- Recent Developments in the Threat Landscape
The cyber threat landscape is continuing to evolve. Shifting political developments are influencing the cyber operations of nation-states, while changing market conditions and new monetization strategies are altering the cyber criminal ecosystem. Hacktivists are working hard to stay relevant, while insider threats continue to keep network defenders, executives, and even policy-makers on edge. Evolve Security invites you to join Patrik Maldre, Principal Intelligence Analyst at CyberCube, for a meet-up that will dive into the trends, motivations, and tactics behind the cyber threat activity that we see in the news on a daily basis. Together, we'll attempt to make sense of the constant flow of security information in a way that enables us all to have a more cohesive and nuanced view of threats present in our digital environment. Patrik Maldre is currently Principal Intelligence Analyst at CyberCube, where he focuses on integrating threat intelligence into the company's cyber risk modeling products. He is also a proud graduate of Evolve Security Academy and has been teaching its threat intelligence module to all incoming cohorts since early 2018. Previously, Patrik has worked as a cyber intelligence analyst at FireEye and as diplomat focused on cyber policy at the Estonian Ministry of Foreign Affairs. He completed military service in the Estonian Defence Forces as a sergeant and squad leader, and still serves voluntarily in the Estonian Defence League Cyber Defence Unit. Patrik has studied philosophy, political science, international relations, cyber security, cyber intelligence, and penetration testing. Pizza and refreshments will be provided!
- Evolve Academy Info Session + Burp Suite Demo
*Be sure to register for participation & log-in info* April 11, 2019, 6:00 PM CST, Location: Online Register: bit.ly/EAInfoBurpSuiteDemo41119 During this webinar attendees will learn more about the Evolve Security Academy bootcamp experience and receive answers to FAQs. Alex Kalina, Evolve Security Academy alumna and cybersecurity consultant, will also demonstrate one of the most popular and useful tools - Burp Suite Scanner – the Swiss army knife for an application tester. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. The next Bootcamp REMOTE starts May 13 and the next Bootcamp PRO starts May 28. https://www.evolvesecurity.io/academy/bootcamps
- The Surprising Secrets of the Best Run Security Departments
Steve Hunt, ISSA Distinguished Fellow & Hall of Fame inductee is a strategic executive advisor to global companies. He will share his multi-year research revealing keys to creating a resilient security operation with high employee retention and executive buy-in. You'll learn how the best organizations measure the maturity of their security operations and how you can do the same in order to show quick improvement to C-level executives. This entertaining presentation will be useful to security professionals, end users, vendors and consultants. About Steve Hunt Steve Hunt is an executive strategist, advisory board member at Evolve Security Academy, and faculty member in Communities of Excellence who is passionate about mentoring the next generation of security leaders. He founded the Chicago Chapter of the ISSA, Served on the ISSA International Board of Directors, was elected Distinguished Fellow, and inducted into the ISSA Hall of Fame. CSO Magazine presented him with the “Industry Visionary” Compass Award. He founded Communities of Excellence in 2016 to promote mentorship and performance excellence frameworks within the security industry. Steve is a popular speaker at business and security conferences around the world. He also appeared as a homeland security analyst on CNBC, Fox News, CNN, and other news programs. His analysis has appeared in the Financial Times, Wall Street Journal, The New York Times, Business Week, and other global publications and trade magazines. Steve attended Elizabethtown College and was a graduate fellow at University of Chicago. Steve’s diverse background lends a fresh perspective on business and society. Pizza and refreshments will be provided!
- Cybersecurity Lessons From Game of Thrones
March is Women’s History Month! And, professionals in cybersecurity are literally making history as we speak, thanks to its ever changing, ever evolving nature! Join us for this special event. Are you a Game of Thrones fan?! Regardless, come to this riveting presentation about the parallels between cybersecurity and "GoT". “Winter is coming,” was the familiar mantra of House Stark, one of the Great Houses of Westeros in Game of Thrones (GoT)`. These are words of warning and a call to remain vigilant. Engage about what the lessons are that we could take away from Game of Thrones to teach us about modern day Cybersecurity? About Pamela Nigro Pamela Nigro, MBA, CRMA, CISA, CGEIT, CRISC, is a multifaceted, highly experienced IT Audit and IT Controls leader who brings unique experience with experience with external Big 4 auditing, and cost-effective management of corporate risk and regulatory compliance with the 4th largest health insurance company. Ms. Nigro is a subject matter expert in IT Controls, and is the Senior Director of Information Security focusing on the GRC practice at Heath Care Service Corporation (HCSC). She is responsible for IT risk and compliance testing for the five Blue Cross Blue Shield Plans comprising HCSC (Illinois, Texas, New Mexico Oklahoma, and Montana). Ms. Nigro is also an Adjunct Professor at Lewis University in Romeoville, IL where she teaches courses on Ethics, Risk, IT Governance and Compliance, and Information Security, in the MSIS and MBA programs. Ms. Nigro is the current President of the ISACA Chicago Chapter, and the Chair of the ISACA Chicago Women’s Forum. She is also a Distinguished Toastmaster and a frequent speaker at IT Audit, IT Risk, and Cybersecurity industry conferences, as well as local ISACA and IIA Chapter Meetings. Pizza and refreshments will be provided. Sponsored by TEK Systems! At TEKsystems, we’re obsessed with technology. Its power to change everything. Technology fuels our passion for and commitment to helping organizations do what they set out to. When we engage, we bring fresh ideas that help you galvanize your performance. Refine your strategy. Spark new energy. The future—and how we get there—depends on those who build, connect, create and transform our world. The most successful and innovative businesses are already doing it, and we’re skilled experts at bringing in the team they need to thrive. In partnership with Chicago Cybersecurity Meetup!
- Thriving Thursday: My Journey To Cybersecurity
March is Women’s History Month! And, professionals in cybersecurity are literally making history as we speak, thanks to its ever changing, ever evolving nature! Join us for a special panel of women who will be sharing their personal experiences about entering the cybersecurity field and their career path. This EvolveSec will be great for anyone who is looking to learn about different pathways of entering the cybersecurity field to how to grow in the cybersecurity field. Come ready with your questions! The panelists will share a bit about themselves and their backgrounds. We’ll be sure to cover topics like: What are some cybersecurity career paths? What kind of education is necessary to get started? Why is it important to close the cybersecurity gender gap? Why do women love cybersecurity? Any tips for women and men entering cybersecurity. 3.14 means ... it will also be Pi Day! So pie, pizza and refreshments will be provided! About Aleksandra Vold Aleksandra’s emphasis on cybersecurity offers clients a critical safeguard. Her practice is devoted to privacy breach response and preparedness, payment card industry standards and investigations, and advising on how to identify, evaluate and manage first- and third-party data privacy and security risks. She coordinates a skilled team including forensic and public relations professionals, and notification vendors to protect her clients' reputation. Aleksandra’s strengths in cybersecurity are bolstered by her representation of startups and closely held technology companies in a variety of commercial disputes, including intellectual property, trade secrets, federal labor law and contract matters. Aleksandra frequently advises clients on compliance with state, federal and international laws and regulations. About Ariel Ehrlich Ariel has always loved technology and working with computers but never considered it as a career. She studied environmental science and geology in college but after graduating she decided against going to law school and instead that she wanted to work in IT. Ariel participated in the very first Evolve Security Academy cohort and that experience ignited her passion in cybersecurity and gave her the fundamentals to pursue a career in this exciting field. Since then, she has worked in application security at United Airlines, originally running the Bug Bounty program and more recently moved to the ethical hacking team, focusing on pentesting web apps. About Chantel Sims After going through Evolve Security’s bootcamp, Chantel went into the cyber security field as an Jr Information Security Analyst where she monitors and scans for cyber threats, conducts penetration tests, and strengthens the security posture of her company. She loves all things ethical hacking and red teaming and will be joining her first red team this summer. She aspires to mentor other women entering the field and hopes to start her own Offensive Security firm in the future. In her spare time, she works on security related home projects and is preparing for more certifications that will enhance her ethical hacking skills. Sponsored by TEK Systems! At TEKsystems, we’re obsessed with technology. Its power to change everything. Technology fuels our passion for and commitment to helping organizations do what they set out to. When we engage, we bring fresh ideas that help you galvanize your performance. Refine your strategy. Spark new energy. The future—and how we get there—depends on those who build, connect, create and transform our world. The most successful and innovative businesses are already doing it, and we’re skilled experts at bringing in the team they need to thrive. In partnership with Chicago Cybersecurity Meetup! Parking: Street parking is available.
- How Online Dating Made Me Better At Threat Modeling
Since 2008, Isaiah Sarju has been an asset to the Information Security field. He has contributed to the Microsoft Security Intelligence Report, exploited systems in diverse environments, conducted numerous penetration tests, and taught students how to become top tier defenders. So just how did online dating make Isaiah better at threat modeling?! Isaiah Sarju has used online dating sites such as Tinder and OkCupid. At times this seems antithetical to his stance on privacy and security. To better understand the security ramifications of online dating, and to establish safe methods of doing it, he applied threat modeling to online dating. Through this he came up with a set of best practices depending on your threat model. This talk is relevant for anyone who is trying to balance privacy and security and a desire for human connection in this modern world. Due to the real and perceived dangers of online dating, the stigma that surrounds it, and the pervasiveness of it, it is a great lens through which folks can be introduced to the core principles of threat modeling. It also makes it fun to talk about! Pizza and refreshments will be provided!
- Cybersecurity Penetration Testing: An inside look on how a pentest is performed
*Be sure to register for participation & log-in info* November 28, 2018, 6:00 PM CST, Location: Online Register: bit.ly/CybersecurityPenetrationTestingWebinar112818 Jim Holcomb, a senior security consultant at Evolve Security, will walk through how an actual penetration test is performed by a consultant. Don’t miss this inside look into a live exploitation demonstration. Jim Holcomb will also be the instructor for Evolve Security Academy’s Penetration Testing Track /02, beginning January 28th - February 28th. This training will meet Monday through Thursday from 7pm-9pm for 5-weeks. The training is immersive and hands-on, delivered remotely through live instruction, recorded lectures and lab tutorials. Students will gain the knowledge to deliver a full penetration test at the network and application layer, from scoping, threat modeling and discovery to vulnerability scanning, exploitation and reporting. Each lab is created based off real world situations encountered by Evolve Security penetration testers. There are no capture the flag exercises, made up scenarios or silly puzzles. This training is designed for anyone who wants to become a penetration tester or who is interested on how hacker breaches an organization.
- EvolveSec / Hack Your Cybersecurity Career: Enter or Grow in the Industry
Michael Winkler is the Director of Information Security & Compliance at Matthews International, a company that focuses on three business segments: brand solutions, memorialization and industrial. Hack your way into a cybersecurity career! Mike will present on Information Security as a Career and dive into entering or growing in the industry for new or aspiring cybersecurity professionals. Learn about possible career paths in information security beyond just hacking. Mike will provide insight from his professional experience and talk about career options in compliance, risk management, DRP, security awareness and training. He will also share advice on how information security professionals can advance into management roles in an organization. Pizza and refreshments will be provided! Sponsored by TEK Systems! At TEKsystems, we’re obsessed with technology. Its power to change everything. Technology fuels our passion for and commitment to helping organizations do what they set out to. When we engage, we bring fresh ideas that help you galvanize your performance. Refine your strategy. Spark new energy. The future—and how we get there—depends on those who build, connect, create and transform our world. The most successful and innovative businesses are already doing it, and we’re skilled experts at bringing in the team they need to thrive.
- EvolveSec CHI // Windows Pentesting: Analyzing the Attackers' Toolbox
DESCRIPTION Ben Burkhart and Jim Holcomb perform penetration tests against a variety of different targets and environments in their daily work as Security Consultants for Evolve Security. However, through their collaborative work with the Evolve Security Academy, they have noticed that Windows environments often give new pentesters the most trouble. In this talk, they will provide a brief survey of some of the most effective tools available to pentesters that can be used to target Windows systems and networks. Their talk will include demonstrations and an overview of how pentesters can best leverage popular tools like Impacket, Empire, PowerSploit/Powershell, and Metasploit on engagements. They will walk through a demo lab environment and explain how each tool can be used at different steps of the Penetration Testing Methodology. In addition, they will also provide an overview of tools which can be used to build an intentionally vulnerable environment that new penetration testers can use to practice and hone their skills. This will be a beginner-friendly talk that hopefully has some stuff for the more advanced folks as well. Pizza and refreshments will be provided!