ColaSec

Columbia's Information Security Group

A free and informal gathering of information security professionals and enthusiasts in Columbia, South Carolina at the Richland County Public Library on the 3rd Tuesday of every month at 6:00 PM (click on the YouTube bubble).

Founded 2014 (COVID can’t stop us)

Image credit: Zach Pippin
zachpippin.com

April 2024 Presentation Announcement: “Who's Security Meme is it Anyway?”

Join us on April 16 @ 6 PM for Who's Security Meme is it Anyway?

Presented by Tim De Block

In the evolving landscape of cybersecurity, the power of humor has emerged as an unexpected tool in spreading awareness and fostering community engagement. The upcoming ColaSec meetup takes an innovative twist on traditional security discussions by spotlighting security-related memes.

This session, titled "Who's Meme is it Anyway?" aims to explore the complex world of cybersecurity through the lens of humor and creativity. Join us for an evening where we dissect the impact of memes in communicating critical security concepts, the balance between humor and information, and how these seemingly trivial pieces of internet culture can enhance our understanding of security threats, practices, and culture.

The meetup will feature a curated collection of popular security memes, followed by discussions on their underlying messages, effectiveness in awareness, and their role in the cybersecurity community.
Highlights of the Meetup:

  • Meme Showcase: A presentation of selected security-related memes, ranging from the hilariously accurate to the thought-provokingly absurd.

  • Discussion Panels: Engage with cybersecurity experts and meme creators in lively panels discussing the interplay between humor and security, meme-making as a form of cybersecurity education, and the potential of memes in shaping public perception of security threats.

Whether you're a seasoned security expert, a meme enthusiast, or simply curious about the intersection of cybersecurity and popular culture, this meetup offers a unique platform to explore the serious world of security in a light-hearted manner. Join us at the ColaSec meetup to delve into the amusing yet insightful world of security-related memes, and discover how humor can be a powerful ally in the ongoing battle for cybersecurity.

Attending In Person

We are posting all meetups to Meetup.com now so click the link below to let us know you’re coming!
https://www.meetup.com/colasec/events/298525190

Attending Virtually

Our meetups are hosted virtually on Google Meet. The invite for the Google Meet will be sent via email to members of our email list and Slack channel just before the meetup starts. Click HERE to join the email list or HERE to join Slack.

March 2024 Presentation Announcement: “Narrative Defense: User Stories in InfoSec”

Join us on March 19, 2024 @ 6 PM for Narrative Defense: User Stories in InfoSec

Presented by David Burkett

One of the most significant challenges in cybersecurity today is its approach to problem-solving. Technical forums, such as various subreddits, Slack channels, and other social media platforms, are awash with queries like "Which should I choose, CrowdStrike or S1?", "Do I need a SIEM, an XDR provider, or both?", and "What's better, Splunk or LogRhythm?".

This method of seeking solutions is fundamentally flawed for identifying the best fit for an organization, as it overlooks the unique needs of each entity. It often results in allowing sales pitches to guide decisions, leading to the acquisition of the latest flashy tool rather than a solution that genuinely addresses the problem at hand.

In this presentation, we'll explore:

1. Problem Identification: Unpacking the real issue at hand, which is often not as straightforward or quantifiable as it might seem.

2. Crafting User Stories: A guide to developing user stories that capture the essence of the challenges faced.

3. Translating User Stories into Solutions: How to turn these narratives into actionable cybersecurity strategies.

4. Case Studies on Common Pitfalls: Real-world examples demonstrating why a comparative approach to selecting EDR vendors falls short and how it can lead to costly errors.

By the conclusion of this presentation, participants will be armed with a strategy that emphasizes the importance of understanding and tackling specific security challenges over succumbing to the latest trends. This approach not only fosters more effective cybersecurity tactics but also ensures that investments in security technology are both prudent and closely aligned with the organization's objectives.

Attending In Person

We are posting all meetups to Meetup.com now so click the link below to let us know you’re coming!
https://www.meetup.com/colasec/events/298525190

Attending Virtually

Our meetups are hosted virtually on Google Meet. The invite for the Google Meet will be sent via email to members of our email list and Slack channel just before the meetup starts. Click HERE to join the email list or HERE to join Slack.

February 2024 Presentation Announcement: The Security Hitchhiker’s Guide to Threat Modeling

Join us on February 20th @ 6 PM for The Security Hitchhiker’s Guide to Threat Modeling

Presentation Synopsis

Threat modeling is a critical process that helps organizations identify and mitigate potential security threats in the early stages of projects or when a legacy application is discovered with little to no documentation. This presentation aims to serve as a comprehensive introduction to the wonderful galaxy of Threat Modeling. We will explore the fundamental questions: What is threat modeling? Why is it crucial for cybersecurity? How can it be integrated into your development and IT processes effectively? Why do I feel like I'm in preschool again? This presentation will provide you with a structured approach to threat modeling, demystifying the process and breaking it down into manageable steps. We will discuss various methodologies and tools available for threat modeling. Grab your towel and join us for "The Security Hitchhiker's Guide to Threat Modeling." Leave with a clear understanding of how to embark on your threat modeling journey.

About Timothy De Block

Timothy De Block is a seasoned cybersecurity expert with over 15 years of experience in the field. His passion for technology and security led him to a successful career dedicated to safeguarding digital assets and promoting best practices in cybersecurity. His dedication to continuous learning and staying at the forefront of emerging threats has allowed him to become a trusted authority in the industry. Throughout his career, Timothy has held key roles in both public and private sectors, working with leading organizations to strengthen their security posture. He has been instrumental in developing and implementing robust security strategies, threat mitigation plans, and incident response protocols for a diverse range of clients. As a thought leader in the cybersecurity community, Timothy is a sought-after speaker at conferences and seminars, where he shares his insights and practical knowledge on topics such as threat modeling, application security, and other blue team based topics. He is also a published author, contributing articles and research papers to industry publications. Timothy De Block's expertise, dedication, and contributions to the cybersecurity field continue to make a significant impact, ensuring a safer digital environment for all. Whether in boardrooms, classrooms, or the global cybersecurity community, his influence is felt, and his commitment to cybersecurity excellence is unwavering.

How To Join The Meetup

Attending In Person

We are posting all meetups to Meetup.com now so click the link below to see the upcoming events details and information on how to RSVP. Information on where the meetup will be can be found on the Meetup.com event site.

Meetup.com Event Link: https://www.meetup.com/colasec/events/298483882/

Joining Virtually

Our meetups are hosted virtually on Google Meet. The invite for the Google Meet will be sent via email to members of our email list and Slack channel just before the meetup starts. Click HERE to join the email list or HERE to join Slack.

Upcoming Presentation: Executive Order 14028, SSDF, SBOMs, Oh My! The security road to the mythical Emerald City

When: Tuesday, November 21st at 6:30pm

Where: USC Technology Incubator and streaming online

Who: Dr. Jessica Butel

Synopsis: In May 2021, the United States government issued Executive Order (EO) 14028 for “Improving the Nation's Cybersecurity.” Several of the included initiatives are progressing but still face significant challenges that must be addressed prior to being mandated. On November 16, 2023, CISA released an updated draft Secure Software Development Attestation Common Form and opened the 30-day request for comment period. This attestation has grown from EO 14028 and lists the requirement for software producers to maintain Software Bills of Materials (SBOMs) for their code. Will this approach and these required artifacts really help to improve the nation’s cybersecurity? Or will meaningful improvements fall by the wayside as organizations settle for checking the cybersecurity boxes in their rush to meet fast approaching deadlines? Time may be the only way to tell as we work to navigate the “security road” towards “Emerald City” side-stepping attestation forms, SBOM formats, and federal guidance trying to get to a better security landscape for all. Let’s break down these components, see how these pieces fit together and make predictions for the future.

Spooktacular October Meetup Alert: Unmask Your Cyber Frights!

When: Tuesday, October 17th at 6:30pm

Where: USC Technology Incubator and streaming online

Who: spooky members!

What: Sharing Scary Information Security Stories

About: Ever had a near miss with a cybersecurity incident that sent shivers down your spine? Or perhaps a project that just won't end, haunting your workdays? How about dealing with end-of-life software that refuses to rest in peace? We've all been there!This month, we're turning off the recording lights to create a safe space for you to share your scariest Information Security stories. Join us in person for an evening of spine-tingling tales, lessons learned, and maybe a few laughs.

No Recordings: To encourage open and candid sharing, we won't be recording this meetup. So, feel free to unmask your most terrifying experiences without fear of haunting the internet forever.This is your chance to connect with fellow InfoSec enthusiasts, share your hair-raising encounters, and maybe even pick up a few tricks to ward off future cyber ghouls. RSVP now and dare to share your scariest stories!

Upcoming Presentation: Breathing New Life into the Cybersecurity Kill Chain: Transforming Theory into Action

When: Tuesday, September 19th at 6:30pm

Where: USC Technology Incubator and streaming online

Who: David Burkett

About: Signalblur CTI, an esteemed consulting firm founded by the visionary David Burkett, collaboratively supports organizations in enhancing their security operations practices. Their tailored services range from cultivating robust threat hunting programs, honing detection engineering capabilities, to streamlining security through automation.

Synopsis: The Cyber Kill Chain, a critical framework in the realm of cyber threat intelligence, is often perceived as an academic concept rather than a practical tool. In this engaging presentation, we will dismantle this misconception by revealing the true potential of the Kill Chain and demonstrating how it can be effectively employed by SOC Managers, Detection Engineers, and Security Analysts alike.

We will begin by exploring the foundational aspects of the Cyber Kill Chain, addressing its inherent weaknesses, such as the naming of its phases. We will then debunk the myth that the Kill Chain is a linear sequence of seven phases, emphasizing its tactical circular nature. As we delve into each phase, we will outline how defenders can adopt a proactive mindset to overcome common misconceptions.

Following this, we will showcase the versatility of the Kill Chain by illustrating its applications across various security roles, drawing on firsthand experiences. We will first demonstrate how Security Analysts can utilize the Kill Chain to streamline their investigations and optimize their decision-making. Next, we will explore the benefits of incorporating the Kill Chain into the workflow of Detection Engineers, highlighting its practical advantages.

Finally, we will discuss the strategic value of the Cyber Kill Chain for SOC Managers, emphasizing its capacity to generate data-driven metrics that can bolster budget requests and facilitate informed decision-making. By the end of this dynamic presentation, attendees will be equipped with the knowledge and tools to transform the Cyber Kill Chain from an abstract concept into an actionable, invaluable resource.

Upcoming Presentation: Super Containers: Unikernels in LightVMs

Who: Ben Francis, President of the Columbia Linux Users Group

What: Super Containers: Unikernels in LightVMs

When: Tuesday, August 15th at 6:30pm

Where: USC Technology Incubator and streaming on YouTube

Synopsis: Containerized workloads have made application deployment so much easier, but what if I could show you a technology that:

  • Is 1400 times more secure than a well-configured Docker container

  • Boots 37 times faster than that Docker container

  • Can run 10 times more microservices on the same physical hardware

  • Can be managed by Kubernetes

Upcoming Presentation: ColaSec Jeopardy

Who: Tim De Block

What: ColaSec Jeopardy

When: Tuesday, July 18th at 6:30pm

Where: USC Technology Incubator and streaming on YouTube

Synopsis: Welcome to the thrilling world of InfoSec Jeopardy! Join us for an interactive and educational session designed to challenge your security knowledge and engage in a friendly competition.

The InfoSec Jeopardy session is a unique twist on traditional presentations, combining learning with an exciting game format. Participants will form teams and compete against each other by answering questions across different categories, such as Security Operations, Security Engineering, Governance Risk and Compliance, Security Best Practices, and Current Threats. The game's objective is to promote knowledge sharing, foster collaboration, and strengthen the overall security awareness of the participants.

Join us in person or heckle our teams online.

Game Structure:

Teams: Participants will be divided into teams to encouraging camaraderie and teamwork throughout the session.

Categories and Questions: The Jeopardy board will consist of various categories, each containing questions of different difficulty levels. The questions will cover a broad range of information security topics, catering to participants with varying levels of expertise.

Point System: Points will be awarded based on the difficulty level of the chosen question. The team that buzzes in first and provides the correct answer will earn the corresponding points.

Benefits:

Enhanced Learning: InfoSec Jeopardy provides an enjoyable and effective learning environment, allowing participants to expand their knowledge on crucial security concepts, technologies, and best practices.

Team Building: By forming teams, participants will collaborate, communicate, and pool their collective knowledge, fostering a sense of unity and teamwork among attendees.

Networking Opportunities: The game breaks the ice, encouraging participants to interact and connect with fellow security enthusiasts, fostering valuable professional relationships within the local security community.

Conclusion:
InfoSec Jeopardy offers an engaging and informative experience that goes beyond traditional presentations. By participating in this game, you will sharpen your security skills, expand your knowledge, and connect with like-minded professionals. Join us for an exhilarating session that combines education, fun, and friendly competition. Are you ready to put your InfoSec expertise to the test?

June 2023 Meetup Announcement!

Hey ColaSec members! Join us for a fun social gathering on the 20th at Craft & Draft in Irmo starting around 6 PM. This time, we'll skip the usual presentation and focus on networking and socializing. Don't miss out on this opportunity to meet fellow cybersecurity professionals in a relaxed setting. We can't wait to see you there!

Upcoming Presentation: Start Threat Modeling II: 28 Weeks Later

When: Tuesday, April 18th at 6:30pm

Where: USC Technology Incubator and live stream on Google Meet

Who: Adam Twitty
Senior Application Security Engineer – Premise Health
Dada, Runner???, Sick on Lug Nut Day at Tire College
Amateur sawdust maker, Tabletop games, Stellaris, Factorio
15 years working in and around IT & Security

What: I gave a presentation on Threat Modeling last year which included some bad advice, clunky tools, and general uncertainty amplified by impostor syndrome. In the time it takes for a fast zombie outbreak to boil into a global apocalypse, I've found new tools and refined my process to turn crayon scribble into value for your App Sec program.
Strap into a clipshow device and get ready for recycled memes, thrilling data flow diagrams, and instructions on how you too can make spreadsheets at home!

Upcoming Presentation: The Security Hitchhiker's Guide to API Security

Date: Tuesday, March 21st at 6:30pm at USC Technology Incubator

Presenter Name(s): Timothy De Block

Tell us about you or your group.: Timothy De Block is an Application Security Practice Lead for GuidePoint Security. He cut his teeth in IT as an Electronic Technician for the United States Navy and the State of South Carolina. He jumped to security in 2012 and has done a little of everything with a heavy lean towards application security. He reads because he has a strong passion to learn. One of his most recent reads was a Douglas Adams series that included The Hitchhiker’s Guide to the Galaxy (hence the title). He also enjoys Overwatch and forcing his kids on a 13 mile backpacking camping trip. Fin.

Presentation Synopsis: API security is so hot right now! Organizations don’t fully understand APIs, how to find them, and secure them. This can feel scary. Don’t Panic. Grab your towel and join me on a meme adventure to explore the API galaxy. We’ll cover the history of APIs. Why people now suddenly care about them and why they’re such a hot topic. We’ll go over some ways to identify APIs within an environment. We’ll cover how API security is different and how to start securing them. We’ll review the API security tooling landscape. Finally, we’ll review resources to get your towel wrapped around API security and answer the ultimate API questions.

Social Media Links: @TimothyDeBlock

Upcoming Presentation: Stopping the Bleeding: 10 Steps to turn your SOC Around

Where: USC/Columbia Technology Incubator and streaming on YouTube

When: Tuesday, February 21st, 2023 at 6:30pm

Title: Stopping the Bleeding: 10 Steps to turn your SOC Around

Who: David Burkett
Lotus Notes administrator for a Fortune 50 organization

Synopsis: David has built multiple Security Operations Centers and has consulted for multiple large organization's on building out SOC processes and capabilities. This talk is designed for those that either may be currently in the process of building a SOC out or for someone that may have taken over a SOC recently and found that everything is on fire.

Upcoming Presentation: Mobile Forensic Analysis: Manual vs Automated

Where: USC/Columbia Technology Incubator and streaming on YouTube

When: January 17th, 2023 at 6:30pm

Title: Mobile Forensic Analysis: Manual vs Automated

Who: Sahil Dudani, PhD student, Virginia Tech

Synopsis: This presentation examines the effectiveness of automated techniques over manual forensic techniques to analyze data extracted from a mobile device. The paper begins by explaining the fundamentals of digital and mobile device forensics followed by outlining major challenges in the field and explaining the use of machine learning/data analytics algorithms in analyzing forensic extractions. With that understanding, the paper compares the precision of decision tree analysis with manual forensic analysis using self-created sample data. The analysis leads us to believe that automated analysis can solve various challenges faced by the mobile forensics industry with inputs from experienced examiners.

Upcoming Presentation: Anatomy of a World Class SOC

Presenter: David Burkett

Date: November 15th, 2022 at 6:30pm

About: David has been a stellar ColaSEC member and presenter, leveling up a broad range of experience in a short time. Activities include: consulting for fortune 100 organizations and large federal agencies on building out their SOAR Playbooks and Automations, managing a Cogswell Award-winning SOC, and has currently working as a Cloud Detection Engineer for a Fortune 50 Company.

Synopsis: This presentation is to show that People and Processes, not Technology are what make a great SOC. Through this, we’ll go over example processes using entirely Open Source tools that will give you a better Security Monitoring program than everyone else!

Social Media: https://signalblur.io || https://infosec.exchange/@signalblur

Upcoming Presentation: Start Threat Modeling

Presenter: Adam Twitty

Date: September 20th, 2022 at 6pm at the USC Technology Incubator

Presentation Synopsis: This presentation is the result of the last year of trial, error, and refinement in my ongoing Threat Modeling journey. I'll cover fundamental concepts, tools, useful techniques and perform a real time demo of a threat model on a fictional application that we'll design and dissect in real time. Through the simple power of asking questions and writing shit down, you too can build threat models for any system in your organization, and systemically analyze threats & mitigations.

About Adam: Though I'm currently employed by Premise Health, I've been a security nerd for over a decade now, and been moonlighting as a ColaSec organizer for most of that time. I am an eternal student of the Power Shell, wielder of the compliance spreadsheet, practitioner of the stupid question, and a mindless consumer of tacos.

Email: adam@colasec.org

Upcoming Presentation: Kaseya Ransomware Reaction: Lessons Learned

Presenter: Jeff Lang

Date: August 16th, 2022 at 6pm at the USC Technology Incubator

Presentation Synopsis:: On July 2, 2021, Virginia Tech experienced a Ransomware incident that involved a Kesaya VSA systems management server used by departments on Campus. This presentation will discuss the methods used by the attackers, Virginia Tech's response, and lessons learned from the incident.