Northeast Ohio Information Security Forum

—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING
—< Wednesday December 16, 2015
—< 6:30 PM – 8:00 PM
—< Pizza and social start 6:00 PM
—< Location: OEC at 4205 Highlander Pkwy Richfield, OH 44286
—< Open to everyone and free as always

The Northeast Ohio Information Security Forum will hold our monthly meeting at the above date and time.

Agenda:

Gamify Security Awareness pt2
by Mike Woolard from OEConnection

Last month we covered how the idea for the Hack.Jam event we put together came about, all the events we ran, and some of the results of those events.  Part 2 will look at why I think the whole concept worked and the detail of the applications and games we used and how we ran the training.  We will take a look at various tools used including OWASP ZAP, Security Shepherd, bWapps and Webgoat.

Mike’s bio:
Mike is a security analyst who has worked in the IT field for 16+ years.  14 of those years were spent in various IT roles including SysAdmin, SysEngineer, DBA, and NetEngineer.  That experience has helped him in his current role, where Michael plays an integral part in all areas of the organization to help secure the processes and procedures.  Michael manages risk assessments and pentests of the various web applications OEC builds, and leads the security awareness & education program where he designed many workshops and puts on many events.  Mike has worked towards various certifications including the CISSP and CEH and is a contributing member of many local security organizations including Infragard, NEOISF, Clevesec and the Information Security Summit.

Ansible – Getting in over our heads
by Charles Yost from Binary Defense

A 45 minute deep dive into Ansible. The inner workings, all the possiblities, and how to really get into some trouble with it. Jam-packed with examples, this talk is intended to be a living cookbook/cheatsheet for when Ansible has you over a barrel, or it’s your turn in one.

Don’t forget to come early, starting at 6:00 PM, for food and soda.

Another great meeting from NEO Info Sec Forum – we hope to see you there!

– NEOISF Board –

—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING
—< Wednesday November 18, 2015
—< 6:30 PM – 8:00 PM
—< Pizza and social start 6:00 PM
—< Location: OEC at 4205 Highlander Pkwy Richfield, OH 44286
—< Open to everyone and free as always

The Northeast Ohio Information Security Forum will hold our monthly meeting at the above date and time.

Agenda:

Gamify Security Awareness
by Mike Woolard from OEConnection

October was Cyber Security Awareness Month, and instead of the run of the mill policy and paperwork signoff, we decided to train and spread the word in a more effective way, by making a game of it.  OEC held various training sessions and security games/events throughout the month culminating in a grand event centered around a CTF competition, sponsored by OEC & SecureState, that involved everything the employees learned throughout the month.  We were able to draw interest from all sides of the house – tech, non-tech, & executives and did it all without it being mandatory.  This talk will cover what was done, how we did it, what worked, what didn’t and what

Mike’s bio:
Mike is a security analyst who has worked in the IT field for 16+ years.  14 of those years were spent in various IT roles including SysAdmin, SysEngineer, DBA, and NetEngineer.  That experience has helped him in his current role, where Michael plays an integral part in all areas of the organization to help secure the processes and procedures.  Michael manages risk assessments and pentests of the various web applications OEC builds, and leads the security awareness & education program where he designed many workshops and puts on many events.  Mike has worked towards various certifications including the CISSP and CEH and is a contributing member of many local security organizations including Infragard, NEOISF, Clevesec and the Information Security Summit.

David Kennedy (@hackingdave) is founder and principal security consultant of TrustedSec – An information security consulting firm located in Cleveland Ohio. David was the former Chief Security Officer (CSO) for a Fortune 1000 where he ran the entire information security program. Kennedy is a co-author of the book “Metasploit: The Penetration Testers Guide,” the creator of the Social-Engineer Toolkit (SET), and Artillery. Kennedy has presented on a number of occasions at Black Hat, Defcon, DerbyCon, ShmooCon, BSIDES, Infosec World, Notacon, AIDE, ISACA, ISSA, RSA, Infragard, Infosec Summit, Hack3rCon and a number of other security-related conferences. Kennedy has been interviewed by several news organizations including CNN, The Katie Couric Show, CNBC, Fox News, Fox Business, Bloomberg, Huffington Post, Neil Cavuto, Special Report with Bret Baier, On the Wirte with Greta, Chris Wallace, and BBC World News. Kennedy was formally on the Back|Track development team and Exploit-DB team and co-host of the Social-Engineer.org podcast. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.

Don’t forget to come early, starting at 6:00 PM, for food and soda.

Another great meeting from NEO Info Sec Forum – we hope to see you there!

– NEOISF Board –

—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING
—< Wednesday October 21, 2015
—< 6:30 PM – 8:00 PM
—< Pizza and social start 6:00 PM
—< Location: OEC at 4205 Highlander Pkwy Richfield, OH 44286
—< Open to everyone and free as always

The Northeast Ohio Information Security Forum will hold our monthly meeting at the above date and time.

Agenda:

InfoSec uses Hardening…It’s super effective!
by Alex Kot

Understanding the concept of Hardening is easy.  Though you can spend a lot of time figuring out how to do it correctly.  There are various tools and best practices to help you out.  A lot of it is common sense, though people easily overlook system hardening.  I will give examples on both Windows and Linux systems.

Alex’s, BIO:
Currently works at a Credit Union and has been in information technology for about 10 years.  He is fond of modifying embedded devices, low level concepts, and weird science.

From zero to fail
by Amanda Berlin from Hurricane Labs

The long version of her DEFCON 23 talk, Amanda will be talking about information security fails in a variety of industries including healthcare, education, and ISPs. From surprise viruses, bad cabling, water spouts, and fun with bringing enterprise firewalls to their knees.

Amanda’s, BIO:
Amanda Berlin is currently a Network Security Engineer at Hurricane Labs. She has been working in the IT industry for around 10 years and has worked in both public and private sector as well as spending a decent time in healthcare. She managed the internal phishing campaign at a medium size healthcare facility to promote user education about phishing and hacking through an awards based reporting program. She is a lead organizer for CircleCityCon, volunteers at many other conferences, and enjoys writing and teaching others. Amanda lives at home with her three boys and “Rabbit” the cat.

Don’t forget to come early, starting at 6:00 PM, for pizza and pop.

Another great meeting from NEO Info Sec Forum – we hope to see you there!

– NEOISF Board –

—< NORTHEAST OHIO INFORMATION SECURITY FORUM MEETING
—< Wednesday September 16, 2015
—< 6:30 PM – 8:00 PM
—< Pizza and social start 6:00 PM
—< Location: OEC at 4205 Highlander Pkwy Richfield, OH 44286
—< Open to everyone and free as always

The Northeast Ohio Information Security Forum will hold our monthly meeting at the above date and time.

Agenda:

Running a Threat Based Vulnerability Management Program
by Ryan Whalen from Tenable Network Security

Security organizations have no problem finding vulnerabilities on enterprise networks – the volume of security data is constantly growing. The greater challenge is sifting through this data to determine which of these vulnerabilities pose the greatest risk to the business and prioritizing remediation efforts. Using available threat data and performing attack path analysis enables a strategic, threat-based approach to vulnerability management and remediation.

Ryan’s, BIO:
Ryan is a Sales Engineer at Tenable Network Security, where he works with customers on leveraging Tenable’s products to improve their security programs.  Ryan has worked in the IT security industry for over 10 years and has assisted many enterprises in improving their vulnerability management programs.  Prior to joining Tenable, Ryan was an IT risk manager at Nationwide Insurance and a principal security consultant at Jacadis (www.jacadis.com).

Another great meeting from NEO Info Sec Forum – we hope to see you there!

– NEOISF Board –