Security v. Speed – DevOps

July 12th, 2019 9:00 AM – 5:30 PM  Sitemap 

Venue:  SABA Software 

4120 Dublin Blvd. Amenity Hub, Dublin, CA 94568

This one-day security track includes 6 30 to 90 minute presentations and labs, light breakfast, lunch, and end of day networking. (ISC)2 East Bay Chapter events facilitate lively discussion and opportunities to extend the presenter wisdom to our real needs in keeping Bay Area companies both competitive and safe. Please learn more at https://isc2-eastbay-chapter.org, LinkedIn, Facebook
This 1-day event counts towards 8 hours of Continuing Professional Education upon Lab completion, survey monkey and sign off.  Security at the Speed of DevOps <Training flier July 12, 2019> Learn more at https://isc2-eastbay-chapter.orgLinkedInFacebook
Theme – Security at the speed of DevOps

Security at the speed of DevOps theme includes 5 speaker instructors and guided product demonstrations offering 8 CPE for full attendance. Learn more at https://isc2-eastbay-chapter.org, LinkedIn, Facebook.

Three opportunities for networking with your peers

  • Breakfast 8:00-8:50 Coffee and Nathan’s Bagels
  • Lunchbox 12:00 to 12:50 catered by Panera
  • Instead of dinner at the site, we are opting to coordinate a meeting spot after the conference. We lowered the cost on the day and are encouraging our members to come out and join us for a meal and drinks – location TBD. Rather than ask attendees to pay for a meal and drinks that they might not want, we’ve opted to limit cost to breakfast and lunch so more people can pay for just what they need.

If you are experiencing hardship and wish to attend, please have proof of (ISC)2 membership or ISACA membership and reach out to Director Education & Career Development Jing Zhang-Lee, or Conference Director Robin Basham

*If you are not a member of ISC2 or ISC2 East Bay Chapter, please complete the membership application form and send the application with your notice of intent to attend.  Membership is still free, but we do need to know who you are.

Something new: Technology Book Exchange Table

Our Board has a collection of great technology books that we are going to put out for free at the event. You are welcome to take any and as many as you want. Any books that you bring and don’t get selected need to go home with you, … so sell those ideas to a new reader.

 

Affiliated Members:

(ISC)2 is happy to accept member ID from its partner professional organizations


Registration



Pricing:

(ISC)2 is happy to accept member ID from its partner professional organizations:

ISACA, ISSA, ISC2

  • Member* $45
  • Sponsor $90
  • Non-Member* $55
  • Student $25

Sponsor pricing indicates that you have purchased the cost of your day and sponsored a single person who may be looking for work, or you have sponsored two local college or high school students who may be looking for their next mentor.

Speaker Bar
Session 1: 8:45-10:00 AM Meet Mark Thompson

The Importance of Managing Code Signing Certificates

Mark Thompson, Chief Product Manager

Chief Product Manager,  Mark Thompson, A practiced professional in the development of strategic business plans to set vision for future products. An expert in Energy Policy, Telecommunications and Cyber Security Standards. Negotiates contracts with key alliance partners, including Verizon, Sprint, and AT&T. Develops market and financial analysis to Sales, Engineering, and Finance to drive the resolution of complex financial and technology decisions within organizations. Representative on Energy Sector regulatory organizations, Standards Development Organizations, and speaker on Industry Panels and committees. Subject matter expert in Wireless Communications, Engineering, and Patent Analysis.

Session 1:  How to Protect Code Signing Certificates – The Keyfactor Secure Code Signing Module locates and transfers all code signing certificates from Enterprise network locations (including all networked PC, storage, and thumb drives) to a secure vault. Once inside the certificates never leave the vault. A user with appropriate access presents the code to be signed to the module where it’s signed and returned to the user. Access controls are in place to ensure that only those with the right privileges can sign software and firmware. Join us and learn how to improve the security of your Code Signing procedures.

About: Keyfactor, formerly Certified Security Solutions (CSS), is a leading provider of secure digital identity management solutions that enables organizations to confirm authenticity, and ensure the right things are interacting in the right ways in our connected world. From an enterprise managing millions of devices and applications that affect people’s lives every day, to a manufacturer aiming to ensure its product will function safely throughout its life cycle, Keyfactor empowers global enterprises with the freedom to master every digital identity. Its clients are the most innovative brands in the industries where trust and reliability matter most.  Website https://www.keyfactor.com

PART II: TBD

Session 2 10:00 to 10:30 Meet Dorian Cougias:  Out put of this session is a small working group can split off to work with UCF mapper  Have laptop will lab – license keys and opportunity to beat Watson in a CyberSecurity Mapping challenge

Mapping Agile and DevOps Controls to Regulatory Requirements

Live laboratory time using the UCF Mapper lead by Dorian Cougia, Lead Analyst and Compliance Scientist, The Unified Compliance Framework® (UCF). As the lead analyst for the Unified Compliance Framework Dorian is responsible for the classification, taxonomy, and interpretation of all facts of unifying the regulatory landscape. 1-2: Whether you begin from the point of SOC 2 Type II attestation or you have already completed an ISO/IEC 27001 certification, there are right ways and wrong ways to interpret DevOps constructs and procedures with an eye towards compliance to frameworks like HITRUST for HIPAA, NIST CSF, and NIST 800 53 r4 for FedRamp.

This session looks at how DevOps concepts align with  Government Sector and other Industry CyberSecurity Requirements. Using The Unified Compliance methodology, participants will examine how Agile, DevOps, and their related technologies vary in the way they are interpreted by different types of audit. ( Examples include: Assets, Classification, Session Timeout, Password, and Authentication)About UCF: The Unified Compliance Framework® (UCF) was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Perkins Coie, which oversees all legal aspects of the UCF. This patented GRC framework is used as a core component of advanced GRC solutions by leading software publishers, certified auditors and consultants worldwide. Unified Compliance’s dynamic SaaS portal, the Common Controls Hub, provides a new interface to the UCF that aids in extracting needed data from the framework easily and helps compliance professionals keep pace with the ever-evolving regulatory demands, confidently manage risk, and ease resource and budget barriers. The Common Controls Hub gives users rapid access to its massive data repository of more than 90,000 individual mandates from 800-plus laws and standards from around the globe. Sorting through the most up-to-date demands, figuring out which controls they need to implement and how they overlap is now a quick process with just a few simple mouse clicks. The Common Controls Hub simplifies the need to locate, research, interpret, and reconcile new and evolving mandates by giving compliance professionals the ability to centrally scope, define and maintain regulatory demands online. Companies can now automatically compile custom, harmonized control lists in minutes by vertical industries, market segments, and geographies.

Session 3 11:00- 12:00 Learn from the guy the whole team depends upon. Apprentice with a DevOps Master

We invited a local DevOps Guru to really teach us

Now What?

Now How?

Meet Wasim

Meet Steven

Before
After
Session 4 1:00 to 1:45

Sepio Systems

The Latin word “Sepio” means “defend” and “guard.” Sepio is disrupting the cyber-security industry by uncovering hidden hardware attacks. Bad actors are gaining access by implanting rogue hardware – Sepio’s Rogue Device Mitigation (RDM) stops them. The company was founded by cyber security experts from private industry and government agencies. Our team has earned global recognition and decoration in fighting attacks though malicious hardware devices. Website http://www.sepio.systems
Session 5 1:45 – 2:15

Preview November 9th speakers and a message from our Director CyberSecurity, SafetyNet

Ethics and the Security Entrepreneur (Ethics Meet Invention) Steve King, CEO,  UberConnectForce, Inc.  https://uberconnectforce.com

Maura Jones, Director CyberSecurity, (ISC)2 East Bay Chapter

Networking 2:15-2:45 PM
Sponsored by KFORCE

We Break 4 Cake

Chapter Announcements

Book Exchange

Time with Lab Partners

 

Special thanks to Maura Jones and Asha Kumar for coordinating meals. Call out to Angel Mazzucco who organizes real interviews for real jobs, and brings us CAKE!!
Session 6 2:45-3:30

Gemalto

Gemalto is an international digital security company providing software applications, secure personal devices such as smart cards and tokens, and managed services. It is the world’s largest manufacturer of SIM cards. The company was founded in June 2006 when two companies, Axalto and Gemplus International, merged. Gemalto
  • Hardware Security On Demand: Provides protection for transactions, identities and applications by securing cryptographic keys and provisioning encryption, decryption, authentication and digital signing services.
  • Key Broker On Demand:  Enables you to manage your keys to provide simple and secure control between your enterprise-controlled security and your SaaS and cloud service vendors such as Salesforce.
  • Key Management on Demand: Provides a central way to manage encryption keys throughout their full lifecycle, supports Key Management Interoperability Protocol (KMIP) services and acts as a key broker for organizations extending their security policies into multi-cloud environments through “Bring Your Own Key” (BYOK).
  • Encryption on Demand: Protects sensitive data wherever it resides including files, folders, databases, storage environments, and virtual machines.

Session 7 3:30-4:15 Meet Eric Butler

Securonix

Integrating SIEM,  Presented by Eric Butler

The Sales Engineering space has been my calling since an instructor turned me onto the field in Network 101. The blend of business & tech has given growth opportunities that purist jobs can’t. My record illustrates a consistent & gapless track record pursuing & achieving this goal. This success is also seen in several of the companies with I’ve had the privilege to work, leading to acquisition or IPO. My path to this point has been tailored to gain the broadest exposure to diverse security controls to drive customer & company success. Skilled in Azure & AWS security, Windows & Linux Server cybersecurity, and organizational risk assessment. Strong sales professional with a Network and Communications Management focus in Security Systems Networking and Telecommunications.” Learn more http://www.securonix.com
Session 8 4:15-5:00 Last Lab Snacks, networking, surveymonkey
Sign up for private time with your favorite product SME, Security Mentor or Hiring Manager. This time counts for 1 CPE. Sepio, UCF, DevOps Mentors (board and speakers), Gemalto, KeyFactor. Follow up time for the live labs. What worked, what challenged us? Attendees will not receive CPE unless they return their survey monkey and write up their final activity
We will not be coordinating dinner, however Gemalto and KeyFactor have extended an invitation for board, committee, sponsors and speakers to meet for drinks. We made a decision to lower costs for attendees by skipping the price of dinner. People who want to meet later for drinks should let the us know.
Saba Software, meeting sponsor, thanks for supplying our venue and many contributing members of the conference committee The average person will spend nearly 100,000 hours of their life working. Saba’s mission is to help our clients create a work experience for their people that’s more engaging, inspiring and empowering — an experience that can transform the working lives of millions, and creates more growth and success for every business.

With Saba, you have the power of 1,400 talent experts in your corner, solely focused on living that mission, and helping HR leaders transform their people strategy and talent experience, while delivering tangible impact to the business.

KeyFactor, meeting sponsor, thanks for supplying speaker and dinner Keyfactor, formerly Certified Security Solutions (CSS), is a leading provider of secure digital identity management solutions that enables organizations to confirm authenticity, and ensure the right things are interacting in the right ways in our connected world. From an enterprise managing millions of devices and applications that affect people’s lives every day, to a manufacturer aiming to ensure its product will function safely throughout its life cycle, Keyfactor empowers global enterprises with the freedom to master every digital identity. Its clients are the most innovative brands in the industries where trust and reliability matter most.  Website https://www.keyfactor.com
Sepio Systems, Meeting sponsor, thanks for supplying speaker and dinner The Latin word “Sepio” means “defend” and “guard.” Sepio is disrupting the cyber-security industry by uncovering hidden hardware attacks. Bad actors are gaining access by implanting rogue hardware – Sepio’s Rogue Device Mitigation (RDM) stops them. The company was founded by cyber security experts from private industry and government agencies. Our team has earned global recognition and decoration in fighting attacks though malicious hardware devices. Website http://www.sepio.systems
Skybox Security, Gold sponsor, live demonstration assigning the policy that proves our governance is in place Best-in-class Cybersecurity Management Software
The software uses analytics to prioritize on organization’s risk exposures and recommends informed action to best address those exposures. These capabilities extend across highly complex networks, including those in physical, virtual, cloud and operational technology (OT) environments. By integrating with more than 120 networking and security technologies, the company’s broad platform, the Skybox™ Security Suite, enables organizations to reduce security risks that attackers can find and exploit, such as device misconfigurations and policy violations, as well as exposed and unpatched vulnerabilities. Established in 2002, Skybox is a privately held company with worldwide sales and support teams serving an international customer base of more than 500 enterprises in over 50 countries.
Netskope, Platinum Sponsor, live demonstration, mapping the path of business, the evolution of cloud security Netskope is the leader in cloud security. Using patented technology, Netskopeís cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time, whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope ó security evolved. netskope
Cybereason,  Meeting sponsor, thanks for supplying speaker and dinner Cybereason is the leader in endpoint protection, offering endpoint detection and response, next-generation antivirus, managed monitoring and IR services.
Founded by elite intelligence professionals born and bred in offense-first hunting, Cybereason gives enterprises the upper hand over cyber adversaries.
The Cybereason platform is powered by a custom-built in-memory graph, the only truly automated hunting engine anywhere. It detects behavioral patterns across every endpoint and surfaces malicious operations in an exceptionally user-friendly interface.
Cybereason is privately held and headquartered in Boston with offices in London, Tel Aviv, and Tokyo.
Gemalto Gemalto is an international digital security company providing software applications, secure personal devices such as smart cards and tokens, and managed services. It is the world’s largest manufacturer of SIM cards. The company was founded in June 2006 when two companies, Axalto and Gemplus International, merged. Gemalto
CyberArk, Platinum, contributes lab leaders and speakers in addition to actively sponsoring the last four conference events CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the worldís leading companies ó including more than 45% of the Fortune 100 companies ó to protect their highest value information assets, infrastructure, and applications. For over a decade CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done. At a time when auditors and regulators are recognizing that privileged accounts are the fast track for cyber attacks and demanding stronger protection, CyberArkís security solutions master high-stakes compliance and audit requirements while arming businesses to protect what matters most. With offices and authorized partners worldwide, CyberArk is a vital security partner to more than 3,200 global businesses, including more than 45% of the Fortune, 100 more than 25% of the Global 2000, CyberArk has offices in the U.S., Israel, Australia, France, Germany, Italy, Japan, Netherlands, Singapore, Spain, Turkey and the U.K. CyberArkMd
The Unified Compliance Framework® (UCF) Silver Sponsor, provides speakers and lab based trainings. UCF is an ISC2 partner in providing certifications for controls and compliance mapping. The Unified Compliance Framework® (UCF) was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Perkins Coie, which oversees all legal aspects of the UCF. This patented GRC framework is used as a core component of advanced GRC solutions by leading software publishers, certified auditors and consultants worldwide. – Unified Compliance’s dynamic SaaS portal, the Common Controls Hub, provides a new interface to the UCF that aids in extracting needed data from the framework easily and helps compliance professionals keep pace with the ever-evolving regulatory demands, confidently manage risk, and ease resource and budget barriers. The Common Controls Hub gives users rapid access to its massive data repository of more than 90,000 individual mandates from 800-plus laws and standards from around the globe. Sorting through the most up-to-date demands, figuring out which controls they need to implement and how they overlap is now a quick process with just a few simple mouse clicks. – The Common Controls Hub simplifies the need to locate, research, interpret, and reconcile new and evolving mandates by giving compliance professionals the ability to centrally scope, define and maintain regulatory demands online. Companies can now automatically compile custom, harmonized control lists in minutes by vertical industries, market segments, and geographies.”
Securonix, recent past Platinum Sponsor, always a welcome participant at (ISC)2 East Bay Events Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their Using signature-less anomaly detection techniques that track users, account, and system behavior, Securonix is able to automatically and accurately detect the most advanced cyber threats, insider threats, and fraud attacks. Globally customers are using Securonix to address the most basic and complex needs around insider threat detection and monitoring, high Securonix

privileged activity monitoring, data exfiltration, enterprise and web fraud detection, application risk monitoring, cloud security monitoring, cyber threat monitoring, and access risk management. Securonix uses a Hadoop platform to provide unlimited scalability and open data model. http://www.securonix.com

ThankYouEveryone
How to become a member: Please directly contact our Chapter President Lee Neely and fill out the membership form https://isc2-eastbay-chapter.org/membership/
EnterpriseGRC Thank you Chevron, for providing us space and food for the last two years.
Blackhawk Oracle

(This 1-day event counts towards 6 hours of Continuing Professional Education CPE)
Your friends and colleagues at (ISC)2 East Bay Chapter chapter can’t wait to see you. We hope you join us in giving special thanks to the conference committee volunteers, without whom, such events would not be possible. Providing weekly meetings, binding flyers, drafting letters, being a liaison to our gracious speakers, updating and proofing our brochures, and assisting in the overall quality management of the Summer Conference, we acknowledge Ash Kumar, Dan Green, Atul Kumar, Maura Jones, Ana Colocho, Rizwan , Austin and others as well as all members of the Board of Directors for their added responsibilities in coordinating our conference business, and for all the wisdom provided by the full membership. Your support is greatly appreciated.
Yours Sincerely,

The (ISC)2 East Bay Chapter Board of Directors

Recent Past Presidents are Lokesh Sisodiya, Tom Rogers and Lee NeelyWe push you in

(ISC)2 East Bay Chapter