May 2019 AGM Luncheon Event – Membership and CPE Meeting

We are excited to announce our Annual General Membership Meeting (AGM).

Please join us, enjoy some very interesting sessions and earn CPE credits.

Registration is now closed.

Date: May 10th

Location:  Cottonwood Grille, 913 W River St, Boise, ID 83702

Lunch Choices:  Flank Steak, COBB salad, and Vegetarian pasta

  • 11:30 – Arrival, sign-in, networking
  • 12:00Lunch Served
  • 12:15 – 12:45 – Welcome, Announcements, ByLaws Vote, Scholarship, Chapter Updates, Member Recognition, Charter Member Recognition, Board Position Intros (and Subcommittee/Volunteer Signup), Elections
  • 12:45 – 1:00 Break
  • 1:00 – 1:50 Value of CyberSecurity – Anders Erickson | Director of Cybersecurity Services | Eide Bailly, LLP
  • 1:50 – 2:00 – Break 
  • 2:00 – 2:50 – Cybersecurity Insurance– Chris Ingram | Owner/Agent | Chris Ingram Agency dba That Insurance Guy
  • 2:50 – 3:00 – Break 
  • 3:00 – 3:50 – Preparing to Bleed Purple – Dan DeCloss | CISSP, OSCP | Founder/CEO |PlexTrac
  • 4:00 – Social Hour

Value of CyberSecurity Summary: One of the most difficult challenges information security professionals face is helping boards and executives recognize the value of investing in cybersecurity. This presentation will introduce a framework for facilitating meaningful conversations with non-technical leaders by align cybersecurity initiatives and investments to business objectives. We’ll also help you analyze your organization’s cybersecurity maturity by walking through a self-assessment of key entity-level activities related to cybersecurity. From this session, you’ll better understand where your organization stands in establishing a culture of security and how to effectively involve leadership in protecting your systems and data.
Anders Erickson is a Principal and the Director of Cybersecurity Services at Eide Bailly, LLP. He has more than fifteen years of experience providing IT risk and control solutions. Anders assists clients in establishing a culture of security within their organization. He leads organizations through the process of identifying their cybersecurity risks and brings practical solutions to help manage and mitigate those risks.

Preparing to Bleed Purple Summary: Security assessments, specifically penetration tests, can be an expensive endeavor. Thus many organizations are moving towards investments in tabletop and purple team exercises that provide a valuable training component to their staff. With these types of assessments, clients not only have more interaction with the testing team, but can begin to learn how to simulate these activities internally, thus lowering the cost of additional assessments and improving the skillsets of internal staff. This talk will identify the key aspects of running a purple team simulation in a tabletop style engagement and how using a framework like MITRE ATT&CK can aid in these assessments.
Dan DeCloss is the Founder and CEO of PlexTrac, a cybersecurity reporting and tracking platform geared at helping small businesses make sense of their cybersecurity posture. Dan started his career in the Department of Defense and then moved on to consulting working for various companies including serving as Principal Consultant for Veracode, where he and his team hacked websites and mobile applications for their clients. He has also served as a Principal Security Engineer for the Mayo Clinic and a Sr. Security Advisor for Anthem – a Fortune 40 health insurance firm. Dan then became the Cybersecurity Director for Scentsy where he and his team built the security program out of its infancy into a best-in-class program.
Dan’s expertise includes application security, secure programming, blockchain security, and penetration testing, including hacking websites, mobile apps, and other fun devices known as the Internet of Things (IoT). Dan has a Master’s Degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally Dan holds the OSCP and CISSP certifications. Dan has a passion for helping everyone understand cybersecurity at a practical level, ensuring that there is a good understanding of how to reduce their overall risk.

Cybersecurity Insurance Summary: Understanding Cyber Threats and where they come from. Understanding our changing climate and reasons to be concerned. What coverage to look for when considering Cyber Insurance. In my opinion – these are the most important considerations: Appropriate Coverage Limits, How would a claim work?
Fraud Remediation Expenses, How cyber insurance can benefit you in your environment.
Chris Ingram Offering most kinds of insurance protection to our clients
Specializing in Life, Annuities, Premium Financing, Farm/Ranch/Dairies, Property/Casualty and Medicare options. Mentored with a successful Life-specialist who was also my Father In Law for many wonderful years. Trained with some great companies in the industry before branching out on my own to offer my clients more choices through independent channels. Received BA in Accounting in 1992.  Designations: Life Annuities Certified Professional (LACP) with NAIFA, Member of NAIFA, Member Idaho Cattle Association, Medicare certified

March 20, 2019 CPE Luncheon

Topic: Internet of Things (IoT) Security

Join us for this presentation by Lance Dover

Time and Location: March 20th, at Boise Plaza, 1111 West Jefferson, Room 2NE @ 11:30 AM to 1:00 PM.

Summary:  Technology has progressed at a breathtaking pace over the past several decades. While technology advancements are generally pervasive, not all industries develop at the same rate or share the same value set. With this comes varying levels of processing, memory and security requirements. While the “Internet of Things” is a trendsetter in its own right, the sheer breadth of its devices and products span all levels of technology maturity. The heterogeneous nature of IoT devices has made security both a large concern and an underrepresented area of development. This presentation give you a feeling of some of the major technological changes underway in the IoT, some examples of security issues that have resulted, and proposed solutions to improve the security of IoT devices.

Mr. Dover graduated from Purdue University with a Bachelor of Science in Electrical and Electronics Engineering. Lance began his career at Intel as an ASIC and System Design Engineer. After several years he transitioned into flash memory architecture at Micron with an emphasis on security. Today, Lance has brought his vision of high integrity nonvolatile storage to Micron’s Authenta Flash Memory to better protect the Internet of Things.

ISACA 2019 Spring Seminar

Topic:             Edward Snowden: The Ultimate Insider

Speaker:         Steven Bay, Director of Threat Intelligence at Security On-Demand

Date:               Thursday, April 4th, 2:00pm – 4:00pm

CPEs:             2 CPE hours

Pricing:

  • $35 members and sisters organizations
  • $50 nonmembers
  • $20 retired members and students

Location:    Albertsons HQ, 250 E Parkcenter Blvd

Presentation Summary:   Edward Snowden was the quintessential insider threat that all organizations fear. In this seminar, you will hear the inside story of Snowden’s last few months at NSA, the search for him, and the impact of his actions from his then boss, Steven Bay. We will engage in an interactive discussion on the impacts of Insider Threats, how you can help identify them, and strategies for protecting yourself from the insiders who cause most of your data breaches, but no malicious intent: your employees. By the end of the seminar you will walk away with a better understanding of insider threats, how they impact your organization, and actionable strategies you can take back to your organization.

Steven Bay is the Director of Threat Intelligence at Security On-Demand, where he leads a team providing threat intelligence and hunting services. With over 15 years in cybersecurity, his career has spanned government, enterprise and consulting services. For a majority of his career, he served as an Analyst supporting the NSA via the US Air Force and Booz Allen Hamilton. While at Booz Allen, he served as Edward Snowden’s boss just prior to Snowden’s flight from the United States. Following his time supporting the agency, he designed and implemented information security programs for Fortune-500 companies and served as a CISO. He holds an MBA from Thunderbird School of Global Management and an MA in international relations from Webster University.

February 20, 2019 CPE Luncheon

Topic: Data Analytics

Join us for this presentation by Jose Vazquez Ortiz

Time and Location: February 20th, at Boise Plaza, 1111 West Jefferson, Room 2NE @ 11:30 AM to 1:00 PM.

Summary:  Data Analytics

  • What is Data Analytics
  • Approach taken based on prior experiences
  • Where to apply data analytics
  • Real life examples
  • Tools
  • Lessons Learned along the way

Jose Vazquez Ortiz graduated from Boise State University with an Accounting & Finance Major, and is a certified internal auditor.  He spent the last six years of his professional career working in Internal Audit, with a focus on implementing data analytics.  He has developed models that have helped identify frauds that have led to prosecution, assisted in continuous risk and control performance monitoring, identification duplicate records such as accounts payable, or models to support the business among others.  In his former company, these developments helped him earn CFO Innovation recognition, and one model being published as an example on the CEB Global Audit Leadership Council website.