2018 September Chapter Meeting
You are invited to The ISSA New England Chapter's 2018 Chapter Meeting for a morning packed with well-known practitioners in the field of Information Security as well as networking with your peers.
Attendees will earn 4 CPEs
Where: Boston Children’s Museum, 308 Congress St, Boston, MA 02210
When: Tuesday September 25th, 2018
8.00am – 8.30am Welcome and breakfast
8.30am – 9.20am Improving Operations without Technology by Mark Abrams
9.25am – 10.15am Align and Prioritize Your Cyber Risk Program Strategy by John Mumford, Fellsway Group,
10.30am – 11.15am Hacking Your Enterprise by Reversing Engineering Your Mobile Apps by Tony Ramirez, Nowsecure
11.20am – 12.15pm I Know Your Password by Patrick Laverty, Rapid 7
12.15pm – 12.30pm Closing Comments
Improving Operations without Technology by Mark Abrams
Mark Abrams is a certified Lean Six Sigma Black Belt with over 14 years of experience improving processes in a variety of areas including: HR/Payroll, Call Centers, Warehouse Operations, Clean Room Manufacturing, Supply Chain, IT Help Desk, Professional Services and Security Operations Centers. He most recently spent 5 years at Akamai Technologies in Cambridge, Massachusetts, three of which were spent improving operations in their Professional Services and Global Security Operations Centers. He is a certified Lead Auditor for ISO 9001 and 27001. Mark is also the Chair of the American Society for Quality’s Government Division.
In today’s fast paced Network, Security Operations and IT environments, management faces a myriad of challenging scenarios that impact everything about their operation. Transactions overwhelm staff, operational risk increases each day and operational costs continue to rise as employee burnout also increases. As such, it’s easy for management to turn to technology solutions to help improve their operations. What’s often forgotten about in complex technology environments are people, processes and communication.
Align and Prioritize Your Cyber Risk Program Strategy by John Mumford, Fellsway Group
John Mumford, Director Global Security for Fellsway Group. John has extensive experience in Cyber Security program development, program strategy, implementation and management for multiple security solutions. John is on advisory boards for leading Cyber Security product vendor in GRC, IAM and Advanced Security analytics.
In today’s complex business environment, a comprehensive cyber risk management program based on your specific business and your unique brand is essential. In cybersecurity and cyber risk management, one size does not fit all. Every business is unique, with their own strategy, their own identity, and their own tolerance for risk. Fellsway Group’s belief is that all cyber risk management activities should be prioritized and aligned to the corporate strategy. We believe organizations need to create a culture of awareness and accountability to effectively protect their Brand. By quantifying cyber risk and putting risk decisions into business process owner’s hands, we can create your “Pathway to Risk Intelligence.”
Hacking Your Enterprise by Reversing Engineering Your Mobile Apps by Tony Ramirez, Mobile Security Analyst, NowSecure
As mobile security analyst at NowSecure, Tony Ramirez consults with customers and performs mobile app penetration testing of iOS and Android apps as part of the NowSecure Services team. Tony holds a master's degree in cyber forensics and security from Illinois Institute of Technology.
In this eye-opening session, Tony will uncover and expose how attackers identify and exploit mobile app security vulnerabilities in commercial and custom mobile apps to compromise your enterprise. Through a series of live scenarios using open source and commercial tools from the attacker POV, Tony will crack and exploit vulnerabilities in mobile apps to show how attackers steal sensitive data and gain access to systems…and then share best practices on how to protect yourself and your enterprise. Don't miss this event!
I Know Your Password by Patrick Laverty, Rapid 7
Patrick Laverty is a security consultant for Rapid7. Patrick works from home in Lincoln, RI where he is a penetration tester. He tests computer networks of all kinds and sizes, as well as web, API and mobile applications. He runs the Rhode Island based DefCon 401 group and created the Layer 8 social engineering conference held in Newport, RI in June.
Passwords can be the "keys to the kingdom". If you're only using passwords to access systems, you're trusting the strength of passwords to protect this access. Through research, Patrick has seen trends and patterns in the passwords that people choose. On nearly every penetration test, he can guess at least one user's password. With that single point of access, an attacker can then try to escalate privileges through the network. Patrick will show the research he has been doing about these password patterns as well as show you how you could get started in doing the same, along with some tips and tricks to speed up the process.
Presentation slides - see below for PDF's of the presentations.