SecDSM

SecDSM, a monthly meetup providing the opportunity to network with other InfoSec pros and listen to short tech talks presented by your fellow members (or give a presentation yourself!) while enjoying some beer/drinks/food. No sales pitches. The idea is to provide you actionable knowledge for you to take back to your $dayjob while building a top tier InfoSec community in the Des Moines area. If you have the desire to learn about real world InfoSec scenarios - get out of your comfort zone - and join us in a relaxed vendor neutral environment. No registration is required.

Schedule

We meet monthly, on the 3rd Thursday starting at 6pm at The Forge By Pillar Technology in Downtown Des Moines.

Submit a Talk!

Permission to record

Permission to stream

Permission to publish recording

SecDSM 101 6:00 PM

A brief introduction to the group along with any announcements and general communication.

James Beal - SecDSM News 6:05 PM

Quick Review of the Month's InfoSec news.

Jared Brees - Tool Talk Yubikeys with crypto keys6:30 PM

Building on the excellent talk from Nick Starke and Dave Liddle, this will *not* cover basics of GPG, but rather how to use them with Yubikey, and fix your Yubikey when you forget your PIN. May include demo of SSH with Yubikey.

Jared Brees - Just a geek

Stacy Monroe Static Code Security Analysis (SCSA) Automation - How to Get Started and Build Results 7:00 pm

This talk will cover how Principal adopted SCSA capabilities and integrated them into our build chain processes as well as on developer desktops. We have grown our service from scanning 140K lines of code to 47M lines of code in just one year. How did we do that? Come see our talk to find out!

Stacy Monroe - IT Cyber Security Analyst Senior for Principal Financial Group where I lead the Application Security Team. We play in the spaces of static code security analysis, dynamic application testing, and network vulnerability scanning.

K. Reid Wightman Switches get Root Canals 7:40 pm

The release of DHS alert TA18-106 contains some strange language. In particular, it mentions that the compromise of switches and routers could have some rather dire impacts on network traffic surrounding control systems, including causing catastrophic failure in plants. In this talk, we will explore exactly what can be achieved by compromising the administrative features of a run-of-the-mill Layer 2 network switch. The results may be surprising -- these devices can be made into very capable packet mangling systems. This talk will explore exactly how attacker goals can be achieved, a sample of how goals were achieved against a commercial industrial network switch, as well as offer defensive guidance for better network architecture and detection of such network malfeasance.

K. Reid Wightman - Reid is a former offensive security researcher for the US government. He now works as a defensive reverse engineer to defend control systems networks around the world, both analyzing malware that impacts operators as well as hunting for new vulnerabilities and techniques that may be used in the future.

Des Moines Locksport

A side room will be dedicated to locksport.

Shirts (and other items) are for sale at each meeting and online.

Upcoming Events

The following events might be of interest to the SecDSM community.

Be sure to check out Des Moines Web Collective for updated list of local user groups

If you'd like to see an event listed, please email us at events@secdsm.org

Please reach out via our Slack channel or email us at events@secdsm.org if you have an idea for a presentation you would like to give.

May

SecICMay 15

June

SecICJun 19

July

SecICJul 17

Upcoming cons

Some members are anticipating attending the following conferences, reach out on slack to coordinate travel.

THOTCON

May 4 - 5

Chicago, IL

THOTCON

THOTCON is a hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best conference possible on a limited budget.