Friday, December 15, 2017

December 14th 2017 - Cleveland

Cleveland is an amazing City.  I love being in Cleveland.  And everyone in Cleveland knew approximately where Jack Nichelson, Director of IT Infrastructure & Engineering at Medical Mutual of Ohio, was speaking yesterday.  All you had to do was look for the huge "JACK" sign in Cleveland.   That would get you pretty close...



Jack didn't speak at the casino, but just down the street, at a top 10 nationwide steakhouse.  Yesterday's meeting of the Cybersecurity Leadership Forum was held at Red The Steakhouse on Prospect Ave in Downtown Cleveland:




Our user group not only has the best speakers, but we also meet at the very best venues.  We're very fortunate, and I'm grateful because we had a stellar event, and a great turnout, even while Cleveland was under a winter storm warning.  Here are some photos of the icy carnage I snapped just outside the restaurant:





Kinda nasty.  But cleveland is not unfamiliar with snow & ice, and we still had 20+ Cleveland-area security professionals venture out into the harsh weather to join us for the presentations.  Here is a group photo:



Jack Nichelson was our keynote speaker.  He is the Director of IT Infrastructure and Engineering at Medical Mutual of Ohio.  Visit Jack's bio page HERE

Jack delivered perhaps the very best presentations we've had to date. What a way to end the year.  The topic was "Creating a Results Oriented Culture".   It was an excellent delivery, lively, insightful, and humorous.   If you don't know Jack, he is a person you've got to meet.

Jack,  on behalf of the Cybersecurity Leadership Forum of Ohio, and everyone who participated in yesterday's discussion, I want to thank you for offering your time and talent.   We appreciate you sharing your unique perspective with our group, and hope you'll accept our invitation in the future to do it again.

Jack's Powerpoint Presentation is available for download HERE

Jack Nichelson, Director of IT Infrastructure & Engineering, Medical Mutual of Ohio

Here are some photos and a short video clip of Jack's presentation:






After Jack's keynote concluded, we had a round table group discussion lead by John Lindsly, IAM Practice Lead and industry thought leader at IC Synergy, a top nationwide consulting firm in the Identity and Access Management space, and One Identity's implementation partner of the year.  It was a true honor to have John Lindsly moderating our round-table.  The topic was "IT Service Management in the context of an IAM program". 

John's slides are available HERE

Here are some pics of John moderating the round-table discussion:






Also please remember to think of our sponsors, ICSynergy, and  One Identity, for all of your Identity & Access Management needs.  You may contact me if you'd like to schedule a consultation.

Thanks again to our speakers, attendees, and staff for making this another great meeting.

I believe we'll be in Detroit for our next meeting on January 18th.     More details to come.  Stay tuned.

I wish you all a great holiday season, a Merry Christmas, and Happy New Year!

Sincerely,

Gib Patt

Friday, November 10, 2017

November 9th 2017 - Dayton

The Cybersecurity User Group met in the great Gem City yesterday, Thursday 11/9, at Carvers Steaks & Chops The group continues to grow each month.  We had about 40 Dayton-area security professionals at the table...the exact capacity of the room. Is that good planning or a close call?   I have already received many email follow-ups and phone calls from our attendees expressing their gratitude for the speakers, and the educational content they delivered.  I too am very thankful to our speakers, but also to all of you who participated, and contributed to the discussion.  Security is a double edged sword... an immense problem and an immense benefit.  No one can do it alone.... it takes a team, it takes networking and knowledge sharing, and it takes a community with a culture of information security.... The Cybersecurity User Group is taking a lead in fostering this collaboration in Ohio and Michigan.

Carvers Steaks & Chops - Dayton Ohio

The CyberSecurity User Group Meeting:  Nov 9th, Dayton Ohio

The theme of the Nov 9th meeting was The NIST Cybersecurity Framework.



Our Keynote Speaker was Dr. Loren Wagner, DIA, CISSP Sr. Manager of Global Network Operations and Perimeter Security, at the Cooper Tire & Rubber Company, based in Findlay Ohio. Dr. Loren's doctoral thesis centered on the NIST CSF.   He delivered a presentation titled "NIST Cybersecurity Framework | Research & Experiential Observations".  

"Thank you" Dr. Loren, for a great presentation, and for sharing your research and knowledge with the group.  We are all very grateful for your contribution, and for your commitment to studying and improving security and business.  Your comment that "There is no security without business" is very true.  I suppose the converse statement that there is no business without security is also true, perhaps more true now than its ever been, especially for some verticals.

Dr. Loren's presentations slides can be downloaded HERE. 

Dr. Loren Wagner

Dr. Wagner - during his NIST CSF presentation - 11-9-2017


Short video Clip of Dr. Loren Presenting


As has become our custom, the keynote was followed by a group discussion moderated by another industry expert.  In this case our round table moderator was Stacey Blanchard, IAM Practice Lead and Security Solution Architect for One Identity LLC.  Stacey's round table topics also centered on the NIST Framework, and she lead an interactive discussion that mapped Identity & Access Management topics into the five core functions of the NIST CSF.

Thank you Stacey! It was an honor to have you lead what turned out to be a very interactive group discussion, and I hope you will speak for us again in the future.

Stacey's round table slides can be downloaded HERE.

Round Table Moderator:  Stacey Blanchard, IAM Practice Lead and Security Solution Architect

Stacey Blanchard Moderates Round Table at 11-9-2017 User Group

Short Video Clip - Stacey Blanchard - 11-9-2017


And last but not least, let's not forget our short IAM lesson.  Recall the "Four A's" of IAM:



Each one of the "A's" has its own complexity and challenges, but the great complexity of Enterprise IAM is due to the fact that these "A's" must be performed for each user repository across the enterprise.  In today's world, the number of user repositories can easily number in the hundreds, or thousands; this exponentiates the complexity of the IAM problem.   The situation is further exacerbated by the fact that most organizations are now running both on-prem and cloud based user repositories. 

So we have a complex problem to solve.  But don't try to design a complex solution.  Recall John Gall, and his law of System Design:

John Gall (September 18, 1925 - December 15, 2014)

Start with simple working systems, and build from there.  

Our next User Group meeting will be in Cleveland in December.  Final arrangements are not yet confirmed, but it looks like we're zeroing in on Thursday December 14th in the downtown.  I'll send a newsletter update with speaker information, topic abstracts, and registration form as soon as this is confirmed.

Gib Patt
Found & Coordinator
The Cybersecurity User Group
614 209 8516
gib.patt@oneidentity.com





Wednesday, October 18, 2017

The Ohio Digital Government Summit 2017 - Oct 17th & 18th


http://www.govtech.com/events/Ohio-Digital-Government-Summit.html


Today concluded the Ohio Digital Government Summit, which was held on The Ohio State University campus at The Ohio Union:



The highlight for me was the Tuesday afternoon Keynote, Morgan Wright, an internationally renowned Cyber-expert.  Morgan's talk was titled "Cyberstrike:  Warfare in the Fifth Domain" which is a dramatized report on the "black energy" cyber attack that crippled the Ukraine's power grid. This presentation was totally fascinating and kept you on the edge of your seat from start to finish.  You can read the abstract of his talk HERE.   Morgan discusses the historic cyber attack in this Fox News interview:



I got to meet Morgan personally, and chatted with him after his keynote.  It was an honor to meet you Morgan, thanks for your insights, and thanks for the selfie!



Another highlight of the summit was the content and interactions delivered by Brian Kelley, who is the former CIO for Portage County Ohio, and current CTO for the Ohio Turnpike and Infrastructure Commission.  Brian was very active during the summit.  He hosted several presentations and panels, and was active in the breakouts, including the OCITA group session.  Brian's morning presentation was titled "Cloud Chasing, a Sensible Approach", and then later he participated in a panel discussion with the theme "Navigating the Cyber Landscape in Your Own Organization".  Its great that we have people like Brian helping drive government IT & security here in Ohio.  Thank you Brian for your passion and for leveraging your skills to serve the people of Ohio.  I hope you will consider speaking for the Cybersecurity User Group in the near future.




Lots more to come.  Executive CISO Network breakfast meeting in the morning, The Michigan Digital Government Summit in Lansing next week, and then Security Summit Week in Cleveland is the week of Halloween.  For information about these security events and other events taking place across the region, check out our "Upcoming Meetings" area of this blog.

Take Care.

Gib

Friday, September 29, 2017

September 28th 2017 - Columbus Ohio

Thursday 9/28, The Cybersecurity User Group met at Smith & Wollensky in Easton.  We had one of our best meetings to date.  There were close to 40 security professionals in attendance, with interaction and discussion throughout.  I'm very thankful to everyone who helped make today's meeting a success, especially our speakers: Jerod Brennen (Keynote), Bill Evans (Sponsor), and Adrianne Ward (Roundtable Moderator), but also our attendees who contributed your time and ideas to the security discussions.

Smith & Wollensky's at Easton

Group Pictures:





Opening Welcome Statement, Gib Patt, Group Founder/Coordinator:




Keynote Speaker:  Jerod Brennen, Security Architect, GBQ Partners



  • Presentation Title:  "A Common Sense Approach to Information Security"
  • Topic Abstract and Speaker Bio:  HERE
  • Powerpoint Slides:  HERE
  • Full Audio of Jerod's Talk:  Coming Soon.
  • Pictures  and Short Video Clip of Jerod Presenting:







5-Minute Sponsor Segment: One Identity LLCBill Evans, Sr. Director, Marketing


  • Bill's Bio:  HERE
  • Presentation Title "Get IAM Right"
  • PowerPoint Slides:  HERE
  • Video of Bill's talk:  



Roundtable Group Discussion, Adrianne Ward, Director, Security Solution Architecture, Americas


Adrianne Ward moderated the roundtable group discussion
Despite having fractured her hand earlier this week, Adrianne still showed up to moderate our roundtable discussion with the group.  Lesson learned:  use care when removing large plates from deadlift machine at gym!

  • Roundtable Theme:  "A Selection of Current Statistics in IT Security"
  • Speaker Bio:  HERE
  • Powerpoint Slide:  HERE
  • Pictures Adrianne Moderating:





Next Cybersecurity User Group Meeting:  Dayton, November 9th.

Our next meeting will be in Dayton on Thursday November 9th.  I'll send a newsletter update with registration and details once the venue is confirmed.  Our speaker for the Dayton meetup is Dr. Loren Wagner, who's Ph.D. research and dissertation focuses on the NIST Cybersecurity Framework.  An abstract for Dr. Wagner's talk along with a short biography have been posted HERE.    The Cybersecurity User Group cannot express well enough how pleased we are that Dr. Wagner has agreed to speak for us, and to facilitate a discussion.  This will be a rare learning experience, so please block your calendars now if you are able to attend.

Our group is not meeting in October because there are just too many other security events happening across our region.  For a list of October events please see the previous blog post HERE.  Or you can just scroll down.

Thanks all.

Gib Patt
gib.patt@oneidentity.com
614 209 8516

Tuesday, September 19, 2017

Upcoming Security Events in September & October

<<NOTE>>  Details and REGISTRATION about the November 9th meeting of the Cybersecurity User Group are now posted HERE.

The following is a listing of all the security events in which we're participating through the end of October 2017.  We encourage your participation too, and hope to see you at one or more of these local security events:



Wednesday 9/20:  ISSA Central Ohio Chapter Meeting | 8am - Noon

  • Location: Expedient Upper Arlington,  5000 Arlington Centre Boulevard, Columbus, OH 43220 
  • Speaker:  TJ Adams, CISSP will be discussing about "Privileged Account Management" at 10am.
  • More Info and Registration HERE.

Thursday 9/20:  ISACA Detroit Chapter Meeting | 530 - 830
  • Location:  Michigan State University Management Education Center, 811 West Square Lake Road, Troy, Michigan 48098
  • Speaker:  Rob Clyde, Vice Chair ISACA International
  • More information HERE.
  • Registration

Wednesday 9/27  ISACA Northwest Ohio Chapter Meeting | 530 - 8

  • Location:  Buffalo Wild Wings;  1550 East Wooster Street;  Bowling Green, Ohio  43402
  • Speaker:  William McCreary, CIO at University of Toledo
  • Topic:   "Board of Directors Considerations for Technology and Cybersecurity"
  • Registration 

Thursday 9/28:  The Cybersecurity User Group Luncheon | 11am - 1pm
  • Speaker:  Jerod Brennen, Security Architect for GBQ Partners presents
  • Topic:  "A Common Sense Approach to Information Security". 
  • Round-table Moderator:  Adrianne Ward, Director Security Solution Architecture, One Identity LLC.
  • Smith & Wollensky, 4145 The Strand W, Columbus Ohio (Easton Town Center).
  • Registration

Thursday 10/12:  Central Ohio ISACA Chapter Meeting | 1130am - 1pm
  • Dan Vance, Clark Schaefer Consulting LLC
  • Topic:  "SOC and the Cybersecurity Threat"
  • Location:  Brio Tuscan Grille at Polaris Mall:  1500 Polaris Pkwy, Columbus, OH 43240
  • Abstract
  • Registration

Tuesday 10/17 and Wednesday 10/18:  The Ohio Digital Government Summit
  • Location:  The Ohio Union, 1739 North High St. Columbus OH 43210
  • Agenda and Registration HERE

Wednesday 10/18:  Central Ohio ISSA Chapter Meeting


  • Location:  Expedient/Tree of Life.
  • Address:  5000 Arlington Centre Boulevard, Columbus, OH 43220 
  • Speakers and Topics
    • Alan Swanke and Shixiong Shang,  "Multilevel Container Security Challenges"
    • Aaron Ansari, "Mid-Life InforSec Crisis"
    • Krisann Lucrezi, "The Value of Threat Intelligence"
  • Topic Abstracts and Registration:  HERE

Wednesday 10/18:  Northeast Ohio Information Security Forum Meeting
  • Wednesday October 18, 2017
  • 6:30 PM – 8:00 PM
  • Pizza and social start 6:00 PM
  • Location: OEC at 4205 Highlander Pkwy Richfield, OH 44286
  • Open to everyone and free as always
  • Agenda and Abstract:  HERE.


Thursday 10/19:  CISO Executive Network Breakfast Series

  •  Location:  Vorys Sater Seymour & Pease LLP offices - 52 E Gay Street Columbus, OH 43215
  • Agenda and Abstract:   HERE.
  • This is a members only event but if you're interested in coming please contact me at gib.patt@oneidentity.com and I can request to bring you as a guest.  You can also view membership criteria and register to become a member HERE

Tuesday 10/24 and Wednesday 10/25:  The Michigan Digital Government Summit

  • Location:  Lansing Center, 333 East Michigan Ave, Lansing MI 48933
  • Agenda and Registration HERE

Tuesday 10/24:  SecureWorld Cincinnati

  • Location:  Sharonville Convention Center, 11355 Chester Rd, Cincinnati, OH 45246
  • Agenda and Registration:  HERE.
  • Keynotes and Speakers:  HERE.

Monday 10/30 through Friday 11/3:  Cleveland Security Summit Week 2017

  • Location:  The International Exposition Center, One I-X Center Dr, Cleveland, OH 44135
  • We are sponsoring this event and have a discount code.  If you plan on attending, please contact gib.patt@oneidentity.com for a discount code for extra savings on the purchase of your pass.
  • Information about the summit and keynotes HERE.
  • Registration.



Wednesday, August 30, 2017

August 29th 2017 - Toledo Ohio

The Cybersecurity User Group met yesterday in Toledo Ohio at the historic Oliver House, which is now the home of the Maumee Bay Brewing Company.  This is probably the most unique venue we've used for our group meetings to date.  The atmosphere in that old building was so cool, and the staff was excellent.  As always, our speaker's powerpoints, pictures from the event, short videos, and a recap of the agenda are all posted below:




We had 26 local Cybersecurity professionals in attendance.  Here are some pics of our group enjoying the presentations, lunch, and this special venue:








Our keynote presenter was Matthew Haschak, a 17-year veteran at Bowling Green State University and current Director of Security and Infrastructure at BG.  It was a great privilege for our group to hear from Matt.  He has a strong reputation locally and abroad for his leadership and expertise in the area of Cybersecurity.  Matt delivered an incredibly insightful presentation titled "Implementing Two-Factor Authentication at Bowling Green State University" where he shared the challenges, successes, and lessons learned from that experience.  Thanks again Matt for your contribution to our group.

Matt's presentation can be viewed/downloaded HERE.

A couple keepsakes from Matt's presentation are posted below:





We wrapped up our meeting with a round-table discussion moderated by Jackson Shaw, who is Vice President Product Management at One Identity.  It was a real honor to have Jackson's participation at user group.  He has been a pioneer and thinker in the IAM space since before "IAM" was even part of our common lexicon.  Jackson's round-table discussion guided us through insightful concepts related to "Managing Identity & Security in an increasingly SaaS world", which was also the title of his round-table.   

Jackson's slides are available for download HERE.

Jackson has the most relaxing profile pic I've ever seen:


Here is a pic from yesterday of Jackson leading the Cybersecurity group round-table in the historic Oliver House in Toledo:



We are planning our next meeting in Columbus at the end of September.   Still working to confirm our speakers.  As soon as those details are confirmed I will make an announcement. 

If you haven't already done so, please don't forget to send your ISACA and (ISC)2 member IDs to either myself (gib.patt@oneidentity.com) or Cynthia Au (cynthia.au@oneidentity.com), and we will submit 2 CPEs toward your continuing education requirements for your certs.

Yours Truly,

Gib Patt
The Cybersecurity User Group
gib.patt@oneidentity.com






Wednesday, July 26, 2017

July 25th 2017 - Southfield Michigan

Yesterday we met at Southfield's Bacco Ristorante "the buzzy Italian eatery".   I think I can speak for the group and say it was not only "buzzy" in that dining hall, but also a great time learning and networking with some of the best people!  We had 30 Michiganders and Ohioans in attendance, with roles ranging from Executives and Vice Presidents, to IT Directors, Managers, and Security Practitioners. The participation from members and speakers alike was superb.

The keynote presentation was delivered by David Cutri, Executive Director and Chief Compliance Officer at University of Toledo.  Dave's presentation was titled Cybersecurity and Corporate Governance, and delved into the 5 guiding principles for the Board of Directors.  It was a totally unique learning experience and I hope Dave will speak for us again in the future.  We are sincerely grateful for Dave's contribution, and cannot thank him enough for sharing his time and experience with our group.

David's presentation is available for download HERE.

Now I'm no photographer, my iPhone doesn't take the best pics, and low lighting in that dining hall doesn't help, but nevertheless I have posted some keepsakes from David's presentation below:





Gib Patt (yours truly) spoke to the group for a few minutes about the top challenges we're seeing at One Identity in the area of Identity & Access Management.

My slides, and the agenda slides for the event, are available HERE.
Don't forget to study up on Gall's Law HERE :)

One of my colleagues captured a couple pics of me at the podium.  Someone said I look like a hacker...is that true?





Next on the agenda was our group's very first round table discussion.  It was a lively exchange moderated by Wayne Smiley, One Identity Solution Architect and CISSP.    Wayne did a great job guiding us through some examples of real life phishing attacks and spurring a related conversation with the group.  The round table will become a staple at our events going forward.

Wayne's Slides are available HERE.

Here are some pics and a video of Wayne moderating the group discussion:





One Identity's Regional Director, Eric Robinson, asked the group some probing questions and helped guide part of the group discussion.  It was great to have Eric's participation.  Here is a short clip of Eric questioning the group:



As a reminder, our group is a CPE submitter for both (ISC)2 and ISACA credential holders.   Anyone who attended should send your membership ID to Cynthia Au, cynthia.au@oneidentity.com .  Cynthia will make sure your account is incremented by 1.5 credits for your attendance.  If you hold credentials from an organization other than (ISC)2 or ISACA and you have a continuing education requirement, please let me know and we'll look into it...maybe we can get you credits too.

Our next group meeting is in Toledo on August 29th, please see below for details.   I'll be sending a formal invitation within the next couple weeks.

Toledo Ohio
  • Guest Speaker:  Matthew Haschak, Director of IT Security at Bowling Green University
  • Topic:  Multi Factor Authentication.   I've also asked Matt to talk about his approach to "adaptive security" and how it improves security, and user experience.
  • Date and Time:  August 29th 2017, 11am - 1pm
  • Location: Maumee Bay Brewing Co. (Inside the historical Oliver House)
  • Address:  27 Broadway Street, Toledo, OH
  • Landing Page and Registration HERE.
Thanks again to our speakers, and to all of our attendees.  It was another great meeting, and I hope to see you all again soon.

Sincerely,

Gib Patt
614 209 8516
gib.patt@oneidentity.com