All posts by Robin Basham

Chapter Meeting October 11th, 2018

Topic: Guidance to Implementing Network Security for Kubernetes

Topic: Security and Compliance for Kubernetes, Containers, and Microservices.   Modern application development and deployment have evolved significantly over the last several years. While it brings great productivity, efficiency and time to market advantages for software teams, it creates significant friction for traditional security and compliance architectures. This presentation will discuss how modern security and compliance teams can become business enablers and support agile software development.  Please join this session to learn about:

  • Key challenges facing security & compliance teams towards securing kubernetes based environments,
  • A reference guide and some best practices
  • A real-world case study on how a large SaaS provider is implementing security for their kubernetes based environments.

About Amit Gupta: Product Management leader with 18+ years of professional history developing, positioning and marketing software and services for Enterprises and Service Providers across the world. 10+ years of industry experience in enterprise infrastructure and data center solutions. 14+ years of background in application and infrastructure hosting and cloud services. Professional experience in both entrepreneurial and large corporate environments, driving strategy and tactical execution. Well versed with various Public / Private / Hybrid Cloud service consumption models.

About Tigera: Tigera provides Zero Trust network security and continuous compliance for Kubernetes platforms. Tigera Secure Enterprise Edition extends enterprise security and compliance controls to Kubernetes environments with support for on-premises, multi-cloud, and legacy environments. Tigera Secure Cloud Edition is available on the AWS marketplace and enables fine-grained security and compliance controls for Kubernetes on AWS and Amazon EKS. Tigera powers all of the major hosted Kubernetes environments including Amazon EKS, Azure AKS, Google GKE, and IBM Container Service.  Reach out to Amit Gupta  VP Product Management, Tigera amit@tigera.io

Venue: Chevron World Headquarters

6001 Bollinger Canyon Road
Conference Room A1020 – Building A (CHVPKA 1020)
San Ramon, CA 94583
Time: 7:00 to 9:00 PM Please arrive by 6:55.

Dinner

Pizza and Salad.

RSVP

RSVP to conferencedirector@isc2-eastbay-chapter.org with the subject “Attending October 11th at Chevron building A”. Include your name and ISC2 ID. If you don’t have an ISC2 ID and are not yet a member of our chapter, include the membership application with your email and copy membership@isc2-eastbay-chapter.org

We will be meeting in Building A in room 1020., 6001 Bollinger Canyon Rd, San Ramon, CA 94583. Park in the visitor parking lot and proceed to BLDG A.

Don’t get lost

The phone number to call if lost or need directions:  (925) 842-1000 and ask for the main security reception. Our hosts at Chevron are Ana Colocho (Chevron)  or ask for Robin Basham conferencedirector@isc2-eastbay-chapter.org
Parking: Park in Visitor Lot Across the Loop Road (Right Turn at first stop sign, and your first right turn into the parking lot – walk across the road to building behind flagpoles and fountain. The meeting room is BEFORE Security Desk just inside double glass doors on the right)

The 18th Annual Event presented by San Francisco ISACA

2018 FALL CONFERENCE 

The 18th Annual Event presented by San Francisco ISACA

The SF ISACA Fall Conference provides IT Security Professionals from around the Bay Area the opportunity to come together and learn about emerging topics in our 5 session tracks

  • Core Competencies
  • Governance, Risk & Compliance
  • Professional Strategies
  • Professional Techniques
  • Cybersecurity Essentials

Get ready for three days of great sessions!

October 2018, 15- 17.
Sign up today, this event will sell out!

Chapter Meeting September 13, 2018

To RSVP please send your name, *ISC2 ID  and the subject line “attending September meeting” to conferencedirector@isc2-eastbay-chapter.org. If you have not arrived by 7:00 PM you will not be able to enter the Venue. Please arrive between 6:45 and 7:00 PM as doors lock and all attendees will want to go upstairs to the meeting room. (more below)

Topic 1:  Security Architecture in a Hybrid state

Speaker Istvan Berko – Security Sales Consultant, PNW, GovEd & Globals

In the past, we have aligned our security architecture through our governed controls and the applicability of these controls to our environments. As the legacy IT architecture is morphing into business-centric functions, the underlying infrastructure and data architecture is changing at pace.  This is resulting in a need to shift our information security perspective and the acceptable residual risk. This talk will discuss the need to adapt and consider some of these newer attack vectors and risks.

  • Operational Cloud security controls – New privileged provided to applications from an abstracted privilege management platform
  • Controls applicability to SaaS platforms – Do we introduce legacy security to hosted services?
  • Network and segmentation architecture – What works and what doesn’t
  • DevSecOps and CD/CI and how we enable an SDLC approach to business lead rapid deployment.

Dimension Data – http://www.dimensiondata.com/en-US/Solutions/Security

Mini Topic : Why IPv6 and IOT is the “Price of Admission” our November 9th Conference

Speakers: Robin Basham, Conference Director

Venue: Optiv at 3875 Hopyard Rd., Pleasanton, CA 94588

Kindly confirm your attendance for the meeting by September 12th, 2018, along with your preference of pizza (Veg/Non-Veg) so that we place orders accordingly.

We need to provide the attendee list to our host for badges.

To RSVP please send your name, *ISC2 ID  and the subject line “attending September meeting” to conferencedirector@isc2-eastbay-chapter.org.

*If you are not a member of ISC2 or ISC2 East Bay Chapter, please complete membership application form and send the application with your notice of intent to attend.  Membership is still free, but we do need to know who you are.

REMINDER: Arrive on time or there will not be anyone to open the door. We begin door duty at 6:30 and end at 7:00 PM.

Chapter Training Day – Friday July 13th

End Point Security Training Day

Odds Are You Need More Skills than Luck

Speakers and Topics are under review.  Please reach out to  Conference Director  Robin Basham,  Director Cybersecurity Awareness Krishnan Thiruvengadam, or Director Education & Career Development Jing Zhang-Lee

Read More

ISSA and ISACA members are welcome to participate as long as seats are available.

Training day is limited to the first 50 students.  Sessions run 90 minutes.  Please reach out if you are interested in being an instructor.

9 AM to 4 PM – 6 CPE

Chapter Meeting June 14th, 2018

Exfiltrating Data through IoT

“Exfiltrating data through the Internet of Things (IoT) provide insights based on research/analysis of data exfiltration vulnerabilities found in IoT protocols (i.e. SSDP, P25, Zigbee, Z-Wave, Wi-Fi, uPnP). With an eye toward mitigating weaknesses in current protocols, this talk addresses future protocol designs to eliminate those weaknesses.  This discussion will delve into the details and demo data exfiltration using IoT protocols. The application of this knowledge will allow you to assess and mitigate these risks as you integrate IoT technologies into your production systems, as well as making informed decisions regarding IoT device and protocol selection.

Garry Drummond, CEO & Founder, 802 Secure Mr. Drummond is a Wartime CEO. From his humble beginnings in Pleasanton, California, he boot-strapped his start-up company, 802 Secure Inc. from his garage. Mr. Drummond has conceptualized, designed and delivered cybersecurity products for both Critical Infrastructures, Enterprise and Government clients around the world. Mr. Drummond along with his few but loyal engineering team landed venture capital in November 2016 to expand the team and fulfill orders. 802 Secure is developing technology for Securing the Internet of Things (IoT), combining Software Defined Radios with Big Data Analytics. Mr. Drummond is a Certified Information System Security Professional (CISSP) and is passionate about wireless cybersecurity. With the recent explosion of Internet of Things, (IoT) device enablement as well as mobile adoption – wireless has now become the easiest way to back-door the wired-side of the network. Wireless technologies do not follow the traditional guidelines of security and new methodologies required to secure digital assets. Only through new thought leadership and innovation using software-defined- radios with big data analytics can these new broader spectrum attack vectors be identified.

802 Secure was awarded Silicon Valley Start-up of the Year in April 2015 and Silicon Valley Company of the Year May 2016. Most recently, in 2017, Mr. Drummond was awarded Most Innovative CEO of the Year.802 Secures products are sold through 5 of the most influential technology resellers in the US.

Aaron Davidson, Solutions Architect, 802 Secure Mr. Davidson is 802 Secure’s Solution Architect working with clients in understanding their issue(s) and providing solutions in meeting their security needs. His experiences stretch from technical support, system admin, network engineering & architecture, quality assurance, security engineering, sales engineering and personnel management. His technical sales skills and bonding with deeply technical individuals as well as creating relationships with management, senior executives, VP and C level have provided effective solutions in meeting the demands of their industry segments.

About 802 Secure:

802 Secure is developing signal intelligent technology for securing the Internet of Things; detecting and assessing new wireless risks across the broader RF spectrum using software defined radios and big data analytics. 802 Secure has developed a leading world-class product, AirShield, to monitor IoT assets, identify risks and threats, and ensure performance and reliability 24×7 of the IoT environment. (www.802secure.com)

Venue:
Chevron World Headquarters
6001 Bollinger Canyon Road
Conference Room A1020 – Building A
San Ramon, CA 94583
Time: 7:00 to 9:00PM
RSVP by replying back to the email by 6/13/2018.
The phone number to call if lost or need directions:  (925) 842-1000 and ask for the main security reception. Our hosts at Chevron are Tom Rogers or Frank Fabsits or ask for Robin Basham
Parking: Park in Visitor Lot Across the Loop Road (Right Turn at first stop sign, and your first right turn into parking lot – walk across road to building behind flagpoles and fountain. Meeting room is BEFORE Security Desk just inside double glass doors on the right)

 

Chapter Meeting May 10, 2018

Location: Blackhawk Network, 6220 Stoneridge Mall Rd, Pleasanton, CA 94588 – 7 PM

Privacy by Design – Why It Can’t Wait!

Here are the slides from the presentation: Privacy by Design_ISC2 EB Chapter Meeting 5.10.18

As the U.S. and the rest of the global community continue to rethink what individual privacy entails, and as “big data” is ingested into machine learning/AI, there will continue to be uncertainty of what the future of privacy will look like. This, coupled with news about mass surveillance, user behavior tracking, and targeted advertising have caused developers to take a more defensive approach when designing new services and products. Implementing Privacy by Design (PbD) can help protect organizations in the long run by applying the principles to their development and design activities that enable privacy by default.

Attendees will learn:

  • What are the principles of Privacy by Design (PbD)
  • Why they are important
  • Tips for operationalizing PbD

Speaker Information:

Orus Dearman, CISSP, CISA ,Managing Director, Cyber Risk Advisory, P: (415) 318-2240, E:  orus.dearman@us.gt.com

Orus provides technology and advisory services to clients in the technology, financial services, and federal industries. He has extensive experience leading cyber risk projects in accordance with the NIST cybersecurity framework, Generally Accepted Privacy Principals (GAPP), FISMA, and FedRAMP guidelines within the United States and globally.  He also specializes in physical and logical vulnerability assessments. Orus works with companies enabling them to implement cybersecurity and privacy frameworks such as the NIST Cybersecurity Framework, GAPP, FISMA/FedRAMP, ISO 27001, and the Trust Services Principles.  He also leads the firm’s Federal Risk and Authorization Management Program (FedRAMP) practice nationally. He has extensive experience providing technical advisory services for clients within the technology, financial services, and federal industries.

Orus is a Certified Information System Security Professional (CISSP), and a Certified Information Security Auditor (CISA).

Dhawal Thakker, CISSP, CISA, Senior Manager, Cyber Risk Advisory, P: (650) 450-1431, E: dhawal.thakker@us.gt.com

Dhawal has over 18 years of experience leading and coordinating IT advisory engagements across several industries, with a focus on the financial services, technology services and healthcare sectors. His experience includes regulatory compliance, privacy (GDPR) GRC program and technology deployments, compliance to regulations like SOX, HIPPA, compliance to credit card industry standards (PCI) designing security policy, Network Security assessments, BCP-DR, Experience, and expertise include:

Dhawal has experience implementing privacy frameworks, assessing EU General Data Protection Regulation (GDPR) compliance, developing privacy policies, benchmarking developer agreements and ensuring compliance with global regulations.

Dhawal has hands-on experience in design implementation and managing GRC solution to automate Cyber and Privacy compliance programs using tools like RSA Archer, ServiceNow, OneTrust etc. Dhawal is a Certified Information Systems Security Professional (CISSP), and a Certified Information Systems Auditor (CISA).

Directions to our meeting:

From Hwy 680 going South (680 S):

Form San Ramon

  • Get on I-680 S
  • Follow I-680 S to Stoneridge Dr in Pleasanton. Take exit 29 from I-680 S
  • Make a right turn on Stoneridge Dr
  • Use the Right two lanes to turn right onto Stoneridge Mall Rd
  • Make a right turn on Workday Way
  • Take Workday Way to the end of the road and make a left in the parking lanes
  • Take the road until you come to the first crossroad
  • Make a right turn and take the road to the end of the street
  • We are the building on the right and you can park anywhere in the parking spaces in front of the building.
  • Blackhawk Network, 6220 Stoneridge Mall Rd, Pleasanton, CA 94588

From Hwy 680 going North (680 N):

Form San Jose

Get on I-680 N

  • Follow I-680 N to Stoneridge Dr in Pleasanton. Take exit 29 from I-680
  • Use the left two lanes to turn left on Stoneridge Dr
  • Use the Right two lanes to turn right after crossing the overpass onto Stoneridge Mall Rd
  • Make a right turn on Workday Way
  • Take Workday Way to the end of the road and make a left in the parking lanes
  • Take the road until you come to the first crossroad
  • Make a right turn and take the road to the end of the street
  • We are the building on the right and you can park anywhere in the parking spaces in front of the building.
  • Blackhawk Network, 6220 Stoneridge Mall Rd, Pleasanton, CA 94588

Kindly confirm your attendance for the meeting by May 8th, 2018, along with your preference of pizza (Veg/Non-Veg) so that we can place orders accordingly. We need to provide the attendee list to our host for badges. To RSVP or for any questions regarding this meeting please contact Vice President Tom Rogers

Chapter Meeting April 12, 2018

Please arrive between 6:45 and 7:00 PM at Bishop Ranch One BR1, 6101 Bollinger Canyon Road, San Ramon, CA

Topic One: Big Data: The forgotten security landmine

As billions of people, devices, and systems get connected to the internet, companies of all sizes will seek to gather insights as to the best ways to further model their businesses to ensure efficiency, improve business processes and additionally offer solutions to complex problems previously impossible to address. This new data economy has led to a rapid rise in the adoption of big data and big data solutions to serve the needs of small to large-scale enterprises.

In the push to take advantage of such valuable data insights, all manner of personal, private and highly sensitive data continues to get fed into Big Data systems with very little focus on their continues protection before and after it lands into Bid Data systems.

This presentation will unearth the hidden landmines and provide recommended solutions as companies deal with such mountain piles of data through their big data systems.

Lenin Aboagye has built several firsts in the industry from first Education-As-A Service(EAAS) platform to building security platform for first fully Open cloud product. As an emerging technologies enthusiast , Lenin has helped advise and guide initiatives from Cloud, Mobile , Big Data and AI for multiple companies as well as speaking severally on such topics and its relevance in the current security landscape. Lenin was an earlier contributor to some of first whitepapers released by CSA(Cloud Security Alliance) and is an active participant in several other Information Security related interests. As a security thought leader, Lenin has spoken at several security conferences, contributed to security books, and also quoted in security and tech media. Lenin was formerly the security Head at IO and is currently President at Limit+ where he provides cybersecurity consulting and security product advisory services to several clients. Lenin is the security advisor for Kogni, world’s first AI-powered Big Data Security product by Clairvoyant. Lenin holds a BA and graduated top of the class with a double major in Computer Science and Math

Topic Two: Cloud Compliance Automation: Automating Hardening AWS  Infrastructure via CI/CD Pipelines

Demo Abstract: This demo presents automating security benchmark controls on cloud infrastructure via Continuous Integration and Continuous Delivery, using open source tools. In this demo, I aim to show how to harden OS images and produce reports on the benchmark controls enforced to cloud security auditors. To achieve this, a DevSecOps engineer is allowed to choose a security benchmark to enforce out of a selected list and then the CI pipeline is triggered to automate the security controls under the benchmark selected on a Linux OS system. The pipeline runs multiple stages to ensure and deliver a fully hardened Linux OS system. Finally, I will also provide a report produced at the end stage of the pipeline. This report lists the controls enforced and remediation tools.

Daniel Callao has a BS in Computer Science and Mathematics from San Jose State University and is an AWS cloud computing professional responsible for the design, implementation, automation, and documentation of scalable multi-tenant infrastructures. His specialties include cloud computing, virtualization for multi-tenant environments, infrastructure as code, solutions architecture and project management, implementing new technologies with process refinement and continuous integration and delivery. Daniel has worked for multiple Fortune 100 tech companies, such as VMware, Autodesk, GE Digital, and Cadence Design Systems. While he is passionate about automation in the cloud, he is also an advocate for open source technology. Daniel enjoys doing live collaborative training on open source automation and container tools.

Topic Three: Chapter Business – Calling All Interested in Training and Sponsoring the July 13th Training Day

We invite our community to add their voices to our planning for the upcoming training day.  Hear from our Directors Cybersecurity and Education and collaborate on the plan.

We also want to discuss charging for meetings and ordering dinner – something we may need to implement effective May.  Unless sponsored by our speakers or host, we will need to begin charging a meal cost to attendees at our monthly meetings.

Conference feedback and discussion regarding the upcoming training day topics.  Bring your suggestions and your spirit of volunteerism.

 

And the Winner is…

MakeAthon winner 2018 are Savvy Gupta, Balamurugan, Alan Wang, Brian Zhao , and Salaj Ganesh  – CONGRATULATIONS

A note from  Director Education & Career Development Jing Zhang-Lee about Makeathon:  Mission San Jose High School hosts annual Innovation Minds Makeathon event to encourage and inspire students to come up with innovative ideas leveraging modern and future technologies. (ISC)2 East Bay Chapter is proud to be one of the sponsors for 2018 Makeathon took place on February 3rd.
This year’s winner group is “VR Emergency”. The group comes up with the idea of leveraging virtual reality technologies for stressful situation training, such as terrorist attack, firefighting, riots, etc. This group won sponsor’s pick for their security mindset of identifying and securing sensitive data, e.g. training officers PII and training records, important building plans, tactics, etc.

Location: Bishop Ranch One BR1, 6101 Bollinger Canyon Road, San Ramon, CA

Directions to Meeting at Chevron

Kindly confirm your attendance for the meeting by April 11th, 2018, along with your preference of pizza (Veg/Non-Veg) so that we can place orders accordingly. We need to provide the attendee list to our host for badges. To RSVP or for any questions regarding this meeting please contact Vice President Tom Rogers

Please make sure to bring a government issued photo id (Driver license or CA ID card etc.) to gain access to the conference room.