August 9th, 2024 meeting

DATE:August 9th, 2024
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
TOPIC:Current Cybersecurity Threats and How to avoid an RGE (Resume Generating Event)
PRESENTER: Ian H. Moore (CISSP – ENFP)
RECORDING: 

ABSTRACT

You are in your security operation center and every node on your network monitoring map starts to flash red.  You attempt to ping your domain controller and other key devices but nothing responds.  For those that have experienced a breach or a major outage, this scenario seems realistic.  Ian Moore will explain to you how to take actions now to help prevent this from happening. 

He will cover the differences between a few of the main cyber-attacking organizations and their methods, along with a typical attack process and timeline.

Along the same thread, Ian will explain and discuss the various techniques that attackers use, the common vulnerabilities that they exploit, and how you can employ some key mitigation strategies to protect your enterprise, and lastly, how to keep your leadership off the news and how to prevent you from having to update your resume.

BIOGRAPHY

Supervisory Cybersecurity Advisor (SCSA) for the State of Washington

Cybersecurity and Infrastructure Security Agency (CISA)

Ian serves as the Supervisory Cybersecurity Advisor for the state of Washington for CISA. He supports the Department of Homeland Security (DHS) mission of strengthening the security and resilience of the nation’s critical infrastructure.

His program coordinates cyber preparedness, risk mitigation and incident response, and provides cyber security resources, including assessments, to the state, local, tribal, and territorial government entities, and the nation’s sixteen critical infrastructure sectors.

Prior to joining DHS and CISA, Ian worked in both IT and cybersecurity for over 25 years. He started as an Intelligence Specialist in the U.S. Navy, right out of high school and then transitioned to the University of Washington, Bothell and earned his B.S. in Computing and Software Systems in 2002. Upon graduating college he earned a commission in the U.S. Air Force and worked as a Communication Officer at Offutt AFB in Nebraska. After separating from the Air Force in 2006, Ian took a civilian job doing cybersecurity, software development, and cyberspace planning for USSTRATCOM. During his time at USSTRATCOM, Ian earned his master’s degree in Cybersecurity from Bellevue University in Bellevue, Nebraska. Ian was the first student to graduate from Bellevue University’s Masters in Cybersecurity program in 2012. In 2015, Ian and his family decided to move home to the Northwest and took a job at the Puget Sound Naval Shipyard as a Cybersecurity Engineer. After a promotion and a year of working as the Platform IT (Operational Technology) Branch Manager, he accepted a Cybersecurity Advisor position within CISA. After a year of interviews, security checks and waiting, he was brought on as the Cybersecurity State Coordinator for the state of Washington in March of 2021. On July 1 st of 2024 Ian was promoted to the newly created position of Supervisory Cybersecurity Advisor for Washington state. This position will oversee the cybersecurity activities within the state, both public and private, and develop an overarching cybersecurity strategy for the state.

As the SCSA for Washington State, Ian works with the other three Cybersecurity Advisors and the State Coordinator to support state agencies, counties, and cities/towns and private industry partners to help them shore up their cybersecurity by partnering with them on assessments and offering CISA technical services. Through these partnerships he builds and cultivates relationships and trust throughout the state.

Ian maintains his Certified Information Systems Security Professional (CISSP) certification, since 2014.

January 12th, 2024 meeting

DATE:January 12th, 2024
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:Security Operations in the Age of Cybercrime
PRESENTER: Alex Pierce, Systems Engineer (Arctic Wolf Networks)
RECORDING: 

ABSTRACT

Cybercrime is big business and attackers have evolved. Today, cybercrime has become a $1.5 trillion dollar industry and that number is increasing. The barriers for attacks have been lowered, and the rewards have never been higher. So, who are these cybercriminals and how does an organization protect itself? Our discussion will focus on the common motives and methods of cybercriminal groups along with strategies on how to develop an effective security operations program to safeguard your environment.

BIOGRAPHY

Alex is a CISSP certified, experienced, and motivated Security Systems Engineer based out of Vancouver, British Columbia. In his current role as an Arctic Wolf Systems Engineer, he is responsible for creating innovative technical solutions to solve customers’ complex business issues and objectives.

August 11th, 2023 meeting

DATE:June 9th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Virtual Meeting, Zoom registration link
TOPIC:FEARLESS – Why the business does not think cybersecurity is a problem
PRESENTER: Elson Kung (CISA, PMP)
RECORDING: 

ABSTRACT

Every day, our newsfeed is cluttered with news of ransomware, data exfiltration, stolen crypto, phishing, supplier attacks, and even DDoS. To us, there is no doubt that the cyber landscape is fraught with dangers. The organizations we are working so hard to secure are always only a hair away from becoming the next headline. As technology and security professionals, we know this. But what about the business? Are they just as aware of the threats? Are they prioritizing the organizations’ resources to fight cybercrime? If the answer is “No” to either of these questions, they are probably naive to the risk they face, and think that bad things can only happen to others, right? Certainly, they are negligent in their duties, and could care less about their organizations’ proprietary information, their customers’ PII, and their third parties’ information? Or are they simply arriving at the wrong conclusion despite having done their utmost due diligence?


In this session, we will consider the different frames of mind and explore potential solutions to correct the business’ view that cybersecurity deserves some, but not more attention. We will discuss how to steer them with effective operational and risk management approaches so they are just as vigilant as we are.

BIOGRAPHY

Elson Kung is the founder and consultant of Cactimo. He has hands-on and leadership experience in operational risk management, guiding businesses to implement effective controls to reduce a diverse array of risks including cyber security, third party, data privacy, financial reporting, regulatory compliance, resilience, and fraud. For over 25 years, he has worked in IT, various functions in the business, and the front-line of a company with $128 billion of assets and $2.5 billion of income in 2022.


A former president of ISACA Vancouver Chapter, he now serves on the board of BCG Counselling Group, the Provincial Security Advisory Council of BC, and is a Toastmasters area director. He also volunteers, runs, hikes and bikes.

November 4th, 2022 meeting & AGM

DATE:November 4th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:Advanced Persistent Cybercrime
PRESENTER: Derek Manky
RECORDING: 
The AGM was delayed from September to November.

ABSTRACT

We are seeing a shift on the threat landscape where cybercrime, including ransomware, is becoming more destructive and targeted towards high valued assets and services. Nation state attacks that target critical infrastructure, government and healthcare are now having an impact across the entire attack surface including businesses’ IT networks. This is the result of the converging threat landscape, where nation state threat actors are working jointly with cybercriminal enterprise, hitting IT and OT networks in tandem. Businesses that were not concerned of being a target from sophisticated APT attacks in the past, are now impacted. Similarly the public sector is further impacted by the larger threat of cybercrime. This elevated game from the adversary has raised the level of risk to organizations to a high watermark never seen before. FortiGuard Labs observed an increase of nearly 100% in 1H 2022 of ransomware variants, driven by the Ransom-as-a-Service (RaaS) model and a growing cybercriminal workforce.

BIOGRAPHY

Derek Manky plays a strategic and visionary role in consulting with leading CSOs/CISOs of Fortune 500 companies worldwide across multiple industries, bringing with him over twenty years of cyber security experience. He leads FortiGuard Labs’ Global Threat Intelligence Team. Mr. Manky has established frameworks in the security industry including responsible vulnerability disclosure, which has exercised the responsible handling of over 1000 zero day vulnerabilities. Manky has been with the Cyber Threat Alliance since it was founded in May 2014 and sits on the steering committee. He has helped to build collaborative platforms in the cyber security industry for over 15 years. Manky collaborates with global forums and expert groups alongside leading political figures, key policy stakeholders and law enforcement, including the World Economic Forum C4C, NATO NICP, INTERPOL, and FIRST.org. His vision is applied to help shape the future of proactive cyber security, with the ultimate goal to make a positive impact towards the global war on cybercrime.

January 8th, 2021 meeting

DATE:January 8th, 2021
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Learning through law:
Building a better defense by studying real legal cases
PRESENTER(S):  Chester Wisniewski (Principal Research Scientist, Sophos)

ABSTRACT

While we are inundated by headlines of cybercriminals hacking everything that moves, we seldom have the opportunity to learn how they go about their trade craft. Often stories are distilled to simple things like “didn’t patch” or “phishing attack”. The complexities of real life events are far deeper. We can use the openness of our legal system to discover how these attacks actually unfolded for those who we are fortunate enough to apprehend, or at least charge with a crime. This talk will analyze a dozen recent indictments and US Grand Jury documents to learn the tricks, tools and techniques used in some of the most well known recent cyber attacks.

BIOGRAPHY

Chester Wisniewski is a principal research scientist at Sophos. With more than 25 years of professional experience, his interest in security and privacy first peaked while learning to hack from bulletin board text files in the 1980s, and has since been a lifelong pursuit. 


Chester analyzes the massive amounts of attack data gathered by SophosLabs to distill and share relevant information in an effort to improve the industry’s understanding of evolving threats, attacker behaviors and effective security defenses. He’s helped organizations design enterprise-scale defense strategies, served as the primary technical lead on architecting Sophos’ first email security appliance, and consulted on security planning with some of the largest global brands.


As a former President of the Vancouver SecSIG he is grateful for no longer being responsible for the meetings, but excited to continue to share and contribute to the security knowledge of our community. You may recognize me from my appearances on Global News(https://t.co/VWNBOja8Iv), CBC and CTV if you are old enough to still watch news on a TV.

October 9th, 2020 meeting

Fri, Oct. 9, 2020 2:00pm — 4:00pm

DATE:October 9th, 2020
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Threat landscape 2020: A deep dive on the threats we face and how we can successfully combat cybercrime
PRESENTER(S):  Chester Wisniewski (Principal Research Scientist, Sophos)

 A portion of this meeting will be dedicated to the AGM. Where possible we will use Zoom polls.

ABSTRACT

Part 1 – Know thy enemy.
There is no point in defending against attackers that aren’t there. The inverse could be worse, being unprepared for what is out there. The pace of change by cybercriminals is driven by money, which means it never stands still for long.


Part 2 – How we can use COVID-19 to our advantage.
Most security minded people are in a constant struggle to modernize and justify budgets to effectively train their staff and make modern efficient tools available. COVID-19 not only changed the threatscape, it has presented opportunities to IT security teams to up their game.


Part 3 – Targeted ransom deep dive.
These attacks have achieved unbelievable success and profit for the skilled criminals behind them. I will walk you through a typical attack and demonstrate the TTPs and cleverness that goes into hamstringing their victims.


Part 4 –  Parting defensive thoughts.
How we view our networks and the people who defend them is evolving with the threats. Many organizations who make headlines after being victimized have not evolved and sometimes even been culled from the herd. I will wrap up providing my advice on how to modernize your approach to protecting your data.

BIOGRAPHY

Chester Wisniewski is a principal research scientist at Sophos. With more than 25 years of professional experience, his interest in security and privacy first peaked while learning to hack from bulletin board text files in the 1980s, and has since been a lifelong pursuit.


Chester analyzes the massive amounts of attack data gathered by SophosLabs to distill and share relevant information in an effort to improve the industry’s understanding of evolving threats, attacker behaviors and effective security defenses. He’s helped organizations design enterprise-scale defense strategies, served as the primary technical lead on architecting Sophos’ first email security appliance, and consulted on security planning with some of the largest global brands.


As a former President of the Vancouver SecSIG he is grateful for no longer being responsible for the meetings, but excited to continue to share and contribute to the security knowledge of our community. You may recognize me from my appearances on Global News, CBC and CTV if you are old enough to still watch news on a TV.