Welcome to the Milwaukee Chapter of the ISSA
The ISSA is the largest international, not-for-profit association specifically for security professionals. The primary goal of the ISSA is to promote management practices that will ensure the confidentiality, integrity and availability of information resources. The ISSA facilitates interaction and education to create a more successful environment for global information systems security and for the professionals involved.
Members include practitioners at all levels of the security field in a broad range of industries, such as communications, education, health-care, manufacturing, financial and government. As a member you will join other professionals sharing knowledge on the latest security trends, controls, and regulations while building a social network of your peers. If you are looking for information on how to become a member, please go to our Membership area.
On behalf of the Board of the Milwaukee chapter of the ISSA, I would like to thank you for your support and we hope the information provided enhances your career and personal growth.
President - ISSA Milwaukee Chapter
ISSA September Meeting Reminder
Date & Time: Tuesday, September 13, 2016, 3-5 pm
1. Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter
2. Attacks on Enterprise Social Media
New Berlin Ale House
16000 W. Cleveland Ave.
New Berlin, WI 53151
Please join us for a presentations by Phil Tully, Phd, and Senior Data Scientist at ZeroFOX, and Mike Raggo, Chief Research Scientist at ZeroFOX. They will speak on issues surrounding Social Media and cybersecurity. Check out the topics below for more information.
Topic: Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter. - Phil Tully, Phd. (presenter).
Historically, machine learning for information security has prioritized defense: think intrusion detection systems, malware classification and botnet traffic identification. Offense can benefit from data just as well. Social networks, especially Twitter with its access to extensive personal data, bot-friendly API, colloquial syntax and prevalence of shortened links, are the perfect venues for spreading machine-generated malicious content.
We present a recurrent neural network that learns to tweet phishing posts targeting specific users. The model is trained using spear phishing pen-testing data, and in order to make a click-through more likely, it is dynamically seeded with topics extracted from timeline posts of both the target and the users they retweet or follow. We augment the model with clustering to identify high value targets based on their level of social engagement such as their number of followers and retweets, and measure success using click-rates of IP-tracked links. Taken together, these techniques enable the world’s first automated end-to-end spear phishing campaign generator for Twitter.
About the Speaker: Phil Tully, Phd., ZeroFOX Senior Data Scientist.
Phil is an expert in Machine Learning as well as Neural Network Architecture. He is a pioneer in Neuromorphic Hardware and a Developer of Parallel and Distributed Computing Solutions. He has over 10 years of experience in Bioinformatics and Neuroinformatics.
Phil has presented at Blackhat and the Federation of European Neuroscience Societies (FENS) and is affiliated with the Society for Neuroscience.
Topic: Attacks on Enterprise Social Media - Mike Raggo (presenter)
Current threat vectors show targeted attacks on social media accounts owned by enterprises and their employees. Most organizations lack a defense-in-depth strategy to address the evolving social media threat landscape. The attacks are outside their network, commonly occur through their employee’s personal accounts, and circumvent existing detection technologies. In this presentation we’ll explore the taxonomy of social media impersonation attacks, phishing scams, information leakage, espionage, and more. We’ll then provide a method to categorize these threats and develop a methodology to adapting existing incident response processes to encompass social media threats for your organization.
About the Speaker: Michael T. Raggo, Chief Research Scientist, ZeroFOX, (CISSP, NSA-IAM, CCSI, ACE, CSI)
Mike has over 20 years of security research experience. His current focus is social media threats impacting the enterprise. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols” for Syngress Books, and contributing author for “Information Security the Complete Reference 2nd Edition”. A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, is a participating member of FSISAC/BITS, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon, and SANS.
1) September is the month for conferences featuring Information Security (and I thought that October was Cybersecurity month!). In order of dates we have:
9/22/16 Interface IT Conference Madison
2) October Meeting Planning is underway to hold our ISSA meeting in conjunction with ILTA in Milwaukee on October 13, 2016. There will be a presentation from Litera entitled "Office365 and the (Inevitable?) Journey to the Cloud". Lunch would be included. I will have more on this as we get closer to the meeting date.
As always, if you, or anyone you know, is interested in presenting information of interest to the chapter, please let me or any other chapter officer know. We are always interested in finding topics of current interest in the area of Information Security. Also, if you have ideas that you believe would work well for a round table or moderated panel discussion send those our way.
Please RSVP. We look forward to seeing you at the September meeting.
Mike Block, President