SecDSM, a monthly meetup providing the opportunity to network with other InfoSec pros and listen to short tech talks presented by your fellow members (or give a presentation yourself!) while enjoying some beer/drinks/food. No sales pitches. The idea is to provide you actionable knowledge for you to take back to your $dayjob while building a top tier InfoSec community in the Des Moines area. If you have the desire to learn about real world InfoSec scenarios - get out of your comfort zone - and join us in a relaxed vendor neutral environment. No registration is required.
Schedule
We meet monthly, on the 1st Thursday starting at 6pm at Foundry Distilling Company in West Des Moines.
SecDSM 101 6:30 PM
A brief introduction to the group along with any announcements and general communication.
James Beal - SecDSM News 6:35 PM
Quick Review of the Month's InfoSec news.
Jared Brees - Tool Talk SSH 2FA06:45 PM
Casey Howard Mitigating Vendor Risk07:00 PM
Casey has a bit of vendor risk experience and will speak to how he assess the security of vendors and how to mitigate any risks that are discovered during the process of onboarding, annual reviews, and continuous monitoring.
About 6 years ago Casey was a miserable line cook with no future. Casey was working on my associates passively but didn't really have my heart in anything he was doing. Casey had a sudden realization that he wanted to be in IT. With no idea what that meant but knowing something with Information Technology was his future. Now Casey is in Security Governance Risk and Compliance specializing in Vendor Risk Management, Security Awareness, and Disaster Recovery. Casey is married and has a 1 year old son, Wesley. Most of my free time is spent with them or tackling my mile high book list.
Sponsored by
SecDSM 101 6:30 PM
A brief introduction to the group along with any announcements and general communication.
- SecDSM News 6:35 PM
Quick Review of the Month's InfoSec news.
C.J. May Securing mission-critical containers against exploitation7:00 PM
Securing mission-critical containers against exploitation abstract: Seccomp is a linux kernel feature that can be utilized with container runtimes to limit the system calls that a container can make. I'd like to share tools and methods to streamline the creation of seccomp filters for use with containers.
C.J. is a security analyst and passionate programmer who likes to write interesting and occasionally useful code in his free time.
Jake Drahos Cool Kernel Features: BPF and seccomp7:20 PM
An introduction and overview to BPF syntax and how it works, along with where it's used in the kernel. Some focus will be given to seccomp as one particular usage of BPF.
Sponsored by
SecDSM 101 6:30 PM
A brief introduction to the group along with any announcements and general communication.
James Beal - SecDSM News 6:35 PM
Quick Review of the Month's InfoSec news.
C.J. May Jaws - An invisible programming language7:00 PM
Jaws is an esoteric interpreted programming language that only uses whitespace characters. This allows it to be unreadable and also easily injected into other types of files (including other code).
C.J. is a security analyst and passionate programmer who likes to write interesting and occasionally useful code in his free time.
Sponsored by
SecDSM 101 6:30 PM
A brief introduction to the group along with any announcements and general communication.
James Beal - SecDSM News 6:35 PM
Quick Review of the Month's InfoSec news.
Nate Subra Subdomain Takeovers - The Inside story7:00 PM
A "big picture look" at subdomain takeovers, a common bug bounty finding (and !extremely! common when no bug bounty is in place):
- What are they
- How attackers find and use them
- How defenders can find and prevent them (and the gaps I often see when they do) - Integrating prevention into enterprise procedures/policy
Nate Subra is 's/Infosec/Cyber/' Practitioner and wannabe Security Researcher from Des Moines, IA. He does stuff and thingsā¢. Nate works with a broad range of information security topics. His main passion and current career focus on offensive security and using an adversarial mindset to reduce business risk.