Menu

Monthly Meeting - April 22, 2019

Identity Intelligence

 

Presenter: Ryan Babbitt

Description:
To protect against breaches, many companies rely primarily on endpoint security measures like anti-malware, anti-phishing, data loss prevention, and/or network security measures. These solutions stop many simple threats and negligent or unintentionally insecure behaviors, but attackers are resourceful and persistent. Constant vigilance is still needed to detect, contain, and respond to malicious attackers and insider threats that thwart or circumvent security controls. For this, log management and security monitoring solutions have risen in popularity due to their capabilities for real-time monitoring, alerting, and investigation of application and system activity; however, they still require significant subject matter knowledge to be made efficient and correlate events between siloed application and system assets. In our presentation, we offer a fresh perspective on security intelligence that focuses on the human dimension -- on users, their business roles, and their access. We describe how existing IAM practices and tools, whether commercial or homegrown, can provide the missing context and rules needed to better identify at-risk, compromised, and malicious users and accounts and improve traceability and accountability of their activities.

Bio:

Ryan Babbitt is a Senior Solutions Architect with Zirous. He joined Zirous in 2012 after completing a M.S. in Computer Science at Iowa State. His time at Zirous has been spent leading and implementing high quality solutions in the IAM space, including Identity Governance, Access Management and MFA, and Privileged Access Management. His interests lately have also included security monitoring and SIEM technologies, particularly as they relate to IAM. He enjoys analyzing complex technical issues, learning new technologies, and is always up for a good discussion.

Where:

Holmes Murphy & Associates
2727 Grand Prairie Pkwy
Waukee, IA 50263

 

Register Here 

 

If you can't physically attend, you can use our webcast. Below is the information for connecting.

Monthly ISSA Chapter Meeting

Please join my meeting from your computer, tablet or smartphone. https://global.gotomeeting.com/join/247310853You can also dial in using your phone. United States +1 (872) 240-3412 Access Code: 247-310-853

 

Read more...

Monthly Meeting - March 25, 2019

Securing the Edge and the Core: Hacking Network Infrastructure

 

Presenter: Nick Stark

Description:
Many times organizations deprioritize patching network infrastructure in favor of patching servers and applications. Who hacks a switch, anyways? In this presentation we’ll talk about the growing body of work focused on networking infrastructure hacking, the damage compromise of a core switch or edge router can do, and what you can do to stay safe.

Bio:

Nick Starke is a Threat Researcher at Aruba Networks, an HPE Company. At Aruba, Nick is focused on breaking network infrastructure as part of the product security team. He lives in the Des Moines, IA area and is a member in the Information Security Community here in the form of memberships with ISSA and SecDSM.

Where:

John Deere Financial
6400 Northwest 86th Street
Johnston, IA 50131

We have limited seating, please only register if you will be physically attending and email the organizer if you need to cancel your registration. We will keep track of everyone who watches remotely and will issue CPEs via email.

If you would like a vegan, gluten free, or alternate lunch option please notify the organizer.

 

Register Here 

 

If you can't physically attend, you can use our webcast. Below is the information for connecting.

Monthly ISSA Chapter Meeting

Please join my meeting from your computer, tablet or smartphone. https://global.gotomeeting.com/join/247310853You can also dial in using your phone. United States +1 (872) 240-3412 Access Code: 247-310-853

 

Read more...

Monthly Meeting -February 25, 2019

How the Information Security Team is Driving Long Term Information Security Transformation

 

Presenter: Linda Betz

Description:
Board of Directors know they need to focus on Information Security, but often don’t know where to start. Linda will share how she educated the board on what they should ask, and provided the answers. Information Security is ever changing, so there needs to be an on-going approach to assess and benchmark the information security program. Linda will share how FHLB is approaching the on-going advancement and monitoring of the Bank’s security program (minus any specific risk details). 

Bio:

Linda Betz, CISO at Federal Home Loan Bank
Linda Betz is the Chief Information Security Officer of the Federal Home Loan Bank of Des Moines. Linda previously was the CISO for Travelers Insurance and IBM. Linda has her PhD in Information Security from Nova Southeastern University, and is currently a member of the board of directors for Financial Services Information Sharing and Analysis Center (FS-ISAC).

Where:

Federal Home Loan Bank of Des Moines
909 Locust St
Des Moines, IA

 

Register Here 

 

If you can't physically attend, you can use our webcast. Below is the information for connecting.

Monthly ISSA Chapter Meeting

Please join my meeting from your computer, tablet or smartphone. https://global.gotomeeting.com/join/247310853You can also dial in using your phone. United States +1 (872) 240-3412 Access Code: 247-310-853

 

Read more...

2019 Members Dinner - January 29, 2019

Location: 
Embassy Club West (Des Moines Embassy Club)
520 Market Street
West Des Moines, IA 50266

 

Time:
5:30PM - 7:30PM
 
Cost:
Free to ISSA Iowa Chapter Members (MEMBERS ONLY)
 
Description

Please join your fellow ISSA Des Moines members for a chapter sponsored evening that includes complimentary cocktails, dinner, and a special speaker flown in specifically for this event! Free CPE’s! Seating is limited, so reserve your spot ASAP! (this dinner will replace the January lunch meeting).

Guest Speaker: Rachel Tobac

Our guest speaker is Rachel Tobac. Rachel is the CEO of SocialProof Security where she helps people and companies keep their data safe by training and pentesting them on social engineering risks. Rachel was also a winner of DEF CON's wild spectator sport, the Social Engineering Capture the Flag contest, 3 years in a row. Rachel has shared her real life social engineering stories with NPR, Huffington Post, Business Insider, TWiT, USA Today and many more. In her remaining spare time, Rachel works as the Chair of the Board for the nonprofit Women in Security and Privacy (WISP) where she works to advance women to lead in the fields.

She'll be speaking on her nonlinear path to infosec, how she went from the neuroscience rat lab to hacking some of the largest companies in the world for a living, emerging cyber security threats, and best practices for keeping small and large business safe from human hackers like herself!

Check out Rachel's SANS KringleCon video: How I Would Hack You: Social Engineering Step-by-Step. https://www.youtube.com/watch?v=L5J2PgGOLtE

 

Register for Members Meeting

Read more...

Monthly Meeting - August 27, 2018

 

SOC for Cybersecurity and Evolving SOC 2 Reporting

Download the Slide Deck Here

Presenters: Phil Nemmers & Robb Ullrich

 

Description:

Ernst & Young LLC will be presenting on the Service Organization Control report process. 

Bios:

Phil Nemmers, Partner Cybersecurity

Phil is a Partner in the Cybersecurity practice with over 30 years of experience supporting clients across various sectors including financial services, health care, telecommunications, retail, consumer products, and aerospace and defense.

Phil is responsible for overseeing EYs compliance and regulatory-related activities
impacted by cybersecurity risk; including:

  • The growing impact of cyber risks on external audits, internal audit activities, and
    third-party attestation activities
  • EY’s outreach activities with various federal regulators across key sectors and
    the legislative branch.

Phil is a Certified Public Accountant, a Certified Information Systems Auditor, and a
Certified Information Technology Professional

Robb Ullrich, Manager
FSO Advisory Services

Robb Ullrich is a Manager in the Financial Services Office - Advisory Services practice of Ernst & Young LLP. He has over eight years of experience in providing IT assurance, service organization control (SOC)
reporting, and advisory services to a broad range of large and middle-market and privately held clients in primarily the insurance, financial services, technology, and healthcare industries.

He has coordinated numerous projects relating to SOC reporting (including both pre-assessment and attestation), cyber security, and IT risk management and assurance, where he has worked with clients to develop effective means to assess, control, monitor, and measure current and emerging IT and cyber risks. Robb has experience in managing large internal control-related projects and currently serves as the engagement
manager on 18 annual SOC 1 and SOC 2 examinations, which focus extensively on the assessment and testing of application controls, IT general computer controls, and alignment with cyber security frameworks. A majority of his clients operate using both mainframe and distributed systems.

Where:

Holmes Murphy & Associates 
2727 Grand Prairie Pkwy 
Waukee, IA 50263

We will meet at the new Holmes Murphy building on Grand Prairie Parkway in Waukee.  Please check in at the security desk at the front entrence and follow the signs to the auditorium. 

If you can't physically attend, you can use our webcast. Below is the information for connecting.

Monthly ISSA Chapter Meeting

Please join my meeting from your computer, tablet or smartphone. https://global.gotomeeting.com/join/247310853You can also dial in using your phone. United States +1 (872) 240-3412 Access Code: 247-310-853

 

Read more...