December 16, 2020 CPE Event

Due to unforeseeable circumstances, we unfortunately need to cancel the CPE Event scheduled for Wednesday, December 16th, 2020.  We are on target to hold our CPE event in January.

TopicTop 10 Things They Hate about Us:  Avoiding the Security Traps in an IACS Assessment

Join us for this presentation by Bri Rolston, Chief Research & Security Geek, GkJuju Security & Consulting Services

Time and Location: December 16th, via Zoom Meeting 12:00-1:00pm

Please Note:  Zoom information will be sent in the RSVP Confirmation Email.

In keeping with our annual tradition, click below to assist ISACA Boise’s Virtual support of Toys for Tots.

 ISACA Boise Toys for Tots Giving

Presentation Summary:  In 20 years of IACS security work, I have yet to meet an engineering or process control team that doesn’t have a Top 10 Hate List for the security team.  10-20 security controls repeatedly cause more damage than they prevent if not rolled out in a thoughtful, methodical way to IACS networks.  

How can cyber security risk management efforts be considered effective if they CAUSE the impact we were hoping to avoid?  Why is it so hard for engineering and control system teams to fight the obvious and get IT and cyber security groups to pay attention?    

We’ll cover the basics of Industrial and Automation Control Systems (IACS) and why they differ so greatly from corporate IT environments.  Then, we’ll discuss how to secure them appropriately and balance functional vs technical security risk.  We’ll actually walk through a common Life Cycle Management (LCM) problem and do a technical risk analysis of it.

Bri Rolston, Chief Research & Security Geek, GkJuju Security & Consulting Services.  

By day, this mild-mannered <insert sarcastic disbelief here> geek works at Idaho National Laboratory  and specializes in defensive, security engineering research and threat response. She has more than 25 years’ experience in telecommunications, Information Technology (IT), Industrial Automation & Control  Systems (IACS)/Operational Technology (OT) security research as well as a wide range of operational  security experience including incident response, threat management, risk analysis & remediation,  vulnerability management, secure code development, cloud security, and IACS security program  development. She has trained a number of IACS incident response teams including DHS CIRT in 2005,  contributed to IACS and OT security standards development for DHS, DOE, NIST, and ISA/IEC, run a  number of incident response efforts for nation-state attacks (Google Aurora 2010), and has a patent for  efficient attack path selection and risk analysis.  

By night, the geek side REALLY comes out. She spends more time than she should considering deeply geekly ideas as part of the global research community, helps organize conferences such as BSides IF,  volunteers at small community groups, and vacations at different security cons. During this time, she follows the darker path of threat research–fingerprinting attack teams, examining the halo effects in  exploit development, and identifying 2nd-payload in IACS/OT attacks. Sometimes, she even plots world  domination and may plan to take over the world using a IIoT tractor SDRs, cell-towers, drones, and  satellites . <Cue evil laugh>

Boise IIA & ISACA December 2020 Virtual Event – Ethics

Please join the Boise IIA & ISACA Chapters, Tuesday, Dec 8, 2020, 11AM – 1PM (MST) in a virtual, 2 CPE, Ethics session.

Fees are for this session are

  • $25 for IIA & ISACA members,
  • $30 for non-members
  • $5 for students

A link to the event will be included in the registration confirmation email. We look forward to seeing you online, Tuesday, December 8. (The session will open 30 minutes prior to the presentation to resolve any technical issues attendees might experience.)

Much attention is paid to a company’s ethical (or unethical) conduct. Companies are led by people and people are making choices that drive the organization. Each individual makes a decision every day to proceed with honesty and integrity, or to choose deceit and subterfuge. These small daily choices, made by real people, comprise an entire company’s ethical identity. 

Ryck Tanner, Director, Leadership Learning & Development, J.R. Simplot Company, has devoted much of his career to building up individuals and organizations. Bringing intention, mindfulness and awareness to decision-making can make the difference between giving in to the temptation of a fraudulent quick win, and playing the long game to legitimate success.

November 18, 2020 CPE Event

TopicDigital Hygiene IS the fundamentals

Join us for this presentation by Scott Lyons, Co-CVO of Red Lion and Joshua Marpet, Co-CVO of Red Lion

Time and Location: November 18th, via Zoom Meeting 12:00-1:00pm

Please Note:  Zoom information will be sent in the RSVP Confirmation Email.

Summary:  Digital Hygiene is an important part of doing the fundamentals. As a matter of fact, it IS the fundamentals! Whether patch management, vulnerability management, configuration management, or change management, you’ll notice that the word management is all over the place in Digital Hygiene! That’s because all of the fundamentals involve management of your organization’s policies, procedures, and technical control implementation. Let’s talk about how digital hygiene should integrate with all of your risk management activities, and discuss how doing the fundamentals of information security puts you ahead of the competition!

Scott Lyons:

  • Co-CVO of Red Lion
  • Patent-pending author for Blockchain based Digital Forensics System
  • Certification holder (won’t say which, CIS-Something or other)
  • 25 years in technology with 23 in security
  • Co-Host Security and Compliance Weekly
  • MISTI Certified Trainer
  • Just a guy looking to make an impact…
  • Focus: Business and Technology.
  • Sandtrooper in the 501st

Joshua Marpet

  • Co-CVO of Red Lion
  • Internationally renowned Digital Forensics Expert
  • IANS Faculty
  • Co-Host of Security and Compliance Weekly, Over 7000 views weekly
  • Patent-pending author for Blockchain based Digital Forensics System
  • Honored as one of the Top 10 most influential people in BSides
  • Former board member Hackers For Charity, BSidesLV, and others.
  • Current Board member BSidesDE, BSidesDC, and others
  • Proud father, husband, and mentor.
  • Cryptography and systems design are Josh’s hobbies

October 21, 2020 CPE Event

Topic4 steps to reduce insider risk in the new [work] reality

Join us for this presentation by Josh Epstein, VP, Proofpoint Insider Threat Management and Michael Griffin, Sales Engineer, Proofpoint Insider Threat Management

Time and Location: October 21st, via Zoom Meeting 12:00-1:00pm

Please Note:  Zoom information will be sent in the RSVP Confirmation Email.

Summary:  2020 has accelerated global reliance on remote work and cloud-based technologies. From a cybersecurity perspective, many organizations have been caught flat-footed by insider threats.

Yet, most organizations still rely on defending outside attacks to a “perimeter” that no longer exists – especially in our new work reality. Only an approach that blends people, process, and technology can successfully prevent data loss.

Join Josh Epstein, VP and Michael Griffin at Proofpoint Insider Threat Management to discuss the four steps that you can take to reduce insider risk in the new [work] reality.

In this session you will learn:

  • New realities of how a distributed workforce and third-party workers access systems and data
  • Unique risks of insider threats and how to protect against data loss
  • How to take a people-centric approach to strengthen resilience and reduce insider risk

Josh Epstein’s bio: Josh Epstein has 20+ years’ experience in technology marketing and strategy roles. Previously he has held a range of marketing, strategy and business development roles at start-ups including Kaminario, Reddo Mobility as well as global technology companies including EMC, CA Technologies, Acme Packet and Oracle.  Additionally, Josh is an active advisor to several early-stage, Boston-area technology companies.  He holds a B.S. in Operations Research from Cornell and an MBA from MIT Sloan.

Michael Griffin’s bio: Mike Griffin is a Sales Engineer for Proofpoint Insider Threat Management (ITM). He has helped clients implement ProofpointITM (formerly ObserveIT) in a number of accounts to help companies gain better insight into how their users are interacting with their data. Prior to Proofpoint, Mike was a Sales Engineer at a web gateway company. Seeing the threat landscape shift more towards targeting people instead of infrastructure, he made the transition to Insider Threat.

September 24, 2020 CPE Event

TopicCybercrime: Are you prepared or are you the next victim?

Join us for this presentation by Scott Augenbaum

Time and Location: September 24th, via Zoom Meeting 12:00-1:00pm

Zoom information will be sent before the meeting to those who RSVP.

This Virtual CPE event will be free for all that RSVP!

Summary will be provided at a later date.

Click here for more information about Scott Augenbaum: