Triangle (Raleigh-Durham) Chapter

Monthly CSA Triangle Chapter Meetup - Dec 15, 2022 (AWS Security Reference Architecture: A Well-Stru

Agenda: 5:30 pm - 5:45 pm: Arrival and Networking 5:45 pm - 6:30 pm: Presentation (see the description below) 6:30 pm - 8:00 pm: Drinks and Networking (Sponsored by Aligned Technology Group - https://alignedtg.com/) Title: AWS Security Reference Architecture: A Well-Structured Foundation Summary: The AWS Security Reference Architecture (AWS SRA) is a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. It can be relied upon to help design, implement, and manage AWS security services so that they align with industry accepted practices. The recommendations are built around a single-page architecture that includes AWS security services. In this session, learn about the AWS SRA and how you and your team’s might rely on the AWS SRA to design and secure your cloud hosted workloads. Also learn how they help achieve security objectives, where they can be best deployed and managed in your AWS accounts, and how they interact with other security services. Speaker Bio: Manny Landron (Principal Information Security Consultant at Aligned Technology Group) Manny Landron has extensive experience building, securing, and monitoring high-value and well-regulated applications and platforms, on-premises and in-cloud. He most recently served as the interim head of information security at Caesars Sportsbook which leverages AWS to deliver a reliable and secure sports betting experience. Previously, Manny implemented the greenfield information security programs for IAT Insurance Group, a specialty insurance company with about 2B in underwritten premium, and for Citrix ShareFile, a Gartner Magic Quadrant leading content collaboration solution hosted with AWS and Azure. He also performed the requirements analysis and designed the HIPAA audited ShareFile Cloud for Healthcare to satisfy healthcare customer HIPAA security and privacy requirements and the FINRA compliant ShareFile Cloud for Financial Services to satisfy broker-dealer customers subject to SEC Rule 17a-4 requirements. Manny is a graduate of Virginia Tech and holds several security designations including the AWS Certified Security Specialty.

Monthly CSA Triangle Chapter Meetup - January 19, 2023 (Leveraging Data Science to automate Attack S

Cisco's CSIRT team runs security operations (SOC) performing threat detection, incident response and vulnerability management for Cisco enterprise and cloud hosted offers. Cisco uses 5000+ cloud accounts on AWS, Azure and GCP. Numerous attacks in the cloud and managed service providers show that the cloud introduces new and amplifies traditional threat vectors. The CSIRT team is responsible for protecting over a million assets owned by Cisco running both in data centers and cloud, 100+ thousand employees and partners that work for Cisco, and petabytes of Cisco and customer confidential and sensitive data. In this talk the author will outline how Cisco leverages data science and automation combined with security telemetry and tooling that includes Cisco's security products like Kenna, Duo, AMP, Umbrella, Talos etc. This has helped to boost the intelligent automation of Cisco's SOC on tasks related to monitoring, prevention, detection and response to threats and incidents. Will highlight two key security innovations in our SOC: Plays as Code: How we boost the performance and accuracy of traditional detection methods with code which can incorporate more complex combinations of data (including Umbrella, Duo and AMP), data science algorithms and complex logic to perform decision tasks such as ticketing/case-automation and alerting. Attack Surface Automation: How we leverage Kenna, Talos and other vulnerability and threat intelligence data sources to build risk context and prioritization of the attack surface for vulnerability management and incident response. External exposure visibility improvement via external sources like Shodan and ERV (Bugcrowd), DNS Reconnaissance via Umbrella and cloud exposures via Cloud Connector information. Author Bios: Vinay K. Bansal is CTO and Principal Engineer for Cisco's CSIRT/SVIC (Security Vulnerability and Incident Response) team. His current focus is automating, embedding data science in threat detection and incident response. He held various roles in Cisco including Chief Architect for cloud security focussing on Cisco's 80+ cloud offers, global security lead for Cisco’s “Web and Application Security Architecture Team”, that focuses on improving security of Cisco’s 2000+ IT Web Applications, databases, mobile services. Vinay has 29+ years of industry leadership experience in securing and architecting innovative solutions. Prior to Cisco Vinay has worked at various Fortune 500 companies including IBM, AT&T, Nokia, Experian, and Plessey Telecom (UK). Vinay holds a Master's degree in Computer Science from Duke University. Shane McElligott is a Lead and SME in the practice of Data Science and Security. He currently focuses on Attack Surface Management and Vulnerability Triage as well as automating Threat Monitoring and Application Security. He is a member of Cisco’s Emergency Vulnerabilities Management (EVMP) team, which is an on-call rotation protecting Cisco from emerging urgent vulnerabilities. Additionally, he mentors colleagues on data science and practical applications of code and algorithms to solve security problems. A North Carolina State alumnus, Shane also is a GIAC certified Web Application Pen Tester (GWAPT) as well as a GIAC certified Vulnerability Assessor (GEVA). He holds several patents in artificial intelligence and security.