2020 November Virtual ISSA NE Annual Meeting
You are invited to the Virtual ISSA New England Chapter's 2020 Annual Meeting.
Attendees will earn 3 CPEs
When: Thursday November 19th, 2019, 12 pm – 3 pm
Where: Registration Link
After registering, you will receive a confirmation email containing information about joining the meeting.
12:00 – 12:05 Chapter Intro and Agenda
12:05 – 1:00 Convergence and Divergence: The Security roles of the future and the past by Marc French, CISO and Managing Directory Product Security Group
1:00 – 1:45 Champions, the foundation to Application Security Programs by Jeremiah Salamon, Bain&Company
1:45 – 2:30 How SOC 2.0 can strengthen your security program by David Dwumah, CEO BluNorth
2:30 - 3:00 The State of Ransomware by Spencer McLain, Systems Engineer, CyberReason
Topic: Convergence and Divergence: The Security roles of the future and the past
Speaker: Marc French
Security is everchanging. From a single discipline 30 years ago to the multitude of roles of today and beyond. This session will discuss the joiners, leavers, and transfers in security roles & responsibilities. The talk is meant for anyone considering whats next for them and looking for new opportunities to pursue and those to avoid.
About Marc French
Marc French has more than 25 years of technology experience in engineering, operations, product management, and security. Prior to his current role at CISO at Product Security Group, Marc was the SVP & Chief Trust Officer at Mimecast, Inc. and has held a variety of senior security roles at Endurance/Constant Contact, EMC/RSA, Iron Mountain, Digital Guardian, and Dun & Bradstreet.
With all this security experience, Marc has created a series of career ladders to help guide infosec professionals with their job journey, including the illustrious CISO position. We will also cover whether you really want to be a CISO.
Topic: Champions, the foundation to Application Security Programs
Speaker: Jeremiah Salamon
Building an Application Security Program can be a monumental task in a large organization that comes with not only the complexities of application security but also the complexities of organizational structure. Those barriers can be broken down by leveraging the individuals closest to the development of the applications as champions of security.
Responsible for building out an Application Security Program at the management consulting firm he works for, Jeremiah will share his experiences, what worked and what hasn't, in developing a champion driven program. Focusing on collaborating with the development teams to build an SSDLC, train developers, and enable automation, all of which empowers them to successfully build more secure applications.
About Jeremiah Salamon
Jeremiah is an experienced Information Security professional who currently leads an architecture & engineering team at a management consulting firm. Jeremiah's primary focus is on building secure application & cloud standards to support the organization continued growth in the cloud.
Jeremiah believes that a comprehensive information security program must be at the heart of any organization for the organization to be successful in providing dependable services to their customers and employees.
Jeremiah has worked in small business, and in large enterprise environments containing regulated data, regardless of the organizations size, Jeremiah has pushed the importance of information security being at the core of the organization.
Topic: How SOC 2.0 can strengthen your security program
Speaker: David Dwumah
Attendees will learn what Service Organization Control (SOC) Reports are, their benefits, their history, why they are key to the success of any security programs, and tips on how to quickly evaluate a vendor's SOC 2’s to add business value to your organization. See below for Tentative Learning Objectives.
• Why Service Organization Control (SOC) Reports are and should be CRITCAL component of every Security Program
• Cover a brief History of Service Organization Control (SOC) Reporting
• Provide an overview of the different types of SOC Reports (SOC 1, 2, 3)
• Walkthrough how to conduct a Rapid Review of SOC 2 Report
About David Dwumah
David Dwumah is the CEO of Blu North Group, LLC a Technology Risk and Cybersecurity services firm he co-founded in 2016. He has over 18 years of cross-functional expertise in auditing, cybersecurity, technology risk management, and cyber regulations.
In 2019, David was recruited to successfully build out the first formal Security Program for Vistaprint, a $1.5 Billion global e-commerce company. From 2010 to 2015, David held leadership roles at Citizens Bank where he drove the maturity for various cyber and technology risk efforts to meet key business objectives. This included spearheading efforts to mature the bank’s IT GRC program that was critical to its subsequent initial public offering (IPO). From 2005 to 2010, David led, managed, and operationalized strategic technology audits and risk management reviews for Critical National Infrastructure (CNI) and digital transformation initiatives within the Federal Reserve and on behalf of the US Department of Treasury. David began his career in 2002 with Ernst & Young's Financial Services practice.
David serves on the Product Advisory Board of a cyber risk management startup and part of the Founding Team of FinTech startup. He serves as the Treasurer and is on the Board of Directors of ISSA New England.
David is a CPA and holds the CISA certification. He has a Master’s in Accounting from the University of Notre Dame and a Master of Science in Information Systems from Baylor University. He earned his Bachelor’s from the University of North Florida. In his spare time, David can found racing RC cars or enjoying good Southern Barbeque.
The State of Ransomware by Spencer McLain, Systems Engineer, CyberReason
Ransomware continues to evolve and despite what many in the industry had thought was a lull in the use of ransomware by cyber criminals; it hasn’t gone away and has returned with a vengeance. The “tried and true” source of revenue, projected at $17B in 2020, for cyber criminals now comes with capabilities and new tactics to ensure money is paid by the victims it has been inflicted upon.
Some highlights from this discussion will include:
- Evolution of ransomware
- Current trends and new tactics
- Lessons from the field
- How to better protect your organization from ransomware