June 2019 Chapter Meeting

June 26th 2019 6-8pm

Agenda: 6:00pm-6:15pm Networking 6:15pm-6:30pm Chapter Business 6:30pm-8:00pm Presentations

Location: Bellevue City Hall 450 110th Ave. NE Bellevue, WA 98009

Register

attendance qualifies for 2 CISSP credits

Speakers:

Omer Singer, CTO, Snowflake Achieving High Fidelity Security Analytics High fidelity security analytics enable an organization to scale rapidly without taking on a proportionate increase in cybersecurity risk. For mature organizations, high fidelity security analytics enable maintaining a robust security posture while reducing costs and freeing up personnel. In this technical and engaging presentation, you will learn how to take a data-driven, context-rich approach to reliably identifying threats and risks in your cloud environment. Bio: Omer brings over 15 years of hands-on experience in cybersecurity to his role as Senior Director of Security at Snowflake Computing where he protects customer data using Snowflake for security analytics. Prior to Snowflake, Omer was Vice President of Security Operations at a global security services provider and served as an officer in the prestigious IDF Intelligence Corps 8200 Unit. He is passionate about tackling long-standing cybersecurity challenges through innovation. Doug Hegge, Platform Architect, Tanium Securing cloud-native workloads, hygiene still matters A review of a cloud based practices for extending security hygiene to include Software Defined Networking and Containers. Followed by, a discussion of the unique challenges of securing Kubernetes orchestration and Docker within the cloud. Bio: Doug is a Platform Architect for Tanium’s Platform/Client team responsible for Tanium’s Container offerings and has deep understanding and experience creating and managing container environments both on premises and in the cloud.   Prior to Tanium, he was a Principal Staff Architect with Intel. Doug has developed many award winning security products and is the engineer of record on many security related product patents.

July 2019 Chapter Meeting

July 24th 2019 6pm-8pm

Agenda: 6:00pm-6:15pm Networking 6:15pm-6:30pm Chapter Business 6:30pm-8:00pm Presentations

Location: Bellevue City Hall 450 110th Ave. NE Bellevue, WA 98009

attendance qualifies for 2 CISSP credits

Speakers:

John Michener, Chief Scientist and Principal Consultant, Casaba Security Expanding OWASP Vulnerabilities:  Security in Functions as a Service Functions as a Service (FaaS) is a cloud-based development paradigm that is comparable in impact to classic function-based development methodologies. The use of a RESTful stateless approach allows extreme scalability for the applications that are built using this approach. Not surprisingly, this development approach exhibits OWASP vulnerabilities. FaaS platforms support very fine-grained permission controls at the function level, allowing a skilled developer to properly secure applications. When combined with DevOps practices, the complexity of managing and maintaining permissions and controlling threat boundary crossings can easily exceed organizational procedural capabilities and significantly degrade application security. This talk will review security issues of particular interest in FaaS environments and mitigating controls that development organizations can take to manage the threat of these issues. Bio: John has been involved in 3 security startups as a kernel developer and security architect at Novell, a security architect and senior security program manager at Microsoft, and as the chief scientist and principal consultant for over the past 8 years at Casaba Security, working with a wide variety of clients. His work includes issues of security design review, threat modelling, security architecture, compliance, usage of cryptography, and have a number of related published papers and patents. Of relevance to this talk, while at Microsoft John reviewed default ACL’s and Permissions for Windows Vista and Windows 7 and have worked on the issue of DevOps in Compliance environments. and Diana Volere, Chief Evangelist, Saviynt Securing AWS: A Real-World Case Study Using cloud first governance driven approach to reduce and mitigate risks managing privileged access and identities in an AWS environment, we’ll review a real world example how a Fortune 500 company how they perform:

• Management of privileged access to AWS workloads
• Real-time monitoring and enforcement of baseline security policies on their AWS infrastructure
• Access visibility’ of federated identities to AWS Objects’ on a periodic basis with continuous compliance controls
• Periodic certification process for critical resources hosted in their AWS ecosystem to ensure only authorized individuals have access to their AWS ecosystem
• AWS Role lifecycle management and governance

Bio: Diana is a strategist, architect and communicator on digital identity, governance and security, with a passion for organizational digital transformation. She has designed solutions for and driven sales at Fortune 500 companies around the world, and has an emphasis on healthcare and financial verticals. In her role as a Principal Solution Architect at Saviynt she works as a technical evangelist and strategist with partners and customers to help them derive business value from technical capabilities. Her past twenty years have been spent in product and services organizations in the IAM space. Outside of work she loves travel, gastronomy, sci-fi, and most other activities associated with being a geek.

September 2019 Chapter Meeting

September 25th 2019 6pm-8pm

Agenda: 6:00pm-6:15pm Networking 6:15pm-6:30pm Chapter Business 6:30pm-8:00pm Presentations

Location: Bellevue City Hall 450 110th Ave. NE Bellevue, WA 98009

attendance qualifies for 2 CISSP credits

Speakers:

Melissa Van Buhler, Cybersecurity & Data Privacy Attorney, Newman Du Wors, LLP NIST Privacy Framework and other legal updates in the realm of data privacy Bio:  Melissa is an expert on cybersecurity, privacy, and regulatory compliance whose key strength is helping organizations achieve cyber resiliency grounded in legal and regulatory compliance.  Before joining Newman Du Wors in 2018, she served more than fifteen years as a Judge Advocate General officer in the United States Army where she supported top-secret operations at the National Security Agency (NSA), United States Cyber Command, and United States Army Special Operations Command. During her tenure, Melissa gained unique insights into worldwide vulnerabilities to cyberattacks and helped develop best practices to combat them. She advised on the complex data lifecycle from collection, storage, and sharing within and among intelligence agencies. Her data privacy expertise is grounded in working with all types of intelligence information, particularly signals intelligence data.  Melissa earned a master of laws in Information Technology & Intellectual Property from University of Colorado, Boulder in between assignments with intelligence organizations. She is also a combat veteran of Operation Iraqi Freedom having served one year with the 4^th Infantry Division at Camp Taji, Iraq from 2005 – 2006. and Wade Ellery - Senior Solutions Architect and Evangelist at Radiant Logic Living in a Hybrid World