The education portion of the July 2017 ISC(2) Austin Chapter meeting was about Metasploit.

Speakers were Brian O’Neill and Egypt of Rapid7.

Here’s the video of both the chapter meeting and education session.

Agenda Of The Education Session

• Penetration Testing
• Rapid7 and Metasploit
• Metasploit Framework
• Metasploit Pro
• Other Tools
• Takeaways

Penetration Testing

• Often is required (e.g. by PCI-DSS, SOX, HIPAA)
• Test and Verify Security controls
• Adversarial testing is crucial
• What we found among companies who let us talk about the results of their penetration testing:
  o Many people don’t know how often their organizations are pen tested

  o Of those who know, most are tested annually

  o Companies do the minimum regarding frequency of penetration testing (per regulatory requirements), which is usually not enough
  o Surprisingly, the most frequent penetration test result, among companies who allowed us share their finding, is nothing

  Teasers

  o “It’s super amateur hour in the malware world.”
  o “Exploitation is not always about vulnerabilities.”
  o “Phishing training does work.”
  o Vulnerable Service Emulator

Security Congress was a big event, and we were there! These photos were taken by our very own ISC(2) Austin Chapter President, Tony Howlett. Here are a few highlights.

Teaser: We won awards! More about that coming soon.

More information about the Keynote is here.

June 2017’s meeting was titled “Getting Started with AWS Security”.

Here’s the video

Here’s the video from our April 2017 meeting.

Subject: Security Congress Briefing and Volunteer Training

Our members are looking for information in the following areas. If you have the following types of information to share, we’d be thrilled to make it available to our members. Please contact us to submit your article on these or other interesting topics.

Some Topics of Interest

• Member interest survey
• Audience interest survey
• Link ByLaws to ByLaws post and link from Membership web page
• Photos and bios of leaders to our website
• Did Bart add the bar and grid under the green bar in the Membership page?
• How to perform an information security risk assessment
• Meeting PCI-DSS Compliance Requirements
• Information Security Conferences in Austin and Central Texas
• Low Cost CPE’s
• Free CPE’s
• Employment Opportunities for Information Security Professionals in Central Texas
• Information Security Organizations In Austin and Central Texas
• About our members
• GDPR
• Privacy
• So You Want A Job In Information Security
• Call for Speakers
• Call for Articles/Blog posts
• Is ISC(2) Membership For You?
• Consulting Skills
• Other Timely, Interesting, Engaging, Informative, and Inspiring Subjects

Submission Guidelines

Submitted articles should be:

• • 300 words or more
  • Create Section titles to improve readability of articles longer than 300 words
  • No section of an article greater than 300 words between section titles
  • Use AMI Headline tool to produce high quality headline and section titles
  • Use readability analyzer to validate it’s easy to read

Christian Renaud, Director of 451 Research’s Internet of Things practice, will present “Securing the Internet of Things, one vertical at a time” August 14th at Indeed.com, 6433 Champion Grandview Way, Austin 78750.

Christian covers the ongoing virtualization and digitization of the physical world around us. For 25 years before joining 451 Research, Christian built nationwide networks at large and small enterprises, worked with Fortune 50 companies in the systems integrator channel, and ran Cisco Systems’s New Markets and Technologies team. He has been the CEO of multiple startups, worked in venture and angel capital, and has served as an advisor to G20 and European Commission projects.

Here’s the video

Check out all of the sessions.

Stay current on the agenda.