Value of an ISSA Membership

One of the most common questions that mentees ask me is about membership in different groups and organizations. One of the most valuable in the Central Ohio area is ISSA (Information Systems Security Association International). Here are a few reasons why we believe in ISSA, their mission and their work.

Specific Value of an ISSA Membership

The ISSA is the community of choice for international professionals who are interested in furthering individual growth, managing technology risk, and protecting critical information and infrastructure.

A few key reasons that a Cybersecurity professional would want to join ISSA are listed below.

  • Chapters Around The World -ISSA provides educational opportunities and local networking for information security professionals. ISSA’s members can become your strongest allies when needed, and there are 157 chapters around the world.
  • Build Your Knowledge and Reputation – There are opportunities for active participation at Board and Chapter levels. You can use the ISSA Journal and KSEs to share your insights with the industry if you are an ISSA author or speaker. If you have innovative ways to solve problems, have applied security technology to address risks, or have case studies of how you have done it, then your ideas on security challenges, management, and innovation will go a long way in establishing you as a thought leader.
  • Network Like a Pro -Make new contacts and deepen old ones on a regular basis. ISSA offers a lot of networking opportunities beyond exchanging business cards. Forging lasting ties with others who have the same professional interests and concerns is one of the things you can do as you attend local chapter meetings, become involved on a committee or take a prominent leadership role. The sources of inspiration and ideas will come from these relationships. Networking contacts are a great resource for benchmarking security practices and validation of security product features.
  • Grow Your Career – The training you receive through the ISSA will give you a means to find potential career opportunities and can help get you noticed by those looking for someone to join their team. The ISSA sponsors many meetings and conferences that you can attend in order to earn CPEs for various certifications.
  • Learn for a Lifetime – The annual conference and chapter meetings are vital educational and professional resources that provide in-depth and timely information about the information security industry. Meeting and events can help you develop skills and solve problems. In addition to comprehensive workshops, seminars and knowledgeable guest speakers, there are presentations on new technologies. ISSA gives members additional discounts to security conferences.


In summary, I think that joining ISSA is worth every penny, especially if you want to progress from beginner to practitioner to expert. It’s among some of the best money you can spend in terms of ROI for growing your knowledge and your reputation in the community.


Make Plans Now to Attend Central OH ISSA Security Summit 2014

Brent will be speaking again this year at the ISSA Security Summit in Columbus

This year he has an interesting topic and here is the abstract:

A Guided Tour of the Internet Ghetto :: The Business Value of Tor Hidden Services

Following on the heels of my last set of talks about the underground value chain of crime, this talk will focus on a guided tour of the Internet Ghetto. You may have heard about Tor, the anonymizing network that rides on top of the Internet, but this talk takes you deep inside to visit the slums, brothels & gathering places of today’s online criminals. From porn to crimes against humanity, it is all here.

This talk will discuss Tor hidden services, help the audience understand what they are, how they operate, and most importantly, how to get business and information security value from them. If you think you know the dark side of the net, think again! Not for the feint of heart, we will explain some of the ways that smart companies are using hidden services to their benefit and some of the ways that playing with the dark side can come back to bite you.

Take aways include an understanding of Tor, knowledge of how to access and locate hidden services and underground content, methods for using the data to better focus your business and how to keep an eye on your kids to make sure they aren’t straying into the layers of the onion.

 Come out and see us at the Summit and bring your friends. It’s always interesting and a great event to catch up with peers and learn some amazing new stuff. See ya there!

Global Cyber Threat Intelligence…Holy Crap All This on a Monday…?!

Good morning Folks..Global Cyber Threat Intelligence…Holy Crap All This on a Monday…?! All this and a bag of chips…

People’s Republic of China’s digitalized troops begin to take shape

What to Expect June 4, People’s Republic of China’s Unofficial and Orwellian ‘Internet Maintenance Day’

People’s Republic of China’s Government is Stifling Tech Innovation and Prolonging Social Problems

Raspberry Pi: Beating the Censorship of The People’s Republic of China’s Great Firewall

US & People’s Republic of China to discuss cybersecurity at high-level diplomatic meetings
United States is next target of OP Middle Kingdom…colonization by the People’s Republic of China….

US Sec Def Chuck Hagel accuses People’s Republic of China of ‘cyber intrusions’ on US
Didn’t Hagel get the memo from POTUS…?

What happens when People’s Republic of China hacks U.S. weapons designs?

People’s Republic of China, US agree to talks on cyber theft and espionage

Hackers Are Spying On You: Inside the World of Digital Espionage

Hagel says Chinese cyberattacks a “growing threat” People’s Republic of China |

US Cyber Chief: Military Is Unprepared for Hacking

Government-developed standards not an effective cybersecurity approach..Hire the People’s Republic of China

Why the US needs People’s Republic of China’s Huawei more than Huawei needs the US

Australian Defence electronics manufacturer hacked by Chinese

If Britain wants greater prosperity, we need to look East to People’s Republic of China
United Kingdom colonization by People’s Republic of China is now complete…OP Middle Kingdom

Kuwait Commercial and government enterprise market key to Huawei’s growth in 2013 | Huawei Technologies

Los Alamos director: cyber-securing U.S. electrical grid key to energy security

An Elizabethan Cyberwar

A Fierce Domain: Conflict in Cyberspace, 1986 to 2012 | Atlantic Council

U.S. & People’s Republic of China to Hold Regular Talks on Hacking

People’s Republic of China Rapidly Taking Over World Economically

People’s Republic of China Reaps Biggest Benefits of Iraq Oil Boom

People’s Republic of China And The Biggest Territory Grab Since World War II

People’s Republic of China’s Economic Empire

How to Play Well With People’s Republic of China

China Voice: Pentagon report deviates from building trust – People’s Daily Online

People’s Republic of China skeptical of expanded US role in the Pacific;-Hagel-warns-Beijing-on-computer-based-attacks/id-526b8c8f680443d9ac415836133521be

Chinese navy begins US economic zone patrols –
US Navy Admiral Samual Locklear says”It is ok the PLAN is patrolling, we encourage them to do that, especially since we are not under he OSD Sequester and have US Marines aboard our flat bottom amphibs”….

Chinese general reveals ‘strategy’ for Panatag takeover
Major General Zhang Zhaozhong reflects on US Navy Admiral Samual Locklear comments “It is ok the PLAN is patrolling, we encourage them to do that, especially since we are not under he OSD Sequester and have US Marines aboard our flat bottom amphibs”….

People’s Republic of China accused the U.S. of interfering in China’s internal affairs by the June incident
中国指责美国借六四事件干涉中国内政 – 中国数字时代中国指责美国借六四事件干涉中国内政/?

People’s Republic of China’s Ministry of Truth: Japan-Africa, South China Sea – China Digital Times (CDT)

People’s Republic of China warns U.N. against ‘irresponsible remarks’ on North Koreans | Reuters

China-North Korea Dossier No. 2: “China’s ‘Measure of Reserve’ toward Succession”

Hacking the Drone War’s Secret History

Hackers Spawn Web Supercomputer on Way to Chess World Record

USSR’s old domain name attracts cybercriminals

U.S. Targets Iran’s Petrochemical Industry

Iran prepared to counter US cyber threats: Lawmaker

Marine Corps prepares to cut cord on NMCI…NON MISSION CAPABLE INTERNET…

Back to the Basics: Chess, Poker & the Future of Warfare

Interpol filter scope creep: ASIC ordering unilateral website blocks

Anticipating Cyber Threats Beyond APT

Semper Fi,



Discuss Detection in Depth at CMH ISSA Summit



On May 18th, I will be presenting on detection in depth at the CMH ISSA Summit. I look forward to a good discussion of the ideals, organizational needs, and maturity models. Given all of the focus on re-allocating resources from “prevention only” strategies to an equal spread across the core values of prevention, detection and response, this is likely to be a useful discussion to many organizations.

Come ready with good questions. I will also be available throughout the Summit for break-out discussions, one-on-ones, and small team meetings. Please reach out via email, phone or Twitter to schedule a sit down. Otherwise, feel free to approach me in the halls and we can have an ad-hoc discussion if you want to learn more about specific detection in depth approaches.
I speak on Friday, May 18th at 11:15 am. I hope to see you there!

Are You Attending the 2012 ISSA Central Ohio InfoSec Summit?


If you are in the midwest and can make it to Columbus for the ISSA Summit this year, you owe it to yourself to do so. Great speakers, great content, an amazing location and some of the best folks from around the world, for two days focused on infosec. It’s been amazing the past several years. You can find info online about it here

Some of the things I am looking forward to are getting to hear more from Richard Clarke (I might not always agree with his view, but he is an excellent speaker and a very good man.), and the rest of the speakers. In fact, there is not a speaker on the docket that I don’t think is amazing. We have developer insights, business folks, techno geeks, hackers, auditors and even a few MSI folks. 
So, if you can come to town and be here May 17th and 18th, do so. If not, you’ll miss out on what is sure to be an amazing event.
Special thanks to the Columbus ISSA team for putting the event together. These folks work really hard to pull it off, and the volunteers on the day of the event go above and beyond to make it all happen. Please take a moment at the event and give them a pat on the back. If something would happen to go wrong, or could be done better, drop them a line in email and they will look at improving it next year. Thank them, in person, for all of the things that go right. Seriously, it helps. Even better, volunteer for the Summit and help them and the community out. It’s a great way to give back for all that the community does for all of us, all year long. 
Thanks for reading and we’ll see you at the Summit! 

Audio Blog Post:Thoughts On ISSA and the Central Ohio InfoSec Summit

Brent Huston interviews Connie Matthews, who is on the Central Ohio ISSA Board and serves as the Special Events Coordinator. We were fortunate to be involved with the conference this year and the event just keeps getting better and better! Tune in to hear what was learned from this year’s event and ideas for the future!

Click here to listen.