• Tech & Dev Mixer Event at PubNub (New Office)

    PubNub is having a new office opening party! As a courtesy to PubNub, please RSVP via www.pubnub.com/event-sf - also. Special thanks to PubNub for offering an invitation to an up and coming happy hour or hAPI Hour, as some are calling it. So, come, mix, mingle, take a break and listen to a PubNub introduction. Todd Greene is the CEO/Co-founder of PubNub is scheduled to give a speech. As an entrepreneur who has founded and successfully sold companies across the software spectrum, Todd helps shape the PubNub vision of revolutionizing the way people interact online. Let's see what he has to say. PubNub is a global Data Stream Network (DSN) and realtime infrastructure-as-a-service (IaaS) company based in San Francisco, California. The company makes products for software and hardware developers to build realtime web, mobile, and Internet of Things[3] (IoT) applications. PubNub's primary product is a realtime publish/subscribe[4] messaging API built on their global data stream network which is made up of a replicated network of at least 14 data centers located in North America, South America, Europe and Asia. The network currently serves over 330 million devices and streams over a trillion messages per month

  • Cisco Webcast: The Rise of Direct Internet Access and the Impact on Cyberattacks

    Join ESG Security Analyst, Jon Oltsik, and Cisco Product expert, Negisa Taymourian, on Thursday, July 25, 2019 at 11 a.m. PT/2 p.m. ET for the latest insights on the state of cybersecurity. Event Signup - http://bit.ly/CiscoInternetAndimpact Today’s workplaces are changing. Your users are getting work done on and off the network and using more SaaS apps, which makes them increasingly vulnerable to attacks. Has your security kept up with the changing times? In this webinar, you’ll hear about the latest security research and learn how to keep your users safe, no matter where they work. Enterprise Strategy Group partnered with Cisco to analyze and validate the latest trends in the security market, including customer perceptions and consumption patterns. This research reveals a fundamentally new approach to how organizations can keep roaming users and branch office (ROBO) locations secure from malicious threats. Ref: https://youtu.be/xMB0vDUUYUs Save your spot now!

    1
  • Cybersecurity Data Mining Competition - Phase Ii

    Needs a location

    The 10th International Cybersecurity Data Mining Competition (CDMC 2019) - http://www.csmining.org/cdmc2019/ The CDMC 2019 is a challenging, multi-month research and practice competition, focusing on the application of knowledge discovery techniques to solve advanced, real-world problems. The competition is open to teams worldwide. Contestants are invited to participate in solving a set of problems in fields of cybersecurity, text mining, image processing, etc. The competition is associated with the 12th International Workshop on Artificial Intelligence and Cybersecurity (AICS 2019), Which is an associated event to the 26th International Conference on Neural Information Processing (ICONIP 2019), Sydney, Australia. The competition is open to anyone who wishes to participate. COMPETITION TASKS Task 1: SADAVS-Sensor Array Data for Autonomous Vehicle Safety Vehicle-based accident detection systems monitor a network of sensors to determine if an accident has occurred. Instances of high acceleration/deceleration are due to a large change in velocity over a very short period of time. In the context of autonomous car, the speeds are hard to attain since a vehicle is not controlled by a human driver. The presented data captured originally in New Zealand gives a collection of a sensor array (160x144) values in monitoring the status of moving vehicle. The objective of this competition task is for early detection of any potential road accidents in two different scenarios. Task 2: IoT malware classification The aim of this task is to classify IoT malware. The features provided to perform the classification are the sequence of system calls captured during the runtime of malware in an sandbox environment. The dataset contains two parts: • TRAINING: 4167 formatted sequences of system calls, labeled by the type of the malware. • TESTING: 4275 files without known class labels. NOTE the following difference between the training and test sets. For the training set, the label of each sample (find detail information of a sample file below) is provided in the label file, whilst the TEST.label file for competition evaluation is preserved for future use. PRIZES & AWARD We have set cash prizes for the competition. The top ranking team of all data mining tasks will be eligible to win a cash prize of NZD $3000 (subject to the sponsorship fund received in 2019). Additional prizes may be available as travel grants for deserving participants to help them attend the ICONIP 2019 conference and the AICS 2019 workshop. IMPORTANT DATES Competition starts: 15 July 2019 Competition closes: 31 October 2019 Winner Announcement: 15 November 2019 This is sponsored by AICS 2019. Click on the link to find out more details - http://www.csmining.org/cdmc2019 Other ways to stay connected... https://form.jotform.com/91940687433162

  • Cybersecurity Data Mining Competition - Begin July 15 until October 2019

    The 10th International Cybersecurity Data Mining Competition (CDMC 2019) - http://www.csmining.org/cdmc2019/ The CDMC 2019 is a challenging, multi-month research and practice competition, focusing on the application of knowledge discovery techniques to solve advanced, real-world problems. The competition is open to teams worldwide. Contestants are invited to participate in solving a set of problems in fields of cybersecurity, text mining, image processing, etc. The competition is associated with the 12th International Workshop on Artificial Intelligence and Cybersecurity (AICS 2019), Which is an associated event to the 26th International Conference on Neural Information Processing (ICONIP 2019), Sydney, Australia. The competition is open to anyone who wishes to participate. COMPETITION TASKS Task 1: SADAVS-Sensor Array Data for Autonomous Vehicle Safety Vehicle-based accident detection systems monitor a network of sensors to determine if an accident has occurred. Instances of high acceleration/deceleration are due to a large change in velocity over a very short period of time. In the context of autonomous car, the speeds are hard to attain since a vehicle is not controlled by a human driver. The presented data captured originally in New Zealand gives a collection of a sensor array (160x144) values in monitoring the status of moving vehicle. The objective of this competition task is for early detection of any potential road accidents in two different scenarios. Task 2: IoT malware classification The aim of this task is to classify IoT malware. The features provided to perform the classification are the sequence of system calls captured during the runtime of malware in an sandbox environment. The dataset contains two parts: • TRAINING: 4167 formatted sequences of system calls, labeled by the type of the malware. • TESTING: 4275 files without known class labels. NOTE the following difference between the training and test sets. For the training set, the label of each sample (find detail information of a sample file below) is provided in the label file, whilst the TEST.label file for competition evaluation is preserved for future use. PRIZES & AWARD We have set cash prizes for the competition. The top ranking team of all data mining tasks will be eligible to win a cash prize of NZD $3000 (subject to the sponsorship fund received in 2019). Additional prizes may be available as travel grants for deserving participants to help them attend the ICONIP 2019 conference and the AICS 2019 workshop. IMPORTANT DATES Competition starts: 15 July 2019 Competition closes: 31 October 2019 Winner Announcement: 15 November 2019 This is sponsored by AICS 2019. Click on the link to find out more details - http://www.csmining.org/cdmc2019 Other ways to stay connected... https://form.jotform.com/91940687433162

  • Sunday SF Mix, Meet & Mingle at Press Club

    Press Club

    Hello Fellow Cybersecurty Members! Hope everyone is well. Here is the last minute announcement to meet, mix and mingle - http://bit.ly/WineJazzAndTech630 .. Pay $5.00 at the door is expected. This is a no-host event. The location has a cash bar and menu to enjoy. Here is an opportunity to mix and mingle, with live lounge music for cybersecurity and IT/ICT professionals. The live jazz music scheduled to play is Lilan Kane - https://www.lilankane.com/ We will be meeting at the Press Club Lounge. The Press Club is a wine bar and lounge that offers California wines and beers in a sophisticated, social atmosphere. The Press Club also has a menu of seasonal small plates and thoughtful pairings offer the ultimate wine experience in one of San Francisco’s most notable destinations. Pay $5.00 at the door is expected. Also, feel free to ask about cybersecurity training boot camps and employment listings.

  • Fighting Spam & Abuse with ML @ Facebook

    Facebook HQ

    In order to confirm your participation for the event you must register on the Facebook registration page: https://dataminingforcybersecuritymeetupfacebook.splashthat.com/. THIS EVENT WILL NOT BE LIVE STREAMED DUE TO POTENTIAL SENSITIVITY OF THE CONTENT. ---------------------------------------------------------------------------------------------- We will have 2 talks from Facebook's anti-abuse team: 1) Spam Fighting at Facebook Using ML Speakers: Henry Lu and Sagar Patel, Facebook Large scale spam abuse has been a growing concern for online platforms. Facebook has invested heavily in spam operations and labeling capacity, but it is impossible to grow raw manpower to the scale we operate. In this talk we will talk about how we leverage machine learning models to fight spam at Facebook. First we will present key decisions in building our models and why we made those decisions. Then we will describe our classifier framework that help us to maintain and monitor models with low overhead while staying on top of ongoing spam attacks. These advancements in our spam fighting machine learning capabilities have enabled us to scale and to protect the 2B+ active users on Facebook, keeping spam on Facebook at an all-time low. Bio: Henry and Sagar are software engineers on the site integrity team at Facebook. They fight spam. 2) Leveraging Machine Learning to Measure Abuse Speaker: Kevin Schaeffer, Facebook To effectively combat abuse on Facebook, it’s important to have high-quality, unbiased measurements of how much abuse exists on the platform and where it resides. I’ll talk about how we leverage machine-learning models to measure the prevalence of content and accounts on the site that violate our community standards. I’ll also discuss how we use similar techniques to measure false positives in production. Finally, I’ll talk about how we close the feedback loop by using measurement data to improve our systems that fight abuse. Bio: Kevin Schaeffer is an Engineering Manager on the Community Integrity team at Facebook. He previously led the experimentation platform team at Facebook and worked on Growth and Risk at Square. He holds an A.B. degree in Physics from Princeton and a Ph.D. in physics from Berkeley. Schedule: 6pm-7pm: Food, Mingle 7pm-8:30pm: Talks 8:30pm-9pm: Mingle

    3
  • DMCS Meetup #13: Securing products with graph DBs; new EU data privacy reqs

    This meetup is co-organized with GraphDB San Francisco Meetup (https://www.meetup.com/graphdb-sf/) (by the folks at Neo4j) Check out their group! Again, the venue, along with some light snacks and drinks, is sponsored by Metis San Francisco (https://www.thisismetis.com/). RSVP early! 1. Managing inter-component complexity: Securing products with Graph databases - Ravi Krishnaswamy We present real world applications of Graph databases in managing large heterogenous software products. With products using 100s of Gigabytes of components from diverse sources - ranging from internal components, external vendors and open source libraries - being able to track usage and dependencies effectively is critical in order to respond to impact of patches and security incidents. The talk will walk through a python based solution that mines dependency information from product binaries and source, populates that data into a graph database, and mashes it up with external sources of data. Example Cypher queries that solve several uses cases are presented. 2. European Data Privacy Laws; the Crossroads of Security and Privacy - Ryan Hogan Do you sometimes feel overwhelmed by the scope of information security and wondered if it’s even possible to be responsible for more things? Well friends, the answer is yes it’s possible, because European Privacy requirements are getting some BIG updates. The changes bring some good news, bad news, and plenty of gray areas to get lost in. Ryan Hogan from AppSec Consulting will break it down for you. If nothing else you can share the information to line up a bunch of “I told you so’s”, or maybe get real lucky and leverage it to get a budget for the things that you need to do to get ready for EU Privacy requirements. Bio: Ravi Krishnaswamy is the lead software architect in the Digital Engineering group at Autodesk Inc. that offers a broad portfolio of CAD products, including Web and Mobile applications. He has a passion for technology, and has implemented a wide range of solutions for products at Autodesk from database applications, to mobile graphics. He is excited with the potential of Graph Databases and Neo4j in particular as a tool to solve problems and overcome inefficiencies that previously had no easy solution. Ryan Hogan is a Senior Security Consultant, ISO27001 Lead Implementer, and risk management professional with more than 16 years of industry experience. Ryan has served in key information security roles at large enterprises within the finance, technology, manufacturing, and pharmaceutical markets. He has worked on all sides of the security equation. Ryan has worked as an auditor reviewing security controls for SOC reports, and as security manager at a service provider that is having its security controls audited, as well as a security manager at customers reviewing the results of a service provider’s security audit. He uses this perspective and experience to provide a balanced view and a risk based approach to information security that meets business objectives. In addition, his experience and expertise includes performing Enterprise IT Risk Assessments, preparing for ISO27K Implementation, Vulnerability Management, and Security Strategic Planning. Ryan has a strong track record of interpreting and applying a variety of information security-related frameworks and standards to meet an organization’s business objective. His common sense approach, communication skills, and initiative elevate him amongst his peers in the industry.

    8
  • DMCS Meetup #12: RedMarlin (co-hosted with SF Big Data Science)

    NOTE: Ashrith Barthur (Chief Security Scientist, H20.ai) CAN NO LONGER MAKE IT DUE TO TRAVEL. SHASHI WILL STILL PRESENT. Join us for a talk fromRedMarlin's Chief Scientist, Shashi Prakash. This meetup is co-hosted with San Francisco Big Data Science (https://www.meetup.com/San-Francisco-Big-Data-Science/events/241615618/) - check them out, and see you there! Agenda: 6:00 - 6:30 PM - Doors open & pizza 6:30 - 7:15 PM - Shashi Prakash's talk (Chief Scientist, RedMarlin) 7:15 - 8:00 PM - Q&A & networking Abstracts: 1. Fighting the next wave of sophisticated phishing attacks, Shashi Prakash (Chief Scientist, RedMarlin) Phishing is an ever-growing cyber threat that seems to be getting more sophisticated and widespread every year. According to the Anti-Phishing Working Group, the number of phishing attacks rose by 65% in 2016 compared to 2015, with an increasing list of types of industries under attack. In this talk, we take a look at the latest trends in phishing - volume of attacks, geographies, brands and other interesting data points. We'll examine some newer techniques like use of free SSL services, social media based attacks, homograph attacks and some older techniques like reputation hijacking. We'll share tips and techniques that security researchers can use to identify each of the aforementioned attack types and uncover details on infrastructure of the bad actors. We'll also share our experience in working with various organizations to take down such bad websites. In the end, we'll leave audience with a list of freely available tools to detect such phishing attacks and how to participate with the broader security community to fight this growing threat. Bios: Shashi Prakash (https://www.linkedin.com/in/shashi-prakash-/) is Co-founder and Chief Scientist at RedMarlin - a brand monitoring and anti-phishing company. He has been a security researcher for the past 7 years working at the intersection of email/web security and AI. He has worked at various big and small security companies, most recently at Cisco Talos, doing threat intelligence work in email security. He holds a Masters in CS from the Johns Hopkins University and Bachelors in EE from the Indian Institute of Technology.

    8
  • DMCS Meetup #11: Netflix and DataVisor

    Netflix, Winchester Circle, Los Gatos, CA

    Livestream: https://www.youtube.com/watch?v=KVpWlkCIYjo LINK TO A MAP OF THE EVENT LOCATION/PARKING. ( https://drive.google.com/file/d/0B2HB0QLjFJBMV0FFOXltanFjYkE/view?usp=sharing ) We're closing in on 2000 members! Invite your friends and colleagues! The 11th meetup for our group will be held at a familiar location in Los Gatos, CA - Netflix. (the last time they hosted us was in Sept 2015, and it was awesome) As always, light food and refreshments will be provided. The presentations will start at 7:15pm. Agenda: 1. Trainman (Rekha Bachwani (https://www.linkedin.com/in/rekha-bachwani-5b02b21/), Senior Security Engineer, Netflix) Trainman is the primary system for analyzing and actioning user activity data.It leverages activity logs, machine learning, statistical analysis and a sophisticated rule-based correlation engine to detect and alert on anomalous user activity. In this talk, we will present the overview of the system and the results we have so far. Bio: Rekha Bachwani is a Senior Security Engineer at Netflix. She earned her PhD in Computer Science from Rutgers University and worked at Intel as a Research Scientist before joining Netflix. 2. The Latest Trends in Online Fraud - a 6 month study (Ting-Fang Yen (https://www.linkedin.com/in/ting-fang-yen-20b4a032), Research Scientist, DataVisor) This talk describes an analysis of the attack tools and techniques bad actors use to create armies of fake accounts and evade detection. By analyzing the activities of over 1.3 billion users and 500 billion events, we study the lifecycle of a fraudulent attack campaign, including what devices they use to launch their attack, the email services they use to register accounts, the infrastructure they use, how many fake accounts they create to build their armies, and how long they deliberately age accounts to gain trust. We also perform comparisons between attacks targeting different geographic locations and different client verticals. Bio: Ting-Fang Yen is a research scientist at DataVisor, a fraud and financial crime detection service utilizing unsupervised machine learning to identify attack campaigns before they conduct any damage. She received her PhD in Electrical and Computer Engineering from Carnegie Mellon, focusing on the detection of malware communications by applying statistical models and machine learning. She was previously a threat scientist at E8 Security, and principal research scientist at RSA and led projects analyzing enterprise log data to identify malicious insiders and intrusions. Once again, I will attempt to livestream the event for those who are remote. More details will be posted in the comments section of the meetup page on the day. Do come in person if you can! Parking is plentiful and the company will be good. RSVP early, and see you there! - clarence p.s. Shameless plug: The book I am co-authoring with David Freeman, (DMCS meetup alumnus, Jul 2015) "Machine Learning and Security: Protecting Systems with Data and Algorithms" (published by O'Reilly Media) is available for pre-order on Amazon.com (https://www.amazon.com/Machine-Learning-Security-Protecting-Algorithms/dp/1491979909) now. Feel free to chat with me about it if you are interested to find out more.

    18