Our next ISSA meeting is **this Thursday** May 19 and will feature Ovie Carroll, Director of the DoJ Cyber Crime Lab, Computer Crime and Intellectual Property Section (CCIPS)! Ovie will present "Current and Emerging Trends in Digital Forensics."
Our next ISSA meeting will be Thursday, March 31 and will feature Doug Burks and Security Onion! This free meeting is open to the public, so please share with your friends and security colleagues! We'll also have a report from our bi-annual financial audit and we'll be electing officers for the next 2-year term, so please make every effort to attend if you're a member.
Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
Doug Burks started Security Onion in 2008 to provide a comprehensive platform for intrusion detection, network security monitoring, and log management. Today, Security Onion has over 200,000 downloads and is being used by organizations around the world to help monitor and defend their networks. In 2014, Doug started Security Onion Solutions LLC to help those organizations by providing commercial support and training. Doug is a CEO, public speaker, teacher, former president of the Greater Augusta ISSA, and co-founder of BSides Augusta, but what he really likes the most is catching bad guys.
Our next ISSA meeting will be Thursday, December 3 and will feature Jim Salter! This free meeting is open to the public, so please share with your friends and security colleagues!
38 million accounts and 9.7 million credit card transactions from the notorious adultery site leaked this year. How does this affect you? Probably more than you think, whether you were in AM's databases or not. What can we learn from the data exposed in the breach, and what does it tell us about the security posture of not only website owners, but internet users themselves?
Jim Salter (@jrssnet) is an author, mercenary sysadmin, and father of three—not necessarily in that order. He got his first real taste of open source running Apache on his very own dedicated FreeBSD 3.1 server back in 1999, and he's been a fierce advocate of FOSS ever since. He's the author of the Sanoid hyperconverged infrastructure project (http://sanoid.net/). And he's written articles for Ars Technica on everything from next-gen filesystems to NAS distributions.
Our next ISSA meeting will be Thursday, November 5 and will feature Tony Sager! This free meeting is open to the public, so please share with your friends and security colleagues!
Tony Sager is a Senior VP and Chief Evangelist for the Center for Internet Security. He leads the development of the Critical Security Controls, a worldwide consensus project to find and support technical best practices in cybersecurity. His “volunteer army” cuts across all segments of the industry to identify practices that will stop the vast majority of attacks seen today, and then leads projects that will validate, measure, scale, and share these practices for widespread adoption. Tony also serves as the Director of the SANS Innovation Center, a subsidiary of The SANS Institute.
Tony retired from the National Security Agency in June 2012 after 34 years as an Information Assurance professional. He started his career in the Communications Security (COMSEC) Intern Program, and worked as a mathematical cryptographer and a software vulnerability analyst. After moving into leadership positions, Tony helped found and then led the Systems and Network Attack Center, oversaw all Red and Blue Team projects, established and led security product evaluation teams, helped guide the agency's top talent development programs, served as the founding chief of the Vulnerability Analysis and Operations Group (comprised of 700 of the NSA's top technical cybersecurity specialists serving the defensive mission), and was the Chief Operating Officer for the Information Assurance Directorate. Tony also led the release of NSA security guidance to the public starting in 2001, and greatly expanded NSA’s role in the development of open standards for security.
Mr. Sager holds a B.A. in mathematics from Western Maryland College and an M.S. in computer science from The Johns Hopkins University. Tony is also a civilian graduate of the US Army Signal Officer Basic Course and the National Security Leadership Course.
Our next ISSA meeting will be Thursday, June 25 and will feature Hal Pomeranz! This free meeting is open to the public, so please share with your friends and security colleagues!
IR Event Log Analysis
Windows event logs contain a bewildering variety of messages. But homing in on a few key events can quickly profile attacker activity. From administrator logins, to scheduled tasks, to entries related to system services, and more-- the event logs are a one-stop shop. Learn to "crack the code" and enhance your investigations by adding event log analysis to your toolset.
About Hal Pomeranz
Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has worked with law enforcement agencies in the US and Europe and global corporations. Hal is a SANS Faculty Fellow, and a respected author and speaker at industry gatherings worldwide.
Our next ISSA meeting will be Tuesday, March 31 and will feature Eric Conrad! This free meeting is open to the public, so please share with your friends and security colleagues!
Continuous Ownage: Why you Need Continuous Monitoring
Repeat after me, I will be breached. Most organizations realize this fact too late, usually after a third party informs them months after the initial compromise. Treating security monitoring as a quarterly auditing process means most compromises will go undetected for weeks or months. The attacks are continuous, and the monitoring must match.
This talk will help you face this problem and describe how to move your organization to a more defensible security architecture that enables continuous security monitoring.
About Eric Conrad
SANS Principal Instructor Eric Conrad is lead author of the book The CISSP Study Guide. Eric's career began in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and health care. He is now president of Backshore Communications, a company focusing on intrusion detection, incident handling, information warfare, and penetration testing. He is a graduate of the SANS Technology Institute with a master of science degree in information security engineering. In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. Eric also blogs about information security at www.ericconrad.com.
Our next ISSA meeting will be Tuesday January 27 and will feature Rob Lee! This free meeting is open to the public, so please share with your friends and security colleagues!
About Rob Lee
Rob Lee is an entrepreneur and consultant in the Washington, DC area, specializing in information security, incident response, and digital forensics. Rob is currently the curriculum lead and author for digital forensic and incident response training at the SANS Institute in addition to owning his own firm. Rob has more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response.
Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information warfare. Later, he was a member of the Air Force Office of Special Investigations (AFOSI) where he led a team conducting computer crime investigations, incident response, and computer forensics. Prior to starting his own firm, he directly worked with a variety of government agencies in the law enforcement, U.S. Department of Defense, and intelligence communities as the technical lead for a vulnerability discovery and an exploit development team, lead for a cyber forensics branch, and lead for a computer forensic and security software development team. Rob was also a director for MANDIANT, a company focused on investigating advanced adversaries, such as the APT, for four years prior to starting his own business.
Rob co-authored the book Know Your Enemy, 2nd Edition. Rob earned his MBA from Georgetown University in Washington DC. He was awarded the Digital Forensic Examiner of the Year from the Forensic 4Cast Awards. Rob is an ardent blogger about computer forensics and incident response topics at the SANS Computer Forensic Blog. Rob is also a co-author of the MANDIANT threat intelligence report M-Trends: The Advanced Persistent Threat.
The Technology Association of Georgia’s Infrastructure Society, the TAG Greater Augusta Chapter, and leaders from the technology community will join officials from the Army Cyber Command (ARCYBER) Headquarters in Fort Gordon, Georgia for a daylong conference at Georgia Regents University in Augusta entitled, “U.S. Army, Cyber Security and Business Against a Common Foe.”
Topics included in the panel discussion portion of the all-day conference include:
What is cyber security and why should it matter to business?
Infrastructure today and what is required to support ARCYBER?
The financial and technological impact of ARCYBER location in Georgia?
Cyber security: how does business and the government overlap in this increasingly complex space?
Keynote Speaker Admiral Michael S. Rogers Commander of the U.S. Cyber Command, Director of the National Security Agency, and Chief of Central Security When Thursday Oct 23, 2014 10:30AM – 4PM Where J. Harold Harrison, M.D Education Commons on the Health Sciences Campus
Our next ISSA meeting will be Tuesday October 7 and will feature Bryce Galbraith! This free meeting is open to the public, so please share with your friends and security colleagues!
About Bryce Galbraith
As a contributing author of the internationally bestselling book Hacking Exposed: Network Security Secrets & Solutions, Bryce helped bring the secret world of hacking out of the darkness and into the public eye. Bryce has held security positions at global ISPs and Fortune 500 companies, he was a member of Foundstone's renowned penetration testing team and served as a senior instructor and co-author of Foundstone's Ultimate Hacking: Hands-On course series. Bryce is currently the owner of Layered Security where he provides specialized vulnerability assessment and penetration testing services for clients. He teaches several of the SANS Institute's most popular courses and develops curriculum around current topics. He has taught the art of ethical hacking and countermeasures to thousands of IT professionals from a who's who of top companies, financial institutions, and government agencies around the globe. Bryce is an active member of several security-related organizations, he holds several security certifications and speaks at conferences around the world.
Our next ISSA meeting will be Monday July 28 and will feature Alissa Torres! This free meeting is open to the public, so please share with your friends and security colleagues! We will also be conducting official chapter business, so if you're an official ISSA member, please make every effort to attend.
About Alissa Torres
Alissa Torres is a certified SANS instructor, specializing in advanced computer forensics and incident response. Her industry experience includes serving in the trenches as part of the Mandiant Computer Incident Response Team (MCIRT) as an incident handler and working on an internal security team as a digital forensic investigator. She has extensive experience in information security, spanning government, academic, and corporate environments and holds a Bachelors degree from University of Virginia and a Masters from University of Maryland in Information Technology. Alissa has taught as an instructor at the Defense Cyber Investigations Training Academy (DCITA), delivering incident response and network basics to security professionals entering the forensics community. She has presented at various industry conferences and numerous B-Sides events. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.
Our next ISSA meeting will be Thursday July 3 and will feature our very own Mark Baggett! This free meeting is open to the public, so please share with your friends and security colleagues. We will also be conducting official chapter business, so if you're an official ISSA member, please make every effort to attend.
Mark Baggett is the owner of Indepth Defense, an independent consulting firm that offers incident response and penetration testing services. He has served in a variety of roles from software developer to Chief Information Security Officer. Mark is the author of SANS Python for Penetration testers course (SEC573) and the pyWars gaming environment. Mark teaches several classes in SANS Penetration Testing curriculum including SEC504 (Incident Handing), SEC560 (Penetration Testing) and his Python course. Mark is very active in the information security community. Mark is the founding president of The Greater Augusta ISSA (Information Systems Security Association) chapter which has been extremely successful in bringing networking and educational opportunities to Augusta Information Technology workers. As part of the Pauldotcom Team, Mark generates blog content for the "pauldotcom.com" podcast . In January 2011, Mark assumed a new role as the Technical Advisor to the DoD for SANS. Today he assists various government branches in the development of information security training programs.
We've partnered with the Atlanta ISSA chapter to offer a CISSP Prep Workshop to our members! Details have been sent to the members mailing list. If you're not already a member of the Greater Augusta ISSA, you can join today (http://augusta.issa.org/p/membership.html) and request details about the CISSP Prep Workshop.
Our next ISSA meeting will be Tuesday May 6 and will feature John Strand! This free meeting is open to the public, so please share with your friends and security colleagues!
How to Fail at a Pen Test
In this presentation, John will cover some key components that many penetration tests lack, including why it is important to get caught, why it is important to learn from real attackers and how to gain access to organizations without sending a single exploit. Additionally, John will show you how to bypass "all powerful" white listing applications that are often touted as an impenetrable defense.
John Strand is a senior instructor with the SANS Institute. He teaches SEC504: Hacker Techniques, Exploits, and Incident Handling; SEC560: Network Penetration Testing and Ethical Hacking; SEC580: Metasploit Kung Fu for Enterprise Pen Testing; and SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education. John is the course author for SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education and the co-author for SEC580: Metasploit Kung Fu for Enterprise Pen Testing.
When not teaching for SANS, John co-hosts PaulDotCom Security Weekly, the world's largest computer security podcast. He is also the owner of Black Hills Information Security, specializing in penetration testing and security architecture services. He has presented for the FBI, NASA, the NSA, and at DefCon. In his spare time he writes loud rock music and makes various futile attempts at fly-fishing.