ColaSec

Columbia's Information Security Group

A free and informal gathering of information security professionals and enthusiasts in Columbia, South Carolina at the Richland County Public Library on the 3rd Tuesday of every month at 6:00 PM (click on the YouTube bubble).

Founded 2014 (COVID can’t stop us)

Image credit: Zach Pippin
zachpippin.com

Upcoming Presentation: Building Threat Profiles for your Organization

Date: Tuesday, February 15th at 6:30pm

Presenter: Mackenize Morris

About: Mackenize Morris is a Senior Industrial Consultant at the industrial cybersecurity company Dragos, Inc. where he assists the professional services teams in conducting network and vulnerability assessments.

Prior to joining Dragos, Mackenize worked as a process controls engineer and system architect for a DOE contractor. In addition to his responsibilities he became the system administrator of the DCS system until fully switching over to an ICS cybersecurity position within the DOE complex.

Mackenize received his B.S. in Chemical Engineering and MBA from the University of South Carolina and is currently working on a Masters in Information Security Engineering from the SANS Technology Institute. He currently holds the following certifications: GCPM, GCIP, GSEC, GDSA, GREM, GCCC, GRID, GCIA, GISCP, GPEN, GMON, GCIH, and CISSP.

Mackenize lives in Aiken, South Carolina down the street from his brother’s horse farm where he keeps his horse, Riley. Besides riding horses, Mackenize fences as part of the Augusta Fencers Club and coaches the University of South Carolina Aiken’s League of Legends and Overwatch teams. Mackenize’s name is pronounced like Mackenzie; the IZE spelling was a result of a spelling error on his birth certificate.

Presentation Synopsis: Risk Management is one of the most difficult aspects of industrial cyber security. The variables that contribute to calculating risk can be hard to quantify and fully understand. The Crown Jewel Analysis (CJA) is a tool for key stakeholders to assess their organization’s environment from an interdependency and impact perspective; however, it can be extended to include threat mapping in order to build a threat profile for the organization. Following the CJA and understanding each tranche and associated attributes from an adversary point of view is necessary for prioritizing and aligning required resources to prevent and mitigate potential attacks. To enable critical infrastructure defenders, there must be a framework in place for the ingestion of threat intelligence and corresponding critical functions/components of the organization. This mapping enables organizations to improve their security programs.

Social Media Links: https://www.linkedin.com/in/mackenizemorris/
https://twitter.com/zeroaltruism