Home About Us Contact
Contacts
Portal Access
Local Jobs
Upcoming Meetings
Past Meetings
ISSA International
Membership
Sponsors
Training / CISSP Prep
Meeting Registration
Newsletter

Sponsors

 

 

  • April 2008 Meeting:

     

Topic:  Encryption Panel Discussion

 

Our new topic is Encryption throughout the IT infrastructure.  A panel of experts, including vendors and consultants, will answer your questions and concerns about real world implementations, including compliance and forensics considerations.  Do you have a regulatory need to encrypt databases, backup tapes, laptops, or email?  What about removable media?  What are common obstacles to implementation?  What type of policy and process needs to be considered before choosing a strategy or technology?

  • March 2008 Meeting:

Topic:  What You Need to Know About Computer and Data Forensics

Please join us in March for a discussion on Computer and Data Forensics. This presentation includes case studies, common mistakes and best practices for the proper collection and investigation of forensic data. Are you aware of all the locations and types of information you would want to preserve for an investigation, and how to avoid losing volatile data? Do you know the key differences between Electronic Discovery and Data Forensics? Whether an organization plans to make forensics a part of an internal or existing incident response program, or outsource to a third party, having knowledge of the processes that need to be in place before an incident or investigation ever occurs is critical.

Audience:   While technical information will be a key part of this presentation, it is also a strategic look at the overall process around forensics investigations making it valuable for IT directors, risk managers and those responsible for computer forensics or incident response within their organizations.

Speaker:   Jeremy Wunsch, founder and CEO of LuciData Inc.
 

  • February 2008 Meeting:

Topic: SANS Community Training Event - Security Essentials

The Denver Chapter of ISSA is excited to join with SANS to bring this condensed training event to our local security community. Join us for a condensed version of SANS Institute’s popular Security 401 - Security Essentials Boot Camp Style course. This course focuses on the key concepts and technologies underlying computer and information security. Tools, such as SNORT, will be used by the instructor to demonstrate concepts. Some of the topics covered by this course include: Risk Assessment and Auditing, Security Technologies, OS Security, and Incident Handling.

Speaker: Richard Fifarek, SANS Institute

Richard has 10+ years experience focusing on UNIX/Linux systems administration and security. He has worked in small start-ups, academia, and large federal organizations ranging from UNIX/Linux systems administration to IT Systems Security Officer. He currently works as a Sr. Systems Administrator for the SANS Institute. Richard holds the GSEC, GCFW, GCIA, GCIH and GCUX certifications.

 

  • January 2008 Meeting:

Topic: Real World Application Security

Presented by the City of Lakewood

Application Security has become a big deal in the last few years as news stories about web vulnerabilities and breaches have become commonplace and regulations such as the PCI Data Security Standard have started requiring security programs to include web applications and secure development lifecycles.
 Is your organization still scratching its head about how to start an Application Security program? Are you curious how other organizations are addressing these issues in a real world environment? What is working, and what is not? Do you start in QA, or in Development?
 Join Denver ISSA and the City of Lakewood in January for a real world look at what an Application Security program looks like for one organization. Boris Naschansky, the City of Lakewood’s CIO, will introduce us to some of the key members of his team who are responsible for the City’s Application Security implementation. They will give you some background on their experience and answer your questions. For any organization with an internet presence, inhouse development, or an interest in securing their applications, this is not to be missed!
 

 

  • October 2007 Meeting:

Topic:  Phishing 2.0: Beyond Identity Theft

This presentation will discuss the evolution of phishing from being a means of stealing user identities to becoming a mainstay of organized crime. Today, phishing is a key component in a "hackers" repertoire. It has been used to hijack online brokerage accounts to aid pump n' dump stock scams, and as a means of creating covert channels from compromised user machines to the Internet. During this talk, Mr. Belani will present the techniques used by attackers to execute such attacks, real-world cases that I have responded to that will provide perspective on the impact, and the corresponding countermeasures.

Speaker:  Rohyt Belani is a Managing Partner and co-founder of the Intrepidus Group.

He is a contributing author for Osborne's Hack Notes – Network Security, as well as Addison Wesley's Extrusion Detection: Security Monitoring for Internal Intrusions.  Mr. Belani is a regular speaker at various industry conferences including Black Hat, OWASP, ASIS, Hack In The Box, Infosec World, DallasCon, CPM and several forums catering to the FBI and US Secret Service agents. Mr. Belani holds a Bachelor of Engineering in Computer Engineering from Bombay University and a Master of Science in Information Networking from Carnegie Mellon University. He currently leads the OWASP Java Project a world-wide consortium of Java security experts.

 

  • September 2007 Meeting:

Topic: The Data Protection Landscape: Integrating Data Auditing with a Layered Defense

It seems that every day we read a report of another data breach. The threat of mass data breaches continues to increase as attackers become more sophisticated in their approaches to penetrate corporate internal networks and acquire valuable data. Companies must also deal with the "threat from within" -- privileged users with valid corporate credentials and access to your most sensitive data. Combine these challenges with the pressures to meet the data auditing requirements of industry compliance regulations like Sarbanes Oxley (SOX) and the Payment Card Industry (PCI), and it's easy to understand why companies are making data auditing a priority in their protection architecture.

There are many approaches to protecting data including data auditing, data monitoring, encryption, data leakage prevention, endpoint monitoring, and others. Do you know which combination of approaches is best for your company? In this presentation we will discuss where the various data protection technologies fit into an effective data security strategy and provide information on how to build a layered data protection defense system for your organization. We will also describe the role of Data Auditing and Monitoring and how it can be used to form the foundation of a layered data protection strategy as well as help you pass your next SOX or PCI audit.
 
Speaker: Brad Foreman, CISSP, CCDA, MCSE Tizor Solution Architect

Mr. Foreman has extensive experience designing and implementing security and network architectures and conducting security assessments. Projects for which he has been responsible include: designing and implementing secure network architectures, assessing information security practices, conducting security policy and standards reviews, and assisting clients with meeting regulatory requirements. Mr. Foreman’s background also includes 13 years leading and supporting networking and information security efforts both in the Federal and Commercial arenas.
 

 

Topic:  Botwars: The Business of Mass Exploitation

Speaker Charles Renert

Speaker Bio - Charles has been conducting computer security research and development for over ten years. His previous work includes analyzing hundreds of real-world security threats, development of scanning engines and heuristic techniques for Norton AntiVirus, co-founding and managing the Symantec Antivirus Research Center (now known as Symantec Security Response), and collaborating with IBM Research on the Digital Immune System. He has written numerous security papers and is a frequent presenter at international computer security conferences.

Renert earned his master's degree in computer science at the University of California, San Diego and his bachelor's degree in mathematics from the University of California, Los Angeles

 

  • March 2007 Meeting:

Topic:  Security, DNS, Attacks (like DNS root server) & New Solutions!

Come hear about DNS Security from the man who wrote the book - literally. Organizations and internet users rely on, and trust, all tiers of DNS services to be always available and provide accurate information. Threats to the availability and integrity of DNS services should concern all organizations. Learn about how today's DNS attacks can send customers or employees to malicious and fraudulent websites without their knowledge, launch successful Denial of Service campaigns, or obtain confidential information about your internal network. What can organization's do to harden their DNS infrastructure at all levels against common vulnerabilities, loss of availability, and information leaks? And, finally, what will future DNS changes mean for organizations and all internet users?

Speaker:  Cricket Liu

Cricket Liu is an authority on the Domain Name System and the co-author of all of O'Reilly & Associates' Nutshell Handbooks on DNS, including the classic DNS and BIND. Cricket helps guide the development of Infoblox's product strategy and service offerings, and serves as a liaison between Infoblox and the technical community. He worked for Hewlett-Packard for nearly ten years, where he ran hp.com, one of the largest corporate domains in the world, and helped found HP's Internet consulting business. Cricket later co-founded his own Internet consulting and training company, Acme Byte & Wire. After Network Solutions acquired Acme Byte & Wire, Cricket became Director of DNS Product Management.

 

Topic:  Are you secure?  Assessing Your Security With Vulnerability Assessments & Penetration Testing.

Speaker:  Peter Black is the Senior Network Security Engineer for Southern Ute,

CCSP, CCDP, CCNP, CEH, CHFI, ECSA, LPT, CCSE

Shared Services in Ignacio, Colorado. 

Southern Ute Shared Services provides internet, email, Financial Application & Human Resource

Application services to the various business units of this organization.  Peter's main responsibility is maintaining the confidentiality, integrity, and availability of all information assets of the Southern Ute Indian Tribe.  His methods for maintaining a secure environment start with developing and implementing mutli-layered security architectures, then completing vulnerability assessments and active penetration testing to measure and improve security controls.Peter has been in the information security and networking arenas for almost 10 years.  He has worked for companies such as Lucent/Avaya, Cendant, and PeopleSoft.  Currently, he has 19 active professional certifications including:
  • Certified Ethical Hacker
  • Licensed Penetration Tester  (one of the first in the world)
  • Cisco Certified Security Professional
  • Checkpoint Certified Security Expert
  • INFOSEC  (granted by the National Security Agency & Committee for National Security Systems)
  • Peter plans on sitting for his CCIE Security Lab in June.
  • Some of the items he will discuss.
  • What is a Penetration Test
  • Why would you want a Pen-Test
  • Choosing a service
  • The different types of approach
  • Deliverables
  • What is a Vulnerability assessment
  • How are Pen-Tests & Vulnerability Assessment alike/different

 

  • January 2007 Meeting
Topic:  Security Risks for 2007:  How to create Policies that are forward looking while ensuring your structure and implementation can support that policy.

When: 11:30 AM - Wednesday Jan. 10th 2007

Location: Dave & Busters is the venue (Northern location - 10667 WESTMINSTER BLVD, WESTMINSTER, CO 80020-4174)

Speaker: Mark Connelly- CISO for Sun Microsystems.

Mark Connelly is Chief Information Security Officer for SMI. He is responsible for securing the digital assets within Sun IT. The functions include prevention/protection against SPAM, Virus attacks, Intrusion Detection, threat vulnerability assessments, overall IT Security Management, Incident Mgmt, Security Awareness, Standards/Procedure development and deployment. In so doing preserving the Confidentiality, Integrity, and Availability of Information for SMI to conduct business reliably. He works closely with industry groups and government on issues related to IT security and public policy in the technology and security arena. He is in alliance with SMIs Chief Security Officer- Whitfield Diffie, who is responsible for driving Sun's Security Vision and strategy to achieve that Vision. In addition, Mark's efforts align with the requirements in data privacy and is closely aligned with SMI's Chief Privacy Officer for Sun Microsystems, Inc. This alliance triad provides a robust vision, practice, policies, applied technologies and services to ensure SMIs continued reliable services built on SMI and partner technologies.

Mark has been with Sun Microsystems over 18 years. He recently held the position as V.P. IT responsible for all SMI Customer Resource and Call Management Systems solutions to support a SMI revenue stream of over $11B. Prior to his position as V.P. IT he was V.P. Global Systems Engineering for Sun. In addition, he has held Senior Management positions as Systems Engineering Director in both domestic and global markets. He has also been Director for Enterprise Engineering in the Computer Systems Product group and Director for WorldWide Systems Engineering for Software Development Products in Sun Microsystems Software Product Group. He has architected and led key Availability and Quality Initiatives and programs for SMI. Prior to Sun, Mark held the position of Member of Technical Staff for 8 years with AT&T Bell Labs in N.J. He holds an M.S.E.E. from the Server Institute at Washington University, St. Louis, MO., a B.A. from Washington University St. Louis, MO., and an M.A. from University of Missouri - Columbia, MO. He has over 25 years of experience in the computer and technology industry.

 

Past Meeting Minutes:

 
What's New:
We have a new CISSP study group starting.  Please look within our portal for more information. Click here for more details.
The Latest Security News...
 
 
Copyright 2006 - ISSA Denver rights reserved