ISSA Baltimore Chapter Monthly Meeting February …issa-balt.org/February_2015_Meeting_Presentation.pdfISSA Baltimore Chapter Monthly Meeting February 25, 2015 ... Rewards are not

ISSA Baltimore Chapter

Monthly Meeting

February 25, 2015

ISSA-Baltimore Sponsors:

Interset!, CyberCore Technologies, Phoenix TS,

Microsoft Trustworthy Computing, Parsons, Tenable Network Security, Websense

Board of Directors Bill Smith, CISSP, GSNA, CEH, GPEN, GCFA, GCFE -

President

Sidney Spunt, CISSP - VP Operations

Kevin Drury – Secretary

Carol Klessig, CISSP - VP Professional Development

Rod Zwainz, CISSP, PMP - VP Education

Phil Rogofsky, CISSP, Network+, CPA – Treasurer

Steve Chan, CISSP, PMP – VP Membership

Dennis Dworkowski, CISSP-ISSEP – VP Outreach


Interset, CyberCore Technologies, Phoenix TS,


Baltimore Chapter Sponsors




Agenda / Announcements

Welcome to Parsons, 7110 Samuel Morse Drive, Suite 200 Columbia, Maryland 21046 Non-U.S. Citizen Requirements

Any guests or new members in attendance?

(ISC)2 CPE Submissions – Individual Responsibility

New CISSP and SSCP Domains

Chapter Strategic Plan

New Member Promotion

CISSP Chapter Badges / Shirts and Jackets with ISSA-Baltimore Logo

CISSP Study Group Spring 2015 – February 24 thru May 19, 2015

New Location: Phoenix TS

Amazon Affiliates program

LinkedIn Group

Facebook Page – “ISSA-Baltimore Chapter”

Future Meeting schedule




New Members

Since January Meeting

278 Total Members

Aaron Caruso

Kevin Clark

Shane Jager

Aaron Levi




Ryan Paal

Thomas Pena

Will Unkart

Alexander Vining




What? You didn't know Computers Control you?

/ ICS and SCADA 2-Hour Live Event: Monday, March 2, 2015

Start Time: 9:00 a.m. US-Pacific/ 12:00 p.m. US-Eastern/

5:00 p.m. London

Brought to you exclusively by ISSA.

REGISTER NOW

Join the conversation! #ISSAWebConf




Opening Doors for Women in the Information Security Field

1-Hour Live Event: Monday, April 6, 2015

Start Time: 1:00 a.m. US-Pacific/ 4:00 p.m. US-Eastern/ 9:00 p.m. London

Brought to you exclusively by the ISSA Women in Security SIG.

REGISTER NOW

Join the conversation! #ISSAWISSIG




CISSP Domains, Effective April 15, 2015 •Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business

Continuity)

•Asset Security (Protecting Security of Assets)

•Security Engineering (Engineering and Management of Security)

•Communications and Network Security (Designing and Protecting Network Security)

•Identity and Access Management (Controlling Access and Managing Identity)

•Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

•Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster

Recovery)

•Software Development Security (Understanding, Applying, and Enforcing Software Security)




Systems Security Certified Practitioner (SSCP)

Domains,

Effective April 15, 2015

* Access Controls * Cryptography

* Security Operations and Administration * Networks and Communications Security

* Risk Identification, Monitoring, and Analysis * Systems and Application Security

* Incident Response and Recovery

* The SSCP indicates a practitioner’s technical ability to tackle the operational demands and

responsibilities of security practitioners, including authentication, security testing, intrusion

detection/prevention, incident response and recovery, attacks and countermeasures, cryptography,

malicious code countermeasures, and more.

Chapter Strategic Plan




Vision - To be the community of choice for international cybersecurity

professionals dedicated to advancing individual growth, managing

technology risk and protecting critical information and infrastructure

Mission - ISSA is a not-for-profit, international organization of

information security professionals and practitioners. It provides

educational forums, publications, and peer interaction opportunities

that enhance the knowledge, skill, and professional growth of its

members

Change to the Chapter By-laws




ARTICLE I: Name

Current:

The name of this organization shall be the Baltimore Metropolitan

Chapter, Information Systems Security Association, Inc., (ISSA)

hereafter referred to as the "Chapter".

Change:

The name of this organization shall be the Central Maryland

Chapter of the Information Systems Security Association, Inc., (ISSA)

hereafter referred to as the "Chapter".

Chapter Strategic Plan-Core Values




Collaboration - We believe that working together toward a common goal is

essential to the success of the association.

Knowledge Sharing - We encourage knowledge sharing as a result of our belief

that all of us are smarter and more productive than any one of us.

Leadership - We inspire each other to achieve and grow through a shared vision

and passion to excel.

Professional Development - We support the development of our people,

association and profession through positive relationships, dynamic synergies and

innovative growth opportunities.

Innovation - We search for new avenues to improve the Cybersecurity community,

ISSA International and our Chapter

Chapter Strategic Plan-Goals and Strategies

• Goal I:Expand Chapter Influence outside of Howard County Area

• Change chapter name to ISSA of Central Maryland

• Reach out to security companies outside Howard County

• Join and be active the Chesapeake region Tech Council

• Objective 2: Increase Benefit to Members

• Seek out more varied speakers for chapter meetings.

• Develop relationship with other organizations such as other ISSA Chapters, IIA, IEEE Baltimore, and ISACA.

• Create relationships with educational organizations to provide more costs training opportunities such as Phoenix

• Poll members to see what they what additional opportunities they would like the Chapter to pursue.

• Goal 3:Improve Relationship with Companies/Sponsors

• Create Corporate Ambassadors where members represent the Chapter to their employees,

• Start monthly communication/e-mail newsletter to Sponsors

• Host on-site Meet and Greet Events at Large Companies.

• Poll Sponsors to determine what they would like out of Sponsorship.

• Goal 4-Promote Chapter's Identity

• Increase STEM involvement and participation events such in the HoCo STEM Festival.

• Increase involvement in local security events such as CyberMarylandConference;.

• Increase involvement with Howard Tech Council

• Increase support to our Student Chapter at UMBC and explore creating additional student chapters.

13 ISSA-Baltimore Sponsors:







Rules:

1. Promotion begins August 1, 2014

2. New member must identify referring member when joining

3. $25.00 Amazon Gift Card awarded to referring member

4. Referring member’s registration must be current

5. Awards will be presented at monthly Chapter meeting

6. Program will run through December 31, 2015 and be re-

evaluated by the board after that time

7. Board of Directors not eligible to participate





Congratulations - $25.00 Amazon Gift Card winners:

Chris Ambrose

John Barker

Chuck Dickens

Charles Dickert

Devin Elmore *

Ivan Gordon

Monique Mitchner *

Matt Morris

Nick Rapp

Katelin Rowley

Oliver Thomas *

Rod Zwainz *

17 Feb 15 Kickoff for CISSP

24 Feb 15 Information Security Governance & Risk Management

3 Mar 15 Security Architecture & Design

10 Mar 15 Access Control

17 Mar 15 Operations Security

24 Mar 15 Cryptography Part 1

31 Mar 15 Cryptography Part 2

7 Apr 15 Physical & Environmental Security

14 Apr 15 Software Development Security

21 Apr 15 Business Continuity & Disaster Recovery

28 Apr 15 Telecommunications & Network Security Part 1

5 May 15 Telecommunications & Network Security Part 2

12 May 15 Legal, Regulations, Investigations and Compliance

19 May 15 Practice Exam / Review

ISSA-Baltimore CISSP Study Group

Fall 2015 Schedule




Phoenix TS, 10420 Little Patuxent Parkway, Suite 500, Columbia, MD 21044

The ISSA Baltimore Chapter is organizing a networking visit and tour

of the Jailbreak Brewery in March 21, 2014, 3:00 PM – 5:00 PM

Cost $10.00 per person




Jailbreak Brewing Company

9445 Washington Blvd N

Laurel, MD 20723

(443) 345-9699

http://www.jailbreakbrewing.com




Our New

Chapter Blog !!

As 2015 is now underway, we wanted to provide you with a list of potential networking and

volunteering opportunities tentatively scheduled for this year. We are always looking for members

to assist with various outreach and chapter activities that need to be completed. You may be

asking yourself, what is in it for me? Listed below are several benefits for volunteering your time

to help the Baltimore ISSA chapter out.

Volunteering provides a chance to learn new skills. Carol Klessig is learning to create a unique

hash tag this weekend. Learning about social media (Twitter) may help Carol add to her resume.

Please email Carol at [email protected] If you would like to be

considered for the new position known as Director of Publicity.

Helping others learn and encouraging our youth feels great. Rewards are not always monetary.

Encouraging a student can be your chance to pay it forward. This is especially beneficial for

recent graduates or new members in the security field.

Camaraderie. Social outings like our field trips can be a chance to form a new friendship with

others in the IT field.

CPE's. Working for the club can generate CPE's that can be used to maintain your certifications.

Currently, we need our website updated and possibly redesigned. Does anyone have a

experience in web design that could assist us with updating or redesigning our current website?

You can volunteer for just a single event or on a regular basis. A variety of items exist that we

could use assistance with. These items include writing a blog article, greeting members at the

door or assisting with the setup/cleanup at chapter meetings. If you see a position aching to be

filled, talk to one of the board members.




2015 Meetings and Events

Date Speaker Organization Topic

January 28, 2015 Kathy Worgul Carroll County Business & Employment

Resource Center

How Can LinkedIn Assist in Career

Advancement

February 9, 2015 Lori Harmon Women In Security SIG Webinar The Art of the Ask: How to Ask for – and Get

– What You Want in Your Career

February 25, 2015 Robert K. Gardner New World Technology Partners Cyber Risk, Thru the Shareholder Lens

March 25, 2015 Rhonda Ferrell CyberSecurity & Your Professional Life: A

Value-Add Approach

April 15, 2015 Mid-Atlantic ISSA Security Conference,

NIST, Gaithersburg, MD

April 22, 2015 Anthony

Teelucksingh

United States Department of Justice

May 20, 2015 Brian E. Dykstra Atlantic Data Forensics, Inc.

October 12 – 13 ISSA International Conference

Chicago Illinois




March 25, 2015 Speaker

Rhonda Farrell




Rhonda Farrell is an Associate with Booz Allen Hamilton, primarily focusing on enterprise life-cycle

activities as they relate to cybersecurity and quality. Her prior career experience was within

operations, engineering, and security functional areas of Fortune 500 companies throughout Silicon

Valley, CA. as well as with the US Marine Corps at Quantico, VA.

She is a veteran committee member and leader within IEEE Northern Virginia, ISSA International

(WIS SIG and Board of Directors), ISSA-NOVA, and ASQ 509 where she has worked on initiatives

which provide member value, increase opportunities for professional development, stimulate growth,

and enable realization of strategic partnering opportunities. She brings to the leadership teams --

enthusiasm, a strong work ethic, commitment to organizational principles, a deep technical

background, sound management capabilities with a solid grounding in quality best practices.

March 25, 2015 Topic

CyberSecurity & Your Professional Life:

A Value-Add Approach




Cybersecurity is a high growth field, but an inexact science -- an

amalgamation, if you will, of theories, principles, and best practices pulled

from the realms of quality, performance excellence, and change

management. Explore how these bodies of knowledge can be more

effectively intertwined to craft a solid roadmap using a ‘value-add approach’

which guides both your customer solutions as well as your own career.

February 25, 2015 Speaker

Robert K. Gardner

New World Technology Partners Mr. Gardner formed New World Technology Partners (NWTP.net) in 1977 to incubate and promote advanced technologies and new

ventures with business potential and national/public policy implications. His efforts focused upon High Performance Computing and

Cyber Risk technologies directed primarily to National Security, Energy, Healthcare and Financial Services applications.

•He introduced and promoted intellectual property and launched new business units – for 3rd parties and the NWTP portfolio,

including August Systems, Verdix, Meiko Scientific, Cryptek, Phoenix Numeric and Probity Labs.

•Under whose auspices he also produces training workshops, speaking engagements, articles & blogs and congressional

testimony on the Impact of Cyber Risk – with and for Government Agencies, marquee trade associations, NGOs and

Academic Institutions.

He currently writes, speaks and mentors on the Enterprise impact of Cyber Risk and has prepared briefings and testimony for the

U.S. House of Representatives, Senate committees and industry forums.

Mr. Gardner has a BSEE from Rensselaer Polytechnic Institute and studied graduate system engineering and business

administration at Penn State and the University of Santa Clara respectively.




February 25, 2015 Topic

Cyber Risk, Thru the Shareholder Lens




The rapid rise in the frequency and sophistication of cyber threats presents an enterprise risk issue that demands

more attention from the officers and directors charged with the stewardship of shareholders’ interests. Corporate

enterprise assets, often in digital form (such as funds, intellectual property, etc.) or executed by digital activity

(transactions, trading algorithms), are threatened by exploitable vulnerabilities and systemic risks. Shareholder

value, which is affected by multiple factors in price/earnings that can be tied to reputation, brand integrity, and legal

and regulatory exposure, is also subject to the severe impacts of cyber incidents. We have seen how swiftly an

event or paradigm shift can take a toll on shareholder value. As a Deloitte report, “Disarming the Value Killers: A

Risk Management Study,” notes, “Almost 50% of Global 1000 companies lost 20% or more in share price in less

than a month during the past 10 years—some never recovered. Most major losses were as a result of a series of

high-impact but low-likelihood events.” To address the risk of cyber attacks ranging from nuisance to catastrophic

and all points in between, corporate executives need to quantify the consequences of risk scenarios. But first,

leaders must understand how their enterprise operates in today’s cyberspace.

Documents

ISSA Baltimore Chapter Monthly Meeting February …issa-balt.org/February_2015_Meeting_Presentation.pdfISSA Baltimore Chapter Monthly Meeting February 25, 2015 ... Rewards are not