Lunch and Learn

Looking for an opportunity to connect with and learn alongside other IT and security leaders? Our lunch and learns are small casual gatherings focused on a targeted cybersecurity topic. We offer diverse topics to serve the needs of individuals with different responsibilities in respective security roles. Registration for upcoming lunch and learns is available below.

Alias is committed to educating and empowering individuals and organizations to understand and implement best practices in cybersecurity. We host events to share our expertise and experience with industry professionals and students. We conduct trainings to help bolster a more technically equipped and adept IT industry in Oklahoma.

March 16 Lunch and Learn

Penetration Tests: What They Are and Why Organizations Need Them

Taught by: Robert Leasure, Security Engineer

Every network has vulnerabilities. Automated tools can scan for known network vulnerabilities, providing your organization with basic information about your threat landscape. But automated tools can’t always tell you what vulnerabilities are most vulnerable to exploit. They can’t tell you how an attacker can leverage reportedly minor vulnerabilities to leverage major exploits. And they can’t tell you the vulnerabilities they aren’t programmed to detect.

Enter the ethical hacker. For our security engineers, the automated tools are only the beginning. They take those results and explore which vulnerabilities are most prevalent and most critical on your network. They use access originally gained to move laterally across the network and escalate privileges.

Our engineers go further. They investigate what a tool can’t catch. Their in-the-field experience with breaches and incident response has equipped them to utilize cutting-edge attack methods before they are turned into industry standard testing procedures.

In this Lunch and Learn, we will cover what a penetration test is, what differentiates one from other vulnerability assessments, and why organizations benefit from conducting them. This talk will cover both general principles and specific applications with real-world case studies.

March 28 Lunch and Learn

FTC Safeguards Rule: What Your Organization Needs to Know

Taught by: Jonathan Kimmitt, CISO

Many organizations are not fully aware of the regulatory requirements and corresponding legal risks related to protecting customer information. Many, therefore, do not have sufficiently comprehensive or detailed policies and procedures in place to meet compliance and ensure consumer information confidentiality and integrity. Is your organization aware and prepared?

The Federal Trade Commission’s Standards for Safeguarding Customer Information – the Safeguards Rule, for short – lays out the industry standard to ensure that entities maintain safeguards to protect customer information security.

The Safeguards Rule requires organizations to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards to protect customer information.

The Rule defines customer information to mean “any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.”

The Rule therefore covers information not only about your own customers but also customers of other organizations that have provided that data to you.

Higher Education

The FTC Safeguards Rule can pose particular challenges for higher education institutions. The FTC Safeguards rule requires organizations to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards to protect customer information.

Higher education institutions collect, store, and utilize significant amounts of information from a diversity of individuals - students, families, employees, donors, funding agencies, etc. - across multiple academic departments and organizational divisions. Understanding and applying the standards of the FTC Safeguards rule can be complex.

This is a deep-dive Lunch and Learn. Not only will we review the FTC Safeguards Rule and its impact for your organization, we’ll also discuss specific applications and necessary implementations. This is an opportunity to learn with and work alongside other information security professionals to help ensure your organization and the broader higher education community is compliant and secure.