July 2017 Meeting Video: Metasploit

The education portion of the July 2017 ISC(2) Austin Chapter meeting was about Metasploit.

Speakers were Brian O’Neill and Egypt of Rapid7.

Here’s the video of both the chapter meeting and education session.

Agenda Of The Education Session

  • Penetration Testing
  • Rapid7 and Metasploit
  • Metasploit Framework
  • Metasploit Pro
  • Other Tools
  • Takeaways

Penetration Testing

  • Often is required (e.g. by PCI-DSS, SOX, HIPAA)
  • Test and Verify Security controls
  • Adversarial testing is crucial
  • What we found among companies who let us talk about the results of their penetration testing:
    o Many people don’t know how often their organizations are pen tested

    o Of those who know, most are tested annually
    o Companies do the minimum regarding frequency of penetration testing (per regulatory requirements), which is usually not enough
    o Surprisingly, the most frequent penetration test result, among companies who allowed us share their finding, is nothing

    Teasers

    o “It’s super amateur hour in the malware world.”
    o “Exploitation is not always about vulnerabilities.”
    o “Phishing training does work.”
    o Vulnerable Service Emulator

 

ISC(2) Austin Chapter at Security Congress 2017

Security Congress was a big event, and we were there! These photos were taken by our very own ISC(2) Austin Chapter President, Tony Howlett. Here are a few highlights.

Teaser: We won awards! More about that coming soon.

Welcoming Reception
Bart Lauwers at our Reception table. Thank you, Bart!
ISC(2) CEO David Shearer cuts the ribbon to open the Security Congress.
Opening Keynote, given by Donald W. Freese, Deputy Assistant Director, Federal Bureau of Investigation (FBI)

More information about the Keynote is here.

ISC(2) Austin Chapter Volunteer Opportunities

Operating a non-profit organization can be hard work, but we’re committed that it is fun and enjoyable. We need motivated, inspired members like you! Together, we can make ISC(2) Austin Chapter the best place to share and learn about information security in Central Texas. There are numerous ISC(2) Austin Chapter volunteer opportunities. Surely, one is right for you!

  • Do you have too much free time?
  • Do you need more social interaction or spice in your life?
  • Are you looking for training and skills development? Do you need more CPEs?
  • Do you think we can do better in programming and events planning? Have you grown bored or tired of the same old same old?
  • Are you feeling stagnant in your career or participation? Is your interest waning?
  • Are you ready to spice up your information security career?

ISC(2) Austin Chapter has a variety of volunteer opportunities for every interest and skill level. Let’s work together. Join our leadership team!

Benefits Of Volunteering

  • Mentorship
  • Training
  • Skills development
  • Leadership development
  • Team participation
  • CPE’s

ISC(2) Austin Chapter Volunteer Opportunities

  • Officer roles
  • Executive Board

More About The Executive Board

As defined in the Chapter Articles of Association, the Executive Board is composed of the officers elected by the general membership.  The officers are responsible for the daily operation of the Association as described in the officers’ duties.  The order listed below indicates the order of succession to the presidency.  The following describes each officer’s duties:

President

The office of President is the primary person responsible for the business operation of the Association and presides at the regular membership meetings and the Executive Board meetings.

Vice President

There shall be one Vice President. He / She will have one vote on the Executive Board.  The Vice President is responsible for the performance of the President’s duties in the absence of the President. The Vice President, along with the Executive Board, is responsible for the program planning for the general membership meetings.

Treasurer

The Treasurer is responsible for all the funds of the association.  The Treasurer shall maintain a detailed listing of the clubs membership and dues records.

Secretary

The Secretary is responsible for maintaining the non-financial records of the Association’s operations.  The Secretary provides meeting notes of all general membership and Executive Board meetings.

Membership Chair

The Membership Chair shall maintain the membership records for the Association.

Consider And Act

Now is your opportunity to make a real difference for the cybersecurity community in Austin.  We have a large (ISC)² population, and it takes time and commitment to grow the chapter and provide worthwhile program content.  With a small commitment of time, you can help us make the Austin Chapter the kind of organization we all deserve.  Please consider submitting your name as an officer, we need our membership engaged.

Thank you for your support,
– (ISC)² Austin Chapter Officers

ISC(2) Austin Chapter Call For Articles

Our members are looking for information in the following areas. If you have the following types of information to share, we’d be thrilled to make it available to our members. Please contact us to submit your article on these or other interesting topics.

Some Topics of Interest

  • Member interest survey
  • Audience interest survey
  • Link ByLaws to ByLaws post and link from Membership web page
  • Photos and bios of leaders to our website
  • Did Bart add the bar and grid under the green bar in the Membership page?
  • How to perform an information security risk assessment
  • Meeting PCI-DSS Compliance Requirements
  • Information Security Conferences in Austin and Central Texas
  • Low Cost CPE’s
  • Free CPE’s
  • Employment Opportunities for Information Security Professionals in Central Texas
  • Information Security Organizations In Austin and Central Texas
  • About our members
  • GDPR
  • Privacy
  • So You Want A Job In Information Security
  • Call for Speakers
  • Call for Articles/Blog posts
  • Is ISC(2) Membership For You?
  • Consulting Skills
  • Other Timely, Interesting, Engaging, Informative, and Inspiring Subjects

Submission Guidelines

Submitted articles should be:

    • 300 words or more
    • Create Section titles to improve readability of articles longer than 300 words
    • No section of an article greater than 300 words between section titles
    • Use AMI Headline tool to produce high quality headline and section titles
    • Use readability analyzer to validate it’s easy to read

Call For Speakers

February 2017 blockchain discussion moderator Bart Lauwers

If you’re able to deliver value to our members and guests in one or more of the following areas, please contact us.

Our intention for speakers is to educate everyone from expert to novice while keeping it entertaining and interesting for everyone.

1. Networking opportunities

2. Staying abreast of trends in information security:

  • insight into cloud
  • seeing abreast of threats
  • threat vectors
  • how threats change
  • staying in front of different threats
  • getting a handle on how to control or understand the kill chain

3. Enabling consultants to tell clients:

  • what they should be looking for
  • so they can make the best choice of where to put their available information security funds
  • what they should be protecting against
  • how to protect themselves
  • How to assess third-party risk

4. Enabling security analysts to know:

  • Where to be looking out
  • Where to go threat hunting
  • What you’ve learned from different threats in the past
  • What kind of technology investment or training is most valuable
  • What 3rd party tools are worth more consideration

August 14th, 2017 Chapter Meeting, Christian Renaud, 451 Research, to present “Securing the IoT”

Christian Renaud, Director of 451 Research’s Internet of Things practice, will present “Securing the Internet of Things, one vertical at a time” August 14th at Indeed.com, 6433 Champion Grandview Way, Austin 78750.

Christian covers the ongoing virtualization and digitization of the physical world around us. For 25 years before joining 451 Research, Christian built nationwide networks at large and small enterprises, worked with Fortune 50 companies in the systems integrator channel, and ran Cisco Systems’s New Markets and Technologies team. He has been the CEO of multiple startups, worked in venture and angel capital, and has served as an advisor to G20 and European Commission projects.

Here’s the video

How To Stay In Touch With Us

We know our members have differing preferences for how they want to keep in touch with us, so we support several different online accounts. Please sign up with us at any or all, and you’ll always be first to learn about upcoming events.

Do you have other ways you want to keep in touch? Please let us know at one of our meetings!

Eventbrite

Eventbrite is our primary home for managing event invitations and RSVPs. With these RSVPs, we plan how much food to get, and we also create our guest list, which we use to check in all meeting attendees. For those who check in and are members of CISSP, we send up record of your attendance so it can be applied to your CPEs.

Meetup

We post all upcoming events to Meetup.com.

LinkedIn

We post all upcoming events to our LinkedIn group, and we encourage group members to share information and questions they have about the job market and other news related to information security.

Twitter

We post all upcoming events to our Twitter feed, and we encourage group members to share information and questions they have about the job market and other news related to information security.

Facebook

We post all upcoming events to our Facebook page, and we encourage group members to share information and questions they have about the job market and other news related to information security.