SecDSM, a monthly meetup providing the opportunity to network with other InfoSec pros and listen to short tech talks presented by your fellow members (or give a presentation yourself!) while enjoying some beer/drinks/food. No sales pitches. The idea is to provide you actionable knowledge for you to take back to your $dayjob while building a top tier InfoSec community in the Des Moines area. If you have the desire to learn about real world InfoSec scenarios - get out of your comfort zone - and join us in a relaxed vendor neutral environment. No registration is required.
Schedule
We meet monthly on the 3rd Thursday of every month starting at 6pm at The Forge By Pillar Technology in Downtown Des Moines.
SecDSM 101 6:00 PM
A brief introduction to the group along with any announcements and general communication.
James Beal - SecDSM News 6:05 PM
Quick Review of the Month's InfoSec news.
Jake Drahos - Tool Talk SDR 1016:30 PM
A `tool-talk` style overview of SDR hardware and applications, as well as the steps needed to get a working SDR stack set up on Linux. Additionally, there will be a brief introduction into the math and logic behind software-defined modulation and demodulation.
Jake Drahos is an IMS student in Computer Engineering at ISU and president of the Cyclone Amateur Radio Club.
Kelcee Patrick-Ferree Data Breaches7:15 PM
Cybersecurity professionals are becoming more and more sophisticated; unfortunately, so are criminals and hostile nation-states. And while companies are becoming more aware of and therefore better at cybersecurity, they are only as strong as their weakest link: the employee who politely holds the door open for a stranger, the employee who clicks on a link in a spear phishing email, the home-grown encryption software someone had to put together because there was no budget for commercial software. It is axiomatic at this point that “it is not if, but when” your company or clients will suffer a data breach. As much as cybersecurity professionals focus on prevention, it is equally important to know what to do after you have discovered that “when” is “today.” We will discuss the laws governing data breaches, the steps you should take in response to a breach, and who should be involved in responding to a breach.
Kelcey Patrick-Ferree is an attorney who has been working in the area of privacy and data breach law for 10 years. She is a member of the International Association of Privacy Professionals (IAPP). She assists companies with policies governing data privacy and security, compliance with privacy laws, and responses to data privacy issues. She holds a B.A. from University of Iowa and a J.D. from Duke University School of Law. Her virtual practice is based in Iowa City.
tompohl, t0w3ntum, and zoomequipd CircleCityCon CTF8:30 PM
A quick demonstration of solving some of the CircleCityCon CTF Challenges
Sponsored by
SecDSM 101 6:00 PM
A brief introduction to the group along with any announcements and general communication.
James Beal - SecDSM News 6:05 PM
Quick Review of the Month's InfoSec news.
Sponsored by
SecDSM 101 6:00 PM
A brief introduction to the group along with any announcements and general communication.
James Beal - SecDSM News 6:05 PM
Quick Review of the Month's InfoSec news.
Sponsored by
SecDSM 101 6:00 PM
A brief introduction to the group along with any announcements and general communication.
James Beal - SecDSM News 6:05 PM
Quick Review of the Month's InfoSec news.
Sponsored by
Merchandise and Donations
Shirts (and other items) are for sale at each meeting and online.
Upcoming Events
The following events might be of interest to the SecDSM community.
Be sure to check out Des Moines Web Collective for updated list of local user groups
If you'd like to see an event listed, please email us at events@secdsm.org
Please reach out via our Slack channel or email us at events@secdsm.org if you have an idea for a presentation you would like to give.
Digital First Responder CourseJune 7, 2017 8:30AM-5:00PM
A great way to train your IT staff in fundamental incident response and digital forensic preservation, and ramp up new incident responders quickly and cost-effectively. Includes an Incident Response tabletop exercise plus three hands-on labs, in which you will create a forensic image, preserve volatile memory, and capture network traffic.
$50 early bird discount for all regisrations completed by May 23rd.
June ISSA meetingJune 26, 2017 11:30AM-1:00PM
Session Title:
Everybody says it.....Why defense in-depth is so important.Short Description:
Everybody recommends 'defense in-depth', and for good reason. Many orgs implement this in the form of products: firewalls, WAFs, IPS, SIEMs, etc. These are all great things, but what are often overlooked are the details in securely configuring applications and systems. This presentation is a case study of how lower-severity configuration issues can be combined into one big vulnerability, using a real-life application as an example.Bio:
Brad is a consultant with SecureWorks doing full time web application penetration testing.He has a masters degree in Information Assurance from Dakota State University. Certifications include OSCP, GWAPT, GPEN, GCIH, GCED, and CISSP. When not on a computer, Brad is usually tormenting his wife, playing with his two kids, or playing guitar.
July ISSA meetingJuly 24, 2017 11:30AM-1:00PM
FBL Financial, 5400 University Ave, West Des Moines, IA.August ISSA meetingAugust 28, 2017 11:30AM-1:00PM
FBL Financial, 5400 University Ave, West Des Moines, IA.Upcoming cons
Some members are anticipating attending the following conferences, reach out on slack to cordinate travel.
CircleCityCon
CircleCityCon is a security conference held in downtown Indianapolis. Our cons last years were big successes and we are only looking to grow and make it better.
CircleCityCon is about the community. Our signature offering is the community led training classes offered to all participants. Events and contests are organized by members of the security community, including both CircleCityCon staffers and community partners. Three tracks, incredible entertainment, and technical villages help round out the CircleCityCom experience. Of course, don’t forget the chance to meet and talk with your peers about all topics including security, hacking, and the latest superhero movies.
Cost:
$100 - Early Bird
$125 - GASchedule
| Day | Date | Start | End |
|---|---|---|---|
| Friday | June 9 | ?? | ?? |
| Saturday | June 10 | ?? | ?? |
Travel Details
| Day | Date | Time | |
|---|---|---|---|
| Depart | Thursday | June 8 | UNK |
| Return | Sunday | June 11 | UNK |
BrrCon
BrrCon is a FREE cyber security training conference with the mission to facilitate knowledge sharing, network with peers and improve capabilities within the cyber security community. BrrCon is funded exclusively by regional businesses and there will be no sponsor booths or vendor pitches.
Cost:
BSidesMSP
Security B-Sides MSP 2017 is a Minneapolis based security conference which will be held on Saturday and Sunday, June 24th and 25th 2017 at the Minneapolis Convention Center. We do not sell our speaker positions to the highest bidder. Anyone submitting, as a speaker, has an equal chance to be selected as we use a community vote process to decide. The number of speakers will be dictated by the space/time constraints of our venue. Contests, Workshops, Villages, and Training events are chosen at the sole discretion of our volunteer organizers. Again, space and time constraints of our venue will impact those decisions.
Cost:
$50
Schedule
| Day | Date | Start | End |
|---|---|---|---|
| Saturday | June 24 | ?? | ?? |
| Sunday | June 25 | ?? | ?? |
Travel Details
| Day | Date | Time | |
|---|---|---|---|
| Depart | Friday | June 24 | UNK |
| Return | Sunday | June 25 | UNK |
BSidesLV
BSides Las Vegas is an Information / Security conference that’s different. We’re a volunteer organized event, put on by and for the community, and we truly strive to keep information free.
There is no charge to the public to attend BSidesLV. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the “TALK AT YOU” conferences are starting to realize they have to change. BSidesLV is making this happen by shaking-up the format.
Cost:
Free - but get a room or be a donor if you want a ticket
Schedule
| Day | Date | Start | End |
|---|---|---|---|
| Tuesday | July 25 | ?? | ?? |
| Wednesday | July 26 | ?? | ?? |
Travel Details
| Day | Date | Time | |
|---|---|---|---|
| Depart | Monday | July 24 | UNK |
| Return | Monday | July 31 | after defcon |
DEFCON
Originally started in 1993, it was a meant to be a party for member of Platinum Net, a Fido protocol based hacking network out of Canada. As the main U.S. hub I was helping the Platinum Net organizer (I forget his name) plan a closing party for all the member BBS systems and their users. He was going to shut down the network when his dad took a new job and had to move away. We talking about where we might hold it, when all of a sudden he left early and disappeared. I was just planning a party for a network that was shut down, except for my U.S. nodes. I decided what the hell, I'll invite the members of all the other networks my BBS (A Dark Tangent System) system was a part of including Cyber Crime International (CCI), Hit Net, Tired of Protection (ToP), and like 8 others I can't remember. Why not invite everyone on #hack? Good idea!
Cost:
$225 - estimated
Schedule
| Day | Date | Start | End |
|---|---|---|---|
| Thursday | July 27 | ?? | ?? |
| Friday | July 28 | ?? | ?? |
| Saturday | July 29 | ?? | ?? |
| Sunday | July 30 | ?? | ?? |
Travel Details
| Day | Date | Time | |
|---|---|---|---|
| Depart | Monday | July 24 | early for BSidesLV |
| Return | Monday | July 31 | ??? |
BroCon
BroCon ’17 offers the Bro community a chance to meet face-to-face, share new ideas, and better understand and secure our networks. The conference is composed of presentations from members of the community and the Bro Development team.
Cost:
$100 - estimated
Schedule
| Day | Date | Start | End |
|---|---|---|---|
| Tuesday | Sept 12 | ?? | ?? |
| Wednesday | Sept 13 | ?? | ?? |
| Thursday | Sept 14 | ?? | ?? |
Travel Details
| Day | Date | Time | |
|---|---|---|---|
| Depart | Monday Or Tuesday | Sept 11 or 22 | |
| Return | Thursday | Sept 14 | ??? |
Derbycon Training
DerbyCon isn’t just another security conference. We’ve taken the best elements from all of the conferences we’ve ever been to and put them into one. DerbyCon is a place you can call home, where you can meet each other, party, and learn. Our goal is to create a fun environment where the security community can come together to share ideas and concepts. Whether you know Linux, how to program, are established in security, or a hobbyist, the ideal of DerbyCon is to promote learning and strengthen the community.
Cost:
$50 - estimated
Derbycon
DerbyCon isn’t just another security conference. We’ve taken the best elements from all of the conferences we’ve ever been to and put them into one. DerbyCon is a place you can call home, where you can meet each other, party, and learn. Our goal is to create a fun environment where the security community can come together to share ideas and concepts. Whether you know Linux, how to program, are established in security, or a hobbyist, the ideal of DerbyCon is to promote learning and strengthen the community.
Cost:
$175
MISC CONF
The Minnesota Information Security Community understands that the success of security is cross-disciplinary and relies on skills and knowledge from multiple domains of knowledge. The Minnesota Information Security Community is a local group with nationwide contacts in all areas of information security and skill levels from entry level to Vice Presidents and CEOs of major Security firms.
Cost:
$50 - estimated
Schedule
| Day | Date | Start | End |
|---|---|---|---|
| Saturday | Oct 21 | ?? | ?? |
| Sunday | Oct 22 | ?? | ?? |
Travel Details
| Day | Date | Time | |
|---|---|---|---|
| Depart | Friday | Oct 20 | |
| Return | Sunday | Oct 22 | ??? |
GrrCon
GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people. We keep GrrCON small with around 1,500 attendance to allow us to provide those things other events leave out. Whether you are a Fortune 500 executive, security researcher, industry professional, student, or a hacker of flexible morals you will find something for you at GrrCON.
Cost:
$50 - Student
$90 - Early Bird
$150 - GA
$350 - VIP
Schedule
| Day | Date | Start | End |
|---|---|---|---|
| Thursday | Oct 26 | ?? | ?? |
| Friday | Oct 27 | ?? | ?? |
Travel Details
| Day | Date | Time | |
|---|---|---|---|
| Depart | Wednesday | Oct 25 | |
| Return | Saturday | Oct 28 | ??? |
Wild West Hacking Fest
This conference is going to be about breaking things. Non-standard things. Often, this is called “Stunt hacking”. Or, it can be called hacking of the Internet of Things (IoT). The best example one hears about is hacking a toaster, or a fridge. Each of these exploits teach us all something about the type of testing we should be doing in our own organizations. It is these non-standard devices that are going to lead to the next wave of rampant security vulnerabilities that we’ll need to address and remediate. Unfortunately, we do not have a Patch Tuesday for these devices. Much like the Wild West, the IoT is a new frontier – it’s wild, untamed and full of amazing opportunities! Saddle up, grab your lasso, and join us for this adventure!
Cost:
$100 - Early Bird
$250 - GA
Schedule
| Day | Date | Start | End |
|---|---|---|---|
| Friday | Oct 27 | ?? | ?? |
| Saturday | Oct 29 | ?? | ?? |
Travel Details
| Day | Date | Time | |
|---|---|---|---|
| Depart | Thurday | Oct 26 | |
| Return | Sunday | Oct 29 | ??? |
Venue
We meet in The Forge by Pillar Technology. Enter on the west side of the building and then procede up to the 2nd floor.
More info about Pillar Technology
The Forge by Pillar Technology
1420 Locust St, Des Moines, IA 50309