October 20, 2021 CPE Event

Topic: Developing an Informed Cybersecurity Strategy Through Attack Simulation

Join us for this presentation by Dan DeCloss, Founder and CEO of PlexTrac

Time and Location: October 20th, via Zoom Meeting 12:00-1:00pm

Click Here to Register (Please Note:  Zoom information will be sent in the RSVP Confirmation Email.)

Presentation Summary:  In Cybersecurity we’re faced with many challenges and a constantly evolving threat landscape. There is a constant pressure to show progress in your security posture, but how do you make informed decisions around security strategy? How do you know where to be investing your valuable time and resources? This talk will dive into the practical application of attack simulation and how these activities inform your Cybersecurity strategy. We’ll also discuss recent research results that highlight how valuable attack simulation has been for organizations in making demonstrable progress towards their Cybersecurity goals and improved security posture.

Dan DeCloss is the Founder and CEO of PlexTrac and has over 16 years of experience in Cybersecurity. Dan started his career in the Department of Defense and then moved on to the private sector where he worked for various companies including Telos, Veracode, Mayo Clinic, and Anthem. Dan’s background is in application security and penetration testing, involving hacking networks, websites, and mobile applications for clients. Prior to PlexTrac, Dan was the Director of Cybersecurity for Scentsy where he and his team built the security program out of its infancy into a best-in-class program.

Dan has a master’s degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally, Dan holds the OSCP and CISSP certifications. Dan has a passion for helping everyone understand cybersecurity at a practical level, ensuring that focus is on the right work to reduce risk.

Dan can be reached on LinkedIn at https://www.linkedin.com/in/ddecloss/ or on Twitter @wh33lhouse.

September 15, 2021 CPE Event

Topic: Introducing MITRE ATT&CK

Join us for this presentation by Chris Ante, Cyber Security Engineer with The MITRE Corporation

Time and Location: September 15th, via Zoom Meeting 12:00-1:00pm

(Please Note:  Zoom information will be sent in the RSVP Confirmation Email.)

Presentation Summary:   How do we keep up with adversary behaviors as they continually evolve and leverage new and evolving technologies? The MITRE ATT&CK framework is a knowledge base of adversary behaviors that serves as a common language for network defenders. This talk aims to explain how ATT&CK can be leveraged for various use cases and how you can implement using ATT&CK within your own organizations.

Chris Ante is a Cyber Security Engineer with The MITRE Corporation and member of the MITRE ATT&CK team where he primarily focuses on analyzing cyber adversary behaviors. In his role, he works closely with government agencies, private industry, and the broader cyber security community to understand how threat actors leverage various technology domains for their objectives, which include but are not limited to cryptocurrency, the darknet, exploiting critical infrastructure, and cloud environments.

Before joining MITRE, he worked as a Technology Consultant for IBM doing blockchain and application security, as the Program Director of Cybersecurity for the National Student Leadership Conference (NSLC), and has experience in red-teaming. He graduated from Virginia Tech with a Bachelor’s degree in Business Information Technology and he is currently pursuing a Master’s Degree in Applied Intelligence, with a focus in Cyber Intelligence, at Georgetown University.

INTERFACE Boise 2021

INTERFACE™ is a series of educational conferences focused on information security, IT infrastructure (BC/DR, data storage & recovery), and enterprise communications.  Now recognized as one of the nation’s premier IT symposiums, INTERFACE has received 15+ years of enthusiastic support from both the regional IT communities it serves and a burgeoning number of leading solution providers.

We have the opportunity to virtually attend the Boise INTERFACE event. ISACA members can attend at no cost and earn up to 7 CPE credits during the day. This has been a great event in the past with the opportunity to hear from professional speakers and companies on emerging technology topics.

Click here to register as an ISACA Member.

May 2021 AGM – Membership and CPE Meeting

We are excited to announce our Annual General Membership Meeting (AGM)!

Please join us for our annual business meeting and enjoy a Panel Discussion to earn CPE credits.

Date: May 21st, 2:00-4:00

Location:  Virtual Zoom Event (Zoom information and a Calendar Event will be sent in the RSVP Confirmation Email.).

Please Note:  Zoom information and a Calendar Event will be sent in the RSVP Confirmation Email.

Cost:  ISACA Boise Members (Free), Non-Members $15

  • 2:00 – 2:45 – Business MeetingWelcome, Announcements, Chapter Updates, Member Recognition, Board Position Intros (and Subcommittee/Volunteer Signup), Elections
  • 2:45 – 3:00 – Break
  • 3:00 – 4:00 – CPE Panel Discussion:  Cloud Security
    • Ken Dunham (Principal Security Consultant at World Wide Technology) and Andrew Richter (Customer Success Specialist, Cisco Systems Inc.) will discuss key topics for Cloud Security
  • 5:00 – 7:00 – Optional Drinks and Hors d’oeuvres at The Ram Meridian.
    • More information will be provided during the AGM Meeting.

Ken Dunham has three decades of startup and F1000 transformative practice management and executive leadership specializing in incident response, emergent threats, counter-intelligence, and innovation. He is recognized as an ISSA International Fellow, reserved for 1% of security professionals globally, was the global top quoted security expert in 2006, and has authored multiple books and thousands of blogs and intelligence briefings. While with British Air/Reflectone Training Systems he also innovated and implemented transformative training programs for pilots and navigators of the U2, Warthog, and the very unique Predator system (Indian Springs). He also has a deep knowledge of the DarkWeb and global investigations and incident management with a wealth of investigative and cyber threat intelligence experience working with US DoD, FBI, USSS, and various legal and government agencies worldwide on the largest threats and crisis of this century through the Target breach in 2015.

Andrew Richter is an Enterprise Networking and Data Security professional with over 20 years experience designing and implementing solutions for customers in the US and globally.  Andrew’s work crosses multiple verticals including financial, healthcare, high-tech and retail; enabling customers to transform their business through technology enablement, including the move to Cloud.  Andrew holds multiple industry certifications including the Cisco CCIE and ISACA CISA, CISM, CRISC, and CDPSE.

April 21, 2021 CPE Event

Topic: Intro to Factor Analysis of Information Risk (FAIRTM)

Join us for this presentation by Cary Wise, Head of Partner Professional Services for RiskLens,

Time and Location: April 21st, via Zoom Meeting 12:00-1:00pm

Summary:  Factor Analysis of Information Risk (FAIRTM) is the only international standard quantitative model for information security and operational risk.

  • FAIR provides a model for understanding, analyzing and quantifying cyber risk and operational risk in financial terms.
  • It is unlike risk assessment frameworks that focus their output on qualitative color charts or numerical weighted scales.
  • It builds a foundation for developing a robust approach to information risk management.

Cary is the Head of Partner Professional Services for RiskLens, where he has been a leader in risk quantification for the past 3 years. Prior to joining RiskLens, he managed security programs at a Fortune 1,000 manufacturing organization as well as a power utility company. His IT security and risk experience is rooted in the government sector, where he served 12 years in the United States Navy.

Regarding risk quantification, Cary has built and improved programs for multiple Fortune organizations on a global scale and has been a speaker at security conferences on the topic. He is also a FAIR instructor, where he provides education to risk practitioners and executives around the world.

Cary has a BS degree in Organizational Leadership, is a Certified Information Systems Security Professional (CISSP), and sits as the Co-Chairman of the FAIR Institute’s Federal Government Chapter.