Calendar of Events

Upcoming Events

SNCA – Quarterly Meeting July 20th

 


ISSA-LV Quarterly Meeting – Weaponizing the World

Tuesday, July 25, 2017 from 11:30 AM to 1:30 PM (PDT)

Weaponizing the World

In the 21st century, the gadget orientated world around us fills our lives with convenience and wonder. These magical times are filled with awe-inspiring wizardry; however, we very rarely pull back the curtain to see that there is no wizard present, but in fact a wide range of benign tools that can be weaponized. Join Aaron Crawford of the Insider Security Agency as he leads a discussion about the process of weaponizing every-day devices that can be found around the office to aid in his various red team engagements. Having successfully conducted red team engagements on nearly every continent Aaron demonstrates that it is easier to think inside the box for the win. At no other time is this evident than this talk as Aaron unveils an entirely new and unstoppable attack vector.

As a certified security professional with over 20 years of experience in the IT/IS industry, Aaron Crawford eats, sleeps and continually drinks from the security fire hose. This passion for IT and Security lead him to form the Insider Security Agency while also serving as Proficio’s Senior Information Security Engineer. In his spare time, he runs Squirrels In A Barrel, an independent training and learning resource for the Security industry.

His fascination with Social Engineering led him to form the World Championship of Social Engineering. A global Social Engineering capture the flag contest that allows participants to learn and safely practice Social Engineering, within the world’s largest Social Engineering sandbox. Alongside with his work on social engineering Aaron can also be found serving as the founder of the Skeleton Crew scholarship for DefCon.

Professionally known as one of the most proficient and successful Social Engineers, Aaron can be found creating new technologies and techniques to further the field of Social Engineering and speaking about them where ever he can.


Please find slides from the speaker here

ISSA-LV Quarterly meeting – Beating the Resume Robots & The Shifting Cyber Security Education Paradigm

Wednesday, April 12, 2017 from 11:30 AM to 1:00 PM (PDT)

Beating the Resume Robots & The Shifting Cyber Security Education Paradigm

It is an exciting time to work in cyber security with so many different cyber career paths to choose from, a variety of cyber security certifications, new cyber talent entering the field, and yet so much opportunity to shift the cyber security recruiting and hiring education paradigm. How do you make sense of it all and build a resume that beats the robots? The presenter spent six (6) long years living inside REDDIT, in the HR / Recruiting forums, writing down every resume tip and explanation of how these resume robots operate to better understand the system. This presentation will examine several unique and innovative ways that you can beat the resume robots, develop better HR partnerships, and build synergy to bridge the cybersecurity resume/talent gap to shift the cybersecurity education paradigm.

  1. Introduce my cyber background, cyber mission and current cyber priorities
  2. Explain the contextual landscape of the state of Cyber Security resumes and education (the chain reactions that are driving cyber security hiring and education)
  3. Dive into the evolution of cyber security combat (the current state of hacker for hire services, nation states and extinction level attacks that are driving cyber security awareness and education)
  4. Explain the current state of cyber security recruiting, hiring, resume robots, and Applicant tracking systems (including the state of Human Resources recruiting, applicant tracking systems, resume robots, and how it all works)
  5. Dive into the cyber resume robots and cyber education paradigm shift by looking at the current and future state of ‘Experiential layer‘ cyber security awareness and education
  6. Open the floor to Q&A

Matt Heff has been stopping cyber criminals since 1998. In January 2016, Heff joined Sands Corp as their Senior Manager of Global Cyber Security – responsible for training, awareness, and developing their world-class cyber security team. This includes the Venetian and Palazzo Resorts in Las Vegas, in addition to properties globally from Macau to Singapore and now Pennsylvania. He trains and develops a variety of Sands cyber security professionals on a variety of subjects including cyber security Operations, Digital Forensics Investigations, Cyber Strategy, Governance & Risk, Vulnerability Management, Penetration Testing, Incident Response, Security Architects and Engineers. In addition, he develops and promotes cyber security awareness for 60,000+ team members worldwide.

Most recently, he spoke on “Counter Intelligence and Insider Threats” at the December 2016 Department of Homeland Security Corporate Security Symposium. In January of 2017, Heff presented at the Winter ICT Conference on “Building Synergy and Partnerships between Academia and Industry” In April 2017, Heff will be presenting at the Las Vegas Camp IT Conference, and he is also scheduled to give the keynote at the 21st Colloquium For Information Systems Security Education in May 2017.

Prior to joining Sands Corp, Heff developed and facilitated cyber security awareness programs as well as corporate learning and development programs for TJ Maxx / Marshalls, Caesars Entertainment, and General Electric. Heff comes from a family of educators & trainers, growing up in a house where the family dinner conversations revolved around the best methods for teaching and educating students and adults. He is passionate about combining academia in partnership with industry to develop programs which ensure the next generation of cybersecurity warriors are combat ready & can successfully defeat the cyber criminals.


ISSA LAS VEGAS CISSP REVIEW COURSE
(Feb 18, 2017 – Mar 18, 2017)

Due to popular demand, The ISSA Las Vegas Chapter is offering a second preparatory course this year for individuals who are planning to take the (ISC)2 CISSP certification exam and for those who just want to learn more about information security. The course will take place every Saturday – February 18th, February 25th, March 4th, March 11th, March 18th.  Registering for the first class will cover all 5 classes.  The purpose of this review course is to review each of the 8 CISSP certification domains and better prepare you to take the CISSP exam. This course is offered at a minimal cost to our chapter members and is subsidized by vendor partners. It is a low cost alternative for those wishing to expand their information security knowledge.

WHO SHOULD ATTEND?
Anyone who has at least one year of experience in an Information Security (InfoSec) department or will be employed in the near future in some type of InfoSec capacity; anyone with a college degree or equivalence; anyone preparing to take the CISSP exam administered by (ISC)2 (www.isc2.org) or anyone who wants to learn more about information security.

COST:
The cost of the entire course is $40 for ISSA members and $70 for non-members.
Payments can be made through Eventbrite and must be paid in full to reserve your seat. There’s a limit of 30 students. Additional requests may be placed on standby in case of an opening. Please register at Eventbrite:

MATERIAL:
Each Participant will be responsible for purchasing his/her own Study Guide. All presentation slides will be provided to the student prior to the class in electronic format. Please print them if you need a hard copy.

Click here for the recommended study guide


ISSA-LV Quarterly meeting – Purposeful Wanderings in a Cyber Career

Wednesday, January 11, 2017 from 11:30 AM to 1:00 PM (PST)

Purposeful Wanderings in a Cyber Career

Professionals in any field are wise to consider the stepping stones of career growth. This conversation will explore information security experiences in various cities, organization sizes, and industries. Hear one security leader’s perspective on the maturing profession, and how to become a valued player anywhere. Then join discussion with your peers of how to excel in different environments – locally or anywhere.

Michael St. Vincent is Chief Information Security Officer at The Cosmopolitan of Las Vegas supporting the overall IT risk management program for the luxury casino and resort. St. Vincent joined The Cosmopolitan in May 2015, spearheading initiatives such as information security strategy and direction, implementation of security policies and standards and shaping the use of tools and processes for technology compliance and legal leaders, in addition to working across the business spectrum to ensure appropriate controls of technology supports.

With more than two decades of experience as a leader within his field, St. Vincent’s expertise lies within developing, implementing and leading information security programs in financial, defense industry, ISP, and hospitality organizations. Having led information security projects in Canada, Chile, Columbia, India, the United Kingdom, and across the United States, he has an awareness of the limitations and advantages of various cultural settings, risk profiles and management styles.

Recognized as an ISSA Fellow, an exclusive group of nominated industry leaders and philanthropists, his passion for developing security mindsets has included collaborating on industry research and presenting at events as diverse as board meetings, professional conferences and regional security events.

St. Vincent holds an MBA, has been an active Certified Information Systems Security Professional (CISSP) since 1998 and maintains additional certifications as CISA, CISM and CRISC. He has served on the SANS GCIA Advisory Board, Microsoft’s CSO Council, Metro Nashville Mayor’s Information Security Advisory Board and in several local information security related groups, providing support to encourage a stronger profession. In his personal time, he devotes time to supporting youth development programs locally, nationally and internationally including community service and leadership development activities.


ISSA-LV Quarterly meeting – Betting on the Cloud, and Winning

Wednesday, November 9, 2016 from 11:30 AM to 1:00 PM (PST)

Betting on the Cloud, and Winning
Adoption of the cloud is not only attractive for its technical prowess, but is becoming a competitive necessity.  Companies not only have the challenge of determining how to best leverage the cloud, but more importantly how to secure it in absence of the traditional defined network perimeter.  By focusing on the data, a new security model can be built based on Access Control, Data Encryption and Encryption Key Custodianship.  This new security model can be applied on both on-premise and public/private workloads, allowing enterprises to confidently embrace a multi-cloud workload strategy.

Gorav Arora works in the CTO office of Gemalto’s Identity and Data Protection business.  An IT professional for over 15 years, Gorav started his career in startups and large organizations around Silicon Valley, getting hooked to delivering many world “first” solutions. He has a broad background ranging from development of silicon-chips to large scale software systems.  Recently, his accomplishments have been focused on building solutions that ensure organizations stay ahead of the latest threats to their digital assets.  Gorav holds an MEng degree from McMaster University, where he specialized in computer vision and distributed architectures.


ISSA LAS VEGAS CISSP REVIEW COURSE
(Sep 17, 2017 – Oct 15, 2016)

Due to popular demand, The ISSA Las Vegas Chapter is offering a second preparatory course this year for individuals who are planning to take the (ISC)2 CISSP certification exam and for those who just want to learn more about information security. The course will take place every Saturday – September 17th, September 24th, October 1st, October 8th, and October 15th.  Registering for the first class will cover all 5 classes.  The purpose of this review course is to review each of the 8 CISSP certification domains and better prepare you to take the CISSP exam. This course is offered at a minimal cost to our chapter members and is subsidized by vendor partners. It is a low cost alternative for those wishing to expand their information security knowledge.

WHO SHOULD ATTEND?
Anyone who has at least one year of experience in an Information Security (InfoSec) department or will be employed in the near future in some type of InfoSec capacity; anyone with a college degree or equivalence; anyone preparing to take the CISSP exam administered by (ISC)2 (www.isc2.org) or anyone who wants to learn more about information security.

COST:
The cost of the entire course is $40 for ISSA members and $70 for non-members.
Payments can be made through Eventbrite and must be paid in full to reserve your seat. There’s a limit of 30 students. Additional requests may be placed on standby in case of an opening. Please register at Eventbrite:

MATERIAL:
Each Participant will be responsible for purchasing his/her own Study Guide. All presentation slides will be provided to the student prior to the class in electronic format. Please print them if you need a hard copy.

Click here for the recommended study guide


ISSA-LV Quarterly meeting – Other soldiers play war games. Why not cyber warriors?

If you are in Las Vegas during Black Hat, you are invited to lunch and hands-on training presented by the ISSA Las Vegas Chapter and the Arizona Cyber Warfare Range (AZCWR).

When:   August 2, 2016 (Black Hat Registration Day)

11:30a-1:00pm – lunch and presentations,

1:00pm-4:00pm –  training

Where:  SWITCH InNEVation Center, 6795 Edmond Street, 3rd Floor, Las Vegas, NV 89118  Innevation, powered by Switch

The Las Vegas ISSA Chapter is proud to announce we will hold a joint lunch meeting/training day with the Phoenix ISSA Chapter-sponsored Arizona Cyber Warfare Range on August 2, 2016, from 11:30am-4:00pm, with lunch and presentations from 11:30am-1:00pm.

The event will include presentations by Rich Larkins (ISSA Phx), Frank Grimmelmann (ACTRA) and Brett L. Scott (AZCWR) in addition to hands-on hacking exercises using the AZCWR Mobile Impression Lab.

The Arizona Cyber Warfare Range (AZCWR) is a non-profit organization that hosts a 24×7 live fire cyber warfare range available for use by the public to develop a continuous improvement process for cyber warfare and security. Areas of focus include computer network attack, defense, and digital forensics.  The AZCWR hosts live fire exercises for beginners through real world operations, with ranges to match the skill levels and education of students, with capability for upward progression into the real world of cyber warfare.  If you are interested in finding out more about the AZCWR, including how to join and develop your skills, please visit http://azcwr.org
A special thanks to AZCWR for the donation of their time and knowledge, and to the InNevation Center for the donation of the meeting space and continued support.
We hope to see you there for a great afternoon of networking with your peers, learning, and network hacking!

There will be a very limited number of workstations set up for hands-on exercises.   If you want to participate using your own system, please be prepared with Kali 2.0 in a virtualized or disposable environment before the meeting.

Recommended setup:

Hardware:   Minimum – 2 cores and 4GB RAM.   Recommended – At least an i3 or i5 level system with 8GB of RAM

Networking:  Gigabit Ethernet RJ45 interface (wireless may be available, but will be_much_slower)

OS:   Any OS capable of running FireFox and Kali 2.0 in a virtual environment such as Oracle VirtualBox (Win or Linux) or Parallels for Mac.


The Las Vegas Chapter of the Association of IT Professionals has extended its member pricing for the upcoming April 2016 Presentation – “Head in the Cyber sand – Why Small Businesses need Security” to the members of the Las Vegas ISSA Chapter.

Register here

Wednesday, April 27, 2016 from 5:30 PM to 8:00 PM (PDT)
Sierra Gold
6515 South Jones Boulevard
Las Vegas, NV 89118


Please find slides from the speaker here

Find the Verizon Data Breach Digest here

ISSA LV Chapter Quarterly Meeting – Understanding Data Breaches

Wednesday, April 20, 2016 from 11:30 AM to 1:00 PM (PDT)

Understanding Data Breaches:  A look at the Verizon Data Breach Digest

Many data breach victims believe they are isolated in dealing with particularly sophisticated tactics and never before seen malware – we’ve seen otherwise. To us, few breaches are unique. Our research suggests that, at any given time, the vast majority of incidents fall into a small number of distinct scenarios and, as such, there’s an enormous amount of commonality in cyberattacks. We’ve leveraged the Vocabulary for Event Recording and Incident Sharing (VERIS) framework and our extensive data breach investigation cases to produce the Data Breach Digest. The Data Breach Digest and its 18 scenarios illustrate how data breaches work and together prescribe a recipe for prevention, mitigation, and response. This presentation will discuss the Data Breach Digest, specifically how the scenarios contained within will help you identify important sources of evidence and ways to quickly investigate, contain and recover.

Hayden Williams is a Senior Security Consultant with Verizon Business Investigative Response Team. In this role, he responds to cyber-related security incidents, conducts on-site incident response capability assessments, and performs forensic activities for the various digital forensic investigations he performs. Prior to working for Verizon, Hayden performed cyber investigations for the Department of Defense as well as held various IT jobs in the public sector. Hayden has over 19 years of IT experience, the last 10 years focused on digital forensic and IT security.


Joint-Association Mixer Event

The Las Vegas Chapter of the Association of IT Professionals has extended its member pricing for the upcoming January 2016 Mixer at Pot Liquor Town Square to the members of the Las Vegas ISSA Chapter.

The event will be held on Wednesday January 27 2017 from 5:30pm – 8:00pm at Pot Liquor CAS at Town Square (Located across from Yard House), 6587 South Las Vegas Blvd, Las Vegas NV 89119. You may use the following Eventbrite link to register:

https://www.eventbrite.com/e/aitp-january-2016-mixer-pot-liquor-town-square-tickets-20353376497

We hope to see you there!


Please find slides from the speaker here

ISSA LV Chapter Quarterly Meeting – Tor

Wednesday, January 20, 2016 from 11:30 AM to 1:00 PM (PST)

Gaming Laboratories International
7160 Amigo Street
Las Vegas, NV 89119
The Onion Router, also known as Tor, is both a software and network used to anonymously access the web. Although praised by many privacy advocates and journalists worldwide, it remains controversial due to it being a gateway to the dark web. This presentation will focus on the tool’s operation, network logistics and cover recent issues surrounding it.
Emilie St-Pierre is a part-time security consultant and full-time cybersecurity student at the College of Southern Nevada. As an information security enthusiast, she co-hosts a local podcast on the subject and is fond of promoting education and discussion on issues in her field.

ISSA LAS VEGAS CISSP REVIEW COURSE

The ISSA Las Vegas Chapter offers an annual preparatory course for individuals who are planning to take the (ISC)2 CISSP certification exam and for those who just want to learn more about information security. The course will take place January 30th, Feburary 6th, Feburary 20th, Feburary 27th, and March 5th.  Registering for the first class will cover all 5 classes.  The purpose of this review course is to review each of the 8 CISSP certification domains and better prepare you to take the CISSP exam. This course is offered at a minimal cost to our chapter members and is subsidized by vendor partners. It is a low cost alternative for those wishing to expand their information security knowledge.

WHO SHOULD ATTEND?
Anyone who has at least one year of experience in an Information Security (InfoSec) department or will be employed in the near future in some type of InfoSec capacity; anyone with a college degree or equivalence; anyone preparing to take the CISSP exam administered by (ISC)2 (www.isc2.org) or anyone who wants to learn more about information security.

COST:
The anticipated cost of the entire course is $40 for ISSA members and $70 for non-members.
Payments can be made through Eventbrite and must be paid in full to reserve your seat. There’s a limit of 30 students. Additional requests may be placed on standby in case of an opening.

MATERIAL:
Each Participant will be responsible for purchasing his/her own Study Guide. All presentation slides will be provided to the student prior to the class in electronic format. Please print them if you need a hard copy.  The Board also recommends CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide 7th Edition


ISSA LV Chapter Appreciation Luncheon

Wednesday, December 16, 2015 from 11:30 AM to 1:00 PM

Fogo de Chão Brazilian Steakhouse
360 East Flamingo Road
Las Vegas, NV 89169

In appreciation of your dedication to the Information Security practice and your membership in the ISSA Las Vegas Chapter, we would like to invite you to our Annual Appreciation Holiday Luncheon.


Please find slides from the speaker here

ISSA LV Chapter Quarterly Meeting – How to make a pen tester’s work hard.

Wednesday October 7th, 2015 from 11:30 AM-1:15 PM

Gaming Laboratories International

7160 Amigo St.

Las Vegas, NV 89119

Come join us for our quarterly Las Vegas ISSA chapter meeting – networking and education all in one!
This quarter our presentation will be from an experienced pen tester about the top things an organization can do to make his (and other pen testers’) jobs more difficult – and as a result, make your organization more secure.  Expect practical takeaways and an inside look at how pen testing really works.
We look forward to seeing you there!

Patrick Kiley, B.S. Economics, GXPN, GPEN, GAWN, GCIH, CISSP, CCSP, MCSE- Senior Security Consultant

Patrick has over 15 years of information security experience working with both private sector employers and the Department of Energy/National Nuclear Security Administration (NNSA).  While he was with the NNSA he built the NNSA’s SOC and spent several years working for the Nuclear Emergency Teams in Nevada, where he held a TS/SCI and DOE Q clearance.  He also spent some time as the lead security engineer for Caesars Entertainment.  Patrick is a contributor to the Metasploit Framework and has developed innovative methods for attacking wireless networks.  Patrick got his bachelor’s degree in Economics and and holds several SANS GIAC certifications, he is also a CISSP.  Patrick was also one of the first people to receive the Advanced Penetration Testing and Exploit development (GXPN) certifications from SANS.  Patrick has several years of experience in security engineering as well as penetration testing and exploit development.