Focus on real-time, actionable threat intelligence and defense to advance Cybersecurity Science
The tools necessary to protect & defend your network
Education and information sharing advancing the Cybersecurity discipline
What is the NorSec ISAO?

The NorSec ISAO (Information Sharing & Analysis Organization) was formed to operate as a Not-for-Profit organization to support and implement: Section 3 of Executive Order 13691 “Promoting Private Sector Cybersecurity Information Sharing”, PPD-21 "Critical Infrastructure Security and Resilience" and Executive Order 13363 "Improving Critical Infrastructure Cybersecurity". Our mission is to advance all aspects of security, technology, organizational resiliency and security standards, and further to support the National Technology Transfer and Advancement Act of 1995.

"With extensive Threat Intelligence and Security Research and relationships [...], NorSec is fast becoming a highly effective information sharing organization."
- Minnesota National Guard Colonel to Council of Governors on Sharing Cybersecurity Information

We believe this can be accomplished through these core approaches;

  • Advance all aspects of security, technology and organizational resiliency through; skill building technology education and training, facilitated forums, security research, and development of tools and techniques
  • Improve the response time to attacks through community sharing of indicators of compromise, malfeasance, attempt origins and patterns to build collective herd immunity to attacks
  • Bring together a community of public, private and community members to participate through our network of Working Board Members and NorSec Community Members
  • NorSec and our Working Board Members support our educational partners: Security B-Sides MSP, the Cyber Security Summit, Metro State University, Sheridan College, the SANS Institute and ISACA MN

    The NorSec Corp, a not for profit corporation, is applying for IRS 501(c)(3) status under the Scientific, Educational and Charity clauses in support of National Security.

    How does NorSec work?

    NorSec brings technical tools, scientific research and education to the security community. Through our educational partnerships, threat intelligence seminars, and tool building we seek to improve the executive decision making process, and decrease the time to respond to organizational threats and malfeasance through our research.

    NorSec has built tools to analyze and integrate a resource that most organizations have in abundance, logs. These are used to identify potential threats and through our partner the threat clearing house ThreatConnect, correlate threat vectors (indicators of compromise) to threat actors and determine attack campaigns.

    While these tools are currently in production with several organizations, as they mature they'll be provided as free open source security tools for the NorSec community and security community at large. Some of our existing tools authored by Working Board Members include:

  • WST: Malware Analysis Scanner designed to detect unknown malware
  • Dishwasher: Heuristic anti-virus scanner designed for large file servers
  • DBLFW: Distributed blacklist based on non-RFC compliant source host behavior, which integrates with Linux host firewalls
  • We're currently building tools to integrate the ThreatConnect API feed with various operating systems both to pull and push indicators of compromise to the NorSec Community. These are being based on the TAXII (Trusted Automated eXchange of Indicator Information) & STIX (Structured Threat Information eXpression) data formats by the MITRE Corporation.

    Through our relationship with ThreatConnect we are able to quickly take active threats presented through phishing campaigns, network malfeasance and attack patterns and push them out to the community in real-time providing near instant detection and blocking of active threat actors.

    Who are we?
    Executive Director
  • Ron Fresquez
    • CEO/Founder of ZSkills Corp providing vetted mainframe talent to the largest and most successful mainframe users in North America. Through its exclusive partnership with IBM Academic Initiative System z.
    • CEO/Founder of The Open Source Technology Alliance (TOSTA) Information Security Training Services a collaborative exchange for Private and Public Sector organizations and Educational Institutions interested in furthering their knowledge and understanding of Open Source Software and Information Security
    • Master of Ceremonies for Security B-Sides MSP 2014 and 2015
    • Advisory Board Member for the Cyber Security Summit 2013-2015
    • Chair of the (ISC)2 Twin Cities Education Committee
    • Board Member and Chair of the Upper Midwest Security Alliance Education Committee
    • Member of the Board of Directors for Net Impact
  • David La Belle
    • Co-Coordinator & Outreach for Security B-Sides MSP 2015 and Safety Team Lead for Security B-Sides MSP 2014
    • Advisory Board Member for the Cyber Security Summit 2015
    • Business Systems Analyst with US Bancorp Asset Management, where he maintains the back end of various enterprise level financial systems
    • A United States Marine Corps. veteran, during his service he was tasked with various rolls within the technology field for Department of Defense (DOD), aviation, and civilian systems. He was responsible for managing more than 1 million dollars in assets spread across several continents, serving two tours in Iraq.
  • Working Board Members
  • Lance James - Director of Intelligence
    • Head of Cyber Intelligence at Deloitte & Touche
    • Consulting Detective for unit221b
    • Over fifteen years of experience in programming, network security, digital forensics, malware research, cryptography design, cryptanalysis, counterintelligence, and protocol exploitation. He provides advisory services to a wide range of government agencies and Fortune 500 organizations including America’s top financial services institutions. Credited with the identification of Zeus and other malware, James is an active contributor to the evolution of security practices and counterintelligence tactics and strategies.
  • David Ford
    • Linux Kernel Hacker since before version 1.0.0, computer and network security auditor, digital forensics, and software engineer for two decades, developer for Blue Labs Software including "Dispatch Buddy" for Emergency Services, the nss_pgsql library for PostgreSQL authentication and many more.
    • United States Air Force Veteran during which time he received the Meritorious Service Medal and Outstanding Achievement ribbons. He is a former Lieutenant at South Meriden Volunteer Fire Department where he served as a Firefighter and Emergency Medical Technician.
  • Eileen Manning
    • President & CEO, The Event Group, Incorporated
    • Executive Producer, Cyber Security Summit
    • A 30-year executive specializing in marketing and event management. She has served with a top advertising agency and spent over a decade in management at a Fortune 100 financial institution producing hundreds of business conferences
    • In 2014 Eileen was an honoree of the Women in Business Award presented by the Minneapolis/St. Paul Business Journal and in 2015 as an honoree of the Progress Minnesota Award presented by Finance & Commerce
  • Ian Whiting
    • CEO & Founder, Titania (United Kingdom)
    • Creator of Nipper Studio
    • Accredited by CESG for his security and team leading expertise for over 5 years.
    • Advisor to Financial, Telecommunications, IT Security, Government and Defense industries
  • Matthew J. Harmon - Chair
    • Principal Consultant and Security Researcher for IT Risk Limited, LLC
    • Former CTO, CISO and Consultant for Q.E.D. Systems where he served from 1998-2014 as United States National Body Liaison to ANSI, ISO, ITU
    • Advisory Board Member for the Cyber Security Summit 2013-2015
    • Instructor and Mentor for the SANS Institute, teaching two DoD 8570 approved security courses for the SANS Institute including Security Essentials (SEC 401 for the GSEC) and Hacker Tools, Techniques, Exploits and Incident Handling (SEC 504 for the GCIH) as well as Hacker Guard for IT Operations (Security) Baselining (SEC 464) course.
    • Professional Advisory Committee member for Sheridan College’s Bachelor of Applied Information Sciences Information Systems Security “BAISc(ISS)” Program and Saint Paul College’s Cyber Security Associates of Applied Sciences program.
  • Contact Us

    Email [email protected] and one of our members will contact you.

    Subscribe for NorSec Updates

    * indicates required