Upcoming Chapter & Industry Events

ISSA NE Chapter's Upcoming Meeting Schedule



November 

Annual meeting & Sponsor Showcase


When:       Thursday November 14th, 2024, 10am – 4:00pm

 

Where:       The Connors Center, 20 Glen St., Dover, MA


Register now!


                            Attendees will earn 4 CPEs

 

After registering, you will receive a confirmation email.

 

Agenda at a glance

 

09.00 – 10.00  Registration and Coffee - Sponsor Table Visits

 

10.00 – 10.15  Welcome and Chapter Intro by Larry Drolet

 

10.15 – 11.00  Keynote: Navigating Career Uncertainty in Cybersecurity by Marc French

 

11.00 – 11.45          Demystifying Threat Modeling by Matthew Coles

 

11.45 – 1.15    Lunch, Networking and Sponsor Showcase

 

1.15 – 2.00      Unlocking the Trump Shooter’s Phone: Mobile authentication in 2024 by Dan Bailey

 

2.00 – 2.15      Bridgewater Cyber Range by David Dumas and Michelle Stanfield

 

2.15 - 2.30       Networking Break

 

2.30 – 3.15      Uniting Together Against Hackers by Justin Armstrong

 

3.15 – 3.45      Trust & Safety: Building the Arch of Organizational Integrity by Sean Edwards

 

3.45 - 4.00       Closing and Thanks

 

Agenda & Speaker detail

 

Topic: Navigating Career Uncertainty in Cybersecurity

 

Speaker: Marc French

 

The past 18 months have brought unprecedented work challenges in cybersecurity, especially for mid-career professionals. This talk explores the latest hiring/career trends across various industries,

company sizes, and geographies, shedding light on the largest hiring downturn in the last 20 years within the field.

 

Equipped with this background, we’ll introduce Version 2 of the open-source Career Ladders tool. The talk will break down career stages, salary bands, and the functional skills for a variety of cybersecurity


roles. Whether you are starting out or in mid-career, the tool is here to help you get a clear picture of where you are and where you're headed, so you can continue moving toward your security career goals regardless of what may be changing in the field.

 

 

Bio: Marc French is the CISO and Managing Director of the Product Security Group. A product professional turned security leader, Marc has more than 30 years in software engineering, product management, and security. Prior to founding PSG, Marc has held a variety of senior roles at EMC/RSA, Iron Mountain, Constant Contact, Mimecast, and Dun & Bradstreet.

 

Marc is active in the local security & business community and actively speaks at conferences in the US and abroad.

 

With a passion for growing the future leaders within security, he leads the open sourced infosec career ladders and runs a one-on-one mentoring program for students and mid-career professionals.



Topic: Demystifying Threat Modeling

 

Speaker: Matthew Coles

 

Threat modeling is a crucial activity in any system lifecycle for ensuring a secure-by-design and secure-by-default outcome. This activity is not hard to do but can be met with uncertainty about its value or what is needed to get started. In this presentation we will demystify the activity of threat modeling. We will cover the basic process of threat modeling, some of the frameworks and resources available to perform this analysis, and include some governing principles for achieving success.

 

Bio: Matthew Coles is a product security architect and secure systems engineering leader for connected devices and the ecosystems and processes that create, enable, and support them. He co-authored a helpful guide to threat modeling for developers, is among the team of experts who developed the Threat Modeling Manifesto and Threat Modeling Capabilities, and is active in initiatives including OWASP, OpenSSF, and MITRE's CWE/CAPEC community initiatives. Matt holds a CSSLP certification from ISC2 and is a frequent conference presenter on threat modeling and other security lifecycle topics.

 


Topic: Unlocking the Trump Shooter’s Phone: Mobile Authentication in 2024

 

Speaker: Dan Bailey

 

In light of the recent successful scramble to unlock the Trump shooter's phone, we present a guide to the real-world security of mobile-device unlock authentication. How secure are various knowledge-based unlock schemes? We present the results of rigorous research into 4- vs. 6-digit PINs, passwords, and others, explaining why these are believed to be secure and the underlying assumptions. We investigate claims by news outlets that FBI purchased an exploit that enabled them to guess the shooter's PIN in 40


minutes. We square these approaches with alleged leaked vulnerabilities-for-sale and provide specific actionable advice to protect mobile devices from these brute-force guessing attacks.

 

Bio: Dan earned his Ph.D. in 2023, with his dissertation focusing on the risks of practical attacks on mobile-phone unlock schemes. He conducted user studies to evaluate the actual risks that can be expected, and presented on this topic to international audiences in an accessible manner for the

non-specialist. In addition, Dan has more than 25 years' experience in application security translating insights into actionable methods, policies, and guidelines in software development organizations large and small. Working closely with development teams to solve difficult problems, Dan invented new approaches that led to more than 50 US patents issued.

 

 

Topic: Uniting Together Against Hackers

 

Speaker: Justin Armstrong

 

Would you like to be able to gain long term allies among executives, developers, sales, and other parts of your organization?

In this session, you will learn several practical points so that you can be more effective when you

Communicate risk

●     Ask for resources

●     Herd Cats! (Work with Developers and Engineers)

This session is crammed with real life examples and the lessons derived from them. Justin will draw on his experience in developing security programs from the ground up, as well as lessons learned from the nearly 100 ransomware incidents at Hospitals where he was engaged.

 

Bio: Justin Armstrong has over 25 years of Healthcare IT and Software Development experience. Through relationship building and collaboration, he significantly shifted the culture at MEDITECH so that Security became a priority for everyone.

 

Justin led major changes in Product and Cloud Security at MEDITECH — a top tier Electronic Health Record (EHR) vendor — at a pivotal moment for Healthcare. He ensured that MEDITECH’s first cloud hosted EHR was architected and managed securely, and led the ISO 27001, 27017, 27018 certification. Justin also oversaw security and compliance efforts for MEDITECH’s web based EHR, REST APIs, Patient Portal, Telehealth, electronic prescribing, and more. Under Justin’s guidance Security was built into the Software Development Life Cycle.

 

Justin has been involved in nearly 100 ransomware incidents at Hospitals and is well known in the Healthcare Security community. Seeing the worsening cybersecurity crisis in Healthcare IT in 2015, he devoted significant effort to outreach — providing Hospitals with actionable information about the latest threats. Justin is a working member of the IEEE SA-2933 working group, creating a standard for Clinical Internet of Things (IoT) Data and Device Interoperability.


 

Topic: Trust & Safety: Building the Arch of Organizational Integrity

 

Speaker: Sean Edwards

 

This presentation introduces a framework that views trust and safety as twin pillars supporting organizational integrity. Drawing from Honest Security principles, it explores how balancing transparent stakeholder communication with robust security practices creates a resilient security culture. The talk will demonstrate how aligning security with organizational values, fostering positive team relationships, and empowering informed decision-making can strengthen both pillars, ultimately reinforcing the entire structure of organizational trust and safety.

 

Bio: Sean Edwards, a former University of Maine student and FIRST Robotics alum, has been a Software Engineer specializing in DevOps and InfoSec since 2004. With experience in the National Collegiate Cyber Defense Competition and a passion for sailing, Sean brings a unique blend of technical expertise and creative problem-solving to the field of cybersecurity.



December 

Annual Roundtable

Timing and Location TBD


Industry Events

Cybersecurity Summit Boston


Tue, October 29, 2024

7:30AM - 6:00PM EDT 

Sheraton Boston Hotel

Grand Liberty/Independence Ballroom

39 Dalton Street

Boston, MA, 02199 


Please note that this event is free to ISSA-NE members who use the code found in the below graphic...


https://cybersecuritysummit.com/summit/boston24/


CPEs will be awarded for this event. if you attend the full day summit and confirm attendance at end of day.


FutureCon CyberSecurity Conference Boston

Thursday, November 21st 

Location: Boston Marriott Burlington 

8 am to 5 pm

10 CPE's

Free pass to ISSA-NE members ($200 value)!

ISSA-NE Chapter promo code is:  ISSANE

This event includes industry expert speakers, CPEs, lunch, happy hour and more.

Keynote Speaker

Anne Coulombe

Chief Information Security Officer | Werfen

 

CISO Panel

Meghan Martinez - Director of Cyber Range Programs | CyberTrust Massachusetts

Richard Cocchiara - Chief Innovation & Security Officer | Cognitient Corp.

David Farrell - Senior Manager, Security Advocacy, Chief Security Office | Lenovo

Derek Morris - Virtual Chief Information Security Officer | Wolf & Company, P.C.

Aaron Birnbaum - Chief Security Officer | Seron Security

 

https://futureconevents.com/events/boston-ma-2024/