issa baltimore chapter monthly meeting april 22,...

ISSA Baltimore Chapter

Monthly Meeting

April 22, 2015

ISSA-Baltimore Sponsors:

Interset!, CyberCore Technologies, Phoenix TS,

Parsons, Tenable Network Security, Websense

Board of Directors Bill Smith, CISSP, GSNA, CEH, GPEN, GCFA, GCFE -

President

Sidney Spunt, CISSP - VP Operations

Kevin Drury – Secretary

Carol Klessig, CISSP - VP Professional Development

Rod Zwainz, CISSP, PMP - VP Education

Phil Rogofsky, CISSP, Network+, CPA – Treasurer

Steve Chan, CISSP, PMP – VP Membership

Dennis Dworkowski, CISSP-ISSEP – VP Outreach



Parsons, Tenable Network Security, Websense

Baltimore Chapter Sponsors



Parsons, Tenable Network Security

Agenda / Announcements

Welcome to Parsons, 7110 Samuel Morse Drive, Suite 200 Columbia, Maryland 21046 Non-U.S. Citizen Requirements

Any guests or new members in attendance?

(ISC)2 CPE Submissions – Individual Responsibility

New CISSP and SSCP Domains

Chapter Strategic Plan

Chapter STEM Activity

New Member Promotion

CISSP Chapter Badges / Shirts and Jackets with ISSA-Baltimore Logo

CISSP Study Group Spring 2015 – February 24 thru May 19, 2015

New Location: Phoenix TS

Amazon Affiliates program

LinkedIn Group

Facebook Page – “ISSA-Baltimore Chapter”

Future Meeting schedule




New Members

Since February Meeting

265 Total Members

Bradley Cullum

Shane Daniels

Stephen Kapuschansky

Christine L. Kelly

Zachary Kline

Scott Lansing




Ambyr Leidig

Deborah Maletz

George Manousoyianakis

Dorothy Patterson

Gary Szukalski




ISSA International Conference: October 12-15 2015

Keynote Speaker

Vinton G. Cerf

Vice President and Chief Internet Evangelist

Google

Register Now for the ISSA International Conference

| October 12-13, 2015 | Chicago, Illinois, USA |

The first 100 paid attendees will enter into a raffle to receive a

FREE iPad!




CISSP Domains, Effective April 15, 2015 •Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business

Continuity)

•Asset Security (Protecting Security of Assets)

•Security Engineering (Engineering and Management of Security)

•Communications and Network Security (Designing and Protecting Network Security)

•Identity and Access Management (Controlling Access and Managing Identity)

•Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

•Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster

Recovery)

•Software Development Security (Understanding, Applying, and Enforcing Software Security)




Systems Security Certified Practitioner (SSCP)

Domains,

Effective April 15, 2015

* Access Controls * Cryptography

* Security Operations and Administration * Networks and Communications Security

* Risk Identification, Monitoring, and Analysis * Systems and Application Security

* Incident Response and Recovery

* The SSCP indicates a practitioner’s technical ability to tackle the operational demands and

responsibilities of security practitioners, including authentication, security testing, intrusion

detection/prevention, incident response and recovery, attacks and countermeasures, cryptography,

malicious code countermeasures, and more.





Rules:

1. Promotion begins August 1, 2014

2. New member must identify referring member when joining

3. $25.00 Amazon Gift Card awarded to referring member

4. Referring member’s registration must be current

5. Awards will be presented at monthly Chapter meeting

6. Program will run through December 31, 2015 and be re-

evaluated by the board after that time

7. Board of Directors not eligible to participate

Chapter Strategic Plan




Vision - To be the community of choice for international cybersecurity

professionals dedicated to advancing individual growth, managing

technology risk and protecting critical information and infrastructure

Mission - ISSA is a not-for-profit, international organization of

information security professionals and practitioners. It provides

educational forums, publications, and peer interaction opportunities

that enhance the knowledge, skill, and professional growth of its

members

Change to the Chapter By-laws




ARTICLE I: Name

Current:

The name of this organization shall be the Baltimore Metropolitan

Chapter, Information Systems Security Association, Inc., (ISSA)

hereafter referred to as the "Chapter".

Change:

The name of this organization shall be the Central Maryland

Chapter of the Information Systems Security Association, Inc., (ISSA)

hereafter referred to as the "Chapter".

Chapter Strategic Plan-Core Values




Collaboration - We believe that working together toward a common goal is

essential to the success of the association.

Knowledge Sharing - We encourage knowledge sharing as a result of our belief

that all of us are smarter and more productive than any one of us.

Leadership - We inspire each other to achieve and grow through a shared vision

and passion to excel.

Professional Development - We support the development of our people,

association and profession through positive relationships, dynamic synergies and

innovative growth opportunities.

Innovation - We search for new avenues to improve the Cybersecurity community,

ISSA International and our Chapter

Chapter Strategic Plan-Goals and Strategies

• Goal I:Expand Chapter Influence outside of Howard County Area

• Change chapter name to ISSA of Central Maryland

• Reach out to security companies outside Howard County

• Join and be active the Chesapeake region Tech Council

• Objective 2: Increase Benefit to Members

• Seek out more varied speakers for chapter meetings.

• Develop relationship with other organizations such as other ISSA Chapters, IIA, IEEE Baltimore, and ISACA.

• Create relationships with educational organizations to provide more costs training opportunities such as Phoenix

• Poll members to see what they what additional opportunities they would like the Chapter to pursue.

• Goal 3:Improve Relationship with Companies/Sponsors

• Create Corporate Ambassadors where members represent the Chapter to their employees,

• Start monthly communication/e-mail newsletter to Sponsors

• Host on-site Meet and Greet Events at Large Companies.

• Poll Sponsors to determine what they would like out of Sponsorship.

• Goal 4-Promote Chapter's Identity

• Increase STEM involvement and participation events such in the HoCo STEM Festival.

• Increase involvement in local security events such as CyberMarylandConference;.

• Increase involvement with Howard Tech Council

• Increase support to our Student Chapter at UMBC and explore creating additional student chapters.




Chapter STEM Activities

• 3rd HoCo STEM Festival-1-5 at HCC on June 7th – Chapter will be hosting a table

– www.stemulatngminds.com

• 1st Maryland STEM Festival November 6-15. – Chapter is an inaugural sponsor at the Supporter level

– Chapter may host an event

– www.marylandstemfestival.org




http://www.stemulatngminds.com/





Congratulations - $25.00 Amazon Gift Card winners:

Chris Ambrose

John Barker

Scott Crum

Jody Denner

Chuck Dickens

Charles Dickert *

Devin Elmore *

Ivan Gordon

Monique Mitchner *

Matt Morris

Nick Rapp

Katelin Rowley

Oliver Thomas *

Rod Zwainz *

ISSA-Baltimore

CISSP Study Group

Fall 2015 Schedule




Phoenix TS, 10420 Little

Patuxent Parkway,

Suite 500

Columbia, MD 21044

17 Feb 15 Kickoff for CISSP - Cancelled Snow

24 Feb 15 Information Security Governance & Risk Management

3 Mar 15 Security Architecture & Design – Cancelled Snow

10 Mar 15 Access Control

17 Mar 15 Access Control

24 Mar 15 Cryptography Part 1

31 Mar 15 Cryptography Part 2

7 Apr 15 Physical & Environmental Security

14 Apr 15 Software Development Security

21 Apr 15 Business Continuity & Disaster Recovery

28 Apr 15 Telecommunications & Network Security Part 1

5 May 15 Telecommunications & Network Security Part 2

12 May 15 Legal, Regulations, Investigations and Compliance

19 May 15 Security Architecture & Design

26 May 15 Operations Security

2 June 15 Practice Exam / Review




Our New

Chapter Blog !!

As 2015 is now underway, we wanted to provide you with a list of potential networking and

volunteering opportunities tentatively scheduled for this year. We are always looking for members to

assist with various outreach and chapter activities that need to be completed. You may be asking

yourself, what is in it for me? Listed below are several benefits for volunteering your time to help the

Baltimore ISSA chapter out.

• Volunteering provides a chance to learn new skills. Carol Klessig is learning to create a unique

hash tag this weekend. Learning about social media (Twitter) may help Carol add to her resume.

Please email Carol at [email protected] If you would like to be considered

for the new position known as Director of Publicity.

• Helping others learn and encouraging our youth feels great. Rewards are not always monetary.

Encouraging a student can be your chance to pay it forward. This is especially beneficial for recent

graduates or new members in the security field.

• Camaraderie. Social outings like our field trips can be a chance to form a new friendship with

others in the IT field.

• CPE's. Working for the club can generate CPE's that can be used to maintain your certifications.

Currently, we need our website updated and possibly redesigned. Does anyone have a experience

in web design that could assist us with updating or redesigning our current website?

• You can volunteer for just a single event or on a regular basis. A variety of items exist that we

could use assistance with. These items include writing a blog article, greeting members at the door

or assisting with the setup/cleanup at chapter meetings. If you see a position aching to be filled, talk

to one of the board members.




Rescheduled

September 1, 2015

http://mid-atlantic.issa-conf.org




Open Software and Trust--Better Than Free?

2-Hour Live Event: Tuesday, April 28, 2015

Start Time: 9:00 a.m. US-Pacific/ 12:00 p.m. US-Eastern/ 5:00 p.m. London

Web Conference Overview:

Last year we were hit with multiple Open Source vulnerabilities. The most significant was Heartbleed, or was it the potential of

Poodle or the other half dozen or so vulnerabilities. If it wasn’t that, then what about ShellShock (the bash bug? The open source

world is supposed to be safer as everyone can examine the software, but are enough experts examining it?

Session Moderator:

Phillip Griffin - ISSA Educational Advisory Council Member

Speakers:

Mark Kadrich- Chief Information Security & Privacy Officer, Health Connect

Timothy Jarrett - Senior Director, Product Marketing, Veracode

2015 Meetings and Events

Date Speaker Organization Topic

January 28, 2015 Kathy Worgul Carroll County Business & Employment

Resource Center

How Can LinkedIn Assist in Career

Advancement

February 25, 2015 Robert K. Gardner New World Technology Partners Cyber Risk, Thru the Shareholder Lens

March 25, 2015 Cancelled

April 22, 2015 Anthony

Teelucksingh

United States Department of Justice Insider Threats, or the Case of the Extra 8

Lines of Code

May 20, 2015 Brian E. Dykstra Atlantic Data Forensics, Inc. Murder or Self Defense?

July 27, 2015 Rhonda Ferrell CyberSecurity & Your Professional Life: A

Value-Add Approach

September 1, 2015 Mid-Atlantic ISSA Security Conference,

NIST, Gaithersburg, MD

September 16, 2016 Joint Meeting w/ MD IMMA / Infragard

October 12 – 13, 2015 ISSA International Conference

Chicago Illinois




Mr. Dykstra has over 19 years experience in investigations, computer forensics, incident response,

network and wireless security testing and information security. Mr. Dykstra was previously the CIO and

Director of Professional Education at Mandiant, Inc. where he was responsible for the development and

management of numerous advanced computer security and cybercrime investigation courses.

Before founding Atlantic Data Forensics (formerly Jones Dykstra and Associates, Inc.), Mr. Dykstra was

the CIO & Director of Professional Education and a founding member of Mandiant, where he was

responsible for the development and management of numerous advanced computer security and

cybercrime investigation courses. Prior to becoming a co-founder of Mandiant (formerly known as Red

Cliff Consulting, LLC), Mr. Dykstra was a Senior Program Manager at Communications Technologies

where he led commercialization efforts of computer security and managed services business groups;

supervised the secure remote management of UNIX and Windows customer and network systems, and

provided technical oversight for business development efforts and technical assistance to commercial

and government sales groups.




May 20, 2015 Speaker

Brian E. Dykstra

Atlantic Data Forensics, Inc.

May 20, 2015 Topic

Murder or Self Defense?




Brian Dykstra, CEO, Atlantic Data Forensics will review the West Virginia 1st degree murder trial of Michael Ian

Palmer for the pre-meditated killing of his father-in-law Everett Wilson during a home invasion break-in. Mr.

Dykstra will recount the various testimony given during the trial and the digital evidence he was presented with as

the defense computer forensics expert. From bar fights and brass knuckles to Facebook posts and crime scene

investigations West Virginia v Michael Ian Palmer has it all.

April 22, 2015 Speaker

Anthony Teelucksingh Senior Counsel at U.S. Department of Justice

Federal prosecutor in the Criminal Division section responsible for the prosecution of cybercrime, including violations of the

Computer Fraud and Abuse Act. Casework includes the prosecution of computer intrusions, damage to computers, illegal spam,

online extortion, online stalking, identity theft, credit card fraud, and trafficking in counterfeit goods including luxury goods,

pharmaceuticals, software, and motion pictures. Provide expertise to the U.S. Attorneys’ office and federal and state law

enforcement agencies. Provide training to U.S. and foreign law enforcement agencies on electronic evidence, searching and

seizing computers, and courtroom presentations in cybercrime cases.

Represent the United States on cybercrime and privacy matters in multi-lateral international clients including the UN Office on

Drugs and Crime Intergovernmental Experts Group on Cybercrime, International Telecommunications Union, Asia-Pacific Economic

Cooperation Telecommunications Working Group, and Organization of American States. In bilateral discussions with numerous

foreign governments on anti-cybercrime capacity building, privacy, data protection and law enforcement cooperation.

Special Assistant United States Attorney, District of Maryland, to prosecute cases concerning cybercrime and criminal intellectual

property violations




April 22, 2015 Topic

Fannie Mae logic-bomb saboteur convicted




A computer contractor has been convicted of planting a logic bomb on the servers of Fannie Mae, the financially

troubled US housing and mortgage giant.

Rajendrasinh Babubhai Makwana, 36, responded to the termination of his two-year-long spell as a software

development contractor at Fannie Mae in October 2008 by planting a malicious script designed to wipe all the data

from its network on 31 January 2009. Anyone attempting to access data on the system after the logic bomb went

off would have received the message "Server Graveyard".

Fortunately, Fannie Mae sysadmins found the malware days after Makwana left work at the Urbana, Maryland

technology centre and weeks before the logic bomb was due to explode. Subsequent forensic analysis of

computer logs traced the attempted attack back to Makwana's workplace laptop, which yielded more evidence.

Because of his job developing software for Unix boxes, Makwana reportedly had access to the full range of Fannie

Mae's 5,000 servers.

issa baltimore chapter monthly meeting april 22,...

Documents