 |
||
November 9th, 2018 – Doors open at 8:00 AM
|
Venue: SABA Software 4160 Dublin Blvd Suite 145, Dublin, CA 94568 |
|
| If Cybersecurity is the theme to your action-packed security career, then conquering IPv6 and IOT is the price of admission. Without facility and strategy in the face of these two key area, it’s game over before you even get butter on your popcorn. The November 9th IPv6+IOT: Price of Admission one-day security event includes 11 speakers and six guided product demonstration offering 8 CPE for full attendance. Learn more at https://isc2-eastbay-chapter.org, LinkedIn, Facebook |
||
8 hours of Continuing Professional Education upon Lab completion and returning your survey. Download the Fall Flyer ISC2-Eastbay-chapter-Nov-9-2018-conference
|
||
The IPv4 to IPv6 transition can present issues for an enterprise without resources to redesign its network. Experts and vendors discuss how to ensure IPv6 connectivity. ISC2-Eastbay-chapter-Nov-9-2018-conference – Fall Flyer |
Pricing:(ISC)2 is happy to accept member ID from its partner professional organizations:
Registration after November 1st
If you are experiencing hardship and wish to attend, please have proof of (ISC)2 membership or ISACA membership and reach out to Director Education & Career Development Jing Zhang-Lee, or Registration 8:00 AM – 8:50, Speaker Reception, Closing Remarks and Raffle 5:15 – 6:30 PM |
|
 |
||
| Session 1.1: 9:00 – 10:00 | Meet Ed Horley | 9:00 – 10:00 |
Ed Horley, Chief Executive Officer of HexaBuild, Inc.Celebrating the Sixth Year Anniversary of World IPv6 Launch |
Ed is the Co-Chair of the California IPv6 Task Force, holding that position since 2010. He is an international speaker on IPv6 and is actively involved in the advocacy of IPv6 through his work on the CAv6TF and the North American IPv6 Task Force. He has an extensive background in networking and technology, with over 20 years of experience in designing, deploying and supporting data center and enterprise networks. |  |
| 1-1: Session Description and More about Ed Horley: Ed is the author of the Apress book Practical IPv6 for Windows Administrators and is a Pluralsight author for two courses, both on IPv6. He was also the technical reviewer or editor for the following titles: Understanding IPv6, Third Edition from Microsoft Press, IPv6 Essentials Third Edition from O’Reilly Media and IPv6 Address Planning from O’Reilly Media. Ed previously worked for IT solutions provider Groupware Technology for seven years, where for the last two years he held the position of VP of Engineering. During his tenure at Groupware, he was instrumental in the development of Groupware’s Cloud Practice as well as the overall growth of its engineering structure and talent.
|
||
| Director of Education & Career Development Jing Zhang-Lee | introduces Carolyn Shek | 10:00-10:15 |
San Francisco, Office of Economic & Workforce Development, on the TechSF
|
Carolyn Shek works for the City & County of San Francisco, Office of Economic & Workforce Development, on the TechSF team which provides a range of services, opportunities, training programs for diverse young adults seeking careers and apprenticeship in the technology industry. |  |
| The City of San Francisco, Office of Economic & Workforce Development partnered with the City College of San Francisco; The Information Security Apprenticeship Program. This is a registered apprenticeship that follows the guidelines established by the California Apprenticeship Council.
Students start with completing a set of prerequisite courses on Information Security at CCSF, (Domain Name Systems, and Introduction to Networks, Network Security and Computer Forensics). Then they are matched with an employer for their apprenticeship, which they will concurrently continue their courses towards the CCSF Certification in Cyber Security. At the successful completion of the program, apprentices are qualified to test for the CISSP Associate Certification! Employers are able to customize their training program to meet their skills needs, human resources strategies and company culture. We are currently recruiting Employers who are interested in hiring our apprenticeship to start at their company as apprentices. This is a great program for companies to make a difference in developing a student’s first step into their new career, at the same time, growing your company’s workforce with diverse talents.
|
||
| Session 1.2: 10:15-11:00 | Meet Tyler Haske | 10:15-11:00 |
Addressing and Zero Touch ProvisioningTyler Haske, US Government/ReadyLogo IPv6 Certification Test Engineer at Cisco |
Tyler is responsible for helping all of Cisco’s products achieve two IPv6 certifications: USGv6 and IPv6 ReadyLogo. USGv6 is a profile or a collection of purchasing requirements the US government wants to see for IPv6 readiness. Many US government departments require this certification to buy equipment. Indirectly my department protects millions of dollars worth of public sector deals. |  |
| 1-2 Session Description: Addressing and Zero touch provision is about… More about Tyler: IPv6 ReadyLogo is the industry standard certification. It ensures equipment does basic things like responding to pings, address itself automatically with SLAAC, and do neighbor discovery correctly. IPv6 has some different design paradigms so it’s important to check correctness. The certification suite is about 400+ tests. Tyler will share his experience managing the IPv6 testing infrastructure, in automating tests, and the substantially important steps of pushing IPv6 readiness within Cisco as a company.  Cisco (NASDAQ: CSCO) enables people to make powerful connections-whether in business, education, philanthropy, or creativity. Cisco hardware, software, and service offerings are used to create the Internet solutions that make networks possible-providing easy access to information anywhere, at any time. Cisco was founded in 1984 by a small group of computer scientists from Stanford University. Since the company’s inception, Cisco engineers have been leaders in the development of Internet Protocol (IP)-based networking technologies. Today, with more than 71,000 employees worldwide, this tradition of innovation continues with industry-leading products and solutions in the company’s core development areas of routing and switching, as well as in advanced technologies such as home networking, IP telephony, optical networking, security, storage area networking, and wireless technology. In addition to its products, Cisco provides a broad range of service offerings, including technical support and advanced services. Cisco sells its products and services, both directly through its own sales force as well as through its channel partners, to large enterprises, commercial businesses, service providers, and consumers. |
||
| Session 1:3 11:00-11:50 | Meet Benjamin Derr | 11:00-Noon |
Privileged Account Risks and Where to Find Them – Part 2: What are the roles on IOT devices?Benjamin Derr is a Principal Solutions Engineer with CyberArk, and over the last three years, has worked with Fortune 500 organizations and government agencies to help them develop long-term |
cybersecurity strategies built on privileged account security best practices. He has worked for CyberArk for over 3 years, and brings deep technical and business experience to his role, with a focus on areas such as regulatory compliance, policy management, access management, and proactive risk mitigation techniques. Prior to CyberArk, Ben has worked in a variety of roles, and has been in the industry for over 20 years. |  CyberArk, Benjamin Derr |
| 1-3 Session Description: Accelerate Results: Privileged Account Risks and Where to Find Them – Part 2: What are the roles on IOT devices?
Where it’s imperative to maintain speed and agility without compromising secrets used by privileged admin users, CI/CD tools, homegrown applications, and infrastructure – protect the pipeline and integrity of resulting products. This session will discuss:
|
||
| 1:4 12:30-1:15 | Meet Jun Du | Luncheon with Presentation |
Is Cyber Risk in the Nature of IoT ?Jun Du, Head of Security Research and Analytics at ZingBox Inc.Jun has dedicated the last 16 years to creating software that enables network infrastructure and cybersecurity. He is currently the Head of Security Research and Analytics at Zingbox where he leads a team of data scientists and security researchers leveraging AI and machine learning to develop IoT security solutions. |
Prior to Zingbox, Jun held various engineering and management roles in the networking and security solution providers such as Ericsson, Airespace, and Cisco Systems. Jun led teams that created new generations of network security software leveraging behavioral analytics to detect network breaches. He also helped develop the technology and build the engineering team focused on enterprise wireless during his 8 years at Cisco, when his team helped built all wireless controller models and mobility solutions. Jun is co-holder of multiple patents and has MS degrees from NC State and Beijing University of Telecom. | 
|
| 1-4: Is Cyber Risk in the Nature of IoT ? IPv6 enables IoT but cyber risk is in their nature. Connected devices open endless possibilities for people, including those with malicious intent. This session will use connected medical devices, or IoMT, as examples to illustrate the hard facts about the cyber risks IoT bring to the industry, and more importantly, how to play defense by leveraging an AI-powered risk model combined with real-time detection, service integration, big data, and threat intelligence. Recent advancements in Artificial Intelligence (AI) and Deep Learning are revolutionizing the way enterprises operate, including the way healthcare providers offer care. The same technologies are also leading the way to ensure the provider’s ability to protect their devices from ransomware and data breach and ensure uninterrupted service. In this talk, Mr. Jun Du will explore the challenges in IoT security and solutions that are being applied to healthcare industry today. About Zingbox: Zingbox detects and protects the connected equipment. It provides unparalleled visibility into the Internet of Things (IoT) infrastructure to reveal existing vulnerabilities and hidden threats. Zingbox is a real-time IoT security solution that protects enterprises from cyber and insider threats. Deployed in a non-intrusive way, Zingbox discovers, identifies and classifies assets into IoT categories. It then learns and generates a baseline of normal device behavior and identifies its risk profile. Zingbox detects anomalous behavior to provide real-time policy enforcement. Founded by industry veterans with deep expertise in networking and security, Zingbox is backed by leaders in enterprise security. http://www.zingbox.com |
||
| Session 1:5 1:15-2:15 PM | Meet Jane Ren | 1:00-2:00 PM |
Smart Industry – Dumb Industry: Sensors in the FieldSpeaker Jane Ren, Founder, and CEO of Atomiton, a leader in IoT delivering next-generation intelligent solutions to industrial businesses. Under Jane’s leadership, Atomiton was named a “Top 20 Disruptive Influence in Tech” by the CFO Magazine in 2017 for |
its IoT software stack deployed in oil and gas, smart cities, and industrial automation. Prior to Atomiton Jane was the Chief Business Architect at GE Global Software Center, where she spearheaded digital business transformations across GE’s Healthcare, Transportation, Aviation and Energy businesses. She product managed the core software platform to drive GE’s “Industrial Internet” initiative. Previously at Cisco, Jane was responsible for GTM strategies and major customer | engagements for the Service Exchange Platform. A medical doctor by training, Jane worked as an internal medicine physician and then a hospital executive before joining the tech industry. Jane received her MBA from the University of California, Berkeley, and her MD from Peking Union Medical College (now Tsinghua University). |
1- 5 Sensors In The Field: Energy, Retail, & Logistics – share a need to move sensors into the field: When is the right time for security to get involved? As IOT plays an increasing role in the Industrial Space we witness:
|
||
| Session 1.6: 2:15-3:00
Tabletops – join a sponsor lead discussion with a kick off from Jonathan Randall, Maura Jones and R. Daniel Lee |
Deception Tech Leaders Attivo Networks facilitates planning for your next threat vector, and recent ISACA speaker Maura Jones addresses the increasing vast attack surface of IOT. | Table Tops have leaders and facilitators from the following companies – Your task is to develop a facilitated narrative that adds to your existing BCP, DR or BIA |
| 1-6 Session Description: Have you considered new threats from IOT and IPv6 to add into your risk scenarios, your threat chains, and specifically, have you factored this into at least one new tabletop exercise? We welcome back Jonathan Randall, CISSP, and our co-chairs Maura Jones, CISSP, and R. Daniel Lee, CISS to facilitate this group exercise. | ||
Tabletop lab structure allows groups of five or more participants in a guided activity designed to foster the real-world application of core ISC2 education domain topics. Exhibitors and Chapter Members must examine impacts from IPv6 and IOT and the rest is up to you and your mentor. Table leaders include representation from:
|
Have you adjusted your current BCP to account for new challenges in IOT?
Each table has one hour and one facilitator. Your mission is to design one tabletop exercise involving at least one topic from the day. Your effort earns 1 CPE You can also use this time to meet with hiring advisors. All of the companies below are sponsors and attendants. If you want to meet with people directly, please contact the conference director who will arrange your one on one time. |
|
 |
|
 |
 |
|
 |
 |
|
 |
 |
|
|
 |
|
 |
| 3:15-3:30 PM | Running late? Eat some time. |
We Break 4 Cake |
Cake Sponsors are so sweet!
If we are running late, you may be asked to hurry up and eat your cake |
Are you sweet? Show us by donating cake, bagels, pizza, wine, printed materials, pens, space. We always welcome your swag. Put your logo on EVERYTHING. We’ll take it.
Special thanks to Maura Jones and Asha Kumar for coordinating meals. |
|
| Session 1-7&8: 3:30-5:15 | Meet Sean Codero | Meet Pete Scalfini |
IPv6 TLDR: Everything you didn’t want to know or hear about IPv6 and the changing IPv4 landscape- in less than 12 Parsecs |
Sean Cordero, VP of Cloud Strategy at Netskope |
Pete Sclafani, COO & Co-Founder of 6Connect |
| 1-7 &1-8: Session Description: Everything you didn’t want to know or hear about IPv6 and the changing IPv4 landscape- in less than 12 Parsecs:
The continued and increased rate of IPv6 adoption on a global scale marches on. Internet and Cloud service providers have continued to limit the usage of IPv4 due to cost, performance, and interoperability reasons. Now, the industry-wide shift has started to impact how our users and systems communicate with Internet-based services and placed new security considerations due to this new paradigm. Join industry leaders Pete Sclafani, COO, and co-founder of 6connect, and Sean Cordero, VP of Cloud Strategy at Netskope to hear from them on the impacts IPv6 adoption is having across the industry, the pitfalls to avoid as an organization begins adoption, and the impact to securing Cloud and on-premise based technologies.
Attendees will walk away with real-world examples and actionable steps to empower their understanding and engagement in their organization’s IPv6 efforts and begin
|
||
About Netskope: Netskope is the leader in cloud security. Using patented technology, Netskopeís cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time, whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope ó security evolved.
|
||
We |
Remember |
Robert E. Stroud |
Recognition |
We honor his memory through scholarship. |  |
|
ISACA News
Stroud brought boundless energy and enthusiasm into everything he did for ISACA—and those contributions were many. During his term as board chair, he was a driving force in the launch of ISACA’s Cybersecurity Nexus™ (CSX). Prior to that, he was international vice president of ISACA, a member of the Strategic Advisory Council and Governance Committee, and chair of ISACA’s International Organization for Standardization (ISO) Liaison Subcommittee. He was a COBIT champion and contributed to COBIT 4.0, 4.1 and 5, and numerous COBIT mapping documents. Additionally, he was involved in the creation of ISACA’s Basel II, Risk IT and Val IT guidance. He was deeply engaged with the association for 12 years, serving on more than 15 groups and speaking at countless conferences over that time.
“ISACA lost a dedicated leader, an engaged board member, a passionate colleague and, most notably, a very dear friend,” said ISACA Board Chair Rob Clyde, CISM, in his tribute to Rob Stroud. “Rob was always looking forward to new trends, new challenges, and new opportunities so he could best serve his clients, his colleagues, and his friends, whether bonds were just formed or existed for decades. His exuberance lit up the room wherever he went, and he was truly a guiding light and progressive proponent for the association and our professional community. Rob’s enduring spirit of innovation will continue to influence ISACA and our global family for years to come.”
|
||
Dinner isTexas Barb-B-Q fromArmadillos |
Wine is courtesy of
|
Cheese and CrackersMany thanks to HexaBuild |
 |
||
Securonix |
Platinum Sponsor, live demonstration visualizing the threat, actionable intelligence |
 |
| Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their environment. | Using signature-less anomaly detection techniques that track users, account, and system behavior, Securonix is able to automatically and accurately detect the most advanced cyber threats, insider threats, and fraud attacks. Globally customers are using Securonix to | address the most basic and complex needs around insider threat detection and monitoring, high privileged activity monitoring, data exfiltration, enterprise and web fraud detection, application risk monitoring, cloud security monitoring, cyber threat monitoring, and access risk management. Securonix uses a Hadoop platform to provide unlimited scalability and open data model. http://www.securonix.com |
Skybox SecurityGold sponsor, live demonstration assigning the policy that proves our governance is in place |
|
The software uses analytics to prioritize an organization’s risk exposures and recommends informed action to best address those exposures. These capabilities extend across highly complex networks, including those in physical, virtual, cloud and |
| operational technology (OT) environments. By integrating with more than 120 networking and security technologies, the company’s broad platform, the | Skybox™ Security Suite, enables organizations to reduce security risks that attackers can find and exploit, such as device misconfigurations and | policy violations, as well as exposed and unpatched vulnerabilities. |
NetskopePlatinum Sponsor, live demonstration, mapping the path of business, the evolution of cloud security Netskope is the leader in cloud security. Using patented technology, Netskopeís cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time, |
whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, | Netskope is trusted by the largest companies in the world. Netskope ó security evolved. |
ZscalerGold Sponsor, live demonstration enables secure mobile enterprise in real time, architecting the secure enterprise network Zscaler enables the worldís leading organizations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access, and |
Zscaler Private Access creates fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are unable to match. | Used in more than 185 countries, Zscaler operates the worldís largest cloud security platform, protecting thousands of enterprises and government agencies from cyber attacks and data loss. |
HexaBuild,in addition to making their CEO, Co-Founders and COO available to all of us for the entire day, contributes the morning breakfast and afternoon cake. Sweet! HexaBuild is an IT professional services consultancy comprised of industry-recognized IT subject matter experts |
and thought leaders. Our core team has a combined 60+ years of experience, multiple expert-level vendor certifications, and several publications by recognized technology presses. HexaBuild specializes in managing IPv6 adoption initiatives and large-scale cloud deployments for both enterprises and service providers. | Services include address planning, hardware and software assessments, network/IT environment audits, on-prem to cloud migration and integration, and personnel training. |
CyberArkPlatinum sponsor, CyberArk contributes lab leaders and speakers in addition to actively sponsoring our last summer event. CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the worldís leading companies ó including more than 45% of the Fortune 100 companies ó to protect their highest value information assets, infrastructure, and applications. |
For over a decade CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done. At a time when auditors and regulators are recognizing that privileged accounts are the fast track for cyber attacks and demanding stronger protection, CyberArkís security solutions master | high-stakes compliance and audit requirements while arming businesses to protect what matters most. With offices and authorized partners worldwide, CyberArk is a vital security partner to more than 3,200 global businesses, including more than 45% of the Fortune, 100 more than 25% of the Global 2000, CyberArk has offices in the U.S., Israel, Australia, France, Germany, Italy, Japan, Netherlands, Singapore, Spain, Turkey, and the U.K. |
Saba SoftwareOur Venue Sponsor has contributed their offices and resources to make this day possible. As a result, we will be able to offer a thousand dollars to a local scholarship for students wanting more opportunities in the field of cybersecurity. |
and increases growth and success for thousands of businesses around the world. We help organizations create the catalyst for exceptional employee engagement, with a powerful cloud platform that delivers a continuous development experience – from personalized training and collaboration to real-time coaching, goal setting, and feedback. | Today thousands of customers worldwide, in virtually every industry, count on Saba to engage their people, connect their teams, and get the critical insight they need to prove the impact of talent on business success. |
Attivo Networks sponsors and provides lab leaders and speakers.Attivo Networks® is the leader in deception for cybersecurity defense. Founded in 2011, Attivo Networks provides a comprehensive deception platform that in real-time detects inside-the-network intrusions in networks, public and private data centers, and specialized environments such as Industrial Control System (ICS) SCADA, Internet of Things (IoT), and Point of Sale (POS) environments. Founded on the premise that even the best security systems cannot prevent all attacks, Attivo provides the |
required visibility and actionable, substantiated alerts to detect, isolate, and defend against cyber attacks. Unlike prevention systems, Attivo assumes the attacker is inside the network and uses high-interaction decoys and endpoint, server, and application deception lures placed ubiquitously across the network to deceive threat actors into revealing themselves. With no dependencies on signatures or attack pattern matching, the BOTsink deception server is designed to accurately and efficiently detect the reconnaissance and lateral | The Attivo Multi-Correlation Detection Engine (MCDE) captures and analyzes attacker IPs, methods, and actions that can then be viewed in the Attivo Threat Intelligence Dashboard, exported for forensic reporting in IOC, PCAP, STIX, CSV formats or can be used to automatically update SIEM and prevention systems for blocking, isolation, and threat hunting. The ThreatOps offering simplifies incident response through information sharing, incident response automation, and the creation of repeatable playbooks. |
Unified Compliance Framework sponsors, provide past and future speakers.We welcome The Unified Compliance Framework® (UCF) as a new Silver Sponsor, a speaker and recent ISC2 partner in providing certifications for controls and compliance mapping. |
This patented GRC framework is used as a core component of advanced GRC solutions by leading software publishers, certified auditors and consultants worldwide. Unified Compliance’s dynamic SaaS portal, the Common Controls Hub, provides a new interface to the UCF that aids in extracting needed data from the framework easily and helps compliance professionals keep pace with the ever-evolving regulatory demands, confidently manage risk, and ease resource and budget barriers. The Common Controls Hub gives users rapid access to its massive data repository of more than 90,000 individual mandates from 800-plus laws and standards from around the globe. Sorting through the most up-to-date demands, figuring out which controls | they need to implement and how they overlap is now a quick process with just a few simple mouse clicks.The Common Controls Hub simplifies the need to locate, research, interpret, and reconcile new and evolving mandates by giving compliance professionals the ability to centrally scope, define and maintain regulatory demands online. Companies can now automatically compile custom, harmonized control lists in minutes by vertical industries, market segments, and geographies. |
Allgress wine and location sponsorsAllgress enables enterprise risk, security, and compliance professionals the ability to efficiently manage their risk posture. |
By utilizing advanced visualization, automation, streamlined workflows, and the integration of existing data feeds, Allgress reduces the complexity and cost of risk management. Unlike other risk management solutions, Allgress customers derive value in days rather than months. |  For more information, visit www.allgress.com info@allgress.com or 925.579.0002 |
 |
||
| How to become a member: Please directly contact our Chapter President Lee Neely and fill out the membership form https://isc2-eastbay-chapter.org/membership/ | ||
 |
 |
Thank you Chevron, for providing us space and food for the last two years. |
 |
 |
|
| Thank you, Blackhawk – Thank You, Oracle |  |
 |
| (This 1-day event counts towards 8 hours of Continuing Professional Education CPE) | ||
Your friends and colleagues at (ISC)2 East Bay Chapter chapter can’t wait to see you. We hope you join us in giving special thanks to the conference committee volunteers, without whom, such events would not be possible. Providing weekly meetings, binding flyers, drafting letters, being a liaison to our gracious speakers, updating and proofing our brochures, and assisting in the overall quality management of the Fall Conference, we acknowledge R. Daniell Lee, Atul Kumar, Maura Jones, Jason Hoffman and others as well as all members of the Board of Directors for their added responsibilities in coordinating our conference business, and for all the wisdom provided by the full membership of our board. Your support is greatly appreciated.Yours Sincerely,Robin Basham, Conference Director The (ISC)2 East Bay Chapter Board of Directors
|
||
