Chapter Annual Meeting, Geopolitical Intelligence Update & the Operational Resilience Framework & Linear Endpoint Management
(ISC)² Long Island Presents, “Chapter Annual Meeting, Geopolitical Intelligence Update & the Operational Resilience Framework & Linear Endpoint Management“
Please join us for our July meeting featuring a diverse slate of speaker sessions. Please note that the meeting time is slightly later due to onsite venue availability. Also, this is the chapter’s annual meeting. The typical chapter updates will be expanded to include a brief recap of the chapter’s accomplishments from the past year, key goals for next year followed by the election/ratification of our board candidates. Non-members are welcome but can feel free to join just prior to the start of speaker#1.
Additional details and registration information can be found at the “Register Now” link below. Members can get their promo codes by logging into the chapter website and going to their “My Page”. Sponsor promo codes have been previously distributed. Non-members can register for a nominal fee.
5:30 – 6:00 In-Person Registration and Networking
6:00 – 6:25 Welcome, Chapter Year in Review and Board Ratification /Election
6:25 – 7:15 Geopolitical Intelligence Update & the Operational Resilience Framework
7:15 – 8:05 Linear Endpoint Management – Visibility and Total Control
8:05 Session Wrap-up
Session 1 Speaker(s):
Christopher Denning, CSO, Senior Geopolitical and Physical Security Analyst, Global Resilience Federation
Prior to joining the GRF Mr. Denning was an Army Pilot and Military Intelligence Officer. Chris’s duty positions included service in the Pentagon as the Officer in Charge (OIC) at The Army Watch & the National Guard Bureau’s Joint Operation Center and helped develop the DoD’s playbook for Ebola and then for other infectious diseases as a broader topic. Members of the NY Long Island Chapter may find it interesting to know that while assigned as the Secretary to General Staff at HQ, United States Army Corps of Engineers, he served as the aviation liaison in USACE’s cleanup during the aftermath of Superstorm Sandy. Mr. Denning also served as a detective assigned to the Arizona Fusion Center, specializing in investigations into Street Gangs and Organized Crime. Chris is a Graduate of Brigham Young University and The University of Utah, with a BS in Political Science, Military Science and Spanish.
Hassan Shahzad is an Cyber Threat Intelligence Analyst supporting the ONG-ISAC, one of the communities operated and supported by GRF. He supports the ISAC by providing intelligence research and analysis on APT groups, commodity malware, situational threats, and other cyber incidents related to the oil and gas specifically as well as the energy sector as a whole. Hassan has worked in the cyber field for over 5 years, has a BS in Cyber Security from George Mason University, and has his CISSP certification.
Brian Katula is a graduate from the University of Maryland with a degree in Aerospace Engineering. Brian’s career has thus far focused on operational and business resilience and presently supports multiple GRF communities including the Manufacturing ISAC and the BRC’s Operational Resilience working group.
After a brief overview of the Global Resilience Federation, this session will be a two part briefing:
1. All source geopolitical intelligence update. We see geopolitics as a weather report for what cyber activity may come and from where. Using history, organizations can focus their security based on previous attacks. We will cover economic trends and implications, war in Ukraine, Chinese activities in India and US efforts to counter China’s growing power in the Asia Pacific region. Update on North Korea’s expected nuclear tests/missile test, the ongoing nuclear talks with Iran as well as any other relevant updates.
2. Operational Resilience Framework: The Colonial Pipeline Incident will be referenced as an Operational Resilience Use Case. The scenario is designed to apply the GRF developed Operational Resilience Framework in response to an incident similar 2021 Colonial Pipeline Incident. We’d hope to help others learn, while also receiving feedback on considerations/emphasis which the framework should give more attention to. The FDIC selected the GRF’s Operational Resilience Framework as the winner in it’s October 2021 Tech Sprint Competition in the “Most Effective” category. The competition focused on tools and technology to measure and test resiliency. The competition included companies such as Google, AWS, and several others. https://www.bloomberg.com/press-releases/2021-10-27/fdic-selects-grf-trustmapp-team-as-winner-in-effectiveness-impact-category-of-technology-sprint-competition
Session 2 Speaker(s):
John Kimberly, Technical Solutions Engineer, Tanium
Linear Endpoint Management – Visibility and Total Control
This discussion will cover the Security and Operations sides of managing endpoints, and will emphasize:
- What endpoints are in your environment, and do you even know how many there are? Aside from you Windows systems, are you including your UNIX, Linux and MAC endpoints?
- What software is running on those endpoints, and what versions? Do any of those version have vulnerabilities?
- For endpoints that can be managed, are they getting patched, if so how, and how confident are you that everything is getting successfully patched?
- How many software licenses are your endpoints consuming? Are you consuming more software than owned licenses, or do you pay for more licenses that you are consuming?
- Are you maintaining the software updates to all your 3rd party software across the enterprise?
- How is my enterprise able to adhere to the latest CIS Security controls framework?
John entered the IT world in 1980, 42 years ago, and has witnessed the computer evolution first hand. First working in the UNIX world, then incorporating Windows in the 1990’s to become an IT enterprise architect. Ultimately, working as a Sr. Enterprise Architect for three world wide IT organization and for a major governmental IT agency, responsible for over 5000 UNIX/Linux, Windows and networking devices, while performing the role of DR coordinator for all Open Systems, serving on the statewide IT Security board, and the agency’s Change Control Board
John recently joined Tanium, and is a Technical Solutions Engineer. In this role, he assists corporations, governments, and educational institutions mitigate the myriad of challenges surrounding enterprise end-point management, and the challenges around auditing inventory, patching, software licensing/distribution, asset discovery and Threat Response, among others.
John holds UNIX engineering and instructor certifications from Redhat Linux (RHCE), IBM AIX, Sun/Oracle Solaris, HP/UX, network architecture and security certifications from Sun/Oracle and IBM. He is also trained in VMWare 3, 4, 5 & 6, Studied IT Security through specialty tracks through SANS International, including Intrusion Detection, UNIX Hardening, Windows Hardening, and Ethical Hacking.
When not working, John enjoys swimming and playing tennis. In his past, John was a “Night Club” DJ for Marriott Hotels, and in the mid-1980’s was a frequent Guest DJ for MTV’s “Club MTV” at the Palladium Night Club in NYC.