Platinum Sponsors

Security News

Gold Sponsors


Welcome to the Northeast Florida ISSA Chapter
February 2016 Meeting PDF Print E-mail

February 18th General Mtg & 1Hr CPE Preso 430-6pm, Networking 6-7pm with Appetizers

Meeting Location: Sheraton Hotel, Jaguar II, 10605 Deerwood Park Boulevard, Jacksonville, FL 32256

Meeting Sponsor: Cigital

Cost: $10 for guests, Free to Registered ISSA Members

Our guest speaker: Jeff Sauntry, Managing Principal

Mr. Sauntry is a Managing Principal at Cigital with P&L responsibilities for five states in the Southeastern US, including Florida. Over the span of the two and half decades he has held senior management roles leading software engineering teams for large Independent Software Vendors (ISVs – Novell & Computer Associates), telecommunications (AT&T Consulting), service providers (Unisys & STMS) and big three consulting firms (KPMG and PWC). He currently holds the following industry certifications: CISSP, PCIP, CISM, CCFE & CFE. He is a fellow Floridian that lives in Bradenton, FL. When he isn’t helping customers solve tough security problems he enjoys digital photography, sport bikes and introducing people to the many awesome aquatic opportunities the Sunshine State has to offer. As a certified commercial captain he loves to hosts on or under the water adventures leveraging his rating as a PADI Master Scuba Diver Trainer to certify new scuba divers.


Presentation: Justifying the Correct Security Spend

Demonstrating and quantifying the value or ROI for security expenditures is a tough and never-ending battle. Like every other competing capital expenditure or operating expense, each organization must try to balance investing in the right amount of security to satisfy the organization’s risk appetite while meeting an ever increasing set of regulatory and privacy requirements. Leveraging open source assessments, utilizing industry specific peer-comparisons, and analyzing emerging industry trends are great ways to build a business case for appropriate budget allocation for strategic initiatives & tactical security projects. During this presentation we will explore some of the key considerations for determining whether you should address an organizational capability shortcoming by building the capability organically in-house, or teaming with an external firm or Subject Matter Expert (SME). Capturing the correct metrics, determining the original source of security vulnerabilities introduction, and creating continuous feedback improvement processes can provide critical data points that an organization can utilize to demonstrate and measure the effectiveness and value of specific security initiatives. Finally, we will discuss the opportunity to reduce the cost of remediation by addressing certain security concerns at optimal stages of application/platform deployment. The output of this discussion will provide attendees with the insight and means to answer senior management’s most frequent question – Are we spending the right amount on information security? In the interest of adhering to the allotted time for this presentation, we will focus primarily on application security, secure software development life cycle (SSDLC), PCI DSS v 3.1 requirements, and security testing; but the approach and recommendations are applicable to a wide range of security initiatives.


For more information visit:


Visit these websites for additional chapter details:

• Local Chapter Website:

• LinkedIn Group Site:

• Patron Sponsors Page:

Schedule for Remaining 2016 Meetings:

Chapter goals and leadership principles:

• To have informative chapter events and fun professional social networking

• Share and promote vendor neutral best practices for information security

• Promote the educational and ethical standards, and the knowledge base of the ISSA association and the CISSP certification

More info: Please contact the local Board of Directors of the Jacksonville / NE Florida ISSA Chapter at: ISSA - This e-mail address is being protected from spambots. You need JavaScript enabled to view it

• Board Members: Chris Layfield (Verizon Enterprise), Vicki Harris (Maximus), Scott Manning (Black Knight Financial), David Croxton (FIS), Rob Carver (Black Knight Financial), James Case (Baptist Health)

To join ISSA: Go to and click Join Now. For the Chapter selection, find Northeast Florida chapter.


January 2016 Meeting PDF Print E-mail

January 14th General Mtg & 1Hr CPE Preso 430-6pm, Networking 6-7pm with Appetizers

Meeting Location: Sheraton Hotel, Jaguar II, 10605 Deerwood Park Boulevard, Jacksonville, FL 32256

Meeting Sponsor: Rapid7

Our guest speaker: Patrick Haley, Sr. Security Engineer

Patrick Haley has worked in technology consulting 10+ years and has spent the last 3 years focused primarily on threat and vulnerability management, penetration testing, and incident response. Pat is a senior security engineer/consultant for Rapid7 and helps to build strong security programs with a focus on proactive security and nimble incident detection and response capabilities. He has worked with companies of all sizes, including those in the Fortune 500 as well as the SMB space, spanning almost every vertical including healthcare, finance, retail, government, and EDU.

Presentation: Can you detect an attacker on your network? Can you respond quickly?

This topic will cover some of the most commonly used attack vectors being leveraged in breaches today, and how most organizations are struggling to 1) detect them and 2) respond to them before critical data is exfiltrated from the network and exposed to the public.

For more information visit:


October 2015 Meeting PDF Print E-mail

October 8th General Mtg & 1Hr CPE Preso 430-6pm, Networking 6-7pm with Appetizers

Meeting Location: Sheraton Hotel, Jaguar II, 10605 Deerwood Park Boulevard, Jacksonville, FL 32256

Meeting Sponsor: GuidePoint Security


Our guest speaker: Lee V. Mangold, GuidePoint Security

Lee has over 15 years of working experience in the computer and Information Security field and a diverse portfolio including security architecture, compliance, assessment, academic security research, and security engineering in both the private and public sector. Before coming to GuidePoint, Lee was a Security Operations Manager, Information Assurance Security Officer, and software engineering lead for a major US Army research laboratory. He holds a Bachelor's degree in Applied Computer Science and a Masters of Business Administration with Applied Computer Science specialization from Troy University, and is a Doctoral Candidate in Computer and Information Security at NorthCentral University. He is currently the Vice President of the Florida Cyber Alliance, the Vice President of the Central Florida ISSA, an officer with Security BSides Orlando, and a CyberPatriot mentor.


Presentation: Cloud Security Best Practices: A Practitioners View

This talk will focus on understanding and remediating cloud security issues. We will discuss IaaS, PaaS, and SaaS from the perspective of the security and IT practitioner. Rather than talk about audit controls, we’ll look at real examples of cloud security practices and discuss ways in which those issues could be remediated. We will also talk briefly about Cloud Access Security Brokering (CASB) tools and how they play a role in cloud security.


For more information visit:



November 2015 Meeting PDF Print E-mail

November 19th General Mtg & 1Hr CPE Preso 430-6pm, Networking 6-7pm with Appetizers

Meeting Location: Sheraton Hotel, Jaguar II, 10605 Deerwood Park Boulevard, Jacksonville, FL 32256

Meeting Sponsor: STEALTHbits Technologies

Our guest speaker: Brad Bussie, Director of Product Management, STEALTHbits Technologies

Brad Bussie is an award winning fifteen year veteran of the information security industry. He holds an undergraduate degree in information systems security and an MBA in technology management. Brad possess premier certifications from multiple vendors, including the CISSP from ISC2. He has a deep background architecting solutions for identity management, governance, recovery, migration, audit, and compliance. Brad has spoken at industry events around the globe and has helped commercial, federal, intelligence, and DoD customers solve complex security issues.

Presentation: Cleaning Up AD Once and For All

Active Directory is the technical implementation of your business policy. It provides authentication and authorization services for the majority of IT systems and is growing more complex, less secure, and more difficult to manage over time. In short, AD is a mess. Stale resources, an inability to figure out what groups grant access to, no good processes for granting and revoking access, and no involvement by data owners are just a few of the most common problems associated with a messy AD and they prevent most organizations from meeting their operational and security goals. When Active Directory is out of control, it becomes difficult or impossible to answer basic questions about group membership, ownership, toxic conditions like circular nesting, and where stale resources are costing time and money. A messy AD may also prevent you from completing major initiatives like Identity and Access Management, domain migrations or consolidations, and meeting your audit and compliance needs. In this session you'll learn how organizations of all sizes are approaching the growing problem of Active Directory complexity and ways to be proactive and ensure the success of migrations, consolidation, and ongoing management and protection.


For more information visit:


August 2015 Meeting PDF Print E-mail

August 27th General Mtg & 1Hr CPE Preso 430-6pm, Networking 6-7pm with Appetizers

Meeting Location: Sheraton Hotel, Jaguar II, 10605 Deerwood Park Boulevard, Jacksonville, FL 32256

Meeting Sponsor: Quadrant Information Security


Our guest speaker: Champ Clark, CTO Quadrant Information Security

Champ Clark III is the CTO at Quadrant Information Security based in Jacksonville, Florida. He is the author of several Syngress books on VoIP security and is a regular speaker at Defcon, HOPE, and CCC. He is the primary developer behind the Sagan log analysis engine ( and has been interviewed in various magazines including Wired, 2600, and HP World.


Presentation: Hunting in the SOC and Latest Advancements in Log Analysis

Champ will share the latest trends seen in the Quadrant Information Security 24/7 SOC (security operations center). The combination of hundreds of threat feeds and clients combined with their team of analysts searching and correlating events 24/7...they have a unique perspective and pulse on the threats we all face. Also, Champ will update the group on the latest advancement in log analysis that can help us all.


For more information visit:




Page 1 of 4
Copyright © 2016 All Rights Reserved.