The ES3 agenda is shown below:

9:30 - 10:00 AM: Breakout Session 1

Compliance Track: Data Attack Anatomy - Stopping Bad Guys / Satisfying Auditors with Pragmatic Database Security

Efficiency Track: Network Operating Systems & Central Management

Risk Track: Security in a Virtualized World

10:15 - 10:45 AM: Breakout Session 2

Compliance Track: Staying the Course in a Sea of Change

Efficiency Track: Anytime, Anywhere, Consistency, Efficiency, Accuracy – A Moving Target

Risk Track: Anatomy of a Breach: Hydraq Highlights)

11:00 - 11:30 AM: Breakout Session 3

Compliance Track: The New Thinking on Security and Compliance

Efficiency Track: Riverbed WAN Optimization Solutions

Risk Track: Increasing Operational Efficiency While Reducing IT Costs

1:00 - 1:30 PM: Breakout Session 4

Compliance Track: Shared Administrative and Embedded Application Passwords – How to Secure, Effectively Manage, and Meet Compliance Requirements

Efficiency Track: Palo Alto Enterprise 2.0 & Network Security - Regain Control of your Network & Safely Enable E2.0 Applications

Risk Track: CheckPoint;

1:45 - 2:15 PM: Breakout Session 5

Compliance Track: FishNet Security

Efficiency Track: FishNet Security

Risk Track: FishNet Security / Emerging Threats

2:15 - 2:45 PM: Sponsor Exhibits Open

2:45 - 4:00 PM: C-Level Industry Panel (Keynote)

The meeting started with a brief introduction of Officers and Board members present, which was followed by introductions of the members present in OKC and Tulsa.

Following the introductions, a short summary of the IOMA Board Annual Planning meeting was discussed, including a review of the meeting schedule planned for the next 15 months.

The topic for our February monthly meeting was the "Critical Manufacturing" sector, one of the 18 Critical Infrastructure and Key Resource (CI/KR) sectors established by the U.S. Department of Homeland Security (DHS).

Our speaker was Josha D. Jordan, from the U.S. Department of Homeland Security (DHS) Office of Infrastructure Protection (IP) at DHS Headquarters in Washington, DC.  Josha is in the newly formed Critical Manufacturing Sector-Specific Agency, where he serves as the main contact for intergovernmental programs within the sector.

He is responsible for coordinating sector site visits to Manufacturing partners, identifying information and assets within the sector for the DHS Critical Foreign Dependencies Initiative, Tiering of Level 1 and 2 Critical Manufacturing Sector facilities, and infrastructure information as it relates to sector taxonomy. Mr. Jordan also serves as the sector Protective Security Advisor liaison for vulnerability and risk assessments throughout the country.

Josha provided an introduction to the Critical Infrastructure/Key Resource (CI/KR) sectors, which was followed by a Critical Manufacturing sector specific presentation.

The topics for our January monthly meeting included a FBI Counterintelligence Presentation and a Review of Our 2009 Activities -- followed by a Discussion of Planned activities for 2010.

Our speaker was Supervisory Special Agent, Trey Resolute, the new supervisor of the Oklahoma City FBI Field Intelligence Group, Trey reviewed a series counterintelligence activities and several case histories.

Afterwards, Special Agent Martha Justice (our FBI InfraGard Coordinator) and Ken Ontko, IOMA Chapter President, provided an overview 2009 InfraGard activities and lead a discussion of future considerations for 2010.

This was followed by a request for comments and suggestions from the members present for ideas about future meetings, in preparation for our annual InfraGard Board planning session on scheduled for January 27th.

The Critical Infrastructure theme for November was "Water Resources"; and our guest speaker was Ms. Monty Elder from the Department of Environmental Quality.

Presentation Synopsis: 3.5 million people are served by public water supply systems in Oklahoma. Providing water, which supports the health of citizens and enables communities to provide fire protection, are critical functions of water treatment plants. Ms. Elder discussed the requirements for physical security at water treatment plants, along with the methods and processes for treatment of water, prior to delivery as a barrier to dispersal of agents.

Bio: Ms. Elder worked in the field of chemical safety, preparedness, planning and response for over 18 years. She is currently the Chair of the Oklahoma Hazardous Materials Emergency Response Commission, coordinating the efforts of state agencies, industry and first responders to plan for response to chemical incidents in Oklahoma. She directs the emergency planning, training and exercising for all 77 Local Emergency Planning Committees in Oklahoma. Ms. Elder is also the emergency response coordinator for the Oklahoma Department of Environmental Quality. In that position, she directs the Department’s response to chemical accidents which impact public health and the environment. Her experience includes development of training materials for first responders, review of site security at chemical facilities, management of toxic chemical information, development of policy for remediation of chemical spills and preparation of county chemical hazard analysis. Ms. Elder also has wide experience with public outreach and risk communication involving hazardous chemicals. She served from 2003 through 2006 as the DEQ media spokesperson. Ms. Elder kept Oklahoma citizens informed about the impacts of hazardous chemicals in the community. She developed the risk communication strategy for the Department. During her service to DEQ, she has facilitated hundreds of public meetings covering a broad range of controversial issues surrounding hazardous chemicals including Superfund site clean-ups and chemical facility permitting. She has authored several professional articles on the process of public involvement and risk communication.

October 7, 2009 IOMA Quarterly Conference Summary

October is National Cyber Security Awareness Month

Brian Tillett—Enterprise Security Strategy View 2010+: An overview of the Internet Security Threat Report and Symantec’s Global Footprint to develop an Information Centric and Risk Based Security Strategy.  Focus will be on where the worst case security threats exist and how to filter down to the right tools to address those areas.

Mr. Tillett, Symantec National Security Strategist, joined Symantec in early 2008 as a Public Sector Security SE Specialist.  Prior to Symantec, he was the Federal Systems Engineer for Vericept Corporatio; becoming well versed in the Data Loss Prevention product space.  He spent 5 years with SecureLogix Corporation, as a Systems Engineer and Federal Technical Director for their suite of voice security products.  Brian’s career began in the USAF, including assignment to the AF Pentagon Communications Agency, working for HQ USAF, Joint Chiefs of Staff, Ballistic Missile Defense Organization, and Office of Secretary of Defense; and continues to maintain a DoD Top Secret Clearance.

Kevin Turner—Security in a Virtualized World: Virtualization is taking the computer industry by storm (again).  What is it and what can it do for you?  If it was so great, why did it go out of style the first time?  What can it do TO you and your environment?  Learn the truths about virtualization, the virtual layer, and what it takes to secure your virtual environment.

Mr. Tuner is the Information Technology Manager for American Bank Systems, Inc., with primary duties related to managing the technology infrastructure.  He has been an infrastructure technology architect for the last six years, with fifteen years of industry experience.  His education background includes more than a dozen IT related certifications from Microsoft, Cisco, (ISC)2, ISACA, EC-Council, and CompTIA.  He is a member of the Information Systems Audit and Control Association, a board member of InfraGard Oklahoma Members Alliance, and President of the OKC chapter of the Information Systems Security Association.

Tim Elrod—Fuzzing FTW: In today's world security researchers use many tools to discover security vulnerabilities—everything from static analysis of disassembled code to Arbitrary Use cases that look for logic flaws.  One of the more popular ways to find security vulnerabilities is by the use of a fuzzer.  In this talk we will discuss what a fuzzer is and more importantly what a fuzzer is not.  How to employee fuzzers to find security vulnerabilities and what advances have been made in fuzzer technology.

Tim "ri0t" Elrod , Founder, Ri0tnet Security;  Mr. Elrod has been an Information security professional for over 7 years but his passion for information security began when he first attached a 300 baud modem to a Commodore 64 and began this wild ride.  He is the founder of Ri0tnet Security an independent research company that focuses on vulnerability discovery, penetration testing, and reverse engineering.  He is also a member of the Bastard Labs Vulnerability Research Team as well as the OKC2600 and a regular speaker at the DC405.  He has found and exploited vulnerabilities in most major network operating systems including AIX, HPUX, Tru64, Linux, and Microsoft Windows as well as many enterprise software packages.  Mr. Elrod is an open source advocate and a contributor to the Open Source Vulnerability Database and the Metasploit Exploitation Framework as well as many other open source projects.  He was co creator of the DISE port scanner, as well as many other open source hacking tools.

Sean Satterlee—WIFI Insecurities: "Open WiFi? Don't be THAT stupid.  The dangers of using open WiFi and threat mitigation in the event you can’t avoid it."

Sean (0hm) Satterlee, DC405, okc2600, Vegas 2.0… Mr. Satterlee is an Open Source Vulnerability Database (OSVDB) contributor, Founding Member of the developer group DC405 focusing on creating software and web applications, Producer of Security Binge, Organizer for EFF Summit @ DEFCON, Panelist/Instructor for ISSA-OKC, and Information Security Professional in the OKC area.

 Jayson E. Street—Stratagems of Social Engineering: Practicing the Art of Deception…

Mr. Street has created and conducted security awareness training for a major Internet bank and has created security policies and procedures currently used by several companies.  He has also created and taught a three day training course on Intrusion Detection Systems for an undisclosed government agency in Washington D.C. He has consulted with the FBI on attempted network breaches which resulted in the capture and successful prosecution of the criminals involved. In 2007 he consulted with the Secret Service on the WI-FI security posture at the White House.  He has also spoken at several colleges and organizations on a variety of Information Security subjects.  He has been interviewed by Forbes and Scientific American regarding research on the issue of cyber-warfare as it relates to China and their preparedness for an online war.  He was an expert witness in two cases involving the RIAA, the declaration was on Slashdot and other websites.  Mr. Street is on the SANS GIAC Advisory Board; a current member on the board of directors for the Oklahoma "InfraGard"; a member of the "OSVDB"; an officer for the Oklahoma City ISSA; a longtime member of the "SNOsoft" research team.  He has not only adapted to new and emerging technology, but has learned quickly to integrate security technologies into an existing infrastructure.

 Nathan Keltner—Review of a Data Breach—The Heartland Payment Systems Breach 10 Months Later: What we now know, and what we can learn to ensure security of high priority targets.  In this presentation, we will walk through the history of the breach, the arrests, the anatomy of the hack, and the defenses we should all have in place.

Mr. Keltner has more than five years of experience conducting vulnerability assessments, penetration tests, Web application assessments, IT audits, PCI readiness and remediation assessments, and exploit development on the Windows platform.  Leading engagements for Grant Thornton out of the Tulsa, OK office, his primary responsibilities relate to understanding risks associated with external and internal attackers.  He is familiar with various offensive and defensive strategies related to network security, and frequently speaks on such topics to local and international organizations. 

 Rick Dakin—Coalfire Systems, Inc.: A Review of the Common Compliance Strategies Related to Emerging Data Privacy Laws in the Critical Infrastructure Sectors

As President and Senior Security Strategist, Mr. Dakin provides strategic management IT security program guidance for Coalfire and its clients.  As Coalfire's Senior Security Strategist, he is actively involved in helping clients develop balanced approaches for effective IT governance and regulatory compliance programs.  Mr. Dakin's experience results from more than 25 years in senior management with leading IT firms.  Mr. Dakin combines an in-depth knowledge of IT controls with a comprehensive understanding of organizational needs and the rapidly emerging legislation affecting information technology.  He is recognized nationally as a leader in IT risk management and information security solutions for regulated market sectors. He presents regularly to regional and national audiences on IT security solutions meeting privacy and confidentiality requirements for legislation covering financial services, healthcare, government and public corporations.  Mr. Dakin currently serves as President of the FBI's InfraGard program, Denver chapter, and he is a member of a committee hosted by the U.S. Secret Service and organized by the Joint Council on Information Age Crime.  He is a graduate of the U.S. Military Academy at West Point, and he received an M.B.A from the University of Oklahoma.

September 2, 2009 IOMA Monthly Meeting Summary

Our Critical Infrastructure theme for September was the Postal and Shipping sector. our guest speakers for September were Mr. Paul Boyd and Mr. Charlie Thigpen, both of whom are Postal Inspectors. They represented the Postal and Shipping Critical Infrastructure sector, as they discussed topics related to mail fraud, business capabilities, white powder mailings and other important issues related to this sector. This was an excellent opportunity to hear first hand about what happens behind the scenes within the Postal Service.

August 5, 2009 IOMA Monthly Meeting Summary

Focus: Defense Industrial Base Sector

 Abstract:

Tinker AFB facilitates the defensive posture of the United States as the largest intermediate jet maintenance facility in the world and as host to the Oklahoma City Air Logistics Center (OC-ALC); the largest of three in use by the USAF today. Over 28 thousand active, retired, and civil service employees support the heavy maintenance functions of the B-1, B-52, KC-135, KC-10, E-3, and E-6 aircraft in a facility comprising 5020 acres, 732 buildings, and 15.5 million square feet of indoor and ramp space. This environment leverages shared location and defense missions to maximize resources and minimize costs while supporting the operational missions of the USAF, USN, and several DoD agencies. Further, Tinker AFB supports over 40 thousand retirees who rely upon its base services; including medical, commissary, and recreation.

 Discussion:

 Tinker AFB incorporates the missions and responsibilities of several organizations.

• 72^nd Air Base Wing

  • Host organization providing base operating support services

• 76^th Maintenance Wing

  • Aircraft maintenance, repair, and overhaul services

• 327^th Aircraft Sustainment Wing

  • Weapon Systems Life Cycle Management

• 448^th Supply Chain Management Wing

  • Plan procurements, contracts, transformation, and financing for materials, maintenance, and distribution at all three Air Logistics Centers

  • Manage foreign military sales (FMS) for friends and allies of the United States

• 552^nd Air Control Wing (Air Combat Command)

  • Global combat readiness and theater battle management under the direction of the Chairman, Joint Chiefs of Staff

  • Homeland defense operations; including counter-narcotics

• Strategic Communications Wing One, USN

  • Take Charge and Move Out (TACAMO)

  • Strategic Communications, Command & Control for National Command Authority

• 507^th Air Refueling Wing, Air Force Reserve Command

  • Daily worldwide air refueling support for U.S. and NATO forces

• 513^th Air Control Group, Air Force Reserve Command

  • Air Reserve Component of AWACS

• 3^rd Combat Communications Group, Air Combat Command, AKA “The Third Herd”

  • Deployable communications, computer systems, networks, navigation aids, and air traffic control services

• 38^th Engineering Installation Group, Air Force Material Command

  • Integrated command and control, and information systems to increase combat readiness

• 498^th Missile Sustainment Group (AFMC)

  • System Program Management for Long Range Cruise Missiles

• Defense Information Systems Agency (DISA) Oklahoma City

  • IT services for war fighters; including computer processing, system monitoring, communications, security, and software for 1.6 million users

• Defense Logistics Agency, Defense Distribution Center Oklahoma (DDOO)

  • 24 hour distribution support to OC-ALC and other Tinker-based organizations, DoD, and FMS

• Defense Reutilization and Marketing Service (DRMS)

  • Property disposal services; including inspection, receipt, surplus storage, scrap, reuse, transfer, and donation