on an even larger scale. He is applying his skills and experience in incident response, investigations, penetration testing, analysis and threat intelligence to help solve the cyber crime epidemic that we face today.
    Twitter: @NotTruppi
    Itinerary: 
    Nosh and networking
    Chapter business and announcements
    Presentation
    Chapter board synch up afterwards
    *************************
    14 March, 2017 Chapter Meeting
    *************************
    Itinerary:
    Nosh and networking
    Chapter business and announcements
    Presentation
    Chapter board synch up afterwards
    ***********
    This month we welcome Karthik Venna, Product Manager from BitGlass who will be presenting on “Protecting Cloud Apps From Malware”.
    Abstract:
    Cloud applications have garnered widespread adoption from enterprises in part due to their advantages such as ease of deployment, lower TCO, and high scalability. These apps are also popular because end-users can rely on them to work and collaborate from anywhere and on any device. The industry question becomes whether or not enterprises should trust cloud app providers to protect their data from malware or ransomware. Currently, there are only a handful of enterprise cloud apps that can provide these solutions natively, but in almost all cases, they have no zero-day protection.
    In this session we will discuss malware protection solutions that are offered by various cloud app providers, how malware can make its way into cloud apps, and how CASBs can help protect enterprise cloud apps from malware attacks.
    ***********
    Thank you to Bitglass [www.bitglass.com] for being a supporting sponsor. We appreciate your efforts to improve the information security community in the silicon valley and Bay area.
    ***********
    Other upcoming events
    ***********
    Spring is here – and that means the start of the Electronics Flea Market (EFM). This coming Saturday morning (the weekend before our chapter meeting), fellow hackers, makers, ham radio enthusiasts, and the like with be converging at DeAnza College on the hunt for (or selling their) items you have been looking for – or never realised you absolutely had to have. Many chapter members attend this event, both for the bargain hunting and the social aspects.
    Held the second Saturday of the Month, March through September. 0500 AM -1200 PM
    January 10, 2016
    We hope everyone had a merry Christmas, relaxing and full of family. Looking forward to seeing everyone again for our January meeting on the 10th – with our special guest speaker. 
    Itinerary:
    Nosh and networking
    Chapter business and announcements:
       - Chapter elections results
       - January meeting details
       - February meeting canceled due to RSA Conference and Valentine's Day 
    Presentation
    **********
    Chapter Elections
    **********
    Thank you Tim Tegarden and the rest of the election committee for your assistance conducting the chapter annual meeting and elections; and welcome our new board members. The board members for 2017 are: 
    President: Tim O'Brien
    Secretary: Wen-Pai Lu
    Communications: Amir Jabri
    Treasurer: Anna Pasupathy
    Membership: Bill Burke
    Thank you Stephen McCallum and Ravi Ramaanujan for your efforts on the board. 
    ***********
    January chapter meeting: Stalking the Wily Hacker, 30 years later.
    ***********
    This month we are excited to have Clifford Stoll, the author of The Cuckoo's Egg and Silicon Snake Oias our guest speaker. 
    Abstract: Stalking the Wily Hacker, 30 years later.
    Cliff will be sharing with us his insights, looking back to his experiences and forward to what we face. From geolocation of 4th generation cellphones and how corporations & gov't are beginning to monitor public social media to watch for trouble, the more things change the threats we face stay the same.

    Clifford Stoll gained worldwide attention as a cyberspace sleuth when he wrote his bestselling book, The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, the page-turning true story of how he caught a ring of hackers who stole secrets from military computer systems and sold them to the KGB. He has become a leading authority on computer security. His lecture presentations are energetic and entertaining, and showcase Clifford’s dry wit and penetrating views. Clifford Stoll is a commentator for MSNBC and an astronomer at the University of California Berkeley. 
    The Cuckoo’s Egg inspired a whole category of books on capturing computer criminals. He began by investigating a 75-cent error in time billing for the university computer lab for which he was systems manager and ended up uncovering a ring of industrial espionage. Working for a year without support from his employers or the government, he eventually tracked the lead to a German spy hacking into American computer networks involved with national security and selling the secrets to the KGB for money and cocaine. 
    Since catching the "Hanover Hacker" (Hanover, West Germany), Stoll has become a leading expert on computer security and has given talks for both the CIA and the National Security Agency, as well as the U.S. Senate. 
    Stoll is also the author of two engaging and counter-intuitive critiques of technology’s role in culture written in his trademark quiet and folksy style full of droll wit and penetrating insights. In Silicon Snake Oil: Second Thoughts on the Information Highway, Stoll, who has been netsurfing for fifteen years, does an about-face, warning that the promises of the Internet have been oversold and that we will pay a high price for its effects on real human interaction. High Tech Heretic: Why Computers Don’t Belong in the Classroom and Other Reflections by a Computer Contrarian asks readers to check the assumptions that dominate our thinking about technology and the role of computers, especially in our classrooms. As one who loves computers as much as he disdains them, he admits to being deeply ambivalent about computers, and questions the role of networks in our culture. 
    Cliff's klein bottle web site: http://www.kleinbottle.com/ 
     
    ***********
    Thanks to our chapter meeting sponsor
    ***********
    Unfortunately, we do not have a sponsor for this month's chapter meeting. If your employer would be willing to sponsor, have them reach out. 

    Notes:
    ***********
    February chapter meeting canceled
    ***********
    Due to the RSA Conference as well as Valentines Day being February 14th, the board voted to cancel the chapter meeting for February. Hope everyone enjoys their RSA Conference experience. The next planned chapter meeting will be March 14, 2017. 
    December 13th , 2016 
    Emerging Trends in Cyber Security and Risk Management
    This month we have Dr. Srinivas Mukkamala, the Co-Founder and CEO of RiskSense, Inc. talking about the Emerging Trends in Cyber Security and Risk Management; as well as RiskSense being the chapter sponsor for the month of December.
    Abstract:
    According to Gartner, organizations will spend approximately $92 billion on IT Security in 2016. Despite these investments, new data breaches are disclosed almost on a daily basis.  Keeping abreast of emerging trends in cyber security is essential for securing the expanding attack surface of enterprises and aligning information security plans with business risks. Unfortunately, facing on average hundreds of thousands of vulnerabilities across thousands of machines, puts those security practitioners assigned to identify and remediate these security gaps at an immediate disadvantage. Lengthy dwell times and asynchronous iterations are the result, limiting the effectiveness of any cyber security program. In this ISC2 seminar, renowned cyber security expert Dr. Srinivas Mukkamala will discuss emerging trends in network security, including big data in security, threat and business intelligence as factors to determine cyber risk exposure, and the role of human-interactive machine learning in orchestrating remediation actions.
    Who:
    Dr. Srinivas Mukkamala is co-founder and CEO of RiskSense. He has been researching and developing security technologies for over 15 years, working on malware analytics (focuses on medical control systems and non-traditional computing devices), breach exposure management, Web application security, and enterprise risk reduction. Mukkamala was one of the lead researchers for Computational Analysis of Cyber Terrorism against the U.S. (CACTUS). He has been published in over 120 peer-reviewed publications in the areas of information assurance, malware analytics, digital forensics, data mining, and bio-informatics. He has a patent on Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing. Mukkamala received his Bachelor of Engineering in Computer Science and Engineering from the University of Madras, before obtaining his Master of Science and Ph.D. in Computer Science from New Mexico Tech.
    November 8th , 2016 
    NOTE:
    November chapter meeting - CANCELED

    Since the date of the chapter meeting for November falls on election day,
    the Silicon Valley chapter board members have decided to cancel the
    meeting for November. Please remember to vote in our country's elections,
    and nominate someone for the chapter's elections in December.
    October 11th , 2016 
    Bryan Lee from Palo Alto Networks provides insight on the Sofacy group, aka APT28, Fancy Bear, Pawn Storm, etc.
    Abstract:
    Earlier this June, we published a blog documenting an obscure DLL
    sideloading technique in use by a well-known state sponsored group, the
    Sofacy group, aka APT28, Fancy Bear, Pawn Storm, etc. We will take an
    in-depth look at the analysis Unit 42 performed on that attack, as well as
    a freshly discovered attack exhibiting not only ties to the attack in
    June, but also an evolution of tactics in what may seem like a cat and
    mouse game.

    Bryan Lee is a Threat Intelligence Researcher with Unit 42 at Palo Alto
    Networks. His areas of expertise are in cyber espionage threats, cyber
    security operations, and threat collection. Prior to joining Unit 42 at
    Palo Alto Networks, Bryan worked at the NASA Security Operations Center,
    first as a real time detection analyst, transitioning into the threat
    intelligence team at the NASA SOC, and ultimately moving into leading the
    real time detection team. Bryan’s diverse set of experiences provides a
    unique perspective on the viability of people, processes and technology
    from both an operational and theoretical capacity.
    September 20th , 2016 - Social Event
    6 PM
    Harry's Hofbrau
    3900 Saratoga Avenue
    San Jose, CA 95129
    August 9th , 2016:
    Topic: Ransomware, RATs & other Big Trends in Cybersecurity
     Summary: Advanced threats are changing so often it is getting harder and harder to keep up! In addition to new attacks, hackers are reinventing older ones, making it even more difficult to detect. We will discuss at a high-level some of biggest cybersecurity threats happening right now, including:
    The Resurgence of Ransomware - Locky and other new cryptolockers;
    Malvertising, oh My! - No website is safe from unknowingly spreading malware to visitors
    I have RATs - How to defend against Remote Access Trojans stealing your data
    BIO:
    Nick Bilogorskiy is a founding team member at Cyphort, a next-generation anti-malware startup, and is currently leading threat operations there. He came to Cyphort from Facebook where he was the chief malware expert and a security spokesperson for the company, keeping 1 billion active users safe and secure. Nick is skilled in reverse engineering, analysis, writing patterns and tracking malware, frequently quoted in the media. He recently presented on IOT security at SKBI-BFI conference. He holds a Bachelor of Science degree in computing science and philosophy from Simon Fraser University in Vancouver, Canada, and a GIAC Reverse Engineering Malware (GREM) certification. He holds several patents in computer security.
    July 12 , 2016:
    Hope the start of your summer has gone well, and you're planning for the annual migration to Vegas for “hacker summer camp” (Bsides Vegas, Black Hat & DEFCON) is also going well. Look forward to seeing you all in Vegas, as well as our upcoming meeting. This month we have Ryan Russell from Phantom providing us insight on their security automation and orchestration platform; as well as Phantom being the chapter sponsor for July.
    Title: Phantom
    This presentation will introduce the Phantom security automation and orchestration platform, and tell attendees how to get a copy of the free community edition to try out themselves. Ryan will introduce the product itself, including the general problems it's trying to address (enhancing incident responders), basic product UI, and some of the Phantom jargon. The remainder of the presentation will cover use-cases for incident response and forensic investigation. Technology integrations demonstrated will include Splunk, VirusTotal, Shodan, VMware, Volatility, DomainTools, and others. Finally, we will touch on writing code for Phantom in the form of Playbooks and Apps, and then take questions.
    Who:
    Ryan Russell has worked in the information security field for over 20 years, alternating between the product development and operations teams. He is currently the Director of Technical Operations for Phantom, where he runs the lab with all the products that Phantom talks to. Just prior to Phantom, he was internal incident response for FireEye and ran their public security bug reporting presence. He is also sometimes known for being the lead author and series editor for the Stealing the Network book series from Syngress.
    Phantom, an award-winning company, automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger, Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit: www.phantom.us.
    June 14, 2016:
    Title: "Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergency Response"
    Abstract:

    Effectively responding to modern disasters and humanitarian emergencies
    requires a substantial amount of connectivity. Whether for cloud, social
    media, GIS, or other critical access, emergency managers increasingly
    rely upon Internet access as a key service alongside traditional
    emergency and humanitarian response, such as search and rescue and
    medical support.

    "Hastily Formed Networks" are the networks that are created in the
    immediate aftermath of a disaster. While they perform vital services,
    most HFN deployments are significantly lacking in security management
    and oversight. This talk will discuss HFNs, and the evolution of
    security on these networks using examples from Hurricane Katrina to last
    year’s Ebola crisis in West Africa and the ongoing Syrian Refugee Crisis
    in Europe.

    Bio:

    Rakesh Bharania is the West Coast lead for Cisco Tactical Operations
    (TACOPS) – Cisco’s primary technology response team for disaster relief
    and humanitarian assistance. Additionally, he serves as chairman for the
    Global VSAT Forum’s (GVF) Cybersecurity Task Force, and is a recognized
    leader in the field of satellite security.With TACOPS, Rakesh is
    responsible for the design and implementation of secure emergency
    networks to support first responders, NGOs, and governments, and also
    works to restore critical infrastructure in the midst of disasters.
    Rakesh is also a Cisco representative to international forums on
    disaster relief and resiliency including the United Nations and FEMA / DHS.

    May 10, 2016:
    Title: Data-Driven Threat Intelligence: Metrics on IOC Effectiveness and Sharing
     For the past 18 months, Niddel have been collecting threat intelligence indicator data from multiple sources in order to make sense of the ecosystem and try to find a measure of efficiency or quality in these feeds. This initiative culminated in the creation of Combine and TIQ-test, two of the open source projects from MLSec Project. These projects have been improved upon for the last year, and are able to gather and compare data from multiple Threat Intelligence sources on the Internet.
    We take this analysis a step further and extract insights form more than 12 months of collected threat intel data to verify the overlap and uniqueness of those sources. If we are able to find enough overlap, there could be a strategy that could put together to acquire an optimal number of feeds, but as Niddel demonstrated on the 2015 Verizon DBIR, that is not the case.
    We also gathered aggregated usage information from intelligence sharing communities in order to determine if the added interest and "push" towards sharing is really being followed by the companies and if its adoption is putting us in the right track to close these gaps.
     Join us in a data-driven analysis of over an year of collected Threat Intelligence indicators and their sharing communities!
    Alex Pinto is the Chief Data Scientist of Niddel and the lead of MLSec Project. He is currently dedicating his waking hours to the development of machine learning algorithms and data science techniques to automate threat hunting (I know) and the making threat intelligence "actionable" (I know, I know). He has presented the results of his ongoing research at multiple conferences, including Black Hat USA 3 years in a row, demonstrating a fun but informative take on very technical subjects.
    He has almost 15 years dedicated to all things defensive information security, and 3 years in Data Science related work. Alex is currently a CISSP-ISSAP, CISA, CISM, and PMP. He was also a PCI-QSA for almost 7 years, but is a mostly ok person in spite of that.
    April 12, 2016:
    CASB: Cloud Access Security Broker or: how I learned to stop worrying and love the Cloud.
    Topics discussed:
    - Limitations of Cloud Services Security
    - Introduction to CASB
    - Types of Cloud Access Security Brokers (CASB)
    - How CASBs work
    - Open Discussion
    Mr. Kyong An has 20 years’ experience in Information Technology and Information Security. He previously worked at Intuit, PricewaterhouseCoopers, and Booz Allen & Hamilton. He has led and deployed several Access Controls and Identity Management implementations across multiple industries, including Entertainment, Consumer Products, Energy and Financial, most recently, a Roles Based Access Control framework to manage UNIX operating system service accounts. Mr. Kyong is currently the Director of Consulting Services at Palerra, Inc., a cloud security company in Santa Clara, CA..
    FIDO (Fully Integrated Defense Operation) by Rob Fry from Netflix
    Demonstrate the value of Netflix's Open Source initiative FIDO (Fully Integrated Defense Operation) and how it integrates with security tools, networking, and endpoints to secure our corporate network from malicious intrusions.
    For information: http://techblog.netflix.com/2015/05/introducing-fido-automated-security.html
    Rob Fry is an accomplished architect, inventor and public speaker with 19 years experience primarily in large scale Internet companies and the utility industry. In his current role he specializes in security orchestration and building cloud security solutions. While at Netflix he invented FIDO, a patent pending open source incident response and remediation platform and at Yahoo created the DUBS configuration and automation framework for production servers. In his free time he enjoys working on advisor boards, CABs and engineering steering teams with a passion for helping create products in the cloud and security space by working with venture capitalist to develop stealth and startup companies.
    March 8, 2016:
    "What's the real risk of mobile to the enterprise? What should you do about it?  Leveraging Behavioral and Predictive Security to Prevent Threats Before they occur."
     
    *Proposed Topics *(not necessarily segments, but the topics we will cover)
    - The Increasing Need for Mobile Security: outline the shift to mobile and inherent risks faced in the enterprise, reference recent studies, Lookout perspective
    - How to prevent threats before they happen - predictive/behavioral approach through big data, protecting enterprise assets and assuring app driven services
    - Enterprise Research and Response - insight to the problem statement of identifying threats and then deciding what to do about them.
     
    Presenters:
    Bharath Rangarajan, VP Product - responsible for Lookout Mobile Security product development related to mobile threat protection and threat intelligence
    Mike Murray, VP Research and Response - responsible for threat analysis and response, evaluating the evolving threatscape of mobile, partners with product dev
    Chris Tow, Sr Sales Engineer - responsible for customer engagement and helping to define ways to enhance protection of digital assets and bus processess.
    February 9, 2016:
    Hackers Hiring Hackers—How to Do Things Better
    ABSTRACT:
    There are few talks that address what some consider to be the hardest part of getting a job in InfoSec: the hiring process. Information security is in desperate need of people with the technical skills hackers have to fill a myriad of roles within organizations across the world. However, both sides of the table are doing horribly when it comes to hiring and interviewing. Organizations are doing poorly trying to communicate expectations for a job, there are people going to interviews without knowing how to showcase their (limited or vast) experience, and some people posture themselves so poorly that the hiring managers don’t think the candidates are really interested in the job. This talk takes the experiences of the speakers as both interviewers & interviewees (as well as from others) in order to help better prepare to enter (or move within) “the industry” as well as hiring managers know what they can do to get the people & experience they need for their teams.
    BIO:
    Tim O’Brien is Director of Threat Research at Palerra. As a 16-year information security professional, O’Brien is a subject matter expert in risk and incident management, intrusion and data analysis, secure architecture design, and systems management. O’Brien is well versed in developing technical solutions, determining the best options for the business and its goals, and creating comprehensive implementation plans that minimize risk for the organization. His excellent analytical and problem solving skills, with emphasis on understanding relationships among technical problems, result in sound and effective business solutions while reducing risk. He enjoys mentoring others and helping them develop their skills through supervisory positions, coursework development, mentoring, presenting at and helping run information security conferences, as well as instructional positions.
    January 12, 2016:
    Presenter:    Mr Kyong J An, Director of Professional Services at Palerra, Inc.
    Title:    A Practical Deployment: RBAC & Privileged Access Mgmt for UNIX in the Cloud
    Abstract:
    Extending Privileged Access Management to Cloud-based UNIX servers provides a meaningful opportunity to flex an existing RBAC implementation.
    RBAC plays a crucial part in controlling UNIX service account entitlements in an elastic environment. This session will cover a real-world deployment and is relevant if you already have an RBAC framework or are planning a future deployment.
     The attendees will learn how the solution was built and how the RBAC model can be extended to manage off-premise UNIX service accounts. The lessons learned and examples will provide design input into their RBAC framework.
    December 8, 2015:
    A:    2016 Chapter board election
    On site candidates registration and voting; in person only.
    B:    Presentation from United States Department of Homeland Security 
    Topic: Mobile Security R&D with DHS Science & Technology
    Description: DHS S&T's Vincent Sritapan, PM for Mobile Security R&D, will provide an in-depth overview of the current strategy and R&D investments for the Mobile Device Security Program.  Vincent will brief on the challenges in mobile security for the Federal Government and provide insights into current R&D initiatives funded by DHS Science & Technology.
    November 10, 2015:
    Toward Cybersecurity in Business Terms: Quantifying the Risk in Dollars
    Corporate executives know that while cyber risk cannot be eliminated, it can and must be managed so as to minimize impact on the business. But it is difficult to manage a risk that cannot be measured. Unless companies can identify and quantify cyber risks in dollars, they cannot effectively allocate security resources, justify investments, weigh competing priorities, or communicate risk with internal stakeholders or concerned customers.
    In January the World Economic Forum and Deloitte proposed a framework for a quantitative, risk-based approach to cybersecurity focusing on asset value at risk. Earlier frameworks, notably the FAIR taxonomy, have also tried to put risk  assessment on a quantitative footing. Like all assessment frameworks, these approaches are based on an exhaustive set of subjective human judgments, and as a result they are laborious and of limited accuracy.
    We propose an automated approach using actuarial science and empirical data to quantify risk. Data on rates of occurrence and financial impact of cyber incidents are extracted from industry reports, census data, SEC filings, insurance claims, and other sources, aggregated using Bayesian statistics and combined with automatically measured local IT factors to build a risk profile for an organization. Value at risk can be calculated for both structured and unstructured data assets; for the latter, a statistical approach is used based on department ownership and document access patterns.
    Risk can be managed and mitigated strategically when quantified in dollars. Progress can be measured, and hypothetical actions can be modeled and evaluated in terms of risk. Even potential black swan events can be anticipated and managed. With quantitative risk projections companies can plan ahead to minimize impact of the most extreme cyber events.
    Speaker:  Thomas Lee, PhD
    Thomas is a serial entrepreneur, co-founder and CEO of VivoSecurity Inc. His interest in risk quantification stems from his experience in IT and software development combined with a background in applying novel computational techniques to biological problems. He has a PhD and MS in biophysics from the University of Chicago, a BS in physics and a BS EE from the University of Washington.
    October 13, 2015:
    The Future of Endpoint Threat Detection, Response & Prevention
    Synopsis:
    The battleground has changed. Advanced attackers are routinely penetrating perimeter defenses and averting antivirus technologies to successfully launch attacks against endpoints and servers. Compromise is inevitable but a massive data breach doesn’t have to be. The Bit9 + Carbon Black Security Solution is the industry’s first and only integrated Endpoint Threat Prevention, Detection and Response solution. The Bit9 + Carbon Black Security Solution consists of two industry-leading products and the Threat Intelligence Cloud. Independently, each product is a leader in its category. Together, they provide security and risk professionals with the ultimate advanced threat protection solution for Windows, Mac and Linux endpoints and servers. This meeting will explore both solutions to help the audience understand and appreciate Bit9 + Carbon Black’s approach in the context of securing their enterprise environment.
    Speaker Bio:
    Manoj Khiani, CISSP-ISSAP, is a Senior Systems Engineer with Bit9 + Carbon Black.  He has spent his career in Internet security focused companies over the last 20 years at leading companies such as Netscape, VeriSign, and Check Point.  Mr. Khiani holds a degree in Electrical Engineering from the University of California, Berkeley and has held his CISSP certification since 2001.  He is also a co-founder of the Silicon Valley ISC(2) chapter.
    September 8, 2015:
    Two part presentation: 
    1. Attivo Networks CEO, Tushar Kothari, will discuss a new category of security - "deception" 
    2. After Tushar's talk of "deception", Mahendra from the VC group will join him to have a "fire-side" talk about startups in the security field, including startup/funding and team building
    August 11, 2015:
    This was an "all hands meeting and open discussion".
    - board members will share experiences/stories in their field
    - discussions about future chapter activities
    - members are encouraged to provide input about the chapter or share experiences.
    July 14, 2015:
     Software Defined Network (SDN): What is SDN? What are SDN security issues?
    As SDN builds momentum to be  implemented in both cloud and in-house environments, it's time for us to know what SDN is and what the potential security risks are for the SDN.

    Wen-Pai Lu is our current chapter board member and shared his experiences regarding the SDN during the July 14 chapter monthly meeting.

    June 9 2015:
     1. A brief presentation on "DHS Transition to Practice (TTP) program" from Michael Pozmantier, Program Manager
     2. "Managing Security Risks Affecting Robots, Implantable Devices, and Other Disruptive Technologies" By Stephen S. Wu, Attorney at Law
    What are the new information security legal challenges in an era of rapid, sweeping change in technology? 
    Enterprises face compliance and liability issues from the use of robots, artificial intelligence systems, non-traditional mobile devices......
    The talk covers the intersection among legal, business, and technology issues from the development of those disruptive technology and ways enterprise can manage their legal risks.

    May 12, 2015 - Henry Yeh, chapter's 2014 president will discuss the topic of "Malware": Polymorphic, Metamorphic malware in the research format--not  focus on how commercial vendors are doing their detection.

    Discussion will focus on the detection techniques being researched. Demonstration on how to create a worm, and detection malware using Microsoft tools on Windows OS. 
    April 14, 2015 - 1. Cybersecurity startups: The good, bad and the ugly:  Mahendra Ramsinghani will share case studies of a few security startups. (Presentation)
                    2. 'Preparing for an Imminent Terabit DDoS Attack’ by Orion Cassetto, Director of Product Marketing at Incapsula
    March 10th 2015 - Section 1: "Market trends in IT and Information Security careers" from career advisor's points of view by KFORCE Section 2: "What is FaaS? (not a typo of SaaS)"  by Puneet Thapliyal, Co-founder, Verasynth FaaS 

    February 10th 2015 - Kelly Harward, Director of Product Management at Raytheon Cyber Products on Insider Threat - Deconstructing the Insider Threat & Mitigating the Associated Risk
    January 13th 2015 - Wen-Pai Lu on Cloud Security: A Different Perspective.
    October 14th 2014 - Edward Chang on (ISC)2 Foundation's Safe and Secure Online (SSO) Program
    September 9th 2014 - Henry Yeh on Defense Security Service (DSS)
    August 12th 2014 - HP Atalla on “Cloud Security Challenges”
    July 8th 2014 - Seagate Technology on "Enhancing Enterprise Security with Self-Encrypting Drives" & "Security Awareness Metrics at RekenaarCorp"
    June 10th 2014-Pindrop Security on "Phone Channel Fraud and Acoustical Fingerprinting"
    May 13th 2014-Cloudflare on "Mitigating DDoS Attacks"
    April 8th 2014-Thales e-Security on "Data Protection and Mobile Payments"
    March 11th 2014-Hewlett Packard on "The Outsourcing of Application Security"
    February 11th 2014-FBI on "Cyber National Investigation"
    December 10th, 2013-SANS Top 20 Critical Control
    November 12th, 2013-Board Elections and Bear Data Systems
    October 8th, 2013-Fortinet
    September 10th, 2013-United States Secret Service
    July 9th, 2013-Barchie Consulting and Shuh Chang
    June 11,2013-Radware (Presentation)
    May 14th, 2013-Cisco
    April 9th, 2013-Tripwire

    Feb 12th 2013-Thales Security

    Comments