2019 November Chapter Meeting
You are invited to The ISSA New England Chapter's 2019 Annual Meeting for a day packed with well-known practitioners in the field of Information Security as well as networking with your peers.
Attendees will earn 4 CPEs
Where: O'Neil Cinemas, 1208 Constitution Ave., Littleton, MA
When: Thursday November 7th, 2019; 10:00 am - 2:30 pm
AGENDA:
10:00 – 10:30 am Registration and networking
10:30 – 11:15 am Keynote: What you Don't Know Can Hurt You by Djilpmh Pi, Author, Security Evangelist
11:30 – 12:15 am Security Considerations when Adopting the Hyperscale Cloud by John Ferrari, Microsoft Cloud Architect
12:15 – 1:00 pm Announcements and Lunch
1:15 – 2:00 pm The US States Privacy Buffet…Too Much to Digest?, by Joe Meyer, Sr. Director of Risk Management & Governance,
NCC group
2:00 – 2:30 pm Interactive Tour of the Dark Web, Brian Roy, Solutions Engineer at Digital Shadows
Speaker bios:
Shadow IT, What you Don't Know Can Hurt You
Djilpmh Pi will talk about his book "Shadow IT, What you Don't Know Can Hurt You". Unhelpfulness from IT resources has driven users to using solutions that with increasing cleverness bypass conventional security and operational restrictions. If you're not already blocking these ShadowIT events in your own organization, you're not looking hard enough. We will explore a few scenarios and look at overall trends in IT such as the increase in Zero Knowledge services.
Djilpmh Pi has been observing and making note of how Shadow IT has proliferated in many areas, and some of the most egregious examples are presented in his book "Shadow IT". While he does support the idea that "there are no stupid questions" he draws the line at "you can do that now?". Well yeah! Instead the question should be framed: is it bad or dangerous to me, how can I stop it, and what needs to be done to head off these situations in the future? Each type of Shadow IT is briefly described, suggestions on how to block it, and some observations to provide context and further background. Hint: company leadership needs to actively guide the vision and direction of how technology will be used, instead of forcing workers and developers creating and using new and innovative products and services to fight with traditional IT and security groups. If that wasted energy were put to collaborative effort everyone could benefit.
For other activities by Djilpmh Pi in the areas of privacy and the legitimate use of TOR see https://about.me/djilpmh .
Security Considerations when Adopting the Hyperscale Cloud
The Talk focuses on Common Cloud Adoption Challenges ranging from Governance, Operations to Security. Core to cloud competencies, Agile and Secops, the speaker will talk about Key Cloud Security Strategies including -
The US States Privacy Buffet…Too Much to Digest?
As security risks to citizens' personal identifying information have increased in recent years, some state legislatures are taking a more active role to require that businesses protect personal information. At least 25 states have laws that address data security practices of private sector entities. Most of these data security laws require businesses that own, license, or maintain personal information about a resident of that state to implement and maintain "reasonable security procedures and practices" appropriate to the nature of the information and to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. In addition to the laws listed here, states also have other data security laws that apply to state agencies or other governmental entities. The number of states with these types of data security laws has doubled since 2016, reflecting growing concerns about computer crimes and breaches of personal information.This session is to help navigate which States “laws” are actually passed, which ones are still in limbo, and what are the common criteria for compliance between them all. Sifting through the Buffet options to find something healthy and appropriate is what we’re looking to walk away with from this session
Joe Meyer, Sr. Director of Risk Management & Governance, QSA, PCIP, HITRUST CSF Assessor, CCSK, CRISC, ISO 27001/2:2013 Certified Lead Implementer; CMS DE, Proxy Auditor. Joe has over 18 years of experience working in the information technology arena. His experience expands across multiple industries including retail, healthcare, finance/banking, pharmaceutical, education, and government. Joe is a current and active member of the Technical Advisory Service for Attorneys (TASA) and was a keynote speaker at the NYC Law Summit on Healthcare Law. In addition, Joe is a panelist for the HHS/ NIST Healthcare Summit. Mr. Meyer is also a recipient of the 2014 Security Insiders Blogger of the Year for his work on Biometric security, and formalizing secure coding training. Joe’s skills are utilized to develop and lead multiple service disciplines and offerings, and for ensuring the quality and timeliness of Consulting services. Joe also provides subject matter expertise to help clients align their security goals with regulatory and industry standards, to include ISO 27001/2, HIPAA/HITECH, PCI DSS, FISMA, FIPS, and SOX
Interactive Tour of the Dark Web
Curious about the dark web but tired of the hype? This session will outline the history of the dark web, some recent trends, and some interesting war stories. Attendees will understand the top use cases of dark web monitoring and be walked through a live tour.
Brian Roy has over 20 years in the US Army both active and reserve. Multiple deployments in support of several campaigns in the global war on terrorism. Been involved with security for over 20 years and cyber security for the past 10 plus years. Passionate about adversarial tactics, travel, and several sports.
Attendees will earn 4 CPEs
Where: O'Neil Cinemas, 1208 Constitution Ave., Littleton, MA
When: Thursday November 7th, 2019; 10:00 am - 2:30 pm
AGENDA:
10:00 – 10:30 am Registration and networking
10:30 – 11:15 am Keynote: What you Don't Know Can Hurt You by Djilpmh Pi, Author, Security Evangelist
11:30 – 12:15 am Security Considerations when Adopting the Hyperscale Cloud by John Ferrari, Microsoft Cloud Architect
12:15 – 1:00 pm Announcements and Lunch
1:15 – 2:00 pm The US States Privacy Buffet…Too Much to Digest?, by Joe Meyer, Sr. Director of Risk Management & Governance,
NCC group
2:00 – 2:30 pm Interactive Tour of the Dark Web, Brian Roy, Solutions Engineer at Digital Shadows
Speaker bios:
Shadow IT, What you Don't Know Can Hurt You
Djilpmh Pi will talk about his book "Shadow IT, What you Don't Know Can Hurt You". Unhelpfulness from IT resources has driven users to using solutions that with increasing cleverness bypass conventional security and operational restrictions. If you're not already blocking these ShadowIT events in your own organization, you're not looking hard enough. We will explore a few scenarios and look at overall trends in IT such as the increase in Zero Knowledge services.
Djilpmh Pi has been observing and making note of how Shadow IT has proliferated in many areas, and some of the most egregious examples are presented in his book "Shadow IT". While he does support the idea that "there are no stupid questions" he draws the line at "you can do that now?". Well yeah! Instead the question should be framed: is it bad or dangerous to me, how can I stop it, and what needs to be done to head off these situations in the future? Each type of Shadow IT is briefly described, suggestions on how to block it, and some observations to provide context and further background. Hint: company leadership needs to actively guide the vision and direction of how technology will be used, instead of forcing workers and developers creating and using new and innovative products and services to fight with traditional IT and security groups. If that wasted energy were put to collaborative effort everyone could benefit.
For other activities by Djilpmh Pi in the areas of privacy and the legitimate use of TOR see https://about.me/djilpmh .
Security Considerations when Adopting the Hyperscale Cloud
The Talk focuses on Common Cloud Adoption Challenges ranging from Governance, Operations to Security. Core to cloud competencies, Agile and Secops, the speaker will talk about Key Cloud Security Strategies including -
- Operational security
- Perimeter security
- Cloud native security solutions
The US States Privacy Buffet…Too Much to Digest?
As security risks to citizens' personal identifying information have increased in recent years, some state legislatures are taking a more active role to require that businesses protect personal information. At least 25 states have laws that address data security practices of private sector entities. Most of these data security laws require businesses that own, license, or maintain personal information about a resident of that state to implement and maintain "reasonable security procedures and practices" appropriate to the nature of the information and to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. In addition to the laws listed here, states also have other data security laws that apply to state agencies or other governmental entities. The number of states with these types of data security laws has doubled since 2016, reflecting growing concerns about computer crimes and breaches of personal information.This session is to help navigate which States “laws” are actually passed, which ones are still in limbo, and what are the common criteria for compliance between them all. Sifting through the Buffet options to find something healthy and appropriate is what we’re looking to walk away with from this session
Joe Meyer, Sr. Director of Risk Management & Governance, QSA, PCIP, HITRUST CSF Assessor, CCSK, CRISC, ISO 27001/2:2013 Certified Lead Implementer; CMS DE, Proxy Auditor. Joe has over 18 years of experience working in the information technology arena. His experience expands across multiple industries including retail, healthcare, finance/banking, pharmaceutical, education, and government. Joe is a current and active member of the Technical Advisory Service for Attorneys (TASA) and was a keynote speaker at the NYC Law Summit on Healthcare Law. In addition, Joe is a panelist for the HHS/ NIST Healthcare Summit. Mr. Meyer is also a recipient of the 2014 Security Insiders Blogger of the Year for his work on Biometric security, and formalizing secure coding training. Joe’s skills are utilized to develop and lead multiple service disciplines and offerings, and for ensuring the quality and timeliness of Consulting services. Joe also provides subject matter expertise to help clients align their security goals with regulatory and industry standards, to include ISO 27001/2, HIPAA/HITECH, PCI DSS, FISMA, FIPS, and SOX
Interactive Tour of the Dark Web
Curious about the dark web but tired of the hype? This session will outline the history of the dark web, some recent trends, and some interesting war stories. Attendees will understand the top use cases of dark web monitoring and be walked through a live tour.
Brian Roy has over 20 years in the US Army both active and reserve. Multiple deployments in support of several campaigns in the global war on terrorism. Been involved with security for over 20 years and cyber security for the past 10 plus years. Passionate about adversarial tactics, travel, and several sports.
Presentation slides - see below for PDF's of the presentations.
|
|
| ||||||
