ISSA-NE.org
  • Home
  • Events
    • June 2022 Webinar
  • Sponsors
    • Cybereason
    • Sayers
    • digital shadows
    • Semperis
    • knectIQ
  • Call for Speakers
  • About
  • Archive
    • 2022 Archive
    • 2021 Archive >
      • May 2021 Webinar
      • ISSANE at SecureWorld
      • Feb 2021 Webinar
    • 2020 Archive >
      • December 2020 Virtual ISSA NE Members-Only Roundtable
      • November 2020 Virtual ISSA NE Annual Meeting
      • 2020 October ISSA NE Red Team Hunt
      • Virtual 4th Annual Boston Cyber Security Summit - Nov. 5, 2020
      • 2020 September Webinar
      • Cyber Security Summit POWERHOUR - July 2020
      • 2020 June Webinar
      • 2020 May Webinar
      • 2020 April Webinar
      • 2020 February Zoom Meeting
      • SkiCon New England - Feb. 2020
    • 2019 Archives >
      • ISSA NE December 2019 Members-Only Roundtable
      • SANS Boston event - April 2019
      • 2019 November Chapter Meeting
      • 2019 ISSA NE February Tech Talk
      • 2019 May Chapter Meeting
      • 2019 July Chapter Meeting
      • ISSA NE Chapter Meeting at SecureWorld Boston
      • Cloud Security Alliance 2019 Boston Chapter Forum
      • October 2019 Cybereason event > Prevent Cyber Stalking
      • 2019 SecureWorld Boston
    • 2018 Archives >
      • 2018 November 7 Chapter Meeting
      • 2018 Cybereason > The AI Hunting Tour
      • 2018 September Chapter Meeting
      • 2018 ISSA NE Briefing
    • 2017 Archives >
      • 2017 Annual Chapter Meeting & 30th Anniversary Celebration
      • 2017 September Chapter Meeting
      • 2017 Annual Sponsor Expo and Chapter Meeting
      • 2017 April Chapter Meeting
      • 2017 March ISSA-NE Breakfast and Presentation at SecureWorld
  • Contact

2019 November Chapter Meeting

You are invited to The ISSA New England Chapter's 2019 Annual Meeting for a day packed with well-known practitioners in the field of Information Security as well as networking with your peers. 

Attendees will earn 4 CPEs

Where:        O'Neil Cinemas, 1208 Constitution Ave.,  Littleton,  MA
When:         Thursday November 7th, 2019; 10:00 am - 2:30 pm

AGENDA:
10:00 – 10:30 am         Registration and networking
10:30 – 11:15 am         Keynote: What you Don't Know Can Hurt You by  Djilpmh Pi, Author, Security Evangelist
11:30 – 12:15 am         Security Considerations when Adopting the Hyperscale Cloud by John Ferrari, Microsoft Cloud Architect
12:15 – 1:00 pm            Announcements and Lunch
1:15 – 2:00 pm               The US States Privacy Buffet…Too Much to Digest?, by Joe Meyer, Sr. Director of Risk Management & Governance,
                                                 NCC group 
2:00 – 2:30 pm                Interactive Tour of the Dark Web, Brian Roy, Solutions Engineer at Digital Shadows

​Speaker bios:


Shadow IT, What you Don't Know Can Hurt You

Djilpmh Pi will talk about his book "Shadow IT, What you Don't Know Can Hurt You".  Unhelpfulness from IT resources has driven users to using solutions that with increasing cleverness bypass conventional security and operational restrictions. If you're not already blocking these ShadowIT events in your own organization, you're not looking hard enough.  We will explore a few scenarios and look at overall trends in IT such as the increase in Zero Knowledge services. 

Djilpmh Pi has been observing and making note of how Shadow IT has proliferated in many areas, and some of the most egregious examples are presented in his book "Shadow IT". While he does support the idea that "there are no stupid questions" he draws the line at "you can do that now?". Well yeah! Instead the question should be framed: is it bad or dangerous to me, how can I stop it, and what needs to be done to head off these situations in the future? Each type of Shadow IT is briefly described, suggestions on how to block it, and some observations to provide context and further background. Hint: company leadership needs to actively guide the vision and direction of how technology will be used, instead of forcing workers and developers creating and using new and innovative products and services to fight with traditional IT and security groups. If that wasted energy were put to collaborative effort everyone could benefit.
For other activities by Djilpmh Pi in the areas of privacy and the legitimate use of TOR see https://about.me/djilpmh .

Security Considerations when Adopting the Hyperscale Cloud
The Talk focuses on Common Cloud Adoption Challenges ranging from Governance, Operations to Security. Core to cloud competencies, Agile and Secops, the speaker will talk about Key Cloud Security Strategies including -
  • Operational security
  • Perimeter security
  • Cloud native security solutions
John Ferrari is a Cloud Architect responsible for enabling cloud strategy and adoption for Microsoft’s U.S. Financial Accounts. Having worked with cloud technologies for over a decade, he has experienced the evolution of the industry and maintains deep technical expertise with its current state of maturity. John has helped many enterprise organizations realize value from various technology and business scenarios through cloud-based solutions serving as a technology advisor on digital transformation projects large and small. John Ferrari worked as the VP of Consulting Services for Greystone Solutions, and was responsible for managing the full portfolio of technology projects, establishing new business, and developing new practice areas for the company including establishing a cloud service provider and managed services practice.John remains a passionate sports fan after playing college football, and now enjoys playing soccer and basketball with his children.

The US States Privacy Buffet…Too Much to Digest?
As security risks to citizens' personal identifying information have increased in recent years, some state legislatures are taking a more active role to require that businesses protect personal information. At least 25 states have laws that address data security practices of private sector entities. Most of these data security laws require businesses that own, license, or maintain personal information about a resident of that state to implement and maintain "reasonable security procedures and practices" appropriate to the nature of the information and to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. In addition to the laws listed here, states also have other data security laws that apply to state agencies or other governmental entities. The number of states with these types of data security laws has doubled since 2016, reflecting growing concerns about computer crimes and breaches of personal information.This session is to help navigate which States “laws” are actually passed, which ones are still in limbo, and what are the common criteria for compliance between them all.  Sifting through the Buffet options to find something healthy and appropriate is what we’re looking to walk away with from this session

Joe Meyer, Sr. Director of Risk Management & Governance, QSA, PCIP, HITRUST CSF Assessor, CCSK, CRISC, ISO 27001/2:2013 Certified Lead Implementer; CMS DE, Proxy Auditor. Joe has over 18 years of experience working in the information technology arena. His experience expands across multiple industries including retail, healthcare, finance/banking, pharmaceutical, education, and government. Joe is a current and active member of the Technical Advisory Service for Attorneys (TASA) and was a keynote speaker at the NYC Law Summit on Healthcare Law. In addition, Joe is a panelist for the HHS/ NIST Healthcare Summit. Mr. Meyer is also a recipient of the 2014 Security Insiders Blogger of the Year for his work on Biometric security, and formalizing secure coding training. Joe’s skills are utilized to develop and lead multiple service disciplines and offerings, and for ensuring the quality and timeliness of Consulting services. Joe also provides subject matter expertise to help clients align their security goals with regulatory and industry standards, to include ISO 27001/2, HIPAA/HITECH, PCI DSS, FISMA, FIPS, and SOX

Interactive Tour of the Dark Web
Curious about the dark web but tired of the hype? This session will outline the history of the dark web, some recent trends, and some interesting war stories. Attendees will understand the top use cases of dark web monitoring and be walked through a live tour.
​
Brian Roy has over 20 years in the US Army both active and reserve. Multiple deployments in support of several campaigns in the global war on terrorism. Been involved with security for over 20 years and cyber security for the past 10 plus years. Passionate about adversarial tactics, travel, and several sports.
Presentation slides - see below for PDF's of the presentations.
digital_shadows_the_dark_web.pdf
File Size: 3274 kb
File Type: pdf
Download File

ncc_group_presentation_privacy_buffet002.pdf
File Size: 1147 kb
File Type: pdf
Download File

shadowit-issane-2019nov7a.pdf
File Size: 312 kb
File Type: pdf
Download File

Powered by Create your own unique website with customizable templates.
  • Home
  • Events
    • June 2022 Webinar
  • Sponsors
    • Cybereason
    • Sayers
    • digital shadows
    • Semperis
    • knectIQ
  • Call for Speakers
  • About
  • Archive
    • 2022 Archive
    • 2021 Archive >
      • May 2021 Webinar
      • ISSANE at SecureWorld
      • Feb 2021 Webinar
    • 2020 Archive >
      • December 2020 Virtual ISSA NE Members-Only Roundtable
      • November 2020 Virtual ISSA NE Annual Meeting
      • 2020 October ISSA NE Red Team Hunt
      • Virtual 4th Annual Boston Cyber Security Summit - Nov. 5, 2020
      • 2020 September Webinar
      • Cyber Security Summit POWERHOUR - July 2020
      • 2020 June Webinar
      • 2020 May Webinar
      • 2020 April Webinar
      • 2020 February Zoom Meeting
      • SkiCon New England - Feb. 2020
    • 2019 Archives >
      • ISSA NE December 2019 Members-Only Roundtable
      • SANS Boston event - April 2019
      • 2019 November Chapter Meeting
      • 2019 ISSA NE February Tech Talk
      • 2019 May Chapter Meeting
      • 2019 July Chapter Meeting
      • ISSA NE Chapter Meeting at SecureWorld Boston
      • Cloud Security Alliance 2019 Boston Chapter Forum
      • October 2019 Cybereason event > Prevent Cyber Stalking
      • 2019 SecureWorld Boston
    • 2018 Archives >
      • 2018 November 7 Chapter Meeting
      • 2018 Cybereason > The AI Hunting Tour
      • 2018 September Chapter Meeting
      • 2018 ISSA NE Briefing
    • 2017 Archives >
      • 2017 Annual Chapter Meeting & 30th Anniversary Celebration
      • 2017 September Chapter Meeting
      • 2017 Annual Sponsor Expo and Chapter Meeting
      • 2017 April Chapter Meeting
      • 2017 March ISSA-NE Breakfast and Presentation at SecureWorld
  • Contact