Monthly Meetings 

 

 

Feb 2017 Training Day

Register Now

 

 

ISACA-Silicon Valley Penetration Testing Workshop -Feb 2017

 

Dates &Timing : Saturday Feb 18 th  &  Sunday Feb 19th , from 8:00am to 5:00 pm each day. 

Location            : Xilinx, Building 4, 2100 Logic Drive, San Jose, California. 

CPE: 15 CPE for Full 2 Days attendance.

Snacks & Lunch will be provided on both days.

Please bring your laptop.   

Fees for the 2-day workshop are:

Current ISACA or (ISC)2 or ISSA member:  $300 
Non-ISACA member                                   :  $350


Space for the workshop is limited, only 35 seats are open !!!! Register early to ensure your spot!

Prequisities:

  • Working knowledge of information security concepts and practices.
  • Basic/Introductory knowledge of Application Security Attacks and Defense Concepts
  • Knowledge of Linux Commands and Tools will help, but NOT required. 
Takeaways: 
  • Detailed Understanding of Security Testing Methodology and Process using world-renowned methodologies and guidelines like PTES and OWASP
  • Introduction to Penetration Testing through Hands-on exercises with Testing tools, Exploit Code and Intentionally Vulnerable Applications - running on Docker Containers
  • Practical Steps to perform Threat Modeling using the Microsoft STRIDE Methodology
  • Introduction to Security Testing in DevOps and Continuous Delivery Pipeline
  • Deep-dive into Scoping, Rules of Engagement and Compliance Considerations for Security Testing
  • Deep-Dive into Vulnerability Management Metrics, Analysis & Reporting

Notes:

  • You must provide your name, employer, citizenship and Email address to register for the workshop, due to requirements from the hosting facility and ISACA

 

Jan 2017 Monthly Meeting

Register Now

Topic I - Landscape of Digital Identities

 Abstract:

Discuss about the major three use cases of Digital IdP and how the industrial organizations are beginning to explore the opportunities in digital identity ecosystem. Analyse the key considerations for future strategy and planning through profiled use cases and  industry trends.


Speaker:

Swaminathan Natarajan is an Information Security Professional with nearly two decades of cyber security & privacy experience with extensive experience in architecting and managing the implementation of enterprise & cloud based Identity & Access management (IAM) solutions.  He has done over 50 IAM implementations and defined over 10 IAM strategy programs for North American and  European Clients . He is working as the Director in PwC CyberSecurity & Privacy Advisory practice,  serving his Clients globally.

Topic 2: Navigating the Cyber Minefield - A Primer in Malware and How to Avoid it.

Abstract:

As technology improves and fuels the growth and proliferation of computing devices in all aspects of life, it is becoming increasingly more difficult to protect oneself as time goes on.  Disclosures of large scale data breaches in both the public and private sector are now commonplace, and scalable on demand cloud services that are cheap and readily available are accelerating the volume and severity of new threats every day. This talk looks at the history and evolution of malware and the motivation behind various attacks while offering practical advice on how to stay safe in an ever expanding digital world.

Speakers: 

Dave Rudeger  is the Director of Cybersecurity Operations and Chief Security Architect at Maxim Integrated, a semiconductor manufacturer specializing in power management, analog and mixed signal processing whose products are used in some of the most recognizable brands in technology. He is responsible for securing all sensitive data and core intellectual property throughout the organization and designing and building security solutions for Maxim's network, systems and applications spanning both on premise and cloud-based architectures. In addition, Dave manages the cybersecurity operations and incident response teams thatactively hunt for and respond to security threats. He has extensive experience in software development, system and database design, and scalable web service architectures and was previously a co-founder for a company that provided secure customer data acquisition services for HP, Toshiba and Equifax among others.

 

Dec 2016 Monthly Meeting

 

No Monthly Meeting - Membership Event

 

Nov 2016 Monthly Meeting

 

No Monthly Meeting

2 Day Conference. Please see ISACA Fall Conference Page.

 

 

Aug 2016 Monthly Meeting

Register Now

Topic I - Security Implications of Employee Account Compromise

Abstract:

Employee accounts are being constantly targeted by black hat teams. Owning the keys to the kingdom leads to large payoffs. Significant breaches in the last couple of years has provided credence to this fact. We will discuss challenges and strategies for combating employee account misuse. The discussion will focus on a deep dive into Privileged Access Management (PAM), its various facets and how to implement (vendor agnostic) effective controls and policies that bolster the security envelope. Additionally, we will show how various compliance regimes like FFIEC, HIPAA, SOC 2 and SOX can benefit from the strategies presented.


Speaker:

Dr. Anirban Banerjee is an entrepreneur (StopTheHacker, Onion ID) in the Internet security space. Anirban has a Ph.D. in Computer Science from the University of California at Riverside and specializes in computer security issues. With over 15 published scientific papers, 4 patents, 2 grants from the National Science Foundation, Dr. Banerjee is a sought-after speaker at industry conferences and is deeply connected in the technical world. Anirban is a recognized authority in using machine learning for web malware detection and anomaly identification.

Topic 2: Taking control of data security: A paradigm shift. 

Abstract:

We know the perimeter of the organization is no longer its network, "User" is the new perimeter. Organizations are allowing ther users to produce mission-critical data on the fly from any place, time and on/through any device. Data itself is becoming big and fat. The "V-force" of data (namely Volume, Value, Vagueness Variety, Velocity, Variability and Visualization) is pushing the limits of compuing, network and storage. Thus, the conventional controls for data integrity, confidentiality and availability need to be re-evaluated for their efficiency and effectiveness. At the same time, the users, who produce data must take more responsibility of their data and its security and privacy throughout its lifecycle.

    

Speakers: 

Sanjay Mathur,CISA, CISM, CRISC, IIA, ISSA is IT Security MAnager @ KLA-Tencor. Sanjay is a leader in Information risk mitigation and IT security, working with big accounting, consulting and Fortune 1000 Companies. An early IT pioneer from India to migrate and work in Asia, Australia, UK and USA, making Silicon Valley his final destination. Currently, he is managing IT security at KLA-Tencor. Prior to which, he was a business leader at Visa managing IT Audits and security architecture initiatives, and an information risk methodology professional with KPMG. He holds a post-graduate degree in Mathematics from (IIT) Delhi and a MBA from Lucknow University. Sanjay has been an evangelist, speaker and a regular contributor on various professional portals and forums. 

 

July 2016 Monthly Meeting

Topic I - Introduction to FedRAMP

Abstract:

FedRAMP is the leading tool used by the federal government to evaluate and secure cloud environments.  FedRAMP is a long process requiring at least seven hundred pages of documentation and months of preparatory work.  However it introduced new concepts and functions that can be used to enhance the cloud environments of commercial as well as federal users.   This talk will introduce the subject matter and provide insights into how FedRAMP compliance integrates with the real world, and how auditors can use FedRAMP documentation and processes to evaluate their own engagements.

Speakers:

John Kenneth Barchie, CISM, CISSP, CRISC,CNE, MCSE is an Information Technology and Information Security Expert with over 15 years in the high-tech and financial industries. John has been engaged to manage, audit, review and improve over 200 information technology departments and to charter corporate security functions.  John is currently the NorthWest Regional Practice Lead for a NationWide Information Security Consultancy, OpenSky corporation.

Lee Neely, CISSP, CISA, CISM, CRISC, GMOB, GPEN, GWAPT, CCUV, a SANS mentor instructor, Senior Cyber Analyst, teaches cyber security courses, including the new cyber security management training, and information system security officer training. He worked with the SANS SCORE project to develop the iOS Step-by-Step Configuration Guide, as well as the Mobile Device Configuration Checklist included in the SEC575 course. A senior IT and security professional at Lawrence Livermore National Laboratory (LLNL), Lee has been involved in many aspects of IT. He currently leads LLNL’s new technology group, working to develop secure implementations of new technology, including developing the secure configurations, risk assessments and policy updates required for its corporate and bring-your-own-device mobile devices.

 

Charlie Deming, Bio to be updated.

_________________________________________________________________________

 

Topic 2: The Future of the IOT and the Urgent Need of Standards

Abstract:

The IOT offers tremendous opportunity with the promise of smart, connected devices, that can manage themselves and provide services without human intervention. With this promise also comes the significant  challenges that any new disruptive technology brings. For the IOT to be successful there will be a requirement for in-depth communication and security standards and therefore a framework that all manufacturer can work within.

Speakers:

Ted Heiman, As a Graduate of California State University, earning two Engineering degrees in electronics and a minor degree in math, Ted Heiman has been a thought leader in the Network Security field for over 25 years. He started his career with the introduction of the first network Firewalls and has remained on the leading edge of technology designed to help the enterprise secure access to their corporate networks. Best known for his role in the deployment of the Common Access Card (CAC) for the Department of Defense, Ted received a letter of recommendation for his role in the Gracie Award winning project. Ted also played a critical role in the deployment of the first On-line Banking solution ever deployed in the US with Sumitomo Bank of California as well as his role in successfully deploying the first ever Supermarket Banking project with Wells Fargo Bank and Safeway Supermarkets. Ted currently manages key strategic accounts in the San Francisco Bay Area for Thales e-Security, the leading provider of Hardware Security Modules.