2018 Friday July 13th Training Day

End Point Security Training Day – Odds Are You Need More Skills than Luck <Training flier July 13, 2018>

Venue: Chevron – Bishop Ranch One

Location: Chevron, 6101 Bollinger Canyon Road, San Ramon, CA 94583

July 13th, 2018
9:00 AM – 5:00 PM

This one-day security track includes four 90 minute labs, lunch, and end of day networking. (ISC)2 East Bay Chapter events facilitate lively discussion and opportunities to extend the presenter wisdom to our real needs in keeping Bay Area companies both competitive and safe. Please learn more at https://isc2-eastbay-chapter.org, LinkedIn, Facebook
This 1-day event counts towards 6 hours of Continuing Professional Education upon Lab completion, survey monkey and sign off.

Theme – End Point Security


  • 9:00 am registration
  • 9:15-10: 45 am: Real World Deception Deployment, Leverage, and Testing
  • 10:45-11 am: break
  • 11am-12:30 pm: Endpoint Privilege Management
  • 12:30-1pm: lunch break
  • 1pm-2:30pm: Endpoint Security – Attack, Detect, and Respond
  • 2:30pm-2:45 pm: break
  • 2:45pm-4:15 pm: Endpoint Detection and Response
  • 4:15-5 pm: social & networking

9:00 AM – 9:15 AM Registration, Trainings 9:15 AM to 5:00 PM

Dress for collaboration and teamwork. Our theme is “show me how”, so prepare to roll up your sleeves, to break away and sit somewhere comfortable. This chapter takes networking to the next level. Meet your mentor or mentee this July.


(ISC)2 is happy to accept member ID from its partner professional organizations:


  • Member* $45
  • Non-Member* $55
  • Student $25

Speaker Bar
Session 1.1: 9:15 – 10:45 AM Meet Joseph  Salazar

Real World Deception Deployment, Leverage, and Testing

Attivo Netw

ISC2 Intro to Threat Deception for Modern Cyber Warfare


Joseph Salazar is a veteran Information Security professional, with both military and civilian experience.  He began his career in Information Technology in 1995 and transitioned into Information Security in 1997.  He is a retired Major from the US Army Reserves, with 22 years as a Counterintelligence Agent, Military Intelligence Officer, and Cyber-Security Officer.  In his civilian career, he’s been a Systems and Security Administrator, a Computer Security Incident Response Analyst, a Security Operations Manager, and a Computer Forensic Investigator.  He has worked at a defense contractor, numerous financial services institutions, a cloud services provider, and an e-commerce company.  He maintains the CISSP, CEH, and EnCE certifications, and holds a BA in Legal Studies from UC Berkeley.  He currently works at Attivo Networks as a Technical Deception Engineer, focusing on deception technologies.
1-1 This training session will provide an overview of the Attivo Deception Platform, and an introduction to using Deception as an Active Defense and Threat Hunting tool.

In today’s world where advanced and insider threats demonstrate they can evade security prevention systems, having in-network threat visibility and detection is considered a critical security infrastructure. Deception technology provides real-time detection and analysis of inside-the-network threats, yet there are myths about the effectiveness of deception for detecting advanced threats – and there are specific strategies for operational management efficiency and key use cases that are driving adoption.  In this session you will hear about real-world deployment experiences, the value customers are realizing, and what pen test Red Teams are saying about deception-based threat detection.

Attendees will learn the following:

1. How to make deception in a production environment look realistic.
2. How to identify deceptive elements from the attacker’s point of view.
3. How to make your SOC more efficient, and detect threat actors faster.

About Attivo Networks® is the leader in deception for cybersecurity defense. Founded in 2011, Attivo Networks provides a comprehensive deception platform that in real-time detects inside-the-network intrusions in networks, public and private data centers, and specialized environments such as Industrial Control System (ICS) SCADA, Internet of Things (IoT), and Point of Sale (POS) environments. Founded on the premise that even the best security systems cannot prevent all attacks, Attivo provides the required visibility and actionable, substantiated alerts to detect, isolate, and defend against cyber attacks. Unlike prevention systems, Attivo assumes the attacker is inside the network and uses high-interaction decoys and endpoint, server, and application deception lures placed ubiquitously across the network to deceive threat actors into revealing themselves. With no dependencies on signatures or attack pattern matching, the BOTsink deception server is designed to accurately and efficiently detect the reconnaissance and lateral movement of advanced threats, stolen credential, ransomware, man-in-the-middle, and phishing attacks. The Attivo Multi-Correlation Detection Engine (MCDE) captures and analyzes attacker IPs, methods, and actions that can then be viewed in the Attivo Threat Intelligence Dashboard, exported for forensic reporting in IOC, PCAP, STIX, CSV formats or can be used to automatically update SIEM and prevention systems for blocking, isolation, and threat hunting. The ThreatOps offering simplifies incident response through information sharing, incident response automation, and the creation of repeatable playbooks.

Session 1.2: 11:00-12:30 Meet Cory Brown

Endpoint Privilege Management


Cory Brown is currently a Sr. Solutions Engineer at CyberArk. Cory has 20 years professional experiences in Systems Solution, Architecture & Administration in Global Enterprise environments, and is passionate about helping peers make informed decisions and proactively protect their entire security fabric.

1-2 Session Description:  Endpoint privilege management is aimed at securing privilege at endpoints to reduce the attack surface. This training session will showcase how the combined capabilities of Privilege Management, Application Control, and Credential Theft Prevention will provide protection of sensitive data on endpoints, proactively block attacks early in their lifecycle, and maintain user productivity while drastically reducing help desk costs.
Attendees will learn the following:
1. How to manage privilege escalation on the endpoints, without allowing end users unrestrained access to wreak havoc on their endpoints.
2. How to apply application control to applications that do not need to elevate their privilege in order to run, grant pre-approved elevation to legitimate applications, and block malicious applications from having the privilege needed to run or install.
3. Understand how behavioral analytics adds the capability to block credential theft attempts which occur most frequently at the endpoint.CyberArk EPM Overview

About CyberArk is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure, and assets across the enterprise, in the cloud, and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reducing the risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including more than 50 percent of the Fortune 100, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan. To learn more about CyberArk, visit www.cyberark.com, read the CyberArk blogs or follow on Twitter via @CyberArk, LinkedIn or Facebook.

Session 1 Session 2  Session 3
Session 1:3 1:00-2:30 PM

Endpoint Security – Attack, Detect, and Respond



Paul Wilkens is a Solutions Architect with FireEye, serving clients throughout Bay Area.  Paul has been working in security since the early 90s.  Prior to joining FireEye in 2015, Paul worked with Nokia, Check Point, Juniper Networks, and the U.S. Department of Defense.

1- 3 Session Description: This training session will provide an overview of comprehensive endpoint defense: protecting users from threats, detecting advanced attacks, and enabling rapid response.
Attendees will learn the following:
1. Using a popular hacker tool to attack and control a target system.
2. Using FireEye’s Endpoint Security product to detect and respond to the breach, followed by a brief exploration of forensic techniques.About FireEye is a cybersecurity company that provides products and services to protect against advanced cyber threats, such as advanced persistent threats and spear phishing. Founded in 2004, the company is headquartered in Milpitas, California. As a top security leader, FireEye has been called in to investigate high-profile attacks against JP Morgan Chase, Sony Pictures, Anthem and others. FireEye provides solutions for security-conscious organizations in four areas:
* Enterprise Security: Delivers comprehensive prevention, detection and response capabilities, including Network, Endpoint, and Email solutions under one platform – Helix.
* Mandiant Consulting: Responds to critical breaches worldwide and provides cybersecurity consulting services to protect against cyber threats.
* Managed Defense: Applies frontline knowledge of the attacker and proven hunting methodologies to detect and respond to covert activity.
* Threat Intelligence: Empowers security teams with forward-looking, high fidelity, adversary-focused intelligence and actionable advice.
Session 1-4: 2:45 to 4:15 PM Meet Aaron Goldstein
Endpoint Detection and Response


Aaron Goldstein is a Director on the Endpoint Detection and Response (EDR) team at Tanium. He has 10 years’ experience in incident response consulting and threat intelligence. He leverages his unique experience to identify threat actor methodologies and create ways to defend against them.
1-4 Session Description: This training session will provide an overview of endpoint detection and response, and how to bridge detection and response to create a continuous close-loop endpoint security process.

Attendees will learn the following:
1. How to collect accurate and timely information on every endpoint
2. How to triage security alerts quickly and efficiently
3. How to investigate & remediate incidents with a comprehensive view of endpoint activities


AboutTanium is an endpoint security and systems management company based in Emeryville, California, founded in 2007. Tanium offers a single point of management platform, covering cyber hygiene, detection & response, IT asset visibility and IT operations management. Tanium operates with real-time speeds at massive scale and reduces the fragmentation and complexity created by years of point solution purchases. Tanium is a different paradigm for manageability and security.

Now is the time to join the Fall Identity and IOT Conference Committees – Reach out to
Seclore, Platinum Sponsor, live demonstration data-centric security

SECLORE will be joining us at the upcoming June 14th chapter meeting event.

SECLORE Data Centric Risks will be the topic of an upcoming training. As a 2017 Platinum sponsor, we will enjoy this opportunity to look at securing the data at its source and look forward to our upcoming night of dedicated fine and granular data-centric access control. Secloreís Enterprise Digital Rights Management solution enables organizations to control the usage of files wherever they go, both within and outside of organizationsí boundaries. The ability to remotely enforce and audit who can do what with a file (view, edit, copy, screen capture, print, run macros), from which device and when empowers organizations to embrace BYOD, Cloud services, Enterprise File Sync and Share (EFSS) and external collaboration with confidence. Featuring dozens of pre-built connectors for leading enterprise applications (EFSS, DLP, ECM, ERP, and email), SECLORE automates the protection of documents as they are downloaded, discovered, and shared to ensure rapid adoption. Seclore is helping organizations achieve their data security, governance, and compliance objectives. http://www.seclore.com/ Seclore
Securonix, Platinum Sponsor, live demonstration visualizing the threat, actionable intelligence Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their environment. Using signature-less anomaly detection techniques that track users, account, and system behavior, Securonix is able to automatically and accurately detect the most advanced cyber threats, insider threats, and fraud attacks. Globally customers are using Securonix to address the most basic and complex needs around insider threat detection and monitoring, high privileged activity monitoring, data exfiltration, enterprise and web fraud detection, application risk monitoring, cloud security monitoring, cyber threat monitoring and access risk management. Securonix uses a Hadoop platform to provide unlimited scalability and open data model. http://www.securonix.com Securonix
Skybox Security, Gold sponsor, live demonstration assigning the policy that proves our governance is in place Best-in-class Cybersecurity Management Software
The software uses analytics to prioritize on organization’s risk exposures and recommends informed action to best address those exposures. These capabilities extend across highly complex networks, including those in physical, virtual, cloud and operational technology (OT) environments. By integrating with more than 120 networking and security technologies, the company’s broad platform, the Skybox™ Security Suite, enables organizations to reduce security risks that attackers can find and exploit, such as device misconfigurations and policy violations, as well as exposed and unpatched vulnerabilities. Established in 2002, Skybox is a privately held company with worldwide sales and support teams serving an international customer base of more than 500 enterprises in over 50 countries.
Netskope, Platinum Sponsor, live demonstration, mapping the path of business, the evolution of cloud security Netskope is the leader in cloud security. Using patented technology, Netskopeís cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time, whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope ó security evolved. netskope
Zscaler, Gold Sponsor, live demonstration enables secure mobile enterprise in real time, architecting the secure enterprise network Zscaler enables the worldís leading organizations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access, and Zscaler Private Access create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are unable to match. Used in more than 185 countries, Zscaler operates the worldís largest cloud security platform, protecting thousands of enterprises and government agencies from cyber attacks and data loss. Zscaler
Allgress, year-round host to (ISC)2 East Bay Chapter Meetings, Gordon Shevlin also supplies our guests with food and wine

Thank you Allgress!

While you’re here explore the world’s best GRC leveraging the Amazon Marketplace and native cloud application ready Health Care savvy governance program management. Allgress enables enterprise risk, security, and compliance professionals the ability to effectively manage their risk posture. By utilizing advanced visualization, automation, streamlined workflows, and the integration of existing data feeds, Allgress reduces the complexity and cost of risk management. Unlike other risk management solutions, Allgress customers derive value in days rather than months. For more information, visit www.allgress.com, contact info@allgress.com or call 925.579.0002 Allgress
CyberArk, gold, contributes lab leaders and speakers in addition to actively sponsoring our last summer event. CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the worldís leading companies ó including more than 45% of the Fortune 100 companies ó to protect their highest value information assets, infrastructure, and applications. For over a decade CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done. At a time when auditors and regulators are recognizing that privileged accounts are the fast track for cyber attacks and demanding stronger protection, CyberArkís security solutions master high-stakes compliance and audit requirements while arming businesses to protect what matters most. With offices and authorized partners worldwide, CyberArk is a vital security partner to more than 3,200 global businesses, including more than 45% of the Fortune, 100 more than 25% of the Global 2000, CyberArk has offices in the U.S., Israel, Australia, France, Germany, Italy, Japan, Netherlands, Singapore, Spain, Turkey and the U.K. CyberArkMd
We welcome The Unified Compliance Framework® (UCF) as a new Silver Sponsor, a speaker and recent ISC2 partner in providing certifications for controls and compliance mapping.

The Unified Compliance Framework® (UCF) was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Perkins Coie, which oversees all legal aspects of the UCF. This patented GRC framework is used as a core component of advanced GRC solutions by leading software publishers, certified auditors and consultants worldwide.

Unified Compliance’s dynamic SaaS portal, the Common Controls Hub, provides a new interface to the UCF that aids in extracting needed data from the framework easily and helps compliance professionals keep pace with the ever-evolving regulatory demands, confidently manage risk, and ease resource and budget barriers. The Common Controls Hub gives users rapid access to its massive data repository of more than 90,000 individual mandates from 800-plus laws and standards from around the globe. Sorting through the most up-to-date demands, figuring out which controls they need to implement and how they overlap is now a quick process with just a few simple mouse clicks.

The Common Controls Hub simplifies the need to locate, research, interpret, and reconcile new and evolving mandates by giving compliance professionals the ability to centrally scope, define and maintain regulatory demands online. Companies can now automatically compile custom, harmonized control lists in minutes by vertical industries, market segments, and geographies.”

How to become a member: Please directly contact our Chapter President Lee Neely and fill out the membership form https://isc2-eastbay-chapter.org/membership/
EnterpriseGRC Thank you Chevron, for providing us space and food for the last two years.
(This 1-day event counts towards 6 hours of Continuing Professional Education CPE)
Your friends and colleagues at (ISC)2 East Bay Chapter chapter can’t wait to see you. We hope you join us in giving special thanks to the conference committee volunteers, without whom, such events would not be possible. Providing weekly meetings, binding flyers, drafting letters, being a liaison to our gracious speakers, updating and proofing our brochures, and assisting in the overall quality management of the Summer Conference, we acknowledge Scott Sullivan, Atul Kumar, Maura Jones, Debbie Vargus and Dave Repine and others as well as all members of the Board of Directors for their added responsibilities in coordinating our conference business, and for all the wisdom provided by the full membership of our board. Your support is greatly appreciated.
Yours Sincerely,

The (ISC)2 East Bay Chapter Board of Directors

We push you in