September 26, 2018 General Meeting
Speaker: Conrad Fernandes – Johns Hopkins – Applied Physics Laboratory (APL)
Conrad Fernandes is a long time cyber security engineer and architect, with various security certifications (CISSP, GIAC FA, Certified AWS Solutions Architect and Security Specialist, among others) and has worked extensively with US Defense agencies and the DoD since the early 2000’s while at Booz Allen Hamilton. Conrad currently serves as a senior cyber security engineer at the Johns Hopkins Applied Physics Laboratory (APL), where he leads security and governance practices on emerging cloud technologies, including commercial and US GovCloud (e.g., Amazon web services) and Hadoop-based data science platforms from Cloudera and Hortonworks. Conrad recently presented strategies for “Incident Response and Spillage Handling in AWS” at Amazon’s Public Sector Summit and re:Invent Conference. Additionally, Conrad has been researching and implementing security and audit logging and monitoring strategies on data science platforms at Johns Hopkins Medical Institute (JHMI) that utilize various emerging services from Hortonworks Data Platform (HDP) distributions and the collection and correlation of security audit events via Splunk. Conrad also enjoys sharing security best-practices and lessons-learned from the experiences with the larger cloud and big-data communities.
Topic: AWS Security: Central Logging Techniques for Multiple Accounts, and Automating via Cloud Formation Templates
Logging of essential Amazon services, such as Cloudtrail and VPC flow logs, is essential for security and compliance and governance, whether HIPAA, FISMA, PCI and several other regulatory bodies. In this session we will go over the key concepts in detail — such as setting up a central account for managing and retaining log events, by any number of governed (source) accounts; and the setup for the source accounts to send their respective logs to the centrally managed account. Since working with multiple accounts can become an issue with scaling and consistency and human errors if the setup was done manually, we will go over better methods using cloud formation templates that help tremendously in that regard by automating the setup! Last but not least, we will also cover best practices – including codifying in the templates – that will account for any type of Amazon unclassified account – which includes the commercial regions as well as the GovCloud (US) regions.
CISSP Study Group
ISSA Central Maryland is pleased to announce the opening of registration for our Fall 2018 session of the CISSP Study Group. As you may know, we conduct these study groups twice a year (Spring and Fall) in order to provide access to high-quality, low-priced resources to further the Information Security profession, and help our community members meet the compliance requirements outlined in DoD 8570.01. At just $450.00 our study group sessions are highly affordable even for those who are not reimbursed for educational expenses.
Dates: Tuesday nights beginning September 4, 2018 through December 11, 2018 (14 nights)
Time: 5:00 – 8:00 P.M.
Where: UMBC Training Center, 6996 Columbia Gateway Drive,Columbia, MD
Discounts available for employees of chapter sponsors.
The registration fee includes attendance at the study group, copies of the presentations, other materials, and dinner! NOT INCLUDED are the cost of the textbook and the CISSP exam.
Reasons you should join our study group:
- Great instructors. Many of our instructors were pioneers in the information security field and personally worked with some of the people we read about in our textbook
- Low cost. Much more economical than most Boot Camps or even other comparable study groups.
- Group dynamics of a live, instructor-led study group
- Time for things to sink in. This is not a one-week boot camp. We want you to learn, not cram.
- It’s a night you don’t have to cook! We typically bring in pizza, Subway, Uno’s, Jimmy John’s, and such, so you don’t have to eat before or after you get here.
- Hang out with other smart people. J Meet and make friends with other people who are serious about advancing their careers. Enjoy intelligent conversation on topics of interest to you.
- Meet new people working in your industry. Network for recruiting or collaborative purposes.
- Earn CPEs. Already have another certification? This will likely count toward CPEs for existing certs.
- Structure. A physical class imposes a little external discipline to your study schedule. A little peer pressure to keep up with the group can be a good thing. Some people want to go at a slower pace, but most of us need a little push.
- Chapter Membership: Join ISSA within three months of class completion and the Chapter will refund the local chapter dues.
To join the ISSA Central Maryland chapter, visit:
ISSA International Home Page: www.ISSA.org
Additional information, contact:
Vice President of Education
Chuck Dickert, CISSP, CISA, CISM, CAPM\
Congratulations to the ISSA Central Maryland Chapter for being selected as the
2017 Mid-Size Chapter of the Year