Welcome to ISSA KC

The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. Through its membership, ISSA -Kansas City helps security professionals in the Kansas City area learn of information security issues and trends, which promote education, collaboration, and leadership, and further the information security profession.

March 2017 Chapter Meeting

Posted by Administrator Thursday, March 9, 2017

On March 23, 2017 the ISSA-KC Chapter members, and other security professionals will hold a meeting at Lidia's Italy Restaurant in downtown Kansas City to network and attend the monthly chapter meeting, with presentation topic.

Topic Summary: IT and Information Security Risk Management for Driving Efficiencies and Competitive Advantage

Description: Learn how companies drive efficiencies and are transforming their IT and Information Security Risk Management processes into programs that directly help them achieve their goals and beat their competition

Speaker: Sam's Abadir
Sam Abadir has over twenty years of experience helping companies realize value through improving processes, identifying performance metrics, and understanding risk. Early in Sam's career he worked directly with financial institutions and manufacturing companies to help them realize institutional value. As a Sr Manager at Deloitte he focused on improving processes and increasing value for Global 2000 companies. In the past five years, Sam has worked with software companies like LockPath to build the tools that help companies create and manage value in a structured and efficient manner.

Agenda:
11:30 AM - 12:00 PM Greeting and registration
12:00 PM - 1:00 PM - Meeting & Presentation
1:00 PM - 1:30 PM - Questions, Answers & Networking

Location:
Lidia's Italy Restaurant
101 W. 22nd St.
Kansas City, MO 64108

Menu:
Pasta Tasting Trio - A sampling of three daily-made fresh and filled pastas.
Biscotti Platters - An assortment of house-made cookies & sweets to pass and share family style.

Soft drinks, Iced Tea, Coffee

* *Vegetarian option available, please note at registration**.
* *Menu subject to change. **

Price:
$20.00 for ISSA Members,
$30.00 for Guests/Non-Members

Maximum Reservation: 35
Credit(s): 1 CPE credit

Register Now!

Cheers!
ISSA KC Officers
ISSA-Kansas City Chapter
rsvp@kc.issa.org

February 2017 Chapter Meeting

Posted by Administrator Monday, February 13, 2017

Please join ISSA chapter members and other security professionals at Hereford House in Leawood, KS, for our February chapter meeting.

Topic: Cloud Access Security Broker (CASB 2.0) to Improve Security

Cloud app & data security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in ServiceNow, verifying activities within DevOPS or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations. Join Kameron Klein, Sr. Systems Engineer and Chad Ray, RSM at Netskope, for a session on which use cases are challenging enterprises today and how a next generation CASB can solve for them.
Attendees will learn:

  • Industry-specific data that's foundational to any cloud security business case;
  • The five highest-impact CASB 2.0 use cases from our customers, demonstrated from the perspective of users and security professionals; and 
  • How those use cases translate to "must-have" requirements for any CASB evaluation

 Kameron Klein -  Kameron has been actively working in Information Security for more than 18 years.  He has consulted for large financial institutions such as Discover Financial and JP Morgan Chase, Large Service Providers as well as many local and national organizations.  Additionally, he has worked for several Technology manufacturers including TippingPoint/HP, Palo Alto Networks and currently works for Netskope, Inc.

Chad Ray - Chad Ray has had roles at technology manufactures for 20 years, as a Network & Security Solutions Architect and Mobile Security Specialist across organizations such as Cisco, Alteon, Bay Networks, Citrix and currently works for Netskope, Inc.

Company Description:
Netskope is the leader in cloud security. Using patented technology, Netskope's cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time, whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope — security evolved. To learn more, visit www.netskope.com

Date/Location: Thursday, February 23rd, 2017,  11:30 - 1:30 pm

Hereford House
Town Center Plaza,
5001 Town Center Dr,
Leawood, KS 66211

Menu:
Lunch : Choice of one: Beef, Chicken, or Salmon,
Salad, Potato, Vegetable, Drink

Agenda:
11:30 AM - 12:00 PM Greeting and registration
12:00 PM - 1:00 PM - Meeting & Presentation
1:00 PM - 1:30 PM - Questions, Answers & Networking

Price:
$20.00 for ISSA Members,
$30.00 for Guests/Non-Members

Register Now!

Job Opportunity - Commerce Bank Information Security Analyst III

Posted by Administrator Monday, January 30, 2017

Job Expectations:
How would you like to work for a great company that offers career growth and values your skills and
experience? For over 150 years, Commerce Bank has built a strong reputation as a Super Community” bank and is recognized as an industry leader. In today's growing and competitive financial services industry, we look for creative and innovative solutions to meet the needs of our customers. To achieve our results, we recruit the best and brightest employees who ask, listen and solve to meet our customers’ needs!

The Information Security Analyst III is responsible for adhering to Incident Response protocol,
administering Information Security systems, assessing information risk, and identifying and remediating vulnerabilities for IT security across the enterprise. The individual will be focused on securing the network perimeter and internal networks through operations of the firewall, virtual private networks (VPNs), intrusion detection system/intrusion prevention system (IDS/IPS), web application firewall (WAF), data loss prevention (DLP) and enterprise anti-virus solutions. The Information Security Analyst III will be well versed in Incident Response protocol and event management.

Primary Responsibilities including but not limited to:


  • Incident Response and event management, including Incident remediation protocol, lessons learned,and process improvement/efficiency.
  • Intrusion prevention, administration of Information Security IPS systems, phishing monitoring and anti-phishing practices.
  • Participation in the Internet Monitoring process in addition to Data Loss Prevention.
  • Firewall administration, policy configuration and management of web application firewalls.
  • VPN configuration and administration.
  • Anti-virus anti-malware system maintenance and best practices configuration.
  • Remote access maintenance, administration and configuration.
  • Internal customer service related to access requests, troubleshooting, and problem resolution.
  • Promote awareness of applicable security standards, policy, and best practices across the Bank. 
  • Participation in the Information Security Operations on-call rotation. This position requires regular, predictable and timely attendance at work to meet department workload demands.

Work Hours: Monday-Friday (8:00am-5:00pm); evening and weekend work required.

Education: Bachelor’s Degree, Information Systems, Computer Science, Information Security or related field desired.

The ideal candidate will possess:

  • 3-5 years IT security or information security experience with ability to engage with internal customers and management.
  • 2+ years experience conducting incident response remediation and process protocol.
  • 2+ years experience in administering firewall, WAF, and Virtual private network systems/appliances.
  • Experience with IPS/IDS, SIEM technologies, Internet Monitoring, and Data Loss Prevention.
  • Experience working with threat intelligence and developing proactive best practices.
  • Certified Information Systems Security Professional (CISSP), or related certification.
  • Project management skills or experience working within Information Security project implementations.
  • Working knowledge of Linux and Windows Operating Systems, scripting, and Virtualization experience.
  • Strong work ethic, problem solving skills, customer service orientation, and proven dependability and promptness.
  • Good communication skills, well developed interpersonal skills, in addition to teamwork and collaboration attributes.
  • Creative problem-solving, analytical, and organizational skills.
  • The ability to plan, organize, and deliver professional technical documents on time.
  • Self-motivation and capability to successfully complete projects and provide support with little supervision.
  • Skills in creating documentation and procedures for a variety of technologies.

All inquiries and referrals are confidential. To apply online, visit:
https://www.commercebank.com/about/careers/ No 3rd parties or agencies, please. EOE.

January 2017 Chapter Meeting

Posted by Administrator Friday, January 6, 2017

On January 26, 2017 the ISSA-KC Chapter members, and other security professionals will hold a meeting at Brio’s Restaurant on the Plaza to network and attend the monthly chapter meeting, with presentation topic.
Speaker Bio:  James Campbell, InteliSecure
James has over 15 years of experience working in the Information Technology sector, with experience utilizing technologies from an administrative and managerial perspective. 
Currently, James works as an Enterprise Sales Engineer for InteliSecure, helping organizations architect solutions to safeguard critical data assets to prevent and detect data breaches. Previously, James was the Director of Information Security for WilcoHess, where he oversaw all IT Security initiatives including: strategy, PCI-DSS compliance, network and systems management as well as security architecture and governance. 
James is also a Certified Ethical Hacker with the EC-Council and holds a Network+ certification from CompTIA. His competencies include: IS Security, DLP, SIEM, Web/Email Gateways, Networking, network protocols, NIST, CEH, Windows OS, Linux OS, Firewalls, IDS/IPS.
Topic: Data Loss Prevention
Topic Summary: Join InteliSecure as we explores the immediate future of data loss prevention, revealing where cybersecurity innovators are headed and the tools they are using to get there. Participants will gain a fresh look at DLPchallenges and solutions including:
  • The current state of data loss prevention best practices
  • Using Identity and Access Management (IAM) as foundational tools to build more proactive cyber security programs
  • What a proactive cyber security program should look like, leveraging today’s security technologies to achievePredictive Analytics
  • The next big step in cybersecurity – Behavioral Analytics
Location:   BRIO Tuscan Grille, Country Club Plaza, 502 Nichols Rd, Kansas City, MO 64112 
Menu:
TBD
Agenda:

11:30 AM - 12:00 PM Greeting and registration
12:00 PM - 1:00 PM - Meeting & Presentation
1:00 PM - 1:30 PM - Questions, Answers & Networking
Price:

$20.00 for ISSA Members,
$30.00 for Guests/Non-Members

December 2016 Chapter Meeting

Posted by Administrator Thursday, December 1, 2016

*** We are at capacity now! May not be able to facilitate walk ins *** 11/14/2016

Please join ISSA chapter members and other security professionals at Hereford House in Leawood, KS, for our December chapter meeting.


Jeff Lanza was an FBI Agent for more than 20 years during which he investigated corruption, fraud, and cybercrime and organized crime. He served as chief of internal security for the FBI’s Kansas City region. He has provided thousands of presentations on risk management to associations, corporate boards, and employees of major corporations around the world. He appears regularly on CNBC, the Fox News Channel and has informed the public on other national programs including the Today Show, Good Morning America, Dateline and CNN, among others. He holds a Master’s Degree in Business Administration.

Topic:
Protecting Your Business from External Threats
Protecting Your Business from Internal Threats


Outline:
Part One - Protecting Your Business from External Threats

  1. The Threat
    1. The mastering of electromagnetism
    2. Old vs new heists
    3. The world’s greatest hacker
    4. Cyber-criminal organizational chart
    5. Operation Trident Breach
    6. Major security breaches
  1. Cyber Attacks Against Business – Prevention
    1. Prevention the compromising of data in motion
    2. Prevention the compromising of data at rest
    3. Whale phishing
    4. Wi-Fi hotspot security
    5. Holding data hostage
    6. Cloud considerations
  2. Bank Account Takeovers
    1. Takeover example
    2. Most common words used in phishing emails
    3. Creating security layers to bank account takeovers
i.      Separate computer for financial transactions
ii.      Device security
iii.      Mutual authentication
iv.      Security token
v.      Dual authorization
    1. Technology can fail!
  1. Corporate Espionage
    1. The loss
    2. Significant breaches
    3. Old fashion spying
    4. Trust and employees
    5. The need to know principle
    6. Authentication and access control
  2. Privacy Issues
    1. The state of privacy
    2. Who has your information and what they do with it
    3. Protecting your personal information

Part Two - Protecting Your Business from Internal Threats


  1. Embezzlement
    1. Draining Dixon – and embezzlement example
    2. The trusted employee
    3. Other examples
    4. Embezzlement warning signs
    5. Embezzlement prevention strategies
    6. Positive Pay
  2. Check fraud
    1. Check fraud vs other payment frauds
    2. Check fraud example
    3. Check fraud deterrence
    4. Mobile check deposit security
    5. Online bill pay
  3. What make good people go bad
    1. The state of integrity
    2. Triangle of fraud
    3. FBI cases and current examples
    4. How does it start?
    5. Why is wasn’t it enough?
    6. Corporate culture and integrity
    7. Vision and mission
    8. Fraud reporting mechanisms and examples
    9. Ethics flow chart
  4. Hiring good people
    1. Qualities to look for in new hires
    2. Background investigations
    3. Interview techniques
    4. Detecting deceit in interviews and investigations
    5. Prevention not aftermath.
Summary
Question and Answer

Date/Location: Thursday, December 15th, 2016,  11:30 - 3:00 pm

Hereford House:
Town Center Plaza, 5001 Town Center Dr, Leawood, KS 66211

Menu:
Kansas City Class BBQ Buffet
Grilled Boneless Chicken Breast, Sliced Brisket and Pork Ribs, Coleslaw, Cheddar, Ranch Potatoes, Sauteed Green Beans, Chef's Dessert Selection, Coffee, Tea

Agenda:
11:30 AM  -  12:00 PM - Registration
12:00 PM  -  1:00 PM - Lunch
1:00 PM  -  3:00 PM – Presentation

Price:
$20.00 for ISSA Members,
$30.00 for Guests/Non-Members


November 2016 Chapter Newsletter

Posted by Administrator Thursday, November 17, 2016

The November edition of the ISSA newsletter is now available.

Ethical Hacking

Posted by NB


Introduction to Ethical Hacking - 5CPE - Training/Class

Ethical hacking is the concept of simulating a malicious actor with the intention of strengthening the security posture of an application or system rather than true malevolent intent. This introductory course in ethical hacking will explore the general steps taken by hackers to better understand a attack sequence. Participants will be familiarized to with several concepts outlined in both the Certified Ethical Hacker study guide as well as the Lockheed Martin (LM) Intrusion Kill Chain. Merging these two methodologies together will provide a more complete understanding of how hackers compromise systems and the potential cybersecurity controls which need to be evaded during an attack sequence.



5 CPEs
Book:  CEH v9: Certified Ethical Hacker Version 9 Kit - Amazon link (Recommended for this session)
Target Date: Saturday Dec 10th
Location:
TEKsystems
7421 W 129th St #300
Overland Park, KS 66213
Cost:
Members = $50
Non-members = $70
Agenda:
Time
Activity
10:00 - 10:30 AM
Introduction
Evasion
LM Kill Chain: Reconnaissance
CEH: Footprinting, Scanning Networks, Checking for live systems, OS Fingerprinting
10:30 - 11:00 AM
Hands-on lab
11:00 - 11:30 AM
LM Kill Chain: Weaponization
CEH: Malware, Social Engineering
11:30 - Noon
Hands-on lab
Noon - 12:30
Lunch
LM Kill Chain: Delivery, Exploitation, Installation
12:30 - 1:00 PM
Hands-on lab
1:00 - 1:30 PM
CEH: Hacking Web Applications and Servers, SQL Injection
1:30 - 2:00 PM
Hands-on lab
2:00 - 2:15 PM
LM Kill Chain: Command and Control (C2), Actions on Objectives
2:15 - 2:45 PM
Hands-on lab
2:45 - 3:00 PM
Conclusion, Final Comments


Register Now!

Upcoming Events


March 2017 Chapter Meeting
Thursday, March. 23rd, 2016

Join the ISSA Kansas City Chapter


Join our mailing list to stay current on ISSA Kansas City!


For more information on how to join the Kansas City Chapter of ISSA click here.

Social Media

Chapter meetings are a great way to get to know your peers here in KC. And, if you're currently looking to make a career change, it's an invaluable way to build relationships that can provide you with the "inside information" on open security positions. Check out our new LinkedIn© group that you can join to discuss topics, ask questions, or just meet other members. Look for the group "ISSA Kansas City Chapter" or click here.

FB
https://www.facebook.com/kcissa/






Sponsors