Our next meeting is this WEDNESDAY June 16, 2010. Pizza and networking start at 6:00 PM. Talks start at 6:30 PM. Location: Park Center Plaza #1, 6100 Oak Tree Blvd, off Rockside Road, Independence, Ohio. Click here for a Google Map! Open to everyone and free as always! Here are the list of talks and agenda items for this months meeting:
Whose Afraid of the Big Bad Wolf: Embracing Audit as a Service
Let’s see if you have a picture in your head of auditors. Do see you them, sitting there in the darkness, with a maniacal look on their faces. They pour over your documentation and configuration files just hoping to find the red meat. If there is anything juicy they will find it and feed off it at your expense. Is this the image you have of auditors? Perhaps you were burned during an audit, or just didn’t have a very good experience at the auditor’s hands. With a bit of explanation, your next audit doesn’t have to be so stressful and adversarial. Maybe, just maybe, you can walk away with some value to help improve what you do that you hadn’t thought of before.
Starting from the beginning, we will walk through why IT auditors exist and what role they play in the organizations risk management process. Since we all can relate to risk, maybe we can find the common ground and start to derive value from what auditors provide. Given the right amount of attention and care, organizations can ultimately benefit from IT and Audit working together. Plus you will sleep better at night knowing the bogeyman is just a myth.
Jeff Kirsch is an IT auditor by day and ghostnomad, an infosec geek alter ego, every chance he can get. Always trying to learn new things drives him to find better ways to help others learn about technology. His passion for technology also drives him to help those in technology understand auditors and the audit process.
Part 1: Metasploit Express – Dave Kennedy
Metasploit Express was newly released by Rapid7 and is a web-based exploitation suite built on top of the Metasploit Framework. During this presentation we will be discussing how this tool can be incorporated into your daily use within vulnerability management and penetration testing within your organization and how this tool can revolutionize how you currently perform your own testing. Metasploit Express is now one of my favorite toolset’s to utilize and after this talk, it may be yours too.
Part 2: Cradle to Grave – FBI Special Agent Ryan MacFarlane
Following an attack run from Metasploit Express through incident response and forensic analysis using SIFT 2.0.
Dave Kennedy is a security expert that has over ten years of experience in the Information Security arena. He has presented at several large conferences including BlackHat, DefCon, ShmooCon, Information Security Summit, InfoSecWorld, and other well known speaking engagements. David is the author of the Social-Engineer Toolkit, a well known and established attack framework for Social-Engineering. David has published a number of exploits, whitepapers, and contributed to the widely popular Back|Track security distribution and the Metasploit Framework. Currently, David is a director of security for an international Fortune 1000 company located in North Canton, Ohio.
FBI Special Agent Ryan MacFarlane, Cleveland Office, has spent the last six years investigating numerous criminal intrusions. With over 8 years of Internet security experience, previous work experience includes positions at IBM, i2 Technologies, Georgia Tech, and as a co-founder of an Internet security start-up in 2004.