2018 Winter Conference

Thanks to all our wonderful speakers, sponsors, committee and volunteers, and attendees.  It was a spectacular day.

Venue: (Thank You Allgress) Directions  111 Lindbergh Ave F, Livermore, CA 94551

March 9th, 2018
8:00 AM – 7:00 PM

This one-day security track includes 6 speakers and six guided labs and hand on instruction events offering up to 10 CPE for full attendance and lab. (ISC)2 East Bay Chapter events facilitate lively discussion and opportunities to extend the presenter wisdom to our real needs in keeping Bay Area companies both competitive and safe. Please learn more at https://isc2-eastbay-chapter.org, LinkedIn, Facebook
This 1-day event counts towards 8 hours of Continuing Professional Education or 10 CPEs upon Lab completion, survey monkey and sign off.

Theme – Cybersecurity in the Government Sector

  • The What, When, Why and How of FedRamp: Cisco’s Journey to Government Cloud
  • Nuclear Weapons Lab in the Cloud – don’t blow it
  • Wish Fulfillment Labs: Someone to just show me
  • The Heart of Privacy: What Citizens Expect from Technology
  • Mapping Security Frameworks to Laws – Technical Controls that seem same and are different
  • Hiring in and for the Government Sector
  • Deception Technology
  • Firewall Change Management – How We End the Incident
  • Who’s Gonna Clean the Internet

ISC2 East Bay Winter 2018 Conference – Download the flyer

8:00 AM – 8:40 AM Registration, Presentations 9:00 AM to 6:00 PM, Closing Remarks and Raffle, Speaker Reception until 7 PM

Dress for collaboration and teamwork.  Our theme is “show me how”, so prepare to roll up your sleeves, to break away and sit somewhere comfortable.  This chapter takes networking to the next level.  Meet your mentor or mentee this March.

Pricing:

(ISC)2 is happy to accept member ID from its partner professional organizations:

ISACA, ISSA, ISC2

  • Member* $105
  • Non-Member* $120
  • Student $45

If you are experiencing hardship and wish to attend, please have proof of (ISC)2 membership or ISACA membership and reach out to Director Education & Career Development Jing Zhang-Lee, or
Conference Director Robin Basham

Speaker Bar
Session 1.1: 9:00 – 10:15 AM Meet Connie Mathison  Meet  William (Bill) Ochs

Why FedRamp? Cisco’s journey to the Government Cloud

Connie Mathison, Cisco

Connie Mathison, CISSP, Program Manager Compliance for Cisco, WebEx, is experienced in management of numerous security frameworks selected for use in achieving Cisco’s attestations and certifications including FedRamp, ISO27001 and SOC 2 Type II,  HITRUST, HIPAA, (and soon GDPR) enabling privacy, security and trust for the world’s most relied upon method of communication and collaboration in the cloud. Leveraging 20 years of security experience, Connie shares her success working with companies like American Express, Providian Care, and Expedia, and now Cisco,  to implement, maintain and continuously manage the protection of customer data as it exists within Cisco’s many cloud products.

Meet William (Bill) Ochs, PhD (ABD) Information Systems Security, M.B.A.   FedRAMP Authorization Engineer, Global Certifications Team Cisco

William Ochs is a lead architect on Cisco’s Global Certifications Team providing enterprise governance and risk management oversight across Cisco’s cloud certification efforts. While at Cisco, he has designed and implemented the Cisco FedRAMP Control Baselines, established a readiness and go-to-market program for cloud offers, and enabled Cisco’s FedRAMP Continuous Monitoring program. William has been the lead GCT FedRAMP engineer for Cisco WebEx, HCS-G, and Cloudlock. With multiple years of information technology and business leadership experience in Europe, the United States, and the Middle East, he brings an international perspective toward solutions and securing organizations. William has been active in the security field since 2006, leading and successfully implementing global policy initiatives affecting organizations in over 165 countries on five continents. William conducted his doctoral research in Information Systems at Nova Southeastern University (a NSA Center of Excellence), where he made Information Security his primary area of research.

William has been a cybersecurity professor for both the University System of Georgia and the Technical College System of Georgia.

 

1-1 Session Description:  The What, When, Why and How of FedRamp: Cisco’s Journey to Government Cloud

Abstract: What (is FedRamp), When (is FedRamp Required) Why (did Cisco do it) How (is FedRamp moved from achievement to ongoing program – ConMon).  Why FedRamp? The Federal Risk and Authorization Management Program (FedRAMP) provides a cost-effective, risk-based approach for the adoption and use of cloud services by U.S. government agencies. FedRAMP processes are designed to assist federal government agencies in meeting Federal Information Security Management Act (FISMA) requirements for cloud systems. By standardizing on security assessment, authorization, and continuous monitoring for cloud products and services, this program delivers costs savings, accelerated adoption, and increased confidence in security to U.S. government agencies that are adopting cloud technologies.

  • To learn more about FedRAMP, visit fedramp.gov.
  • Learn more about Cisco’s Fedramp Compliance at https://marketplace.fedramp.gov/#/product/cisco-hosted-collaboration-solution-for-government-hcs-g?sort=productName.
  • Contact Information Cisco Collaboration FedRAMP Team: collab-usgov@cisco.com

About Cisco:  Cisco (NASDAQ: CSCO) enables people to make powerful connections-whether in business, education, philanthropy, or creativity. Cisco hardware, software, and service offerings are used to create the Internet solutions that make networks possible-providing easy access to information anywhere, at any time.

Cisco was founded in 1984 by a small group of computer scientists from Stanford University. Since the company’s inception, Cisco engineers have been leaders in the development of Internet Protocol (IP)-based networking technologies. Today, with more than 71,000 employees worldwide, this tradition of innovation continues with industry-leading products and solutions in the company’s core development areas of routing and switching, as well as in advanced technologies such as home networking, IP telephony, optical networking, security, storage area networking, and wireless technology. In addition to its products, Cisco provides a broad range of service offerings, including technical support and advanced services.

Cisco sells its products and services, both

directly through its own sales force as well as through its channel partners, to large enterprises, commercial businesses, service providers, and consumers.  www.cisco.com

This session is followed by Lab Sign Up and brief coffee break

Session 1.2: 10:30 – 11:25 Meet Lee Neely

Nuclear Weapons Lab in the Cloud

Lee Neely,  Cybersecurity Professional, Chapter President,  LLNL

Lee Neely is a senior IT and security professional at Lawrence Livermore National Laboratory (LLNL) with over 25 years of experience. He has been involved in many aspects of IT from system integration and quality testing to system and security architecture since 1986. He has had extensive experience with a wide variety of technology and applications from point implementations to enterprise solutions. Lee has worked with securing information systems since he installed his first firewall in 1989.
1-2 Session Description: As one of America’s two nuclear weapons labs, Lawrence Livermore National Labs LLNL adopted a cloud first strategy. As such, finding ways to securely store information in the cloud and still enable facilitation while meeting physical and logical requirements from DHS, FISMA & NIST, poses a couple of challenges. Lee Neely speaks with us about LLNL’s mission as well as the processes they’ve implemented to enable cloud use, and how that translates to implementation and adoption, including successes and challenges.

More about Lee Neely , Chapter President, ISC2 East Bay: As part of his employers Cyber Security Program (CSP) he leads their new technology group, working with programs to develop secure implementations of new technology. Lee was instrumental in developing their secure configurations, risk assessments and policy updates required for iOS, Android, BlackBerry and Windows Mobile Devices. He has worked to evolve solutions for both corporate and BYOD requirements. Lee worked with the SANS SCORE project to develop the iOS Step-by-Step configuration guide as well as the Mobile Device Configuration Checklist which is included in the SEC 575 course. He teaches cyber security courses, including the new manager cyber security training, and Information System Security Officer training. Lee has a Bachelors in Computer Science from Cal State Hayward and holds several security certifications including GMOB, CISSP, CISA, CISM and CRISC. He is also the Technology Director for the ISC2 EastBay Chapter.

About Lawrence Livermore National Laboratory – LLNL:  Lawrence Livermore National Laboratory, located in the San Francisco Bay Area, is a premier applied science laboratory that is part of the National Nuclear Security Administration within the Department of Energy.
LLNL’s mission is strengthening national security by developing and applying cutting-edge science, technology, and engineering that respond with vision, quality, integrity, and technical excellence to scientific issues of national importance. The Laboratory’s science and engineering are being applied to achieve breakthroughs for counterterrorism and nonproliferation, defense and intelligence, energy and environmental security.  Lawrence Livermore National Laboratory spans  “the smartest square mile on Earth.”

Session 1.3:  11:30 – 12:00  Meet Your Mentors –  Live Labs – Hands on Topics

Allgress

netskope

I wish someone would just show me how:

Wish fulfillment Lab

 

Optiv

1-3 Session Description:  If you find yourself wishing you could gain a practical understanding of the when, why or how of so many necessary products and technologies, the Lab sessions were designed for you.  Attendees will be presented with live lab choices at 10:15 and will have till 11:15 to make their final choice.  Once in their designated lab location, there will be a half hour of live instruction and interaction, followed by a takeaway assignment to be turned in by no later than 6 PM. Attendees will have an additional half hour to work with their peers and mentors.  The chapter will use Lab Leader feedback and attendee responses in our online Survey-Monkey feedback form.
Part One of the two-part lab structure allows groups of five or more participants in a guided activity designed to foster real-world application of core ISC2 education domain topics.  Exhibitors and Chapter Members

  • CyberArk: Role Based Privileged Access Management – Cory Brown and Brian Kennedy
  • Securonix: Continuous Monitoring is more than just a Vulnerability Management Program, Aarij Khan
  • ZScaler: Protecting users from threats hidden in SSL/TLS encrypted traffic – Chris Louie
  • Allgress: GRC and Configuration Management Controls with RPM, Brandon Bennett
  • –The Skybox lab is moved to July Training day–
  • Attivo Network: Deception Tech – the architecture behind deception, a conversation with Todd Rosenberry
  • …while back in the main room, our presenters will continue: Security Risk Assessment and how we determine that a FedRamp baseline is Low, Moderate or High? Cisco, LLNL, Grant Thornton weigh in on active audience debate.

Labs will resume at 2:45. Please get your lunch and settle in the main room.  We have two outstanding speakers in the lecture hall starting at 12:25.

Pick a mentor:  This two-part lab requires written sign off,  and results in one additional CPE toward the day’s total possible value of 10 continuing professional education credits.  People who do not participate in a structured lab or mentor activity can still earn a total possible of 8 CPE.  To get the ten CPE, just fill out how you used your time on the SurveyMonkey.  We will check back with the Lab Leaders.
Session 1:4 12:25-12:55 PM Lunch Speaker, we’d tell you, but  “It’s Private”

At the Heart of Privacy

Meet Orus Dearman

Orus provides technology and advisory services to clients in the technology, financial services, and federal industries.

In anticipation of their May 10th presentation, Orus and Dhawal will give us a taste of their critical program in the face of looming GDPR

Privacy by Design

 Data Privacy is about PeopleMeet Dhawal Thakker

Dhawal has over 18 years of experience leading and coordinating IT advisory engagements across several industries, with a focus on the financial services, technology services and healthcare sectors.

1- 4 Session Description:  As the U.S. and the rest of the global community continue to rethink what individual privacy entails, and as “big data” is ingested into machine learning/AI, there will continue to be uncertainty over what the future of privacy will look like. This, coupled with news about mass surveillance, user behavior tracking, and targeted advertising have caused developers to take a more defensive approach when designing new services and products. Implementing Privacy by Design (PbD) can help protect organizations in the long run by applying the principles to their development and design activities that enable privacy by default.Attendees will learn:

  • What are the principles of Privacy by Design (PbD)
  • Why they are important
  • Tips for operationalizing PbD

More about Orus Dearman: Orus provides technology and advisory services to clients in the technology, financial services, and federal industries. He has extensive experience leading cyber risk projects in accordance with the NIST cybersecurity framework, Generally Accepted Privacy Principals (GAPP), FISMA, and FedRAMP guidelines within the United States and globally. He also specializes in physical and logical vulnerability assessments. Orus works with companies enabling them to implement cybersecurity and privacy frameworks such as the NIST Cybersecurity Framework, GAPP, FISMA/FedRAMP, ISO 27001, and the Trust Services Principles. He also leads the firm’s Federal Risk and Authorization Management Program (FedRAMP) practice nationally. He has extensive experience providing technical advisory services for clients within the technology, financial services, and federal industries. Orus is a Certified Information System Security Professional (CISSP), and a Certified Information Security Auditor (CISA).

More about Dharwal: His experience includes regulatory compliance, privacy (GDPR) GRC program and technology deployments, compliance to regulations like SOX, HIPPA, compliance to credit card industry standards (PCI) designing security policy, Network Security assessments, BCP-DR, Experience and expertise include privacy frameworks, assessing EU General Data Protection Regulation (GDPR) compliance, developing privacy policies, benchmarking developer agreements and ensuring compliance with global regulations. Dhawal has hands-on experience in design implementation and managing GRC solution to automate Cyber and Privacy compliance programs using tools like RSA Archer, ServiceNow, OneTrust etc. Dhawal is a Certified Information Systems Security Professional (CISSP), and a Certified Information Systems Auditor (CISA).

Session 1-5:  1:05 to 1:55 PM Meet Lynn Heiberger
Security Laws and Frameworks applied to the Government Sector: How to Unify what’s same and different when adding FedRamp to your compliance program

Lynn Heiberger, COO , The Unified Compliance Framework® (UCF)

Lynn has over 20 years of IT application and infrastructure experience spanning publishing, insurance, and GRC. On the board of Unified Compliance since its inception in 2002, she returned as COO to bring the Unified Compliance Framework® to multiple GRC platforms. She was previously the Director of Infrastructure Architecture and Integrated Services at AAA Insurance Exchange where she implemented successful compliance programs for PCI and other state regulatory requirements. Today, she is focused on operationalizing compliance with the Department of Education, ARMA, OCEG, ServiceNow, IBM, and many other partners of Unified Compliance.
1-5 Session Description: Whether you begin from the point of SOC 2 Type II attestation or you have already completed an ISO/IEC 27001 certification, there are right ways and wrong ways to map existing compliance to other frameworks like HITRUST for HIPAA, NIST CSF, and NIST 800 53 r4 for FedRamp.
This session looks at how FedRamp is same and different from five other critical frameworks for security in Government Sector.  Using The Unified Compliance methodology, Lynn examines how areas that sound the same, vary at implementation and audit. ( Examples include: Assets, Classification, Session Timeout, Password, and Authentication)About UCF: The Unified Compliance Framework® (UCF) was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Perkins Coie, which oversees all legal aspects of the UCF. This patented GRC framework is used as a core component of advanced GRC solutions by leading software publishers, certified auditors and consultants worldwide. Unified Compliance’s dynamic SaaS portal, the Common Controls Hub, provides a new interface to the UCF that aids in extracting needed data from the framework easily and helps compliance professionals keep pace with the ever-evolving regulatory demands, confidently manage risk, and ease resource and budget barriers. The Common Controls Hub gives users rapid access to its massive data repository of more than 90,000 individual mandates from 800-plus laws and standards from around the globe. Sorting through the most up-to-date demands, figuring out which controls they need to implement and how they overlap is now a quick process with just a few simple mouse clicks. The Common Controls Hub simplifies the need to locate, research, interpret, and reconcile new and evolving mandates by giving compliance professionals the ability to centrally scope, define and maintain regulatory demands online. Companies can now automatically compile custom, harmonized control lists in minutes by vertical industries, market segments, and geographies.
Session 1- 6:  2:00 – 2:45 PM The Hiring Panel Robert Half, Vivo Inc., and Kforce  Moderator R. Daniel Lee

Meet Pat Rush


Meet Kyle Grimm

Meet Marilyn Weinstein, CEO Vivo Inc.

1-6 Session Description: What the experts can tell us about hiring for and within Government Sector Security

  • The skills
  • The certifications
  • Soft Skills
  • Reality in training and hiring
  • Market Trends

Meet the Moderator: R. Daniel Lee, CISSP

Session 1:7 2:45 – 3:15 PM Use those soft skills

Wish fulfillment Labs: Part 2

We Break 4 Cake

Requirement

Find your lab leader or mentor, give your feedback, fill out your lab response in Survey-monkey

Make sure you’ve provided your ISC2 ID so we bump your CPE to 10.

1-7 Session Description: Afternoon snacks and mentor/ mentee break out sessions.  If you are a mentor or a lab leader we will provide an additional 2 CPE for your effort in leading this session.
Session 1:8 3:15 – 4:00 PM Meet Jerry Brown

Cybersecurity Analytics in Action

Jerry Brown, Channel Partner & Sales Engineering
Jerry Brown is the Senior SE for North America at Skybox Security. His work passion is supporting partners to empower their customers with contextual, actionable, cybersecurity risk and vulnerability intelligence to develop mature, effective enterprise cybersecurity risk management programs.
With more than 20 year’s experience in networking and cybersecurity around the world, including IT and OT networks, Jerry brings some unique perspectives to his mission.
In his limited spare time, Jerry enjoys following Formula 1 racing and racing his own car at local circuits in Northern California.
 
1-8 Session Description: Cybersecurity Analytics in Action

  • VISUALIZE: Create a model of your attack surface by collecting data from all network devices and security systems automatically
  • ANALYZE: Identify potential attack vectors and prioritize with complete context of your environment and the threat landscape
  • RESPOND: Get actionable intelligence in minutes and protect your business with accuracy and efficiency.

About Skybox Security: Cybersecurity Management Software – Skybox software uses analytics to prioritize an organization’s risk exposures and recommends informed action to best address those exposures. These capabilities extend across highly complex networks, including those in physical, virtual, cloud and operational technology (OT) environments. By integrating with more than 120 networking and security technologies, the company’s broad platform, the Skybox™ Security Suite, enables organizations to reduce security risks that attackers can find and exploit, such as device misconfigurations and policy violations, as well as exposed and unpatched vulnerabilities.  Established in 2002, Skybox is a privately held company with worldwide sales and support teams serving an international customer base of more than 500 enterprises in over 50 countries.

Session 1:9 4:00 – 4:45 PM Meet  Todd Rosenberry

Deception Technology

Todd Rosenberry

Todd Rosenberry is a hands on practitioner and architect working with Enterprises to design and deploy Modern Deception solutions.

His team has experience with several Deception Vendors and more than 100 Enterprise deployments.  Mr. Rosenberry has worked in Security for over 20 years, both on the vendor and customer side with recent experience from FireEye and Xilinx. Mr. Rosenberry holds a degree in Cybernetics from UCLA.

1-9 Session Description:

About Attivo Networks: Attivo Networks® is the leader in deception for cybersecurity defense. Founded in 2011, Attivo Networks provides a comprehensive deception platform that in real-time detects inside-the-network intrusions in networks, public and private data centers, and specialized environments such as Industrial Control System (ICS) SCADA, Internet of Things (IoT), and Point of Sale (POS) environments. Founded on the premise that even the best security systems cannot prevent all attacks, Attivo provides the required visibility and actionable, substantiated alerts to detect, isolate, and defend against cyber attacks. Unlike prevention systems, Attivo assumes the attacker is inside the network and uses high-interaction decoys and endpoint, server, and application deception lures placed ubiquitously across the network to deceive threat actors into revealing themselves. With no dependencies on signatures or attack pattern matching, the BOTsink deception server is designed to accurately and efficiently detect the reconnaissance and lateral movement of advanced threats, stolen credential, ransomware, man-in-the-middle, and phishing attacks. The Attivo Multi-Correlation Detection Engine (MCDE) captures and analyzes attacker IPs, methods, and actions that can then be viewed in the Attivo Threat Intelligence Dashboard, exported for forensic reporting in IOC, PCAP, STIX, CSV formats or can be used to automatically update SIEM and prevention systems for blocking, isolation, and threat hunting. The ThreatOps offering simplifies incident response through information sharing, incident response automation, and the creation of repeatable playbooks.

Session 1:10 4:45 – 5:30 PM Meet Kevin Petersen

Who’s Gonna Clean the Internet?

Presentation – Who’s Gonna Clean the Internet?

Kevin Petersen, CISSP, Director of Security and Network Transformation  Zscaler

Kevin Peterson is the director of security and network transformation at Zscaler, where he primarily works with the largest cloud security deployments to ensure that the desired outcomes are achieved.  He brings with him the advantage of having lead the security efforts for one of McKesson’s (Fortune 10) major business units (75 software products, managed services…), as well as the company-wide cloud security strategy, ranging from A to Z (Azure to Zscaler!).  As a top practitioner and trusted advisor on both enterprise and cloud security topics, his goal is helping everyone achieve the most effective security with the lowest cost to the business.  
1-10 Session Description: Who’s job is it to clean up the Internet? Now that we understand why the government can’t clean up the internet (making it safe for business), let’s tackle whose job it is in the first place. (It’s your job!) Let’s look at what it would take to provide the cleanest pipes to all business interests globally, and how that benefits all.

About Zscaler: Zscaler enables the worldís leading organizations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access, and Zscaler Private Access create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are unable to match. Used in more than 185 countries, Zscaler operates the worldís largest cloud security platform, protecting thousands of enterprises and government agencies from cyber attacks and data loss. Zscaler

Session 1- 11: 5:30 PM Member Networking 

Raffles and Wrap Up

One last message from the ISC2 Board
 
Seclore, Platinum Sponsor, live demonstration data-centric security

SECLORE will be joining us at the upcoming June 14th chapter meeting event.

SECLORE Data Centric Risks will be the topic of an upcoming training. As a 2017 Platinum sponsor, we will enjoy this opportunity to look at securing the data at its source and look forward to our upcoming night of dedicated fine and granular data-centric access control.  Secloreís Enterprise Digital Rights Management solution enables organizations to control the usage of files wherever they go, both within and outside of organizationsí boundaries. The ability to remotely enforce and audit who can do what with a file (view, edit, copy, screen capture, print, run macros), from which device and when empowers organizations to embrace BYOD, Cloud services, Enterprise File Sync and Share (EFSS) and external collaboration with confidence. Featuring dozens of pre-built connectors for leading enterprise applications (EFSS, DLP, ECM, ERP, and email), SECLORE automates the protection of documents as they are downloaded, discovered, and shared to ensure rapid adoption. Seclore is helping organizations achieve their data security, governance, and compliance objectives. http://www.seclore.com/  Seclore
Securonix, Platinum Sponsor, live demonstration visualizing the threat, actionable intelligence Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their environment. Using signature-less anomaly detection techniques that track users, account, and system behavior, Securonix is able to automatically and accurately detect the most advanced cyber threats, insider threats, and fraud attacks. Globally customers are using Securonix to address the most basic and complex needs around insider threat detection and monitoring, high privileged activity monitoring, data exfiltration, enterprise and web fraud detection, application risk monitoring, cloud security monitoring, cyber threat monitoring and access risk management. Securonix uses a Hadoop platform to provide unlimited scalability and open data model. http://www.securonix.com  Securonix
Skybox Security, Gold sponsor, live demonstration assigning the policy that proves our governance is in place Best-in-class Cybersecurity Management Software
The software uses analytics to prioritize on organization’s risk exposures and recommends informed action to best address those exposures. These capabilities extend across highly complex networks, including those in physical, virtual, cloud and operational technology (OT) environments. By integrating with more than 120 networking and security technologies, the company’s broad platform, the Skybox™ Security Suite, enables organizations to reduce security risks that attackers can find and exploit, such as device misconfigurations and policy violations, as well as exposed and unpatched vulnerabilities. Established in 2002, Skybox is a privately held company with worldwide sales and support teams serving an international customer base of more than 500 enterprises in over 50 countries.
 
Netskope, Platinum Sponsor, live demonstration, mapping the path of business, the evolution of cloud security Netskope is the leader in cloud security. Using patented technology, Netskopeís cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time, whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope ó security evolved. netskope
Zscaler, Gold Sponsor, live demonstration enables secure mobile enterprise in real time, architecting the secure enterprise network Zscaler enables the worldís leading organizations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access, and Zscaler Private Access create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are unable to match. Used in more than 185 countries, Zscaler operates the worldís largest cloud security platform, protecting thousands of enterprises and government agencies from cyber attacks and data loss. Zscaler
 Allgress,  year-round host to (ISC)2 East Bay Chapter Meetings, Gordon Shevlin also supplies our guests with food and wine

Thank you Allgress!

 While you’re here explore the world’s best GRC leveraging the Amazon Marketplace and native cloud application ready Health Care savvy governance program management.Allgress enables enterprise risk, security, and compliance professionals the ability to effectively manage their risk posture. By utilizing advanced visualization, automation, streamlined workflows, and the integration of existing data feeds, Allgress reduces the complexity and cost of risk management. Unlike other risk management solutions, Allgress customers derive value in days rather than months. For more information, visit www.allgress.com, contact info@allgress.com or call 925.579.0002  Allgress
CyberArk, gold, contributes lab leaders and speakers in additional to actively sponsoring our last summer event. CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the worldís leading companies ó including more than 45% of the Fortune 100 companies ó to protect their highest value information assets, infrastructure, and applications. For over a decade CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done. At a time when auditors and regulators are recognizing that privileged accounts are the fast track for cyber attacks and demanding stronger protection, CyberArkís security solutions master high-stakes compliance and audit requirements while arming businesses to protect what matters most. With offices and authorized partners worldwide, CyberArk is a vital security partner to more than 3,200 global businesses, including more than 45% of the Fortune, 100 more than 25% of the Global 2000, CyberArk has offices in the U.S., Israel, Australia, France, Germany, Italy, Japan, Netherlands, Singapore, Spain, Turkey and the U.K.  CyberArkMd
Honorary Exhibitor

Optiv has hosted (ISC)2 East Bay Chapter for Pleasanton based events for the last two years.

Thank You Optiv!

Strategy with dimension. Optiv is the strategic consulting arm of The Healthy Thinking Group, Australiaís largest and most experienced healthcare communication groups. We are healthcare strategy specialists with specific skills tailored to life sciences. Weíve solved strategic problems and improved business outcomes for clients in the pharmaceutical, biotech, agriculture, and animal health industries. As part of the Healthy Thinking Group, weíve worked on many projects across the Asia Pacific region and beyond. Weíre curious about anything that improves the health of humans, animals, plants or our environment. We understand that challenges in healthcare can be complex and multifaceted. Thatís why we have a considered approach to strategy that helps us explore all angles to uncover new possibilities. Our depth of expertise spans a variety of commercial functions.  Optiv
New Gold Sponsor, Attivio Networks provides lab leaders and speakers. Attivo Networks® is the leader in deception for cyber security defense. Founded in 2011, Attivo Networks provides a comprehensive deception platform that in real-time detects inside-the-network intrusions in networks, public and private data centers, and specialized environments such as Industrial Control System (ICS) SCADA, Internet of Things (IoT), and Point of Sale (POS) environments. Founded on the premise that even the best security systems cannot prevent all attacks, Attivo provides the required visibility and actionable, substantiated alerts to detect, isolate, and defend against cyber attacks. Unlike prevention systems, Attivo assumes the attacker is inside the network and uses high-interaction decoys and endpoint, server, and application deception lures placed ubiquitously across the network to deceive threat actors into revealing themselves. With no dependencies on signatures or attack pattern matching, the BOTsink deception server is designed to accurately and efficiently detect the reconnaissance and lateral movement of advanced threats, stolen credential, ransomware, man-in-the-middle, and phishing attacks. The Attivo Multi-Correlation Detection Engine (MCDE) captures and analyzes attacker IPs, methods, and actions that can then be viewed in the Attivo Threat Intelligence Dashboard, exported for forensic reporting in IOC, PCAP, STIX, CSV formats or can be used to automatically update SIEM and prevention systems for blocking, isolation, and threat hunting. The ThreatOps offering simplifies incident response through information sharing, incident response automation, and the creation of repeatable playbooks.
We welcome The Unified Compliance Framework® (UCF) as a new Silver Sponsor, a speaker and recent ISC2 partner in providing certifications for controls and compliance mapping.

The Unified Compliance Framework® (UCF) was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Perkins Coie, which oversees all legal aspects of the UCF. This patented GRC framework is used as a core component of advanced GRC solutions by leading software publishers, certified auditors and consultants worldwide.

Unified Compliance’s dynamic SaaS portal, the Common Controls Hub, provides a new interface to the UCF that aids in extracting needed data from the framework easily and helps compliance professionals keep pace with the ever-evolving regulatory demands, confidently manage risk, and ease resource and budget barriers. The Common Controls Hub gives users rapid access to its massive data repository of more than 90,000 individual mandates from 800-plus laws and standards from around the globe. Sorting through the most up-to-date demands, figuring out which controls they need to implement and how they overlap is now a quick process with just a few simple mouse clicks.

The Common Controls Hub simplifies the need to locate, research, interpret, and reconcile new and evolving mandates by giving compliance professionals the ability to centrally scope, define and maintain regulatory demands online. Companies can now automatically compile custom, harmonized control lists in minutes by vertical industries, market segments, and geographies.”

ThankYouEveryone
How to become a member: Please directly contact our Chapter President Lee Neely and fill out the membership form https://isc2-eastbay-chapter.org/membership/
Cisco Logo EnterpriseGRC Thank you Chevron, for providing us space and food for the last two years.
 
Optiv Allgress
(This 1-day event counts towards 8 hours of Continuing Professional Education or10 CPEs when accompanied by proof of completed lab)
Your friends and colleagues at (ISC)2 East Bay Chapter chapter can’t wait to see you. We hope you join us in giving special thanks to the conference committee volunteers, without whom, such events would not be possible. Providing weekly meetings, binding flyers, drafting letters, being a liaison to our gracious speakers, updating and proofing our brochures, and assisting in the overall quality management of the Summer Conference, we acknowledge Scott Sullivan, Atul Kumar, Maura Jones, Debbie Vargus and Dave Repine and others as well as all members of the Board of Directors for their added responsibilities in coordinating our conference business, and for all the wisdom provided by the full membership of our board. Your support is greatly appreciated.
Yours Sincerely,

Robin Basham, Conference Director

The (ISC)2 East Bay Chapter Board of Directors

We push you in