Ken's Korner
Message From The President
We held our final meeting of the year last Thursday and it turned out to be a huge success! We had a record breaking number of people attending this event, as we had roughly 90 cybersecurity professionals and students participate in lively discussions with our guests Thomas Flynn, Assistant Special Agent in Charge at the Secret Service and Tia Hopkins, Founder of Empow(H)er Cybersecurity and VP of Global Solutions Engineering at eSentire.
Tom educated everyone on how the Secret Service can assist organizations before or after a breach, and Tia stunned the audience with her academic background and ambitious goals.
Looking forward to the new year, as we continue building on our momentum. May this year bring new happiness, new achievements, and new friendships!
Click here to stay up-to-date on the latest information about our (ISC)² Chapter.
Chapter News
From weaponized AI to threats against the vaccine rollout, here are 6 cybersecurity trends to watch in 2021
Could 2021 be the year that healthcare finally gets smart about cybersecurity? Many in the industry say real change needs to happen as the situation has become a matter of life and death.
Hospitals are facing a new wave of ransomware attacks even as they also struggle to confront a nationwide surge in COVID-19 cases. There was also a recent report out of Germany of the first patient death directly tied to a ransomware attack.
fiercehealthcare.com
SEC filings: SolarWinds says 18,000 customers were impacted by recent hack
IT software provider SolarWinds downplayed a recent security breach in documents filed with the US Securities and Exchange Commission on Monday.
SolarWinds disclosed on Sunday that a nation-state hacker group breached its network and inserted malware in updates for Orion, a software application for IT inventory management and monitoring.
Orion app versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, were tainted with malware, SolarWinds said in a security advisory.
The trojanized Orion update allowed attackers to deploy additional and highly stealthy malware on the networks of SolarWinds customers.
zdnet.com
White House acknowledges reports of cyberattack on U.S. Treasury by foreign government
WASHINGTON – The Trump administration acknowledged reports on Sunday that a group backed by a foreign government carried out a cyberattack on the U.S. Treasury Department and a section of the U.S. Department of Commerce.
cnbc.com“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” National Security Council spokesman John Ullyot wrote in an emailed statement to CNBC.
Cybersecurity in 2021: 5 Trends Security Pros Need to Know
For the past eight months, the global COVID-19 pandemic, along with the unprecedented shift to work-from-home for many employees, has altered the way both people and enterprises approach work and conduct business. And while many of these changes are likely to become permanent, issues such as cybersecurity continue to evolve as the threat landscape shifts.
In the rapid shift to work-from-home, many businesses rushed employees out of the office with cybersecurity as an afterthought. As the new, remote routine settled in, businesses began rethinking their strategies, recognizing that the attack surface had changed and that threat actors now had many more ways to infect networks to steal data.
dice.com
Upcoming Events
New For 2021: Events Will Be For Members Only (Students Are Free)
If you are passionate about cybersecurity and would like to join this event and all future events in 2021, we now require that all attendees become a Chapter member. Student membership dues will be waived and there are no other requirements to join our organization. First time guests will also be free. Click here to become a member of the (ISC)² NJ Chapter! For more information about our (ISC)² Chapter, please reach out to Ken Fishkin at president@isc2chapternj.org.
ISC2 NJ Chapter Member Signup
January 2021 Meeting Agenda
NJ Chapter January 2021 Meeting will be held on Thursday 1/28/2021.
Click here to register.
Presenters:
Rafal Los – An Industry Innovator - Strategist - Personality
Listen to his phenomenal podcast on cybersecurity here.
Peter Koenig – Strategic Manager / Adjunct Professor – Conflict Resolution
See Presenter Bios section for more information
February 2021 Meeting Agenda
NJ Chapter February 2021 Meeting will be held on Thursday 2/25/2021.
Presenters:
Alfonso Yi – Data Privacy Officer – Ralph Lauren
Frank Cicio – Founder and CEO of IQ4
March 2021 Meeting Agenda
NJ Chapter March 2021 Meeting will be held on Thursday 3/25/2021.
Presenters:
Grace Chi – PulseDive – NJ based startup – Threat Intelligence
Chris Dixon – CohnReznick – Manager of Computer Forensics and e-Discovery
Volunteer Opportunities
Volunteer Positions and opportunities
We have the following volunteer positions and opportunities available:
- NJ Chapter Monthly Newsletter submissions
- Education committee
- Speaking opportunities
- SECON Conference committee
If you're interested in any of these volunteer opportunities, please reach out to Ken Fishkin at president@isc2chapternj.org.
Member Bios
John Manley, NJ Chapter Board Member
We are excited to introduce our new board member, John Manley - membership chair.
John Manley, CISSP has over 20 years of technical experience, and has spent 15 years developing sales, technical, and business operations for numerous organizations. John received his undergraduate degree from The University of Iowa, and has spent the last 10 years working in various capacities in Cyber Security. John is currently the President, North America for ViewDS Identity Solutions and an Advisory Board member for MSP Overwatch.
linkedin.com
Member Contributions
My DevSecOps Transformation by Disney Paul
I started my career as a developer, adapted the DevOps culture and transformed myself as a DevSecOps practitioner. In this article, I’ll share a few highlights from my DevSecOps transformation journey.
DevOps has been in the cross-roads of a digital transformation for organizations ever since 2009. Its main focus area is manageability by automation and continuous/faster delivery to customers. For this reason, most monolithic (large multi-module) applications are decomposed into microservices and workloads are moved from on-premises to cloud datacenters. Also, application developers started taking job duties that were primarily from Operations. There were multiple types of cross-cultural streams developed based on the success seen by such collaboration; such as NetOps, DataOps, TestOps, SRE, FinOps, DevSecOps, etc. Here, success relies on the mindset and cultural adoption of the change within the organization. In DevSecOps, individuals take-up job duties of DevOps and apply security practices at every stage in the cycle.
Continue reading click here
linkedin.com
Security Frameworks and Beyond by Rasheen Whidbee with Bob Henderson
This article discusses the importance of Security frameworks, but it also takes a "security minded culture" to go beyond a framework to address risk.
Click here to read the article.
Proposal for the Development and Addition of a Cybersecurity Assessment Section into Technology Involving Global Public Health by Stan Mierzwa
This paper discusses and proposes the inclusion of a cyber or security risk assessment section during the course of public health initiatives involving the use of information and communication computer technology. Over the last decade, many public health research efforts have included information technologies such as Mobile Health (mHealth), Electronic Health (eHealth), Telehealth, and Digital Health to assist with unmet global development health needs. This paper provides a background on the lack of documentation on cybersecurity risks or vulnerability assessments in global public health areas. This study suggests existing frameworks and policies be adopted for public health. We also propose to incorporate a simple assessment toolbox and a research paper section intended to help minimize cybersecurity and information security risks for public, non-profit, and healthcare organizations.
Click here to read the article.
bridgew.edu
Supporter
Join our movement and pay it forward!
Join Step Up Skill A NJ NONPROFIT CORPORATION to pay it forward and help our colleagues and friends struggling to find a job in this pandemic. Volunteer to network, boost morale, reach out and be generous with your time. For more information, email Niloufer Tamboly at niloufer.tamboly@stepupskill.org or connect on LinkedIn
linkedin.com
Upcoming Presenters
Peter Koenig
Peter Koenig is a retired lieutenant from the Rumson Police Department in New Jersey, with over twenty-seven years of experience in law enforcement. He is currently the Chief Information Officer (CIO) at a credit card manufacture in Monmouth County, New Jersey. Previously, he taught Criminal Justice at Brookdale Community College and lectured at Monmouth University. He also taught at the Monmouth County Policy Academy, where he developed and implemented an Anger Management and Career Burnout program for the policy workforce. Within a three-year period, he was able to use his program to improve the academy’s retention rate. He has a Masters in Administrative Science at Farleigh Dickinson University with a minor in Computer Security and Forensic Administration.
linkedin.com
Rafal Los
Rafal Los is an industry innovator, strategist, and personality. His career spans 20+ years while working inside companies from the Fortune 10 to a firm of less than 10. Rafal's strengths include strategic leadership in security products and services - focusing on market strategy, roadmap development and execution, process optimization, and bringing teams together to solve complex problems. Recent achievements include delivering on a company strategy pivot from infrastructure provider to security-as-a-service by rebuilding pre-sales strategy and delivery; implementing significant changes in business process that led to the company's ability to measure the direct impact of changes on sales and customer lifecycle. Rafal is an active member of the Security Advisor Alliance, serving on the advisory board with the intent of creating innovative ways for security leaders to give back to their communities through service and knowledge sharing.
Additionally, Rafal is a founder and host of the Down the Security Rabbithole Podcast - an industry podcast delivering a weekly office-friendly format since 2011 focused on thought leadership through interesting guests and topics. Rafal's career is about more than being a recognizable expert - it's continually challenging accepted thinking and bringing people together to solve complex problems in innovative ways.
linkedin.com