April 2019 Chapter Meeting

April 24th 2019 6pm-8pm

Agenda: 6:00pm-6:15pm Networking 6:15pm-6:30pm Chapter Business 6:30pm-8:00pm Presentations

Location: Mercer Island Community Center 8236 SE 24th Street Mercer Island, WA 98040

Register

attendance qualifies for 2 CISSP credits

Speakers:

Jeffery Bird, Senior Security Specialist, Juniper Networks "The Benefits of SSL Deep Packet Inspection" SSL encryption (port 443) is the de-facto encryption technology for delivering secure Web browsing, and the benefits it provides. SSL encryption is driving the levels of SSL Web traffic to new heights. According to different industry authorities such as Google, Gartner & Forester in 2018 about 70% of all casual Web traffic is now HTTPS encrypted. Some industries such as finance, government, healthcare & legal are even higher. Warning -not all SSL traffic is benign. Without the right security tools, SSL is a blind spot in your network rendering gateway security measures neutered. Next Generation Firewalls (NGFW) using Web filters, Application Awareness, Anti-Virus Gateway, and IDS/IPS can only provide limited protection against malicious SSL traffic. Advanced Threat Protection (ATP) sandboxes provided limited protection against HTTPS traffic too.   A more advanced approach of intercepting the SSL traffic allowing the NGFW & ATP devices to examine all Web traffic HTTP & HTTPS traffic is fast becoming a critical requirement. Bio: As a Senior Security Specialist for Juniper Networks Jeff is responsible for educating internal teams, partners, and customers on the Juniper Networks security portfolio. Jeff is passionate about the role Juniper’s solutions can play in combatting the threat cyber-attacks pose to corporations and state entities. Juniper’s continued focus on automation with Software-Defined Secure Networking (SDSN) can streamline security operations, so threats are mitigated faster with less reliance on expensive and increasingly scarce cybersecurity human resources. Jeff is a 20+ year veteran of the Information Security & Networking industry and has held positions with multiple Silicon Valley security-focused companies such as McAfee, Blue Coat, Sophos, and Dell. Over the years, Jeff has worked in technical sales roles assisting service providers, resellers, and end users to secure their networks. Jeff holds a Bachelor of Science in Engineering from Indiana University of Pennsylvania and a Master of Arts in Management from City University of Seattle. and Denise Simons, CEO, Haystack Associates "Privacy and Security Laws: The Changing Landscape" In the 2017-2018 AG Data Breach Report the Washington State Attorney General reported data breaches have increased 700% in the past two years in Washington State. Smart phones, Internet of Things (IoT) and big data repositories collect an ever increasing amount of data on us that can be stolen and used for identity theft or collected by companies and sold, used and misused in ways we don’t know about and haven’t authorized. Privacy and security regulations are behind the times and trying to catch up with the issues presented by technology. During this conversation we will discuss the current regulatory landscape and proposed and recent privacy and security regulations. Bio: Denise is an experienced professional working with large and small enterprises throughout the US to provide guidance and develop policies and programs that support corporate goals to effectively manage information, reduce risk, and document compliance with retention, discovery, and security and privacy requirements.

May 2019 Chapter Meeting

May 22nd 2019 6pm-8pm

Agenda: 6:00pm-6:15pm Networking 6:15pm-6:30pm Chapter Business 6:30pm-8:00pm Presentations

Location: Bellevue City Hall 450 110th Ave. NE Bellevue, WA 98009

attendance qualifies for 2 CISSP credits

Speakers:

Karun Chennuri, Senior Software Engineer, T-Mobile "Chaos Engineering in Cloud Environment" Modern Internet-scale microservice architectures exhibit complex communication behavior and failure scenarios with chaotic behavior (a.k.a the Butterfly Effect) that may lead to large scale disruptive events. This complexity comes from the Distribute systems especially - components, services running thereon, and the underlying infrastructure necessary to provide highly available compute, network, security, storage, persistence services. For a distributed microservice architecture to function ideally, these elements must all work in tandem and tolerate failure. To systematically verify that a system can tolerate failure, a disciplined approach is necessary.  One such approach is “Chaos Engineering.” This talk is to demonstrate with a demo on how to break systems, proactively identify weaknesses in your system and take corrective actions. We will deep dive into several complex failure scenarios in the distributed environment.  This talk demonstrates generic Failure Injection Test cases that can be run in PaaS, Cloud environments. Bio: Entrepreneurial and Professional experience specializing in the Cloud Security, Chaos Engineering, SDN, Container Networking, Security Solutions Integration, Product Security Development. Hands-on programming skills & security architecture skills within the inter networking environment & Product development.