Editor-in-Chief: Tran Cheung
Notes From Communications Team
Welcome to the (ISC)² New Jersey Chapter's September issue!
Our goal is to provide the cybersecurity community with monthly New Jersey Chapter news, upcoming events and initiatives, and timely and relevant articles from our dedicated member volunteers.
We hope you enjoy reading this publication and invite you to send any comments to communications@isc2chapternj.org.
Tran Cheung, Andrew Haratine, and Andrew Wong
Ken's Korner
Message From The President
This month's newsletter is very special to me, as it marks the end of its first year in circulation with 770 subscribers! Special thanks to Tran Cheung, Andrew Haratine and Andrew Wong for their dedication to publish an issue every month.
It also marks the end of my first year as President. In the past year, we have transformed this organization into a tight-knit community consisting of over 170 members! Also, due to our virtual meetings, our membership geography has now expanded far beyond NJ.
I am so proud of what we have accomplished so far and I am so excited to see what the next year will bring.
Me trying to set up a volleyball net with a rock. It didn’t go well. :)
Welcome Aboard!
New Chapter Members!
Angelo Garcia
David Garibaldi
Morris Nessim
Kevin Wanner
Steve Branigan
Giovanni Mercado
Alberto Quezada
Marc Dostie
Stephen Churpakovich
Troy Krone
Luisa Cassanello
Raymond Blaine
Pete Manzetti
Picnic Recap
Picnic - September 2021 Recap
Our first in person event was a success! We had over 50 members attended the picnic at Roosevelt Park in Edison, NJ on Saturday, September 18, 2021.
Special thanks to the following volunteers for making our first in-person event so memorable!
Tran Cheung, Alfonso Yi, Marie Ivanov, Prabhakar Kori, Mallik Prasad, Jose Lagdameo Jr., Marcelo Ignacio, Katherine Morris, Disney Paul, Neville West.
Click here for pictures and videos from the event.
Looking forward to see everyone in our upcoming picnic on Saturday, October 16, 2021!
google.com
Upcoming Events
October 2021 - Public Speaking Workshop - MEMBERS ONLY
Do you want to want to work on your public speaking skills?, then this is your opportunity!
We have a monthly public speaking workshop to give everyone a chance to work on their impromptu and prepared speech skills in a safe space.
Please sign up to be a member of our local Chapter before registering for this event
Date: Thursday, October 14th, 2021
Time: 7pm - 8pm
Conducted by Steven Santamorena, Arthur Hedge, and Ken Fishkin
Click here to register.
eventbrite.com
October 2021 - New York Metro Joint Cyber Security Coalition (NYMJCSC) - Conference & Workshop
Day 1: Thursday, October 14th - Conference
Day 2: Friday, October 15th - Workshop
The 2021 NY Metro Joint Cyber Security Conference will take place virtually on October 14th followed by a workshop on the 15th. NYMJCSC is now in its eighth year; featuring a keynote and sessions aimed at various aspects of information security and technology.
NYMJCSC will include several online workshops on October 15th featuring in-depth extended hands-on classroom-style educational courses to expand your knowledge and foster security discussions.
Chapter members Mark W. Schleisner and Ken Fishkin will be speaking at the conference.
Click here to register.
infosecurity.nyc
October 2021 - Come Join The Fun At Our Fall Picnic!
Date: Saturday, October 16, 2021
Time: 12pm - 4pm
Location: Merrill Park, Fairview Ave, Colonia, NJ 07067
All guests will be treated to lunch, which will have vegetarian alternatives. Feel free to bring your family!
Click here to register!
eventbrite.com
October 2021 - Meeting Agenda
Date: Thursday, October 28, 2021
Time: 6pm - 8pm
Location: Online Event
Interview: Bernardo M. Vasquez – Advisory CISO - Palo Alto Networks.
Roundtable Discussion - Cybersecurity Career Paths:
David LaFond - Principal in the Practice of Cybersecurity and Privacy Strategy - LaFond Consulting
Debra Price - Security Product Management and Marketing Professional - Radware
Ken Fishkin - Information Security Manager - Lowenstein Sandler LLP
Tran Cheung - Principal of IT Security, Risk and Compliance - Mathematica
Roundtable Moderator: Jim Ambrosini - Virtual Chief Information Security (vCISO) - Infinite Group, Inc.
Click here to register.
eventbrite.com
Member Feedback
Jumpstart Mentorship Program (JuMP) Feedback
We received wonderful feedback from Session 2 of our JuMP Series!
We asked our Mentees " What did you find beneficial from your meetings?" Below are their amazing responses:
Edwin Brockner:
"John emphasized that I should be finding time in my life for a release, whether it be reading a non-technical book or switching off from work and certifications. I agree, at times I feel like I'm going 24/7 and will burn out eventually, albeit I feel fine now. John and I also started our paths in a similar vein with our internships, so it felt like I could relate to him more. I have benefited from this session by gaining an interesting connection that I am always welcome to bounce ideas off of."
Adam Shuren:
"Wow, this session was super. Ashok took me through three planning sessions for my career. He forced me to get clarity and what I really wanted and then we talked through the role to determine next steps. Being employed in the role, he was able to provide manager insight and truly reinvigorated me to keep at it."
Krishna Nekkalapudi:
" KC has provided valuable feedback in Risk and Compliance expertise. He supported me to tailor my resume and also helped in Mock interviews."
Thank you to our wonderful mentors participating in this program!
ISC2 NJ Chapter
Current Initiatives
iQ4 Volunteer Mentoring Program
Introducing our new college/high school mentoring opportunity with iQ4! You do not need previous mentoring experience to sign up. Currently, students are taking courses on topics such as insider threat, ethical hacking and cloud security.
Please sign up here if you are interested in being part of this fun and rewarding program. CPE credits will be given as well!
google.com
Jumpstart Mentorship Program (JuMP)
Come join the fun and sign up for our next round of our new JuMP mentorship program!
This mentorship program is currently open to (ISC)² New Jersey Chapter members only. The JuMP program is a unique career building experience for our chapter members.
We have over 30 of our members participating in our current JuMP sessions!
Deadline to register for this session is extended to October 6th. Click here to sign up to be a Mentor, Mentee, or both!
For additional information, please reach out to Tran Cheung at communications@isc2chapternj.org.
google.com
Member Contributions
RIP Password Rotation Policies? by Rasheen Whidbee
For a few years a debate has been brewing regarding the continued use of Password Expiration Policies, whereas organizations would require their workforce to update their passwords every 60, 90 or xx number of days. Industry bodies such as The National Institute of Standards and Technology has actually recommended eliminating the necessity of password rotation policies, favoring longer passwords or passphrases which would extend the time to ‘crack’ a password. However, there are still many cybersecurity professionals whom consider password rotation policies one of the cornerstones of good cybersecurity hygiene.
Continue reading by clicking here
linkedin.com
Educational Training
Practical Hacking: Testing the OWASP Top 10
Date: Wednesday, November 17, 2021
Time: 9am - 4pm
Location: Virtual
Cost: $10 for members and $25 for non-members
CPE: 4.5 CPEs
Application penetration testing can be a daunting task. In fact, the OWASP web security testing guide defines over a hundred tests that need to be conducted for a comprehensive security assessment. During this practical training session we'll distill these tests down to OWASP's top 10 vulnerabilities and manually explore how to identify and exploit each one in real-world applications. Attendees will only need a basic understanding of web technologies to be able to participate.
Click here to register.
Objectives:
- Learn how to set up and configure tools required to conduct web application penetration testing
- Learn basic and advanced OSINT reconnaissance techniques to gather information against a target domain
- Understand the testing methodology in both un-authenticated and authenticated contexts
- Exercise exploiting vulnerabilities using industry tools and techniques
- Understand remediations for the OWASP top 10 vulnerabilities
Tentative Schedule:
8:45 AM - Registration
9:00 AM - Session begins
10:30 AM - Break
10:45 AM - Session Resumes
12:00 PM - Lunch
1:00 PM - Session Resumes
2:30 PM - Break
2:45 PM - Session Resumes
4:00 PM - Session Ends
Trainer: Cornel Du Perez
Cornel is an established subject matter expert in offensive security and serves as the Founder and Managing Director of Abricto Security. In this role, he oversees the strategic growth and development of the firm. On top of spear-heading new service development, he leads team training initiatives, hunts for top talent and builds the Abricto Security brand. Cornel is involved in the open-source community and he regularly presents at regional security conferences where he shares his experience and lessons learned.
eventbrite.com
NYU and (ISC)² New Jersey Chapter Partnership
The (ISC)² New Jersey Chapter and the New York University Tandon School of Engineering have formed a partnership to further educational and credentialing opportunities for students and the cybersecurity community.
In addition to participating in NYU Tandon events, lectures, career fairs, and other professional development activities, (ISC)² will offer students a full membership completely free giving them access to a network of local industry leaders. As part of the agreement, (ISC)² members can sign up for The NYU Center for Cybersecurity (CCS) mailing list to stay current with research and events featuring leading faculty and industry partners at www.cyber.nyu.edu.
In collaboration with industry partners on the NYU Tandon Advisory Council, NYU Tandon School of Engineering will offer an astounding scholarship to (ISC)² members regardless of their country of residence.
The NYU Cyber Fellowship program is an elite, highly-technical Cybersecurity Master's Degree extends qualifying students with a scholarship that covers 75% of their tuition for the 10-course, part-time program. Additionally, the partnership will present a 15% off tuition to other online or on-campus graduate degree programs. As member-students will also be able to access networking and mentorship events with the (ISC)² New Jersey Chapter.
NYU Tandon has open enrollment for members looking to apply to NYU Cyber Fellows for the Fall or Spring semesters. There is NO GRE required (graduate admission guidelines apply) and they have also streamlined the application process which only takes 15 minutes with a decision in 15 days. Simply:
- Gather a Resume, a Statement of Purpose (250 words), an unofficial Transcripts, name two References
- Start application
- Enter application fee waiver code (worth $90) NYUTO21
- Choose MS in Cybersecurity, part-time program, and answer YES to the question about 'applying for Cyber Fellows’
- Review and Finalize - “SUBMIT”
To learn more about enrollment or if you have any questions, please contact tandon.online@nyu.edu. You can also call (646) 997-3623.
ISC2 NJ Chapter
Upcoming Presenters
David Lafond - Principal in the Practice of Cybersecurity and Privacy Strategy - LaFond Consulting
David Lafond is a principal in the practice of cybersecurity and privacy strategy at LAFOND CONSULTING. He has more than 20 years of experience developing and managing complex infrastructure in highly regulated industries on the protection, operation, and compliance of their networks, systems, applications, data, devices, people, and property. His competencies as an industry expert include cybersecurity risk management, policies and procedures, legal and regulatory compliance, Software Development Lifecycle (SDL) security, big data, incident response and digital forensics, secure cloud strategy, security education, secure mobile computing and vendor governance. Mr Lafond's previous roles include CISO, CTO, and Head of Technical Operations and Infrastructure for organizations like Amazon, Etsy, Dow Jones & Co, Marsh, and Collective Intelligence. Mr Lafond is a graduate of the United States Merchant Marine Academy where he majored in Marine Engineering Systems with a minor in Nuclear Engineering and served in the Navy Reserve for 11 years. He is certified as a CISSP, a registered professional with the CMMC, and a member of IAPP. He holds a Masters in Computer Engineering, an MBA, and is currently pursuing a Doctorate in Strategic Leadership.
linkedin.com
Jim Ambrosini - Virtual Chief Information Security (vCISO) - Infinite Group, Inc.
Jim Ambrosini is a Cybersecurity Consultant with over 25 years of diversified experience. He is currently with the Infinite Group, Inc. (IGI) where he specializes in delivering virtual Chief Information Security (vCISO) services to numerous clients across industries. Prior to joining IGI, Jim was a Director at Wells Fargo where he led both the Consumer Technology Risk Division, and then Business Risk & Controls for Digital Banking. Before that role, Jim served as a Managing Director at a top 10 accounting and consulting firm where he led a national cybersecurity consulting practice.
Jim has taught graduate level courses on Information Risk as an adjunct professor at NYU, and has also been extensively involved with professional organizations, such as ISACA, where he was the NY Chapter past president and is currently on the strategic advisory committee. Jim earned a BA in Journalism and Communications from Washington & Lee University and then a Masters degree in Management of Information Systems from Stevens Institute of Technology.
linkedin.com
Debra Price - Security Product Management and Marketing Professional - Radware
Debra Price is a Security product management and marketing professional. She began her 20+ year security career at AT&T launching and managing services including threat management, web security, encryption and IoT security and now works at Radware managing its reference and vertical solutions marketing programs.
She earned her BA in Psychology from Douglass College and MS in Industrial Relations/Human Resources from Rutgers University. She obtained her Certified Information Systems Security Professional (CISSP) certification in June 2004 (Member ID 58719) through the International Information Systems Security Certification Consortium (ISC)². Debra shares her security knowledge through the (ISC)² Safe and Secure On-Line program by giving talks to adults and children about proper Internet use.
Debra enjoys traveling and diving; she maintains a website of diving and travel videos at myunderwatervideo.com. When she can’t be under water, Debra enjoys daily workouts of swimming, running or yoga, dancing, hiking, and gardening or relaxing on the beach with a good book.
linkedin.com
Bernardo M. Vasquez - Advisory CISO - Palto Alto Networks
Bernardo Vasquez is an experienced Cybersecurity, Risk, and Privacy Leader who serves as Advisory CISO, supporting Palo Alto Networks' largest strategic clients; he's been in the trenches and the boardroom and relates to the challenges and opportunities IT and Business leaders face daily.
Before joining Palo Alto Networks, Bernardo was CISO and VP of IT at Hudson, a Dufry Company, leading multiple transformations for the business by using Security, Privacy, Risk, Compliance, and Agile Program Management to facilitate business growth plus scale operational efficiencies.
Additionally, Bernardo has served as NYU's first global CISO. While at Deloitte's Enterprise Risk Services practice, he led management, operational and technical engagements across retail, hospitality, pharmaceutical, financial services, and consumer product industries.
He holds multiple certifications and deep experience in various domains, including CISSP, CIPM, CRISC, CCSP, CCISO, and is a former Hacking Forensics professional.
linkedin.com
Tran Cheung - Principal of IT Security, Risk and Compliance - Mathematica
Tran Cheung is a Principal of IT Security, Risk and Compliance at Mathematica. She’s an expert in IT security and compliance and serves as the security subject matter expert on the development of security policies and procedures for client projects and corporate initiatives. She has over 20 years of IT experience and over 13 years of immersive cybersecurity experience in the assessment of complex government Information Technology (IT) systems. She has deep knowledge of the Risk Management Framework and the applicability of federal security guidelines including Federal Information Security Management Act (FISMA), and various National Institute of Standards and Technology (NIST) publications. She has led numerous external FISMA audits; successfully completed several Authority to Operate (ATO) packages for a major federal IT system; and effectively managed internal audit and self-assessment to obtain ATO for internal systems.
She holds a Certified Information Systems Security Professional (CISSP) certification, a Certified Cloud Security Professional (CCSP) certification, a Project Management Professional (PMP) certification, a Security+ certification, an AWS Cloud Practitioner Certification, and a Master of Business Administration (MBA) from Rutgers University.
linkedin.com
Ken Fishkin - Information Security Manager - Lowenstein Sandler LLP
Ken Fishkin - Information Security Manager - Lowenstein Sandler LLP
Ken is the Manager of Information Security for the national law firm Lowenstein Sandler. He has developed the firm's cybersecurity and privacy programs from scratch and is currently in process of having them become ISO 27001 certified.
Previously, he worked at CohnReznick for over twenty years where he was Director of the Cybersecurity and Privacy Practice, performing cybersecurity and privacy assessments and developing programs for his clients.
Besides being President of the New Jersey (ISC)² Chapter, he is on the Executive Committee of the Legal Services Information Sharing and Analysis Organization (LS-ISAO) and mentors cybersecurity students via iQ4's apprenticeship program.
linkedin.com
Recordings and Slides From Prior Meeting
September Monthly Meeting
Brett Thorson - Personal Security Tabletop Exercise - PDF
Raymond Blaine - Cybersecurity Challenges with Industry Control Systems (ICS) - PDF / Video
Please visit https://www.isc2chapternj.org/ to access previous meeting recordings.
ISC2 NJ Chapter
Board of Directors
(ISC)² New Jersey Chapter 2021 Board of Directors
President:
Ken Fishkin
President@isc2chapternj.org
Secretary:
Mallik Prasad
Secretary@isc2chapternj.org
Treasurer:
Priyanka De Abrew
Treasurer@isc2chapternj.org
Education Director:
Jose Lagdameo
Director@isc2chapternj.org
Membership Chair:
John Manley
membership@isc2chapternj.org
Communications Chair:
Tran Cheung
Communications@isc2chapternj.org