Upcoming Chapter & Industry Events
ISSA NE Chapter's Upcoming Meeting Schedule
November
Annual meeting & Sponsor Showcase
When: Thursday November 14th, 2024, 10am – 4:00pm
Where: The Connors Center, 20 Glen St., Dover, MA
Attendees will earn 4 CPEs
After registering, you will receive a confirmation email.
Agenda at a glance
09.00 – 10.00 Registration and Coffee - Sponsor Table Visits
10.00 – 10.15 Welcome and Chapter Intro by Larry Drolet
10.15 – 11.00 Keynote: Navigating Career Uncertainty in Cybersecurity by Marc French
11.00 – 11.45 Demystifying Threat Modeling by Matthew Coles
11.45 – 1.15 Lunch, Networking and Sponsor Showcase
1.15 – 2.00 Unlocking the Trump Shooter’s Phone: Mobile authentication in 2024 by Dan Bailey
2.00 – 2.15 Bridgewater Cyber Range by David Dumas and Michelle Stanfield
2.15 - 2.30 Networking Break
2.30 – 3.15 Uniting Together Against Hackers by Justin Armstrong
3.15 – 3.45 Trust & Safety: Building the Arch of Organizational Integrity by Sean Edwards
3.45 - 4.00 Closing and Thanks
Agenda & Speaker detail
Topic: Navigating Career Uncertainty in Cybersecurity
Speaker: Marc French
The past 18 months have brought unprecedented work challenges in cybersecurity, especially for mid-career professionals. This talk explores the latest hiring/career trends across various industries,
company sizes, and geographies, shedding light on the largest hiring downturn in the last 20 years within the field.
Equipped with this background, we’ll introduce Version 2 of the open-source Career Ladders tool. The talk will break down career stages, salary bands, and the functional skills for a variety of cybersecurity
roles. Whether you are starting out or in mid-career, the tool is here to help you get a clear picture of where you are and where you're headed, so you can continue moving toward your security career goals regardless of what may be changing in the field.
Bio: Marc French is the CISO and Managing Director of the Product Security Group. A product professional turned security leader, Marc has more than 30 years in software engineering, product management, and security. Prior to founding PSG, Marc has held a variety of senior roles at EMC/RSA, Iron Mountain, Constant Contact, Mimecast, and Dun & Bradstreet.
Marc is active in the local security & business community and actively speaks at conferences in the US and abroad.
With a passion for growing the future leaders within security, he leads the open sourced infosec career ladders and runs a one-on-one mentoring program for students and mid-career professionals.
Topic: Demystifying Threat Modeling
Speaker: Matthew Coles
Threat modeling is a crucial activity in any system lifecycle for ensuring a secure-by-design and secure-by-default outcome. This activity is not hard to do but can be met with uncertainty about its value or what is needed to get started. In this presentation we will demystify the activity of threat modeling. We will cover the basic process of threat modeling, some of the frameworks and resources available to perform this analysis, and include some governing principles for achieving success.
Bio: Matthew Coles is a product security architect and secure systems engineering leader for connected devices and the ecosystems and processes that create, enable, and support them. He co-authored a helpful guide to threat modeling for developers, is among the team of experts who developed the Threat Modeling Manifesto and Threat Modeling Capabilities, and is active in initiatives including OWASP, OpenSSF, and MITRE's CWE/CAPEC community initiatives. Matt holds a CSSLP certification from ISC2 and is a frequent conference presenter on threat modeling and other security lifecycle topics.
Topic: Unlocking the Trump Shooter’s Phone: Mobile Authentication in 2024
Speaker: Dan Bailey
In light of the recent successful scramble to unlock the Trump shooter's phone, we present a guide to the real-world security of mobile-device unlock authentication. How secure are various knowledge-based unlock schemes? We present the results of rigorous research into 4- vs. 6-digit PINs, passwords, and others, explaining why these are believed to be secure and the underlying assumptions. We investigate claims by news outlets that FBI purchased an exploit that enabled them to guess the shooter's PIN in 40
minutes. We square these approaches with alleged leaked vulnerabilities-for-sale and provide specific actionable advice to protect mobile devices from these brute-force guessing attacks.
Bio: Dan earned his Ph.D. in 2023, with his dissertation focusing on the risks of practical attacks on mobile-phone unlock schemes. He conducted user studies to evaluate the actual risks that can be expected, and presented on this topic to international audiences in an accessible manner for the
non-specialist. In addition, Dan has more than 25 years' experience in application security translating insights into actionable methods, policies, and guidelines in software development organizations large and small. Working closely with development teams to solve difficult problems, Dan invented new approaches that led to more than 50 US patents issued.
Topic: Uniting Together Against Hackers
Speaker: Justin Armstrong
Would you like to be able to gain long term allies among executives, developers, sales, and other parts of your organization?
In this session, you will learn several practical points so that you can be more effective when you
● Communicate risk
● Ask for resources
● Herd Cats! (Work with Developers and Engineers)
This session is crammed with real life examples and the lessons derived from them. Justin will draw on his experience in developing security programs from the ground up, as well as lessons learned from the nearly 100 ransomware incidents at Hospitals where he was engaged.
Bio: Justin Armstrong has over 25 years of Healthcare IT and Software Development experience. Through relationship building and collaboration, he significantly shifted the culture at MEDITECH so that Security became a priority for everyone.
Justin led major changes in Product and Cloud Security at MEDITECH — a top tier Electronic Health Record (EHR) vendor — at a pivotal moment for Healthcare. He ensured that MEDITECH’s first cloud hosted EHR was architected and managed securely, and led the ISO 27001, 27017, 27018 certification. Justin also oversaw security and compliance efforts for MEDITECH’s web based EHR, REST APIs, Patient Portal, Telehealth, electronic prescribing, and more. Under Justin’s guidance Security was built into the Software Development Life Cycle.
Justin has been involved in nearly 100 ransomware incidents at Hospitals and is well known in the Healthcare Security community. Seeing the worsening cybersecurity crisis in Healthcare IT in 2015, he devoted significant effort to outreach — providing Hospitals with actionable information about the latest threats. Justin is a working member of the IEEE SA-2933 working group, creating a standard for Clinical Internet of Things (IoT) Data and Device Interoperability.
Topic: Trust & Safety: Building the Arch of Organizational Integrity
Speaker: Sean Edwards
This presentation introduces a framework that views trust and safety as twin pillars supporting organizational integrity. Drawing from Honest Security principles, it explores how balancing transparent stakeholder communication with robust security practices creates a resilient security culture. The talk will demonstrate how aligning security with organizational values, fostering positive team relationships, and empowering informed decision-making can strengthen both pillars, ultimately reinforcing the entire structure of organizational trust and safety.
Bio: Sean Edwards, a former University of Maine student and FIRST Robotics alum, has been a Software Engineer specializing in DevOps and InfoSec since 2004. With experience in the National Collegiate Cyber Defense Competition and a passion for sailing, Sean brings a unique blend of technical expertise and creative problem-solving to the field of cybersecurity.
December
Annual Roundtable
Timing and Location TBD
Industry Events
Cybersecurity Summit Boston
Tue, October 29, 2024
7:30AM - 6:00PM EDT
Grand Liberty/Independence Ballroom
39 Dalton Street
Boston, MA, 02199
Please note that this event is free to ISSA-NE members who use the code found in the below graphic...
https://cybersecuritysummit.com/summit/boston24/
CPEs will be awarded for this event. if you attend the full day summit and confirm attendance at end of day.
FutureCon CyberSecurity Conference Boston
Thursday, November 21st
Location: Boston Marriott Burlington
8 am to 5 pm
10 CPE's
Free pass to ISSA-NE members ($200 value)!
ISSA-NE Chapter promo code is: ISSANE
This event includes industry expert speakers, CPEs, lunch, happy hour and more.
Keynote Speaker
Anne Coulombe
Chief Information Security Officer | Werfen
CISO Panel
Meghan Martinez - Director of Cyber Range Programs | CyberTrust Massachusetts
Richard Cocchiara - Chief Innovation & Security Officer | Cognitient Corp.
David Farrell - Senior Manager, Security Advocacy, Chief Security Office | Lenovo
Derek Morris - Virtual Chief Information Security Officer | Wolf & Company, P.C.
Aaron Birnbaum - Chief Security Officer | Seron Security
https://futureconevents.com/events/boston-ma-2024/