Chapter Training Day – Friday July 13th

End Point Security Training Day

Odds Are You Need More Skills than Luck

Speakers and Topics are under review.  Please reach out to  Conference Director  Robin Basham,  Director Cybersecurity Awareness Krishnan Thiruvengadam, or Director Education & Career Development Jing Zhang-Lee

Read More

ISSA and ISACA members are welcome to participate as long as seats are available.

Training day is limited to the first 50 students.  Sessions run 90 minutes.  Please reach out if you are interested in being an instructor.

9 AM to 4 PM – 6 CPE

Chapter Meeting June 14th, 2018

Exfiltrating Data through IoT

“Exfiltrating data through the Internet of Things (IoT) provide insights based on research/analysis of data exfiltration vulnerabilities found in IoT protocols (i.e. SSDP, P25, Zigbee, Z-Wave, Wi-Fi, uPnP). With an eye toward mitigating weaknesses in current protocols, this talk addresses future protocol designs to eliminate those weaknesses.  This discussion will delve into the details and demo data exfiltration using IoT protocols. The application of this knowledge will allow you to assess and mitigate these risks as you integrate IoT technologies into your production systems, as well as making informed decisions regarding IoT device and protocol selection.

Garry Drummond, CEO & Founder, 802 Secure Mr. Drummond is a Wartime CEO. From his humble beginnings in Pleasanton, California, he boot-strapped his start-up company, 802 Secure Inc. from his garage. Mr. Drummond has conceptualized, designed and delivered cybersecurity products for both Critical Infrastructures, Enterprise and Government clients around the world. Mr. Drummond along with his few but loyal engineering team landed venture capital in November 2016 to expand the team and fulfill orders. 802 Secure is developing technology for Securing the Internet of Things (IoT), combining Software Defined Radios with Big Data Analytics. Mr. Drummond is a Certified Information System Security Professional (CISSP) and is passionate about wireless cybersecurity. With the recent explosion of Internet of Things, (IoT) device enablement as well as mobile adoption – wireless has now become the easiest way to back-door the wired-side of the network. Wireless technologies do not follow the traditional guidelines of security and new methodologies required to secure digital assets. Only through new thought leadership and innovation using software-defined- radios with big data analytics can these new broader spectrum attack vectors be identified.

802 Secure was awarded Silicon Valley Start-up of the Year in April 2015 and Silicon Valley Company of the Year May 2016. Most recently, in 2017, Mr. Drummond was awarded Most Innovative CEO of the Year.802 Secures products are sold through 5 of the most influential technology resellers in the US.

Aaron Davidson, Solutions Architect, 802 Secure Mr. Davidson is 802 Secure’s Solution Architect working with clients in understanding their issue(s) and providing solutions in meeting their security needs. His experiences stretch from technical support, system admin, network engineering & architecture, quality assurance, security engineering, sales engineering and personnel management. His technical sales skills and bonding with deeply technical individuals as well as creating relationships with management, senior executives, VP and C level have provided effective solutions in meeting the demands of their industry segments.

About 802 Secure:

802 Secure is developing signal intelligent technology for securing the Internet of Things; detecting and assessing new wireless risks across the broader RF spectrum using software defined radios and big data analytics. 802 Secure has developed a leading world-class product, AirShield, to monitor IoT assets, identify risks and threats, and ensure performance and reliability 24×7 of the IoT environment. (www.802secure.com)

Venue:
Chevron World Headquarters
6001 Bollinger Canyon Road
Conference Room A1020 – Building A
San Ramon, CA 94583
Time: 7:00 to 9:00PM
RSVP by replying back to the email by 6/13/2018.
The phone number to call if lost or need directions:  (925) 842-1000 and ask for the main security reception. Our hosts at Chevron are Tom Rogers or Frank Fabsits or ask for Robin Basham
Parking: Park in Visitor Lot Across the Loop Road (Right Turn at first stop sign, and your first right turn into parking lot – walk across road to building behind flagpoles and fountain. Meeting room is BEFORE Security Desk just inside double glass doors on the right)

 

Chapter Meeting May 10, 2018

Location: Blackhawk Network, 6220 Stoneridge Mall Rd, Pleasanton, CA 94588 – 7 PM

Privacy by Design – Why It Can’t Wait!

Here are the slides from the presentation: Privacy by Design_ISC2 EB Chapter Meeting 5.10.18

As the U.S. and the rest of the global community continue to rethink what individual privacy entails, and as “big data” is ingested into machine learning/AI, there will continue to be uncertainty of what the future of privacy will look like. This, coupled with news about mass surveillance, user behavior tracking, and targeted advertising have caused developers to take a more defensive approach when designing new services and products. Implementing Privacy by Design (PbD) can help protect organizations in the long run by applying the principles to their development and design activities that enable privacy by default.

Attendees will learn:

  • What are the principles of Privacy by Design (PbD)
  • Why they are important
  • Tips for operationalizing PbD

Speaker Information:

Orus Dearman, CISSP, CISA ,Managing Director, Cyber Risk Advisory, P: (415) 318-2240, E:  orus.dearman@us.gt.com

Orus provides technology and advisory services to clients in the technology, financial services, and federal industries. He has extensive experience leading cyber risk projects in accordance with the NIST cybersecurity framework, Generally Accepted Privacy Principals (GAPP), FISMA, and FedRAMP guidelines within the United States and globally.  He also specializes in physical and logical vulnerability assessments. Orus works with companies enabling them to implement cybersecurity and privacy frameworks such as the NIST Cybersecurity Framework, GAPP, FISMA/FedRAMP, ISO 27001, and the Trust Services Principles.  He also leads the firm’s Federal Risk and Authorization Management Program (FedRAMP) practice nationally. He has extensive experience providing technical advisory services for clients within the technology, financial services, and federal industries.

Orus is a Certified Information System Security Professional (CISSP), and a Certified Information Security Auditor (CISA).

Dhawal Thakker, CISSP, CISA, Senior Manager, Cyber Risk Advisory, P: (650) 450-1431, E: dhawal.thakker@us.gt.com

Dhawal has over 18 years of experience leading and coordinating IT advisory engagements across several industries, with a focus on the financial services, technology services and healthcare sectors. His experience includes regulatory compliance, privacy (GDPR) GRC program and technology deployments, compliance to regulations like SOX, HIPPA, compliance to credit card industry standards (PCI) designing security policy, Network Security assessments, BCP-DR, Experience, and expertise include:

Dhawal has experience implementing privacy frameworks, assessing EU General Data Protection Regulation (GDPR) compliance, developing privacy policies, benchmarking developer agreements and ensuring compliance with global regulations.

Dhawal has hands-on experience in design implementation and managing GRC solution to automate Cyber and Privacy compliance programs using tools like RSA Archer, ServiceNow, OneTrust etc. Dhawal is a Certified Information Systems Security Professional (CISSP), and a Certified Information Systems Auditor (CISA).

Directions to our meeting:

From Hwy 680 going South (680 S):

Form San Ramon

  • Get on I-680 S
  • Follow I-680 S to Stoneridge Dr in Pleasanton. Take exit 29 from I-680 S
  • Make a right turn on Stoneridge Dr
  • Use the Right two lanes to turn right onto Stoneridge Mall Rd
  • Make a right turn on Workday Way
  • Take Workday Way to the end of the road and make a left in the parking lanes
  • Take the road until you come to the first crossroad
  • Make a right turn and take the road to the end of the street
  • We are the building on the right and you can park anywhere in the parking spaces in front of the building.
  • Blackhawk Network, 6220 Stoneridge Mall Rd, Pleasanton, CA 94588

From Hwy 680 going North (680 N):

Form San Jose

Get on I-680 N

  • Follow I-680 N to Stoneridge Dr in Pleasanton. Take exit 29 from I-680
  • Use the left two lanes to turn left on Stoneridge Dr
  • Use the Right two lanes to turn right after crossing the overpass onto Stoneridge Mall Rd
  • Make a right turn on Workday Way
  • Take Workday Way to the end of the road and make a left in the parking lanes
  • Take the road until you come to the first crossroad
  • Make a right turn and take the road to the end of the street
  • We are the building on the right and you can park anywhere in the parking spaces in front of the building.
  • Blackhawk Network, 6220 Stoneridge Mall Rd, Pleasanton, CA 94588

Kindly confirm your attendance for the meeting by May 8th, 2018, along with your preference of pizza (Veg/Non-Veg) so that we can place orders accordingly. We need to provide the attendee list to our host for badges. To RSVP or for any questions regarding this meeting please contact Vice President Tom Rogers

Chapter Meeting April 12, 2018

Please arrive between 6:45 and 7:00 PM at Bishop Ranch One BR1, 6101 Bollinger Canyon Road, San Ramon, CA

Topic One: Big Data: The forgotten security landmine

As billions of people, devices, and systems get connected to the internet, companies of all sizes will seek to gather insights as to the best ways to further model their businesses to ensure efficiency, improve business processes and additionally offer solutions to complex problems previously impossible to address. This new data economy has led to a rapid rise in the adoption of big data and big data solutions to serve the needs of small to large-scale enterprises.

In the push to take advantage of such valuable data insights, all manner of personal, private and highly sensitive data continues to get fed into Big Data systems with very little focus on their continues protection before and after it lands into Bid Data systems.

This presentation will unearth the hidden landmines and provide recommended solutions as companies deal with such mountain piles of data through their big data systems.

Lenin Aboagye has built several firsts in the industry from first Education-As-A Service(EAAS) platform to building security platform for first fully Open cloud product. As an emerging technologies enthusiast , Lenin has helped advise and guide initiatives from Cloud, Mobile , Big Data and AI for multiple companies as well as speaking severally on such topics and its relevance in the current security landscape. Lenin was an earlier contributor to some of first whitepapers released by CSA(Cloud Security Alliance) and is an active participant in several other Information Security related interests. As a security thought leader, Lenin has spoken at several security conferences, contributed to security books, and also quoted in security and tech media. Lenin was formerly the security Head at IO and is currently President at Limit+ where he provides cybersecurity consulting and security product advisory services to several clients. Lenin is the security advisor for Kogni, world’s first AI-powered Big Data Security product by Clairvoyant. Lenin holds a BA and graduated top of the class with a double major in Computer Science and Math

Topic Two: Cloud Compliance Automation: Automating Hardening AWS  Infrastructure via CI/CD Pipelines

Demo Abstract: This demo presents automating security benchmark controls on cloud infrastructure via Continuous Integration and Continuous Delivery, using open source tools. In this demo, I aim to show how to harden OS images and produce reports on the benchmark controls enforced to cloud security auditors. To achieve this, a DevSecOps engineer is allowed to choose a security benchmark to enforce out of a selected list and then the CI pipeline is triggered to automate the security controls under the benchmark selected on a Linux OS system. The pipeline runs multiple stages to ensure and deliver a fully hardened Linux OS system. Finally, I will also provide a report produced at the end stage of the pipeline. This report lists the controls enforced and remediation tools.

Daniel Callao has a BS in Computer Science and Mathematics from San Jose State University and is an AWS cloud computing professional responsible for the design, implementation, automation, and documentation of scalable multi-tenant infrastructures. His specialties include cloud computing, virtualization for multi-tenant environments, infrastructure as code, solutions architecture and project management, implementing new technologies with process refinement and continuous integration and delivery. Daniel has worked for multiple Fortune 100 tech companies, such as VMware, Autodesk, GE Digital, and Cadence Design Systems. While he is passionate about automation in the cloud, he is also an advocate for open source technology. Daniel enjoys doing live collaborative training on open source automation and container tools.

Topic Three: Chapter Business – Calling All Interested in Training and Sponsoring the July 13th Training Day

We invite our community to add their voices to our planning for the upcoming training day.  Hear from our Directors Cybersecurity and Education and collaborate on the plan.

We also want to discuss charging for meetings and ordering dinner – something we may need to implement effective May.  Unless sponsored by our speakers or host, we will need to begin charging a meal cost to attendees at our monthly meetings.

Conference feedback and discussion regarding the upcoming training day topics.  Bring your suggestions and your spirit of volunteerism.

 

And the Winner is…

MakeAthon winner 2018 are Savvy Gupta, Balamurugan, Alan Wang, Brian Zhao , and Salaj Ganesh  – CONGRATULATIONS

A note from  Director Education & Career Development Jing Zhang-Lee about Makeathon:  Mission San Jose High School hosts annual Innovation Minds Makeathon event to encourage and inspire students to come up with innovative ideas leveraging modern and future technologies. (ISC)2 East Bay Chapter is proud to be one of the sponsors for 2018 Makeathon took place on February 3rd.
This year’s winner group is “VR Emergency”. The group comes up with the idea of leveraging virtual reality technologies for stressful situation training, such as terrorist attack, firefighting, riots, etc. This group won sponsor’s pick for their security mindset of identifying and securing sensitive data, e.g. training officers PII and training records, important building plans, tactics, etc.

Location: Bishop Ranch One BR1, 6101 Bollinger Canyon Road, San Ramon, CA

Directions to Meeting at Chevron

Kindly confirm your attendance for the meeting by April 11th, 2018, along with your preference of pizza (Veg/Non-Veg) so that we can place orders accordingly. We need to provide the attendee list to our host for badges. To RSVP or for any questions regarding this meeting please contact Vice President Tom Rogers

Please make sure to bring a government issued photo id (Driver license or CA ID card etc.) to gain access to the conference room.

Chapter Annual Meeting February 8, 2018

The next chapter meeting will be held on Thursday, February 8, 2018 at Allgress Headquarters, 111 Lindbergh Ave. Suite F – Livermore, CA 94551 from 7:00 pm to 9:00 pm.

Map

Agenda for the Annual Chapter meeting is as follows:

  1. Welcome and Introductions
  2. Update on our 2018 Spring Conference – Cybersecurity – Government Sector
  3. Board Election, Bylaw ratification and other Chapter Business

There will be pizza provided at the event. Please email  communications@isc2-eastbay-chapter.org to RSVP and confirm your pizza preference.

Looking forward to seeing you there!

Chapter Meeting January 18, 2018

The next chapter meeting will be held on Thursday, January 18, 2018 at Allgress Headquarters, 111 Lindbergh Ave. Suite F – Livermore, CA 94551 from 7:00 pm to 9:00 pm.

Map

Agenda for the meeting is as follows:

  1. Welcome and Introductions
  2. Update on our 2018 Spring Conference – Cybersecurity – Government Sector
  3. Presentation on “Multi-Faceted Security Strategies for Enterprises” by Shawn Jackman, Founder & CEO, Clinical Mobility
  4. Upcoming Board Election and other Chapter Business
  5. Presentation on AWS – TBD

There will be pizza provided at the event. Please email  communications@isc2-eastbay-chapter.org to RSVP and confirm your pizza preference.

Looking forward to seeing you there!

Chapter Meeting September 14, 2017

The next chapter meeting will be held on Thursday, September 14, 2017 at Chevron Corporate Headquarters, Chevron Park – Room A1300, 6001 Bollinger Canyon Road, San Ramon, CA 94583 from 7:00 pm to 9:00 pm.

When arriving into Chevron Park, no need to stop at the Guard Shack on the Driveway near Bollinger Canyon Road. Instead do the following:

  1. At the stop sign upon entering Chevron Park, turn right and park in the first lot (Visitor Lot).
  2. Park in the lot and walk across the Loop Road (please use the crosswalk and press the light up button as you walk across)
  3. Walk beyond the Flagpoles to the main entrance and check in at the Security Reception Desk.
  4. Our meeting room is the first conference room to the right inside the turnstiles and glass double-doors. A1300

 

Map
Agenda for the meeting is as follows:

  1. Welcome and Introductions
  2. Update on focused groups for our chapter (Cyber Security Awareness, GRC Assessment, Vulnerability & Risk Assessment programs, etc.)
  3. Presentation on “The road to hiring is paved in good intentions” and Reference handout by Tim O’Brian
  4. Any other business.

Speakers:
Tim O’BrienTim O'Brien
is a 18-year information security professional and a subject matter expert in risk and incident management, intrusion and data analysis and secure architecture design. Tim is well versed in developing technical solutions, determining the best options for the business and its goals, and creating comprehensive implementation plans that minimize risk for the organization. His excellent analytical and problem-solving skills, with emphasis on understanding relationships among technical problems, result in sound and effective business solutions while reducing risk. He enjoys mentoring others and helping them develop their skills through supervisory positions, coursework development, mentoring, presenting at and helping run InfoSec conferences as well as instructional roles. Having progressed through the ranks to hiring manager and director level, he has experienced the pain from both sides of the hiring process and desires to improve the situation for the InfoSec/hacker community.

Kindly confirm your attendance for the meeting by September 12th, 2017, along with your preference of pizza (Veg/Non-Veg) so that we can place order accordingly. We need to provide the attendee list to our host for badges. To RSVP or for any questions regarding this meeting please contact president@isc2-eastbay-chapter.org.

Please make sure to bring a government issued photo id (Driver license or CA ID card etc.) to gain access to the conference room.

Chapter Meeting July 13, 2017

The next chapter meeting will be held on Thursday, July 13, 2017 at Optiv Headquarters, 3875 Hopyard Road, Suite 260, Pleasanton, CA 94588 from 7:00 pm to 9:00 pm.

Map

Agenda for the meeting is as follows:

  1. Welcome and Introductions
  2. Update on our2017 Summer Confernce – Cyber Health, Privacy and Automation
  3. Presentation on “Countdown to Regulatory Compliance: Is Your Organization Ready for GDPR & NIST?” by Robin Basham, CEO, Founder, EnterpriseGRC Solutions, Inc.
  4. Any other business.

Speaker:
Robin BashamRobin's Image

CEO CISO EnterpriseGRC Solutions An Elastic Compliance Company, with a recent contribution in engineering system policy rules into the ARAP product, as VP Security and Compliance at Cavirin, Robin Basham provides thought leadership in delivering concrete security programs that transform compliance burden to strategic advantage. Certified Information Systems Security (CISSP), Audit (CISA), Governance (CGEIT) and Risk (CRISC), earning two master’s degrees in Technology and Education M.IT & M.Ed, Robin is known in fortune five Boston, Mid-Atlantic, Silicon Valley and East Bay as consultant, frequent speaker, educator, and board contributor. Enterprise ICT GRC expert and early adopter in both certifying and offering certification programs for Cloud Security and Virtualization, Robin has industry experience in management of systems, controls and data for SaaS (IaaS and PaaS), Finance, Healthcare, Banking, Education, Defense and High Tech. Positions held include Technology Officer at State Street Bank, Leading Process Engineering for a major New England CLEC, Sr. Director Enterprise Technology for multiple advisory firms, founding, engineering product and running two governance software companies, and most recently Director Enterprise Compliance for a major player in the mortgage industry, Ellie Mae. Current partner organizations include Allgress, Seclore, SVA, ZOHO, PerimeterX, SANS, ITpreneurs, Aruvio and much more.
Consulting at CISCO ISMS Program Leader

Kindly confirm your attendance for the meeting by July 11th, 2017, along with your preference of pizza (Veg/Non-Veg) so that we can place order accordingly. We need to provide the attendee list to our host for badges. To RSVP or for any questions regarding this meeting please contact communications@isc2-eastbay-chapter.org.

BD

Chapter Meeting May 11, 2017

The next chapter meeting will be held on Thursday, May 11, 2017 at Chevron Corporate Headquarters, Chevron Park – Room A1300, 6001 Bollinger Canyon Road, San Ramon, CA 94583 from 7:00 pm to 9:00 pm.

When arriving into Chevron Park, no need to stop at the Guard Shack on the Driveway near Bollinger Canyon Road. Instead do the following:

  1. At the stop sign upon entering Chevron Park, turn right and park in the first lot (Visitor Lot).
  2. Park in the lot and walk across the Loop Road (please use the crosswalk and press the light up button as you walk across)
  3. Walk beyond the Flagpoles to the main entrance and check in at the Security Reception Desk.
  4. Our meeting room is the first conference room to the right inside the turnstiles and glass double-doors. A1300

 

Map
Agenda for the meeting is as follows:

  1. Welcome and Introductions
  2. Update on focused groups for our chapter (Cyber Security Awareness, GRC Assessment, Vulnerability & Risk Assessment programs, etc.)
  3. Presentation on “Security Career Survival Guide” by Milton Smith, Security Principal, Oracle
  4. Presentation on “Security Orchestration” by David Tsao, Global Information Security Officer (CISO), Veeva Systems
  5. Any other business.

Speakers:

    Milton Smith (California, USA) is a security principal working strategically to secure application and application infrastructure at Oracle. Day to day, Milton develops innovative security tooling and collaborates with staff to improve Oracle product security. In a previous role, Milton lead security for the Java platform at Oracle. Outside of Oracle, Milton is the project leader for the OWASP DeepViolet and OWASP Security Logging Projects. Previous employers include Yahoo. For more information visit, securitycurmudgeon.com or follow Milton on Twitter(@spoofzu).

    David Tsao is the Global Information Security Officer (CISO) for Veeva Systems, David is responsible for the security, privacy and compliance of Veeva’s corporate ecosystem and cloud-based products. David previously spent 12 years at Gilead Sciences, where he established and managed their enterprise-wide information security and privacy program.

Thanks to all who attended!

Kindly confirm your attendance for the meeting by May 9th, 2017, along with your preference of pizza (Veg/Non-Veg) so that we can place order accordingly. We need to provide the attendee list to our host for badges. To RSVP or for any questions regarding this meeting please contact lokesh_sub@yahoo.com.

Please make sure to bring a government issued photo id (Driver license or CA ID card etc.) to gain access to the conference room.

Chapter Meeting March 8, 2017

The next chapter meeting will be held on Thursday, March 8, 2017 at Optiv Headquarters, 3875 Hopyard Road, Suite 260, Pleasanton, CA 94588 from 7:00 pm to 9:00 pm.

Map

Agenda for the meeting is as follows:

  1. Welcome and Introductions
  2. Update on focused groups for our chapter (Cyber Security Awareness, GRC Assessment, Vulnerability & Risk Assessment programs, etc.)
  3. Presentation on “Cloud Security – Past, Present and Future” by Sean Cordero, Sr. Executive Director, Optiv
  4. Presentation on “Security Career Survival Guide” by Milton Smith, Security Principal, Oracle
  5. Any other business.

Kindly confirm your attendance for the meeting by March 7th, 2016, along with your preference of pizza (Veg/Non-Veg) so that we can place order accordingly.

(ISC)2 East Bay Chapter