Author Archives: isc2admin

Security Salon: Dinner at Oakland’s Grocery Café

Date: August 27, 2015

For our next event, we are offering the unique opportunity to share a dinner and casual conversation with an in-the-trenches large company leader of security compliance. 

Why Do Enterprise IT Security Projects Fail?
(And What You Can Do About It)

Hear Doug Meier, Director, GRC at Pandora present this topic, and then capitalize on the opportunity to pick his brain when his mouth is full on his day-to-day challenges and his outlook on the future of security.  

Dinner will be an elaborate prix fixe of unusual Burmese dishes with such proteins as quail, duck, and lamb paired with carefully chosen wines and beverages.  The owner of this restaurant grows championship chilies behind the restaurant; so for you hot-heads, you can singe your palates with exquisite hot condiments.  We will have a nice dessert to finish.  You will leave stuffed – belly and cranium.  We will need to limit the number of attendees, so register ASAP.  All inclusive: $45 for Chapter members and $50 for guests.

 

Doug Meier, Director, GRC at Pandora

Doug has 20+ years of experience designing, staffing, and managing Enterprise Architecture, Enterprise Security, Information Security, IT GRC, and related programs for Silicon Valley Internet companies. He likes the daily challenge of directing teams of talented people on critical business initiatives. He likes the excitement of bringing talented people together to solve business problems. And he enjoys working independently on program planning, security research and investigation, and vendor technology assessment and evaluation.  Doug defines teamwork as taking ownership of problems and solutions, taking responsibility for communicating, and following through until the job is done. That’s the main reason he has been successful in a range of corporate cultures in Silicon Valley, from start-up to global enterprise.

June 25th Meeting: Opportunities in Cybersecurity

Date: June 25, 2015

Opportunities in Cybersecurity

Join us June 25th at Wetherby Asset Management to discuss entrepreneurial and job opportunities in cybersecurity.  We have a packed evening with two technical presentations and a sponsor presentation and the chance to network over food and wine.  Come and help kick off year three of the Chapter!

Presentation #1:  Opportunities in Forming a Cybersecurity Startup

Is your startup waiting to be born?  This presentation will be multi-part with first a discussion by Mahendra Ramsinghani about (a) How to assess market opportunity, (b) identify if you have the ability to risk it, and (c) tactics to raise capital. Following this will be Matthew Tamayo-Rios presenting the Kryptnostic startup story with a detailed technical overview of homomorphic encryption and encrypted search.  Finally a ‘fireside chat / Q&A” will be moderated by Mahendra.

         

Mahendra Ramsinghani                    Matthew Tamayo-Rios 

Mahendra Ramsinghani brings his two decades of business expertise to foster innovation with infosec / cybersecurity startups.  He works with founders to develop their value proposition, engage with CISOs of Fortune 500 companies and attract capital from the best-in-class security investors.

As Managing Director of First Step Fund, he has led investments in over fifty startups. Mahendra is the author of two leading books on venture capital and startups – “The Business of Venture Capital” (Wiley Finance, 2014) and “Startup Boards” (Wiley, 2014) co-authored with noted VC Brad Feld. His articles have been published in Forbes, MIT Technology Review and Huffington Post. 

As a frequent speaker on Venture Capital & Technology, Mahendra has presented at IBF Venture Conference (San Francisco), Swissnex – Future of Cyber security (San Francisco), Traction (Vancouver, BC), Thompson Reuters VCJ Alpha Conference (Boston & San Francisco) and National Public Radio 91.7 UOFM.

His educational background includes a B. Engg. (Electronics) and MBA (Finance & Marketing) from University of Pune, India. 

Matthew Tamayo-Rios is Founder and CEO of Kryptnostic. Kryptnostic has solved the challenge of search inside encrypted objects. Its team of determined optimists has formerly worked at Palantir, Microsoft and is firmly united by the belief that enterprises can safely leverage their data in the cloud. Leading investors such as Index Ventures, Felicis Ventures, Harrison Metal and RRE Ventures back the company. 

Previously, Matthew has worked at Microsoft on the OS Security team and at Palantir, Raytheon and AOL. He got started in computer security at the early age of nine, hacking his mother’s point of sale retail system to adjust the ice cream inventory. Matthew earned his BS in Math, Computer Science at RPI and MS at University of Washington.

 

Sponsor Presentation: Humming Heads’ API-Whitelist Solution

We are welcoming our Chapter’s platinum sponsor Humming Heads to provide background on adopting an API-Whitelist solution, and to introduce and demo the application of this solution in their technology.  Representatives from the Humming Heads’ Tokyo team will be flying in to participate led by Kato Mikiya (President Humming Heads USA). 

SHINOBI Defense Platform marks an abrupt departure from the standard PC security model. Instead of a black list identifying prohibited software, viruses, malware and similar threats — also known as a signature file, SHINOBI employs its patented API monitoring technology to provide the only effective whitelisting cyber defense system available. Humming Heads is authorized by ISO/IEC 15408 LEVEL-EAL3 for its basic technology, and SHINOBI is in the process of receiving the same authorization.  SHINOBI monitors all API activity and will only allow programs whose APIs it has identified as safe to access a computer or system. 

Additional information is available at:

http://shinobi-whitelist.com 

 

 

Presentation #2:  Opportunities in Securing Mobile Applications

Mobile apps are changing business models and will decide the success of your products. It is proven that most commercial (CRM, Accounting software, etc) and personal (Home Theater, TV) products with mobile capabilities do better long term in the market than their competitors with traditional web interfaces. Yet most IOS and android apps are impacted by medium to severe security vulnerabilities that put application data, as well as data stored on the device, at risk.  

This interactive presentation will discuss common mobile application security vulnerabilities and remediation strategies that entrepreneurs and organizations should adopt to develop and put out secure mobile apps. We will play around with real mobile apps from Apple and Google Play stores, use open source tools to identify security vulnerabilities, and discuss countermeasures that will protect critical data and application functionality 

 

Kartik Trivedi

Kartik Trivedi is a partner and co-founder at Symosis with 15+ years of experience helping numerous entities including Fortune 500, non-profit, tech start-up, financial services, and healthcare organizations meet their security, privacy, and business needs by helping to define strategic goals, develop road maps for more functional, mature, and secure programs, address immediate issues, and drive implementation of practical security solutions. Prior to Symosis Kartik was director of application security at Accuvant, Managing Principal at McAfee, Principal at Foundstone and software development engineer at concept solutions. Kartik has MBA & MS Degrees and CISM, CISA, CISSP certifications.  Specialities include:
  • Technical expertise with business acumen
  • Security risk assessments, penetration testing, Web/Mobile/Cloud platforms, secure software development, threat modeling, code reviews
  • PCI, HIPAA, ISO and other security standards and compliance
  • Security training for developers – Online and Instructor led
  • Published author & regular speaker at OWASP, RSA, ISACA, and other conferences

Pizza and Beer   

Food and Drink will be provided.

Annual Member Meeting 2015

Date: April 30, 2015

Join us for our chapter’s Annual Member Meeting and Officer’s Election! 

 

ANNUAL MEMBERS MEETING AND OFFICER’S ELECTION

Our annual membership meeting and Officer’s election is scheduled to be held on Thursday, April 30th, 2015 at  Wetherby Asset Management in San Francisco. This is where we will discuss chapter business, vote on important chapter initiatives and hold the officer’s election. We will also plan for one or two guest speakers so we can credit 2 Group A CPE’s for (ISC)2 credential holders.

It is very important that we have a great turnout as we need a quorum of members in order to hold the election. In the coming weeks, the election nominating committee will be distributing candidate questionnaires to interested candidates.

Chapter members are eligible to run for office provided that they meet the following conditions:

  • An officer must be a member in good standing of the Chapter
  • An officer must be an (ISC)2 credentialed member in good standing 

The elected positions include:

  • President – Vacant and available
  • Treasurer – Available with incumbent running
  • Secretary – Vacant and available
  • Membership Chairman – available with incumbent running

Officer’s Election  and Candidate Announcements

The elections nominations committee has received the candidate profiles and we are publishing them here as well as on the website so all are aware of who is running for office.

Links to Candidate Announcements:

We still need a candidate for the chapter secretary and will be accepting nominations from the floor during tomorrow night’s meeting.

Round Table Discussion

InfoSec Hiring Boom?

Seems that a lot off companies at RSA were looking for new talent in the Bay Area. General Alexander called it “a feeding frenzy”. Nike was on town specifically to recruit. Are our members also looking to hire, or are they looking to change jobs in light of the increased demand for skilled security professionals? What certifications are hiring managers looking for?

Cyber-attacks increase leads to jobs boom 


Malware in the US? Some startling statistics… 

As Malware Surges, U.S. Remains Biggest Source of Attacks

We’ve recently received some interest in car hacking! Please visit these links for more information…

http://opengarages.org/handbook/

https://www.iamthecavalry.org/

Malware1

Malware2

Member Meeting: Creating a Cloud Security Policy

Date: February 5, 2015

Join us on February 5th at Wetherby Asset Management for our chapter’s member meeting with an exciting discussion about cloud security and policy.

Featuring:

Chris Niggel

Chris Niggel

Presenting:

Creating a Cloud Security Policy 

As security professionals in a dynamic, fast-growing enterprise, we faced significant challenges in enabling the business to move quickly while ensuring our corporate and member data is adequately protected.  In order to meet this requirement, LinkedIn needed to put a framework in place to enable our employees to make informed decisions about how and where to use them.  In this presentation we’ll share how we created a policy by combining industry best practices, resources from the Cloud Security Alliance, PCI-DSS, and other sources.  This non-technical presentation is aimed at IT & Security directors and policymakers.

As the lead Cloud Security & IAM resource for security at LinkedIn, Chris has spent the last 5 years enabling adoption of cloud technology as LinkedIn grew from 500 employees to over 5,000.   Previously, Chris worked as an Enterprise Content Management consultant for a Documentum partner, designing, developing, and delivering solutions for customers such as Nestle, Cisco, AMD, Telus, and the US Department of Defense. When he’s not writing security policy, he teaches Mountaineering, Search & Rescue, and outdoor survival for the Tahoe Backcountry Ski Patrol in Truckee, California.

Round Table Discussion – Information Security in the News!

 

Pizza and Beer 

Food and Drink will be provided.