Chapter Meeting for January
Thursday, Jan 25, 2018

"The Impact of GDPR on US Companies"

Bruno Haring
Cybersecurity and Privacy Director at PwC

 

The European Union’s General Data Protection Regulation (GDPR) takes effect on May 25, 2018, creating challenges for every organization doing business in the EU before, during and after the deadline. Any entity targeting or monitoring European citizens will need to comply with GDPR. As the largest change to data protection legislation in the last 20 years, GDPR gives regulators unprecedented power to impose fines, requiring widescale privacy changes across organizations - including US-based companies if they conduct business in Europe. The regulation requires a programmatic approach to data protection - like “SOX for privacy” -  so you’ll need a defensible program for compliance and to prove you’re acting appropriately. Learn about the scope and requirements of GDPR and what is required to achieve compliance.

Bruno is a Director and Market Leader with PwC's Cybersecurity and Privacy practice based in Atlanta, GA. With over twenty one years of experience, both nationally and internationally, in cybersecurity and IT risk management and transformation, Bruno helps Fortune 500 organizations navigate and address cybersecurity, IT and governance risks resulting in improved business performance and value.

Bruno focuses in emerging technology and digital risks by working with the Board, C-level suite and Internal Audit tackle information security as a business issue and to improve the organization’s cybersecurity defensible posture and risk management program disciplines. Bruno has a strong background in assessing and implementing cybersecurity, privacy, IT risk, business resiliency, vendor risk, and data protection programs; and delivering third party assurance and IT Internal Audit engagements. Bruno also leads teams in penetration testing and vulnerability assessments, threat modeling, and secure adoption of Cloud based solutions.

Bruno is a proven practice leader, has published thought leadership, is a frequent speaker at various professional associations, and also helps organizations implement and assess against various security, regulatory and compliance frameworks, including ISO27001/2, COBIT, NIST, GDPR, PCI, ISF, and HIPAA. In addition, Bruno has significant experience in the supervision of large scale IT initiatives, and advisory oversight of technology integration engagements.

Prior to joining PwC, Bruno served as an Information Security and IT Risk advisor and competency leader in EY's Advisory practice and in Andersen’s (formerly Arthur Andersen) Business Consulting practice, and in the Global Technology Integration Services group in Andersen Consulting (now Accenture) where he had lead application and data architecture design and development responsibilities nationally.

Location:
SecureWorks
1 Concourse Pkwy #500
Atlanta, GA 30328

Time:
6:30 pm to 8:30 pm

Earn CPE credits with attendance

​

​

Chapter Meeting for February
Thursday, Feb 22, 2018

"The White House and its Dependable Security"

Mark Gelhardt
VP, Technology Governance at Elavon

 

Talk about The White House and its Physical Security and its Information Technology Security - what makes it DEPENDABLE and how can you transfer that same type of thinking to what you do in your business.

Mark has over 35 years of experience in providing Executive Level management in the area Information Technology and Information Security fields as a CIO, CSO, and CISO.

Mark started his working career in the Army and retired as a Colonel (select). At the pinnacle of Mark's career he was nominated and selection to work at the White House as the CIO/CISO equivalent, supporting President Clinton, the VP, the White House Staff, and the U.S. Secret Service managing all the classified automation and telecommunications for the Executive Branch.

Since retiring from the Army, Mark has held several executive leadership positions; CIO/CSO for World Airways/Global Areo Logistics (US largest long haul charter airline), Deputy CIO of Global Operations/CISO for InterCall/West (World's largest conferencing company), CISO for TravelClick (SAS in the hospitality space), Acting/Interim CISO for the Georgia Lottery and NCR.

Currently Mark is the AVP, Cyber Risk Remediation for US Bank/Elavon. Mark has been with US Bank/Elavon for 2 half years. Elavon is one of the top five Credit Card processor in the world.

Location:
SecureWorks
1 Concourse Pkwy #500
Atlanta, GA 30328

Time:
6:30 pm to 8:30 pm

Earn CPE credits with attendance

​

​

​

Chapter Meeting for March
Thursday, Mar 29, 2018

"I See What You Say! Effectively Communicating With Non-Technical Staff"

Tamika Bass
CISO at Georgia Department of Public Health

 

You know it's important to talk to your user, but sometimes they just don't get it. This interactive session focuses on techniques for communicating effectively with non-technical staff. It examines some of the concepts around communication, that we, as IT professionals, don't think about.

Tamika is an Information Security professional with extensive experience in information security. Her expertise includes assessing and mitigating risk, analyzing impacts, business continuity and disaster recovery planning. Tamika focuses on building cohesive relationships with all levels of staff, management, and suppliers. She holds a Master in Business Administration and a Master in Information Systems Management. She is an adjunct professor and is a Certified Information Security Auditor (CISA). Tamika is also certified in Risk and Information Security Controls (CRISC) and a Certified Business Continuity Planner (CBCP).

Location:
SecureWorks
1 Concourse Pkwy #500
Atlanta, GA 30328

Time:
6:30 pm to 8:30 pm

Earn CPE credits with attendance

​

​

​

Chapter Meeting for April
Thursday, Apr 26, 2018

"Practitioners Approach to Defending against Today's Advanced Adversaries"

Barry Hensley
Chief Threat Intel Officer/SVP at SecureWorks

 

Barry Hensley, SVP Chief Threat Intelligence Officer is responsible for the SecureWorks Cyber Threat Analysis Centers (CTAC), the Counter Threat Unit (CTU) Security Research Group and the company's global Incident Response (R) Teams. The CTAC includes GIAC certified security analysts, ranging from front line triage personnel to senior intrusion analysts. The CTU is comprised of the nation's top security experts who identify and analyze emerging cyber threats as well as support incident response engagements with relevant threat intelligence and adversarial context. The CTU also develops high fidelity endpoint and network countermeasures in support of thousands of managed security clients worldwide.

Before joining SecureWorks, Colonel (Ret) Barry R. Hensley was the Director of the Army's Global Network Operations and Security Center (AGNOSC) and was also the Director of Operations, Joint Task Force Global Network Operations (JTF-GNO), which was incorporated into today's U.S. Cyber Command. He has served in various leadership positions within the communications and information security career field throughout his 24 year Army career.

COL (Ret) Hensley holds a BBA in Information Systems from Georgia Southern University, an M.S. in Telecommunications from the University of Colorado, and is a graduate of the National War College. COL Hensley was named the 2009 Georgia Southern University Alumnus of the Year for the College of Information Technology and was named by Federal Computer Week as a 2008 "Federal 100" winner, a select group of top executives in the Federal IT industry.

Location:
SecureWorks
1 Concourse Pkwy #500
Atlanta, GA 30328

Time:
6:30 pm to 8:30 pm

Earn CPE credits with attendance

 

​

Chapter Meeting for May at SecureWorld
Wednesday, May 30, 2018

"Business Language for Cybersecurity with the COSO Enterprise Risk Framework"

Lynn Goodendorf
Director of Information Security (CISO) at Mandarin Oriental Hotel Group

 

The COSO Enterprise Risk Management Framework was updated in June of 2017. This new version offers a methodology that can be applied to managing cybersecurity risks. This presentation will cover the key concepts and principles of the COSO framework using realistic examples to show how cybersecurity can follow a true risk based strategy without sacrificing necessary compliance requirements.

Lynn is the Director of Information Security for the Mandarin Oriental Hotel Group with a global scope of responsibility for the information security policies and program at all hotels and corporate offices. She is known for a strategic and risk-based approach with over 25 years of leadership in technology, cybersecurity, data privacy and risk management.

Lynn has been a speaker at ISACA, Infragard's A-List, Secure World and other professional security events and has published articles with TechTarget, Hospitality Upgrade and White Collar Crime Fighter. Her professional associations include ISSA, IAPP and InfraGard, a cybersecurity partnership between the FBI and private sector.

Location:
Cobb Galleria Centre
2 Galleria Parkway Southeast
Atlanta, GA 30339

Time:
3:oo pm - 4:00 pm

Earn CPE credits with attendance

​

​

​

Career Day
Saturday, June 23, 2018

"Tools for Securing the Position"

The Metro Atlanta ISSA Chapter is hosting a career day event to help promote career development of Junior to Midlevel Information Security professionals in the Atlanta area.

Please note that while participation in this event is provided free of charge by Metro Atlanta ISSA, participants must register to attend by June 18th. Limited seats are available. Complimentary parking validation for attendees. For additional questions, please send email to careers[at]gaissa[dot]org with any questions.

Click here to download flyer.

Location:
Loudermilk Conference Center
40 Courtland St NE
Atlanta, GA 30303

Time:
8:00 am to 12:30 pm

​

​

​

Chapter Meeting for June
Thursday, June 28, 2018

"Developing the Security Leader Within You"

Keyaan Williams
President at ISSA International

 

Keyaan Williams will provide a professional development conversation that focuses on the knowledge, skills, and aptitudes in which security professionals should invest to become effective leaders regardless of their HR title or the position. Because security is the linchpin for modern business, our professionals can have a significant influence on the success of their organizations. This power is not limited to the people who work as a CISOs or serve in other executive security positions. Join us for the June 2018 meeting of the Metro Atlanta ISSA to learn more about what every security practitioner can do to be an indispensable leader in his or her organization.

Keyaan has focused on management of information security risk, compliance, and internal controls for regulated enterprises during the last decade working as a risk management executive. He has helped global enterprises, governments, universities, small businesses, and startups develop solutions that satisfy legal, regulatory, and operational requirements. He has a strong technical and analytical background, but he gravitates toward strategic planning and solving complex business problems. This experience has helped him understand that investing in the right balance of people, processes, policies, and technology can produce any outcome an organization desires.

Location:
SecureWorks
1 Concourse Pkwy #500
Atlanta, GA 30328

Time:
6:30 pm to 8:30 pm

Earn CPE credits with attendance

​

​

​

Chapter Meeting for July
Thursday, July 26, 2018

"Using Tactical Honeypots for Network Security Monitoring"

Chris Sanders
Information Security Author, Researcher, Trainer & Founder of Applied Network Defense

 

A strong detection and response capability is required for the success of security program because prevention eventually fails and a motivated attacker can always find a way in. However, economics are not in favor of network security monitoring (NSM). Due to the hardware, software, and labor required it's expensive to deploy an NSM capability and hire qualified analysts to maintain and investigate the high volume of alerts, especially at scale.
In this presentation I'll discuss how honeypots are re-emerging as a practical solution for driving down the cost of network security monitoring. These aren't your traditional honeypots meant to sit outside the firewall to research automated malware. These are focused, use case specific honeypots that are designed to provide detection with a favorable signal to noise ratio. By integrating honeypots into your NSM strategy and taking a targeted approach, a grid of honeypots can realistically become your most cost effective detection tool. I'll make the case for honeypots like these and discuss implementation strategies that I've seen work. You should come away from this presentation with a unique perspective on honeypots and an actionable plan you can use to start evaluating and deploying tactical honeypots in your network.

Chris is an information security author, trainer, and researcher originally from Mayfield, KY but now living in Gainesville, GA. He is the founder of Applied Network Defense, a company focused on delivering high quality, accessible information security training. In previous roles, Chris worked with the US Department of Defense, InGuardians, and Mandiant to build security operation centers and train practitioners focused on defending defense, government, and Fortune 500 networks. Chris is also the founder and director of the Rural Technology Fund, a non-profit that donates scholarships and equipment to public schools to further technical education in rural and high poverty areas. In 2016, the RTF put computer science education resources into the hands of over 10,000 students.

Chris has authored several books and articles, including the international best seller "Practical Packet Analysis" from No Starch Press, currently in its third edition and in seven languages, and "Applied Network Security Monitoring" from Syngress. His current research focus is the intersection of cyber defense and cognitive psychology to enhance the field of security investigative technique through a better understanding of the human thought and learning processes.

Chris blogs at http://www.chrissanders.org. You can learn more about Applied Network Defense at http://www.appliednetworkdefense.com and the RTF at http://www.ruraltechfund.org.

Location:
SecureWorks
1 Concourse Pkwy #500
Atlanta, GA 30328

Time:
6:30 pm to 8:30 pm

Earn CPE credits with attendance

​

​

​

Webinar with Keyaan Williams
Friday, July 27, 2018

"Developing the Security Leader Within You"

Keyaan Williams
President at ISSA International

 

This webinar is the online version of a presentation planned for the June chapter meeting of the Metro Atlanta ISSA. This is a professional development conversation that focuses on the knowledge, skills, and aptitudes in which security professionals should invest to become effective leaders regardless of their title or position. Because security is the linchpin for modern business, security professionals can have a significant influence on the success of their organizations. This influence is not limited to the people who work as a CISO or security executive. Join us to learn more about what every security practitioner can do to be an indispensable leader in his or her organization.

Location: Webinar

Time:
12:00 pm to 1:00 pm

Earn CPE credits with attendance

​

​

Capture The Flag (CTF) Workshop
Saturday, July 28, 2018

Matt Robinson, OSCP
Zachary S. Stashis, OSCP, GPEN, GSLC

We are proud to announce our one day training on Capture The Flag(CTF) on Saturday July 28, 2018. This is the free event for our chapter members. If you are non-members, you can pay $125 to join the Metra Atlanta ISSA chapter and attend the training for free.

The first two hours we'll cover passive and active reconnaissance. The next two hours will then cover exploitation and post exploitation of two to three systems. After a lunch break, we'll start a Network King of the Hill (NetKotH) style CTF for the attendees to practice skills learned in the morning.

Agenda:

• 08:00 - Arrive, connect to WiFi, copy materials for workshop

• 08:30 - Passive and Active Recon

• 10:20 - Break

• 10:30 - Exploitation and Post Exploitation

• 12:00 - Lunch

• 13:00 - Introduce and begin NetKotH CTF

• 16:30 - Wrap up, any final questions, copy of materials, etc

• 17:00 - Finish

Attendee Requirements:

 

• Must bring their own system. Most modern laptops are acceptable. Must know Virtual Machine and Kali Linux.

• Must be able to run at least one virtual machine. The most recent version of Virtualbox is recommended, but the most recent version of VMWare is also acceptable.

Location:
Macy's
5985 State Bridge Rd.
Duluth, GA 30097

Time:
8:00 am to 5:00 pm

​

​

​

2018 CISSP Training
Saturday, August 25, 2018 - Saturday, October 20, 2018

We would like to invite chapter members to participate in our annual 2018 CISSP training.
DID I MENTION WE AWARD THE ROY WILKINSON SCHOLARSHIP FOR ONE OF THE CHAPTER MEMBERS ATTENDING?

The purpose of the $600.00 scholarship is to offset the cost of the CISSP exam. One member who attends the training will be awarded the scholarship based on attendance and other criteria established by the chapter. If you know of someone who is not yet a chapter member, please encourage them to join to take advantage of this valuable training and the many benefits of being an ISSA member!

THE CLASS WILL MEET EVERY SATURDAY FROM 10:00 AM TO 3:00 PM. YOU MUST BE A METRO ATLANTA ISSA CHAPTER MEMBER TO ATTEND. IF YOU HAVE NOT YET JOINED, PLEASE DO BEFORE REGISTERING FOR THE CLASS.

In addition, participants are required to register for an exam date after October 20th. You will need to submit your exam date and Candidate ID upon registration before the first class and bring the copy with you on the first day of class.

Location:
Georgia Hospital Association
1675 Terrell Mill Road
Marietta, GA 30067

Time:
10:00 am to 3:00 pm

​

​

Chapter Meeting for August
Thursday, Aug 30, 2018

"Five Key Lessons for CISOs"

Deborah Wheeler
Chief Information Security Officer at Delta Airlines

 

I've been in security for almost 30 years now and learned quite a bit that I'd like to pass along. Most individuals already have access to a number of technical summits and conferences where they are inundated with the threats, malware and tactics being used to infiltrate and wreak havoc in organizations. But there is more to security than this. This presentation will share five of the key lessons learned over the course of my career that aspiring CISOs, or anyone in the security space could hopefully learn from and use in their own careers.

Deborah is a Global Information Security Executive with 25 years of experience in the technology sector, and 20 years in Financial Services. Deborah is currently the first, Global Chief Information Security Officer for Delta Air Lines, having joined the company in February 2017. Previous experiences include roles as Chief Information Security Officer for Fifth Third Bank, Ally Financial, and Freddie Mac, as well as Director of Information Security Program at JPMorgan Chase, and PNC Bank.

Deborah was nominated for, and won the People's Choice Award for CISO of the Year in 2007, and has served on the Customer Advisory Boards for Symantec and Axent Technologies. Deborah is a board member of the Aviation ISAC (A-ISAC) and a member of the IBM Security Board of Advisors. Deborah has previously served as a Governing Board Chair for Evanta's CISO Executive Forum in Washington, DC, and has served in the same capacity for the CISO Executive Boards in Michigan and Ohio. Deborah has also served as a judge on the Washington, DC Women in Information Technology (WIT) board and as a judge for the Washington, DC SINET event.

Deborah holds a CISSP certification and is a graduate of the University of Colorado with a Bachelor of Science degree in Information Systems Management.

Location:
SecureWorks
1 Concourse Pkwy #500
Atlanta, GA 30328

Time:
6:30 pm to 8:30 pm

Earn CPE credits with attendance

​

​

​

Women in Security
Monday, Sep 10, 2018

"JOIN US FOR THE WOMEN IN SECURITY EVENT"

We hope that you can join the Metro Atlanta ISSA Chapter on September 10th for their upcoming Women in Security event. In addition to a reception with networking opportunities, this year's event will also feature a speaker session and a panel, both led by Marci McCarthy, CEO & President, T.E.N. Below, you can find more information about each.

Flyer coming soon.

Location:
One Alliance Center
SAP America
3500 Lenox Rd
GT12
Atlanta, GA 30326

Time:
3:30 pm to 7:00 pm

Earn CPE credits with attendance

​

​

​

​

Chapter Meeting for September
Thursday, Sep 27, 2018

"Threat Hunting - Answering the question, What's on Your Network?"

Ray Strubinger
Managing Consultant for Digital Forensics & Incident Response at VerSprite

 

Threat hunting is a collection of techniques that attempts to determine if malicious activities are taking place in an organization's computing environment. Threat hunting often takes place after a known or suspected compromise and is used to confirm the incident and determine its extent.

Many organizations use threat hunting to assess the capabilities of their security infrastructure as the techniques in threat hunting provide a 'check and balance' against traditional security technology. Recently many organizations have expanded their use of threat hunting to supplement their merger and acquisition efforts. Ray Strubinger, Managing Consultant for Digital Forensics & Incident Response at VerSprite has lead threat hunting efforts in each of the above scenarios and will share his experiences and the lessons learned from assessing diverse environments. The presentation will share an adaptive, heuristic approach that has been successfully used to identify compromised assets, rogue accounts, unauthorized software, organizational policy violations and poor security practices.

Ray is an Information Security practitioner whose career experience includes financial services, healthcare, higher education, startups and consulting. He is the Managing Consultant for Digital Forensics & Incident Response with VerSprite, an Atlanta based cyber security firm.

Ray has built international teams that delivered around the clock monitoring and response capabilities, guided organizations through complex breach responses and mentored new professionals to the field. He is a CISM and holds certifications from the SANS Institute in the areas of digital forensics, incident response and auditing as well as an MBA from the Georgia Institute of Technology.

Location:
SecureWorks
1 Concourse Pkwy #500
Atlanta, GA 30328

Time:
6:30 pm to 8:30 pm

Earn CPE credits with attendance

​

​

​

2018 ISSA International Conference
Oct 17 - 18, 2018

"Securing Tomorrow Today"

 

Join us October 17 - 18, 2018 at the Georgia World Congress Center in Atlanta for solution oriented, proactive and innovative sessions focused on Securing Tomorrow Today.

Every day, cyber threats become increasingly intricate and difficult to detect. No cyber security professional can become an expert on these dangers without continued efforts to educate themselves on the industry's latest trends and technologies.

Location:
Georgia World Congress Center
285 Andrew Young International Blvd NW
Atlanta, GA 30313

Earn CPE credits with attendance

​

​

​

Chapter Meeting for November
Thursday, Nov 29, 2018

"A Conversation of Cyber Resilience and Operation Under Maximum Stress"

Nicole Keaton Hart
Cybersecurity Strategist & Chief Information Officer | Public & Private Sector

Beyond, the massive amount of valuable data housed by state and local agencies for a multitude of reasons have become an attractive target for cybercriminals. While there are many similarities stark differences exist between private sector organizations and local government municipalities. Yet each must be prepared to operate under maximum stress whether instantiated by cyberattack or other external events and factors.

During the presentation Keaton Hart will provide a compare and contrast style dialogue differentiating between private and public sector requirements of cyber resilience.

Nicole is an influential leader with the ability to act as a cultural change agent, driving security and digital transformation initiatives. During her IT career spanning more than 20 years, she has held key Senior Leadership and Strategic Executive Advisory CIO and CISO Roles while keenly focused on ensuring IT, Business and Cyber Security operate in harmony. Previously she held executive leadership roles such Senior Vice President of SunTrust Bank. Nicole has lead comprehensive cross-organizational initiatives in support of business goals and objectives within Financial Services, Insurance, Retail, Healthcare Technology, Consumer Packaged Goods and Oil and Gas industries. Today, Nicole spends most of her time serving in the capacity of Cybersecurity Strategist and Deputy Chief Information Officer balancing competing priorities of Digital Transformation and Cyber Security.

Location:
SecureWorks
1 Concourse Pkwy #500
Atlanta, GA 30328

Time:
6:30 pm to 8:30 pm

Earn CPE credits with attendance

​

​

Mapping Application Security Defects to OWASP and STRIDE
Saturday, Dec 8, 2018

Damien Suggs
Conference Chair / Board Member | ISSA Metro Atlanta

Damien has been in the IT Security Field in various capacities for over twenty years working in environments such as telecommunications, the public sector, healthcare, and retail. Mr. Suggs has extensive experience in PCI compliance, NIST and HIPAA regulations, and EHNAC regulatory compliance. Mr. Suggs spearheaded the effort to ramp of HIPAA regulatory compliance for AT&T when the HITECH act was enacted as part of the American Recovery and Reinvestment Act of 2009 that brought AT&T, a backbone carrier of sensitive personally identifiable information, into scope for HIPAA requirements. Mr. Suggs also worked with AT&T and Aarons to obtain PCI accreditation annually by verifying security controls from both a network and web application perspective.

Damien is well versed in ethical hacking and penetration testing both from an application and network perspective. He is also well versed in Python scripting and the use of many open source and commercialized tools that work together to create a secure computing environment and assist in the implementation of a secure software development life cycle. Mr. Suggs has extensive experience in the use of LockPath Keylight GRC architecture.

Damien is a leader in the IT Security area and is the immediate past president of the Metro-Atlanta ISSA chapter. He served as president for five years; however, during his eight-year relationship with the Metro-Atlanta ISSA chapter he assisted the chapter grow in roles such as Director of Membership, Director of Training, Conference Chair and Chapter Secretary. Mr. Suggs holds twenty three IT security certifications including the CISSP, SANS GPEN, MSCE, CCNA, CCNA, and CCNE.

Course Outline:

This course will explain all of the components that go into an application security program and how to deliver effective metrics to upper-management to make educated decisions in steering the software development lifecycle to a higher security posture.

• Overview of S-SDLC Components

  • Dynamic Application Security Testing (DAST)

  • Source code (or Static) Application Security Testing (SAST)

  • Threat Modeling

  • Risk Based Security Tests

  • Abuse Cases

  • Security Requirements

  • Security Operations

• Overview of OWASP

• Overview of STRIDE

• Workshop

• Reporting of Metrics

Location:
Georgia Hospital Association
1675 Terrell Mill Road
Marietta, GA 30067

Time:
8:00 am to 5:00 pm

Earn CPE credits with attendance

​

​