Hi [[ session.user.profile.firstName ]]

Let's talk about OSSTMM with Pete Herzog from inside out

In early 2000, the Open Source Security Testing Methodology Manual (OSSTMM) was released with the primary objective of improving how the enterprise conducted security testing. Key sections of this methodology include operational, human, physical, wireless, telecommunication, and data network security testing. Today, OSSTMM is widely regarded as a methodology for penetration testing world-wide, offering a standard approach to conducting security testing. Frank Shirmo of ITPG Secure Compliance, a Cyber Security Boutique in Northern Virginia will be joined by Pete Herzog, the creator of OSSTMM, to answer key questions, and provide clarifications on OSSTMM for CTOs, CISOs, CIOs, Security Engineers and Analysts, and all other stakeholders interested in the topic of security testing.
Recorded Dec 14 2017 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Pete Herzog, Managing Director at ISECOM
Presentation preview: Let's talk about OSSTMM with Pete Herzog from inside out

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Cracking the Human Factor problem: Sims, games & data Sep 27 2018 5:00 pm UTC 105 mins
    Bora Aytun Co-founder, CEO, MAVI Interactive
    Data-driven integration between Phishing Sims and game-based information security awareness training.

    In this webinar you will learn:
    •Why Phishing Sims didn’t turn out to be the silver bullet to bring down the Human Factor problem in Information Security.
    •Root cause analysis: Why people fail, and how cognitive neuroscience of learning can affect much-needed behavior change.
    •The behavior modification cycle: The process, and why accurate skills assessment is essential.

    You will also see a quick demo of the integrated solution: “Keepnet Labs” and "Info-Sentinel" training mini-games. Q/A Session to follow.

    Mr. Aytun is a 30-year veteran of building technology-based solutions, including B2B product development for the TV broadcast industry, TV and video production, software product development, and in the last decade, game development for training and education. He has been serving the corporate and government training space as the CEO of MAVI Interactive since 2008. MAVI's key contribution to the training industry is making immersive skill development products accessible by all, removing the prohibitive cost barriers.

    MAVI's approach is to develop award winning immersive training systems with modular data structures that can reliably deliver engaging skill development scenarios as well as data-driven performance evaluation. All their solutions are based on Natural Learning Principles, designed to “train the brain” and affect behavior change.

    MAVI's latest integration between Phishing Simulations (Keepnet Labs) and information security behavior modification mini games (multiple-award-winning "Info-Sentinel" series) completes the behavior modification cycle, essential for reducing the Human Factor issues with information security.”
  • Build Your Cyber Budget for 2019: Part 1 Recorded: Aug 16 2018 35 mins
    Jerry Caponera, VP of Cyber Risk Strategy
    Choosing cyber vendors and balancing budgets can be a challenge. We want to help cut through the clutter and show how we build a cybersecurity budget and identify spending needs an organization needs to immediately address. This is a two-part webinar series where you will learn how to approach the cybersecurity budgeting process (as well as see common mistakes to avoid) and how to build your own cyber budget. We will offer a budget plan worksheet to guide you along the way and share best practices and takeaways.
  • Making Cybersecurity Matter to Business - A conversation with Pete Herzog Recorded: Jul 26 2018 55 mins
    Pete Herzog, Managing Director at ISECOM
    In early 2000, the Open Source Security Testing Methodology Manual (OSSTMM) was released with the primary objective of improving how the enterprise conducted security testing. Key sections of this methodology include operational, human, physical, wireless, telecommunication, and data network security testing. Today, OSSTMM is widely regarded as a methodology for penetration testing world-wide, offering a standard approach to conducting security testing.

    Frank Shirmo of ITPG Secure Compliance, a Cyber Security Boutique in Northern Virginia will be joined by Pete Herzog, the creator of OSSTMM, to answer key questions, and provide clarifications on OSSTMM for CTOs, CISOs, CIOs, Security Engineers and Analysts, and all other stakeholders interested in the topic of security testing.
  • Artificial Intelligence - Internet of Things : Cybersecurity Perspectives Recorded: Jun 14 2018 75 mins
    Dr. Shawn P. Murray, President, Murray Security Services & Consulting
    Artificial Intelligence (AI) is quickly gaining recognition as a viable method to increase successful problem solving, advance research in areas that exceed human capabilities and are automating menial processes to increase efficiency and productivity in expediential time. In the future, your interface with a human doctor may be limited, as AI gains more prominence in the medical industry diagnosing patients and determining levels of care. AI is being used to develop humanoids for companionship and is providing additional conveniences that are starting to alarm some organizations. There is a sense that the pace of AI is growing so fast that it may be impacting areas that are not getting the attention required to address various risks. Cybersecurity issues continue to arise regarding the integration of AI in computer systems, network and software platforms and the growing advances in IoT devices. As various industries invest in AI technology, CIOs, CISOs, researchers and manufacturers need to be working together to ensure cybersecurity and other safeguards are being considered in the design phase before allowing AI technology into the computing environment.
  • How Cyber (measured in dollars) Earns a Spot on the Risk Register Recorded: May 17 2018 47 mins
    Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security
    Cyber has yet to be fully integrated into the suite of business functions and monitored risks within most organizations. GRC is the mechanism to align cyber and the business, but it’s current state is not sufficient. Governance hierarchy is ineffective (CISOs reporting to the CIO or COO), Risk leveraging ambiguous risk measurements, and Compliance mistaken as security. Moving forward, Governance must be redefined, making CISOs business leaders, reporting to the Board. Risk should leverage traceable data to measure in a common business language. Compliance should be the baseline for security initiatives, not the end goal. When these initiatives can be achieved, GRC will transform cyber into a business enabler.

    Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security where he leads the effort to quantify cyber risk in financial terms. Prior to Nehemiah he founded PivotPoint Risk Analytics which focused on cyber risk quantification through value-at-risk modeling and simulations. Jerry has a broad background in cyber, having worked for incident response, malware analysis, and services companies. He has spoken at a number of conferences worldwide including ISS World MEA in Dubai, InfoSecurity Russia in Moscow, and TM World Forum in Nice, France. He holds an MBA from the University of Massachusetts, an MS in Computer Science from the University of Pennsylvania, and a BS in Electrical Engineering from the University of Buffalo.
  • Is Threat Hunting the Next Frontier: Separating the Hype from the Reality Recorded: May 3 2018 78 mins
    Dr. James Stanger Chief Technology Evangelist, CompTIA
    One of the more interesting-sounding job skills today is that of the “threat hunter.” Let’s talk about the activity of “threat hunting,” and deconstruct it a little bit. The idea behind threat hunting is to proactively look for adversaries and for traces of their activity. So, is threat hunting all that it’s cracked up to be? Is looking for trouble really the best approach today? It’s very possible that the one key element of threat hunting is one fundamental assumption: That you’ve already been hacked, but you just don’t quite realize it yet. In this presentation, James will discuss the benefits and drawbacks of “active defense,” and where it fits in with other security activities.
  • GDPR and you! Perfect together....? Recorded: Mar 29 2018 58 mins
    Joshua Marpet. Red Lion, COO/Founder
    GDPR is a huge topic, with issues ranging from "What does it mean to my business processes?" to "Do I have to care about it?" And that's besides the technical bits! Together, let's explore what it means for a sample company. We'll discuss data, geography, and business processes. You'll learn about some of the pitfalls, and some of the opportunities inherent in GDPR. And maybe we can make it work for you, instead of causing a headache. Want to find out? Just show up.

    Joshua Marpet is an accomplished speaker, long time information and physical security practitioner, as well as a start up CEO and serial entrepreneur.
    He has presented on topics ranging from Facial Recognition to National Security, to audiences from government agencies, law enforcement, Fortune 5 companies, and many others. His research encompasses Digital Forensics, business security maturity, and how not to start an information security business!

    Joshua has been in the hot seat, at all levels of IT and Infosec. From the Federal Reserve, to law enforcement, to being an entrepreneur, Josh has been there. Let's talk.
  • The Future of Passwords Recorded: Mar 22 2018 58 mins
    Hamza Sirag
    This webinar will provide an overview of the future of passwords. Passwords have become very important, protecting a treasure trove of information. You will get an inside look at the techniques and tactics used conduct password attacks. We will discuss the various countermeasures available, new improvements made to the latest operating systems to prevent successful password attacks, and how the industry is trying to eliminate passwords. We will conclude by discussing ways we can potentially circumvent new countermeasures.

    Hamza Sirag Hamza is currently an Information Security consultant. He has spent the majority of his time immersed in the world of cybersecurity. He has had the opportunity to lead complex penetration tests for a variety of federal and commercial clients. He is the founder of Beltway Hackers, a Northern VA based meetup group focused on offensive cybersecurity. https://www.meetup.com/Beltway-Hackers
  • How to secure the Windows OS in 2018 Recorded: Mar 1 2018 60 mins
    Sami Laiho
    At the end of 2017 there were more than a million new malware samples found for Windows per day. The old ways of protecting computers are not powerful enough anymore. Join to learn how one of the leading security experts in the world, Sami Laiho, explains how to protect your endpoints proactively. You’ll learn tips & tricks on how to implement hard disk encryption, Whitelisting and Principle of Least Privilege.


    Sami Laiho is one of the world’s leading professionals in the Windows OS and Security. Sami has been working with and teaching OS troubleshooting, management, and security for more than 15 years. Sami’s session was evaluated as the best session in TechEd North America, Europe and Australia in 2014, and Nordic Infrastructure Conference in 2016 and 2017. At Ignite 2017 Sami was evaluated as the Best External Speaker! Sami is also an author at PluralSight and the newly appointed conference chair at the TechMentor conference.
  • Attacker's Methodology Recorded: Feb 1 2018 23 mins
    Jason Dion, CISSP - Cyber Security Trainer at Dion Training Solutions
    A brief overview of the Attacker's Methodology. In this webinar we began our quest to think like an attacker. We will cover the 6 stages of an attack: reconnaissance, scanning & enumeration, gaining access, escalating privileges, maintaining access, and covering your tracks.
  • Let's talk about OSSTMM with Pete Herzog from inside out Recorded: Dec 14 2017 60 mins
    Pete Herzog, Managing Director at ISECOM
    In early 2000, the Open Source Security Testing Methodology Manual (OSSTMM) was released with the primary objective of improving how the enterprise conducted security testing. Key sections of this methodology include operational, human, physical, wireless, telecommunication, and data network security testing. Today, OSSTMM is widely regarded as a methodology for penetration testing world-wide, offering a standard approach to conducting security testing. Frank Shirmo of ITPG Secure Compliance, a Cyber Security Boutique in Northern Virginia will be joined by Pete Herzog, the creator of OSSTMM, to answer key questions, and provide clarifications on OSSTMM for CTOs, CISOs, CIOs, Security Engineers and Analysts, and all other stakeholders interested in the topic of security testing.
  • Leading through adversity and burnout to create a high performing security team Recorded: Nov 30 2017 51 mins
    Sharon Smith, CISSP ITPG Secure Compliance VP, Cybersecurity Strategy and Advisory Services
    Security professionals are constantly in a state of adversity, always trying to battle the unseen advisory with little resources and lack of understanding from leadership. Often there is little to no recognition of a job well done, because no one can see the results of a good security team, no breach. It is only when there is an issue that the lights shine on the security team and that is when everyone asks why is it going wrong? This makes leadership within security that much harder, how do you help a team that is up against constant adversity from burning out and leaving. In this webinar, Sharon Smith will discuss the Five Pillars of a high performance security team and how you as a leader can tap into these to help your team achieve more and get better results.
  • AI and the Scientific Method for Cyber Investigation Automation Recorded: Nov 16 2017 48 mins
    Shawn Riley, Chief Data Officer | Cybersecurity Scientist at DarkLight
    "Artificial Intelligence" is arguably one of the most over-used terms in cybersecurity today and despite the potential, most organizations are in the dark about how best to apply it -- and more importantly, how to explain the results it produces. We will discuss how encoding expert tradecraft using scientific methods and common knowledge / data models - can produce AI with explainable results for improved investigation and an active cyber defense.
  • Social Engineering: Still a threat? Recorded: Oct 26 2017 55 mins
    Tarrell "Mac" McCrory, CISSP, CEH
    When you hear the term Social Engineering, the first thing that pops into your mind will invariably be phishing emails. However, there are many aspects of social engineering that are, more often than not, completely overlooked. Identity impersonation, physical penetration, and various other means can just as easily be employed to breach company after company. While the ability to detect malware and other types of breaches get better by the day, these types of attacks are rarely discovered quickly, if at all. Enterprise level security accounts for many of these, but rarely all. Join the indepth discussion of how Social Engineering can be dangerous for an organization and what can be done about.


    Previously, Mr. McCrory was one of the founding employees of PhishMe, Inc. where he developed and ran many social engineering engagements as a Managed Services Consultant, teaching management of various Fortune 500 and Global 100 comapnies how to deal with phishing and on occassion, various other forms of social engineering attacks.

    Mr. McCrory is also currently working on his first book and working as an independent consultant.
  • NIST 800-171 Protect CUI or Risk Losing Federal Business Recorded: Oct 12 2017 63 mins
    Kelly Handerhan, CISSP, PMP, CASP, CEH, Cybrary.it SME
    Federal contractors that process, store or transmit what’s called Controlled Unclassified Information have until December to implement new, more stringent security guidelines to protect that information. Chances are your organization already meets some of the requirements, but it’s unlikely that you meet them all. Join us to identify what’s new, what’s not, what you have to do and how to assess the impact.
  • Why do corporate breaches continue to succeed? Recorded: Oct 5 2017 38 mins
    Robert Johnston, CISSP, Adlumnin, Co-Founder & Chief Executive Officer
    Corporate breaches continue to succeed because attackers can steal the legitimate identities of your employees and use those identities to attack your infrastructure. Far deadlier than malware based attacks, identity based attacks can go undetected for months or years because perpetrators impersonate the methods used by your various privileged accounts as if they were that user. Attackers have changed their methods from the now outdated malware based attacks to the evolved identity based attacks. Learn how analytics, deception, and data streams are saving the security industry, or would have at least saved the Democratic National Committee.


    Robert Johnston, CISSP
    Behavior Analytics, Active Defense, President & CEO Adlumin.com, Technology Entrepreneur

    Previously Mr. Johnston worked in the private sector as a principal consultant at CrowdStrike, Inc as an incident response expert conducting engagements against nation state, criminal, and hacktivist organizations across a variety of industry sectors.

    Previously Mr. Johnston served as an officer in the United States Marine Corps. As a Marine Officer he was the Team Lead of 81 National Cyber Protection Team, Cyber National Mission Force and the Director of the Marine Corps Red Team. He is an accomplished leader and technical expert within the cyber security community. Mr. Johnston is a 2008 United States Naval Academy graduate with a degree in Information Technology.

    He has published multiple projects and articles in industry relevant magazines and peer reviewed journals. An avid speaker within the cyber security community (ISC)2 awarded him runner up for the best up-and-coming cyber security professional in North, Central, and South America and the winner of the 2015 Community Awareness Government Information Security Leadership Award. Mr. Johnston can be followed on Twitter at @dvgsecurity.
  • Risk-Cloud-Crypto Recorded: Sep 28 2017 57 mins
    Donald Parker, CISSP, CCSK, ITIL, MCSE
    The three emerging pillars of cybersecurity include Risk Management, Cloud Security, and Cryptography. Cybersecurity can't be implemented efficiently without risk management. The cloud is taking over and here to stay. Cryptography is the clue that holds it all together.

    Donald Parker, CISSP, CCSK, ITIL, MCSE

    As a Sergeant in the US Army, cybersecurity instructor, inventor, author, and consultant to the Federal Government, Donald Parker has dedicated his entire career of over 23 years to the Information Technology industry with a special focus on Information Security. Mr. Parker has taught CISSP and other cybersecurity classes all over the United States and abroad, including Holland, Germany, and Guam. He holds a US patent for a physical computer security device that he believes will provide the greatest defense to one of the greatest threats on the Internet, Bot Networks. He has also developed a mechanical cryptographic cipher. Donald has authored a book on passing the CISSP exam and has published an audio version of the book online with over a million downloads. He has helped federal agencies and fortune 100 corporations comply with the ever-evolving cybersecurity landscape. As an independent consultant and small business owner for the past 10 years, he successfully completed more than a dozen short to midterm contracts. The knowledge gained from more than 25 different public and private sector environments has afforded him a birds-eye view of this exciting new field. Many of Mr. Parker’s customers and students refer to him as a one-man band in the since that; he can identify the laws, regulations, requirements and policies that an organization must comply with and actually implement the security controls necessary to demonstrate compliance. Donald has developed a STEM program to teach kids and young adults cyber security basics and prepare them for capture the flag competitions.
  • Strategies for the CompTIA Security+ Exam: SYS-501 Recorded: Sep 21 2017 58 mins
    Matt Salmon, CyberVista Lead Instructor
    Are you considering in earning the Security+ certification from CompTIA? A new version of the Security+ exam debuts this fall - version SYS-501. In this webinar, cybersecurity training provider, CyberVista, dissects the structure of the new Security+ exam. We will explain the 6 Domains that comprise the test while also providing valuable strategies for test day.
  • Virtual Chief Information Security Officer (VCISO) Recorded: Sep 14 2017 45 mins
    Frank Shirmo, CISSP, CSSLP, PCI-QSA
    Not all organizations have or can afford a full-time Chief Information Security Officer (CISO) to address regulatory compliance, security, and privacy and its impact on the IT infrastructure. Then again, many organizations don’t need a CISO full time, but rather on a more limited basis
  • Understanding the Metasploit Database Recorded: Aug 31 2017 69 mins
    Tyrone E. Wilson - Founder, and CEO of Cover6 Solutions
    We discussed The Metasploit Database. No matter where you are you should have an understanding of your current network environment. One of the best ways to capture, filter, and share network information is with the Metasploit Database. Keynote Speaker(s): Mr. Tyrone E. Wilson – Founder and President of Cover6 Solutions has over 20 years of experience focusing on Information Systems and Network Security. Wilson has extensive expertise in multiple areas of the cyber field including, but not limited to, network defense, cyber threat analysis, penetration testing/vulnerability assessments, and #IPv6. Wilson has a passion for spreading knowledge to all about everything he’s acquired through his years of experience. Disclaimer: Only scan/test network environments in which you have explicit permission to do so. A sample permission memo can be found at Whttp://www.counterhack.net/permission_memo.html
The Security Awareness Certification Company
SCIPP International was formed to develop, define and promote best business practices for security awareness training with a singular focus on increasing understanding and instilling positive behavioral changes as they relate to protecting information assets. SCIPP International was founded in 2006 and relies on a distinguished Board of Advisors which is composed of an international body of information security luminaries, business executives and training professionals from around the globe. Complete biographies and security awareness course offerings for general end-users and web application developers are available on our website: www.SCIPPinternational.org

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Let's talk about OSSTMM with Pete Herzog from inside out
  • Live at: Dec 14 2017 6:00 pm
  • Presented by: Pete Herzog, Managing Director at ISECOM
  • From:
Your email has been sent.
or close