Join us on Wednesday, December 16 for two special joint chapter events with ISSA Northern Virginia and Central Maryland:
O365 Security Lunch & Learn
By Chris Morales of Vectra
at 12:00 pm
and
Powershell JEA
By James Honeycutt - Sponsored by Red CanaryAbstract
at 5:00 pm
Both meetings will be hosted virtually. Registration is required.
We are happy to be partnering with the Central Maryland and Northern Virginia ISSA Chapters.
O365 Security Lunch & Learn
Must RSVP if you plan to attend.
Wednesday, December 16, 2020 at 12:00 pm
Abstract
We'll navigate through uncharted security territory by analyzing the attack lifecycle in the cloud and dissecting a real-world attack. The same technology that makes the cloud dynamic can have the opposite effect on an organization’s ability to implement detection and response in cloud environments. This includes the adding additional layer of preventative controls in addition to MFA, because it's increasingly being bypassed in O365 as an example. Chris Morales, Head of Analytics with Vectra, will help us navigate through the uncharted security territory by analyzing the attack lifecycle in the cloud, reviewing the top cloud security threats, and dissecting a real-world cloud attack. Additionally, he'll provide key takeaways for managing access, detection and response, and security operations.
Speaker Bio
Chris Morales, Is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Chris is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.
Powershell JEA
Must RSVP if you plan to attend.
Wednesday, December 16, 2020 at 5:00 pm
Abstract
Abstract - PowerShell Just Enough Administration (JEA) allows us Systems Administrators to empower our fellow admins, developers, and security personal to accomplish what they need to on our systems. Give them just enough administrative permissions to accomplish their duties without interrupting your day or night. This talk shows how to assign roles and give the appropriate permissions to those roles.
The presentation will start off with a little bit of JEA background and what problem it solves. We will discuss what planning and considerations are involved with implementing JEA. We will discuss the different resource files needed and how to create them. We will talk about how granular or liberal we can get with creating our rules. We will look at an example of the various resource files then create our own. I will show the commands need to enable JEA. We will do a walkthrough of setting up JEA, creating our files and enabling JEA, and demo how you can give a developer elevated permission on certain PowerShell commands. I will show how you can assign a group of commands with wild cards like get-IIS and specific commands like stopping a specific service with specific arguments and switches. We will have to talk about where the audience can get some more in-depth training on this subject, there is no way to learn it in an hour.
About the speaker
James Honeycutt is a hardworking and dedicated cybersecurity professional who enjoys scripting and participating in capture the flags. James has served over 20 years in the military in various technical and leadership positions. In his current assignment, he am part of a Cyber Protection Team and serve as the Microsoft Windows Expert. See James full bio at https://honeycuttjames.wixsite.com/mysite/about.
