Security B-Sides Orlando - April 5-6 2014 http://bsidesorlando.org/2014 Bringing Information Security back to Central Florida Mon, 04 Aug 2014 13:31:45 +0000 en-US hourly 1 Elvis Moreland – The Problem with Government IT Security http://bsidesorlando.org/2014/elvis-moreland-the-problem-with-government-it-security http://bsidesorlando.org/2014/elvis-moreland-the-problem-with-government-it-security#comments Sat, 05 Apr 2014 02:49:47 +0000 http://bsidesorlando.org/2014/?p=493 Bio

Mr. Moreland is a proven, innovative and adaptable Sr. IT Manager and Architect specializing in Enterprise Security Program Design, IT Governance, Risk Management, Audit, Compliance & Operations Programs using NSA IA CMM, ISO 20000, ISO 27001/2, 12207, ITIL, NIST, CERT/CC, IATF & IEEE standards in engineering efficient and cost saving IT policy, programs, process, CSIRTs, Network Ops and Security Centers (NOSCs). I have a broad business, management, operations and technical background in public and commercial sectors with over 20 years in aerospace and defense, including 4 years with the Department of Defense (U.S. Transportation Command) J6 – Global Command, Control, Communications, and Computer Systems (C4S) Coordination Center (GCCC) and J2. I previously developed a security oriented architectural process and a capability maturity model for Security Operations Centers (SOC-CMM) that combines an compliancy measurement with an assessment framework that can be used to meet regulatory requirements, cut costs and improve the Information Security (INFOSEC) operational capabilities of an existing NOSC or assist with the design, implementation and management of an emerging SOC or CSIRT. I also have in-depth experience in developing System Security Plans (SSP), Process, Procedures, Enterprise Security Architecture, and managing security Plan of Action & Milestones (POA&M).

Specialties: ISO 20000, 27001/2, 12207, ITIL, NIST, FIPS, OMB, Governance, Risk Management Frameworks, Audit & Compliance, DIACAP, FISMA, HSPD-7, Information Assurance Technical Framework (IATF), and the Information Systems Security Engineering (ISSE) Process based on ISO/IEC and IEEE standards of IT industry best practices.

Abstract

The problem with federal government IT Security is rooted in three areas: People, Process and Technology.

]]>
http://bsidesorlando.org/2014/elvis-moreland-the-problem-with-government-it-security/feed 0
Eric Delisle – Launching a Security Product from C-L;A-B;M-Z+% http://bsidesorlando.org/2014/eric-delisle-launching-a-security-product-from-c-la-bm-z http://bsidesorlando.org/2014/eric-delisle-launching-a-security-product-from-c-la-bm-z#comments Tue, 25 Mar 2014 21:22:23 +0000 http://bsidesorlando.org/2014/?p=466 Bio

As a serial Entrepreneur, Eric B. Delisle, CEO at DigiThinkIT, Inc., loves projects and learning.

Over the last 25 years Mr. Delisle has developed a broad range of experience from putting the first Virtual Reality Systems in Disney World, personally raising millions for his “dot com” during the “dot com” boom, doing market research and channel distribution working at MTV Viacom/Networks, being a consultant to the National Science Foundation (NSF) on SBIR funding proposals, designing products and traveling to and manufacturing those products in China, in addition to numerous other ventures.

Whether he is architecting a business model, raising millions from investors, creating a brand, negotiating contracts, building a team, or creating a marketing campaign and developing a sales pitch for an unknown product, Mr. Delisle, has successfully blazed most trails an Entrepreneur needs to learn. In addition to his successes, Mr. Delisle, is usually quick to point out to budding Entrepreneurs that he has failed more times than most people will ever try in business. The secret, he says, is to learn, pivot, and never give up. Today, his way of “giving back” is mentoring other Entrepreneurs to help them achieve their own dreams.

Currently, Mr. Delisle, invests in real estate and startups, and spends most of his time running DigiThinkIT, Inc., a custom software, web development, and consulting company in Downtown Orlando, FL.

Specialties: Web Based Technology and Business Software Systems, Branding and Identity, Fundraising, Marketing, Business Process Automation, Sales Training, SEO & SEM through Relevant Content Marketing, Investing, and almost anything that takes an idea from a napkin to the marketplace.

Abstract

Funny title? Sometimes the Entrepreneurial path is funny, too.

I would do a talk about how we launched a new Security Product, (a privacy and anonymity tool for consumers), from A – Z. Unfortunately, that isn’t always how life happens.

What I will talk about is how to spot an idea, get some basic validation for it’s commercial viability, and then walk you through the process of considering how (or if) you can turn your idea into a product or company.

Next, we will cover some specific actions you can take to move your idea forward towards commercial success, billions of dollars in your fat pockets, and sexy ladies (or dudes) hanging out the windows of your pimp ride!

]]>
http://bsidesorlando.org/2014/eric-delisle-launching-a-security-product-from-c-la-bm-z/feed 0
CPE Credits for the Event http://bsidesorlando.org/2014/cpe-credits-for-the-event http://bsidesorlando.org/2014/cpe-credits-for-the-event#comments Tue, 25 Mar 2014 19:17:29 +0000 http://bsidesorlando.org/2014/?p=464 Are you looking for CPEs and want some for coming to Security B-Sides Orlando? You may be in luck! Download and fill out this form, bring it to registration, and we should be able to help you get some of your required credits.

Download Form Here

]]>
http://bsidesorlando.org/2014/cpe-credits-for-the-event/feed 0
Live Band http://bsidesorlando.org/2014/live-band http://bsidesorlando.org/2014/live-band#comments Tue, 25 Mar 2014 18:37:00 +0000 http://bsidesorlando.org/2014/?p=461 Sci-Fried will be performing live at Security B-Sides Orlando for the evening after party. Please be sure to stick around after dinner to rock out and enjoy our complimentary open bar.

]]>
http://bsidesorlando.org/2014/live-band/feed 0
Alex Hutton – Alex Dreams of Risk http://bsidesorlando.org/2014/alex-hutton-alex-dreams-of-risk http://bsidesorlando.org/2014/alex-hutton-alex-dreams-of-risk#comments Sun, 23 Mar 2014 15:13:00 +0000 http://bsidesorlando.org/2014/?p=453 Bio

Alex Hutton is a big fan of trying to understand security and risk through metrics and models.  Currently, Alex is the Director of Risk Management for a top 25 bank.  A former principal for Research & Intelligence with the Verizon Business RISK Team, Alex also helped produce the Verizon Data Breach Investigation, the Verizon’s PCI Compliance report, was responsible for the VERIS data collection and analysis efforts, and developed information risk models for their Cybertrust services.  Alex is the veteran of several security start-ups.

Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject.  Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security Forum.   Alex is a founding member of the Society of Information Risk Analysts (http://societyinforisk.org/), and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog (http://www.newschoolsecurity.com).  Some of his earlier thoughts on risk can be found at the Riskanalys.is blog (http://www.riskanalys.is).

Abstract

How the Concept of Being a Craftsman can Help you Find Meaning and Avoid Burnout.

One of the endemic issues in our industry is burnout. This talk is a tale of how I came to grips with who I am as a security pro, what my work was about, and who my work was really for.

]]>
http://bsidesorlando.org/2014/alex-hutton-alex-dreams-of-risk/feed 0
Marcel van den Berg – Threat Intel Case studies: The bigger picture of SOHO router pharming and DoFoil http://bsidesorlando.org/2014/marcel-van-den-berg-threat-intel-case-studies-the-bigger-picture-of-soho-router-pharming-and-dofoil http://bsidesorlando.org/2014/marcel-van-den-berg-threat-intel-case-studies-the-bigger-picture-of-soho-router-pharming-and-dofoil#comments Fri, 14 Mar 2014 19:12:29 +0000 http://bsidesorlando.org/2014/?p=433 Bio

Marcel van den Berg is Team Lead for the Threat Intelligence Group at Team Cymru. Before joining Team Cymru in 2008, Mr. van den Berg was a law enforcement officer for 13 years and helped setup the National High Tech Crime team at the Dutch National Police.

Abstract

Internet Threat Intelligence can be a challenge to understand. It is more than looking at where security incidents are happening. Answering the questions who?, why? and how? are as important to fully understand the threats faced.

This talk provides a case study on how we analyzed a network of more than 300.000 compromised SOHO routers and answered the who and why question. We also provide insight on how we linked DDoS attacks on a government to malware and botnets of Eastern European criminals.

]]>
http://bsidesorlando.org/2014/marcel-van-den-berg-threat-intel-case-studies-the-bigger-picture-of-soho-router-pharming-and-dofoil/feed 0
One Month Out http://bsidesorlando.org/2014/one-month-out http://bsidesorlando.org/2014/one-month-out#comments Thu, 06 Mar 2014 04:03:57 +0000 http://bsidesorlando.org/2014/?p=397 Hello Internet! We are just one month away from Security B-Sides Orlando 2014! We are very excited for this event and we hope you are too. We are still looking for sponsors, donations for our silent auction, and speakers! Please be sure to buy your tickets before they run out!

]]>
http://bsidesorlando.org/2014/one-month-out/feed 0
Jeff Toth – Tacticool Mindset http://bsidesorlando.org/2014/jeff-toth-tacticool-mindset http://bsidesorlando.org/2014/jeff-toth-tacticool-mindset#comments Thu, 06 Mar 2014 02:26:11 +0000 http://bsidesorlando.org/2014/?p=393 Bio

Jeff (g3k) is the type of person who says he will do something awesome for himself and then never do it.

Anyways, Jeff likes physical security, locks, RFID, CTF, tactical things, EveryDayCarry and bourbon. He’s been working in the security industry for 4 years and has been in IT for almost 10. He helped put together this little shindig, organized DC407 and is now a part of DC813 and Tampa Hackerspace where he often is found teaching lockpicking or working with the Red Team meetup on projects or training. He hopes to one day be on a red team and to become a real boy.

Abstract

Red Teaming and penetration testing is becoming more like paramilitary operations as folks who have served abroad start coming home and find that their talents for mayhem abroad makes for a great paycheck back home.

While reading about red team operations online, one might stumble upon blogs or war stories by these men and women and this can be intimidating. I’ll go over what you need to do to hone your focus to start preparing, and steps you can take to temper your skills. We will go over ways you can legally practice red team skills, some gear that won’t break the bank and some physical fitness tips.

I am not on a red team, but I would like to be one day. How about you?

]]>
http://bsidesorlando.org/2014/jeff-toth-tacticool-mindset/feed 0
Jack Daniel – Survival Skills for Infosec Pros http://bsidesorlando.org/2014/jack-daniel-survival-skills-for-infosec-pros http://bsidesorlando.org/2014/jack-daniel-survival-skills-for-infosec-pros#comments Wed, 05 Mar 2014 19:01:53 +0000 http://bsidesorlando.org/2014/?p=374 Bio

Jack Daniel, Technical Product Manager for Tenable Network Security, has over 20 years’ experience in network and system administration and security, and has worked in a variety of practitioner and management positions. A technology community activist, Jack is a co-founder of the Security BSides movement and serves on the Board of Directors for Security BSides Las Vegas, Inc., and Security BSides, Inc. A frequent speaker at technology and security events large and small, Jack is a CISSP, holds CCSK, and is a Microsoft MVP for Enterprise Security. And his beard is older than many of his friends.

Abstract

The demands on infosec and technology professionals often seem overwhelming, this talk discusses ways to maximize your ability to thrive in the high-stress, high-demand environment of technology and security.

Building on lessons learned from the ongoing stress and burnout research project, this talk looks at the other side, how people avoid getting into trouble and sustain high efficiency and satisfaction. Topics range from defining issues and challenges, to identifying potential trouble, to day-to-day advice for being content and productive. (This is Jack here, don’t push your luck and ask for “happy”, be content with “content”).

Audience participation and engagement is highly encouraged in this session.

]]>
http://bsidesorlando.org/2014/jack-daniel-survival-skills-for-infosec-pros/feed 0
Jonathan Singer – Hardware Introduction Class http://bsidesorlando.org/2014/jonathan-singer-hardware-hack-class http://bsidesorlando.org/2014/jonathan-singer-hardware-hack-class#comments Thu, 27 Feb 2014 22:53:06 +0000 http://bsidesorlando.org/2014/?p=356 Bio

Jonathan is a recent graduate of the University of Central Florida’s Information Technology program. While at UCF, Jonathan founded the Collegiate Cyber Defense Club and was elected as President and Captain of the varsity cyber defense team. He successfully lead the team to victory in the Southeast Collegiate Cyber Defense Competition, ranking as one of the top 10 teams in the nation. Also while at UCF, Jonathan worked for a Central Florida ISP specializing in abuse and information security. His experience includes incident response, web application security, PCI compliance, and Linux server administration and hardening. Jonathan also co-founded the Security B-Sides Orlando Conference and developed the hackable guest badges. You can normally find him behind a terminal playing CTFs or reading /r/netsec. He has participated in several speaking engagements around Central Florida and currently holds his CCENT, A+, and Net+.

Abstract

Have you ever wanted to make your own circuit board? How about take a basic design into production? This class will be discussing the process of taking your schematics and ideas, and turing them into a full scale production. Learn about how to design boards digitally in software, send to production, and get boards assembled. After some learning about fabrication, we will be assembling our own boards and programming the hardware. This class comes with a hardware kit that you get to take home. This is a buy in class. Tickets are available to purchase, while supplies last.

You will be supplied with:

  • Soldering Iron
  • Solder
  • Desolder Wick
  • Multifunction Volt Meter
  • Side Shears
  • Several hackable kits to assemble and program
  • USB cable and Programmer
  • Thumb drive with all documentation and applications
  • All of which you get to keep!
]]>
http://bsidesorlando.org/2014/jonathan-singer-hardware-hack-class/feed 0