The Charlotte ISSA chapter is committed to providing the Information Security professionals of Charlotte opportunities to grow both technically and professionally through training, meetings and summits.
The Charlotte ISSA Annual Summit is Coming!
We are excited to announce that the Charlotte ISSA Annual Summit is scheduled for May 19th 2016 at the Charlotte Convention Center. It is shaping up to be an incredible event with a variety of talks and educational presentations in addition to our stand out keynote speakers.
Director of Critical Infrastructure and Industrial Control Systems (ICS) - Cylance Inc.
Eric Cornelius is responsible for the thought leadership, architecture and consulting implementations for the Company. His leadership keeps organizations safe, secure and resilient against advanced attackers.
Previously, Eric served as the Deputy Director and Chief Technical Analyst for the Control Systems Security Program at the US Department of Homeland Security. Eric brings a wealth of ICS knowledge to the Cylance team. In addition to his years of technical leadership, Eric literally wrote the book on incident response in the ICS arena. Eric's extensive knowledge of critical infrastructure and those who attack it will be brought to bear at Cylance as he leads a team of experts in securing America's critical systems.
Eric is the co-author of “Recommended Practice: Creating Cyber Forensics Plans for Control Systems” as part of the DHS National Cyber Security Division, Control Systems Security Program, 2008.
He is also a frequent speaker and instructor at ICS events across the globe.
Cornelius earned a bachelor’s degree from the New Mexico Institute of Mining and Technology where he was the recipient of many scholarships and awards including the National Science Foundation’s Scholarship for Service.
Cornelius went on to work at the Army Research Laboratory’s Survivability/Lethality Analysis Directorate where he worked to secure field deployable combat technologies. It was at ARL that Cornelius became interested in non-traditional computing systems, an interest which ultimately led him to the Idaho National Laboratory.
While at INL, Cornelius participated in deep-dive vulnerability assessments of a wide range of ICS systems. After attacking these systems for several years, Cornelius began to develop methodologies for detecting attacks and performing incident response in the ICS environment.
Cornelius has continually improved these methodologies through extensive field testing and close partnership with asset owner/operators in nearly all sectors of critical infrastructure. Through this experience, Cornelius will help keep Cylance on the forefront of ICS security to better protect America’s critical assets.
Senior Security Consultant - TrustedSec
Ben Ten is a Senior Security Consultant with TrustedSec. He has over 14 years of experience doing Application & Web Development; Security Implementation, Consulting, & Training; Federal Regulation and Compliance oversight in relation to Information Technology (HIPAA, HITECH, PCI); and managing a team of developers and IT professionals. He is the creator of the PoshSec Framework and works with the PoshSec development team.
Software Security Architect
Bill Sempf is a software security architect. His breadth of experience includes business and technical analysis, software design, development, testing, server management and maintenance, and security. In his 20 years of professional experience he has participated in the creation of well over 200 applications for large and small companies, managed the software infrastructure of two Internet service providers, coded complex software happily in every environment imaginable, tested the security of all natures of applications and APs, and made mainframes talk to cell phones. He is the author of C# 5 All in One for Dummies and Windows 8 Programming with HTML5 For Dummies; a coauthor of Effective Visual Studio.NET and many other books, a frequent contributor to industry magazines; and has recently been an invited speaker for the ACM and IEEE, BlackHat, CodeMash, DerbyCon, BSides, DevEssentials, the International XML Web Services Expo and the Association of Information Technology Professionals. Bill also serves on the board of the Columbus branch of the Open Web Application Security Project, and is the Administrative Director of Locksport International.”
Chief Executive Officer - Secure Ideas
Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS Research and was an instructor and author for the SANS Institute.
Kevin has performed a large number of trainings, briefings and presentations for both public events and internal trainings. He is the author of three SANS classes: SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing and SEC571: Mobile Device Security. Kevin has also presented at a large number of conventions, meetings and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard and ISSA.
Kevin is also very involved in the open source community. He runs a number of open source projects. These include SamuraiWTF; a web pen-testing environment, Laudanum; a collection of injectable web payloads, Yokoso; an infrastructure fingerprinting project and a number of others. Kevin is also involved in MobiSec and SH5ARK. Kevin was the founder and lead of the BASE project for Snort before transitioning that to another developer.
We are excited to offer two courses this year from some great teachers. Both classes are being held May 17th and 18th and registration includes admission to the summit.
Networking for Pentesters
Rob Fuller (@mubix) will be teaching a class on the basics of networking. This is an introductory class into specific protocols and technologies that are used on corporate networks around the world focusing on the point of view of an attacker. Things like how DNS, HTTP, SMTP and other basics of networking, then moving on to “Layer 7″ with IIS/Sharepoint, VPNs, Windows Active Directory, and Unix services.
Python for Pentesters
Jason Gillam (@jgillam) will be teaching "Python for Pentesters". Python is a versatile, cross-platform, well documented language with an enormous amount of support through pre-existing libraries. This makes it very useful for a variety of penetration testing tasks as well as everyday system administration. This course introduces intermediate Python concepts and libraries to the novice Python scripter in a series of practical lab exercises.
RegisteR for the summit
Charlotte Convention Center
501 S College St, Charlotte, NC 28202