Cybersecurity 2013 – Security Management Strategies
Join us for our featured Fall program “Cybersecurity 2013 – Security Management Strategies,” taking place next Thursday in Washington, DC.
This complimentary*, half-day seminar will cover strategies for protecting your agency’s networks, data centers, and end users from malicious attacks and will reveal insights into current programs designed to equip Federal IT and security professionals with practical information for use in GFY 2013. See the program below:
| Opening Keynote Continuous Monitoring 2.0 – From Mobile to Cloud Computing Dr. Ron Ross, Computer Scientist and NIST Fellow, Computer Security Division, National Institute of Standards and Technology, Department of Commerce |
| Focus on Mobile Security – Understand the Threat EnvironmentScott Montgomery, Vice President, Public Sector Solutions, McAfee |
| Creating a Roadmap for Cybersecurity Risk Reduction Steve LeSueur [Moderator],Contributing Editor, 1105 Government Information Group Dave Cook, i2 Business Development Manager, IBM Lee Vorthman, CISSP Cyber Practice Lead, U.S. Public Sector, NetApp |
| Managing Cybersecurity — Take a Proactive ApproachSteve LeSueur [Moderator]
, Contributing Editor, 1105 Government Information Group |
| Closing Keynote We Are Anonymous — Perspectives on Global Cyber Insurgency and the Future of Computer SecurityParmy Olson, London Bureau Chief, Forbes and author of We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency |
Register today – this event is FREE* for government and military personnel.
*Industry attendee registration fee $50. Government registration status will be verified by email address or photo identification.
*Attendance at an FCW Executive Briefing may qualify for CompTIA Continuing Education Units. Please visit CompTIA’s Continuing Education Program here for more information:
http://certification.comptia.
The SecurityOrb Show Dec. 12, 2012
[soundcloud url=”http://api.soundcloud.com/tracks/70971153″ params=”” width=” 100%” height=”166″ iframe=”true” /]
The SecurityOrb Show airs on Wednesdays at 10am EST. Today we had security practitioner Ron McCellen discuss the latest security threats organizations are facing and his outlook for 2013. Also, we also cover the December 2012 Microsoft patch Tuesday information and healthcare facility having to pay a ransom to keep it data from leaking out.
SANS Security East 2013, New Orleans, January 16-23 – Receive $150 off your registration with discount code SecOrb_150
SANS Security East 2013 is fast approaching on January 16-23. Start the year off right and choose from eleven outstanding, cutting-edge courses presented by top-rated instructors. Now is the time to improve your information security skills in the Big Easy and laissez les bons temps rouler!
For further details please visit: http://www.sans.org/info/118152
The following courses will be taught at SANS Security East 2013 to bring you the finest in security training!
– Security 401: SANS Security Essentials Bootcamp Style
with Eric Cole, Ph.D.
– Security 503: Intrusion Detection In-Depth with Mike Poor
– Security 504: Hacker Techniques, Exploits & Incident Handling with Bryce Galbraith
– SEC542: Web App Penetration Testing and Ethical Hacking with Seth Misenar
– Security 560: Network Penetration Testing and Ethical Hacking with Ed Skoudis
– Security 575: Mobile Device Security and Ethical Hacking with Joshua Wright
– Security 579: Virtualization and Private Cloud Security with Dave Shackleford
– FOR408: Computer Forensic Investigations – Windows In-Depth with Rob Lee
– Management 414: SANS(r) +S(tm) Training Program for the CISSP(r) Certification Exam with Paul A. Henry
– Management 512: SANS Security Leadership Essentials for Managers with Knowledge Compression(tm) with Stephen Northcutt
January 22-23 [2-day skills-based course]:
– SEC524: Cloud Security Fundamentals with Dave Shackleford
Register today for SANS Security East 2013 at http://www.sans.org/info/118152
(***Receive $150 off your registration with discount code SecOrb_150 ***)
The SecurityOrb Show – Dec. 5, 2012
[soundcloud url=”http://api.soundcloud.com/tracks/70106862″ params=”?” width=” 100%” height=”166″ iframe=”false” /]
The Muro Group International, a US based company with offices in Cali and Bogota, is proud to organize Latin America’s premier information security event, Security Zone 2012 December 3 through December 7, 2012. Bringing together the world’s top security experts, academics, and technology companies to present their new tricks of the trade and have fun in the sunny and beautiful city of Cali, Colombia.
Security Zone will be offering a wealth of presentations on all of the most critical issues in the security field right now. You’ll have the opportunity to speak with these experts directly, ask questions, and learn how to better protect your company from security threats.
The cost to attend this year’s event is $300 USD. You can pay via Paypal or wire transfer. Don’t miss this opportunity to learn and have a great time in South America.
Alex Hutton
Alex Hutton is a big fan of trying to understand security and risk through metrics and models.
Currently, Alex Hutton is a Director of Operational Risk Management for a financial institution in the United States. Included in his responsibilities are both information risk management and vendor management. In his past life he worked for the Verizon Business RISK Team. The Verizon RISK Team builds and hones the risk models for Cybertrust services, produces the Verizon Data Breach Investigation, the Verizon’s PCI Compliance report, and is responsible for the VERIS data collection and analysis efforts.
Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject. Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security Forum.
Alex is a founding member of the Society of Information Risk Analysts (http://societyinforisk.org/), and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog (http://www.newschoolsecurity.com). Some of his earlier thoughts on risk can be found at the Riskanalys.is blog (http://www.riskanalys.is).
Alex Hutton (USA) – @alexhutton – The Modern Approach to Risk Management and Fishing For Risk
The current way we approach and try to understand risk is not just fundamentally flawed, it is now failing the organizations we serve. A groundswell for alternatives has been brewing for a while, with Operational Risk Managers trying to develop a more “modern” approach based on evidence and predictive analytics. What’s missing is an approach that speaks to what is perhaps the most important part of Operational Risk – Information Security.
This talk will discuss what a “modern” approach to Information Risk might be, how we can get there, and then also serves as a brief workshop/instructional talk around using the “RiskFish” tool to identify risk factors.
December 6, 2012 – Briefings Day 1 17:30 – 18:30 (5:30pm)
Martin Fisher
Martin Fisher is the Director of Information Security for a large integrated healthcare provider in the Atlanta, Georgia area. He has over 20 years of information technology experience with the last 6 years being focused in the information security arena. He also hosts the “Southern Fried Security Podcast” which focuses on trends, news, and leadership within the information security community. He has spoken at conferences hosted by the Centers for Disease Control and Prevention, the ISSA National Conference, and Security B-Sides on a wide variety of topics ranging from Incident Response to Career Development.
You can contact Martin through his podcast website (www.southernfriedsecurity.com) or as @armorguy on Twitter.
Martin Fisher (USA) – @armorguy – The New Defense In Depth (Bringing The Sexy Back To The Blue Team)
Defense in Depth is as old as information security. The problem is that the way we have used it in the past doesn’t work in age of rampant 0-day, “APTs”, and IT’s inability to keep up with the patch cycles on software.
We’re going to discuss how to re-think Defense In Depth to make it useful and effective in almost any environment. We’re going to focus on ideas and concepts that you can implement on *your* network with special attention to open-source and low-cost alternatives to the high-cost/low-capability products and services that some providers market.
December 6, 2012 – Briefings Day 1 15:00 – 16:00 (3pm)
SecurityZone 2012 Workshops
Joe McCray – Cyberwar: Emulating Advanced Persistent Threat In Penetration Tests
Google, Sony, Lockheed Martin, several large financial institutions, several large oil companies, the stock market, and countless other large organizations have all targeted and systematically compromised by hackers commonly referred to as Advanced Persistent Threat (APT). These hackers, use an attack methodology focused on stealth, data collection, and persistence.
Carlos Perez – Introduction to PowerShell for Security Professionals
One of the biggest challenges for many IT Security Professionals is having enough time and resources to get their job done and work with large numbers of hosts and data to get their job done. PowerShell is becoming one of the best ways to automate tasks and interact with Windows systems from security professionals securing systems, doing incident response and for penetration tester performing post exploitation or attacks against systems.
Marc “Van Hauser” Heuse – Pentesting IPv6
This workshop shows you how to perform penetration testing on IPv6 networks locally and remote – in theory and hands-on. It is the only workshop which supplies you with the necessary tools – especially for remote tests – which are nowhere else available.
Dave Kennedy – Inside and Out of THE SOCIAL-ENGINEER TOOLKIT (SET)
The Social-Engineer Toolkit is an open-source standard for penetration testers to test the effectiveness of their overall education and awareness programs. SET is designed to couple sophisticated and targeted attacks and leverage the human element to make an extremely large attack. SET has been featured on BBC, the History channel, and a number of other media outlets and used by penetration testers across the world. This course will cover how to leverage sophisticated attack vectors using the social-engineer toolkit and how to customize it during a penetration test.
Go to the SecurityZone website for full information on the event.
The SecurityOrb Show – Nov. 14, 2012
Today on The SecurityOrb Show, we spoke about the differences between security vulnerability assessment, pent-testing and security audits and the skill-set to implement them. We also discuss a little bit about continuous and automated security as well as Windows 8 first security update 2-weeks after its officially release.
