February 20th ISSA Quarterly Meeting

Maggiano’s Little Italy – The RIM 17603 I-10, San Antonio, TX 78257 Noon until 4:30 PM

February 20th ISSA Quarterly Meeting – DirectDefense

Maggiano’s Little Italy – The RIM 17603 I-10, San Antonio, TX 78257 Noon until 4:30 PM

Click here to buy tickets!

Benefits of attending Alamo ISSA Quarterly Meetings:

  • All of the Alamo ISSA Quarterly Meetings give you the opportunity to earn 3 CPE’s toward your certifications.
  • Network with other information security professionals in the area.
  • Lunch is included with your ticket.
  • After the meeting, a mixer will be held until 6:30 PM in Maggiano’s Bar area.

Christopher Walcutt, CISM, CISSP

Bio: Mr. Walcutt is the Director of Security Solutions at DirectDefense with twenty years of experience in network design, information security, risk analysis & mitigation and compliance in the energy, financial, higher education, and manufacturing sectors. He specializes in security and risk strategy in the energy sector and is involved with several research initiatives involving the University of Central Florida, Soar Technology, and DARPA as a subject matter expert for energy, smart integrated infrastructure and critical infrastructure security. He volunteers time coaching the CyberPatriot Team NetRunners, two-time national finalist and 2016 National Champions. He is a nationally recognized Cyber Security speaker and the Air Force Association’s 2016 CyberPatriot Mentor of the Year.

Title: Not-So-Smart Grid

Abstract: Smart grid owners must provide innovative, resilient solutions that encourage widespread use of IoT devices and applications while meeting security and compliance mandates. Changing regulatory standards, the security practices of third-party vendors, affiliated utility companies and network owners all stand in the way of achieving this. This presentation will discuss security and resiliency considerations.


Alan Orlikoski

Bio: He provides emergency services when a security breach occurs. He also creates and upgrades security operation centers, incident response management programs, analyzes and tests existing incident response plans, conducts forensic investigations, and provides incident response and forensics training. Mr. Orlikoski has extensive computer forensics background and has been a leader in some of the largest incident response and security operations center development programs in the history of the company.

With over 17 years of experience in both private and public sectors of the IT industry, Mr. Orlikoski is professionally certified in IT Security (Cyber Forensics, Penetration Testing, Protection, and Vulnerability Analysis & Defense) and Project/Program Management. He has a thorough understanding of malware, computer forensics, and tactics, techniques, and procedures that are leveraged by attackers. He is also an experienced project manager with over 10 years of experience leading cybersecurity-related projects.

Mr. Orlikoski entered the security field as a US Air Force officer, and later specialized in computer forensics and architecting cyber defense solutions outside of the military. He has designed and implemented defense solutions for government and Fortune 100 companies. He has more recently participated on teams tasked to assess and advise Fortune 100 clients, with a focus on maturing an organization’s ability to more quickly and effectively detect, respond to, and contain targeted attacks.


Platform Security Engineer Square, Inc

Title: Using Open Source Tools to Solve New DFIR Challenges

Abstract: The technology in business is always changing and thereby constantly creating new and interesting challenges for all Digital Forensics and Incident Response (DFIR) teams. This is seen in stunning details as companies are migrating to non-Windows and Cloud environments for virtualization and data storage. These migrations have made the current generation of IR Tools, Techniques and Procedures (TTP) either sub-optimal and/or obsolete.

Frequently, DFIR teams do not have the money to purchase, nor the time needed to develop a DFIR toolkit solution that meets these new requirements themselves. Although many open source solutions exist, they typically require an advanced level of skill to setup and maintain. Alternatively, custom solutions present risk should the maintainer leave or become otherwise unable to maintain it. This is where a curated collection of Open Source tools such as the “CyLR, CDQR Forensics – Virtual Machine” (CCF-VM) provide value. The CCF-VM provides a conveniently packaged, easy to use platform, designed from the ground up to enable teams to collect, process, and analyze critical forensics artifacts. It works on Mac, Linux and Windows endpoints while enabling the searching across single or multiple hosts simultaneously. This presentation will discuss some of the new challenges are, explain the difference between Live Response and cold disk forensics, and show, with a demo, how the CCF-VM can be used to solve them today.


Scott Parker

Bio: Scott is an Information Systems Security Association Distinguished Fellow (reserved for the top 1% members) and has 30 years of strategic and tactical information security experience across multiple control points – data centers, endpoints, and gateways with a focus on threat protection, information protection, cybersecurity services and security analytics.

Title: Living off the land

Abstract: Attackers are increasingly making use of tools already installed on targeted computers or are running simple scripts and shellcode directly in memory. Creating less new files on the hard disk means less chance of being detected by traditional security tools and therefore minimizes the risk of an attack being blocked. The four main categories of living off the land and fileless attack techniques are memory-only threats, fileless persistence, dual use tools, and non-PE file attacks.