Editor-in-Chief: Tran Cheung
Issue 4 Contributors:
The primary purpose of our newsletter is to provide our members with the latest NJ Chapter news, upcoming events and especially timely and relevant articles from our dedicated member volunteers. I would like to thank Ken Fishkin and the contributing authors for another great monthly issue.
This month's contributors:
Andrew Haratine
Disney Paul
Mark Schleisner
I am looking forward to see new content contribution from our members in future newsletters.
ISC2 NJ Chapter
Ken's Korner
Message From The President
We had another fantastic meeting this month! Our members were introduced to a volunteer program that addresses the cybersecurity workforce gap issue. We learned from Frank Cicio, CEO of iQ4, and Alex Abramov, past President of ISACA NY, on how we can mentor students that are enrolled in IQ4's cybersecurity apprenticeship program.
Afterwards, Alfonso Yi, the Data Privacy Officer for a Fortune 500 global luxury brand, gave us a very informative session on the history of Data Privacy and walked us through how complicated and challenging the landscape has become.
For those that weren't able to attend, please refer to the YouTube links at the bottom of this newsletter.
I want to thank all of our speakers for their time and effort for providing our members with a memorable event. It was well received by everyone!
ISC2 NJ Chapter
Chapter News
16 Steps to Securing Your Data (and Life)
Facebook LinkedIn Twitter Attackers look for the path of least resistance. Recently, that path has shifted from enterprise networks to you and your devices for two reasons. First, as we have built more secure software and systems, it has made it harder to attack enterprise networks. At the same time, we have started to access more sensitive information, both personal and professional, on our phones.
That isn’t to say enterprise security, isn’t important – it still is. But individual cybersecurity is now a critical part of enterprise security because when individual workers aren’t secure, the enterprise isn’t either.
In the current era of cybersecurity, your life is part of the attack surface. In this post, we lay out 16 practical steps you can take to secure your data, accounts, and devices. The list is prioritized by risk reduction, so start at #1 and work your way down.
Continue reading click here.
a16z.com
ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information.
The findings were presented on Wednesday at the Network and Distributed System Security Symposium (NDSS) conference by a group of academics from Ruhr-Universität Bochum and the North Carolina State University, who analyzed 90,194 skills available in seven countries, including the US, the UK, Australia, Canada, Germany, Japan, and France.
Amazon Alexa allows third-party developers to create additional functionality for devices such as Echo smart speakers by configuring "skills" that run on top of the voice assistant, thereby making it easy for users to initiate a conversation with the skill and complete a specific task.
Continue reading click here.
thehackernews.com
NSA Releases Guidance on Zero Trust Security Model
The National Security Agency (NSA) has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a coordinated system management strategy that assumes breaches are inevitable or have already occurred.
CISA encourages administrators and organizations review NSA’s guidance on Embracing a Zero Trust Security Model to help secure sensitive data, systems, and services.
Continue reading click here.
cisa.gov
Upcoming Events
Public Speaking Workshop *NEW*
Monthly workshops are held every 2nd Thursday of the month from 7-8pm. Next workshop is March 11th. Click here to register.
- Conducted by Steven Santamorena, Arthur Hedge, and Ken Fishkin
- You will be able to learn how to improve your public speaking skills in a no stress environment using proven methods and techniques
CISSP Study Group *NEW*
CISSP Study Group will begin on 3/13/2021
- Conducted by Priyanka De Abrew and Member volunteers
- 8 week program held on Saturdays from 9-11am
- The workshop will cover one module per week
Click here to register.
eventbrite.com
March 2021 Meeting Agenda
NJ Chapter March 2021 Meeting will be held on Thursday 3/25/2021.
Click here to register.
April 2021 Meeting Agenda
NJ Chapter April 2021 Meeting will be held on Thursday 4/29/2021.
Presenters:
Jason Starr and Will Mendez from CyZen - Planning and performing a penetration test
Marene Allison - Chief Information Security Officer at Johnson & Johnson
NJ Social Engineering Conference (SECON) 2021
NJ SECON 2021 conference is now a joint effort with ISACA NJ
Date: Thursday, May 13, 2021
Time: 5-9pm
Location: A very unique and humorous virtual experience
Confirmed Speakers:
Jared Maples – Director of NJ Office of Homeland Security and Preparedness
Sajed “Saj” Naseem – CISO of NJ Courts and Adjunct Professor St. Johns University and Rachael Rakoski – Managing Partner at XPAN Law Partners
James McQuiggan - Security Awareness Advocate at KnowBe4, College Professor, (ISC)2 Chapter President (Central Florida)
Stan Mierzwa - Managing Assistant Director, Lecturer, Center for Cyber Security at Kean University, Department of Criminal Justice
ISC2 NJ Chapter
June 2021 Meeting Agenda
NJ Chapter June 2021 Meeting will be held on Thursday 6/24/2021.
Presenters:
Kathleen McGee – Partner at Lowenstein Sandler – White Collar Criminal Defense Practice
Peter Thermos – Founder, President of Palindrome Technologies
July 2021 Meeting Agenda
NJ Chapter July 2021 Meeting will be held on Thursday 7/29/2021.
Mike Wilkes – Chief Information Security Officer / Adjunct Professor - Security Scorecard
Fernando Leitao – Director at Mastercard Data & Services – Risk management quantification
August 2021 Meeting Agenda
NJ Chapter August 2021 Meeting will be held on Thursday 8/26/2021.
Presenters:
This will be a member speaking event. If you are interested in presenting at this meeting, please reach out to Ken at president@isc2chapternj.org.
ISC2 NJ Chapter
Volunteer Opportunities
Volunteer Positions and opportunities
- Newsletter contributor – submission date is March 20th
- Education committee – hard and soft skills
- Speaking opportunities at member meetings
If you're interested in any of these volunteer opportunities, please reach out to Ken Fishkin at president@isc2chapternj.org.
ISC2 NJ Chapter
Member Contributions
Identity Management & Privacy Concerns by Andrew Haratine
Congrats to one of our newest members, Andrew Haratine, for his first newsletter article! It's a piece that discusses the challenges related to identity management and privacy and the concept of a digital wallet and other technologies as potential solutions.
Continue reading click here.
linkedin.com
Good Project Management Ensures Resilient Network Cyber security by Mark Schleisner
We have another great newsletter article submission from a new member! Thank you, Mark W. Schleisner, CISSP, PMP, for contributing your time to educate our members on how project management is a vital ingredient to having a successful cybersecurity implementation.
Continue reading click here.
linkedin.com
Application Security 101: Part Two of a Three Part Series by Disney Paul
Our last submission for this month's newsletter is written by our prolific contributor, Disney Paul. It is part two of his three part journey on best practices for Application Security. This article is a deep dive into the SANS top 25 software errors.
Continue reading click here.
linkedin.com
Upcoming Presenters
Christopher Dixon
Christopher Dixon is a Certified Computer Forensics Examiner. He has an extensive background in litigation support project management that focuses on best practices in computer forensics, eDiscovery, electronic data acquisitions, forensic data examinations, data mining and analysis.
Within the Litigation Support space, he has advised on matters including early phases of discovery, depositions, hosting, data recovery, scanning, reprographics, trial boards, translations, coding, litigation holds, fraud investigations, eDiscovery best practices, trial, and collections of digital forensic evidence. Chris has collected and analyzed data across multiple platforms including desktops, servers, mobile devices and electronic external storage devices.
Chris is also seasoned in technology investigations, that require IT surveys to determine IT landscapes and cyber security threats internally and externally.
linkedin.com
Grace Chi
Grace is Cofounder and COO of Pulsedive, a US-based threat intelligence startup. Grace works closely with defensive security (and in particular, cyber threat intelligence) teams to support the development of integrated intelligence programs to proactively improve security posture.
Ranging from regional security consulting firms to enterprise operations, Grace is highly engaged with threat intelligence professionals from all over the world; as a result, she understands deeply the requirements, challenges and opportunities for threat intelligence program success across organization types. In addition to enabling the growth of CTI teams at various stages of maturity, Grace is an avid watercolorist on weekends and a hyper-serious cooperative board gamer.
twitter.com/euphoricfall
linkedin.com/in/graceschi
Recordings and Slides From Prior Meeting
Video of our monthly meetings
February 25, 2021 meeting recordings:
Please visit https://www.isc2chapternj.org/ to access previous meeting recordings.
ISC2 NJ Chapter