Topic: Simulating Adversary Tradecraft with Atomic Red Team and the Red Canary Threat Detection Report We plan to discuss two important resources that leading teams are using to improve their security: 2020 Threat Detection Report: Red Canary’s annual in-depth analysis … Continued
Topic: Reducing The Risk of Unapproved and Rogue Devices Sepio delivers a Hardware Access Control (HAC) platform that reduces the risk of unapproved and rogue devices by providing complete visibility, control, and mitigation of all hardware assets. Sepio’s hardware fingerprinting, … Continued
Chapter Business Meeting Slides: 2020-12-16 Membership Meeting Speaker Slides: Least Privilege with PowerShell JEA Topic: PowerShell JEA PowerShell JEA allows us Systems Administrators to empower our fellow admins, developers, and security personal to accomplish what they need to on our … Continued
Topic: Roles of Artificial Intelligence and Deep Learning in Detecting Data Exfiltration Essential Internet services are vital for many aspects of modern living, yet those services remain valuable to threat actors who use them for network intrusions and data exfiltration. Dr. … Continued
Topic: Lessons Learned from 30 Years of Security Awareness Efforts Organisations acknowledge that employees are often the weakest link, yet efforts to improve ‘user awareness’ tend to rely upon available tools and not true experience. Drawing on three decades of … Continued
Topic: A Study on Drone Forensics Framework As consumer unmanned aircraft systems (UAS) or drones are used more commonly in public areas, an approach for a drone forensics framework is needed to guide forensics investigators in analyzing recovered drones that … Continued
The $80 million fine issued to Capital One for its 2019 data breach has put a spotlight on data security in the cloud. Banks can protect themselves by making sure open-source software is updated, more tightly restricting data permissions and … Continued
Chapter Business Meeting Slides: 2020-08-26 Membership Meeting Speaker Slides: Dell Security Operations 2.0 Transformation Topic: Security Operations 2.0 With Dell Technologies being looked at as a key innovator is response to the rapidly changing workforce, Bob will layout a vision of what the next-gen … Continued
The unprecedented COVID-19 has caused a major shutdown of economy. But the purpose of this article is discussing how to minimize downside risks, while maximizing upside opportunities? How do we rethink: (1) helping our clients? our memberships? (2) learning and … Continued
July 22 @ 5:00 pm – 7:30 pm Chapter Business Meeting Slides: Membership Meeting 7/22/2020 Speaker Slides: MSSP Market Overview Topic: Managed Security Services An overview of the Managed Security Services market including: Definition of MSS Categorization of MSS market segments and the pros and … Continued
Chapter Business Meeting Slides: Meeting Slides 6/24/2020 Speaker Slides: TBD Topic: Cybersecurity Maturity Model Certification (CMMC) – A New, Required DoD Cybersecurity Standard On January 31, 2020, the DoD published a new cybersecurity standard which will be required beginning in … Continued
Chapter Business Meeting Slides: 2020-05-27 Meeting Presentation Meeting Sponsor Slides: Semperis AD Recovery and Protection – 2020-05-27 Speaker Slides: Bricata SOAR Presentation – Carl Bolterstein 2020-05-27 Presentation Title: SOARing into Netsec Traditional methods of security event management create a constant struggle to … Continued
Topic: DevSecOps: Integrating and Maturing a Security Culture Cybersecurity professionals have a robust suite of tools and methodologies for assessing risk to operating systems, firewalls, and other components but have limited resources to review webapps. As demonstrated by the Equifax … Continued
Chapter Business Meeting Slides: 2020-02-26 Meeting Slides Speaker Slides: Business Email Compromise (BEC) Topic: Business Email Compromise: More Sophistication, More Problems Business Email Compromise (BEC) is a major threat vector for the private sector. These attacks usually begin with a spear-phishing attempt, … Continued
Chapter Business Meeting Slides: 2020-01-22-Meeting-Presentation.pdf Speaker Slides: The Next Gen of Vulnerability Management Topic: The Next Gen of Vulnerability Management Traditionally, Vulnerability Management has become entrenched in the CVSS scoring system which itself, has undergone some revision to more appropriately address … Continued
Topic: Risk Mitigation Strategies for Cybersecurity Service Providers Everyone is talking about “vendor risk” and “vendor management” on the client side, but who’s looking out for the risks that your cybersecurity product or service company faces when helping those same … Continued
Topic: Threat Informed Defense with MITRE ATT&CK™ Chapter Business Meeting Slides: 2019-11-20-Meeting-Presentation.pdf The MITRE ATT&CK framework has become a widely used knowledge base and model for real cyber adversary behavior. In use across governments, private sector, and security solutions providers, ATT&CK … Continued
Chapter Business Meeting Slides: 2019-10-16-Meeting-Presentation.pdf Speaker Presentation: ISSA Central MD is hosting an event at the National Electronic Museum to celebrate National Cybersecurity Month. Topic: Taking a holistic approach to an insider threat program This presentation will provide insider threat mitigation … Continued
Chapter Business Meeting Slides: 2019-10-08-Meeting-Presentation.pdf Topic: A Security Walkthrough of IAM in Light of Data Breaches in the Cloud Identity has become the new perimeter in the world of api-driven infrastructures (cloud computing). Understanding the challenges and complexity of least … Continued
Chapter Business Meeting Slides: 2019-09-25-Meeting-Presentation.pdf Speaker Presentation: .govCAR: Threat Based Cyber Capability Review The Cybersecurity and Infrastructure Security Agency (CISA) developed the .govCAR methodology to take a threat-based approach to cybersecurity risk management. .govCAR represents an evolution in managing cybersecurity … Continued
Chapter Business Meeting Slides: 2019-08-28-Meeting-Presentation.pdf Speaker Presentation: Failing-at-Cybersecurity.pdf Topic: Fail Secure: 20 Ways to Undermine Your Security Program There’s policy, and then there’s reality. All too often, security teams find their efforts overridden or bypassed. Here’s some unconventional wisdom and tips … Continued
Chapter Business Meeting Slides: 2019-07-24-Meeting-Presentation.pdf Speaker Presentation: Attackers-Prey-on-Uncertainty_ISSA-Central-MD.pdf Topic: Attackers Prey on Uncertainty: How to Fail at Threat Detection It takes a lot of visibility and context to detect and respond to sophisticated threats. Attackers usually target data, where enterprises have … Continued
Membership Meeting June 26, 2019 Chapter Business Meeting Slides: 2019-06-26-Meeting-Presentation Speaker Presentation: Crafting A DLP Program Topic: Data Loss Prevention Essentials A how-to primer on overcoming organizational challenges to implement a successful Data Loss Prevention program. Advances in technology have prompted … Continued
Topic: RMF 2.0 for non-Federal Users Membership Meeting Slides: 2019-05-22 Meeting Presentation Speaker Presentation: Risk Management for non-Federal Users Learning objectives 1) Understanding of the NIST Risk Management Framework 2) Briefing on the updates to Revision 2.0 of NIST 800-37 3) … Continued
Membership Meeting: 04/24/2019 Speaker Presentation: Intro to Cyber Insurance Topic: Intro to Cyber Insurance Cyber risk management is something that continues to evolve with the threat landscape as well as innovations in processes and technology. One of these new innovations … Continued
Chapter Business Meeting Slides: 2019-03-27-Meeting-Presentation Topic: An Update on Deep Content Inspection and DLP for Government Deep Content Inspection! OK right, but what is Deep Content Inspection? Is it the ability to work in highly regulated federal agencies? Is it … Continued
Meeting Presentation: 2019-02-27 Meeting Presentation Speaker Presentation: Hacking Social Media – ZeroFOX Social Media Protection For Dummies: Download free book, click HERE. Topic: What is Social Media Security? Social media security is the process of analyzing dynamic social media data in order to … Continued
Meeting Presentation: 2019-01-23 Meeting Presentation Speaker Presentation: What is Cyber Threat Intelligence? John Stoner and Ronnie Obenhaus will present on how gathering threat intelligence data is necessary to combat various threat actors from nation states. Threat intelligence solutions gather raw data … Continued
ISSA Central MD Chapter Meeting Presentation: 2018-12-19-Meeting-Presentation.pdf Speaker Presentation: Human Securty Officer Topic: Creating a Human Security Officer While everyone acknowledges that users are the top security vulnerability, they rely upon awareness to solve the problem, despite the fact that awareness is … Continued
Business Meeting Slides: 2018-10-24-Meeting-Presentation.pdf Speaker: Colton McQue, Zscaler Topic: No Network Needed?!?! It seems every day, we are bombarded with news of yet another breach and our personal information being traded and sold on the dark web/Internet. We lose sleep wondering … Continued
October 24, 2018 General Meeting General Meeting Slides: 2018-10-24-Meeting-Presentation.pdf Speaker Presentation: The devil is in the details Speaker: Greg Schwartzkopf, Fortinet Greg Schwartzkopf is a Sr. Systems Engineering Director at Fortinet, Inc. with 22 years active in cybersecurity. As a reformed hacker, … Continued
My very first post! So, here it is. My first Blog entry. Welcome, pioneer – I’ll try not to let you down too badly. Who am I, and why should you read what I have to say? The truth is, … Continued
Speaker: Chris Hauser, Senior Security Engineer, Imperva Chris Hauser is a Senior Security Engineer with Imperva. He has twenty years of experience creating, delivering, and advising customers on how to manage and secure their information. He has worked for SAIC, EMC, … Continued
Speaker: Bob Nicholson, Business Development, Federal Civilian & Cyber Security, Dell Federal Bob Nicholson is currently a Business Development Manager for the Dell Federal team with a concentration in Cyber Security. Prior to that Bob spent 15 years as a security … Continued
Speaker: Dawn M. Greenman, Acting Program Manager Cybersecurity, JHU/APL Dawn has over 20 years of IT, project and program management experience with the last 4 years focused on Cybersecurity. Dawn is currently tasked with compliance activities to meet new DFARS Cybersecurity … Continued
Meeting / Networking Event at Jailbreak Brewing Company, Speaker Steve Mosley, LogRhythm – They will get in. The Modern Cyber Threat Pandemic
November meeting – Nick Keller, Invincea – Advanced Endpoint Protection Download the Presentation
Brett Miller – Amazon World Wide Public Sector Professional Services – Simplifying Security Compliance with Cloud Reference Implementations Download the Presentation
Joint meeting with MD IMMA / Infragard – Richard H L Marshall, Esq, Secure Exchange Technology Innovations
Claude L. Williams, Phoenix TS – The Business of Business Continuity Download the Presentation
Rhonda Ferrell, Booz Allen Hamilton- CyberSecurity & Your Professional Life: A Value-Add Approach and Women in Security Download the Presentation
Michael Volk, Anne Arundel Community College – Enhancing Access to Cybersecurity Education, Training and Awareness Download the Presentation
Brian E. Dykstra, Atlantic Data Forensics, Inc. – Murder or Self Defense? Download the Presentation
Anthony Teelucksingh, Senior Counsel at U.S. Department of Justice – Insider Threats, US v. Makwana Download the Presentation
Cancelled
Robert K. Gardner, New World Technology Partners – Cyber Risk, Thru the Shareholder Lens Download the Presentation
Hello. As 2015 is now underway, we wanted to provide you with a list of potential networking and volunteering opportunities tentatively scheduled for this year. We are always looking for members to assist with various outreach and chapter activities that … Continued
Kathy Worgul, Carroll County Business & Employment Resource Center – How Can LinkedIn Assist in Career Advancement Download the Presentation
Hello. As 2015 starts, we are going to start a new practice. The chapter will post a monthly blog to let our members, sponsors and the local security community know what we are doing. We will open this blog with … Continued
December Meeting
Mathew J. Morris, Van Dyke Technology Group – Demystifying Cloud: (Iaas, Paas, Saas) Making Sense of it All
Glen Townson, So you want to be an Information Security Professional?
Bob West, CipherCloud – Cloud Security / Management
Physical Security
Wayne Beekman, Information Concepts – Getting Requirements Right The First Time
Mr. Jeffrey B. Israelitt, Inside IT Outsourcing From Service Providers Perspective
Mark Bennett, File Trek – Behavioral Analytics for Intellectual Property Protection
Taking the Next Step With Computer Forensics – Keith Jones, Lead Cybersecurity Engineer, General Dynamics Lab
Roundtable discussion
Robert Hensing, Microsoft – EMET, Windows XP End of Life
Brian Hubbard, G2, Inc. – NIST Cybersecurity Framework
Supply Chain Risk Management – Mike Myers, President of CyberCore Technologies
Defending Against Advanced Cyber Threats and APTs – Cristian Rodriguez, Consulting Sales Engineer, Websense, Inc.
Mr. Ketkar, Technical Manager, Cigital, Inc. – Mobile First AppSec – Pen-Testing Mobile Apps
Roundtable Discussion
Samantha Manke, Secure Mentem – 7 Habits of Highly Effective Security Awareness Programs
Robert Eggebrecht, BEW – Optimize Your Data Protection Investment for Bottom Line Results
Jim Libersky, Barrier 1D – Real Time Intelligent Threat Management
Robert Hensing and Michael Mattes, Microsoft – Using the Enhanced Mitigation Experience Toolkit
Michael Hixon, OWASP
Joe Magee, Viligant – Using SIEM as a Platform for Real-Time Threat Detection
Steve Surdu, VP of Prof. Services, MANDIANT – Current Security Threats
Dan Wiley, Checkpoint Software Techologies – Everything that is old is new again – DDoS Attacks in a highly connected world
Amber Schroader, Paraben Corp. – Mobile Devices the New Cybersecurity Threat
Ira Winkler, Internet Security Advisory Group – How to Recruit Spies on the Internet
Jim Hansen, Phishme – Spear Phishing
Bruce Zeitz, US-Cert
Michael Hamelin, Tufin
Round Table Discussion
Jack Halloran
Evan Lesser, ClearanceJobs – Compensation for Security-Cleared Professionals
Peter Coddington, PaRaBal – iPhone Security
Josh Smith, JHUAPL
Stopping the Enemy – Jason Brevnik, VP, Sourcefire
Round Table Discussion
International Conference – Baltimore Convention Center
IPv6 deployment – Sheila Frankel, NIST
Combating the Growing Insider Threat – Rob Barnes, Application Security, Inc.
Advanced Persistent Threats (APT) Assessments and Countermeasures – Inno Eroraha, NetSecurity Corporation,
Continuous Monitoring – Yong-Gon Chon, Sr. VP and Chief Technology Officer, SecureInfo
The Online Threat Landscape – Cristian Rodriguez, Websense
Skeletons in the Closet: Securing Inherited Applications – John Dickson, Denim Group
Vulnerabilities & Exploits – Billy Austin, CSO, SAINT Corporation
Talk Title: Decade of IT Security Assessments As vulnerabilities and threats continue to increase at a daunting pace, so does the demand for performing IT security assessments. This presentation covers the volume of various regulatory compliances associated with assessments and … Continued
Next Generation Network Security: A New Era of Application Control – Brandon Conley, VP Enterprise Sales, SonicWALL, Inc
January meeting – How to Hack Large Companies and Make Millions – Chris Hadnagy, Operations Manager of Offensive Security
SHODAN: Resistance is Futile SHODAN (http://www.shodanhq.com) is dubbed at “The Computer Search Engine”. SHODAN has garnered attention from the U.S. Industrial Control System Computer Emergency Response Team (ICS-CERT) because anyone can discover “sensitive” ICS systems. In this talk I will … Continued
Security Challenges Faced by Small to Medium Sized Companies Small to Midsize Businesses have invested time and money to bring their business to life. They buy insurance to protect their business, put locks on the doors and install fire alarms … Continued
Exploring Font Based Steganography With A Focus On Tool Development The world of steganography has become stale as the same exfiltration techniques become easier and easier to detect. Once any major steganalysis tool can find the hidden payload, its game … Continued
The Privileged Challenge Up until the last few years, IT security managers have spent billions of dollars in securing the parameters of their organizations to keep out those who would bring harm to their internal networks. However in recent years, … Continued
War of the Worlds – Business vs. Security in the Social Web When it comes to the Social Web (Social Media, Social Networking, etc…), Business and Security can be on two totally different worlds. Business wants to open the social … Continued
Why Your Intrusion Prevention System is Susceptible to TCP Evasion This talk will discuss why any Intrusion Prevention System (IPS) is susceptible to evasion by any traffic carried over the TCP protocol, the majority of traffic into and out of … Continued
This presentation will discuss Advanced Persistent Threats trends we have observed from 2002-2010, and how we proactively identify them. Samples of captured malicious code will be presented, and several case studies will be referenced. Stephen Windsor, Booz Allen Hamilton Stephen … Continued
Overcoming the Limitations in Network Security Monitoring Ron Gula, CEO of Tenable Network Security, will discuss the current state of the information security industry and focus on how we tend to take our security tools at face value. Mr. Gula … Continued
Federal government key strategic information security initiatives update The federal government continues its risk management transformation by deploying key security standards and guidelines supporting a unified information security framework. This presentation will provide an update on key strategic information security … Continued
