Upcoming Meetings

Thursday, September 2, 2021

Title: Exploring the 2021 Verizon Data Breach Investigations Report

Every year the Verizon cybersecurity team publishes a report analyzing the data and trends from the past year of cybersecurity investigations. Every cybersecurity professional should review the report because it is full of amazing insights and useful trends. This presentation will adapt the content from two episodes of The Cyber Risk Management Podcast to provide a distilled version of the 2021 DBIR and provide ample opportunity for discussion.

I am an Internet-focused lawyer with a passion for technology, privacy and security issues. As a former government regulator, I use my experience to assess privacy and data security risks and develop business-friendly strategies to reduce and manage related legal risks. I help clients comply with government regulations specifically relevant to tech and Internet companies and defend clients against government regulatory investigations or class-action lawsuits.

I am also the co-host of The Cyber Risk Management Podcast, a bi-monthly podcast that discusses cyber risk management from the perspective of a CISO and practicing cybersecurity attorney. Join our audience at http://www.thecyberriskmanagementpodcast.com!

* Certified through ISC². The Washington State Supreme Court does not recognize certification of specialties in the practice of law and this certification is not a requirement to practice law in the state of Washington.


Presenter: Jake Bernstein, CISSP
Time: 6:30-7:30 PM
Location: Online


5 August 2021

Abraham Kang

GraphQL is coming to replace your REST APIs. Built on the promise of providing more flexible access to your data, there has to be a catch. Come to this talk if you would like a comprehensive overview of the known security vulnerabilities in GraphQL applications. We will also cover mechanisms and design patterns that you can use to secure your GraphQL applications from these attacks.

[Archived Video - Coming Soon!]

3 June 2021

Bryan Hurd

Cyber Smoke Jumper – Days, Nights and Weekends in the Life of a Breach Responder. This session is a view into the past, present and future of cyber attacks hitting our companies, communities and families. Leading global teams that General Counsels, CEOs and CISOs call in emergencies or to avoid one, Bryan will be discussing not only some of the trends and technical issues in what the adversaries are doing, related to ransomware, intrusions and extortion, but the way that technical and executive leaders can protect, avoid, or respond to attacks from cyber criminals or insiders. Bryan will also be discussing the skills, certifications, and network of professionals that make collective response to this global threat possible.

[Archived Video - Coming Soon!]

6 May 2021

Joe Szymusiak

Data the Unintended Consequences. Where, what, and how personal data has been used and abused.

[Archived Video - Coming Soon!]

1 April 2021

Fernando Maymi

Collective Defense is a multiparty strategy in which each member of a community freely contributes to the cybersecurity of the others and, in so doing, improves its own security. It is the idea that organizations defend as a team. Participants trust each other and cooperate in matters of cybersecurity while remaining competitive in the marketplace. The Collective Defense Framework comprises three components. Cooperation which requires that all participants work together to achieve a collective effect that would have been impossible to be done in isolation. Intelligence which entails collaborating on the production and sharing of friendly information and threat intelligence to develop a common operational picture. Activities and initiatives in these first two components are validated, practiced and enhanced through the third component, Training and Exercises.

[Archived Video - Coming Soon!]

4 March 2021

Frank Simorjay

Come join us in our upcoming ISC2 Seattle meeting where Frank Simorjay ISC2 Seattle Chapter President will share his expertise at Microsoft and present on the topic of Securing Privileged Access processes, and what you should considering in building own Privileged Access Workstations (PAW).

[Archived Video - Coming Soon!]

4 February 2021

Dan Griffin

I will discuss the role that privileged access plays in preventing future Solar Winds like attacks. I will provide specific examples of hardware and toolchain security measures that you can adopt for secure software development.

[Archived Video - Coming Soon!]

7 January 2021

Jean Pawluk (CISSP)

All that glitters... Applying lessons learned to date to emerging technologies.

[Archived Video - Coming Soon!]

3 December 2020

Marc Coady (CISSP)

One-man Band - My personal experience as the first IT Security Manager of MOD

[Archived Video - Coming Soon!]

5 November 2020

Trey Blalock (CISSP)

Why APT's have Changed the Economics of Security.

[Archived Video - Coming Soon!]

1 October 2020

Jake Bernstein (CISSP)

Creating a cybersecurity program that meets the FTC's standard for reasonableness based on the NIST CSF.

[Archived Video - Coming Soon!]