SecDSM, a monthly meetup providing the opportunity to network with other InfoSec pros and listen to short tech talks presented by your fellow members (or give a presentation yourself!) while enjoying some beer/drinks/food. No sales pitches. The idea is to provide you actionable knowledge for you to take back to your $dayjob while building a top tier InfoSec community in the Des Moines area. If you have the desire to learn about real world InfoSec scenarios - get out of your comfort zone - and join us in a relaxed vendor neutral environment. No registration is required.

Schedule

We meet monthly on the 3rd Thursday of every month starting at 6pm at The Forge By Pillar Technology in Downtown Des Moines.

SecDSM 101 6:00 PM

A brief introduction to the group along with any announcements and general communication.

James Beal - SecDSM News 6:05 PM

Quick Review of the Month's InfoSec news.

Sherri Davidoff Do-It-Yourself Cellular IDS6:30 PM

Hacked smartphones pose extreme risks to security. Infected smartphones can record surrounding audio, intercept text messages, capture location and usage data, and send all that stolen data back to an attacker. Enterprise security pros have no visibility into the cellular network, and therefore can’t do network traffic inspection or IDS, even for devices that are physically within their facilities.

At LMG, we wanted to be able to keep tabs on smartphones in our facility! For less than $300 in parts, we built a proof-of-concept Cellular Intrusion Detection System, leveraging commercial femtocells to create a 3G cellular network sniffer. Then we infected a smartphone with the Android.Stels malware and showed how Snort was able to detect and alert upon the malicious smartphone traffic. Oh, and for fun, we remotely took control of the bot and made it do our bidding.

Our team's project demonstrates that low-cost cellular intrusion detection systems are not only possible, they are an inexpensive and effective way to combat mobile malware. In this talk, we’ll show you our method for capturing and analyzing cellular traffic using locally-deployed femtocells, which any security professional can build.


Sherri Davidoff is the CEO of LMG Security and the co-author of "Network Forensics: Tracking Hackers Through Cyberspace" (Prentice Hall, 2012). She has sixteen years of experience as a cyber security professional, specializing in digital forensics, penetration testing and security awareness training. Sherri has authored courses for the SANS Institute and Black Hat, and conducted security training for the American Bar Association, Department of Defense, Google, Comcast, Los Alamos National Laboratories, and many others. She is a faculty member at the Pacific Coast Banking School, where she teaches cybersecurity classes. Sherri is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN), and holds her degree in Computer Science and Electrical Engineering from MIT.

SecDSM 101 6:00 PM

A brief introduction to the group along with any announcements and general communication.

James Beal - SecDSM News 6:05 PM

Quick Review of the Month's InfoSec news.

SecDSM 101 6:00 PM

A brief introduction to the group along with any announcements and general communication.

James Beal - SecDSM News 6:05 PM

Quick Review of the Month's InfoSec news.

SecDSM 101 6:00 PM

A brief introduction to the group along with any announcements and general communication.

James Beal - SecDSM News 6:05 PM

Quick Review of the Month's InfoSec news.

Merchandise and Donations

Shirts (and other items) are for sale at each meeting and online.

T-Shirt

Upcoming Events

The following events might be of interest to the SecDSM community.

Be sure to check out Des Moines Web Collective for updated list of local user groups

If you'd like to see an event listed, please email us at events@secdsm.org

Please reach out via our Slack channel or email us at events@secdsm.org if you have an idea for a presentation you would like to give.

May ISSA meetingMay 22, 2017 11:30AM-1:00PM

Session Title:

Leading Cyber Protection Teams vice Managing Cyber Incident Response teams.

Short Description:

Lieutenant Colonel Lawrence N. Yazzie will be talking about Managing Cyber Incident Response Teams.

Bio:

Lieutenant Colonel Lawrence N. Yazzie is the Commander of the 168th Cyber Operations Squadron, 132nd Operations Group, 132nd Wing, Des Moines Air National Guard Base, Iowa.
Colonel Yazzie graduated from Window Rock High School, Fort Defiance, Arizona which is located on the Navajo reservation. He entered the United States Air Force Academy Class of 2000. As a recruited athlete, he played four years of Division I basketball and graduated from Cadet Squadron “Tiger” 10. After graduation, he spent nearly eight years on active duty stationed at the United States Air Force Academy and Peterson Air Force Base, Colorado, Luke Air Force Base, Arizona, and deployed twice to Kyrgyzstan and Kuwait, supporting Operations ENDURING FREEDOM and IRAQI FREEDOM. Colonel Yazzie joined the Iowa National Guard in the summer of 2008 and was selected for command of the 132nd Communications Flight. While serving as a drill status guardsmen in the Iowa Air National Guard, he worked for Proctor & Gamble Iowa City Plant as a Process Engineer and Wells Fargo Home Mortgage as an Information Technology Project Manager. In 2015, he took command of the 168th Cyber Operations Squadron.
Colonel Yazzie is an outstanding leader with 16 years of experience in information technology and manufacturing for the United State Air Force and two Fortune 500 companies.

Digital First Responder CourseJune 7, 2017 8:30AM-5:00PM

A great way to train your IT staff in fundamental incident response and digital forensic preservation, and ramp up new incident responders quickly and cost-effectively. Includes an Incident Response tabletop exercise plus three hands-on labs, in which you will create a forensic image, preserve volatile memory, and capture network traffic.

$50 early bird discount for all regisrations completed by May 23rd.

June ISSA meetingJune 26, 2017 11:30AM-1:00PM
FBL Financial, 5400 University Ave, West Des Moines, IA.
July ISSA meetingJuly 24, 2017 11:30AM-1:00PM
FBL Financial, 5400 University Ave, West Des Moines, IA.

Upcoming cons

Some members are anticipating attending the following conferences, reach out on slack to cordinate travel.

BSidesKC

BSidesKC is a non-profit organization designed to advance the body of Information Security knowledge, by providing an annual, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesKC are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.

Cost:

$20

Schedule
Day Date Start End
Saturday May 20 0800 1730
Travel Details
Day Date Time
Depart Saturday May 20 UNK
Return Saturday May 20 UNK
CircleCityCon

CircleCityCon is a security conference held in downtown Indianapolis. Our cons last years were big successes and we are only looking to grow and make it better.

CircleCityCon is about the community. Our signature offering is the community led training classes offered to all participants. Events and contests are organized by members of the security community, including both CircleCityCon staffers and community partners. Three tracks, incredible entertainment, and technical villages help round out the CircleCityCom experience. Of course, don’t forget the chance to meet and talk with your peers about all topics including security, hacking, and the latest superhero movies.

Cost:

$100 - Early Bird

$125 - GA

Schedule
Day Date Start End
Friday June 9 ?? ??
Saturday June 10 ?? ??
Travel Details
Day Date Time
Depart Thursday June 8 UNK
Return Sunday June 11 UNK
BrrCon

BrrCon is a FREE cyber security training conference with the mission to facilitate knowledge sharing, network with peers and improve capabilities within the cyber security community. BrrCon is funded exclusively by regional businesses and there will be no sponsor booths or vendor pitches.

Cost:
FREE
BSidesMSP

Security B-Sides MSP 2017 is a Minneapolis based security conference which will be held on Saturday and Sunday, June 24th and 25th 2017 at the Minneapolis Convention Center. We do not sell our speaker positions to the highest bidder. Anyone submitting, as a speaker, has an equal chance to be selected as we use a community vote process to decide. The number of speakers will be dictated by the space/time constraints of our venue. Contests, Workshops, Villages, and Training events are chosen at the sole discretion of our volunteer organizers. Again, space and time constraints of our venue will impact those decisions.

Cost:

$50

Schedule
Day Date Start End
Saturday June 24 ?? ??
Sunday June 25 ?? ??
Travel Details
Day Date Time
Depart Friday June 24 UNK
Return Sunday June 25 UNK
BSidesLV

BSides Las Vegas is an Information / Security conference that’s different. We’re a volunteer organized event, put on by and for the community, and we truly strive to keep information free.

There is no charge to the public to attend BSidesLV. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the “TALK AT YOU” conferences are starting to realize they have to change. BSidesLV is making this happen by shaking-up the format.

Cost:

Free - but get a room or be a donor if you want a ticket

Schedule
Day Date Start End
Tuesday July 25 ?? ??
Wednesday July 26 ?? ??
Travel Details
Day Date Time
Depart Monday July 24 UNK
Return Monday July 31 after defcon
DEFCON

Originally started in 1993, it was a meant to be a party for member of Platinum Net, a Fido protocol based hacking network out of Canada. As the main U.S. hub I was helping the Platinum Net organizer (I forget his name) plan a closing party for all the member BBS systems and their users. He was going to shut down the network when his dad took a new job and had to move away. We talking about where we might hold it, when all of a sudden he left early and disappeared. I was just planning a party for a network that was shut down, except for my U.S. nodes. I decided what the hell, I'll invite the members of all the other networks my BBS (A Dark Tangent System) system was a part of including Cyber Crime International (CCI), Hit Net, Tired of Protection (ToP), and like 8 others I can't remember. Why not invite everyone on #hack? Good idea!

Cost:

$225 - estimated

Schedule
Day Date Start End
Thursday July 27 ?? ??
Friday July 28 ?? ??
Saturday July 29 ?? ??
Sunday July 30 ?? ??
Travel Details
Day Date Time
Depart Monday July 24 early for BSidesLV
Return Monday July 31 ???
BroCon

BroCon ’17 offers the Bro community a chance to meet face-to-face, share new ideas, and better understand and secure our networks. The conference is composed of presentations from members of the community and the Bro Development team.

Cost:

$100 - estimated

Schedule
Day Date Start End
Tuesday Sept 12 ?? ??
Wednesday Sept 13 ?? ??
Thursday Sept 14 ?? ??
Travel Details
Day Date Time
Depart Monday Or Tuesday Sept 11 or 22
Return Thursday Sept 14 ???
Derbycon Training

DerbyCon isn’t just another security conference. We’ve taken the best elements from all of the conferences we’ve ever been to and put them into one. DerbyCon is a place you can call home, where you can meet each other, party, and learn. Our goal is to create a fun environment where the security community can come together to share ideas and concepts. Whether you know Linux, how to program, are established in security, or a hobbyist, the ideal of DerbyCon is to promote learning and strengthen the community.

Cost:

$50 - estimated

Derbycon

DerbyCon isn’t just another security conference. We’ve taken the best elements from all of the conferences we’ve ever been to and put them into one. DerbyCon is a place you can call home, where you can meet each other, party, and learn. Our goal is to create a fun environment where the security community can come together to share ideas and concepts. Whether you know Linux, how to program, are established in security, or a hobbyist, the ideal of DerbyCon is to promote learning and strengthen the community.

Cost:

$175

MISC CONF

The Minnesota Information Security Community understands that the success of security is cross-disciplinary and relies on skills and knowledge from multiple domains of knowledge. The Minnesota Information Security Community is a local group with nationwide contacts in all areas of information security and skill levels from entry ­level to Vice Presidents and CEOs of major Security firms.

Cost:

$50 - estimated

Schedule
Day Date Start End
Saturday Oct 21 ?? ??
Sunday Oct 22 ?? ??
Travel Details
Day Date Time
Depart Friday Oct 20
Return Sunday Oct 22 ???
GrrCon

GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people. We keep GrrCON small with around 1,500 attendance to allow us to provide those things other events leave out. Whether you are a Fortune 500 executive, security researcher, industry professional, student, or a hacker of flexible morals you will find something for you at GrrCON.

Cost:

$50 - Student

$90 - Early Bird

$150 - GA

$350 - VIP

Schedule
Day Date Start End
Thursday Oct 26 ?? ??
Friday Oct 27 ?? ??
Travel Details
Day Date Time
Depart Wednesday Oct 25
Return Saturday Oct 28 ???
Wild West Hacking Fest

This conference is going to be about breaking things. Non-standard things. Often, this is called “Stunt hacking”. Or, it can be called hacking of the Internet of Things (IoT). The best example one hears about is hacking a toaster, or a fridge. Each of these exploits teach us all something about the type of testing we should be doing in our own organizations. It is these non-standard devices that are going to lead to the next wave of rampant security vulnerabilities that we’ll need to address and remediate. Unfortunately, we do not have a Patch Tuesday for these devices. Much like the Wild West, the IoT is a new frontier – it’s wild, untamed and full of amazing opportunities! Saddle up, grab your lasso, and join us for this adventure!

Cost:

$100 - Early Bird

$250 - GA

Schedule
Day Date Start End
Friday Oct 27 ?? ??
Saturday Oct 29 ?? ??
Travel Details
Day Date Time
Depart Thurday Oct 26
Return Sunday Oct 29 ???

Venue

We meet in The Forge by Pillar Technology. Enter on the west side of the building and then procede up to the 2nd floor.

More info about Pillar Technology

The Forge by Pillar Technology

1420 Locust St, Des Moines, IA 50309

Sign up for Slack!