Tag: cybersecurity

Posted on

August 9th, 2024 meeting

DATE:August 9th, 2024
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
TOPIC:Current Cybersecurity Threats and How to avoid an RGE (Resume Generating Event)
PRESENTER: Ian H. Moore (CISSP – ENFP)
RECORDING: 

ABSTRACT

You are in your security operation center and every node on your network monitoring map starts to flash red.  You attempt to ping your domain controller and other key devices but nothing responds.  For those that have experienced a breach or a major outage, this scenario seems realistic.  Ian Moore will explain to you how to take actions now to help prevent this from happening. 

He will cover the differences between a few of the main cyber-attacking organizations and their methods, along with a typical attack process and timeline.

Along the same thread, Ian will explain and discuss the various techniques that attackers use, the common vulnerabilities that they exploit, and how you can employ some key mitigation strategies to protect your enterprise, and lastly, how to keep your leadership off the news and how to prevent you from having to update your resume.

BIOGRAPHY

Supervisory Cybersecurity Advisor (SCSA) for the State of Washington

Cybersecurity and Infrastructure Security Agency (CISA)

Ian serves as the Supervisory Cybersecurity Advisor for the state of Washington for CISA. He supports the Department of Homeland Security (DHS) mission of strengthening the security and resilience of the nation’s critical infrastructure.

His program coordinates cyber preparedness, risk mitigation and incident response, and provides cyber security resources, including assessments, to the state, local, tribal, and territorial government entities, and the nation’s sixteen critical infrastructure sectors.

Prior to joining DHS and CISA, Ian worked in both IT and cybersecurity for over 25 years. He started as an Intelligence Specialist in the U.S. Navy, right out of high school and then transitioned to the University of Washington, Bothell and earned his B.S. in Computing and Software Systems in 2002. Upon graduating college he earned a commission in the U.S. Air Force and worked as a Communication Officer at Offutt AFB in Nebraska. After separating from the Air Force in 2006, Ian took a civilian job doing cybersecurity, software development, and cyberspace planning for USSTRATCOM. During his time at USSTRATCOM, Ian earned his master’s degree in Cybersecurity from Bellevue University in Bellevue, Nebraska. Ian was the first student to graduate from Bellevue University’s Masters in Cybersecurity program in 2012. In 2015, Ian and his family decided to move home to the Northwest and took a job at the Puget Sound Naval Shipyard as a Cybersecurity Engineer. After a promotion and a year of working as the Platform IT (Operational Technology) Branch Manager, he accepted a Cybersecurity Advisor position within CISA. After a year of interviews, security checks and waiting, he was brought on as the Cybersecurity State Coordinator for the state of Washington in March of 2021. On July 1 st of 2024 Ian was promoted to the newly created position of Supervisory Cybersecurity Advisor for Washington state. This position will oversee the cybersecurity activities within the state, both public and private, and develop an overarching cybersecurity strategy for the state.

As the SCSA for Washington State, Ian works with the other three Cybersecurity Advisors and the State Coordinator to support state agencies, counties, and cities/towns and private industry partners to help them shore up their cybersecurity by partnering with them on assessments and offering CISA technical services. Through these partnerships he builds and cultivates relationships and trust throughout the state.

Ian maintains his Certified Information Systems Security Professional (CISSP) certification, since 2014.

Posted on

July 12th, 2024 meeting

DATE:July 12th, 2024
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
TOPIC:Adaptive Cybersecurity – A Relationship-Based Approach
PRESENTER: Alexandra Landegger
RECORDING: 

ABSTRACT

Cybersecurity today demands proactive, strategic planning to uphold enterprise
stability and customer trust. Alexandra Landegger, CISO, Collins Aerospace, believes in
advanced preparation and encouraging early collaboration with legal and cross-departmental teams to strengthen security posture.


Join this session to hear her share case studies on:


· Fostering flexibility and adaptiveness in response strategies
· Adapting swiftly to emerging threats with a focus on prevention
· Committing to data-driven decision-making to minimize biases

BIOGRAPHY

As Chief Information Security Officer at Collins Aerospace, Alexandra leads a
diverse team of cybersecurity and compliance professionals to protect the company’s digital ecosystem, including IT, OT and hosted services. She also sponsors the RTX Cybersecurity Engagement Council to drive an inclusive, learning and collaborative culture that makes our organization feel like the right “home” for everyone. Prior to joining Collins, Alexandra led Booz Allen Hamilton’s Commercial Aerospace and Automotive practices, advising C-level clients on cybersecurity and digital transformation initiatives.

Posted on

April 12th, 2024 meeting

DATE:April 12th, 2024
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
TOPIC:Conducting Cyber Security Exercises – Sharing Knowledge From Training and Experience
PRESENTER: Gerry Sieracki (CISSP, Retired IT – OT – Cyber Security)
RECORDING: 

ABSTRACT

This presentation is the sharing of my knowledge gained from years of training and work experience in both the private and public sector. It will cover topics including planning, designing, conducting, post exercise debriefing, and more. It is designed to promote thinking about methods of conducting Cyber Security Exercises. The knowledge shared can also be applied to other types of exercises such as Disaster Recovery Exercises.

BIOGRAPHY

Gerry is a seasoned IT veteran with over 25 years of progressively responsible work in IT. He retired from work as a Network Administrator in the Critical Infrastructure Water Sector focusing on networking and cybersecurity. Gerry worked closely with external agencies such as the FBI, DHS and the SD-LECC on cybersecurity and other issues.


Gerry earned his CISSP in May 2015. Gerry is trained in the National Incident Management System (NIMS) and has additional training on physical security for Critical Infrastructure. Gerry has had training on developing Cyber Security and Incident Response Exercises. Gerry has designed and conducted several exercises, and participated in many more.

Posted on

October 13th, 2023 meeting

DATE:October 13th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Sophos, 777 Dunsmuir St #1400, Vancouver, B.C. V7Y 1K4
Zoom Online meeting
TOPIC:Investigating the Reasons why Small and Medium Enterprises (SMEs) are not Using the Existing Cybersecurity Frameworks such as the NIST CSF: A Qualitative Exploratory Study Using the Delphi Data Collection Method
PRESENTER: Lloyd Jura, Ph.D., CISSP
RECORDING: 
This is an in-person event, with a Zoom session for remote participants. Guests must take the elevator to the 14th floor and go past reception to the 15th floor.

ABSTRACT

In this presentation, Dr. Lloyd Jura will talk about two things; his journey to obtaining a Ph.D. in Information Technology with a Cybersecurity concentration and secondly, he will present the findings of his research.


Dr. Jura’s exploratory qualitative study aimed to establish why small to medium enterprises (SMEs) are not adopting existing cybersecurity frameworks and establish motivating factors that SMEs can adopt by interviewing twenty-one cybersecurity subject matter experts. SMEs are not as prepared to deal with attacks as large enterprises and are not adopting cybersecurity frameworks like the NIST CSF. Current literature on cybersecurity framework adoption focused on large enterprises that excluded SMEs, even though breaches are increasingly happening to SMEs compared to large corporations. The research used the Self-determination Theory (SDT). SDT is one of the significant theories in human motivation, and its development and improvement over the years have been motivated by the desire to understand what motivates employees (Gagné, 2014). Self-determination Theory promotes “perceived autonomy, competence, and relatedness” (van Haastrecht et al. 2021, p. 1).

BIOGRAPHY

Dr. Lloyd Jura, an Assistant Professor at the New York Institute of Technology (NYIT) Vancouver Campus and an entrepreneur running Jura Technologies, Inc., is an accomplished expert in Governance, Risk, and Compliance (GRC) with over 25 years of industry experience. In his academic and professional pursuits, he aims to influence GRC and cybersecurity awareness training. Dr. Jura’s interdisciplinary background in information technology, business administration, and cybersecurity informs his research, focusing on governance, risk management, and compliance strategies in modern business environments. He is well-versed in frameworks like PCI-DSS, SOC 2, NIST CSF, and ISO 27001, and has led teams managing cybersecurity, data protection, and compliance programs in organizations such as Fraser Health Authority, ICBC, Vivonet, IBM Canada, and TELUS Security Solutions.

Posted on

August 11th, 2023 meeting

DATE:June 9th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Virtual Meeting, Zoom registration link
TOPIC:FEARLESS – Why the business does not think cybersecurity is a problem
PRESENTER: Elson Kung (CISA, PMP)
RECORDING: 

ABSTRACT

Every day, our newsfeed is cluttered with news of ransomware, data exfiltration, stolen crypto, phishing, supplier attacks, and even DDoS. To us, there is no doubt that the cyber landscape is fraught with dangers. The organizations we are working so hard to secure are always only a hair away from becoming the next headline. As technology and security professionals, we know this. But what about the business? Are they just as aware of the threats? Are they prioritizing the organizations’ resources to fight cybercrime? If the answer is “No” to either of these questions, they are probably naive to the risk they face, and think that bad things can only happen to others, right? Certainly, they are negligent in their duties, and could care less about their organizations’ proprietary information, their customers’ PII, and their third parties’ information? Or are they simply arriving at the wrong conclusion despite having done their utmost due diligence?


In this session, we will consider the different frames of mind and explore potential solutions to correct the business’ view that cybersecurity deserves some, but not more attention. We will discuss how to steer them with effective operational and risk management approaches so they are just as vigilant as we are.

BIOGRAPHY

Elson Kung is the founder and consultant of Cactimo. He has hands-on and leadership experience in operational risk management, guiding businesses to implement effective controls to reduce a diverse array of risks including cyber security, third party, data privacy, financial reporting, regulatory compliance, resilience, and fraud. For over 25 years, he has worked in IT, various functions in the business, and the front-line of a company with $128 billion of assets and $2.5 billion of income in 2022.


A former president of ISACA Vancouver Chapter, he now serves on the board of BCG Counselling Group, the Provincial Security Advisory Council of BC, and is a Toastmasters area director. He also volunteers, runs, hikes and bikes.

Posted on

April 9th, 2021 meeting

DATE:April 9th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Presentation 1: Why is phishing still an issue?
Presentation 2: Setting the CISO free
PRESENTER(S):  Presentation 1: Mike Fleck (Senior Director of Sales, Cyren)
Presentation 2: Rob Newby (CEO, Procordr)

Presentation 1 detail:

ABSTRACT

Why is phishing still an issue? Let’s take a look at the tactics attackers are using and discuss why these simple, yet sophisticated, tricks allow malicious messages to evade detection. Mike will share summary statistics about the scale and type of phishing attacks and also provide detailed examples of specific incidents.

BIOGRAPHY

Mike Fleck is the Senior Director of Sales Engineering at Cyren. With over 15 years of experience in information security, Mike holds patents for transparent encryption and automated encryption key management and has been featured in Security Week, Information Security Magazine, Information Management, and NBC News. Prior to Cyren, Mike was the Vice President of Identity Protection at 4iQ, a provider of dark web threat intelligence that helps to protect consumer identities and to investigate cybercriminals. Previously, Mike was the Vice President of Security at Covata Limited (ASX: CVT) where he directed US operations and global marketing. He joined Covata in 2017, by way of acquisition of CipherPoint which he co-founded in 2010 and was CEO. His vast experience with complex Fortune 500 and Federal Government environments includes technical leadership roles at Vormetric (acquired by Thales), High Tower Software (acquired by NetForensics), Predictive Systems (NASDAQ: PRDS), and Lockheed Martin.

Presentation 2 detail:

ABSTRACT

Cybersecurity is now front page news. Companies are exposed, and CISOs need to make strategic decisions. Lack of accountability can lead to large fines and even prison time for Board members, but they aren’t being appropriately informed. Rob Newby was a new CISO in this situation 2 years ago. His board was concerned, but about the wrong things.


Rob explains what we’re doing wrong now in Security, and what simple changes can be made for the better to fix issues in reporting, strategy, governance and the demand for skills.

BIOGRAPHY

Rob is a problem solver for UK and EMEA boards, as a CISO and Security Adviser Rob has returned failing programmes and projects to the critical path, including setting up and developing multiple lines of defence in parallel, defining and delivering measurable business value. He is now the CEO of UK Cybersecurity startup Procordr, delivering strategy and governance solutions to large enterprises He previously worked as a CISO to SmartDCC, Strategic Adviser to Group CISO at Admiral Group, and at Aviva Group, he was the CISO for General Insurance and Strategic Adviser to their UK CISO.

Posted on

Friday, November 13, 2020 2pm to 4pm

Fri, Oct. 9, 2020 2:00pm — 4:00pm

DATE:November 13th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation
RSVP Required – register at Zoom
TOPIC(S):Cyberwarfare: The New “Colder” War
PRESENTER(S):  Kevin Murphy
Agenda:

2:00 pm – 2:15 pm  Welcome and announcements
2:15 pm – 2:45 pm  Featured Presentation
2:45 pm – 3:15 pm  Break
3:15 pm – 3:45 pm  Featured Presentation
3:45 pm – 4:00 pm  Q&A 

Abstract:  Is Cyberwarfare actually the next World War?  Modern cybersecurity threats have evolved into very effective disinformation campaigns and destructive ransomware. What can we collectively do to protect ourselves, our business, and our democratic institutions? Hint: the solution is more than just technology.

Biography:
Kevin was the VP of Cybersecurity Operations and Governance at IOActive.com, a retired US Air Force intelligence officer, and the former Director of Windows Security Architecture at Microsoft with over 25 years of experience in threat intelligence and information security. Kevin holds the CISM, CISSP, and CGEIT security certifications.