Thank you to our conference committee and presenters for completing another successful conference. Check back soon for information on the upcoming March 8th 2019 Security Integration from Architecture to GRC Event
 |
||
November 9th, 2018 – Doors open at 8:00 AM
|
Venue: SABA Software 4160 Dublin Blvd Suite 145, Dublin, CA 94568 |
|
| If Cybersecurity is the theme to your action-packed security career, then conquering IPv6 and IOT is the price of admission. Without facility and strategy in the face of these two key area, it’s game over before you even get butter on your popcorn. The November 9th IPv6+IOT: Price of Admission one-day security event includes 11 speakers and six guided product demonstration offering 8 CPE for full attendance. Learn more at https://isc2-eastbay-chapter.org, LinkedIn, Facebook |
||
8 hours of Continuing Professional Education upon Lab completion and returning your survey. Download the Fall Flyer ISC2-Eastbay-chapter-Nov-9-2018-conference
|
||
The IPv4 to IPv6 transition can present issues for an enterprise without resources to redesign its network. Experts and vendors discuss how to ensure IPv6 connectivity. ISC2-Eastbay-chapter-Nov-9-2018-conference – Fall Flyer |
Pricing:(ISC)2 is happy to accept member ID from its partner professional organizations:
Registration after November 1st
If you are experiencing hardship and wish to attend, please have proof of (ISC)2 membership or ISACA membership and reach out to Director Education & Career Development Jing Zhang-Lee, or Registration 8:00 AM – 8:50, Speaker Reception, Closing Remarks and Raffle 5:15 – 6:30 PM |
|
 |
||
| Session 1.1: 9:00 – 10:00 | Meet Ed Horley | 9:00 – 10:00 |
Ed Horley, Chief Executive Officer of HexaBuild, Inc.Celebrating the Sixth Year Anniversary of World IPv6 Launch |
Ed is the Co-Chair of the California IPv6 Task Force, holding that position since 2010. He is an international speaker on IPv6 and is actively involved in the advocacy of IPv6 through his work on the CAv6TF and the North American IPv6 Task Force. He has an extensive background in networking and technology, with over 20 years of experience in designing, deploying and supporting data center and enterprise networks. | 
|
| 1-1: Session Description and More about Ed Horley: Ed is the author of the Apress book Practical IPv6 for Windows Administrators and is a Pluralsight author for two courses, both on IPv6. He was also the technical reviewer or editor for the following titles: Understanding IPv6, Third Edition from Microsoft Press, IPv6 Essentials Third Edition from O’Reilly Media and IPv6 Address Planning from O’Reilly Media. Ed previously worked for IT solutions provider Groupware Technology for seven years, where for the last two years he held the position of VP of Engineering. During his tenure at Groupware, he was instrumental in the development of Groupware’s Cloud Practice as well as the overall growth of its engineering structure and talent.
|
||
| Director of Education & Career Development Jing Zhang-Lee | introduces Carolyn Shek | 10:00-10:15 |
San Francisco, Office of Economic & Workforce Development, on the TechSF
|
Carolyn Shek works for the City & County of San Francisco, Office of Economic & Workforce Development, on the TechSF team which provides a range of services, opportunities, training programs for diverse young adults seeking careers and apprenticeship in the technology industry. |  |
| The City of San Francisco, Office of Economic & Workforce Development partnered with the City College of San Francisco; The Information Security Apprenticeship Program. This is a registered apprenticeship that follows the guidelines established by the California Apprenticeship Council.
Students start with completing a set of prerequisite courses on Information Security at CCSF, (Domain Name Systems, and Introduction to Networks, Network Security and Computer Forensics). Then they are matched with an employer for their apprenticeship, which they will concurrently continue their courses towards the CCSF Certification in Cyber Security. At the successful completion of the program, apprentices are qualified to test for the CISSP Associate Certification! Employers are able to customize their training program to meet their skills needs, human resources strategies and company culture. We are currently recruiting Employers who are interested in hiring our apprenticeship to start at their company as apprentices. This is a great program for companies to make a difference in developing a student’s first step into their new career, at the same time, growing your company’s workforce with diverse talents.
|
||
| Session 1.2: 10:15-11:00 | Meet Michele Guel | 10:15-11:00 |
Imagine 26 BillionMichele Guel, Distinguished Engineer & IOT Security Strategist Cisco Michele has been an avid participant, speaker, teacher, influencer and evangelist in the cybersecurity industry for 30 years. She joined Cisco in March 1996 as the founding member of Cisco’s internal security team. |
During her 22+ years at Cisco, she has had the opportunity to work in many facets of cybersecurity and had the opportunity to establish many “firsts” at Cisco. Michele is one of 7 female Distinguished Engineers across Cisco today. In 2014 she co-founded Cisco’s Women in Cybersecurity Resource Community which focuses on developing the next generation of women cybersecurity leaders and practitioners.
In 2016 she was the recipient of Anita Borg’s 2016 ABIE Women of Vision Technology Leadership Award. |
 Her most recent work focuses on security and privacy strategies for the Internet of Things and the security possibilities for blockchain technology. |
| 1-2 Session Description: This session explores challenges and opportunities with securing assets and information in the Internet of Things. Starting with a thought-provoking potential daily life connected scenario, we’ll explore the implications to our personal data privacy and the exponentially expanding attack surface as our world becomes more connected. While securing the IoT may seem intractable in the face of the flow of new hacks and breaches, there are patterns to the attack vectors and methods do exist that can close the gaps making IoT echo systems defensible.
More about Michele: Outside of Cisco, Michele has been an avid participant, speaker, teacher, influencer and evangelist in the cyber security industry for over 27 years. Her most recent work focuses on developing & codifying the practice and art of information security engineering & architecture. Her motto is all about “Building it in and not bolting it on.”
|
||
| Session 1:3 11:00-11:50 | Meet Benjamin Derr | 11:00-Noon |
Privileged Account Risks and Where to Find Them – Part 2: What are the roles on IOT devices?Benjamin Derr is a Principal Solutions Engineer with CyberArk, and over the last three years, has worked with Fortune 500 organizations and government agencies to help them develop long-term |
cybersecurity strategies built on privileged account security best practices. He has worked for CyberArk for over 3 years, and brings deep technical and business experience to his role, with a focus on areas such as regulatory compliance, policy management, access management, and proactive risk mitigation techniques. Prior to CyberArk, Ben has worked in a variety of roles, and has been in the industry for over 20 years. |  CyberArk, Benjamin Derr
|
| 1-3 Session Description: Accelerate Results: Privileged Account Risks and Where to Find Them – Part 2: What are the roles on IOT devices?
Where it’s imperative to maintain speed and agility without compromising secrets used by privileged admin users, CI/CD tools, homegrown applications, and infrastructure – protect the pipeline and integrity of resulting products. This session will discuss:
|
||
| 1:4 12:30-1:15 | Meet Jun Du | Luncheon with Presentation |
Is Cyber Risk in the Nature of IoT ?Jun Du, Head of Security Research and Analytics at ZingBox Inc.Jun has dedicated the last 16 years to creating software that enables network infrastructure and cybersecurity. He is currently the Head of Security Research and Analytics at Zingbox where he leads a team of data scientists and security researchers leveraging AI and machine learning to develop IoT security solutions. |
Prior to Zingbox, Jun held various engineering and management roles in the networking and security solution providers such as Ericsson, Airespace, and Cisco Systems. Jun led teams that created new generations of network security software leveraging behavioral analytics to detect network breaches. He also helped develop the technology and build the engineering team focused on enterprise wireless during his 8 years at Cisco, when his team helped built all wireless controller models and mobility solutions. Jun is co-holder of multiple patents and has MS degrees from NC State and Beijing University of Telecom. | 
|
| 1-4: Is Cyber Risk in the Nature of IoT ? IPv6 enables IoT but cyber risk is in their nature. Connected devices open endless possibilities for people, including those with malicious intent. This session will use connected medical devices, or IoMT, as examples to illustrate the hard facts about the cyber risks IoT bring to the industry, and more importantly, how to play defense by leveraging an AI-powered risk model combined with real-time detection, service integration, big data, and threat intelligence. Recent advancements in Artificial Intelligence (AI) and Deep Learning are revolutionizing the way enterprises operate, including the way healthcare providers offer care. The same technologies are also leading the way to ensure the provider’s ability to protect their devices from ransomware and data breach and ensure uninterrupted service. In this talk, Mr. Jun Du will explore the challenges in IoT security and solutions that are being applied to healthcare industry today. About Zingbox: Zingbox detects and protects the connected equipment. It provides unparalleled visibility into the Internet of Things (IoT) infrastructure to reveal existing vulnerabilities and hidden threats. Zingbox is a real-time IoT security solution that protects enterprises from cyber and insider threats. Deployed in a non-intrusive way, Zingbox discovers, identifies and classifies assets into IoT categories. It then learns and generates a baseline of normal device behavior and identifies its risk profile. Zingbox detects anomalous behavior to provide real-time policy enforcement. Founded by industry veterans with deep expertise in networking and security, Zingbox is backed by leaders in enterprise security. http://www.zingbox.com |
||
| Session 1:5 1:15-2:15 PM | Meet Alok Batra | 1:15-2:00 PM + QA |
Digitization and the IoT TrapSpeaker Alok Batra, founder of Atomiton, a leader in IoT delivering next-generation intelligent solutions to industrial businesses. Stepping up today Meet Scott Sullivan, Senior Vice President of Sales and Channels at Atomiton
|
Entrepreneur & Executive Specialties: Distributed Systems, Machines, Cloud Architectures & Software enabled Services Roles: Board Member, CEO, President, CTO, Engineering Head – Presenting for Alok, meet Scott: Executive leadership with decades of experience at public and private technology companies that have defined or redefined markets in IIoT, Cloud, Security, and big data analytics. CEO and sales executive experience in private equity backed and publicly traded companies. |  
|
| 1- 5 Digitization and the IoT Trap: Today’s prevailing (and wrong) understanding of IoT has reduced digital enterprises into “lots of data about things”. There are three elements in enterprises: people, things and information. What makes them produce their value is found in the identification and execution of the right processes.
Energy, Retail, & Logistics – share a need to move sensors into the field: When is the right time for security to get involved? As IOT plays an increasing role in the Industrial Space we witness:
|
||
| Session 1.6: 2:15-3:00
Tabletops – join a sponsor lead discussion with a kick off from Jonathan Randall, Maura Jones, and R. Daniel Lee |
Deception Tech Leaders Attivo Networks facilitates planning for your next threat vector, and recent ISACA speaker Maura Jones addresses the increasing vast attack surface of IOT. Table Tops have leaders and facilitators from the following companies – Your task is to develop a facilitated narrative that adds to your existing BCP, DR or BIA | 
|
| 1-6 Session Description: Have you considered new threats from IOT and IPv6 to add into your risk scenarios, your threat chains, and specifically, have you factored this into at least one new tabletop exercise? We welcome back Jonathan Randall, CISSP, and our co-chairs Maura Jones, CISSP, and R. Daniel Lee, CISS to facilitate this group exercise. | ||
Tabletop lab structure allows groups of five or more participants in a guided activity designed to foster the real-world application of core ISC2 education domain topics. Exhibitors and Chapter Members must examine impacts from IPv6 and IOT and the rest is up to you and your mentor. Table leaders include representation from:
|
Have you adjusted your current BCP to account for new challenges in IOT?
Each table has one hour and one facilitator. Your mission is to design one tabletop exercise involving at least one topic from the day. Your effort earns 1 CPE You can also use this time to meet with hiring advisors. All of the companies below are sponsors and attendants. If you want to meet with people directly, please contact the conference director who will arrange your one on one time. |
|
 |
|
 |
 |
|
 |
 |
|
 |
 |
|
 |
 |
|
 |
| 3:15-3:30 PM | Running late? Eat some time. |
We Break 4 Cake |
Cake Sponsors are so sweet!
If we are running late, you may be asked to hurry up and eat your cake |
Are you sweet? Show us by donating cake, bagels, pizza, wine, printed materials, pens, space. We always welcome your swag. Put your logo on EVERYTHING. We’ll take it.
Special thanks to Maura Jones and Asha Kumar for coordinating meals. |
|
| Session 1-7&8: 3:30-5:15 | Meet Sean Codero | Meet Pete Sclafani |
IPv6 TLDR: Everything you didn’t want to know or hear about IPv6 and the changing IPv4 landscape- in less than 12 Parsecs |
Sean Cordero, VP of Cloud Strategy at Netskope |
Pete Sclafani, COO & Co-Founder of 6Connect |
| 1-7 &1-8: Session Description: Everything you didn’t want to know or hear about IPv6 and the changing IPv4 landscape- in less than 12 Parsecs:
The continued and increased rate of IPv6 adoption on a global scale marches on. Internet and Cloud service providers have continued to limit the usage of IPv4 due to cost, performance, and interoperability reasons. Now, the industry-wide shift has started to impact how our users and systems communicate with Internet-based services and placed new security considerations due to this new paradigm. Join industry leaders Pete Sclafani, COO, and co-founder of 6connect, and Sean Cordero, VP of Cloud Strategy at Netskope to hear from them on the impacts IPv6 adoption is having across the industry, the pitfalls to avoid as an organization begins adoption, and the impact to securing Cloud and on-premise based technologies.
Attendees will walk away with real-world examples and actionable steps to empower their understanding and engagement in their organization’s IPv6 efforts and begin
|
||
About Netskope: Netskope is the leader in cloud security. Using patented technology, Netskopeís cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time, whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope ó security evolved.
|
||
We |
Remember |
Robert E. Stroud |
Recognition |
We honor his memory through scholarship. |  |
|
ISACA News
Stroud brought boundless energy and enthusiasm into everything he did for ISACA—and those contributions were many. During his term as board chair, he was a driving force in the launch of ISACA’s Cybersecurity Nexus™ (CSX). Prior to that, he was international vice president of ISACA, a member of the Strategic Advisory Council and Governance Committee, and chair of ISACA’s International Organization for Standardization (ISO) Liaison Subcommittee. He was a COBIT champion and contributed to COBIT 4.0, 4.1 and 5, and numerous COBIT mapping documents. Additionally, he was involved in the creation of ISACA’s Basel II, Risk IT and Val IT guidance. He was deeply engaged with the association for 12 years, serving on more than 15 groups and speaking at countless conferences over that time.
“ISACA lost a dedicated leader, an engaged board member, a passionate colleague and, most notably, a very dear friend,” said ISACA Board Chair Rob Clyde, CISM, in his tribute to Rob Stroud. “Rob was always looking forward to new trends, new challenges, and new opportunities so he could best serve his clients, his colleagues, and his friends, whether bonds were just formed or existed for decades. His exuberance lit up the room wherever he went, and he was truly a guiding light and progressive proponent for the association and our professional community. Rob’s enduring spirit of innovation will continue to influence ISACA and our global family for years to come.”
|
||
Dinner isTexas Barb-B-Q fromArmadillos |
Wine is courtesy of
|
|
 |
||
Securonix |
Platinum Sponsor, live demonstration visualizing the threat, actionable intelligence |
 |
| Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their environment. | Using signature-less anomaly detection techniques that track users, account, and system behavior, Securonix is able to automatically and accurately detect the most advanced cyber threats, insider threats, and fraud attacks. Globally customers are using Securonix to | address the most basic and complex needs around insider threat detection and monitoring, high privileged activity monitoring, data exfiltration, enterprise and web fraud detection, application risk monitoring, cloud security monitoring, cyber threat monitoring, and access risk management. Securonix uses a Hadoop platform to provide unlimited scalability and open data model. http://www.securonix.com |
Skybox SecurityGold sponsor, live demonstration assigning the policy that proves our governance is in place |
|
The software uses analytics to prioritize an organization’s risk exposures and recommends informed action to best address those exposures. These capabilities extend across highly complex networks, including those in physical, virtual, cloud and |
| operational technology (OT) environments. By integrating with more than 120 networking and security technologies, the company’s broad platform, the | Skybox™ Security Suite, enables organizations to reduce security risks that attackers can find and exploit, such as device misconfigurations and | policy violations, as well as exposed and unpatched vulnerabilities. |
NetskopePlatinum Sponsor, live demonstration, mapping the path of business, the evolution of cloud security Netskope is the leader in cloud security. Using patented technology, Netskopeís cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time, |
whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, | Netskope is trusted by the largest companies in the world. Netskope ó security evolved. |
ZscalerGold Sponsor, live demonstration enables secure mobile enterprise in real time, architecting the secure enterprise network Zscaler enables the worldís leading organizations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access, and |
Zscaler Private Access creates fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are unable to match. | Used in more than 185 countries, Zscaler operates the worldís largest cloud security platform, protecting thousands of enterprises and government agencies from cyber attacks and data loss. |
HexaBuild,in addition to making their CEO, Co-Founders and COO available to all of us for the entire day, contributes the morning breakfast and afternoon cake. Sweet! HexaBuild is an IT professional services consultancy comprised of industry-recognized IT subject matter experts |
and thought leaders. Our core team has a combined 60+ years of experience, multiple expert-level vendor certifications, and several publications by recognized technology presses. HexaBuild specializes in managing IPv6 adoption initiatives and large-scale cloud deployments for both enterprises and service providers. | Services include address planning, hardware and software assessments, network/IT environment audits, on-prem to cloud migration and integration, and personnel training. |
CyberArkPlatinum sponsor, CyberArk contributes lab leaders and speakers in addition to actively sponsoring our last summer event. CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the worldís leading companies ó including more than 45% of the Fortune 100 companies ó to protect their highest value information assets, infrastructure, and applications. |
For over a decade CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done. At a time when auditors and regulators are recognizing that privileged accounts are the fast track for cyber attacks and demanding stronger protection, CyberArkís security solutions master | high-stakes compliance and audit requirements while arming businesses to protect what matters most. With offices and authorized partners worldwide, CyberArk is a vital security partner to more than 3,200 global businesses, including more than 45% of the Fortune, 100 more than 25% of the Global 2000, CyberArk has offices in the U.S., Israel, Australia, France, Germany, Italy, Japan, Netherlands, Singapore, Spain, Turkey, and the U.K. |
Saba SoftwareOur Venue Sponsor has contributed their offices and resources to make this day possible. As a result, we will be able to offer a thousand dollars to a local scholarship for students wanting more opportunities in the field of cybersecurity. |
and increases growth and success for thousands of businesses around the world. We help organizations create the catalyst for exceptional employee engagement, with a powerful cloud platform that delivers a continuous development experience – from personalized training and collaboration to real-time coaching, goal setting, and feedback. | Today thousands of customers worldwide, in virtually every industry, count on Saba to engage their people, connect their teams, and get the critical insight they need to prove the impact of talent on business success. |
Attivo Networks sponsors and provides lab leaders and speakers.Attivo Networks® is the leader in deception for cybersecurity defense. Founded in 2011, Attivo Networks provides a comprehensive deception platform that in real-time detects inside-the-network intrusions in networks, public and private data centers, and specialized environments such as Industrial Control System (ICS) SCADA, Internet of Things (IoT), and Point of Sale (POS) environments. Founded on the premise that even the best security systems cannot prevent all attacks, Attivo provides the |
required visibility and actionable, substantiated alerts to detect, isolate, and defend against cyber attacks. Unlike prevention systems, Attivo assumes the attacker is inside the network and uses high-interaction decoys and endpoint, server, and application deception lures placed ubiquitously across the network to deceive threat actors into revealing themselves. With no dependencies on signatures or attack pattern matching, the BOTsink deception server is designed to accurately and efficiently detect the reconnaissance and lateral | The Attivo Multi-Correlation Detection Engine (MCDE) captures and analyzes attacker IPs, methods, and actions that can then be viewed in the Attivo Threat Intelligence Dashboard, exported for forensic reporting in IOC, PCAP, STIX, CSV formats or can be used to automatically update SIEM and prevention systems for blocking, isolation, and threat hunting. The ThreatOps offering simplifies incident response through information sharing, incident response automation, and the creation of repeatable playbooks. |
Unified Compliance Framework sponsors, provide past and future speakers.We welcome The Unified Compliance Framework® (UCF) as a new Silver Sponsor, a speaker and recent ISC2 partner in providing certifications for controls and compliance mapping. |
This patented GRC framework is used as a core component of advanced GRC solutions by leading software publishers, certified auditors and consultants worldwide. Unified Compliance’s dynamic SaaS portal, the Common Controls Hub, provides a new interface to the UCF that aids in extracting needed data from the framework easily and helps compliance professionals keep pace with the ever-evolving regulatory demands, confidently manage risk, and ease resource and budget barriers. The Common Controls Hub gives users rapid access to its massive data repository of more than 90,000 individual mandates from 800-plus laws and standards from around the globe. Sorting through the most up-to-date demands, figuring out which controls | they need to implement and how they overlap is now a quick process with just a few simple mouse clicks.The Common Controls Hub simplifies the need to locate, research, interpret, and reconcile new and evolving mandates by giving compliance professionals the ability to centrally scope, define and maintain regulatory demands online. Companies can now automatically compile custom, harmonized control lists in minutes by vertical industries, market segments, and geographies. |
Allgress wine and location sponsorsAllgress enables enterprise risk, security, and compliance professionals the ability to efficiently manage their risk posture. |
By utilizing advanced visualization, automation, streamlined workflows, and the integration of existing data feeds, Allgress reduces the complexity and cost of risk management. Unlike other risk management solutions, Allgress customers derive value in days rather than months. |  For more information, visit www.allgress.com info@allgress.com or 925.579.0002 |
 |
||
| How to become a member: Please directly contact our Chapter President Tom Rogers and fill out the membership form https://isc2-eastbay-chapter.org/membership/ | ||
 |
 |
Thank you Chevron, for providing us with space and food for the last two years. |
 |
 |
 |
| Thank you, Blackhawk – Thank You, Oracle |  |
 |
| (This 1-day event counts towards 8 hours of Continuing Professional Education CPE) | ||
Your friends and colleagues at (ISC)2 East Bay Chapter chapter can’t wait to see you. We hope you join us in giving special thanks to the conference committee volunteers, without whom, such events would not be possible. Providing weekly meetings, binding flyers, drafting letters, being a liaison to our gracious speakers, updating and proofing our brochures, and assisting in the overall quality management of the Fall Conference, we acknowledge R. Daniell Lee, Atul Kumar, Maura Jones, Jason Hoffman and others as well as all members of the Board of Directors for their added responsibilities in coordinating our conference business, and for all the wisdom provided by the full membership of our board. Your support is greatly appreciated.Yours Sincerely,Robin Basham, Conference Director The (ISC)2 East Bay Chapter Board of Directors
|
||
