April 2021 – Mitigating the Risk in the New Operating Paradigm

March 31, 2021 / roanokeinfosec

Many of us have crossed the one-year marker of operating under COVID19 restrictions. Upon awakening to remote work as a requirement for worker safety, businesses rushed to implement remote access and collaboration tools. Although the tools and capabilities are nothing new, the scale of implementation and types of users consuming them was previously unanticipated for some in leadership and security departments.

Renee Tarun, Deputy CISO & VP of Information Security at Fortinet, joins us this April to discuss how we must adapt to identifying and managing risk in this new operating paradigm:

We have seen 2020 be an unprecedented year for networking and security teams with the explosion of digital transformation and remote working. Rapid pivoting of people, process, and technology to adjust to new operational norms has ensured business continuity, but it hasn’t come without additional security challenges and risks. With more connected people, applications, and devices, organizations need to have a holistic approach to managing cyber risk. With no end in sight to this new shifting landscape and with adversaries on our heels, how do we prepare for what lies ahead? This session will focus on ensuring we addressed the security and network risks of today and are prepared for the challenges of tomorrow.

Event Details

April 8th, 2021 @ 5:30pm

Virtual Event – sign up to RISE email list for connection info

Presenter Bio:

Renee Tarun has over 20 years’ experience in the cybersecurity and information technology fields with leadership experience in development and engineering, operations, strategy, policy, and portfolio management, across the intelligence community, law enforcement, and private industry.

As Deputy CISO at Fortinet, she focuses on enterprise security, compliance and governance, and product security. Prior to joining Fortinet, she served as Special Assistant to the Director, National Security Agency (NSA), for Cyber and Director of NSA’s Cyber Task Force, in which she advanced NSA’s execution of its cybersecurity and cyber-related missions by overseeing resources; defining and integrating mission capabilities; and shaping agency strategy and national level policy at the White House.

Renee is also a board member for the George Mason University Volgenau School of Engineering, creating synergy between the school and the professional community by addressing workforce development demands, industry expectations, and employment trends.

Va Cyber Range presents: VACyberEduCon21

March 14, 2021 / roanokeinfosec

Save the date! On July 20-22, 2021, the Virginia Cyber Range presents the 2021 Cybersecurity Education Conference. This will be a virtual conference and the Call for Proposals is open for workshops and presentations fitting this year’s theme: “Cracking the Code to Cybersecurity Education”. Follow the link above fore more information and stay tuned to the Virginia Cyber Range website or Twitter (@VaCyberRange) for more information.

Meeting Notes – February 2021

March 14, 2021 / roanokeinfosec

We thank Randy Marchany for returning to discuss the Critical Security Controls. Find recording of the event on our YouTube channel.

Presentation Slides from meeting Download

Reference Links:

AuditScripts.com – Critical Security Controls resources

Meeting Notes – January 2021

March 6, 2021March 13, 2021 / roanokeinfosec

Thanks Darrell Little for an introduction to using Jupyter Notebooks for data science and applications in cybersecurity analysis.

Introduction to Jupyter Notebooks Download

Jupyter Notebooks – data connection handout Download

Links of Interest

SANS API List

Using SANS API to Track Attackers

Intro to Jupyter Notebooks

Infosec Jupyterthon

Threat Hunter Playbook – Mordor Dataset

March 2021 – Quantum Computing – Fact vs Fiction

March 4, 2021March 4, 2021 / roanokeinfosec

For March 2021 Rob Perry (CISO from Carilion Clinic) returns with an insightful look at quantum computing and how it could potentially change the IT Security landscape. Never wanting to shy away from the more technical topics Rob’s previous talk regarding BlockChain challenged the most well held beliefs regarding its usage and forced us to look at Block Chain differently. Now we have an opportunity to see where he will take us in this talk. Don’t miss a great opportunity to hear from a local industry leader as we cover “Quantum Computing – Fact vs Fiction”. This meeting will be virtual, and we will send connection details prior to the event. Hope to see you there!

Event Details

March 11th, 2021 @ 5:30pm,

Virtual Event – sign up to RISE email list for connection info

Subject of discussion:

Talk of recent advances in quantum computing has security professionals wondering if encryption algorithms like RSA are now vulnerable and need to be replaced or completely discarded. This talk will provide a brief overview of quantum computing and then pragmatically evaluate whether quantum computing is rewriting the security landscape or if quantum more closely resembles the hype of AI / artificial intelligence. Drinks will be served (virtually), so have your favorite beverage handy.

Presenter Bio:

Robert Perry is the Chief Information Security Officer (CISO) for Carilion Clinic, one of the largest hospitals and healthcare providers based in southwest Virginia, serving nearly one million in the Virginia community and surrounding areas.

As an expert in the technology industry, Mr. Perry’s charismatic speaking style and passion for technology and cybersecurity have made him a sought after speaker at conferences. Speaking topic range in areas including: cybersecurity systems, and tools, attack and counter attack cybersecurity response systems, authentication and access control.

Mr. Perry is a high performance IT leader with over 20 years’ experience managing cybersecurity, technology systems and networking. His business and technology experience has allowed Mr. Perry to align technology initiatives with corporate and organizational business objectives.

He holds dual masters degrees: Masters in Technology Management and a Masters of Business Administration (MBA). Mr. Perry’s licenses and certificates include: CISSP (retired), CISA, CCSP, and CCNA-Voice

February 2021 – 20 Critical Security Controls: How You Doin’?

January 27, 2021 / roanokeinfosec

RISE regulars know we are fans of the Center for Internet Security’s Critical Security Controls. Renowned cybersecurity expert Randy Marchany joins us in February to share experiences and recommendations on implementation.

Continue reading →

January 2021 – Cybersecurity Analysis with Jupyter Notebooks

January 10, 2021 / roanokeinfosec

In our next virtual event, local tech organizer Darrell Little demonstrates use of Jupyter Notebooks and Python for Cybersecurity Analysis.

Continue reading →

Meeting Notes – December 2020

December 19, 2020 / roanokeinfosec

We posted the recording of our December 2020 meeting to the RISE YouTube channel. Check it out and share with your colleagues!

5 Years of RISE

November 28, 2020 / roanokeinfosec

This November marks 5 years of Roanoke InfoSec Exchange. What started as a simple idea for a free, informal group discussing InfoSec topics has managed to stay alive and continue to draw interest 5 years later. Looking back, this isn’t a trivial feat. One of, if not the, core principles of RISE is maximum inclusion of attendees in the area. Whether you are a seasoned professional, a student, in another career and looking for a change, or just an enthusiast – we want you to attend and benefit from RISE. “Exchange” means the exchange of knowledge for the improvement of our community and profession. We try to stay true to this principle by keeping meetings informal and free from “sales pitches”. When you come to a RISE meeting you should feel you’re getting honest information and free exchange of ideas.

This couldn’t happen without you. Your attendance, enthusiasm, and participation enables RISE to continue. If you are a RISE “elder”, we thank you for your continued participation in the group. If you are relatively new – welcome! We thank you for joining us and helping continue the spirit of InfoSec Exchange.

With your support we hope to continue bringing the community together for time to come. Thank you for your support to RISE and the local InfoSec community!

-Rob Garbee, Nate Sykes, & Ed Summers

December – Burp Suite, Part 2, Pro Edition

November 24, 2020November 24, 2020 / roanokeinfosec

For December we have asked that Logan Diomedi return and give us an in-depth dive into Burp Suite. As you may remember Logan gave us a quick overview of Burp Suite back in February and many of you requested more so here it is.

Logan Diomedi and Burp Suite, Part 2, Pro Edition

Burp Suite is one of the many free tools available in Kali Linux. Burp Suite allows anyone to test and verify their web applications using various techniques from initial mapping and analysis of an application’s attack surface, to finding and exploiting security vulnerabilities. In this meeting Logan will show us how he uses Burp Suite in his “Red Teaming” pen tests and how you can use the tool to test your own websites.

December 10th @ 5:30pm; This will be a virtual meeting

Logan’s Bio

Logan Diomedi is a 24-year-old Roanoke native and has been in the Information Security world since his early teens. He currently works as a penetration tester for an offensive information-security firm known as Depth Security, where he performs network, application-based, social engineering, and physical penetration testing. Logan is a Capture-the-Flag & HackTheBox regular, and regularly performs infosec-related research in his spare time. Logan has been a RISE attendee for almost 2 years now and has a passion to bring knowledge and resources to the greater Roanoke information security community.

RISE – Roanoke InfoSec Exchange

The premier InfoSec group in the Roanoke, VA region!