Welcome to the Milwaukee Chapter of the ISSA 

The ISSA is the largest international, not-for-profit association specifically for security professionals. The primary goal of the ISSA is to promote management practices that will ensure the confidentiality, integrity and availability of information resources. The ISSA facilitates interaction and education to create a more successful environment for global information systems security and for the professionals involved.

Members include practitioners at all levels of the security field in a broad range of industries, such as communications, education, health-care, manufacturing, financial and government. As a member you will join other professionals sharing knowledge on the latest security trends, controls, and regulations while building a social network of your peers. If you are looking for information on how to become a member, please go to our Membership area.

On behalf of the Board of the Milwaukee chapter of the ISSA, I would like to thank you for your support and we hope the information provided enhances your career and personal growth.


President - ISSA Milwaukee Chapter


 

Meeting Reminder

Date & Time:  Tuesday, February 14, 2017, 3-5 pm 

What:  Securing and Penetration Testing Microservices and Containers

 

Location:  

New Berlin Ale House

16000 W. Cleveland Ave.

 New Berlin, WI 53151

 http://www.newberlinalehouse.com/Contact.html

 

Please join us for an interesting presentation on protecting microservices and containerization platforms, and the tools techniques for pentesting these technologies

 

Topic: Securing and Penetration Testing Microservices and Containers

 

Microservices are a way of designing software applications as suites of independently deployable services. Containers are structures used to wrap software in a complete filesystem that contains everything an application needs to run. Development teams are frequently turning away from traditional three-tier server architectures and monolithic web applications to microservices and containers to create applications for today’s increasingly mobile, interconnected and cloud-hosted world. 

 

This talk will:

Provide an overview of microservices and containerization

Demonstrate popular microservice and container platforms such as Docker and Node.js

Outline key security challenges for these technologies

Show some tools and techniques for penetration testing these technologies

About the Speaker: Kevin Bong, GSE, PMP, QSA, GCIH, GCIA, GPPA, GSEC, GCFA, GAWN

Kevin is a Manager at Sikich focusing on information security and compliance issues faced by institutions across numerous industry verticals. Prior to joining Sikich, Kevin spent 12 years as a Vice President of a multi-billion-dollar financial group, leading the bank’s security and IT risk management activities. With his experience performing audits, penetration testing, risk assessments and forensic investigations, Kevin provides invaluable guidance to institutions affected by standards such as those related to the FFIEC, NIST, HIPAA and PCI. 

Kevin is the creator of the MiniPwner, a pocket-size penetration testing device used to get remote access to a network. He’s also an author, instructor and a speaker at conferences like RSA, DerbyCon, Security BSides and WACCI. 

Kevin has a Master of Science Degree in Information Security Engineering from the SANS Institute. In addition, he is a Payment Card Industry Qualified Security Assessor (QSA) and a Project Management Professional (PMP) who holds numerous Global Information Assurance Certifications (GIAC), including GIAC Security Expert (GSE), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Perimeter Protection Analyst (GPPA), GIAC Security Essentials (GSEC), GIAC Certified Forensic Analyst (GCFA) and GIAC Assessing and Auditing Wireless Networks (GAWN).

Upcoming Events:

1) March Meeting Jonathan Villa, Practice Lead, Cloud Security at GuidePoint Security will be our March speaker. Jonathan has an extensive background in Technology, including 13 years in the field of Information Security. We can look forward to an interesting presentation. I will include more details in the March newsletter.

2) Student360 The Upper Midwest Security Alliance (UMSA) is presenting a new student-focused education event. This event, modeled after the Secure360 Conference, will be held on Saturday, February 11, 2017 and is focused on three "track" areas for learning including hands-on demonstrations, professional advancement/career sessions, and a career pavilion for recruiting. Find out more here: https://secure360.org/student360/. If you know of any students that might benefit from attendance at this event, please furnish them with the link.

3) Cyphercon 2.0 Mark your calendars for this event being held right here in Milwaukee on March 30-31, 2017. Cyphercon focuses strongly on hacking. You can find out more about it at: https://cyphercon.com/cyphercon-20/.

4) TrendMicro will be presenting at the Lake Country ISC2 meeting on February 9th at 6:00 PM. The meeting will be held at the New Berlin Ale House. The presentation will be focused on changes to security in the cloud

 

As always, if you, or anyone you know, is interested in presenting information of interest to the chapter, please let me or any other chapter officer know. We are always interested in finding topics of current interest in the area of Information Security. Also, if you have ideas that you believe would work well for a round table or moderated panel discussion send those our way.

 

Please RSVP. We look forward to seeing you at the February meeting.

 

Mike Block, President