Collection of timely and relevant presentations to address Cyber Security Trends

8 CPE, 4 Sessions

Session 1: Complex Adaptive Systems: How real life interactions translate into loosely coupled systems design Presenter: Michael Adsitt, VP at Duff & Phelps

Session 2: Security Panel: Building and Navigating a Career in Information Security, Privacy and Compliance disciplines Presenters: Jayashree Srinivasan, Oregon Dept. of Revenue; Jeremy Lyon, ODS; Madeline Zamoyski, New Relic; Paul Speed, Columbia Sportswear

Session 3: GDPR Compliance: Preparing an Approach Presenter: Madeline Zamoyski, Product & Privacy Attorney, New Relic

Session 4: DOX’ing Yourself: How Hackers Find Personal Information about You Presenter: Paul Speed, Information Security Engineer, Columbia Sportswear

PRICING: Earlybird: Through 10/27/17 ISACA Members: $75 Non-Members: $125

After: 10/27/17 ISACA Members: $100 Non-Members: $150

ISACA Luncheon Event: Security Container Adoption in Enterprise Environments

Across the world, organizations are using containerization technologies such as Docker and Kubernetes as a security boundary without a strong understanding of the underlying design. These technologies are often misconfigured, which can provide attackers with a means to gain a foothold within an organization, elevate privileges, or spread laterally throughout a modern enterprise network. During this presentation, we will analyze common use cases for a containerization environment and demonstrate tools these technologies provide to protect the host from an attacker within the container. We will discuss in detail the common threats facing these environments, as well as technical and administrative controls to detect and protect against attacks on containerization infrastructure.

Speaker: Lucas Rosvar, NCC Group Lucas Rosevear has been a Security Consultant at NCC Group since September, 2015, working from NCC's Seattle, WA office. Through projects at NCC Group, Lucas has performed a range of testing, including: - Network Penetration Testing - Web Application Penetration Testing - Blackbox and Config-assisted Container Reviews - AWS Config Reviews

Prior to NCC Group, Lucas became an OSCP and a member of the Phi Theta Kappa Honor Society.

Cost: ISACA Members: $25.00 Guests and Non-Members: $30.00

We expect this event to sell out. Attendance will be limited to the first 70 registrations. Do not delay, and register today!

Spring Training

Day 1:

1) Keynote: Blockchain: More that Cryptocurrency: Michael Reed (Intel)

Presentation on the origin of blockchain technologies and its evolution to a key technology in pursuit of increased efficiencies and new business models. Is your enterprise ready for blockchain?

2) Micro Segmentation and Cloud-A blueprint for protecting your golden egg: Tyler Hardison (RedHawk Security) (EVENT SPONSOR)

3) Benefiting from PCI – Even if Compliance is Not Required: Bowe Hoy (Sword&Shield) and Mike Griffin (Circle K Stores, Inc.)

The Payment Card Industry Data Security Standard (PCI DSS) can be beneficial to your organization, even if compliance to it is not a requirement. PCI DSS features a number of valuable guidelines to help your organization improve its security posture, technology auditing, and business operations. This session will help you understand the key components of PCI DSS and how your organization can benefit from implementing it. You will receive practical lessons through case studies about organizations that have successfully implemented PCI DSS. Whether these organizations were required to comply with PCI DSS, or chose to adopt it – they became a better organization because of it. And you can learn how to do the same for your organization.

4) Certificate Security and Frameworks for a Public CA: Derek Thomas and Scott Perry

As the ubiquity of on-line shopping continues to amplify our digital environment, ensuring a trusted on-line transaction becomes critical to building the brand loyalty and experience once relished within the physical brick and mortar retailer. The ability to ensure a trusted and secure transaction is not new, however the scrutiny placed on that trust is at an all time high with significant changes in the issuing community and the scrutiny ensuing from the browser community for secure and reliable trusted certificates.

In this presentation, Scott Perry, Partner and Derek Thomas, Managing Director, of Scott Perry CPA, one of six licensed CPA firms performing Certificate Authority audits, will discuss the changing landscape of on-line transactional trust and the requirements of Certificate Authorities. The presentation will include a discussion and overview of an established but less known framework for evaluating and auditing the performance of Certificate Authority practices and considerations applied to evaluating the security of your on-line transactions.

Day 2: 5 Sessions: Various Presenters

5) Current Economics of Cyber: David Hobbs: Radware

Often we discuss the changing threat landscape from a pure technical or vulnerability picture, however this does an injustice to element of ease, cost and access to attacks. This presentation will provide attendees with an up-to-date picture of the rapidly changing landscape of attack tools and services, the buying criteria and locations for these the tools and ease of use. In addition, the presentation will provide an understanding of how the combination of the proliferation of these tools and their corresponding use has dramatically changed the dynamics of the return on defense strategies. This presentation will provide unique insight into the world of the Darknet, specific customer attack stories, new economic models of measuring security deployments and a refreshed look at how controls should be deployed going forward.

6) Cyber War Chronicles - Stories From the Virtual Trenches (ERT Report 2017): David Hobbs: Radware

From information shared by over 1250 companies on their top concerns, we talk about what happened in 2017 and predict the top trends of 2018 in cyber security. The first half of 2017 saw a continuation of some cyber-security threats, as well as the emergence of some attack types and trends. Ransom attacks, political hacks, and new dynamics around the accessibility and capability of attack tools have added even more challenges to security. This session will explore some of the latest evolutions of the threat landscape, through a combination of market intelligence, real-world case studies, and direct insights from those on the front lines of cyber-security.

7) OWASP Updated Top10: Alex Ivkin (ISACA Board)

 A detailed technical review of the OWASP top 10.

8) The Value of Cyber Certifications: Alex Ivkin (ISACA Board)

9) Fraud Audit in a Digital Environment: Sarah Dalton: E&Y

CPE: 14 CPE

Cost:

Regular Pricing: On or After 4/20/18:

ISACA or IIA Member: $185

Non-Member: $225

We hope to see you there!

We are REALLY excited about this upcoming program year and would like to kick-off the season with our annual mixer.

Come learn about our 2018-2019 Program Year, our new Academic Outreach Program, and network with other IT, Security and Audit professionals in our area and enjoy a cold beverage.

Once again there will be an array of appetizers and a full hosted bar.

Networking activities, information about certifications and select door prizes will be part of the evening events.

Please take this opportunity to bring along a guest and showcase the value of ISACA membership and Certifications.

COST: The event is FREE, however, parking is not covered.