Featured Presentation Slides
72hrs of Incident Response – Ken Scott, May 2015
(Slides Coming Soon!!) Ken will discuss the life cycle of an Network Security Incident, steps to organize, communication, and how to respond as an organization. Ken will also discuss the most recent DDoS attacks and defense methods.
Securing Sensitive Data: A strange Game – Jeff Elliot, April 2015
(Slides Coming Soon!!) Information security compliance regulations like PCI, HIPAA, SB1386 have been around for many years now, but we continue to suffer large data breaches. In this talk, an experienced PCI QSA will discuss why even the best efforts at compliance fail to prevent breaches, provide examples from the field of what goes wrong despite these best efforts, and how to win by not playing – by getting the sensitive data the thieves want out of your environment.
Not Your Father’s Remediation – Wendi Rafferty and Chris Scott, March 2015
Today’s incident response team can’t just rely on having a whole weekend to remediate. You’ve also got to be able to start frustrating the attacker earlier and earlier in the response. Suppose an advanced attacker had figured out how to reliably evade your boxes, your endpoint software, your DLP. And he’s using your credentials against you. Could you find and frustrate him? Or would you pour a steaming cup of fail in your own lap? In this course, you’ll learn a few ways that hunters lock down authentication credentials during a hot incident, when we’re engaging in a running firefight with the adversary on your own network. We’ll show you the tactics and when to apply them. Attendees will learn how to conduct adversary-based hunting operations using existing technology; improve authentication credential protection during live IR and prepare for adversary evolution. And yeah, we’ll use tactics from current incidents we responded to.
Who Are the Bad Guys? – David Perry , February 2015
There is more than one kind of miscreant out there these days. More than one kind of crime. Everything from amateur jokesters to acts of war, and, to quote Al Jolson, you ain’t seen nothing yet! I have divided the categories of cyber actors (only I don’t like to call them actors because, as a SAG card carrying actor in my own right I don’t like to debase that term) so let’s call them Perpetrators, okay? Six kinds of perpetrators. This basically covers what we face today, and these six kinds use different tactics, have different goals, create different kinds of problems. They are all bad guys, but some of them are on our team, or claim to be. This will take the confusion you face today and make it terrifying. I promise..
Current Status of Information Security & Breach Events – Demetrios Lazarikos (Laz), January 2015
Over the past year Demetrios Lazarikos (Laz) has had the opportunity to meet with hundreds of executives about the current status of Information Security and breach events. The information he’s gathered is represented through multiple verticals – the quick summary – everyone is feeling the breach effects from the past 12 months.
Laz will discuss:
– Metrics gathered during the past 12 months
– How we got here with the evolution of technology
– Options in how to address and solve these complex issues
– Selling and communicating to the C-Suite
Applying Security Intelligence – Ira Winkler, December 2014
Ira Winkler, President of ISSA International surprised us by attending our Annual Holiday Party! He gave a talk on security intelligence.
ISSA-LA Community Outreach Year in Review – Stan Stahl, December 2014
Stan Stahl, President of ISSA Los Angeles Chapter presented our 2014 accomplishments, thanked our volunteers and members. He also talked about the year ahead, and the ISSA LA Seventh Security Summit at the LA Convention Center.
Advanced Security Tips for End Users – Cassio Goldschmidt, November 2014
When it comes to tips on how end users can protect themselves from phishing, malicious websites and trojans, security professionals sometimes sound like a broken record regurgitating the same old advice. Today’s end users are more tech savvy and deserve to know more. The talk is about how to surf safely on the web and perform some basic level of analysis of suspicious files, phishing and how to achieve superior protection against zero days or evil twins. If you like LifeHacker style tips, this talk is for you.
Securing the Internet of Things (IoT) – Ying Yang & Caesar Sedek, October 2014
he Internet of Things is a concept that has been gaining momentum in the technological world, as innovative organizations are merging the physical and digital realms and bringing smarter, more connected products and experiences to their customers. Leveraging machine-to-machine (M2M) technologies such as GPS and RFID, the IoT will transform and revolutionize the way we live and do business. However, with increased integrated connectivity among devices comes greater security and data privacy challenges and risks. In this presentation, we will provide an overview of the IoT (concept, trends and vendors) as well as discuss the current and future risks and controls to mitigate them.
Securing the SDLC in the real world – Jim Manico, September 2014
The earlier you address security in the engineering of software, the less expensive it will be for your organization. There are many who will tell you that you need to change all of your current processes around building software so it is more secure. Many of those forces are consultants charging high rates to help you deeply modify what you are doing today. This talk will will take the opposite approach. How can you add a few reasonable and mostly lightweight processes to how you build software today to make it more secure? Software development is like driving a boat. You need to look ahead make small changes to steer effectively.
Solid Defense Strategies – Kevin Cardwell, August 2014
In this presentation Kevin will discuss the importance for developing robust ingress and egress filtering to mitigate the threat of sophisticated malware. He will discuss the essential steps you need to take to defend from the majority of the known attacks. He will also show the challenge and importance for analyzing your systems live memory. The talk will conclude with the importance of adding hardware based protection to your defenses. While there is no such thing as perfect security, deploying these tactics will make you a hard target.
Transforming IT: Security Risk Management for the Coming Decade – Debbie Christofferson, June, 2012
IT security risk has exploded exponentially. What does this mean to your business and for global, local, IT and security? What is enterprise risk management and how does it apply to security and your business? How much security is enough? Find out what matters most to executive staff, where opportunities and trends lie, and what you can you do today.
Breaking the Lifecycle of the Modern Threat – Santiago Polo, April 2012
Network attacks are becoming both more sophisticated and more common, with all types of enterprises and all types of information being targeted by attackers. In this presentation we will shine light on the lifecycle of a modern network attack to understand how the threat landscape has changed and what is required from us as security professionals to protect our networks and users today.
Pulp Google Hacking – Francis Brown, February 2012
Last year’s Lord of the Bing presentation stabbed Google Hacking in the heart with a syringe full of adrenaline and injected life back into a dying art form. New attack tools and modern defensive techniques redefined the way people thought about Google Hacking. Among these were the first ever Bing Hacking tool and the Google/Bing Hacking Alert RSS feeds, which have grown to become the world’s single largest repository of live vulnerabilities on the web. And it was only the beginning…
Securing the SDLC – Jerry Hoff, January 2012
There are multiple documents, methodologies and schools of thought for adding security activities to each step of the SDLC. In this presentation we will go through several of the more popular methodologies and discuss advantages / disadvantages of each. We will also discuss challenges and resistance of trying to add security to an entrenched development process.
Beyond Signatures & DPI – Tomás Byrnes, July 2011
The current threat landscape is characterized by a growing number of attacks of increasing sophistication and criminal intent. Today’s IT security professionals understand that safeguarding corporate data and assets requires a multi-layered approach. Join Tom Byrnes, industry expert and CEO of ThreatSTOP as he shares best practices in layered security, how to protect against botnets and Advanced Persistent Threats, and the impact of IPv6 on your security infrastructure. View Slides»
Hacking the Cloud – Dr. Eugene Schultz, 2011 Infosec Summit
Major Cloud security risks and methods of hacking. Presented at the 3rd Annual Information Security Summit hosted by ISSA-LA in June 2011. View Slides»
Top Ten Web Hacking Techniques of 2010 – Jeremiah Grossman, 2011 Infosec Summit
“Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we’re talking about brand new and creative methods of Web-based attack.” WhiteHat Security Founder & CTO Jeremiah Grossman presented at the 3rd Annual Information Security Summit hosted by ISSA-LA in June 2011. View Slides»
Worst Mistakes in Cloud Security – Dr. Eugene Shultz, 2011 Infosec Summit
Outlines the 11 most serious mistakes made with regard to security in cloud computing. Presented at the 3rd Annual Information Security Summit hosted by ISSA-LA in June 2011. View Slides»
Stuxnet – Attack on Critical Infrastructure – Liam O Murchu, March 2011
Stuxnet is the first threat we have seen that is capable of changing how physical machinery can operate. This automatically places the worm in a completely new category of threats. The fact that it’s suspected target was an Uranium enrichment facility is Iran only adds to its novelty. These and other aspects of Stuxnet make it stand out as a ground breaking project and are the topics for discussion in this talk. As well as discussing what makes Stuxnet so unusual, recently released information about the way that Stuxnet spread from computer to computer will also be shown. This information highlights how well Stuxnet actually performed in the real world, not just the theoretical capabilities of the threat. The implications on security procedures that Stuxnet has raised will also be presented. View Slides»
Anatomy of an APT Attack – David Nardoni & Jeff Dye, February 2011
The news is seemingly wrought with stories of network and data breaches. Buzzwords abound at a dizzying pace: viruses, malware, and botnets oh my! Then we learn of something a bit more nefarious; the Advanced Persistent Threat (APT). In our discussion, we will explore APT attacks from the incident responder’s point of view. We will discuss examples of how the attacks are carried out and, which containment and remediation actions are effective and which are not. The goal is to provide you, the First Responder, with some basic guidelines, tips, and techniques on dealing with APT events. View Slides»
Mobile Application Security – Dr. Eugene Schultz, January 2011
The user computing environment has changed considerably over the last decade. Mobile computing devices such as laptop computers, smartphones, Bluetooth devices, and personal data assistants (PDAs) are now routinely used not only by “road warriors,” but also by other employees and contractors both within and outside of the traditional workplace. Mobility creates many security-related risks (physical theft, eavesdropping in wireless environments, viruses and worms, anonymous connections, unauthorized connections to mobile devices through exploitation of vulnerabilities, and more), many or most of which are typically not adequately understood, let alone addressed. The fact that business-critical information is often stored on these devices further exacerbates these risks; the fact that mobile applications commonly run on these devices have generally been written without much if any consideration of security proliferates risk even more. Worse yet, information and knowledge concerning mobile applications are scarce. Even fewer people know virtually anything about mobile application security, resulting in these applications running in what is almost always an insecure “out-of-the-box” state. Additionally, iPhones must be “jailbroken” to run certain applications—the consequences for security are not good. This presentation concentrates on the functionality of a range of widely used mobile applications, vulnerabilities and risks associated with these applications, and possible security solutions, if they exist. View Slides»
Threat Modeling at Symantec – Edward Bonver, September 2010
Threat Modeling is one of the most important security activities that a development/QA team needs to perform as part of a Security Development Lifecycle. This activity allows the team to build a complete security profile of the system being built. Threat Modeling is not always easy to get going for a team that has little or no security experience. In this presentation we’ll take a look at why Threat Modeling is so important; we’ll explore the process behind it, and how the process is being implemented and followed across Symantec. View Slides»
Secure Coding Practices and Procedures – Mike O. Villegas, September 2010
Organizations process information over web applications that can be often classified as sensitive, confidential, or considered intellectual property. Web Application Firewalls (WAF) provide protection for business critical data and web applications with an automated and transparent approach to monitor and protect enterprise data as it is accessed and transacted through applications. To augment WAF filtering and vulnerability monitoring, many organizations have developed or outsource secure code reviews and development. Information Security at Newegg established their own .NET C# secure coding standard, train and test our developers on secure coding, and do their own secure code reviews with WebInspect and manual code reviews. They started to develop a web application threat modeling approach but it is still in its infancy. This presentation focuses on the secure coding standard, satisfying PCI requirements for such, and training / testing of developers in secure coding practices using OWASP Top 10 Vulnerabilities as its foundation. View Slides»