• Best of Breed: Cloud Infrastructure Security Management | Container Security

    Over the next five years we will see a significant transformation in network and application security, including network compliance policies, driven by the need to better support cloud applications, DevOps, and Containerization. How switches, routers, firewalls, and VPNs (GRE/IPSEC Tunneling) are configured in the not-too-distant future will look “nothing” like it does today. Network change management will be supplanted by extremely granular cryptographic chain-of-trust across all systems, objects, apps, and users; cryptographic segmentation will replace network segmentation; and NIST ABAC will function as the policy layer along with deep PKI/CA/X509 integration. These transformative events are inevitable and will require a re-education of audit and compliance personnel—all driven by a fast moving and highly competitive digital climate. SESSION #1: SPEAKER, DOME9 Cloud Infrastructure Security -- Verifiable Cloud Network Security, Advanced IAM Protection, Comprehensive Compliance and Governance. A review of the top cloud infrastructure management challenges, including visibility into cloud infrastructure, adherence to compliance regulations and governance standards, and setting consistent security policies. -- How do you establish and maintain a consistent security posture across your cloud environments (AWS/Azure/Google)? -- How do you seamlessly extend your security as you rapidly scale operations? -- Why security in the cloud is fundamentally different from data center security, and what you need to do to ensure a consistent security posture in your cloud environments. -- How to architect a scalable security solution for your Cloud infrastructure. SESSION #2: SPEAKER, APORETO This session will review the significant limitations associated with current network security models that no longer align with the needs of digital business, as well as solutions based on Zero-Trust, and more specifically Container Security: The evolution of advanced Application Security -- Network-Oriented Security versus Cryptographically Enabled Chain-of-Trust: Maintaining cryptographic chain-of-trust across all cloud-native applications in zero-trust environments...2018 "Container Security" catches up with DevSecOps. -- Manage Identities across applications and services by combining context and metadata from trusted sources. -- Establish and maintain cryptographic root of trust for identity. -- Automatically encode security requirements as policy that is applied to every protected application. -- Enable operational simplicity with zero touch from developers. SESSION #3: SPEAKER, APORETO Deep Dive into Container Security

    1
  • ***EVENT CLOSED*** CISO | CIO Round Table Luncheon -- A Quarterly Event

    Fleming's Prime Steakhouse & Wine Bar | The Domain

    CISO | CIO Round Table Luncheons are held Quarterly CISO, CSO, CIO, CTO executives are invited to attend our executive lunch sessions moderated by the Cloud Security Alliance Austin Chapter in conjunction with industry subject matter experts: You must be a C-level executive responsible for strategic IT/Security direction within your organization, with a minimum of 1,000 employees. Please RSVP directly to the Chapter Chair at [masked] with your name, title, email address, company, and you will be registered. Attendance is limited to 24 participants. Registrants over this number will be wait-listed. FEB 15: PHISHING AND RANSOMWARE: A PUBLIC EPIDEMIC | EMAIL SECURITY MEETS DATA SCIENCE [Threat Intelligence data provided by Cyren] Phishing remains the top threat vector for cyber attacks, so kicking off our 2018 CISO Round Table Luncheons with this topic makes sense: Social engineering and the exploitation of human vulnerabilities continue to be the most attractive and successful paths for threat actors to target organizations and individuals who have access to sensitive data. Today's phishing attacks come in all shapes and sizes, combining levels of sophistication, speed, and malware that are astoundingly more dangerous to organizations than just 12-24 months ago. The CSA Austin Chapter along with top subject matter experts in their field will host four quarterly CISO | CIO Round Table Luncheons in 2018 focusing on the most prevalent cyber threats and cloud security trends. Our executive round table luncheons kick-off on Feb 15 with the rather striking and fast moving maturations that we are seeing across the phishing threat landscape: Why are miss rates increasing across all categories of email filtering? How are organizations measuring the efficacy of their current email security in blocking phishing and Ransomware attacks from end-users? How does an organization really know what sorts of blended attacks are getting through to endpoints? Is "zero-hour" phishing detection and blocking even possible? Feb 15: KICK-OFF -- CISO | CIO ROUND-TABLE LUNCHEON [Sponsored by Cyren] EVENT SPEAKERS: Sigurdur (Siggi) Stefnisson, VP Threat Research, based in Hafnarfjordur, Iceland and Ben Carmi, Senior VP Products, based in Herzliya, Israel, will be presenting at our kick-off event. EVENT MODERATOR: Peter Vogt, Co-Chair, CSA Austin Chapter- Jun 14: CISO | CIO Luncheon -- Container Security catches up with DevSecOps in 2018. CISOs can smile again. The evolution of advanced Application Security: Maintaining cryptographic chain-of-trust across all cloud-native applications in zero-trust environments transparently to dev personnel: Kerberos/PKI Certs for Daemons and Containers... Sponsors and speakers will be announced in February. Sep 13: CISO | CIO Luncheon -- Advanced Risk Scoring Engines: First there was the SEIM (Security Event Information Management), then we added AI for next-gen SEIMs, now we move to an entirely new level in real-time threat intelligence scoring schema...Risk Event Information Management: Scoring Risk Exposure in Real-Time across non-cyber and cyber variables. Dec 6: CISO | CIO Luncheon -- TBA Quarterly CISO luncheons are held at Fleming's Prime Steakhouse & Wine Bar located at the Domain.

  • EVENT FULL/350 attendees/EventBrite CLOSED: Austin Security Groups HOLIDAY MIXER

    Join us for a holiday mixer and come socialize with your fellow security enthusiasts. Members from all area security groups are invited to this holiday event. You must register for this event through EventBrite (see link below). We are expecting 300+ attendees, so please register below before the event is full. -------------------------------------------------------------------------------- CSA HOLIDAY EVENT SPONSORS: Amazon, Optiv, Cyren, NCC Group SPECIAL THANKS TO: ISC2, ISSA, ISACA, OWASP -------------------------------------------------------------------------------- Food, beverages, beer will be served. Mon, December 11, 2017 | 6:00 PM – 9:00 PM CST RSVP REGISTRATION: EventBrite https://www.eventbrite.com/e/austin-security-groups-holiday-mixer-registration-38083235984 Add to Calendar (https://www.eventbrite.com/e/austin-security-groups-holiday-mixer-registration-38083235984#add-to-calendar-modal) LOCATION Indeed.com Office 6433 Champion Grandview Way Building One Austin, TX 78750 View Map (https://www.eventbrite.com/e/austin-security-groups-holiday-mixer-registration-38083235984#map-target) The Austin-based security associations invite you to our Holiday Mixer: 1. American Society for Industrial Security (ASIS) http://www.asis179.org | http://www.asisonline.org 2. Association of Continuity Professionals (ACP) http://chapters.acp-international.com/capitaloftexas | https://acp-international.com 3. Austin Hackers Association (AHA) http://takeonme.org 4. Cloud Security Alliance (CSA) http://www.CSA-Austin.org | http://www.CloudSecurityAlliance.org 5. Electronic Frontier Foundation (EFF) http://effaustin.org | http://www.eff.org 6. Hackformers http://www.hackformers.org 7. Healthcare Information and Management Systems Society (HIMSS) http://austin.himsschapter.org | http://www.himss.org 8. High Technology Crime Investigation Association (HTCIA) https://htcia.org/chapter/austin | https://htcia.org 9. Information Systems Audit & Control Association (ISACA) http://www.isaca.org/chapters9/Austin | http://www.isaca.org 10. Information Systems Security Association (ISSA) https://austinissa.org | http://www.issa.org 11. Information and Systems Security Society (ISSS) https://utexas.campuslabs.com/engage/organization/isss 12. InfraGard https://www.infragard.org/Application/General/Branch?id=124 | http://www.infragard.org 13. International Information System Security Certification Consortium (ISC)2 https://isc2-austin-chapter.org | http://www.isc2.org 14. Open Web Application Security Project (OWASP) http://www.owasp.org/index.php/Austin | http://www.owasp.org 15. Society for Information Management (SIM) https://austinsim.org | http://www.simnet.org

  • General Data Protection Regulation (GDPR) Preparation Session | IOT Security

    CSA AUSTIN CHAPTER - LUNCH 'N' LEARN At AMAZON located at 11501 Alterra Pkwy, 5th Floor, Austin, TX | Barton-Zilker Conference Room The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The regulation was adopted on April 27, 2016. It becomes enforceable on May 25, 2018 after a two-year transition period. Additional session and speaker information will be posted on Friday Oct 13. 10:00-11:00 AM Check-in | Table Demos: IOT Demo-Armis | Advanced Browser Security Demo-Garrison 11:00-11:30 AM Amazon - Local Introductions 11:30-12:30 PM Session#1 GDPR Training -- NCC Group 12:30-1:00 PM Lunch | Table Demos: IOT Demo-Armis | Advanced Browser Security Demo-Garrison 15 MINUTE BREAK 1:15-2:15 Session#2 GDPR Training -- NCC Group 2:30 PM Closing Remarks, Raffle For additional information, please contact: Peter Vogt: [masked] |[masked] Mitchell Merrick: [masked] |[masked]

    10
  • CCSP Exam Prep Class (Two-Day Session): July 17-18

    T-Werx Coworking

    $325.00

    CCSP | 2-DAY TRAINING CLASS: $325.00 CLASS REGISTRATION (EVENTBRITE): CCSP Exam Prep Class (Two-Day Course) - Cloud Security Alliance, Austin Chapter (https://www.eventbrite.com/e/ccsp-exam-prep-class-two-day-course-cloud-security-alliance-austin-chapter-tickets-35482506131?aff=utm_source%3Deb_email%26utm_medium%3Demail%26utm_campaign%3Dnew_event_email&utm_term=eventname_text) Certified Cloud Security Professional (ISC)² Certification - ISC2 (https://www.isc2.org/ccsp) When: July 17 and 18, 2017 from 8:00 am - 5:00 pm Instructor: Ross A. Leo - ISC2 and CSA certified CCSP instructor. Associate Director of Professional Training and Development with the Cyber Security Institute (CSI) at the University of Houston – Clear Lake College of Science and Engineering. Location: T-Werx | 1320 Arrow Point, Ste 501, Cedar Park, TX 78613 | (512)[masked] Cost: $325.00 | This two day class includes Continential Breakfast, Lunch, Snacks, and Raffle (prizes will be announced at session). Free Parking. Training materials: CCSP Certified Cloud Security Professional All-in-One Exam Guide (or) Official (ISC)2 Guide to the CISSP CBK, Fourth Edition / Edition 4 Participants will receive materials including a textbook, copies of the CSA, NIST, and ENISA core documents, and supplementary handouts as appropriate plus 16 CPE hours. About the course: The CCSP is a professional certification in cloud and information security, providing competency in cloud computing infrastructure and security expertise for mid- to advanced-level professionals in IT security, architecture, GRC, audit, and engineering for those with a background in securing, managing, or providing services in cloud environments. Beyond the beginning CCSK from CSA, which the introductory day will review, the course will provide materials and guidance for the participant to prepare for the 4-hour, 125-question technical CCSP examination and credentialing (as well as the CCSK, if desired). A score of 700 on a 1000 scaled score base will be required to pass the exam, which can be scheduled via www.isc2.org at Pearson Vue testing sites, at participant cost. More information may be obtained from https://www.isc2.org/uploadedfiles/(isc)2_public_content/certification_programs/ccsp/ccsp-brochure.pdf and the more detailed candidate booklet, as well as the CSA’s information at https://cloudsecurityalliance.org/media/news/isc2-and-cloud-security-alliance-introduce-new-cloud-security-certification/ . About the Instructor: In addition to his tenure with UHCL, Mr. Leo has been an ISC2 instructor for over 20 years, holding numerous professional credentials in security and related fields. He is a principal with Nivola Healthcare Solutions, and has partnered with SecureNinja (VP / CTO), Global Knowledge (Expert Instructor status), and Intense School, and held positions a CISO at UTMB – Galveston, a HIPAA consulting firm, and as a Program Manager and Chief Security Architect at NASA / JSC. Questions: Contact Peter Vogt | Cloud Security Alliance | [masked] | (512)[masked]

    2
  • CyberSecurity FlashBASH | Buffalo Billiards | Downtown Austin

    AUSTIN CYBERSECURITY FLASHBASH | Meet and network with your peers, play billiards, darts, and other games. Complimentary Beer, Wine and Cocktails | One complimentary cigar per attendee | Smoking Outside Only. Austin Event sponsored by the Cloud Security Alliance-Austin Chapter | Cyren | Optiv | NetSPI | CyberSecurity FlashBashes are held throughout the country. In Texas, CyberSecurity FlashBashes are held in the greater Austin, Houston, and Dallas areas on a regular basis. Events are typically sponsored by local security groups such as the CSA, ISSA, and ISC2, as well as security services organizations, vendors, and consulting firms. The goal is simple: Network with fellow IT professionals, security practitioners, C-level executuves, architects, engineers, SecOps, etc., while enjoying cocktails, cigars, billiards, and televised sports. Austin CSA Contacts : Peter Vogt (512)[masked] | [masked] Greg Willis (512)[masked] | [masked] CyberSecurity-FlashBash.com: www.cybersecurity-flashbash.com (http://www.cybersecurity-flashbash.com/)

  • Phishing & HyperEvasive Threats Converge | Latest CASB Developments | SDN Review

    LOCATION: MEETING ROOM at Congregation Beth Israel (https://maps.google.com/maps?f=q&hl=en&q=3801+Shoal+Creek+Blvd%2C+Austin%2C+TX%2C+78756%2C+us) Introductions to our new Chapter Board | Topics for 2017 | Meeting Locations Cybersecurity Education: City & Business Community Level, Kevin Williams, CISO, City of Austin AUSTIN CSA CO-CHAIRS: Peter Vogt | Derly Gutierrez AUSTIN BOARD MEMBERS: George Sprague | Mark Brady | Ben Walter | Greg Willis | Thomas McNash | Leo Magallon | Kevin Williams *** LUNCH WILL BE PROVIDED *** EVENT SPONSORS: Aryaka | Cyren | Netskope | Praetorian SESSION SPEAKERS: Lior Kohavi | Tom McNash | Jason Sheffield | Patrick Chen | Ron Hamlett SESSIONS: 1) The Future of Cloud Security: Latest Trends in Cyber Security – What's REALLY going on in The Wild? What does the future hold? 2) Malware & Phishing-as-a-Service | Hyper-Evasive Threats 3) Latest Developments in CASB Architectures 4) SDN VS MPLS [SESSION #1]: The Future of Cloud Security: Latest Trends in Cyber Security. What's REALLY going on in The Wild? What does the future hold? Speaker: Lior Kohavi, CTO Cyren [SESSION #2]: Malware & Phishing-as-a-Service | Hyper-Evasive Threats - 2016 was the worst year in the history of CyberSecurity, witnessing an overwhelming convergence of hyper-evasive threats with Phishing to create the perfect cyber storm the likes of which have never been seen. This session will delve into exactly why 2016 was a benchmark year for nation states and threat actors. The discussion will review cybercrime data on a macro-global scale as well as on an empirical/organization level. This short threat briefing and demo will bring the global Phishing & Ransomware trends through the front door of your organization with a review of the most adanced techniques used to bypass best-in-class security blocking, increase dwell times, and remain obfuscated from ATP products while Ransomware initiates its cryptographic functions. Speaker: Tom McNash, Board Member, CSA Austin Chapter, Senior Solution Engineer, Cyren North America [SESSION #3]: Latest Developments in CASB Architectures Traditional security technologies are not well suited to the needs of today's cloud. As people become increasingly mobile, collaborate more freely, and shift more of their data to the cloud, enterprises need security technology that governs usage and protects data everywhere. Instead, most IT teams are still struggling with legacy security products that simply can't contend with this new way people work. These legacy solutions don't understand cloud transactions, they only offer IT a binary policy choice - allow or block - and that frustrates both IT and users. Finally, these products only cover some workflows, don't fully protect enterprises from sensitive data loss or exposure, and introduce complexity and cost while failing to secure the enterprise completely. Attendees will leave this session with a clear perspective on: Cloud as a Threat Vector | Critical CASB Attributes | Deployment Options | Business Case for CASB Speaker: Jason Sheffield, Senior Field Engineer, Netskope [SESSION #4]: SDN REVIEW Enterprises use MPLS for site-to-site connectivity and reliable performance for datacenter applications. However, MPLS is expensive and complex, takes months to deploy, requires WAN Optimization boxes for application acceleration, and lacks cloud/SaaS connectivity. MPLS is not designed for cloud-enabled and SaaS applications. Since corporations don’t control the terminating point of such applications, MPLS cannot be deployed in these scenarios. Direct Connect solutions address only a small percentage of cloud-enabled and SaaS applications. The Internet is prone to high latency, packet loss and jitter, which results in poor application performance, especially over long distances. For example, latencies fluctuating around 300 milliseconds and 10-15% packet loss are not out of norm between San Jose and China. This results in many packets having to be sent over the network over and over again. And if the packets have to traverse a large distance (latency), employees have to wait several minutes to refresh their screens, which makes mission-critical, time-sensitive applications like ERP and CRM unusable. Edge-based SD-WAN solutions combine MPLS and Internet to simplify network operations and reduce costs. And since none of these connectivity options address performance for mission-critical and business-critical applications deployed globally, combining them doesn’t address it either. While these solutions can work for regional/local deployments and non-mission-critical applications, they fall short on global deployment scenarios where applications are mission critical and time-sensitive. The core of Aryaka’s global SD-WAN is a global private network with 26 points of presence (POPs) across six continents, less than 30 milliseconds away from 95% of the world’s business users. These POPs are interconnected by a backbone of private network connections delivered by top service providers. Enterprises use the internet for last-mile connectivity to Aryaka, but Aryaka’s global backbone delivers network transport that is far superior to the Internet and MPLS, with built-in cloud and SaaS connectivity. On top of this global network, Aryaka integrates SD-WAN technology, WAN optimization, content delivery network (CDN) functionality, mobile application acceleration, and connectivity to cloud platforms. Aryaka’s global SD-WAN is delivered as a service, reducing costs by more than 50%, compared to legacy solutions like MPLS. Deployment of the Aryaka solution at a customer site takes hours compared to the months that it takes to set up MPLS. SPEAKERS: Patrick Chen, Ron Hamlett

    6
  • Oracle Cloud Free Seminar

    Needs a location

    There is a free seminar at Oracle Austin on Oracle Cloud and Security! http://viscosityna.com/event/oracle-tech-day-austin-cloud-and-security/

  • Cloud Security with Dustin Kirkland from Gazzang at ACUG

    Pervasive Software

    Join Austin Cloud User Group on Tuesday, February 19, 2013 at 6:00 PM (CST) at Pervasive. RSVP on the eventbrite > http://austincloud-2013-2.eventbrite.com

    3
  • CCSK Exam Prep (Kindle Fire Door Prize)

    Pervasive Software

    Food and Kindle Fire Door Prize Sponsor: Symplified Location Sponsor: Pervasive Software It's time to get certified! Cloud computing is being aggressively adopted on a global basis as businesses seek to reduce costs and improve their agility. And one of the critical needs of the industry is to provide training and certification of professionals to assure that cloud computing is implemented responsibly, and with the appropriate security controls. The Cloud Security Alliance has developed a widely adopted catalogue of security best practices, the "Security Guidance for Critical Areas of Focus in Cloud Computing, V2.1 (http://www.cloudsecurityalliance.org/csaguide.pdf)". In addition, the European Network and Information Security Agency (ENISA) whitepaper "Cloud Computing: Benefits, Risks and Recommendations for Information Security (http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport)" is an important contribution to the cloud security body of knowledge. PLEASE BRING A COPY OF THESE TWO DOCUMENTS TO THE MEETING FOR TAKING NOTES. The Certificate of Cloud Security Knowledge (CCSK) provides evidence that an individual has successfully completed an examination covering the key concepts of the CSA guidance and ENISA whitepaper. Come on out and prepare to take your CCSK (Certificate of Cloud Security Knowledge) exam with study tips to help you succeed!

    1