• TOLA Technology Summit II (Oct 14-15)

    Online event

    TOLA Cloud Security Alliance (CSA) Chapters: Texas | Oklahoma | Louisiana | Arkansas | Alabama TOLA Technology Summit II - Oct 14-15 Event information & CSA Registration Link: https://bit.ly/TOLA2 Complimentary Event Pass Join the Cloud Security Alliance TOLA CHAPTERS and ElevateIT for the TOLA Technology Summit II - Hosted virtually on October 14 This year’s event will feature a great speaking line up of hard-to-find Senior IT & Cybersecurity Executive Leaders; over 50 vendors to tour and evaluate; fantastic networking opportunities; over $5000 in prize giveaways from ElevateIT; and numerous vendor giveaways. For those interested in continued skills development, we have secured Deeply Discounted CCSK Training offered to those who attend, provided by Intrinsec Security. Complimentary DMARC Training will also be available on October 15th.

  • ElevateIT: TOLA Technology Summit

    Needs a location

    ElevateIT: TOLA Technology Summit --- A virtual full-day event https://bit.ly/TTS20Reg Comp Code: EIPTTS20 The Texas, Oklahoma, Louisiana, Arkansas (TOLA) region is a hot bed of Disruptive Innovation within startups and established firms alike. From Finance to Health Care, Oil & Gas to Manufacturing, the TOLA area is where business gets done! We know that with ever changing markets and technologies, it is imperative that organizations can adapt with speed and skill. There must be a shift in IT strategies to ensure that the right steps are taken to empower global digital transformation. The 2nd Annual ElevateIT: DFW Technology Summit is now the ElevateIT: TOLA Technology Summit and will be hosted virtually on July 10th, 2020. The CSA TOLA Chapters (including our new CSA Alabama Chapter) are pleased to sponsor this annual ElevateIT event. Registration fee is waived for CSA members. Please see the ElevateIT Registration Link and Comp Code below for complimentary passes. We hope you will join us for a full day of Peer-to-Peer Networking, Educational Presentations by Industry Leaders, and 50+ vendors to evaluate. Be sure to attend and get entered to win one of the Three Grand Prize Visa Gift Cards totaling $5000! https://bit.ly/TTS20Reg Comp Code: EIPTTS20

  • 1) Best Practices Building a Pen-Testing Program 2) Teaching Data to Stay Inside

    11:30 AM - 2:00 PM (EVENT CONFIRMED) - BOX | downtown office Lunch and snacks will be provided courtesy of our chapter sponsors: TRAPX and HOPZERO EVENT HOST: BOX EVENT LOCATION: 600 Congress Avenue, Austin, TX Check in at Security Deck on second floor foyer. The meeting room is adjacent to the security desk in the foyer area on the second floor. For additional information: Please contact Peter Vogt [masked] / [masked] ----- PRESENTATION & DISCUSSION TOPICS ----- [SESSION #1]: Best Practices Building a Pen-Testing Program (45 MIN) This session explores the initial challenges that larger organizations experience when implementing a penetration-testing program. Attendees will review the challenges a pen-testing program undergoes during the maturation process, and how those challenges impact optics, perceptions, metrics, compliance, reporting, remediation and collaboration with other teams. Attendees also will be shown how a pen-testing program can affect audits, and lastly, how to define a pen-testing program to demonstrate success. SPEAKER: Sean O'Coiligh | Depository Trust & Clearing Corporation (DTCC) Sean O'Coiligh developed the Cyber Security Assessment Team in the Cyber Security Assessment/Technology Risk Management Area at DTCC and currently leads the program. Starting in Tactical Communications, Signals Intelligence and Electronic Warfare with U.S. Marine Corps, Sean's career has spanned multiple Fortune 100 companies over the last 30 years in various Information Security and Cyber Security roles. The Depository Trust & Clearing Corporation (DTCC) is an American post-trade financial services company providing clearing and settlement services to the financial markets. It performs the exchange of securities on behalf of buyers and sellers and functions as a central securities depository by providing central custody of securities. Approximately 1.4 million settlement-related transactions per day are completed by The Depository Trust Company (DTC), with an approximate value of $600 billion (daily). [SESSION #2]: CHANGING THE GAME...Teaching Your Data to Stay Inside your Organization! By limiting the hop count of your data packets, and reducing the range of your data transmission to appropriate levels, organizations can help ensure that critical data stays safely within the data center. Speaker: Bill Alderson (CTO) HopZero (30 min) EVENT WRAPUP: CSA Cloud Penetration Testing Playbook | CSA Resources Introduction SPEAKER: Peter Vogt (15 min) EVENT HOST: BOX: www.box.com LUNCH PROVIDED BY OUR CHAPTER SPONSORS: HOPZERO: www.hopzero.com TRAPX: www.trapx.com 2019 Chapter Leaders: Peter Vogt | Ted Turich | Bill Alderson | Mitchell Merrick | Joey Victorino

  • Best of Breed: Cloud Infrastructure Security Management | Container Security

    Over the next five years we will see a significant transformation in network and application security, including network compliance policies, driven by the need to better support cloud applications, DevOps, and Containerization. How switches, routers, firewalls, and VPNs (GRE/IPSEC Tunneling) are configured in the not-too-distant future will look “nothing” like it does today. Network change management will be supplanted by extremely granular cryptographic chain-of-trust across all systems, objects, apps, and users; cryptographic segmentation will replace network segmentation; and NIST ABAC will function as the policy layer along with deep PKI/CA/X509 integration. These transformative events are inevitable and will require a re-education of audit and compliance personnel—all driven by a fast moving and highly competitive digital climate. SESSION #1: SPEAKER, DOME9 Cloud Infrastructure Security -- Verifiable Cloud Network Security, Advanced IAM Protection, Comprehensive Compliance and Governance. A review of the top cloud infrastructure management challenges, including visibility into cloud infrastructure, adherence to compliance regulations and governance standards, and setting consistent security policies. -- How do you establish and maintain a consistent security posture across your cloud environments (AWS/Azure/Google)? -- How do you seamlessly extend your security as you rapidly scale operations? -- Why security in the cloud is fundamentally different from data center security, and what you need to do to ensure a consistent security posture in your cloud environments. -- How to architect a scalable security solution for your Cloud infrastructure. SESSION #2: SPEAKER, APORETO This session will review the significant limitations associated with current network security models that no longer align with the needs of digital business, as well as solutions based on Zero-Trust, and more specifically Container Security: The evolution of advanced Application Security -- Network-Oriented Security versus Cryptographically Enabled Chain-of-Trust: Maintaining cryptographic chain-of-trust across all cloud-native applications in zero-trust environments...2018 "Container Security" catches up with DevSecOps. -- Manage Identities across applications and services by combining context and metadata from trusted sources. -- Establish and maintain cryptographic root of trust for identity. -- Automatically encode security requirements as policy that is applied to every protected application. -- Enable operational simplicity with zero touch from developers. SESSION #3: SPEAKER, APORETO Deep Dive into Container Security

  • ***EVENT CLOSED*** CISO | CIO Round Table Luncheon -- A Quarterly Event

    Fleming's Prime Steakhouse & Wine Bar | The Domain

    CISO | CIO Round Table Luncheons are held Quarterly CISO, CSO, CIO, CTO executives are invited to attend our executive lunch sessions moderated by the Cloud Security Alliance Austin Chapter in conjunction with industry subject matter experts: You must be a C-level executive responsible for strategic IT/Security direction within your organization, with a minimum of 1,000 employees. Please RSVP directly to the Chapter Chair at [masked] with your name, title, email address, company, and you will be registered. Attendance is limited to 24 participants. Registrants over this number will be wait-listed. FEB 15: PHISHING AND RANSOMWARE: A PUBLIC EPIDEMIC | EMAIL SECURITY MEETS DATA SCIENCE [Threat Intelligence data provided by Cyren] Phishing remains the top threat vector for cyber attacks, so kicking off our 2018 CISO Round Table Luncheons with this topic makes sense: Social engineering and the exploitation of human vulnerabilities continue to be the most attractive and successful paths for threat actors to target organizations and individuals who have access to sensitive data. Today's phishing attacks come in all shapes and sizes, combining levels of sophistication, speed, and malware that are astoundingly more dangerous to organizations than just 12-24 months ago. The CSA Austin Chapter along with top subject matter experts in their field will host four quarterly CISO | CIO Round Table Luncheons in 2018 focusing on the most prevalent cyber threats and cloud security trends. Our executive round table luncheons kick-off on Feb 15 with the rather striking and fast moving maturations that we are seeing across the phishing threat landscape: Why are miss rates increasing across all categories of email filtering? How are organizations measuring the efficacy of their current email security in blocking phishing and Ransomware attacks from end-users? How does an organization really know what sorts of blended attacks are getting through to endpoints? Is "zero-hour" phishing detection and blocking even possible? Feb 15: KICK-OFF -- CISO | CIO ROUND-TABLE LUNCHEON [Sponsored by Cyren] EVENT SPEAKERS: Sigurdur (Siggi) Stefnisson, VP Threat Research, based in Hafnarfjordur, Iceland and Ben Carmi, Senior VP Products, based in Herzliya, Israel, will be presenting at our kick-off event. EVENT MODERATOR: Peter Vogt, Co-Chair, CSA Austin Chapter- Jun 14: CISO | CIO Luncheon -- Container Security catches up with DevSecOps in 2018. CISOs can smile again. The evolution of advanced Application Security: Maintaining cryptographic chain-of-trust across all cloud-native applications in zero-trust environments transparently to dev personnel: Kerberos/PKI Certs for Daemons and Containers... Sponsors and speakers will be announced in February. Sep 13: CISO | CIO Luncheon -- Advanced Risk Scoring Engines: First there was the SEIM (Security Event Information Management), then we added AI for next-gen SEIMs, now we move to an entirely new level in real-time threat intelligence scoring schema...Risk Event Information Management: Scoring Risk Exposure in Real-Time across non-cyber and cyber variables. Dec 6: CISO | CIO Luncheon -- TBA Quarterly CISO luncheons are held at Fleming's Prime Steakhouse & Wine Bar located at the Domain.

  • EVENT FULL/350 attendees/EventBrite CLOSED: Austin Security Groups HOLIDAY MIXER

    Join us for a holiday mixer and come socialize with your fellow security enthusiasts. Members from all area security groups are invited to this holiday event. You must register for this event through EventBrite (see link below). We are expecting 300+ attendees, so please register below before the event is full. -------------------------------------------------------------------------------- CSA HOLIDAY EVENT SPONSORS: Amazon, Optiv, Cyren, NCC Group SPECIAL THANKS TO: ISC2, ISSA, ISACA, OWASP -------------------------------------------------------------------------------- Food, beverages, beer will be served. Mon, December 11, 2017 | 6:00 PM – 9:00 PM CST RSVP REGISTRATION: EventBrite https://www.eventbrite.com/e/austin-security-groups-holiday-mixer-registration-38083235984 Add to Calendar (https://www.eventbrite.com/e/austin-security-groups-holiday-mixer-registration-38083235984#add-to-calendar-modal) LOCATION Indeed.com Office 6433 Champion Grandview Way Building One Austin, TX 78750 View Map (https://www.eventbrite.com/e/austin-security-groups-holiday-mixer-registration-38083235984#map-target) The Austin-based security associations invite you to our Holiday Mixer: 1. American Society for Industrial Security (ASIS) http://www.asis179.org | http://www.asisonline.org 2. Association of Continuity Professionals (ACP) http://chapters.acp-international.com/capitaloftexas | https://acp-international.com 3. Austin Hackers Association (AHA) http://takeonme.org 4. Cloud Security Alliance (CSA) http://www.CSA-Austin.org | http://www.CloudSecurityAlliance.org 5. Electronic Frontier Foundation (EFF) http://effaustin.org | http://www.eff.org 6. Hackformers http://www.hackformers.org 7. Healthcare Information and Management Systems Society (HIMSS) http://austin.himsschapter.org | http://www.himss.org 8. High Technology Crime Investigation Association (HTCIA) https://htcia.org/chapter/austin | https://htcia.org 9. Information Systems Audit & Control Association (ISACA) http://www.isaca.org/chapters9/Austin | http://www.isaca.org 10. Information Systems Security Association (ISSA) https://austinissa.org | http://www.issa.org 11. Information and Systems Security Society (ISSS) https://utexas.campuslabs.com/engage/organization/isss 12. InfraGard https://www.infragard.org/Application/General/Branch?id=124 | http://www.infragard.org 13. International Information System Security Certification Consortium (ISC)2 https://isc2-austin-chapter.org | http://www.isc2.org 14. Open Web Application Security Project (OWASP) http://www.owasp.org/index.php/Austin | http://www.owasp.org 15. Society for Information Management (SIM) https://austinsim.org | http://www.simnet.org

  • General Data Protection Regulation (GDPR) Preparation Session | IOT Security

    CSA AUSTIN CHAPTER - LUNCH 'N' LEARN At AMAZON located at 11501 Alterra Pkwy, 5th Floor, Austin, TX | Barton-Zilker Conference Room The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The regulation was adopted on April 27, 2016. It becomes enforceable on May 25, 2018 after a two-year transition period. Additional session and speaker information will be posted on Friday Oct 13. 10:00-11:00 AM Check-in | Table Demos: IOT Demo-Armis | Advanced Browser Security Demo-Garrison 11:00-11:30 AM Amazon - Local Introductions 11:30-12:30 PM Session#1 GDPR Training -- NCC Group 12:30-1:00 PM Lunch | Table Demos: IOT Demo-Armis | Advanced Browser Security Demo-Garrison 15 MINUTE BREAK 1:15-2:15 Session#2 GDPR Training -- NCC Group 2:30 PM Closing Remarks, Raffle For additional information, please contact: Peter Vogt: [masked] |[masked] Mitchell Merrick: [masked] |[masked]

  • CCSP Exam Prep Class (Two-Day Session): July 17-18

    T-Werx Coworking


    CCSP | 2-DAY TRAINING CLASS: $325.00 CLASS REGISTRATION (EVENTBRITE): CCSP Exam Prep Class (Two-Day Course) - Cloud Security Alliance, Austin Chapter (https://www.eventbrite.com/e/ccsp-exam-prep-class-two-day-course-cloud-security-alliance-austin-chapter-tickets-35482506131?aff=utm_source%3Deb_email%26utm_medium%3Demail%26utm_campaign%3Dnew_event_email&utm_term=eventname_text) Certified Cloud Security Professional (ISC)² Certification - ISC2 (https://www.isc2.org/ccsp) When: July 17 and 18, 2017 from 8:00 am - 5:00 pm Instructor: Ross A. Leo - ISC2 and CSA certified CCSP instructor. Associate Director of Professional Training and Development with the Cyber Security Institute (CSI) at the University of Houston – Clear Lake College of Science and Engineering. Location: T-Werx | 1320 Arrow Point, Ste 501, Cedar Park, TX 78613 | (512)[masked] Cost: $325.00 | This two day class includes Continential Breakfast, Lunch, Snacks, and Raffle (prizes will be announced at session). Free Parking. Training materials: CCSP Certified Cloud Security Professional All-in-One Exam Guide (or) Official (ISC)2 Guide to the CISSP CBK, Fourth Edition / Edition 4 Participants will receive materials including a textbook, copies of the CSA, NIST, and ENISA core documents, and supplementary handouts as appropriate plus 16 CPE hours. About the course: The CCSP is a professional certification in cloud and information security, providing competency in cloud computing infrastructure and security expertise for mid- to advanced-level professionals in IT security, architecture, GRC, audit, and engineering for those with a background in securing, managing, or providing services in cloud environments. Beyond the beginning CCSK from CSA, which the introductory day will review, the course will provide materials and guidance for the participant to prepare for the 4-hour, 125-question technical CCSP examination and credentialing (as well as the CCSK, if desired). A score of 700 on a 1000 scaled score base will be required to pass the exam, which can be scheduled via www.isc2.org at Pearson Vue testing sites, at participant cost. More information may be obtained from https://www.isc2.org/uploadedfiles/(isc)2_public_content/certification_programs/ccsp/ccsp-brochure.pdf and the more detailed candidate booklet, as well as the CSA’s information at https://cloudsecurityalliance.org/media/news/isc2-and-cloud-security-alliance-introduce-new-cloud-security-certification/ . About the Instructor: In addition to his tenure with UHCL, Mr. Leo has been an ISC2 instructor for over 20 years, holding numerous professional credentials in security and related fields. He is a principal with Nivola Healthcare Solutions, and has partnered with SecureNinja (VP / CTO), Global Knowledge (Expert Instructor status), and Intense School, and held positions a CISO at UTMB – Galveston, a HIPAA consulting firm, and as a Program Manager and Chief Security Architect at NASA / JSC. Questions: Contact Peter Vogt | Cloud Security Alliance | [masked] | (512)[masked]

  • CyberSecurity FlashBASH | Buffalo Billiards | Downtown Austin

    Buffalo Billiards

    AUSTIN CYBERSECURITY FLASHBASH | Meet and network with your peers, play billiards, darts, and other games. Complimentary Beer, Wine and Cocktails | One complimentary cigar per attendee | Smoking Outside Only. Austin Event sponsored by the Cloud Security Alliance-Austin Chapter | Cyren | Optiv | NetSPI | CyberSecurity FlashBashes are held throughout the country. In Texas, CyberSecurity FlashBashes are held in the greater Austin, Houston, and Dallas areas on a regular basis. Events are typically sponsored by local security groups such as the CSA, ISSA, and ISC2, as well as security services organizations, vendors, and consulting firms. The goal is simple: Network with fellow IT professionals, security practitioners, C-level executuves, architects, engineers, SecOps, etc., while enjoying cocktails, cigars, billiards, and televised sports. Austin CSA Contacts : Peter Vogt (512)[masked] | [masked] Greg Willis (512)[masked] | [masked] CyberSecurity-FlashBash.com: www.cybersecurity-flashbash.com (http://www.cybersecurity-flashbash.com/)

  • Phishing & HyperEvasive Threats Converge | Latest CASB Developments | SDN Review

    LOCATION: MEETING ROOM at Congregation Beth Israel (https://maps.google.com/maps?f=q&hl=en&q=3801+Shoal+Creek+Blvd%2C+Austin%2C+TX%2C+78756%2C+us) Introductions to our new Chapter Board | Topics for 2017 | Meeting Locations Cybersecurity Education: City & Business Community Level, Kevin Williams, CISO, City of Austin AUSTIN CSA CO-CHAIRS: Peter Vogt | Derly Gutierrez AUSTIN BOARD MEMBERS: George Sprague | Mark Brady | Ben Walter | Greg Willis | Thomas McNash | Leo Magallon | Kevin Williams *** LUNCH WILL BE PROVIDED *** EVENT SPONSORS: Aryaka | Cyren | Netskope | Praetorian SESSION SPEAKERS: Lior Kohavi | Tom McNash | Jason Sheffield | Patrick Chen | Ron Hamlett SESSIONS: 1) The Future of Cloud Security: Latest Trends in Cyber Security – What's REALLY going on in The Wild? What does the future hold? 2) Malware & Phishing-as-a-Service | Hyper-Evasive Threats 3) Latest Developments in CASB Architectures 4) SDN VS MPLS [SESSION #1]: The Future of Cloud Security: Latest Trends in Cyber Security. What's REALLY going on in The Wild? What does the future hold? Speaker: Lior Kohavi, CTO Cyren [SESSION #2]: Malware & Phishing-as-a-Service | Hyper-Evasive Threats - 2016 was the worst year in the history of CyberSecurity, witnessing an overwhelming convergence of hyper-evasive threats with Phishing to create the perfect cyber storm the likes of which have never been seen. This session will delve into exactly why 2016 was a benchmark year for nation states and threat actors. The discussion will review cybercrime data on a macro-global scale as well as on an empirical/organization level. This short threat briefing and demo will bring the global Phishing & Ransomware trends through the front door of your organization with a review of the most adanced techniques used to bypass best-in-class security blocking, increase dwell times, and remain obfuscated from ATP products while Ransomware initiates its cryptographic functions. Speaker: Tom McNash, Board Member, CSA Austin Chapter, Senior Solution Engineer, Cyren North America [SESSION #3]: Latest Developments in CASB Architectures Traditional security technologies are not well suited to the needs of today's cloud. As people become increasingly mobile, collaborate more freely, and shift more of their data to the cloud, enterprises need security technology that governs usage and protects data everywhere. Instead, most IT teams are still struggling with legacy security products that simply can't contend with this new way people work. These legacy solutions don't understand cloud transactions, they only offer IT a binary policy choice - allow or block - and that frustrates both IT and users. Finally, these products only cover some workflows, don't fully protect enterprises from sensitive data loss or exposure, and introduce complexity and cost while failing to secure the enterprise completely. Attendees will leave this session with a clear perspective on: Cloud as a Threat Vector | Critical CASB Attributes | Deployment Options | Business Case for CASB Speaker: Jason Sheffield, Senior Field Engineer, Netskope [SESSION #4]: SDN REVIEW Enterprises use MPLS for site-to-site connectivity and reliable performance for datacenter applications. However, MPLS is expensive and complex, takes months to deploy, requires WAN Optimization boxes for application acceleration, and lacks cloud/SaaS connectivity. MPLS is not designed for cloud-enabled and SaaS applications. Since corporations don’t control the terminating point of such applications, MPLS cannot be deployed in these scenarios. Direct Connect solutions address only a small percentage of cloud-enabled and SaaS applications. The Internet is prone to high latency, packet loss and jitter, which results in poor application performance, especially over long distances. For example, latencies fluctuating around 300 milliseconds and 10-15% packet loss are not out of norm between San Jose and China. This results in many packets having to be sent over the network over and over again. And if the packets have to traverse a large distance (latency), employees have to wait several minutes to refresh their screens, which makes mission-critical, time-sensitive applications like ERP and CRM unusable. Edge-based SD-WAN solutions combine MPLS and Internet to simplify network operations and reduce costs. And since none of these connectivity options address performance for mission-critical and business-critical applications deployed globally, combining them doesn’t address it either. While these solutions can work for regional/local deployments and non-mission-critical applications, they fall short on global deployment scenarios where applications are mission critical and time-sensitive. The core of Aryaka’s global SD-WAN is a global private network with 26 points of presence (POPs) across six continents, less than 30 milliseconds away from 95% of the world’s business users. These POPs are interconnected by a backbone of private network connections delivered by top service providers. Enterprises use the internet for last-mile connectivity to Aryaka, but Aryaka’s global backbone delivers network transport that is far superior to the Internet and MPLS, with built-in cloud and SaaS connectivity. On top of this global network, Aryaka integrates SD-WAN technology, WAN optimization, content delivery network (CDN) functionality, mobile application acceleration, and connectivity to cloud platforms. Aryaka’s global SD-WAN is delivered as a service, reducing costs by more than 50%, compared to legacy solutions like MPLS. Deployment of the Aryaka solution at a customer site takes hours compared to the months that it takes to set up MPLS. SPEAKERS: Patrick Chen, Ron Hamlett