APT Who/What/How + Data Sciences and Cybersecurity

February 21, 2020 by Cynthia Figueroa

Monday March 2nd, 2020 / 6 PM - 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM - 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Our thanks to Vound-Software for sponsoring this months meeting!

Vound Software

Vound is a leading global vendor of technology used for forensic search, e-discovery and information governance. Our software suite is used by the world’s best-known enterprises, banks, law enforcement, and government agencies for compliance verification, internal audits, and criminal and legal investigations.

Our unique technology graphically displays relationships between custodians and electronically stored information, enabling users to drill down through terabytes of data to find and export the most pertinent information. This innovative approach to forensic search helps to significantly reduce the amount of time and money organizations need to carry out compliance and audit requests, digital investigations, and eDiscovery inquiries.

Contact: Jaclyn Clark Sales Support Specialist jaclyn.clark@vound-software.com 480-401-0856

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Review of Community CyberEvents (~5 min)
  • Short presentation by our sponsor, Fortinet (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7:00-8:00 PM]

Advanced Persistent Threats (APTs) and Nation-state APT Groups

Bill Curdby Bill Curd


Our own Dr. Bill Curd has been a pioneer in cybersecurity and related disciplines within global high-tech enterprises for decades. As President of Synesys Group, he is an invited instructor, speaker, analyst, investigator and mentor in cyber security, privacy, national security intelligence and geopolitical matrix – best known for his highly-evaluated CISSP boot camps (next one the week of March 30^(th)).

Less known is his involvement with the intelligence community. He is a frequent mentor for national security intelligence analyst internships including a compartmented one now concerning Counter-Intelligence and occasionally participates in Red Cell exercises for three-letter agencies.

His Top Secret clearance was from the IC. He is a member of the Association of Former Intelligence Officers and FBI InfraGard, and alumni of FBI Citizens’ Academy. Bill is the Qualifying Party for Synesys Group, an AZ PI agency, and an associate of National Security Consulting & Investigations PLLC.

Checkout his extensive professional education, certifications, and affiliations on LinkedIn, and connect with him there if you haven’t already.

John resides in Seattle, Washington, holds a bachelor’s degree in business management, and will obtain his master’s degree in cybersecurity and information assurance in 2020. .


  • What is an APT and an APT group?
  • How are these groups named?
  • To which nation-state do we best attribute each?
  • Whom do each target with what motivations, using what attack vectors?
  • What isn’t an APT (an acceptable excuse for your protections having failed)?
  • Then, we will look at some specific APT activities.

Time permitting, he will put some information concerning Advanced Persistent Threats on Dropbox to be shared for a window of time to those requesting access. Fortunately, a lot of information that we could only initially recover from the Darknet is now easily accessible on Wikipedia, MITRE ATT&CK, FireEye, and Crowdstrike.

At session end, Bill will briefly highlight the cybersecurity certifications that factor most prominently in job postings, their open positions, salaries, etc. For example, the CISSP is the third most requested certification in job postings for all occupations (after PMP and before Automotive Service Excellence).

[8:00-8:45 PM]

A Brief Overview of Data Science and the Intersection with Cybersecurity

by Mark Borbour, founder of Data Science Consulting

(Image Intentionally Pixelated)


Mark is the founder of a Data Science Consulting firm that has served clients in a wide array of Government, Corporate, Non-Profit and Small Business environments. Mark and his colleagues use Data Science to help organizations gather, process and structure data so that meaningful patterns can be analyzed, explored, and communicated to the organization, their stakeholders, clients, and contractors.

He started his career at 19 as a 911 Dispatcher for Phoenix Police Dept. There, he learned how powerful information and communication can be. He developed a curiosity for computer science that ultimately lead to doing freelance IT consulting for JP Morgan Chase, Berkshire Hathaway, and various other regional corporations and small businesses. While working for these companies, Mark's programming skills converged on Data Science to handle the massive amount of information that must be dealt with on a daily basis for these organizations. This lead to an increasing interest alongside the emerging field of Data Science. Seeing how generally useful these tools were, a couple of years ago he switched his business focus from IT to Applied Data Science, and has since served clients in Education, AI-Security Implementation, Politics, and Real Estate.


The amount and importance of data in our daily lives is increasing at an accelerated rate. What are the security implications of large, international, public entities (state actors, corporations, etc) accumulating so much information in such a concentrated and centralized way? What kind of liability becomes apparent when large amounts of data are leaked? Even the most routine, mundane data (in large enough quantities) can be dangerous in very subtle and unpredictable ways. The best method of addressing these concerns is through education and data literacy. Spreading that knowledge will be the primary motivation of this talk.

I will go over the basic Data Science Process, some common industry vocabulary (especially common buzzwords), and provide some additional resources to learn more about Data Science.

[8:45-9:00 PM]


Back to top