SecDSM

SecDSM, a monthly meetup providing the opportunity to network with other InfoSec pros and listen to short tech talks presented by your fellow members (or give a presentation yourself!) while enjoying some beer/drinks/food. No sales pitches. The idea is to provide you actionable knowledge for you to take back to your $dayjob while building a top tier InfoSec community in the Des Moines area. If you have the desire to learn about real world InfoSec scenarios - get out of your comfort zone - and join us in a relaxed vendor neutral environment. No registration is required.

Schedule

We meet monthly, on the 3rd Thursday starting at 6pm at The Forge By Pillar Technology (now part of Accenture Industry X.0) in Downtown Des Moines.

Submit a Talk!

Permission to record

Permission to stream

Permission to publish recording

SecDSM 101 6:00 PM

A brief introduction to the group along with any announcements and general communication.

Nick Starke - SecDSM News 6:05 PM

Quick Review of the Month's InfoSec news.

Pavel (Pav) Trinos Bypassing wired 802.1x and ways to prevent it

Most people know that using 802.1x for port-based Network Access Control is the most secure way. What if I told you that there is a way that anyone could bypass it in 99% of today's implementations? In this talk, I will cover TLS based authentication of 802.1x standard and how re-authentications work on the wired side. Based on this knowledge, I will introduce approaches for bypassing 802.1x and available remediation to the problem. This ability to bypass wired controls during Pen Testing or other security related assessments will open the doors to better securing corporate networks.
As an example, I will be using Cisco ISE and Cisco switch to bypass and later on remediate the issue

Sponsored by

Want to become a sponsor?

SecDSM 101 6:00 PM

A brief introduction to the group along with any announcements and general communication.

James Beal - SecDSM News 6:05 PM

Quick Review of the Month's InfoSec news.

Benjamin Blakely Machine Learning Primer and Cyber Applications

Machine Learning, Artificial Intelligence, Big Data: these terms are everywhere in marketing, research, and the news. Many companies now incorporate some element of machine learning into their information security product offerings as this is often the only way to handle the large volumes of data produced. As we're faced with terabytes (often on a daily basis) of data, can humans ever keep up or do we need to enlist the help of friendly robots to help us out? How smart are these robots and what's the difference between Artificial Intelligence and Machine Learning anyway? Is a neural network really like a human brain? What kinds of information security problems is machine learning good for (or not)? In this session, designed as an introduction to machine learning for cyber security professionals, we will cover an overview of the background, types, and use cases for machine learning, and help you make better decisions about how to use these technologies in the right way to get your arms around your data.

Benjamin Blakely is a cyber security researcher at a US Department of Energy national laboratory. Previously, he has held positions in the private, public, and education sectors, and built an information security program to support growth of a cloud software startup through its initial public offering into the thousands of corporate customers. He earned his PhD and BS degrees in Computer Engineering from Iowa State University, with minors in psychology and political science. He holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) certifications, and is the lead inventor on two patents related to encryption key management in cloud infrastructures.