issa baltimore chapter monthly meeting april 22,...
TRANSCRIPT
ISSA Baltimore Chapter
Monthly Meeting
April 22, 2015
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security, Websense
Board of Directors Bill Smith, CISSP, GSNA, CEH, GPEN, GCFA, GCFE -
President
Sidney Spunt, CISSP - VP Operations
Kevin Drury – Secretary
Carol Klessig, CISSP - VP Professional Development
Rod Zwainz, CISSP, PMP - VP Education
Phil Rogofsky, CISSP, Network+, CPA – Treasurer
Steve Chan, CISSP, PMP – VP Membership
Dennis Dworkowski, CISSP-ISSEP – VP Outreach
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security, Websense
Baltimore Chapter Sponsors
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Agenda / Announcements
Welcome to Parsons, 7110 Samuel Morse Drive, Suite 200 Columbia, Maryland 21046 Non-U.S. Citizen Requirements
Any guests or new members in attendance?
(ISC)2 CPE Submissions – Individual Responsibility
New CISSP and SSCP Domains
Chapter Strategic Plan
Chapter STEM Activity
New Member Promotion
CISSP Chapter Badges / Shirts and Jackets with ISSA-Baltimore Logo
CISSP Study Group Spring 2015 – February 24 thru May 19, 2015
New Location: Phoenix TS
Amazon Affiliates program
LinkedIn Group
Facebook Page – “ISSA-Baltimore Chapter”
Future Meeting schedule
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
New Members
Since February Meeting
265 Total Members
Bradley Cullum
Shane Daniels
Stephen Kapuschansky
Christine L. Kelly
Zachary Kline
Scott Lansing
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Ambyr Leidig
Deborah Maletz
George Manousoyianakis
Dorothy Patterson
Gary Szukalski
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
ISSA International Conference: October 12-15 2015
Keynote Speaker
Vinton G. Cerf
Vice President and Chief Internet Evangelist
Register Now for the ISSA International Conference
| October 12-13, 2015 | Chicago, Illinois, USA |
The first 100 paid attendees will enter into a raffle to receive a
FREE iPad!
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
CISSP Domains, Effective April 15, 2015 •Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business
Continuity)
•Asset Security (Protecting Security of Assets)
•Security Engineering (Engineering and Management of Security)
•Communications and Network Security (Designing and Protecting Network Security)
•Identity and Access Management (Controlling Access and Managing Identity)
•Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
•Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster
Recovery)
•Software Development Security (Understanding, Applying, and Enforcing Software Security)
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Systems Security Certified Practitioner (SSCP)
Domains,
Effective April 15, 2015
* Access Controls * Cryptography
* Security Operations and Administration * Networks and Communications Security
* Risk Identification, Monitoring, and Analysis * Systems and Application Security
* Incident Response and Recovery
* The SSCP indicates a practitioner’s technical ability to tackle the operational demands and
responsibilities of security practitioners, including authentication, security testing, intrusion
detection/prevention, incident response and recovery, attacks and countermeasures, cryptography,
malicious code countermeasures, and more.
New Member Promotion
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Rules:
1. Promotion begins August 1, 2014
2. New member must identify referring member when joining
3. $25.00 Amazon Gift Card awarded to referring member
4. Referring member’s registration must be current
5. Awards will be presented at monthly Chapter meeting
6. Program will run through December 31, 2015 and be re-
evaluated by the board after that time
7. Board of Directors not eligible to participate
Chapter Strategic Plan
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Vision - To be the community of choice for international cybersecurity
professionals dedicated to advancing individual growth, managing
technology risk and protecting critical information and infrastructure
Mission - ISSA is a not-for-profit, international organization of
information security professionals and practitioners. It provides
educational forums, publications, and peer interaction opportunities
that enhance the knowledge, skill, and professional growth of its
members
Change to the Chapter By-laws
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
ARTICLE I: Name
Current:
The name of this organization shall be the Baltimore Metropolitan
Chapter, Information Systems Security Association, Inc., (ISSA)
hereafter referred to as the "Chapter".
Change:
The name of this organization shall be the Central Maryland
Chapter of the Information Systems Security Association, Inc., (ISSA)
hereafter referred to as the "Chapter".
Chapter Strategic Plan-Core Values
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Collaboration - We believe that working together toward a common goal is
essential to the success of the association.
Knowledge Sharing - We encourage knowledge sharing as a result of our belief
that all of us are smarter and more productive than any one of us.
Leadership - We inspire each other to achieve and grow through a shared vision
and passion to excel.
Professional Development - We support the development of our people,
association and profession through positive relationships, dynamic synergies and
innovative growth opportunities.
Innovation - We search for new avenues to improve the Cybersecurity community,
ISSA International and our Chapter
Chapter Strategic Plan-Goals and Strategies
• Goal I:Expand Chapter Influence outside of Howard County Area
• Change chapter name to ISSA of Central Maryland
• Reach out to security companies outside Howard County
• Join and be active the Chesapeake region Tech Council
• Objective 2: Increase Benefit to Members
• Seek out more varied speakers for chapter meetings.
• Develop relationship with other organizations such as other ISSA Chapters, IIA, IEEE Baltimore, and ISACA.
• Create relationships with educational organizations to provide more costs training opportunities such as Phoenix
• Poll members to see what they what additional opportunities they would like the Chapter to pursue.
• Goal 3:Improve Relationship with Companies/Sponsors
• Create Corporate Ambassadors where members represent the Chapter to their employees,
• Start monthly communication/e-mail newsletter to Sponsors
• Host on-site Meet and Greet Events at Large Companies.
• Poll Sponsors to determine what they would like out of Sponsorship.
• Goal 4-Promote Chapter's Identity
• Increase STEM involvement and participation events such in the HoCo STEM Festival.
• Increase involvement in local security events such as CyberMarylandConference;.
• Increase involvement with Howard Tech Council
• Increase support to our Student Chapter at UMBC and explore creating additional student chapters.
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Chapter STEM Activities
• 3rd HoCo STEM Festival-1-5 at HCC on June 7th – Chapter will be hosting a table
– www.stemulatngminds.com
• 1st Maryland STEM Festival November 6-15. – Chapter is an inaugural sponsor at the Supporter level
– Chapter may host an event
– www.marylandstemfestival.org
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
New Member Promotion
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Congratulations - $25.00 Amazon Gift Card winners:
Chris Ambrose
John Barker
Scott Crum
Jody Denner
Chuck Dickens
Charles Dickert *
Devin Elmore *
Ivan Gordon
Monique Mitchner *
Matt Morris
Nick Rapp
Katelin Rowley
Oliver Thomas *
Rod Zwainz *
ISSA-Baltimore
CISSP Study Group
Fall 2015 Schedule
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Phoenix TS, 10420 Little
Patuxent Parkway,
Suite 500
Columbia, MD 21044
17 Feb 15 Kickoff for CISSP - Cancelled Snow
24 Feb 15 Information Security Governance & Risk Management
3 Mar 15 Security Architecture & Design – Cancelled Snow
10 Mar 15 Access Control
17 Mar 15 Access Control
24 Mar 15 Cryptography Part 1
31 Mar 15 Cryptography Part 2
7 Apr 15 Physical & Environmental Security
14 Apr 15 Software Development Security
21 Apr 15 Business Continuity & Disaster Recovery
28 Apr 15 Telecommunications & Network Security Part 1
5 May 15 Telecommunications & Network Security Part 2
12 May 15 Legal, Regulations, Investigations and Compliance
19 May 15 Security Architecture & Design
26 May 15 Operations Security
2 June 15 Practice Exam / Review
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Our New
Chapter Blog !!
As 2015 is now underway, we wanted to provide you with a list of potential networking and
volunteering opportunities tentatively scheduled for this year. We are always looking for members to
assist with various outreach and chapter activities that need to be completed. You may be asking
yourself, what is in it for me? Listed below are several benefits for volunteering your time to help the
Baltimore ISSA chapter out.
• Volunteering provides a chance to learn new skills. Carol Klessig is learning to create a unique
hash tag this weekend. Learning about social media (Twitter) may help Carol add to her resume.
Please email Carol at [email protected] If you would like to be considered
for the new position known as Director of Publicity.
• Helping others learn and encouraging our youth feels great. Rewards are not always monetary.
Encouraging a student can be your chance to pay it forward. This is especially beneficial for recent
graduates or new members in the security field.
• Camaraderie. Social outings like our field trips can be a chance to form a new friendship with
others in the IT field.
• CPE's. Working for the club can generate CPE's that can be used to maintain your certifications.
Currently, we need our website updated and possibly redesigned. Does anyone have a experience
in web design that could assist us with updating or redesigning our current website?
• You can volunteer for just a single event or on a regular basis. A variety of items exist that we
could use assistance with. These items include writing a blog article, greeting members at the door
or assisting with the setup/cleanup at chapter meetings. If you see a position aching to be filled, talk
to one of the board members.
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Rescheduled
September 1, 2015
http://mid-atlantic.issa-conf.org
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Open Software and Trust--Better Than Free?
2-Hour Live Event: Tuesday, April 28, 2015
Start Time: 9:00 a.m. US-Pacific/ 12:00 p.m. US-Eastern/ 5:00 p.m. London
Web Conference Overview:
Last year we were hit with multiple Open Source vulnerabilities. The most significant was Heartbleed, or was it the potential of
Poodle or the other half dozen or so vulnerabilities. If it wasn’t that, then what about ShellShock (the bash bug? The open source
world is supposed to be safer as everyone can examine the software, but are enough experts examining it?
Session Moderator:
Phillip Griffin - ISSA Educational Advisory Council Member
Speakers:
Mark Kadrich- Chief Information Security & Privacy Officer, Health Connect
Timothy Jarrett - Senior Director, Product Marketing, Veracode
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
2015 Meetings and Events
Date Speaker Organization Topic
January 28, 2015 Kathy Worgul Carroll County Business & Employment
Resource Center
How Can LinkedIn Assist in Career
Advancement
February 25, 2015 Robert K. Gardner New World Technology Partners Cyber Risk, Thru the Shareholder Lens
March 25, 2015 Cancelled
April 22, 2015 Anthony
Teelucksingh
United States Department of Justice Insider Threats, or the Case of the Extra 8
Lines of Code
May 20, 2015 Brian E. Dykstra Atlantic Data Forensics, Inc. Murder or Self Defense?
July 27, 2015 Rhonda Ferrell CyberSecurity & Your Professional Life: A
Value-Add Approach
September 1, 2015 Mid-Atlantic ISSA Security Conference,
NIST, Gaithersburg, MD
September 16, 2016 Joint Meeting w/ MD IMMA / Infragard
October 12 – 13, 2015 ISSA International Conference
Chicago Illinois
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Mr. Dykstra has over 19 years experience in investigations, computer forensics, incident response,
network and wireless security testing and information security. Mr. Dykstra was previously the CIO and
Director of Professional Education at Mandiant, Inc. where he was responsible for the development and
management of numerous advanced computer security and cybercrime investigation courses.
Before founding Atlantic Data Forensics (formerly Jones Dykstra and Associates, Inc.), Mr. Dykstra was
the CIO & Director of Professional Education and a founding member of Mandiant, where he was
responsible for the development and management of numerous advanced computer security and
cybercrime investigation courses. Prior to becoming a co-founder of Mandiant (formerly known as Red
Cliff Consulting, LLC), Mr. Dykstra was a Senior Program Manager at Communications Technologies
where he led commercialization efforts of computer security and managed services business groups;
supervised the secure remote management of UNIX and Windows customer and network systems, and
provided technical oversight for business development efforts and technical assistance to commercial
and government sales groups.
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
May 20, 2015 Speaker
Brian E. Dykstra
Atlantic Data Forensics, Inc.
May 20, 2015 Topic
Murder or Self Defense?
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
Brian Dykstra, CEO, Atlantic Data Forensics will review the West Virginia 1st degree murder trial of Michael Ian
Palmer for the pre-meditated killing of his father-in-law Everett Wilson during a home invasion break-in. Mr.
Dykstra will recount the various testimony given during the trial and the digital evidence he was presented with as
the defense computer forensics expert. From bar fights and brass knuckles to Facebook posts and crime scene
investigations West Virginia v Michael Ian Palmer has it all.
April 22, 2015 Speaker
Anthony Teelucksingh Senior Counsel at U.S. Department of Justice
Federal prosecutor in the Criminal Division section responsible for the prosecution of cybercrime, including violations of the
Computer Fraud and Abuse Act. Casework includes the prosecution of computer intrusions, damage to computers, illegal spam,
online extortion, online stalking, identity theft, credit card fraud, and trafficking in counterfeit goods including luxury goods,
pharmaceuticals, software, and motion pictures. Provide expertise to the U.S. Attorneys’ office and federal and state law
enforcement agencies. Provide training to U.S. and foreign law enforcement agencies on electronic evidence, searching and
seizing computers, and courtroom presentations in cybercrime cases.
Represent the United States on cybercrime and privacy matters in multi-lateral international clients including the UN Office on
Drugs and Crime Intergovernmental Experts Group on Cybercrime, International Telecommunications Union, Asia-Pacific Economic
Cooperation Telecommunications Working Group, and Organization of American States. In bilateral discussions with numerous
foreign governments on anti-cybercrime capacity building, privacy, data protection and law enforcement cooperation.
Special Assistant United States Attorney, District of Maryland, to prosecute cases concerning cybercrime and criminal intellectual
property violations
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
April 22, 2015 Topic
Fannie Mae logic-bomb saboteur convicted
ISSA-Baltimore Sponsors:
Interset!, CyberCore Technologies, Phoenix TS,
Parsons, Tenable Network Security
A computer contractor has been convicted of planting a logic bomb on the servers of Fannie Mae, the financially
troubled US housing and mortgage giant.
Rajendrasinh Babubhai Makwana, 36, responded to the termination of his two-year-long spell as a software
development contractor at Fannie Mae in October 2008 by planting a malicious script designed to wipe all the data
from its network on 31 January 2009. Anyone attempting to access data on the system after the logic bomb went
off would have received the message "Server Graveyard".
Fortunately, Fannie Mae sysadmins found the malware days after Makwana left work at the Urbana, Maryland
technology centre and weeks before the logic bomb was due to explode. Subsequent forensic analysis of
computer logs traced the attempted attack back to Makwana's workplace laptop, which yielded more evidence.
Because of his job developing software for Unix boxes, Makwana reportedly had access to the full range of Fannie
Mae's 5,000 servers.