Save The Date: VIRTUAL NJ ISSA Chapter Meeting on 3/31/2021

New Jersey Chapter ISSA Meeting
Date: Wednesday, March 31st, 4:00pm – 6:00pm
Venue: Remote via Zoom (NJ ISSA Members will receive an email with Zoom instructions. Please use a contact form to request dial in details if you did not receive the email.)

Agenda:

3:55 – 4:00 Check In/Registration

4:00 – 4:15 NJ ISSA Chapter Updates

4:15 – 5:00 Presentation: Security Mistakes Everyone Makes: Improving work-from-home and home network security
Jeremy Druin, Education Director Kentucky ISSA Chapter

Abstract
Work from Home, School from Home, and just about Everything from Home is more popular than ever due to recent events. In this presentation, we will discuss practical steps to strengthen the security of home networks and personal devices.

Speaker Bio
Jeremy works as the Principal Security Architect for UPS where he created the application security, bug bounty and penetration testing programs. Jeremy is also the owner of Ellipsis Information Security where he provides security testing services and teaches secure application development and penetration testing courses.

As a Director of Education for the Kentucky ISSA chapter, Jeremy presents on various information security topics along with operating the “webpwnized” YouTube video channel. Additionally, Jeremy develops the open-source OWASP Mutillidae II training environment.

Jeremy has a Bachelors in Computer Science from Indiana University, a Graduate Certificate in Cybersecurity and Masters in Computer Science from the University of Louisville and is a GIAC-certified Web Application, Mobile and Network Security Penetration Tester..

5:00 – 5:15 Break

5:15 – 6:00 Presentation: Cloud Infrastructure Cyber Kill Chain – Threats & Countermeasures
Mike Raggo, Cloud Security Engineer, CloudKnox

Abstract
Attackers are maturing their TTPs to now exploit over-permissioned identities within AWS, Azure, and GCP; resulting in very prominent breaches. In this session we’ll define a new Cloud Infrastructure Cyber Kill Chain and explore these TTPs to expose unique methods of lateral movement, privilege escalation, role-chaining, and more. Real world examples and best practices countermeasures will also be covered.

Speaker Bio
Michael T. Raggo has over 20 years of security research experience. Over the years he has uncovered numerous vulnerabilities in products including Samsung, Checkpoint, and Netgear. His current research focuses on hybrid cloud security risks and threats. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Books, and contributing author for “Information Security the Complete Reference 2nd Edition”. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; and is a former participating member of FSISAC/BITS and the PCI Council. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.

5:55 – 6:00 Closing Comments