April 5, 2024
Apr
5

April 5, 2024

TBD

Presentation by TBD

Registration: https://www.eventbrite.com/e/811960605027?aff=oddtdtcreator

Pre-registration is Required to attend!

Location:

12501 Lakefront Place Louisville, KY 40299

(Farm Credit Mid-America Building - Schoolhouse East (132); Schoolhouse West (130))

View Event →

March 1, 2024
Mar
1

March 1, 2024

Identity Security: Much more than just successfully completing a SOX audit

In the early 2000’s, organizations scrambled to deploy governance controls to pass their SOX audits.

In those early days, "automation" for Identity Governance meant sending spreadsheets via email, to review user access to financially significant systems.

Completing SOX audits remains a priority to this day.

However, at the C-level, organizations are prioritizing Identity Security. It’s viewed as not only a means to improve governance and perform SOX reviews, but also as a way to reduce risk, remove security blind-spots, gain business insight and increase operational efficiency for all types of workers.

SailPoint Technologies will share an update on the current state of Identity Security – the market trends, risks faced by organizations and ways through which technology, including Artificial Intelligence, can help organizations to deploy an effective, comprehensive and efficient Identity Security program which delivers value to the business

Presentation by Dave Smith

Sponsor: Sailpoint

Registration: https://www.eventbrite.com/e/811953012317?aff=oddtdtcreator

Registration is Required!

We will be giving away 2 $50 gift cards at the meeting!

Eligibility requirements:

- Attend the ISSA Kentuckiana chapter meeting in-person

- Be a member of the ISSA Kentuckiana chapter

Location:

12501 Lakefront Place Louisville, KY 40299

(Farm Credit Mid-America Building - Schoolhouse East (132); Schoolhouse West (130))

View Event →
February 9, 2024
Feb
9

February 9, 2024

Cloud Security Capabilities

Cloud security solutions continue to emerge, evolve, and mature to where it may be unclear how they work together or differentiate form one another. Cloud Security acronyms such as Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), Cloud Infrastructure Entitlement Management (CIEM), and Cloud-Native Application Protection Platform (CNAPP) are being associated with many products and services making it difficult to understand which of these best meets your organizations needs. Please join us as we have an open discussion on cloud security capabilities:

· What are the main difference between CSPM, CWPP, CIEM, and CIEM?

· Where is there common functionality of these capabilities?

· What are some use cases for the various capabilities?

· Where are all these capabilities headed?

Presentation by Joe Buhr

Joe Buhr has almost 30 years of industry experience splitting time as a software developer, enterprise architect, security engineer, and a cloud consultant and specialist. From manufacturing to telecommunications, healthcare, and finance, Joe has had the opportunity to guide some of the largest organizations as they securely transition to cloud native architectures. Joe is currently a System Architect at Wiz, where he helps organizations in the cloud gain visibility and drive out risk. He has been actively involved at regional and national levels to establish and promote “Cloud Security Office Hours” (https://www.cloudsecurityofficehours.com/), an initiative to recruit new talent into the field of cloud security. When not working at his day-job, Joe continues to sharpen his development skills by contributing to several open-source projects.


Registration is Required!

Location:

12501 Lakefront Place Louisville, KY 40299

(Farm Credit Mid-America Building - Schoolhouse East (132); Schoolhouse West (130))

Registration ISSA Kentuckiana - February Meeting Registration

View Event →
Training - Application Security Testing Workshop
Jan
20

Training - Application Security Testing Workshop

Application Security Testing Workshop

The Kentucky ISSA Chapter in partnership with Ellipsis Information Security LLC is hosting an information security workshop. This day-long event covers the basics of testing web applications for security vulnerabilities plus DevSecOps and Automation. It includes methods to test for vulnerabilities plus guidance on remediating issues. This course will be taught by a globally recognized expert in application security with more than a decade of experience teaching all skill levels. Whether you are just beginning or advanced, there will be information for you. Seating is limited and the event is expected to sell out.


The class will contain interactive lectures, frequent demonstrations, and lots of lab time. Students will be provided with a customized virtual machine with the professional version of Mutillidae web security training environment pre-installed. The virtual machine is completely self-contained with all tools, files, targets, and labs set up in advance! The labs are guided, and the course includes a lab assistant to help. Join us to learn new skills, better understand web application security and hang out with others from the InfoSec community. Don't let the price fool you. The KY ISSA is offering this enterprise quality class at a deeply discounted rate.



Topics:

  • Tools, such as Burp-Suite, several vulnerability scanners, DevOps automation, and others used to test web application security

  • Impactful, risky web application vulnerabilities like Cross-site Scripting and SQL Injection

  • Labs using real, vulnerable web pages (no fake stuff here)

  • Practical skills

When:

Saturday, January 20th, 2024

8:30 AM - 4:30 PM


Where:

12501 Lakefront Place Louisville, KY 40299

(Farm Credit Mid-America Building - Schoolhouse East (132); Schoolhouse West (130))

Cost: $150

ISSA Kentuckiana Members Cost: $100 ($50 off w/ member discount code)

Costs are subsidized by the ISSA Kentuckiana Chapter to make high quality training available for everyone! One way we are able to do this is our sponsors.

Sponsor, Lunch, and Lunch Presentation provided by Stack Hawk!

Certified Security Penetration Tester & Cloud Security Architect

Google PCSE|OSCP|GPCS|GCLD|GXPN-GOLD|GPEN-GOLD|GWAPT-GOLD|GCIH-GOLD|GMOB|GSEC|GISF|Sec+

Jeremy is the Distinguished Cybersecurity Architect for the largest multi-national transportation logistics company in the world. Jeremy is also the owner of Ellipsis Information Security and teaches courses for Ellipsis and SANS Institute. As a Director of Education for the Kentucky ISSA chapter, Jeremy presents on application security, penetration testing and defense along with operating the "webpwnized" YouTube video channel. Additionally, Jeremy develops the open-source OWASP Mutillidae II training environment. Jeremy has a Bachelor of Science in Computer Science from Indiana University, a Graduate Certificate in Cybersecurity and Master of Computer Science and Engineering from the University of Louisville and is a GIAC-certified Web, API, Mobile and Network Security Penetration Tester, and Cloud Security Architect.



View Event →
Social Event - TopGolf - Sponsored by StackHawk!
Jan
18

Social Event - TopGolf - Sponsored by StackHawk!

StackHawk will be sponsoring a social event for ISSA Kentuckiana members on 1/18!

StackHawk is also sponsoring and speaking at our regular monthly meeting on 1/19, and sponsoring our Application Security Testing training on 1/20!

Registration details sent to registered attendees of Janurary meeting/training and to members

View Event →
Holiday Dinner 2023
Dec
9

Holiday Dinner 2023

2023 Holiday Dinner - Members only social event.

Location: Captain’s Quarters

Dinner event for Members and a guest

Members will directly receive registration details.

View Event →
October 6 2023
Oct
6

October 6 2023

AI & Security: The Good, The Bad, and The Hallucinatory 

How AI can help and hurt secure software development

AI is advancing at a stunning rate, with new tools and use cases being discovered each week. Recent developments in LLM-based engines have turned skeptics into believers as AI’s abilities and outputs are tangible and can even seem magical. As with all technology, AI raises both opportunities and challenges for security and development teams looking to boost productivity while managing risk.

In this talk, Clinton Herget, Field CTO at Snyk, will highlight some of the potential and some of the potential pitfalls AI can bring to secure development, and provide guidance on how security teams can think about both within the context of their programs. It's not just about deploying AI for the sake of it; instead, we're dedicated to the strategic use of AI that meaningfully enhances our product offerings and empowers our users to secure their software effectively.

Cliton Herget, Field CTO, Snyk

Sponsored by Snyk

ISSA Kentuckiana - October Meeting Registration

Cliton Herget, Field CTO, Snyk

As Field CTO at Snyk, Clinton talks to cybersecurity leaders, practitioners, and developers about the evolution of application security and the critical role we play as software builders in understanding, mitigating, and remediating the organizational risk inherent to what we build.

Prior to Snyk, he spent time as a web developer, DevOps engineer, cloud solutions architect, engineering team manager, technical director and consultant with two decades of experience building and supporting complex cloud-based web and mobile applications. An engineer first, he thrives in problem-solving, rapid prototyping, and communicating about technical complexity.

View Event →
October 5 2023
Oct
5

October 5 2023

Social Event - Top Golf

We’re gathering local leaders for an evening at Top Golf! Join Snyk, ISSA, and your peers for a fun night of golf games suitable for all skill levels.

Space is limited!

Users registered for the October meeting will receive info on this event

View Event →