SecDSM, a monthly meetup providing the opportunity to network with other InfoSec pros and listen to short tech talks presented by your fellow members (or give a presentation yourself!) while enjoying some beer/drinks/food. No sales pitches. The idea is to provide you actionable knowledge for you to take back to your $dayjob while building a top tier InfoSec community in the Des Moines area. If you have the desire to learn about real world InfoSec scenarios - get out of your comfort zone - and join us in a relaxed vendor neutral environment. No registration is required.
Schedule
We meet monthly, on the 3rd Thursday starting at 6pm at The Forge By Pillar Technology (now part of Accenture Industry X.0) in Downtown Des Moines.
SecDSM 101 6:00 PM
A brief introduction to the group along with any announcements and general communication.
James Beal - SecDSM News 6:05 PM
Quick Review of the Month's InfoSec news.
Jeremís Sauceda Using Symmetries to Secure Large Legacy Software
Replacing large legacy software is not possible. The cost and time needed to replicate the complex requirements existing systems fulfill is astronomical. Meanwhile an adversary only needs one vulnerability to hack critical infrastructure or a cyber-physical system. These vulnerabilities took decades to accumulate, and with current technology will take decades to secure.
Solutions that exploit symmetry in software offer a different approach to securing large legacy systems much faster than is possible with current techniques. In this talk, we will explore what symmetries are and how to use them to build a new generation of highly accurate and scalable program analysis and transformation tools to secure large legacy software. We will present results from two multi-million dollar DARPA cybersecurity programs, which highlight the basic science of symmetries and the monumental engineering challenge of building tools that scale to multi-million line software.
Jeremís Sauceda is currently the CTO at EnSoft Corp. His early work at EnSoft focused on using program analysis techniques to automate labor-intensive software engineering tasks for Avionics software development for the Boeing 737 and 787. These techniques were adapted for use in other cyber-physical systems, such as automotive systems. Today these tools are used at over 350 companies including every major aerospace, automotive, and defense company worldwide.
Jeremís is also a Co-PI on the DARPA Cyber Assured Systems Engineering and the Space/Time Analysis for Cybersecurity program. In addition, he was the Co-PI for a top-performing team on the DARPA Automated Program Analysis for Cybersecurity program, and was involved in the DARPA Software-Enabled Control program.
Nate Subra Honeypots: A Primer
Ever wanted to run your own honeypot but didn't know where to start? Not sure on the various use cases of a honeypot? What's the difference between a honey(token|pot|net)??? Do you feel like you could use a honeypot in your offensive/defensive arsenal and are looking for ideas on how/when/where to implement them? This talk is for you.
Nate Subra is a Red Team member with Leidos Commercial Cyber. His primary duties include Red Teaming and Penetration Testing. He has held various Red and Blue engineering and leadership roles. He is a co-founder of SecDSM, a local information security meetup group in Des Moines, IA. He holds various certifications such as the OSCP, CISSP, and GCIH.
TOOOL Des Moines Locksport
A side room will be dedicated to locksport.
Sponsored by
SecDSM 101 6:00 PM
A brief introduction to the group along with any announcements and general communication.
James Beal - SecDSM News 6:05 PM
Quick Review of the Month's InfoSec news.
TOOOL Des Moines Locksport
A side room will be dedicated to locksport.
Sponsored by
SecDSM 101 6:00 PM
A brief introduction to the group along with any announcements and general communication.
James Beal - SecDSM News 6:05 PM
Quick Review of the Month's InfoSec news.
Pavel (Pav) Trinos Bypassing wired 802.1x and ways to prevent it
Most people know that using 802.1x for port-based Network Access Control is the most secure way. What if I told you that there is a way that anyone could bypass it in 99% of today's implementations? In this talk, I will cover TLS based authentication of 802.1x standard and how re-authentications work on the wired side. Based on this knowledge, I will introduce approaches for bypassing 802.1x and available remediation to the problem. This ability to bypass wired controls during Pen Testing or other security related assessments will open the doors to better securing corporate networks.
As an example, I will be using Cisco ISE and Cisco switch to bypass and later on remediate the issue
TOOOL Des Moines Locksport
A side room will be dedicated to locksport.
Sponsored by
SecDSM 101 6:00 PM
A brief introduction to the group along with any announcements and general communication.
James Beal - SecDSM News 6:05 PM
Quick Review of the Month's InfoSec news.
Benjamin Blakely Machine Learning Primer and Cyber Applications
Machine Learning, Artificial Intelligence, Big Data: these terms are everywhere in marketing, research, and the news. Many companies now incorporate some element of machine learning into their information security product offerings as this is often the only way to handle the large volumes of data produced. As we're faced with terabytes (often on a daily basis) of data, can humans ever keep up or do we need to enlist the help of friendly robots to help us out? How smart are these robots and what's the difference between Artificial Intelligence and Machine Learning anyway? Is a neural network really like a human brain? What kinds of information security problems is machine learning good for (or not)? In this session, designed as an introduction to machine learning for cyber security professionals, we will cover an overview of the background, types, and use cases for machine learning, and help you make better decisions about how to use these technologies in the right way to get your arms around your data.
Benjamin Blakely is a cyber security researcher at a US Department of Energy national laboratory. Previously, he has held positions in the private, public, and education sectors, and built an information security program to support growth of a cloud software startup through its initial public offering into the thousands of corporate customers. He earned his PhD and BS degrees in Computer Engineering from Iowa State University, with minors in psychology and political science. He holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) certifications, and is the lead inventor on two patents related to encryption key management in cloud infrastructures.
TOOOL Des Moines Locksport
A side room will be dedicated to locksport.
Sponsored by
Merchandise and Donations
Shirts (and other items) are for sale online.
Upcoming cons
Some members are anticipating attending the following conferences, reach out on slack to coordinate travel.
Venue
We meet in The Forge by Pillar Technology (now part of Accenture Industry X.0). Enter on the west side of the building and then proceed up to the 2nd floor.
More info about Pillar Technology (now part of Accenture Industry X.0)
The Forge by Pillar Technology (now part of Accenture Industry X.0)
1420 Locust St, Des Moines, IA 50309