2018 Fall Conference IPv6 & IOT: Price of Admission

Thank you to our conference committee and presenters for completing another successful conference. Check back soon for information on the upcoming March 8th 2019 Security Integration from Architecture to GRC Event

November 9th, 2018 – Doors open at 8:00 AM
Reception 5:00 PM Sitemap 

Map of Saba Software Inc

Venue:  SABA Software 4160 Dublin Blvd Suite 145, Dublin, CA 94568

If Cybersecurity is the theme to your action-packed security career, then conquering IPv6 and IOT is the price of admission. Without facility and strategy in the face of these two key area, it’s game over before you even get butter on your popcorn.
The November 9th IPv6+IOT: Price of Admission one-day security event includes 11 speakers and six guided product demonstration offering 8 CPE for full attendance. Learn more at https://isc2-eastbay-chapter.org, LinkedIn, Facebook

8 hours of Continuing Professional Education upon Lab completion and returning your survey. Download the Fall Flyer ISC2-Eastbay-chapter-Nov-9-2018-conference

  • By 2020 Gartner predicts the Internet of Things (IoT) will demand 26 Billion IP addresses, while four out of the five world Regional Internet Registries are already out of IPv4 space
  • IPv6 puts immediate pressure on all Federal IT System Administrators and IT Professionals who are already mandated to have all system be fully transitioned by 2012
  • The US government specifies that all network backbones of all federal agencies are IPv6 and the US government requires federal agencies to provide native dual-stacked IPv4/IPv6 access to external/public services and that internal clients utilize IPv6
  • What are the Security advantages of IPv6?
  • How are IPv6 attacks likely to increase with its adoption?
  • What are the Security challenges of IPv6?
  • How do we avoid the security pitfalls of IPv6?
  • IPv6 denial-of-service attack: pretty much every modern mobile device and PC has IPv6 turned on as a default, so when those IPv6 attacks come, they are going to hit hard, and a lot of network engineers haven’t retrained sufficiently to even know what remains to prepare
  • Understanding IPv6 security issues, threats, defenses – where IPv6 may be the Internet’s next superhighway for zero-day attacks.

The IPv4 to IPv6 transition can present issues for an enterprise without resources to redesign its network. Experts and vendors discuss how to ensure IPv6 connectivity.

ISC2-Eastbay-chapter-Nov-9-2018-conference – Fall Flyer

Download the schedule

Download the calendar event

Pricing:

(ISC)2 is happy to accept member ID from its partner professional organizations:

ISACA, ISSA, ISC2

  • Early Bird Member* $105
  • Early Bird Non-Member* $120
  • Student $45

Registration after November 1st

  • Member or Affiliate Member $130
  • Non-Member $145
  • Sorry no more student passes

If you are experiencing hardship and wish to attend, please have proof of (ISC)2 membership or ISACA membership and reach out to Director Education & Career Development Jing Zhang-Lee, or
Conference Director Robin Basham

Registration 8:00 AM – 8:50, Speaker Reception, Closing Remarks and Raffle 5:15 – 6:30 PM

Speaker Bar
Session 1.1: 9:00 – 10:00 Meet Ed Horley 9:00 – 10:00

Ed Horley, Chief Executive Officer of HexaBuild, Inc.

Celebrating the Sixth Year Anniversary of World IPv6 Launch

Ed is the Co-Chair of the California IPv6 Task Force, holding that position since 2010. He is an international speaker on IPv6 and is actively involved in the advocacy of IPv6 through his work on the CAv6TF and the North American IPv6 Task Force. He has an extensive background in networking and technology, with over 20 years of experience in designing, deploying and supporting data center and enterprise networks.

Presentation

1-1: Session Description and More about Ed Horley: Ed is the author of the Apress book Practical IPv6 for Windows Administrators and is a Pluralsight author for two courses, both on IPv6. He was also the technical reviewer or editor for the following titles: Understanding IPv6, Third Edition from Microsoft Press, IPv6 Essentials Third Edition from O’Reilly Media and IPv6 Address Planning from O’Reilly Media. Ed previously worked for IT solutions provider Groupware Technology for seven years, where for the last two years he held the position of VP of Engineering. During his tenure at Groupware, he was instrumental in the development of Groupware’s Cloud Practice as well as the overall growth of its engineering structure and talent.

About Hexabuild: HexaBuild is an IT professional services consultancy comprised of industry-recognized IT subject matter experts and thought leaders. Our core team has a combined 60+ years of experience, multiple expert-level vendor certifications, and several publications by recognized technology presses. HexaBuild specializes in managing IPv6 adoption initiatives and large-scale cloud deployments for both enterprises and service providers. Services include address planning, hardware and software assessments, network/IT environment audits, on-prem to cloud migration and integration, and personnel training.

Director of Education & Career Development Jing Zhang-Lee  introduces Carolyn Shek 10:00-10:15

San Francisco, Office of Economic & Workforce Development, on the TechSF

 

Carolyn Shek works for the City & County of San Francisco, Office of Economic & Workforce Development, on the TechSF team which provides a range of services, opportunities, training programs for diverse young adults seeking careers and apprenticeship in the technology industry.
The City of San Francisco, Office of Economic & Workforce Development partnered with the City College of San Francisco; The Information Security Apprenticeship Program. This is a registered apprenticeship that follows the guidelines established by the California Apprenticeship Council.

Students start with completing a set of prerequisite courses on Information Security at CCSF, (Domain Name Systems, and Introduction to Networks, Network Security and Computer Forensics). Then they are matched with an employer for their apprenticeship, which they will concurrently continue their courses towards the CCSF Certification in Cyber Security.  At the successful completion of the program, apprentices are qualified to test for the CISSP Associate Certification!

Employers are able to customize their training program to meet their skills needs, human resources strategies and company culture.

We are currently recruiting Employers who are interested in hiring our apprenticeship to start at their company as apprentices.

This is a great program for companies to make a difference in developing a student’s first step into their new career, at the same time, growing your company’s workforce with diverse talents.

Session 1.2: 10:15-11:00 Meet Michele Guel 10:15-11:00

Imagine 26 Billion

Michele Guel, Distinguished Engineer & IOT Security Strategist Cisco 

Michele has been an avid participant, speaker, teacher, influencer and evangelist in the cybersecurity industry for 30 years. She joined Cisco in March 1996 as the founding member of Cisco’s internal security team.

During her 22+ years at Cisco, she has had the opportunity to work in many facets of cybersecurity and had the opportunity to establish many “firsts” at Cisco. Michele is one of 7 female Distinguished Engineers across Cisco today.   In 2014 she co-founded Cisco’s Women in Cybersecurity Resource Community which focuses on developing the next generation of women cybersecurity leaders and practitioners.

In 2016 she was the recipient of Anita Borg’s 2016 ABIE Women of Vision Technology Leadership Award.

Think like a girl

Her most recent work focuses on security and privacy strategies for the Internet of Things and the security possibilities for blockchain technology.

Presentation

1-2 Session Description:   This session explores challenges and opportunities with securing assets and information in the Internet of Things. Starting with a thought-provoking potential daily life connected scenario, we’ll explore the implications to our personal data privacy and the exponentially expanding attack surface as our world becomes more connected. While securing the IoT may seem intractable in the face of the flow of new hacks and breaches, there are patterns to the attack vectors and methods do exist that can close the gaps making IoT echo systems defensible.

More about Michele: Outside of Cisco, Michele has been an avid participant, speaker, teacher, influencer and evangelist in the cyber security industry for over 27 years. Her most recent work focuses on developing & codifying the practice and art of information security engineering & architecture. Her motto is all about “Building it in and not bolting it on.”
Recently Michele received the Anita Borg Institute Women of Vision Award for Leadership. You can view an article here: http://wov.anitaborg.org/speakers-award-winners/2016/2016-award-winners/cisco-woman-vision-michele-d-guel/

Cisco (NASDAQ: CSCO) enables people to make powerful connections-whether in business, education, philanthropy, or creativity. Cisco hardware, software, and service offerings are used to create the Internet solutions that make networks possible-providing easy access to information anywhere, at any time. Cisco was founded in 1984 by a small group of computer scientists from Stanford University. Since the company’s inception, Cisco engineers have been leaders in the development of Internet Protocol (IP)-based networking technologies. Today, with more than 71,000 employees worldwide, this tradition of innovation continues with industry-leading products and solutions in the company’s core development areas of routing and switching, as well as in advanced technologies such as home networking, IP telephony, optical networking, security, storage area networking, and wireless technology. In addition to its products, Cisco provides a broad range of service offerings, including technical support and advanced services. Cisco sells its products and services, both directly through its own sales force as well as through its channel partners, to large enterprises, commercial businesses, service providers, and consumers.

Session 1:3 11:00-11:50 Meet Benjamin Derr 11:00-Noon

Privileged Account Risks and Where to Find Them – Part 2: What are the roles on IOT devices?

Benjamin Derr is a Principal Solutions Engineer with CyberArk, and over the last three years, has worked with Fortune 500 organizations and government agencies to help them develop long-term

cybersecurity strategies built on privileged account security best practices. He has worked for CyberArk for over 3 years, and brings deep technical and business experience to his role, with a focus on areas such as regulatory compliance, policy management, access management, and proactive risk mitigation techniques. Prior to CyberArk, Ben has worked in a variety of roles, and has been in the industry for over 20 years. CyberArk, Benjamin Derr

CyberArkNov2018

1-3 Session Description: Accelerate Results: Privileged Account Risks and Where to Find Them – Part 2: What are the roles on IOT devices?

Where it’s imperative to maintain speed and agility without compromising secrets used by privileged admin users, CI/CD tools, homegrown applications, and infrastructure – protect the pipeline and integrity of resulting products. This session will discuss:

  • What is the role of Privilege in IoT?
  • We’re no longer talking about phones and tablets,
  • We’re talking networked devices like Printers,
  • Network Video Recorders,
  • Healthcare systems, and many others.
  • Maintaining compliance and reducing risk in this new Cloud and automation frontier is the challenge of the day

About: CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the worldís leading companies ó including more than 45% of the Fortune 100 companies ó to protect their highest value information assets, infrastructure, and applications. For over a decade CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done. At a time when auditors and regulators are recognizing that privileged accounts are the fast track for cyber attacks and demanding stronger protection, CyberArkís security solutions master high-stakes compliance and audit requirements while arming businesses to protect what matters most. With offices and authorized partners worldwide, CyberArk is a vital security partner to more than 3,200 global businesses, including more than 45% of the Fortune, 100 more than 25% of the Global 2000, CyberArk has offices in the U.S., Israel, Australia, France, Germany, Italy, Japan, Netherlands, Singapore, Spain, Turkey and the U.K.

1:4 12:30-1:15 Meet Jun Du Luncheon with Presentation

Is Cyber Risk in the Nature of IoT ?

Jun Du, Head of Security Research and Analytics at ZingBox Inc.Jun has dedicated the last 16 years to creating software that enables network infrastructure and cybersecurity. He is currently the Head of Security Research and Analytics at Zingbox where he leads a team of data scientists and security researchers leveraging AI and machine learning to develop IoT security solutions.

Prior to Zingbox, Jun held various engineering and management roles in the networking and security solution providers such as Ericsson, Airespace, and Cisco Systems. Jun led teams that created new generations of network security software leveraging behavioral analytics to detect network breaches. He also helped develop the technology and build the engineering team focused on enterprise wireless during his 8 years at Cisco, when his team helped built all wireless controller models and mobility solutions. Jun is co-holder of multiple patents and has MS degrees from NC State and Beijing University of Telecom.

Presentation Download

1-4: Is Cyber Risk in the Nature of IoT ?  IPv6 enables IoT but cyber risk is in their nature. Connected devices open endless possibilities for people, including those with malicious intent. This session will use connected medical devices, or IoMT, as examples to illustrate the hard facts about the cyber risks IoT bring to the industry, and more importantly, how to play defense by leveraging an AI-powered risk model combined with real-time detection, service integration, big data, and threat intelligence. Recent advancements in Artificial Intelligence (AI) and Deep Learning are revolutionizing the way enterprises operate, including the way healthcare providers offer care. The same technologies are also leading the way to ensure the provider’s ability to protect their devices from ransomware and data breach and ensure uninterrupted service. In this talk, Mr. Jun Du will explore the challenges in IoT security and solutions that are being applied to healthcare industry today.
About Zingbox: Zingbox detects and protects the connected equipment. It provides unparalleled visibility into the Internet of Things (IoT) infrastructure to reveal existing vulnerabilities and hidden threats. Zingbox is a real-time IoT security solution that protects enterprises from cyber and insider threats. Deployed in a non-intrusive way, Zingbox discovers, identifies and classifies assets into IoT categories. It then learns and generates a baseline of normal device behavior and identifies its risk profile. Zingbox detects anomalous behavior to provide real-time policy enforcement.  Founded by industry veterans with deep expertise in networking and security, Zingbox is backed by leaders in enterprise security.  http://www.zingbox.com
Session 1:5 1:15-2:15 PM Meet Alok Batra 1:15-2:00 PM + QA

Digitization and the IoT Trap

Speaker Alok Batra, founder of Atomiton, a leader in IoT delivering next-generation intelligent solutions to industrial businesses.

Stepping up today

Meet Scott Sullivan, Senior Vice President of Sales and Channels at Atomiton

 

Entrepreneur & Executive Specialties: Distributed Systems, Machines, Cloud Architectures & Software enabled Services Roles: Board Member, CEO, President, CTO, Engineering Head – Presenting for Alok, meet Scott: Executive leadership with decades of experience at public and private technology companies that have defined or redefined markets in IIoT, Cloud, Security, and big data analytics. CEO and sales executive experience in private equity backed and publicly traded companies.

Atomiton ISC2 East Bay Nov 9 2018

1- 5 Digitization and the IoT Trap: Today’s prevailing (and wrong) understanding of IoT has reduced digital enterprises into “lots of data about things”. There are three elements in enterprises: people, things and information. What makes them produce their value is found in the identification and execution of the right processes.

Energy, Retail, & Logistics – share a need to move sensors into the field: When is the right time for security to get involved? As  IOT plays an increasing role in the Industrial Space we witness:

  • New data sources
  • New systems
  • New connections the likes of which were not there before
  • We need to understand what people are touching
  • Why they need to do that
  • We must anticipate what will be a fad and what’s going to stick as a critical feature to the business ROI
  • How will security be proactive?
  • What do we see as the typical IOT process
  • What may or may not be the right process
  • When should security be involved in the process (hint… now)

Atomiton is a global leader in industrial IoT, providing a digital platform for industrial solutions in Oil & Gas, Energy, Smart Cities, Manufacturing and Engineering Services. Digital solutions that deliver relevant real-time business insights, optimize operations and automate actions are created with Atomiton software.

Session 1.6: 2:15-3:00

Tabletops – join a sponsor lead discussion with a kick off from Jonathan Randall, Maura Jones, and R. Daniel Lee

Deception Tech Leaders Attivo Networks facilitates planning for your next threat vector, and recent ISACA speaker Maura Jones addresses the increasing vast attack surface of IOT. Table Tops have leaders and facilitators from the following companies – Your task is to develop a facilitated narrative that adds to your existing BCP, DR or BIA

 

1-6 Session Description: Have you considered new threats from IOT and IPv6 to add into your risk scenarios, your threat chains, and specifically, have you factored this into at least one new tabletop exercise?  We welcome back Jonathan Randall, CISSP,  and our co-chairs Maura Jones, CISSP,  and  R. Daniel Lee, CISS to facilitate this group exercise.
Tabletop lab structure allows groups of five or more participants in a guided activity designed to foster the real-world application of core ISC2 education domain topics. Exhibitors and Chapter Members must examine impacts from IPv6 and IOT and the rest is up to you and your mentor.  Table leaders include representation from:

  • CyberArk: Role Based Privileged Access Management – Benjamin Derr, Cory Brown and Brian Kennedy
  • Attivo Networks: Deceive – Detect – Defend,  Jonathan Randall
  • Netskope & 6 Connect: New infrastructure Dependencies, Sean Codero and Pete Scalfini
  • Zingbox: Cyber Risk in IOT
  • Conference Committee co-chairs Maura Jones and R. Daniel Lee
  • Please feel free to also use this time to meet with Hiring Managers and Recruiters – KForce, Robert Half, Vivo Inc. and our special guest Carolyn Shek
Have you adjusted your current BCP to account for new challenges in IOT?

Each table has one hour and one facilitator. Your mission is to design one tabletop exercise involving at least one topic from the day.  Your effort earns 1 CPE

You can also use this time to meet with hiring advisors.

All of the companies below are sponsors and attendants. If you want to meet with people directly, please contact the conference director who will arrange your one on one time.

netskope

Optiv

3:15-3:30 PM Running late? Eat some time.

We Break 4 Cake

Cake Sponsors are so sweet!

  • Hexabuild
  • KFORCE
  • Attivo Networks

If we are running late, you may be asked to hurry up and eat your cake

Are you sweet? Show us by donating cake, bagels, pizza, wine, printed materials, pens, space. We always welcome your swag. Put your logo on EVERYTHING. We’ll take it.

Special thanks to Maura Jones and Asha Kumar for coordinating meals.

Session 1-7&8: 3:30-5:15 Meet Sean Codero Meet Pete Sclafani

IPv6 TLDR: Everything you didn’t want to know or hear about IPv6 and the changing IPv4 landscape- in less than 12 Parsecs

Sean Cordero, VP of Cloud Strategy at Netskope

Pete Sclafani, COO & Co-Founder of 6Connect

1-7 &1-8: Session Description: Everything you didn’t want to know or hear about IPv6 and the changing IPv4 landscape- in less than 12 Parsecs:

The continued and increased rate of IPv6 adoption on a global scale marches on. Internet and Cloud service providers have continued to limit the usage of IPv4 due to cost, performance, and interoperability reasons. Now, the industry-wide shift has started to impact how our users and systems communicate with Internet-based services and placed new security considerations due to this new paradigm.

Join industry leaders Pete Sclafani, COO, and co-founder of 6connect, and Sean Cordero, VP of Cloud Strategy at Netskope to hear from them on the impacts IPv6 adoption is having across the industry, the pitfalls to avoid as an organization begins adoption, and the impact to securing Cloud and on-premise based technologies.
Attendees will walk away with real-world examples and actionable steps to empower their understanding and engagement in their organization’s IPv6 efforts and begin
  • The worldwide and industry shifts driving IPv6 adoption
  • Understand the information risk implications of not controlling engaging in the efforts to drive IPv6 adoption.
  • Preparing your organization for the operational and technical changes IPv6 introduces to your team.
  • Avoidable mistakes which can lead to long-term, negative, business impacts  
netskope

About Netskope: Netskope is the leader in cloud security. Using patented technology, Netskopeís cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time, whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope ó security evolved.

About 6Connect: 6connect is the leader in network resource provisioning and automation. 6connect’s unique Dynamic Network ProVisioning (DNP) platform enables centralized provisioning of physical and virtual devices across distributed and mobile networks, cloud platforms, web-hosting platforms, and data centers. Innovative customers like Dell, PCCW, Swisscom, Terremark, iLand Cloud Infrastructure, and CyrusOne utilize DNP to accelerate service delivery time, accurately provision complex network protocols, and dramatically reduce network complexity and costs, while achieving industry change management and compliance requirements. 6connect is based in Silicon Valley and employs an engineering team that includes some of the world’s foremost experts in IPv4/IPv6 technology, network architecture design, and systems automation.https://www.6connect.com/

We

Remember

Robert E. Stroud

Recognition

We honor his memory through scholarship.
ISACA News  ISACA’s 2014-15 Board Chair Robert E Stroud passed away Monday, 3 September 2018. He was struck by a vehicle while jogging on Long Island, New York, USA. Stroud was 55 years old.
Stroud brought boundless energy and enthusiasm into everything he did for ISACA—and those contributions were many. During his term as board chair, he was a driving force in the launch of ISACA’s Cybersecurity Nexus™ (CSX). Prior to that, he was international vice president of ISACA, a member of the Strategic Advisory Council and Governance Committee, and chair of ISACA’s International Organization for Standardization (ISO) Liaison Subcommittee. He was a COBIT champion and contributed to COBIT 4.0, 4.1 and 5, and numerous COBIT mapping documents. Additionally, he was involved in the creation of ISACA’s Basel II, Risk IT and Val IT guidance. He was deeply engaged with the association for 12 years, serving on more than 15 groups and speaking at countless conferences over that time.
“ISACA lost a dedicated leader, an engaged board member, a passionate colleague and, most notably, a very dear friend,” said ISACA Board Chair Rob Clyde, CISM, in his tribute to Rob Stroud. “Rob was always looking forward to new trends, new challenges, and new opportunities so he could best serve his clients, his colleagues, and his friends, whether bonds were just formed or existed for decades. His exuberance lit up the room wherever he went, and he was truly a guiding light and progressive proponent for the association and our professional community. Rob’s enduring spirit of innovation will continue to influence ISACA and our global family for years to come.”

Dinner is

Texas Barb-B-Q from

Armadillos

Wine is courtesy of

Securonix

Platinum Sponsor, live demonstration visualizing the threat, actionable intelligence

Securonix
Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their environment. Using signature-less anomaly detection techniques that track users, account, and system behavior, Securonix is able to automatically and accurately detect the most advanced cyber threats, insider threats, and fraud attacks. Globally customers are using Securonix to address the most basic and complex needs around insider threat detection and monitoring, high privileged activity monitoring, data exfiltration, enterprise and web fraud detection, application risk monitoring, cloud security monitoring, cyber threat monitoring, and access risk management. Securonix uses a Hadoop platform to provide unlimited scalability and open data model. http://www.securonix.com

Skybox Security

Gold sponsor, live demonstration assigning the policy that proves our governance is in place

The software uses analytics to prioritize an organization’s risk exposures and recommends informed action to best address those exposures. These capabilities extend across highly complex networks, including those in physical, virtual, cloud and
operational technology (OT) environments. By integrating with more than 120 networking and security technologies, the company’s broad platform, the Skybox™ Security Suite, enables organizations to reduce security risks that attackers can find and exploit, such as device misconfigurations and policy violations, as well as exposed and unpatched vulnerabilities.

Netskope

Platinum Sponsor, live demonstration, mapping the path of business, the evolution of cloud security Netskope is the leader in cloud security. Using patented technology, Netskopeís cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time,

whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope ó security evolved.netskope

Zscaler

Gold Sponsor, live demonstration enables secure mobile enterprise in real time, architecting the secure enterprise network Zscaler enables the worldís leading organizations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access, and

Zscaler Private Access creates fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are unable to match. Used in more than 185 countries, Zscaler operates the worldís largest cloud security platform, protecting thousands of enterprises and government agencies from cyber attacks and data loss.Zscaler

HexaBuild,

in addition to making their CEO, Co-Founders and COO available to all of us for the entire day,  contributes the morning breakfast and afternoon cake.  Sweet!

HexaBuild is an IT professional services consultancy comprised of industry-recognized IT subject matter experts

and thought leaders. Our core team has a combined 60+ years of experience, multiple expert-level vendor certifications, and several publications by recognized technology presses. HexaBuild specializes in managing IPv6 adoption initiatives and large-scale cloud deployments for both enterprises and service providers. Services include address planning, hardware and software assessments, network/IT environment audits, on-prem to cloud migration and integration, and personnel training.

CyberArk

Platinum sponsor, CyberArk contributes lab leaders and speakers in addition to actively sponsoring our last summer event.

CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise.  Dedicated to stopping attacks before they stop business, CyberArk is trusted by the worldís leading companies ó including more than 45% of the Fortune 100 companies ó to protect their highest value information assets, infrastructure, and applications.

For over a decade CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done. At a time when auditors and regulators are recognizing that privileged accounts are the fast track for cyber attacks and demanding stronger protection, CyberArkís security solutions master high-stakes compliance and audit requirements while arming businesses to protect what matters most. With offices and authorized partners worldwide, CyberArk is a vital security partner to more than 3,200 global businesses, including more than 45% of the Fortune, 100 more than 25% of the Global 2000, CyberArk has offices in the U.S., Israel, Australia, France, Germany, Italy, Japan, Netherlands, Singapore, Spain, Turkey, and the U.K.
CyberArkMd

Saba Software

Our Venue Sponsor has contributed their offices and resources to make this day possible. As a result, we will be able to offer a thousand dollars to a local scholarship for students wanting more opportunities in the field of cybersecurity.
Saba makes software that transforms the working lives of millions of people

and increases growth and success for thousands of businesses around the world. We help organizations create the catalyst for exceptional employee engagement, with a powerful cloud platform that delivers a continuous development experience – from personalized training and collaboration to real-time coaching, goal setting, and feedback. Today thousands of customers worldwide, in virtually every industry, count on Saba to engage their people, connect their teams, and get the critical insight they need to prove the impact of talent on business success.

Attivo Networks sponsors and provides lab leaders and speakers.

Attivo Networks® is the leader in deception for cybersecurity defense. Founded in 2011, Attivo Networks provides a comprehensive deception platform that in real-time detects inside-the-network intrusions in networks, public and private data centers, and specialized environments such as Industrial Control System (ICS) SCADA, Internet of Things (IoT), and Point of Sale (POS) environments. Founded on the premise that even the best security systems cannot prevent all attacks, Attivo provides the

required visibility and actionable, substantiated alerts to detect, isolate, and defend against cyber attacks. Unlike prevention systems, Attivo assumes the attacker is inside the network and uses high-interaction decoys and endpoint, server, and application deception lures placed ubiquitously across the network to deceive threat actors into revealing themselves. With no dependencies on signatures or attack pattern matching, the BOTsink deception server is designed to accurately and efficiently detect the reconnaissance and lateral The Attivo Multi-Correlation Detection Engine (MCDE) captures and analyzes attacker IPs, methods, and actions that can then be viewed in the Attivo Threat Intelligence Dashboard, exported for forensic reporting in IOC, PCAP, STIX, CSV formats or can be used to automatically update SIEM and prevention systems for blocking, isolation, and threat hunting. The ThreatOps offering simplifies incident response through information sharing, incident response automation, and the creation of repeatable playbooks.

Unified Compliance Framework sponsors, provide past and future speakers.

We welcome The Unified Compliance Framework® (UCF) as a new Silver Sponsor, a speaker and recent ISC2 partner in providing certifications for controls and compliance mapping.
The Unified Compliance Framework® (UCF) was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Perkins Coie, which oversees all legal aspects of the UCF.

This patented GRC framework is used as a core component of advanced GRC solutions by leading software publishers, certified auditors and consultants worldwide. Unified Compliance’s dynamic SaaS portal, the Common Controls Hub, provides a new interface to the UCF that aids in extracting needed data from the framework easily and helps compliance professionals keep pace with the ever-evolving regulatory demands, confidently manage risk, and ease resource and budget barriers. The Common Controls Hub gives users rapid access to its massive data repository of more than 90,000 individual mandates from 800-plus laws and standards from around the globe. Sorting through the most up-to-date demands, figuring out which controls they need to implement and how they overlap is now a quick process with just a few simple mouse clicks.The Common Controls Hub simplifies the need to locate, research, interpret, and reconcile new and evolving mandates by giving compliance professionals the ability to centrally scope, define and maintain regulatory demands online. Companies can now automatically compile custom, harmonized control lists in minutes by vertical industries, market segments, and geographies.

Allgress wine and location sponsors

Allgress enables enterprise risk, security, and compliance professionals the ability to efficiently manage their risk posture.

By utilizing advanced visualization, automation, streamlined workflows, and the integration of existing data feeds, Allgress reduces the complexity and cost of risk management. Unlike other risk management solutions, Allgress customers derive value in days rather than months. For more information, visit www.allgress.com info@allgress.com or 925.579.0002
ThankYouEveryone
How to become a member: Please directly contact our Chapter President Tom Rogers and fill out the membership form https://isc2-eastbay-chapter.org/membership/
EnterpriseGRC Thank you Chevron, for providing us with space and food for the last two years.
Thank you, Blackhawk – Thank You, Oracle
(This 1-day event counts towards 8 hours of Continuing Professional Education CPE)
Your friends and colleagues at (ISC)2 East Bay Chapter chapter can’t wait to see you. We hope you join us in giving special thanks to the conference committee volunteers, without whom, such events would not be possible. Providing weekly meetings, binding flyers, drafting letters, being a liaison to our gracious speakers, updating and proofing our brochures, and assisting in the overall quality management of the Fall Conference, we acknowledge R. Daniell Lee, Atul Kumar, Maura Jones, Jason Hoffman and others as well as all members of the Board of Directors for their added responsibilities in coordinating our conference business, and for all the wisdom provided by the full membership of our board. Your support is greatly appreciated.
Yours Sincerely,

Robin Basham, Conference Director

The (ISC)2 East Bay Chapter Board of Directors

We push you in