Join Us



The (ISC)² Quantico Chapter always sends meeting reminders and notifications of interest to security professionals.

Name:
E-mail:

Special Events

(ISC)2 CyberSecureGov 2017, Washington, DC. Learn more.

Announcements

 Chapter Quantico         

Security Professionals,

$500 scholarship will awarded by the (ISC)2 Quantico Chapter.

$500 scholarship available if you live in the following counties, Quantico, Stafford, Woodbridge, Spotsylvania, King George, Dumfries, Caroline County, Prince William County, Fredericksburg, Manassas, or Manassas Park, VA.  Contact  This email address is being protected from spambots. You need JavaScript enabled to view it. with any questions!

More info.

In July, our speaker will be Terry Gudaitis, PhD
Owner/Principal of Mindstar Security & Profiling, LLC

The topic will be: "The Intersection of Cyber Security and Physical Security"

Short Bio:

Terry Gudaitis is the Owner/Principal of Mindstar Security & Profiling, LLC which specializes in custom cyber security, physical security, and risk management solutions for Family Offices, high net worth persons, and their families.  Terry started her career as a CIA operations officer and behavioral profiler at the Counterterrorism Center.  She left government service to pursue the expansion of profiling techniques as they applied to hackers, online posters, and social media users for the commercial sector. Prior to forming her own firm, Terry was the Vice President and Cyber Intelligence Director at Cyveillance, held senior positions at SAIC, Psynapse Technologies LLC and Global Integrity Corporation. 
 
In addition to her corporate related work, Terry is on the Advisory Board of Mi3 Security, SocialTrendly, and TechnoSecurity; has served on the United States Secret Service Advisory Board for Insider Threat; trained investigators at the National Center for Missing and Exploited Children; and, regularly presents at national and international conferences. Terry is also a featured speaker at the International Spy Museum in Washington, DC. Her latest book, Deception in the Digital Age, will be released in August 2017.

Abstract:

In today's world IT security, cyber security (e.g., social media, apps) and physical security are tightly related and in some cases inseparable.  Security must be highly integrated as people interchangeably use computers, smartphones, tablets, and other devices at home, on travel, and at work.  The landscape becomes further complicated by the proliferation of social media, apps, and “the cloud.”  Risk management and mitigation must take into account the changing technical environment.  Many organizations and people falsely believe that they are safe because they: 1) personally do not use social media; 2) work in secure locations which do not permit wifi, devices, or Internet; or 3) have “best practices” security policies in place.  Some of the contemporary solutions (e.g., 2 factor authentication, fingerprint verification) are not impervious to hackers and adversaries.

This presentation will focus on some of the key aspects of technical and device security on physical security.  Several case studies will be provided which outline the very contemporary impacts, results, and consequences of incidents.  Recommendations will be provided on how to better secure yourself at home and at work. 

 

 

 

In June, our speaker was Amy Savino, who presented remotely. The topic was "The Missed Opportunity of Higher Education in CyberSecurity Workforce Development"

Short Bio:

Amy Savino has worked in the educational technology industry for close to 10 years.  Her current focus is building educational solutions at Cengage that help students get jobs in the cybersecurity, networking, and information technology space.  Cengage is a proud CompTIA partner and encourages student certification so they can continue to grow in their computing careers.  Amy earned her Leadership & Management Graduate Certificate from the University of Maryland University College (UMUC), and a Bachelor of Arts in English from Siena College in Loudonville, New York.

Abstract:

We are all keenly aware of the cybersecurity labor shortage. How are education programs addressing this with their students? This session will be two-fold; we will explore the disconnect between higher education and what federal employers need in this industry, and we will also examine what key institutions are excelling at when building their cyber programs. Our research findings show that teaching based on Bloom’s Taxonomy level learning is most effective; starting with foundational level learning using lab simulations and building upon that knowledge through live virtual machine labs. We will discuss how to leverage these findings into cultivating the optimal next generation of cybersecurity workforce talent.

 

 

 

 

Our Monthly meeting May 17th, at 6:00 pm. was canceled due to a scheduling conflict.

Our speaker, Robert Sipes, will reschedule and present "Discussion on Aligning RMF & FIAR Requirements" hopefully in September.

Short Bio:

Mr. Sipes has over 30 years of experience in Cybersecurity, Intelligence Operations, technical education, and management.  Mr. Sipes has supported the Army CERT, DoD-CERT, DHS, and a host of other Federal organizations in various information security and risk management capacities. 
Mr. Sipes has been a stand-in instructor at Security University, invited as a Guest Lecturer at John Hopkins, as well as a former member of the Germanna Community College Adjunct Faculty teaching courses in the fields of Information Technology and Management. 
Mr. Sipes is a CISSP, CISA, PMP, and has recently obtained the C|CISO certification.  He is currently working as a Cybersecurity consultant supporting multiple customers in meeting regulatory and statutory security requirements with the Defense Finance and Accounting Services (DFAS) as his primary customer.

Abstract:

Systems that have to provide financial reporting face two competing priorities, obtaining an Authorization To Operate (ATO) under a Risk Management Framework (RMF), and meeting Audit Readiness  requirements currently assessed via the Federal Information System Control Audit Manual (FISCAM). Even though the standards and requirements may be very similar between RMF and FIAR,  a system may have an ATO yet fail a FISCAM review.   Short of duplicating the efforts for each control, one entity is working (slowly) at aligning the requirements of both for a unified approach.

Please join us as (ISC)2 Quantico Chapter hosts our Monthly meeting May 17th, at 6:00 pm

 

 

 

In April, our speaker, Robert Wheeler, presented "Milestones A&B and the Role of the Information Assurance Architect"

Short Bio:

Rob Wheeler is an Information Assurance Architect and System Engineer with Alpha2 Inc. He is an experienced information assurance (IA) professional, having worked 20+ years within the Department of Defense (DoD) and Intelligence Community (IC) developing, implementing, and operating secure information system. Currently Mr. Wheeler supports the IC performing enterprise architecture and enterprise system engineering actives to ensure IA strategic objectives are addressed in major system acquisition (MSA) activities.

Mr. Wheeler is a certified Information System Security Professional (CISSP) and Information System Security Engineer (ISSEP) through the International Information Security Certification Consortium (ISC2) of which he is an active member.

Mr. Wheeler’s most recent accomplishment was conducting the first ever assessment and authorization of a space platform utilizing the Committee on National Security Systems (CNSS) Instruction No. 1253, “ Security Categorization and Control Selection for National Security Systems” and the NIST Special Publication 800-37 “Guide for Applying the Risk Management Framework to Federal. Information Systems: A Security Life Cycle Approach”.

Other relevant accomplishments include a receiving letter of appreciation from Assistant Director of National Intelligence for Acquisition, Technology and Facilities, as well as the Director of an IC Agency for work on the Joint Intelligence Acquisition Board (JIAB). He also received a Meritorious Unit Commendation (MUC) for work performed in supporting special operations command and IC in the development and deployment of agency unique equipment to the warfighter.

Mr. Wheeler’s current personal goal is to educate the next generation of information assurance professional in the area of system security engineering. Mr. Wheeler can be contacted at This email address is being protected from spambots. You need JavaScript enabled to view it. .
 

Briefing Objectives:

For this lesson Mr. Wheeler discussed the role and responsibilities of an Information Security Architect during the pre-System acquisition phase of a Major System Acquisition (MSA). He stepped through the thought process and creation of security relevant documentation necessary for the satisfaction of Milestone A and B of the acquisition process. It was an informative briefing designed to make you aware of these activities and direct where to obtain additional knowledge if you need to support such activity in the future.

RobWheelerSlide002 

 

 

 March talk:

In March, the (ISC)2 Quantico Chapter hosted Jeff Mann to hear his perspective on DoD Level Security.

Jeff Man, presented "Does DoD Level Security Work in the Real World"

"Jeff is a respected Information Security expert, advisor, speaker, teacher, advocate, and curmudgeon. He has over 33 years of experience working in all aspects of computer, network, and information security, including risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. He has held security research, management and product development roles with NSA, the DoD and private-sector enterprises and was part of the first penetration testing "red team" at NSA. For the past twenty years, he has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation's best known companies."

Abstract for the talk:

"After spending nearly 13 years working for the Department of Defense, I ventured out into the private sector to consult and advice on matters of information security. On many occasions, after explaining some basic security concept to a customer and outlining what they need to do to be secure, I often heard the retort, “yeah, but we don’t need DoD level security.” Well, after twenty years in the private sector, and especially over the past 2-3 years with the proliferation of data breaches against major companies, I find myself wanting to reply, “yeah, you really DO need DoD level security!” What does this mean? Probably not what you are thinking. This talk will start with an overview of the foundational nature of data security, highlight the major tenets or goals of data security, discuss how and why so many companies so often fail at implementing the basics of data security, and explore some ways that a DoD-centric approach to data security might be implemented in the private sector. Brainstorming, discussion, dissension all welcome."