Sunday, January 29, 2012 10:00 AM - Sunday, January 29, 2012 10:00 AM
San Francisco
SecureState has announced that Info Security Products Guide, the industry's leading information security research and advisory guide, has named SecureState a double global excellence award finalist for the 2012 Global Excellence Awards in the Best Overall Security Company of the Year and Top Blog categories. These prestigious global awards recognize security and IT vendors with advanced, ground-breaking products and solutions that are helping set the bar higher for others in all areas of technologies. What started in 2001 as a 3-person consulting firm, has now, 10 years later, grown into an internationally respected information security company with clients in both government and commercial sectors. |
Wednesday, January 04, 2012 2:00 PM - Wednesday, January 04, 2012 2:00 PM
Progressive Field, Cleveland
Open your hearts this holiday season and make a difference in the lives of local children in need. SecureState is offering security assessments in the form of security scans and assessments at a special holiday rate with 100% of the proceeds going to The Boys & Girls Club.
|
Tuesday, November 22, 2011 1:30 PM - Tuesday, November 22, 2011 4:30 PM
Cisco Offices Pittsburgh, PA
Learn how to use your security mindset to play with the big boys to drive your program and your career!
In a recent study of 441 Corporate CEOs, CFOs and Financial Executives, 60% plan increased investment in Enterprise Risk Management (ERM) over the next three years. In light of this, many CISO’s are intensifying the manner in which they organize the planning and delivery of security and compliance around risk.
Risk is always a challenging discussion for anyone, execs included, since the formulas vary and many of the most critical variables are unknown. Worse yet, others are unknowable! How are analytical techniques regarding unevaluated information of great complexity and corporate sensitivity going to be utilized going forward? By finally filling in the underpinnings of the simple risk equation [Risk = Threat X Vulnerabilities – Controls], we’ll explain how this could have a profound effect on how you manage your security program.
In addition, Experts predict that there will be 1 Trillion devices connected to the internet by 2013. But these devices are very different than what we saw 2 years ago. Today, these devices are consumer grade tablets, Smartphone’s, embedded chips, games etc… and as time progresses, the vast majority of these are communicating over wireless technologies. Users of these devices are increasingly bringing them to work and mixing business use and application with personal/Social media usage.
SecureState and Cisco will show you how to get top-down support and use bottom-up advances to understand where organizations are going, how risk management is changing, and how to improve security’s (and possibly your) stature. These topics and more will be addressed in this interactive seminar!
Location: Cisco System Offices
323 North Shore Drive, Suite 300
Pittsburgh, PA 15212
When: Tuesday, November 22, 2011
1:30PM – 4:30 / REGISTRATION 1:00PM
Registration required:
Click here or call 216.927.8200
|
Friday, November 11, 2011 11:30 AM - Friday, November 11, 2011 1:00 PM
Sullivan University Campus
Announcement from OWASP Louisville Chapter - MEETING NOV 11TH - TOM ESTON TO SPEAK!!!
Meeting: Louisville OWASP - Nov 11th , 11:30 AM – 1 PM
Meeting Location:
Sullivan University Campus, 3101 Bardstown Road, Room 254, Louisville KY 40205 - (about 15 minutes from the airport…on I-264 East)
When you arrive at the University's main building, Drive around past the front visitor's doors to the parking area on the right side of the Main Building. Room 254 can be accessed via a back stairway near a break area on the back right-hand side of the building, very easy to spot.
Desktop Betrayal: Exploiting Clients through the Features They Demand
In this talk, Tom Eston will explore the use of client features to gain privileged access to client systems. During previous talks around social networks, Tom Eston and fellow security researcher Kevin Johnson discovered that most of the damage they could perform against a target didn’t use an exploit against any vulnerable system. Tom and Kevin were able to create various attacks that made use of features being used on client machines. While this talk will not disclose any vulnerabilities within popular client software, Tom will be releasing multiple attacks that use these clients against their users. Tom will be discussing attacks using JavaScript, HTML5, PDF files, Flash, Data URIs, Web Workers and more. Tom will also discuss code to perform these attacks as well as add-ons to popular tools such as BeEF (Browser Exploitation Framework) that will enable these tools to make use of the attacks.
Tom Eston is the manager of the SecureState Profiling Team. Tom leads a team of highly skilled penetration testers that provides attack and penetration testing services for SecureState’s clients. Tom focuses much of his research on new technologies such as social media, mobile devices and new web technology. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is also a security blogger, co-host of the Security Justice and Social Media Security podcasts and is a frequent speaker at security user groups and national conferences including DerbyCon, Notacon, OWASP AppSec, Black Hat USA, DEFCON and ShmooCon.
|
Thursday, November 03, 2011 12:00 PM - Thursday, November 03, 2011 2:00 PM
SecureState
Please join us for the Cleveland OWASP meeting on Thursday, November 3rd from noon to 2 p.m. at the SecureState Headquarters (23340 Miles Road, Cleveland, OH 44128)
As always, OWASP is free and open to the public but you must RSVP and seats are filling up fast!
Lunch will be provided. Please RSVP to Sabrina Powers via email spowers@securestate.com
John Jacott will be presenting, “The Mobile App Top 10 Risks”
Abstract:
Rapid adoption of mobile devices and mobile apps has created a significant and unbounded security risk for the enterprise. The mobile app threat is quickly progressing from simple “premium SMS and call” attacks that directly monetize by running up the victims bill, to full- blown mobile botnet functionality. Enterprises must recognize the need to enable a mobile workforce with meaningful applications that allow them to be productive while maintaining the security of sensitive data on the device and internal networks.
Modern mobile applications run on mobile devices that have the functionality of a desktop or laptop running a general purpose operating system. In this respect many of the risks are similar to those of traditional spyware, Trojan software, and insecurely designed apps. However, mobile devices are not just small computers. Mobile devices are designed around personal and communication functionality which makes the top mobile applications risks different from the top traditional computing risks.
Mr. Jacott will discuss the mobile app top 10 list and provide some insight into mobile research conducted.
Speaker Bio: Mr. Jacott has over 15 years of experience and leads Veracode’s Solutions Enablement group for partners and strategic accounts. His extensive auditing experience, lately as PCI QSA and IRCA Lead Auditor for Information Security Management Systems provides a complete and pragmatic perspective on application security and information security controls. He has worked as an Information Security Consultant and Information Security Program Manager for several large Fortune 100 firms.
|
Monday, October 24, 2011
Westlake, Ohio
|
Saturday, October 08, 2011 12:00 AM - Saturday, October 08, 2011 12:00 AM
San Diego
Spencer McIntyre is presenting at ToorCon 13 in San Diego, Saturday, October 8. |
Wednesday, October 05, 2011 1:00 PM - Wednesday, October 05, 2011 2:00 PM
Ford Conference & Event Center - Detroit
Not a week goes by without hearing about some hacker group making the headlines or some new email attack scheme. It would seem that the better technology gets, the more cyber criminals can get away with. Our panel will discuss the current threatscape and what can be done to help prevent these ever changing attacks from happening to your company. See you at SecureWorld Detroit. |
Tuesday, October 04, 2011 12:00 AM - Wednesday, October 05, 2011 12:00 AM
Rochester
|
Thursday, September 29, 2011 12:00 AM - Thursday, September 29, 2011 12:00 AM
Annual Louisville Metro InfoSec Conference
|
Thursday, September 15, 2011 12:00 AM - Thursday, September 15, 2011 12:00 AM
Hawthorne Valley Golf Club - Solon, OH
|
Thursday, August 04, 2011 12:00 AM - Sunday, August 07, 2011 12:00 AM
DEF CON 19 - Las Vegas, NV
|
Friday, July 29, 2011
Caesars Palace Las Vegas, NV
The Black Hat Briefings remains the biggest and the most important technical security conference series in the world by remaining true to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment.
The knowledge presented at Black Hat USA 2011 will offer you a look into what concerns the security research community today and in the future. This year’s Las Vegas event will host over 50 training courses from top experts in the field, feature seven Briefings tracks of the latest security research and two workshop tracks dedicated to practical application and demonstration of tools, techniques and open source applications to aid in securing your infrastructure.
Be sure to catch SecureState's Tom Eston presenting "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers." |
Wednesday, July 27, 2011 9:30 AM - Wednesday, July 27, 2011 3:30 PM
Chicago-Cisco System Offices, 9501 Technology Blvd., Rosemont,IL 60018
Investment in Enterprise Risk Management (ERM) is expected to increase and, as such, many CISOs are intensifying the manner in which they organize the planning and delivery of security and compliance around risk.
Risk always is a challenging discussion for anyone, execs included, because the formulas used to calculate risk vary, and many of the most critical variables are unknown. Worse yet, others are unknowable! How are analytical techniques regarding unevaluated information of great complexity and corporate sensitivity going to be utilized going forward?
We will explain how understanding and utilizing the simple Risk Equation [Risk = Threat X Vulnerabilities - Controls] can have a profound effect on how you manage your security program.
As we strive to address technological advances and their inherent risks, the solutions are not always simple or linear. They often are multi-dimensional and inter-related, and require new approaches.
SecureState and Cisco will show you how to get top-down support and use bottom-up advances to understand where organizations are going, how risk management is changing, and how to improve security's (and possibly your) stature.
|
Friday, July 22, 2011 8:30 AM - Friday, July 22, 2011 1:30 PM
SecureState
Meet some of Geauga Humane Society's Rescue Village adoptable animals and contribute to a great cause while getting your car cleaned.
SecureState will be donating 100% of the proceeds to Rescue Village.
Located at 23340 Miles Rd, Bedford Hts, 44122
Rain date: July 29th |
Wednesday, June 15, 2011 6:00 PM - Wednesday, June 15, 2011 8:00 PM
Park Center Plaza 1, 6100 Oak Tree Blvd
Join us as SecureState's Chris Clymer presents "10 Ways to Fail at Information Security." This is a free event open to everyone.
|
Thursday, June 09, 2011 1:30 PM - Thursday, June 09, 2011 2:30 PM
Payment Card Industry Data Security Standard (PCI DSS) 2.0 requires action. Credit card data is real-time, and scans and self-assessments don't equal compliance.
Learn how to protect your enterprise, your reputation and PCI data. Join us for an interview with the experts.
SecureState's Konrad Fellmann, CISA, CISSP and PCI QSA and Attevo's leader of Risk Management, Randy Johnson, will discuss strategies to efficiently manage your risk and meet PCI 2.0 Compliance.
|
Wednesday, June 08, 2011
Left Field Meeting Space, 116 Federal St., Pittsburgh, PA 15212
Think you have to go to Washington or Vegas for an awesome computer security conference? Think again! Pittsburgh is getting its own Security Bsides this summer, featuring awesome talks and the chance to meet other local Infosec people as well as nationally recognized experts. There are a lot of people in Pittsburgh doing awesome things in the field; let's get them all together! Oh, did we mention it's all free - even the food and beer??
|
Saturday, May 14, 2011 9:30 AM - Saturday, May 14, 2011 12:00 PM
Main Classroom Building Rm 136, East 22nd & Chester Ave., Cleveland State University, Cleveland, Ohio
SecureState's Jake Garlie presents "Data Mining, It's your Data" walking us through the data mining maze and explains how to get out.
Jake performs many assessments including Penetration Tests, Web
Application Security Assessments, and Wireless Assessments. In his
tenure with SecureState, Jake has worked with organizations across a
variety of industries, providing him with the expertise and knowledge of
the different ways each industry secures their data. |
Thursday, May 12, 2011 1:00 PM - Thursday, May 12, 2011 4:00 PM
New Horizons Computer Learning Center
Make sure to stop by and hear SecureState's Jason Suplita present "The Economics of Botnets." |
Thursday, May 12, 2011 12:00 PM - Friday, May 13, 2011 12:00 PM
Hyatt Regency, Columbus, Ohio
Join us as SecureState's Tom Eston presents "Attacking and Defending Apple iOS Devices in the Enterprise"
IT loves to use Apple iPhones and iPads, but hates supporting them. For most environments, they represent the exception, and are not subject to standard corporate controls. The reason the exception is allowed is usually the fact that the CEO bought an iPhone and iPad the day they were released, and then quickly filled them with sensitive corporate data. With their portability and popularity, it is only a matter of time before one of these devices ends up missing. How worried should you be? This presentation will cover the latest real-world attack techniques for compromising Apple’s iOS devices, introduce a new assessment methodology that can be used by penetration testers, and discuss the latest defensive techniques for securely deploying iOS devices within your enterprise. |
The last chapter meeting of the 2010 - 2011 season is a Breakfast meeting on Tuesday, May 10th. Matt Neely and Gary McCully of SecureState will present 'Introduction to NMAP'. This is a hands on lab so bring your laptop.
NMAP is a free an open source network mapping
and port scanning tool. NMAP is the corner stone tool in any
penetration testers tool box. However NMAP has many uses outside of
penetration testing. During this hands on lab attendees will learn the
basics of using NMAP to map networks and enumerate systems. Basic and
advanced NMAP commands will be covered. This workshop will focus on
learning through doing so attendees are encouraged to bring a laptop to
participate in this lab. If possible attendees should have the most
recent version of NMAP installed on their system. SecureState will also
provide test systems users can connect to if they cannot install NMAP
on their laptops..
The meeting will be held at the Regional Enterprise Tower 425 Sixth Ave 31st floor. Registration will begin at 8:00 am, Breakfast at 8:30 and the presentation at 9:00 am.
|
Thursday, May 05, 2011 5:00 PM - Thursday, May 05, 2011 5:00 PM
Watch the webcast as SecureState's Tom Eston talks about "Social Media Security: Adoption, Adaptation and Adversaries."
|
Tuesday, April 19, 2011 3:00 PM - Wednesday, April 20, 2011 6:00 PM
Disney's Contemporary Resort
Visit SecureState's booth, #509, at InfoSec World.
|
Friday, April 15, 2011 8:00 AM - Friday, April 15, 2011 5:00 PM
Chicago, IL
SecureState's Spencer McIntyre and Matt Neely will be presenting "EAPEAK - Wireless 802.1X EAP Identification and Foot Printing Tool."
|
Tuesday, April 12, 2011 12:00 PM - Tuesday, April 12, 2011 1:00 PM
This briefing will review the objectives and
requirements found in SP 800-39 which provides the groundwork for a
three-tiered risk management approach that fundamentally changes how
information security risk is managed. Dr. Ron Ross, Sr. Computer Scientist, NIST will describe this
new holistic approach that will allow senior leaders to determine what
needs to be protected based on the organization's core missions and
business functions.
The highly regarded and newly released Managing
Information Security Risk: Organization, Mission, and Information System
is the capstone and fourth in a series of documents targeting risk
management and information security fundamentals, by the Joint Task
Force Transformation Initiative (JTFTI), a joint partnership among the
United States Department of Defense (DOD), Intelligence Community, the
National Institute of Science and Technology (NIST), and the Committee
on National Security Systems (CNSC).
NIST Special Publication 800-39 addresses some of
the fundamental issues that organizations face in how information
security risk is assessed, responded to, and monitored over time in the
context of critical missions and business functions.
Learning Objectives
- Understand the high level objectives of SP 800-39
- Understand how to implement the 3-tiered risk management approach
- How to move from vulnerability management to risk management
Who Should View?
- CISO’s and CIO’s
- Risk Management, Managers and Staff
- Implementers of Risk Assessment and Analysis
- Staff Responsible for FISMA Compliance
Agenda
- Introductions
- Presentation by Dr. Ron Ross
- Panel Discussion – Adopting 800-39 in Public and Private Organization
- Live Q&A
Speakers:
- Dr. Ron Ross, Sr. Computer Scientist/Information Security Researcher, National Institute of Standards and Technology (NIST)
- Jack Jones, Founder and President, Risk Management Insight
- Ken Stasiak, CEO, SecureState LLC
|
Thursday, April 07, 2011 1:00 PM - Thursday, April 07, 2011 5:00 PM
Cisco Offices, Cleveland
“Making the move from Security to Risk Management” Plus Analyzing the threat problem and Cisco’s revolutionary new threat-based strategy for Security Risk
Learn how to use your security mindset to play with the big boys to drive your program and your career!
In a recent study of 441 Corporate CEOs, CFOs and Financial Executives, 60% plan increased investment in Enterprise Risk Management (ERM) over the next three years. In light of this, many CISO’s are intensifying the manner in which they organize the planning and delivery of security and compliance around risk.
Risk is always a challenging discussion for anyone, execs included, since the formulas vary and many of the most critical variables are unknown. Worse yet, others are unknowable! How are analytical techniques regarding unevaluated information of great complexity and corporate sensitivity going to be utilized going forward? By finally filling in the underpinnings of the simple risk equation [Risk = Threat X Vulnerabilities – Controls], we’ll explain how this could have a profound effect on how you manage your security program.
As we strive and struggle to address the technological advances and the risks inherent in them, the solutions are not always simple, linear problems. They are multi-dimensional and inter-related, and require a new approach to tried-and-true methods of the past.
SecureState and Cisco will show you how to get top-down support and use bottom-up advances to understand where organizations are going, how risk management is changing, and how to improve security’s (and possibly your) stature. These topics and more will be addressed in this interactive seminar!
Registration required: Click here or call 216.927.8200
As you move from the security guy to CISO, can you elevate your program with Risk Management?
You’ve taken the beneficial (and required) steps to build your security program. While there is a lot more to do, a new dynamic is emerging in companies– Enterprise Risk Management. Learn what you can do to get ahead of this curve and answer the most vexing question from Executive Management – How do you know Risk if you don’t even know what threat is?
SecureState and Cisco will address such topics as:
• Why do so many executives see Security as inadequate?
• Can you realistically evaluate the strength and readiness of your security infrastructure?
• How can you get ahead of the game on risk with threats, vulnerabilities, and controls?
• A practical, useful security risk equation that you can use without killing its success.
• Why does addressing threat in the risk equation help with one of the most vexing issues plaguing security risk management today?
• Where is Cisco going with their strategic direction?
• How are they “jumping the curve” on threat management?
• How can you use your security risk way of thinking to not only get a seat at the table, but lead the table?
|
Thursday, March 24, 2011 8:00 AM - Friday, March 25, 2011 6:00 PM
IIT School of Applied Technology, Wheaton, Illinois
SecureState's Andrew Weidenhamer will be presenting "Your Child's 'Second Life': The Impact of Parental Ignorance." Andrew will discuss the Children's Online Privacy Protection Act (COPPA) and how to teach children the best ways to safely use social media sites.
|
Wednesday, March 23, 2011 8:00 AM - Thursday, March 24, 2011 6:00 PM
Hynes Convention Center
Regional Security Conference that delivers that delivers high quality security education, training and networking. Be sure to stop by and visit our booth for a chance to win an iPod nano!
|
Tuesday, March 22, 2011 12:00 PM - Tuesday, March 22, 2011 2:00 PM
Cleveland, Ohio
Join us while known Web Application Security Speaker, Kevin Johnson, discusses "Ninja Developers: Application Security Testing and your SDLC." Kevin is the founder of Secure Ideas, a certified SANS instructor and a contributor to many open source security projects. Kevin developed BASE, which is a Web front-end for Snort analysis as well as founding and leading the SamuraiWTF, a live testing environment focused on Web penetration testing. Lunch is provided, chapter meetings are free but you must RSVP to spowers@securestate.com soon as seats are filling fast! The meeting is at 23340 Miles Rd, Cleveland, Ohio 44128. Deadline to RSVP is Friday, March 18th.
|
|
|
|
|