SecDSM, a monthly meetup providing the opportunity to network with other InfoSec pros and listen to short tech talks presented by your fellow members (or give a presentation yourself!) while enjoying some beer/drinks/food. No sales pitches. The idea is to provide you actionable knowledge for you to take back to your $dayjob while building a top tier InfoSec community in the Des Moines area. If you have the desire to learn about real world InfoSec scenarios - get out of your comfort zone - and join us in a relaxed vendor neutral environment. No registration is required.

Schedule

We meet monthly on the 3rd Thursday of every month starting at 6pm at The Forge By Pillar Technology in Downtown Des Moines.

SecDSM 101 6:00 PM

A brief introduction to the group along with any announcements and general communication.

James Beal - SecDSM News 6:05 PM

Quick Review of the Month's InfoSec news.

Jake Drahos - Tool Talk SDR 1016:30 PM

A `tool-talk` style overview of SDR hardware and applications, as well as the steps needed to get a working SDR stack set up on Linux. Additionally, there will be a brief introduction into the math and logic behind software-defined modulation and demodulation.

Jake Drahos is an IMS student in Computer Engineering at ISU and president of the Cyclone Amateur Radio Club.

Kelcee Patrick-Ferree Data Breaches7:15 PM

Cybersecurity professionals are becoming more and more sophisticated; unfortunately, so are criminals and hostile nation-states. And while companies are becoming more aware of and therefore better at cybersecurity, they are only as strong as their weakest link: the employee who politely holds the door open for a stranger, the employee who clicks on a link in a spear phishing email, the home-grown encryption software someone had to put together because there was no budget for commercial software. It is axiomatic at this point that “it is not if, but when” your company or clients will suffer a data breach. As much as cybersecurity professionals focus on prevention, it is equally important to know what to do after you have discovered that “when” is “today.” We will discuss the laws governing data breaches, the steps you should take in response to a breach, and who should be involved in responding to a breach.


Kelcey Patrick-Ferree is an attorney who has been working in the area of privacy and data breach law for 10 years. She is a member of the International Association of Privacy Professionals (IAPP). She assists companies with policies governing data privacy and security, compliance with privacy laws, and responses to data privacy issues. She holds a B.A. from University of Iowa and a J.D. from Duke University School of Law. Her virtual practice is based in Iowa City.

tompohl, t0w3ntum, and zoomequipd CircleCityCon CTF8:30 PM

A quick demonstration of solving some of the CircleCityCon CTF Challenges

SecDSM 101 6:00 PM

A brief introduction to the group along with any announcements and general communication.

James Beal - SecDSM News 6:05 PM

Quick Review of the Month's InfoSec news.

SecDSM 101 6:00 PM

A brief introduction to the group along with any announcements and general communication.

James Beal - SecDSM News 6:05 PM

Quick Review of the Month's InfoSec news.

SecDSM 101 6:00 PM

A brief introduction to the group along with any announcements and general communication.

James Beal - SecDSM News 6:05 PM

Quick Review of the Month's InfoSec news.

Merchandise and Donations

Shirts (and other items) are for sale at each meeting and online.

T-Shirt

Upcoming Events

The following events might be of interest to the SecDSM community.

Be sure to check out Des Moines Web Collective for updated list of local user groups

If you'd like to see an event listed, please email us at events@secdsm.org

Please reach out via our Slack channel or email us at events@secdsm.org if you have an idea for a presentation you would like to give.

Digital First Responder CourseJune 7, 2017 8:30AM-5:00PM

A great way to train your IT staff in fundamental incident response and digital forensic preservation, and ramp up new incident responders quickly and cost-effectively. Includes an Incident Response tabletop exercise plus three hands-on labs, in which you will create a forensic image, preserve volatile memory, and capture network traffic.

$50 early bird discount for all regisrations completed by May 23rd.

June ISSA meetingJune 26, 2017 11:30AM-1:00PM

Session Title:

Everybody says it.....Why defense in-depth is so important.

Short Description:

Everybody recommends 'defense in-depth', and for good reason. Many orgs implement this in the form of products: firewalls, WAFs, IPS, SIEMs, etc. These are all great things, but what are often overlooked are the details in securely configuring applications and systems. This presentation is a case study of how lower-severity configuration issues can be combined into one big vulnerability, using a real-life application as an example.

Bio:

Brad is a consultant with SecureWorks doing full time web application penetration testing.
He has a masters degree in Information Assurance from Dakota State University. Certifications include OSCP, GWAPT, GPEN, GCIH, GCED, and CISSP. When not on a computer, Brad is usually tormenting his wife, playing with his two kids, or playing guitar.

July ISSA meetingJuly 24, 2017 11:30AM-1:00PM
FBL Financial, 5400 University Ave, West Des Moines, IA.
August ISSA meetingAugust 28, 2017 11:30AM-1:00PM
FBL Financial, 5400 University Ave, West Des Moines, IA.

Upcoming cons

Some members are anticipating attending the following conferences, reach out on slack to cordinate travel.

CircleCityCon

CircleCityCon is a security conference held in downtown Indianapolis. Our cons last years were big successes and we are only looking to grow and make it better.

CircleCityCon is about the community. Our signature offering is the community led training classes offered to all participants. Events and contests are organized by members of the security community, including both CircleCityCon staffers and community partners. Three tracks, incredible entertainment, and technical villages help round out the CircleCityCom experience. Of course, don’t forget the chance to meet and talk with your peers about all topics including security, hacking, and the latest superhero movies.

Cost:

$100 - Early Bird

$125 - GA

Schedule
Day Date Start End
Friday June 9 ?? ??
Saturday June 10 ?? ??
Travel Details
Day Date Time
Depart Thursday June 8 UNK
Return Sunday June 11 UNK
BrrCon

BrrCon is a FREE cyber security training conference with the mission to facilitate knowledge sharing, network with peers and improve capabilities within the cyber security community. BrrCon is funded exclusively by regional businesses and there will be no sponsor booths or vendor pitches.

Cost:
FREE
BSidesMSP

Security B-Sides MSP 2017 is a Minneapolis based security conference which will be held on Saturday and Sunday, June 24th and 25th 2017 at the Minneapolis Convention Center. We do not sell our speaker positions to the highest bidder. Anyone submitting, as a speaker, has an equal chance to be selected as we use a community vote process to decide. The number of speakers will be dictated by the space/time constraints of our venue. Contests, Workshops, Villages, and Training events are chosen at the sole discretion of our volunteer organizers. Again, space and time constraints of our venue will impact those decisions.

Cost:

$50

Schedule
Day Date Start End
Saturday June 24 ?? ??
Sunday June 25 ?? ??
Travel Details
Day Date Time
Depart Friday June 24 UNK
Return Sunday June 25 UNK
BSidesLV

BSides Las Vegas is an Information / Security conference that’s different. We’re a volunteer organized event, put on by and for the community, and we truly strive to keep information free.

There is no charge to the public to attend BSidesLV. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the “TALK AT YOU” conferences are starting to realize they have to change. BSidesLV is making this happen by shaking-up the format.

Cost:

Free - but get a room or be a donor if you want a ticket

Schedule
Day Date Start End
Tuesday July 25 ?? ??
Wednesday July 26 ?? ??
Travel Details
Day Date Time
Depart Monday July 24 UNK
Return Monday July 31 after defcon
DEFCON

Originally started in 1993, it was a meant to be a party for member of Platinum Net, a Fido protocol based hacking network out of Canada. As the main U.S. hub I was helping the Platinum Net organizer (I forget his name) plan a closing party for all the member BBS systems and their users. He was going to shut down the network when his dad took a new job and had to move away. We talking about where we might hold it, when all of a sudden he left early and disappeared. I was just planning a party for a network that was shut down, except for my U.S. nodes. I decided what the hell, I'll invite the members of all the other networks my BBS (A Dark Tangent System) system was a part of including Cyber Crime International (CCI), Hit Net, Tired of Protection (ToP), and like 8 others I can't remember. Why not invite everyone on #hack? Good idea!

Cost:

$225 - estimated

Schedule
Day Date Start End
Thursday July 27 ?? ??
Friday July 28 ?? ??
Saturday July 29 ?? ??
Sunday July 30 ?? ??
Travel Details
Day Date Time
Depart Monday July 24 early for BSidesLV
Return Monday July 31 ???
BroCon

BroCon ’17 offers the Bro community a chance to meet face-to-face, share new ideas, and better understand and secure our networks. The conference is composed of presentations from members of the community and the Bro Development team.

Cost:

$100 - estimated

Schedule
Day Date Start End
Tuesday Sept 12 ?? ??
Wednesday Sept 13 ?? ??
Thursday Sept 14 ?? ??
Travel Details
Day Date Time
Depart Monday Or Tuesday Sept 11 or 22
Return Thursday Sept 14 ???
Derbycon Training

DerbyCon isn’t just another security conference. We’ve taken the best elements from all of the conferences we’ve ever been to and put them into one. DerbyCon is a place you can call home, where you can meet each other, party, and learn. Our goal is to create a fun environment where the security community can come together to share ideas and concepts. Whether you know Linux, how to program, are established in security, or a hobbyist, the ideal of DerbyCon is to promote learning and strengthen the community.

Cost:

$50 - estimated

Derbycon

DerbyCon isn’t just another security conference. We’ve taken the best elements from all of the conferences we’ve ever been to and put them into one. DerbyCon is a place you can call home, where you can meet each other, party, and learn. Our goal is to create a fun environment where the security community can come together to share ideas and concepts. Whether you know Linux, how to program, are established in security, or a hobbyist, the ideal of DerbyCon is to promote learning and strengthen the community.

Cost:

$175

MISC CONF

The Minnesota Information Security Community understands that the success of security is cross-disciplinary and relies on skills and knowledge from multiple domains of knowledge. The Minnesota Information Security Community is a local group with nationwide contacts in all areas of information security and skill levels from entry ­level to Vice Presidents and CEOs of major Security firms.

Cost:

$50 - estimated

Schedule
Day Date Start End
Saturday Oct 21 ?? ??
Sunday Oct 22 ?? ??
Travel Details
Day Date Time
Depart Friday Oct 20
Return Sunday Oct 22 ???
GrrCon

GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people. We keep GrrCON small with around 1,500 attendance to allow us to provide those things other events leave out. Whether you are a Fortune 500 executive, security researcher, industry professional, student, or a hacker of flexible morals you will find something for you at GrrCON.

Cost:

$50 - Student

$90 - Early Bird

$150 - GA

$350 - VIP

Schedule
Day Date Start End
Thursday Oct 26 ?? ??
Friday Oct 27 ?? ??
Travel Details
Day Date Time
Depart Wednesday Oct 25
Return Saturday Oct 28 ???
Wild West Hacking Fest

This conference is going to be about breaking things. Non-standard things. Often, this is called “Stunt hacking”. Or, it can be called hacking of the Internet of Things (IoT). The best example one hears about is hacking a toaster, or a fridge. Each of these exploits teach us all something about the type of testing we should be doing in our own organizations. It is these non-standard devices that are going to lead to the next wave of rampant security vulnerabilities that we’ll need to address and remediate. Unfortunately, we do not have a Patch Tuesday for these devices. Much like the Wild West, the IoT is a new frontier – it’s wild, untamed and full of amazing opportunities! Saddle up, grab your lasso, and join us for this adventure!

Cost:

$100 - Early Bird

$250 - GA

Schedule
Day Date Start End
Friday Oct 27 ?? ??
Saturday Oct 29 ?? ??
Travel Details
Day Date Time
Depart Thurday Oct 26
Return Sunday Oct 29 ???

Venue

We meet in The Forge by Pillar Technology. Enter on the west side of the building and then procede up to the 2nd floor.

More info about Pillar Technology

The Forge by Pillar Technology

1420 Locust St, Des Moines, IA 50309

Sign up for Slack!