Uncategorized

March 2017 – 20 Critical Security Controls

/ roanokeinfosec / Leave a comment

technology.png

Hello all,

I am very pleased to announce that Randy Marchany (I’m sure he’ll sign autographs later) from Virginia Tech has agreed to speak about the 20 Critical Security Controls at our next meeting.  This will be a great presentation from a great speaker, you really want to make this one if you can.  Our meeting will be at ECPI in Roanoke at 5:30pm on the 9th.  I have included the address below.  Thanks to ECPI for hosting this month and all those that make our meetings possible.  You guys rock!

The 20 Critical Security Controls

Defending information systems is becoming more complicated with the introduction of personally owned mobile devices (BYOD) and the Internet of Things (IoT) controllers. Where to spend your cyber defense budget effectively depends on your ability to prioritize where these dollars should be spent.  The 20 Critical Security controls provide a prioritized set of controls and metrics to give you the best chance of actually defending your IT assets. The controls align with a number of well established security standards/frameworks such as ISO 27002, NIST 800-53, PCI among them. This talk describes what the controls are and provides some metrics and spreadsheets for performing a gap analysis of the controls implementation. Virginia Tech is actively implementing the controls and this talk will discuss some of the successes and roadblocks encountered so far.

OK so normally I put a little bio together for our speaker so you have a chance to read a little background on the speaker but honestly Randy is such a cyber superstar that his bio is literally a page long.  So, while not complete here are some highlights of Randy’s bio.  Please check out the link at the bottom of the message for more info on Randy.

Randy is University Information Security Officer for Virginia Tech. He is also the director of the VA Tech IT Security Lab, a component of the university’s Information Technology Security Office.  He is the author of VA Tech’s Acceptable Use Statement and a co-author of the original FBI/SANS Institute’s “Top 10/20 Internet Security Vulnerabilities” document. He is a co-author of the SANS Institute’s “Responding to Distributed Denial of Service Attacks” document that was prepared at the request of the White House in response to the DDOS attacks of 2000.  He is also one of the founders of the Virginia Alliance for Secure Computing and Networking (www.vascan.org), a consortium of security practitioners and researchers from VA Tech, U of Virginia, James Madison Univ., George Mason Univ. He has been a frequent speaker at national and international conferences such as Educause, SANS, IIA, ISACA, ACUA, International CISO symposium, IEEE, NIST, NY State OIT Security conference, FBI-Infraguard chapters, RSA.

Randys Bio

https://members.educause.edu/randy-marchany

ECPI

5234 Airport Rd NW Suite 200

Roanoke, VA 24012

November 2016 – Continuous Pentesting

/ roanokeinfosec / Leave a comment

continuous-battle

The next RISE meeting will be at Virginia Western community college in the Natural Science Center (directions are below). Our speaker will be Darren Manners from SyCom and he will be discussing Redspy365 and the rise of automated pentesting.

redspy

Darren designed this automated approach and he has a list of certs longer than a Nascar race. Come out and learn from one of the innovators in the field.

Here is Darren’s Bio:
Darren is the Lead Penetration Tester for SyCom Technologies, 9 years Royal Naval Intelligence (Communication Technician (Analyst)) Worked for 15 years in various security roles with VAR’s and education. Certifications obtained include; SANS Cyber Guardian (Red/Blue), SANS GSE (#42), CCIE sec (18929), OSCP, CISSP, CISA and others. Written papers on iPhone backup files for penetration testing and anomaly detection using user agent headers. Designer of RedSpy 365, Sphere of Influence (security visualization tool) and Ice-hole. (email phishing tool)
We will be meeting at our usual time of 5:30 pm on November the 10th.
Snacks and drinks will be provided as always.

Location: Charles L. Downs Natural Science Center, Roanoke, VA 24015

Oct 2016 – Your Money or Your Data

/ roanokeinfosec

robbery-ransomware

Join us for an interactive forensics scavenger hunt analyzing a pcap with some of the latest variants of ransomware. We will be looking at how Angler EK can, and often will deliver multiple infections such as Locky, CryptXXX and even some unknown goodies.

This will be an interactive session and I will try to come up with some small goodies to give away for those that solve the pieces to the puzzle first. Please bring a laptop with Wireshark installed to participate. Wireshark is a free protocol analyzer and an excellent tool for you toolbox. You can download it here: https://www.wireshark.org/

If you aren’t sure how to use Wireshark you can review the notes from our May session about Wireshark. There are also some good tutorials on Youtube. These both use the old Wireshark interface, the new one looks a bit different. All of the concepts are the same, some of the menus have just been moved around. If you have it installed, and are familiar with it, the session will be a lot more beneficial to you.

The meeting will be on 10/13 at R&K Solutions, 2797 Frontage Rd NW, STE 1000, Roanoke, VA 24017 at 5:30pm. Google Maps.

Presenter Bio:

Nate Sykes is the IT Director at R&K Solutions. Nate has worked in all areas of system and network administration. He has been involved in different aspects of security for the last 6yrs, mostly involving prevention and detection. He holds GSEC, GMON and Security+ certifications.

Twitter: @n8sec

 

RBTC Cyber Security Forum: Vulnerability Management – May 24th

/ roanokeinfosec / Leave a comment

cyber-security-forum_post-image_may16-d

Don’t miss another great local opportunity to network with area security professionals. The RBTC Cyber Security Form next month is all about vulnerability management. Prior RBTC events have been excellent, and the hors d’oeuvres are not to be missed! Details on the event can be found on the RBTC website: https://rbtc.tech/2016/04/cyber-security-forum-vulnerability-management-may/

 

We’re Growing

/ roanokeinfosec / Leave a comment

growing2

It was awesome to see so many new faces and so many familiar ones at last Thursday’s meeting, thanks again to ECPI for hosting. We ended up running out of chairs!

April meeting1

April meeting2

I hope to see everyone again next month, where we will dive back down in to the weeds and take an in-depth look at Wireshark.

wireshark

Get on the mailing list or check the site for more details once we get them finalized.

Feb 2016 – The Life of a Packet

/ roanokeinfosec / Leave a comment

collection-of-ethernet-wires

In the Feb meeting we heard from Mark Cairns from Cisco about how Cisco fits the security niche.  Here is what Tom Spitnale from SyCom had to say about Mark’s presentation:
“I was impressed with the presentation he delivered to a group in Richmond just before the holidays.  A very granular view of the “life of a packet” as it intersects with security dependent on the circumstances…on premise user, on premise resource, hybrid or cloud resources in the mix, off-premise users, etc. etc.  While the presentation is admittedly developed to deliver a “why Cisco meets this market uniquely” message (and spotlights the functionality that different elements of Cisco’s portfolio addresses, both as point solutions and as a collective/integrated umbrella strategy), the discussion points and path from one scenario into the next really painted the picture, for me, of what modern security professionals are tasked with addressing.  So I feel like “the pitch” aspect is worth “the story” that he tells.”

Mark spoke about some unique ways Cisco can leverage an end to end solution to provide visibility into the network and how it compares to open source solutions.