Welcome to SEA-TUG

The Systems Engineering and Administration Technology Users Group
Providing "Technology On Tap" to the local IT Community since 2001


MEETING INFO AND ANNOUNCEMENTS

Next Meeting: Wednesday October 16th, 2019 - 6PM

Firstnet - What it Means to Everyone

DESCRIPTION: Many are aware of the FirstNet program and driving force behind the initiative but in this session, Lisa will provide us a deeper understanding of the program, the technology and the impact to both first responders and consumers alike.

Meeting: Wednesday September 18th, 2019 - 6PM

SEGMENTATION MADE SIMPLE

DESCRIPTION: For all your ‘things’ on the ground, on the move, or in the cloud. This presentation is a deep dive into the fundamental flaws of TCP/IP as it applies to our modern world of complex cloud and IoT device networks. It outlines how Host Identity Protocol (HIP) challenges for systems that weren’t designed for the state of networking today.

Please RSVP here!

Meeting: Wednesday June 19th, 2019 - 6PM

Topic: Making a Difference.

DESCRIPTION: Making a Difference - shares proven organizational change practices providing a methodology and supporting tools based in the ADKAR and GE’s Change Acceleration Process (CAP) methodologies. This session will provide security and technology professionals with some useful tools to help facilitate and sustain organizational change.

Elyse Nielsen is the principal consultant with Webgistixs, a security consulting firm. Webgistixs advises companies how to improve management of their security portfolio achieving project delivery while improving financial and operational performance. Elyse has over a decade of experience driving organizational change through information technology. Elyse has consulted with Johnson Controls, Quest Software and Community Health Systems. Elyse has earned the Certified Information Systems Security Professional (CISSP) and a Project Management Professional (PMP). She serves as a treasurer for Maine ISC2.

Please note this will be our last meeting before our summer break. Be on the lookout for our Summer Social in August and our next regular meeting in September!

Meeting: Wednesday May 15th, 2019 - 6PM

Topic: Cloud Strength in Unity - Cloud and Application Security.

DESCRIPTION: With the adoption of digital technologies such as cloud, organizations need to evolve security programs and processes to be able to adapt and move at the speed of the business.

Please RSVP here: https://www.eventbrite.com/e/cloud-strength-in-unity-cloud-and-application-security-tickets-60851867574?aff=SEATUG

Meeting: Wednesday April 17th, 2019 - 6PM

Topic: Securely Grant Access to the Privileged Accounts.
Wednesday, April 17, 2019 from 6:00 PM to 8:00 PM (EDT)

DESCRIPTION: Every day, administrators of all types are logging in using privileged credentials to perform their work. In this session, we’ll examine why protecting this access has risen to the top of the priority list for many security organizations and why Gartner says it’s the #1 priority to focus on. We’ll examine security risks associated with hot topics related to privileged credentials, and introduce simpler and faster methods for protecting these accounts everywhere they are.

Please RSVP here: https://www.eventbrite.com/e/securly-grant-access-to-the-privileged-accounts-tickets-59676941338?aff=SEATUG

Meeting: Wednesday March 20th, 2019 - 6PM

Topic:YOU CAN'T PROTECT AGAINST WHAT YOU DON'T KNOW!
Wednesday, March 20, 2019 from 6:00 PM to 8:00 PM (EDT)

DESCRIPTION: Colin Little, a Senior Threat Intelligence Analyst, will be speaking about the importance of visibility and awareness in protection your network. Join us for an engaging discussion and participate in some professional networking afterwards, sponsored by Centripetal Networks!

BIO: Colin was born in Tucson, AZ and had been tinkering with computers ever since he was 11. His career really started when he joined the United States Marines, where he graduated top of his class in training and was assigned to an elite unit. Upon being deployed to the fleet he provided tactical communications support all over the world and began his specialization in cyber security. Throughout his tour of active duty he was honored for his actions in combat, and heroism in preventing possible loss of life during a flood in Okinawa. Colin was honorably discharged in 2014 and took great pleasure in starting raise a family. He was employed at his local state government as a cyber security analyst where he and his team distinguished themselves in a successful fight against the emergence of Ransomware. Today, Colin continues his career in the private sector and provides cyber security services to private industry as well as state and federal government entities.

Please use this link to RSVP


Last Meeting: Wednesday January 16th, 2019 - 6PM

Topic: ZERO TRUST

Zero trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. Join us in talking with Michael Falkenrath to learn why the zero trust model is creating a paradigm shift in the way companies approach network security.

Download the presentation here.

Speaker Bio: Michael Falkenrath is currently a solutions architect at Tempered Networks. Formerly a senior systems engineer for FireEye, Michael was responsible for architectural and technical consultation for the deployment of FireEye’s advanced malware security solutions. Prior to FireEye Michael spent 12 years with F5 Networks, contributing to F5’s success in several different departments across the company including within the professional services organization as a Network Support Engineer, a Senior Escalation Engineer and a Field Consultant. He then joined F5’s Federal Sales team as a Senior Systems Engineer and contributed significantly to the growth of F5’s federal business. One of Michael’s last positions at F5 was as Solutions Architect for F5’s Federal and Southeast teams. Michael's entire IT career has focused on networking, security and multiple facets of application delivery.

What to bring:

  • An open mind: These meetings are designed to engender discussion about relevant topics from our past, our present, and our future!
  • A stack of business cards: This group is all about making new contacts and expanding your professional network.
  • A friend/co-worker: We’d like to promote sharing information among the security community. Invite someone to attend this meeting for free!

     

    Meeting: Wednesday December 19th, 2018 - 6PM - SPECIAL LOCATION

    ANNUAL HOLIDAY ROUNDTABLE

    SEA-TUG and NH ISSA members and guests are invited to join us for our 12th Annual Holiday Social RoundTable.

    Wednesday, December 19, 2018
    Time: 6:00-8:30 PM EST
    Location: Cisco Brewery (Formerly Red Hook) in Portsmouth, NH
    Cost: $5.00 - Includes Appetizers and 2 Drink Tickets

    Please join us to expand your professional network and join discussions on security trends with some of the best and brightest Information Security professionals in the area.

    We hope you can make it - if you can, please sign up with this link.

    Meeting: Wednesday November 14th, 2018 - 6PM

    Topic: Detecting Attack Techniques Such As Lateral Movement Using Admin Shares

    Detecting Attack Techniques Such As Lateral Movement Using Admin Shares

    How can we use security analytics, machine learning, anomaly detection and other techniques to detect various attack vectors such as lateral movement using administrative shares? Professor Oleg Kolesnikov will be sharing his experience, insights and lessons learned!

    Please sign up at: 
    Eventbrite.

    Speaker Bio info is available at our Meetup page.

    Meeting: Wednesday October 17th, 2018 - 6PM

    Topic/Speaker: TRIVIA NIGHT! NEWS, TECHNOLOGY, MOVIES, PRIZES!  

    In lieu of the speaker that was supposed to be presenting this Wednesday both ISSA NH and SEATUG have decided to host a trivia night! The night’s festivities will include trivia regarding current events, milestone events, movie trivia… and of course prizes!

    What to Bring:
    1) An open mind - the social format promotes sharing of ideas and thoughts about relevant security topics of the day.
    2) A stack of business cards- this group is all about making new contacts and expanding your professional network.
    3) An appetite -we will be providing food and refreshments!
    4) A friend/co-worker - we’d like to promote sharing information among the security community. Invite someone to attend this meeting for free.


    Meeting: Wednesday September 19th, 2018 - 6PM

    Ransomware is on everyone's mind, what are the new tactics?

    Jeff Stutzman (Chief Intelligence Officer for Waypack Labs, LLC) will be discussing a large scale breach in a major energy company that was taken offline for over a week. This story may seem old, but the tactics are new. This will be more of a story telling session, and if you know Jeff, he is well versed, excited about the defense, and being efficient in leveraging available resources. 

    Speaker Bio: 
    Stutzman's career began as a Naval Intelligence Officer and later evolved into working with companies like Cisco and Northup Grumman to protect their information from the threats that exist in cyberspace. 

    Download the deck here.

    Previous Meeting: Wednesday May 23rd, 2018 - 6PM

    Case Study: Using Security Onion as a Forensic Tool

    Doug Burks (former president of Augusta, GA chapter of ISSA, and co-founder of Security B-Sides Augusta), creator of Security Onion, will present a case study where Security Onion was used to reconstruct the scene of the crime of the RSA breach from a few years ago. This will be an engaging, enlightening, and entertaining presentation.


     

    April Meeting: Wednesday April 18th, 2018 - 6PM 

     

    Doug Brecher and Brendan Miles of Endgame will present "Practical Application of Advanced Security Frameworks (Unpacking the Mitre Attack Matrix)"

    This will be a technical (non-product related) discussion.

    For background info, check out Mitre's Attack Threat Matrix at https://attack.mitre.org/wiki/Main_Page and Lockheed Martin's Cyber Kill Chain at https://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html

    Additional links:
    Red Team Automation
    A modern model for cyber adversarial behavior

    Presentation deck coming soon...


    Meeting Recap: Wednesday February 21st, 2018 - 6PM 

    Hands-on Cyber Threat Hunting Challenge with RSA
    Crossover meeting with Information Systems Security Association (ISSA) NH 

    As always, thanks to our support organizations: Great Bay Community College (facilities) and Alexander Technology Group (food and beverages)! 

    We had a great meeting with over 40 attendees - Thank you to everyone for attending and bringing your enthusiasm and professionalism.  

    Walter Abeson and the NYC team from RSA brought along 3 PCAP files for us to analyze with Netwitness and guided us through the process.  
    Working together in teams, we were able to decode the files, interpret the data, and capture the flag(s)!

    If you'd like to download the (free) tool, the files, and the questions (and answers), click the links below.

    Download Presentation 
    Download RSA Netwitness (free registration required)
    Download Netwitness Quick Start
    Download Questions 
    Download Questions and Answers
    Download phishing PCAP 
    Download drive-by  PCAP 
    Download web shell PCAP 
    (Please rename *.pcap.txt to *.pcap after downloading).

    If you'd like to connect with RSA, please be sure to mention this SEA-TUG and ISSA-NH event, and reach out to:

    Shane Quintard (Systems Engineer) Shane.Quintard@rsa.com or Joe Gries (Sales Representative) Joseph.Gries@rsa.com  

     

    Meeting: Wednesday February 21st, 2018 - 6PM 

    Hands-on Cyber Threat Hunting Challenge 
    Crossover meeting with Information Systems Security Association (ISSA) NH 

    There is no cost to attend, but we ask that you RSVP for this event!  

    Walter Abeson from RSA will take us through a live event showing us how to hunt for threats on the network, guide us through a hands on demonstration, and facilitate a team challenge.    

    Using your skills and industry tools including RSA NetWitness, you’ll hunt for answers through data exploration and investigation.

    - Experience investigating a real incident with RSA NetWitness.

    - Learn tips and tricks for threat hunting from RSA experts.

    - Compete with, learn from, and network with like-minded professionals.

    We will be breaking in to 5 teams, so we'll be looking for 5 people to be team leads. Please email ssakelarios@issanh.org if interested in being a team lead.  All participants will have access to the software following the meeting but computers for the event will be provided.  

    Participants will work alongside each other competing and learning in a challenging forensic analysis of a variety of real-world use cases.

    Speaker Bio: 
    Walter Abeson is a Systems Engineer with RSA Security, focused on threat hunting and incident response, located in New York City. Prior to joining RSA, Walter was the Technology Manager for Black Hat, responsible for the NOC and overall security posture. 


    Meeting: Wednesday January 17th, 2018 - 6PM - CANCELLED 


    THIS MEETING WILL BE RESCHEDULED... 

    Delivery of IT Software in the Face of Compliance

    Presented by Ed Webb from Liberty Mutual. Eddie is the Director of Engineering, for Liberty Mutual’s central software delivery platforms encompassing CI/CD, DevOps and Public cloud adoption. Hos team's mission is to eliminate friction and waste from the path to production, and make way for innovation and rapid iteration, from ideation to delivery. Eddie will talk about some of the ways he has seen the culture and cooperation of teams evolve, and the shift in security and compliance policies to take advantage of centrally controlled continuous integration and delivery pipelines.


    Meeting: THURSDAY December 14th, 2017 - 6PM

    Our December meeting will be a Holiday Social on a special night.  Come join your SysAdmin and CyberSecurity peers for some food, drink, and discussion.

    PLEASE NOTE: WE REQUIRE AN RSVP FOR THIS MEETING.  PLEASE SIGN UP AT THIS LINK: 

    https://www.eventbrite.com/e/information-systems-security-association-issa-nh-11th-annual-holiday-roundtable-redhook-brewery-tickets-40342149455?aff=SeatugGuest 


     

    Meeting: Wednesday November 15th, 2017 - 6PM

    Examining United States Readiness for Cyber attacks on the Power Grid. Are We Ready?

    Jan Dyment will be presenting her research on the vulnerabilities of the US power grid and we'll discuss what we can learn from this, how this compares to our own infrastructures, and what we can do to mitigate risks.

    This will be another crossover meeting with ISSA-NH.  


    Special Event Notice:  Our friends at SMMUG (Southern Maine Microsoft User Group) are holding a special event in Portsmouth on November 8th at 4pm (at Redhook).  Topic: Desktop as a Service - Reality or Myth for Public Cloud.  This session of SMMUG will dive into the pros/cons of Public Cloud as a platform along with a roadmap discussion of where Citrix is taking Citrix Workspace Cloud, Citrix Essentials, and other technologies. The event is free, but an RSVP is required. 


     Meeting: Wednesday October 18th, 2017 - 6PM  

    This month we'll have another crossover meeting with our friends at ISSA-NH as we discuss the topic of vulnerability management.  

    First up, Derek Rolfe, Manager of IT for Phillips Exeter Academy gave a Sysadmin Field Report with his experience implementing Nessus in his environment.

    Secondly,  Peter Streips from Contextual Security provided some commentary on Common Attacks and examples of what his company has seen in the course of performing vulnerability assessments.

    Download the deck here.


    Meeting: Wednesday September 20th, 2017 - 6PM

    SEA-TUG is excited to announce our first cross-over event with the NH chapter of the Information System Security Association!

    Topic: “Managing Log Data"

    Join us for a discussion (and interactive workshop) on the history of logging up to current day SIEM.  We'll talk about the selection of tools for regulated and non-regulated environments to drive improvements in IT Security Operations, and techniques for using automation to wade through an ever-growing mountain of data using examples from the audience, as well as chat about the primary data required for emergency response during ongoing breach events.

    Our guest presenter is Jason Sgro, Managing Partner and Chief Strategist of The ATOM Group right here in Portsmouth.

    We've added a 2nd presenter, Michael Leland, SIEM Evangelist for Mcafee, who will discuss Using Log Data to Identify Insider Threats.

    This will be a highly interactive session with knowledge sharing and networking opportunities.  We hope to see you there.

    Download copies of the presentation decks here:
    1- Intro Deck
    2- Jason Sgro - Logging Presentation
    3- Michael Leland - Data is the Answer (What was the Question?)

    PLEASE NOTE:  If you have not joined our Meetup group, please do in order to continue getting notifications about upcoming meetings: http://meetup.com/sea-tug

    We welcome your feedback on the meeting, format, venue, content, presenters, food, schedule, and the new crossover with ISSA.  SEA-TUG exists for your benefit, please let us know what we can do to make the group more effective for you.  Contact Steve at caretaker@sea-tug.com.


    Summer Break - July/August 2017

     


    Meeting: Wednesday June 21st, 2017 - 6PM

     

    Topic: “Automating Yourself to The Unemployment Line: How I learned to stop worrying, and love DevOps”
    Presented by Ben Hamilton, fellow sys-admin for Idexx labs in Maine. 

     This will be a chat on Ben's experience about coming on as a System Administrator right at the beginning of Idexx's DevOps adoption, and how the team and the organization have fostered DevOps culture.  There may also be various philosophical views which are important for SysAdmins to embrace in order to do DevOps successfully.

    Download the INTRO deck or the PRESENTATION deck.

    Note that we will skip July and August meetings; this will be the last meeting until September 2017  


    Meeting: Wednesday May 17th, 2017 - 6PM

     

     

    Securing Your Organization - Where Do You Start? 

    Here's the scenario:  You're given 3 months and $50,000 to improve your organization's security posture.  George Magee will lead us through a discussion on what to focus on, how to determine what's most important, and discuss some strategies to make multiple quick-hit wins given the constraints. 

    Every organization will have different priorities - this is intended to be a highly interactive discussion.

    Great meeting, everyone.  Loved the interactivity and connections being made.  Huge shout out to George Magee for leading the discussion.  Here's the "Wannacry Fact Sheet" I mentioned - I'll upload the Wannacry deck I put together after I update and scrub it.

    Download the files: Main Deck; Top 20 Controls Document, Top 20 Controls Matrix 


    Meeting: Wednesday April 19th, 2017 - 6PM

    Building Windows Images with MDT

    Presented by Tobin Weltin - download the deck here.

    Tobin provided an overview and a live demo of making images and deploying them to new hardware as well as the tools involved and ways to customize the installation.  As an added bonus he also covered using MDT to deploy applications to clients and via an end-user self-service portal.


    Meeting: Wednesday March 15, 2017 -- CANCELLED DUE TO NOR'EASTER

    3 Mini-Topics: 1) Favorite tool(s) of the month, 2) Analyzing data with Excel, 3) Using WDS and MDT to deploy Windows 10

     This month we'll have 3 mini-topics to entertain and educate.


    Meeting: Wednesday February 15, 2017

    Infrastructure Monitoring

    We've covered this topic before, but it seems to be a popular discussion topic.  Greg Ross, a Systems Engineer for Paessler AG (the company that makes PRTG) will be in town to lead a discussion on best practices and provide us with some ideas of things that can and should be monitored.  We'll also have a panel of your peers on hand to discuss and compare performing similar tasks with different tools and comparing features/benefits of several tools.  We have several members who have volunteered to talk about PRTG, Solarwinds, Nagios (and variants), and other tools.  Please be ready to talk about your own experience and bring questions about how/what to monitor in your own environment.  This is not a sales event for PRTG, but it will likely be used in the demonstration portion of the meeting by default.


    Meeting: Wednesday January 18, 2017

    Understanding Wireless Networks

    We all have wireless networks and we all know how imperfect wireless connectivity can be, but do you know how to tune your wireless network for optimal performance?  Do you understand RSSI, SNR, and wireless bands?  If you would like to improve your understanding of wireless concepts and how to enhance the end user experience come to the SEA-TUG meeting on January 18th at 6:00 pm at Great Bay Community College (Pease).  Mark Waruszyla from Focus Technologies will be reviewing these concepts and sharing best practices for wireless optimization.  Mark is an experienced engineer and thrives on group discussions, so bring the wireless questions that have been nagging at you for years. 

     Download the deck here.


    Special Event Notice: NH ISSA Meeting 11/17/16 - See http://www.issanh.org/ for more info.


    Meeting: Wednesday November 11, 2016
    Holistic Security: Defining and Defending Against Multiple Attack Vectors

    Craig Taylor, CSO for NeoScope will lead a discussion on defining and defending against attacks.  This is intended to be an interactive session where Sea-Tug members can discuss what they're dealing with and discussing tactics, techniques, and even tools to defend your users and environments from attacks and other risks.

    Download the deck from tonight's meeting here.


     Special Event Notice: SMMUG (Southern Maine User Group) was founded in 2009 and normally meets in Portland.  This month they're holding a special event on November 10th, at the 100 Club in Portsmouth from 4:30 to 6:00pm.    Topic: Digital Transformation – Start in the Cloud and End at the Desktop.  For more information, contact Tricia Richardson at tricia@smmug.info (an RSVP is requested).


    October Meeting: Wednesday, 10/19/16 at 6:00pm
    Monitoring the Evolving Datacenter (Private, Public, and Hybrid Cloud)


    We're excited to announce this month's topic and speaker.  SEA-TUG's own Mark Cassinelli, Manager of On-Demand Platforms at Amadeus Hospitality (Newmarket Software) will be sharing his experience with monitoring Private, Hybrid and Public Cloud environments.  He'll discuss toolsets and methodologies as well as incident management and change control for continuous deployment and DevOps environments.  

    Please join us for education and networking with your local IT peers. 

    Download the deck from tonight's meeting here.

     


    September 21, 2016!
    Evaluating Hyper Convergence

     

    Download the Intro deck, the main presentation (coming soon), or the Excel-based Hyperconvergence evaluation tool.

    Sea-Tug is BACK and the team is looking forward to seeing everyone again!  We have a new steering committee in place and we're very excited to announce the next scheduled meeting of Sea-Tug as follows:

    When: Wednesday September 21, 2016 at 6:00pm
    Where: Great Bay Community College (Pease Campus), 320 Corporate Drive, Portsmouth NH 03801
    Topic: Evaluating Hyper Convergence
    Speaker: P.J. Soucy, VF Corporation (Timberland)

    PJ will present an analysis of Hyper-Converged platforms and the methodology he used to determine if this technology was a good fit for VF Corp.  We’ll also have a round table discussion of Hyper-Convergence and the experiences of other Sea-Tugians with this technology.  There will be no sales presentation at this meeting.   

    Please note: We are consolidating our online presence to this website and MeetUp.  You can find the Sea-Tug group, including contact information, at http://www.meetup.com/SEA-TUG.  We are discontinuing the use of the broadcast emails, all meeting notifications will come from MeetUp.

    Please reach out if you have any input or interest in participating in organizing the future of SEA-TUG!

    -Steve