Greater Augusta ISSA

The ISSA is an international organization of Information Systems Security Professionals.  The Augusta Chapter meets quarterly.  We invite you to attend our meetings to meet with other local security professionals, to network, share ideas, receive technical training, and to have fun while you earn CPE’s.

Please come and join us at our next meeting.

If you would like to join our ISSA Chapter, please visit http://www.issa.org, click on the Join link, and select “GREATER AUGUSTA” for your local chapter.

MEETINGS
Our Quarterly Meetings are scheduled around a technology presentation, discussion or demonstration. Our meetings generally consist of about 30 minutes of networking, 30 minutes of a business meeting and a 1 hour technical presentation on a relevant security topic. This meeting is open to the public.

CHAPTER BOARD
 President Mark Baggett
 Vice President Leighton Johnson
 Membership Director Doug Burks
 Secretary Joanne Sexton
 Communications Kenneth Searle
 Treasurer Will McGee

LIST SERVE
The Augusta ISSA sponsors a moderated list serve for Augusta Security professionals to network, discuss issues and keep up with chapter happenings.

CONTACT
For more information please contact us at info@augusta.issa.org

EVENTS

==================================================
Greater Augusta ISSA Q4 Public Meeting
==================================================

The Greater Augusta ISSA is proud to have Michael Sutton from ZScaler presenting at our fourth quarter meeting.  This is a public meeting and everyone is invited.  We realize September is technically Q3, but we are all really anxious to hear what Michael has to present!  I've seen Michael present at SpiCon and Blackhat so I am sure you will appreciate what he has to say.  Please make plans to join us for this exciting presentation.  

What: Greater Augusta ISSA Q4 Public Meeting
When: Tuesday Sept. 22nd from 9:00am - 11:00 a.m
Where: Augusta State University in University Hall Room UH-220.  Directions to Augusta State University are at http://www.aug.edu/public_relations/pr_map_campus.htm
Cost: FREE
How: Reserve your seat(s) today!  Send an email to reservations@augusta.issa.org to reserve your seat today.  Do not delay, reserve your seat today!

Speaker: Michael Sutton

Title: Your Browser Wears No Clothes: Why Fully Patched Browsers Remain Vulnerable

Abstract: Gone are the days when installing the latest security patches and avoiding questionable web sites meant a safe web browsing experience. Today, attacks regularly require no client side vulnerabilities whatsoever and leverage reputable web properties to attack unsuspecting visitors. Modern attacks combine social engineering with intended browser functionality to develop frighteningly effective attacks. It is becoming commonplace to see attacks leveraging popular social networking sites such as Facebook, MySpace, Twitter, etc.  While a handful of attacks take advantage of vulnerabilities within the sites themselves, most take advantage of the open nature of such sites. A driving principal for so-called web 2.0 sites is to not build a site for users, but rather allow users to build the site themselves, via user generated content. This fact that has not been lost on attackers who take advantage of this open structure to host malicious content designed to target visitors to the site.  As servers become increasingly locked down, attackers are shifting their attention to end-users. A fundamental challenge in developing a successful client side attack involves encouraging victims to visit a malicious site, a challenge that is trivial if that attack can be hosted at an already popular destination. This talk will study a variety of recent attacks that succeeded against fully patched browsers. We will also discuss what can be expected from attackers going forward and what enterprises should be doing to protect against such attacks.

Speaker BIO:
Michael Sutton - Vice President, Security Research
Michael Sutton has spent more than a decade in the security industry conducting leading-edge research, building teams of world-class researchers and educating others on a variety of security topics. As VP of Security Research, Michael heads Zscaler Labs, the research and development arm of the company. Zscaler Labs is responsible for researching emerging topics in web security and developing innovative security controls, which leverage the Zscaler in-the-cloud model. The team is comprised of researchers with a wealth of experience in the security industry.  
 
Prior to joining Zscaler, Michael was the Security Evangelist for SPI Dynamics where, as an industry expert, he was responsible for researching, publishing and presenting on various security issues. In 2007, SPI Dynamics was acquired by Hewlett-Packard. Previously, Michael was a Research Director at iDefense where he led iDefense Labs, a team responsible for discovering and researching security vulnerabilities in a variety of technologies. iDefense was acquired by VeriSign in 2005. Michael is a frequent speaker at major information security conferences; he is regularly quoted by the media on various information security topics, has authored numerous articles and is the co-author of Fuzzing: Brute Force Vulnerabilities, an Addison-Wesley publication. Michael holds a Master’s degree in Information Systems Technology from George Washington University and a Bachelor of Commerce from the University of Alberta.

==================================================
SANS 401 Security Essentials mentored by Doug Burks in Augusta GA
==================================================

Why should you take SANS 401 Security Essentials?

* Are you a Systems Administrator or Network Engineer who would like to learn more about security? This course gives a very thorough overview of security theory and practice. Additionally, the tools and techniques that you learn in this class are directly applicable to your current job (and will prepare you for the future).

* DoD 8570 Compliance. If you work for the Department of Defense (or would like to), DoD Mandate 8570 requires security certification for any employee performing Information Assurance (security) work. The Security Essentials certification is among those required for 8570. For more information, please see the SANS 8570 page.

* Complement your CISSP. If you've already taken the CISSP, SANS 401 Security Essentials is the perfect technical complement. It takes all the theory that you learned at a high level for the CISSP and applies it in a very practical and updated manner. SANS 401 is "where the rubber meets the road".

* Augment your Windows/Linux skills. Highly experience with Windows, but not so much with Linux? Or the other way around? SANS 401 Security Essentials dedicates an entire section to Windows security and another entire section to Linux security.

* Considering the SANS GSE (GIAC Security Expert) or SANS Masters program? SANS 401 Security Essentials is required for both.

These are just a few reasons to register for SANS 401 Security Essentials. For more information, please see:

SANS 401 Security Essentials mentored by Doug Burks in Augusta GA

Don't forget that ISSA members are eligible for a significant discount! If you would like to register for the ISSA and/or SANS 401, please let us know and we'll be glad to help get you registered.