Join Us



The (ISC)² Quantico Chapter always sends meeting reminders and notifications of interest to security professionals.

Name:
E-mail:

Special Events

(ISC)2 CyberSecureGov 2017, Washington, DC. Learn more.

Announcements

 Chapter Quantico         

Security Professionals,

$500 scholarship will awarded by the (ISC)2 Quantico Chapter.

$500 scholarship available if you live in the following counties, Quantico, Stafford, Woodbridge, Spotsylvania, King George, Dumfries, Caroline County, Prince William County, Fredericksburg, Manassas, or Manassas Park, VA.  Contact  This email address is being protected from spambots. You need JavaScript enabled to view it. with any questions!

More info.

Our speaker, Robert Sipes, will present "Discussion on Aligning RMF & FIAR Requirements"  September 20th, 2017.

Short Bio:

Mr. Sipes has over 30 years of experience in Cybersecurity, Intelligence Operations, technical education, and management.  Mr. Sipes has supported the Army CERT, DoD-CERT, DHS, and a host of other Federal organizations in various information security and risk management capacities. 
Mr. Sipes has been a stand-in instructor at Security University, invited as a Guest Lecturer at John Hopkins, as well as a former member of the Germanna Community College Adjunct Faculty teaching courses in the fields of Information Technology and Management. 
Mr. Sipes is a CISSP, CISA, PMP, and has recently obtained the C|CISO certification.  He is currently working as a Cybersecurity consultant supporting multiple customers in meeting regulatory and statutory security requirements with the Defense Finance and Accounting Services (DFAS) as his primary customer.

Abstract:

Systems that have to provide financial reporting face two competing priorities, obtaining an Authorization To Operate (ATO) under a Risk Management Framework (RMF), and meeting Audit Readiness  requirements currently assessed via the Federal Information System Control Audit Manual (FISCAM). Even though the standards and requirements may be very similar between RMF and FIAR,  a system may have an ATO yet fail a FISCAM review.   Short of duplicating the efforts for each control, one entity is working (slowly) at aligning the requirements of both for a unified approach.

Please join us as (ISC)2 Quantico Chapter hosts our Monthly meeting Sept 20th, at 6:00 pm.

 

 

In July, our speaker will be James Carnall. The topic is "There is no cloud it's just somebody else's computer"

Short Bio:

James Carnall brings a unique perspective on threat intelligence to LookingGlass due to his broad IT and information security knowledge, combined with a global perspective from working in the U.S., UK, and Australia. Since joining LookingGlass in 2005, he has focused on Brand Protection, Social Media Impersonation, Cyber Security Monitoring, Anti-Phishing, and Security Response services. James currently leads a team of more than 80 analysts based in LookingGlass’ 24x7 Cyber Security Center. James holds a Bachelor of Science in Information Security with a minor in Business Management from George Mason University.

Abstract:

James Carnall will discuss the need for threat intelligence programs to evolve to address the dynamic nature of threats and new cyber targets. In 2017, Information security and Physical security teams need to understand how convergence affects them in the time of growing third party risk and cloud providers. Your executives, vendors, customers and staff are all vulnerabilities and should be considered as part of an organizations threat intelligence program.

 

 

 

 

In June, our speaker was Amy Savino, who presented remotely. The topic was "The Missed Opportunity of Higher Education in CyberSecurity Workforce Development"

Short Bio:

Amy Savino has worked in the educational technology industry for close to 10 years.  Her current focus is building educational solutions at Cengage that help students get jobs in the cybersecurity, networking, and information technology space.  Cengage is a proud CompTIA partner and encourages student certification so they can continue to grow in their computing careers.  Amy earned her Leadership & Management Graduate Certificate from the University of Maryland University College (UMUC), and a Bachelor of Arts in English from Siena College in Loudonville, New York.

Abstract:

We are all keenly aware of the cybersecurity labor shortage. How are education programs addressing this with their students? This session will be two-fold; we will explore the disconnect between higher education and what federal employers need in this industry, and we will also examine what key institutions are excelling at when building their cyber programs. Our research findings show that teaching based on Bloom’s Taxonomy level learning is most effective; starting with foundational level learning using lab simulations and building upon that knowledge through live virtual machine labs. We will discuss how to leverage these findings into cultivating the optimal next generation of cybersecurity workforce talent.

 

 

 

 

Our Monthly meeting May 17th, at 6:00 pm. was canceled due to a scheduling conflict.

Our speaker, Robert Sipes, will reschedule and present "Discussion on Aligning RMF & FIAR Requirements" hopefully in September.

Short Bio:

Mr. Sipes has over 30 years of experience in Cybersecurity, Intelligence Operations, technical education, and management.  Mr. Sipes has supported the Army CERT, DoD-CERT, DHS, and a host of other Federal organizations in various information security and risk management capacities. 
Mr. Sipes has been a stand-in instructor at Security University, invited as a Guest Lecturer at John Hopkins, as well as a former member of the Germanna Community College Adjunct Faculty teaching courses in the fields of Information Technology and Management. 
Mr. Sipes is a CISSP, CISA, PMP, and has recently obtained the C|CISO certification.  He is currently working as a Cybersecurity consultant supporting multiple customers in meeting regulatory and statutory security requirements with the Defense Finance and Accounting Services (DFAS) as his primary customer.

Abstract:

Systems that have to provide financial reporting face two competing priorities, obtaining an Authorization To Operate (ATO) under a Risk Management Framework (RMF), and meeting Audit Readiness  requirements currently assessed via the Federal Information System Control Audit Manual (FISCAM). Even though the standards and requirements may be very similar between RMF and FIAR,  a system may have an ATO yet fail a FISCAM review.   Short of duplicating the efforts for each control, one entity is working (slowly) at aligning the requirements of both for a unified approach.

Please join us as (ISC)2 Quantico Chapter hosts our Monthly meeting May 17th, at 6:00 pm

 

 

 

In April, our speaker, Robert Wheeler, presented "Milestones A&B and the Role of the Information Assurance Architect"

Short Bio:

Rob Wheeler is an Information Assurance Architect and System Engineer with Alpha2 Inc. He is an experienced information assurance (IA) professional, having worked 20+ years within the Department of Defense (DoD) and Intelligence Community (IC) developing, implementing, and operating secure information system. Currently Mr. Wheeler supports the IC performing enterprise architecture and enterprise system engineering actives to ensure IA strategic objectives are addressed in major system acquisition (MSA) activities.

Mr. Wheeler is a certified Information System Security Professional (CISSP) and Information System Security Engineer (ISSEP) through the International Information Security Certification Consortium (ISC2) of which he is an active member.

Mr. Wheeler’s most recent accomplishment was conducting the first ever assessment and authorization of a space platform utilizing the Committee on National Security Systems (CNSS) Instruction No. 1253, “ Security Categorization and Control Selection for National Security Systems” and the NIST Special Publication 800-37 “ Guide for Applying the Risk Management Framework to Federal. Information Systems: A Security Life Cycle Approach”.

Other relevant accomplishments include a receiving letter of appreciation from Assistant Director of National Intelligence for Acquisition, Technology and Facilities, as well as the Director of an IC Agency for work on the Joint Intelligence Acquisition Board (JIAB). He also received a Meritorious Unit Commendation (MUC) for work performed in supporting special operations command and IC in the development and deployment of agency unique equipment to the warfighter.

Mr. Wheeler’s current personal goal is to educate the next generation of information assurance professional in the area of system security engineering. Mr. Wheeler can be contacted at This email address is being protected from spambots. You need JavaScript enabled to view it. .
 

Briefing Objectives:

For this lesson Mr. Wheeler discussed the role and responsibilities of an Information Security Architect during the pre-System acquisition phase of a Major System Acquisition (MSA). He stepped through the thought process and creation of security relevant documentation necessary for the satisfaction of Milestone A and B of the acquisition process. It was an informative briefing designed to make you aware of these activities and direct where to obtain additional knowledge if you need to support such activity in the future.

RobWheelerSlide002 

 

 

 March talk:

In March, the (ISC)2 Quantico Chapter hosted Jeff Mann to hear his perspective on DoD Level Security.

Jeff Man, presented "Does DoD Level Security Work in the Real World"

"Jeff is a respected Information Security expert, advisor, speaker, teacher, advocate, and curmudgeon. He has over 33 years of experience working in all aspects of computer, network, and information security, including risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. He has held security research, management and product development roles with NSA, the DoD and private-sector enterprises and was part of the first penetration testing "red team" at NSA. For the past twenty years, he has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation's best known companies."

Abstract for the talk:

"After spending nearly 13 years working for the Department of Defense, I ventured out into the private sector to consult and advice on matters of information security. On many occasions, after explaining some basic security concept to a customer and outlining what they need to do to be secure, I often heard the retort, “yeah, but we don’t need DoD level security.” Well, after twenty years in the private sector, and especially over the past 2-3 years with the proliferation of data breaches against major companies, I find myself wanting to reply, “yeah, you really DO need DoD level security!” What does this mean? Probably not what you are thinking. This talk will start with an overview of the foundational nature of data security, highlight the major tenets or goals of data security, discuss how and why so many companies so often fail at implementing the basics of data security, and explore some ways that a DoD-centric approach to data security might be implemented in the private sector. Brainstorming, discussion, dissension all welcome."