April 9th, 2021 meeting

DATE:April 9th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Presentation 1: Why is phishing still an issue?
Presentation 2: Setting the CISO free
PRESENTER(S):  Presentation 1: Mike Fleck (Senior Director of Sales, Cyren)
Presentation 2: Rob Newby (CEO, Procordr)

Presentation 1 detail:

ABSTRACT

Why is phishing still an issue? Let’s take a look at the tactics attackers are using and discuss why these simple, yet sophisticated, tricks allow malicious messages to evade detection. Mike will share summary statistics about the scale and type of phishing attacks and also provide detailed examples of specific incidents.

BIOGRAPHY

Mike Fleck is the Senior Director of Sales Engineering at Cyren. With over 15 years of experience in information security, Mike holds patents for transparent encryption and automated encryption key management and has been featured in Security Week, Information Security Magazine, Information Management, and NBC News. Prior to Cyren, Mike was the Vice President of Identity Protection at 4iQ, a provider of dark web threat intelligence that helps to protect consumer identities and to investigate cybercriminals. Previously, Mike was the Vice President of Security at Covata Limited (ASX: CVT) where he directed US operations and global marketing. He joined Covata in 2017, by way of acquisition of CipherPoint which he co-founded in 2010 and was CEO. His vast experience with complex Fortune 500 and Federal Government environments includes technical leadership roles at Vormetric (acquired by Thales), High Tower Software (acquired by NetForensics), Predictive Systems (NASDAQ: PRDS), and Lockheed Martin.

Presentation 2 detail:

ABSTRACT

Cybersecurity is now front page news. Companies are exposed, and CISOs need to make strategic decisions. Lack of accountability can lead to large fines and even prison time for Board members, but they aren’t being appropriately informed. Rob Newby was a new CISO in this situation 2 years ago. His board was concerned, but about the wrong things.


Rob explains what we’re doing wrong now in Security, and what simple changes can be made for the better to fix issues in reporting, strategy, governance and the demand for skills.

BIOGRAPHY

Rob is a problem solver for UK and EMEA boards, as a CISO and Security Adviser Rob has returned failing programmes and projects to the critical path, including setting up and developing multiple lines of defence in parallel, defining and delivering measurable business value. He is now the CEO of UK Cybersecurity startup Procordr, delivering strategy and governance solutions to large enterprises He previously worked as a CISO to SmartDCC, Strategic Adviser to Group CISO at Admiral Group, and at Aviva Group, he was the CISO for General Insurance and Strategic Adviser to their UK CISO.

Job Posting — Senior Business Systems Analyst (Information Security)

The Insurance Corporation of British Columbia (ICBC) is currently looking for a Senior Business Systems Analyst (Information Security) for its Information Risk Management team within the Information Services Division.

The position supports Information Risk Management to ensure ICBC meets business, legal, and stakeholder requirements for information security while managing costs. The successful candidate will be expected to function as a senior member of the Information Risk Management team, providing leadership and mentoring to team members while acting with minimal direction from the Manager.

In this role you will be working closely with business and technology stakeholders to identify business needs as they pertain to information security and seek alignment with policies, standards and other governance documents. You will take a leadership role to effectively articulate information security requirements, collaborate with team members and stakeholders such as Privacy & Freedom of Information and IT Security to facilitate the development and implementation of security processes and technology improvements. As part of your duties, you will complete risk assessments working while closely with business and technology stakeholders. You will provide ongoing reviews, improvements, and updates to existing information security policies, standards, strategies, risk assessment processes, and other governance documents and processes. You will plan, lead, and implement information security projects and initiatives while providing leadership and mentoring to other team members.

Position Requirements

You have knowledge of:

  • The ISO 27000 framework or similar information security management systems
  • Information security threats and the typical security controls used to mitigate those threats
  • Concepts of risk management, especially of the ISO 27002 and ISO 31000 risk management processes
  • Information Technology governance, risk, and compliance processes
  • Knowledge of industry standards such as NIST, COBIT, PCI-DSS, etc.
  • The BC Freedom of Information and Protection of Privacy Act (FIPPA)
  • e-Discovery and Legal Hold trends and legislation

You have skills to:

  • Evaluate risks to information and technology, including threat assessment, likelihood and impact assessment, and request executive risk management decisions
  • Demonstrated strength in facilitation and communication
  • Identify opportunities for improvements in business use of systems
  • Provide guidance about information security policy compliance
  • Draft executive and external briefing notes, security alerts and updates, and employee communications regarding information security policy and awareness issues
  • Present security issues to varied audiences
  • Work with outside parties to perform regular cyber security audits and training and be responsible for addressing any exposures identified within the audit
  • Knowledge and understanding of software development lifecycle, from application design and development to testing, implementation and production support
  • Strong focus on systems analysis, process, process improvement, and quality
  • Data-driven, analytical with strong problem-solving skills

You bring these credentials:

  • Bachelor’s degree in Information Technology (IT), Computer Science or equivalent
  • Several years of related experience including at least a few years in IT security
  • An information security certification such as Certified Information Systems Security Professional (CISSP) is an asset, but not required

You can view this job posting and apply for the position through ICBC’s website up to March 27, 2021.

ICBC’s job is to make sure the car insurance system works for all British Columbians, today and in the future. If you want to make the most of your skills and expertise while growing your career, ICBC wants you. A career at ICBC is an opportunity to be part of a talented, diverse and inclusive team that is driven to serve its customers and community. You can expect a competitive salary, comprehensive benefits and a collaborative work environment. If you are reliable and dependable, contact ICBC today to be part of their talented and diverse team as they work together to create an insurance system that all can be proud of.

ICBC welcomes applications from all qualified job seekers. If you are a job seeker with a disability, please let ICBC know as adjustments can be made to help support you in delivering your best performance.

March 12th, 2021 meeting

DATE:March 12th, 2021
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Security Frameworks
PRESENTER(S):  Robert Slade (M. Sc.)

ABSTRACT

We have a whole alphabet soup of security frameworks, ranging from checklists to guidelines to salami slicers to product evaluation criteria. Most consider them simply annoyances. Some consider them annoyances that must be complied with. However, they can be of use–if you know what they are, and what they can (and can’t) do for you.

BIOGRAPHY

Robert Slade prefers to say that he is the recipient of patronage from his nation-state because he is old and wise. Others prefer to say that he is retired. Rob finds this odd, since he is not the retiring type, as can be easily determined at


https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413


It is next to impossible to get him to take bio writing seriously, but you can try at rslade@vcn.bc.ca

Job Posting — Information Protection Advisor

The Insurance Corporation of British Columbia (ICBC) has an exciting opportunity for an experienced Information Protection Advisor to work in their Information Risk Management Department. As part of this team you will:

  • gather electronic evidence to support investigations,
  • provide information security governance and compliance services to corporate and divisional projects, conduct risk assessments and penetration tests,
  • present findings to business risk owners, and
  • develop security policies and standards.

To make an immediate contribution, you will draw on your demonstrated experience:

  • Gathering electronic evidence to support investigations, including extracting and interpreting systems log files and conducting computer forensics and mobile device forensics
  • Analyzing threats and assessing information security exposures to ICBC’s information and ICBC’s information technology systems
  • Performing regular pen tests and security tests on ICBC Systems, as well as engaging third parties to perform regular pen tests
  • Developing electronic investigation processes and procedures
  • Developing proactive monitoring rules, triaging alerts, and handling incidents
  • Recommending, creating, and updating corporate principles, policies, standards, and procedures related to information security
  • Consulting on corporate and divisional projects as an Information Security Lead, identifying information security risks, communicating with the business owners to establish impact, recommending treatment plans to remain within business risk tolerance, and tracking treatment plans through implementation;
  • Collect information security metrics to monitor and enhance the information security program at ICBC
  • Creating information security awareness media, including posters, online communications, blog articles, audio and video recordings, and other media.

Position Requirements

Key to your success in this role requires you to bring knowledge related to:

  • Principles, standards, practices, and tools pertaining to information systems security
  • The ISO/IEC 27000 framework for building Information Security Management Systems
  • BC’s Freedom of Information and Protection of Privacy Act (FIPPA); and e-Discovery and Legal Hold trends and legislation
  • Strong understanding of distributed systems and how they work
  • Incident handling processes and procedures
  • Trends and developments in the information and technology security field
  • Familiarity with SOC and SIEM tools
  • Familiarity with third party audit reports such as SSAE 16, SOC 2

Due to the nature of this position, the successful candidate must meet the Canadian Border Service security clearance requirements of the Enhanced Driver License Program

It would be considered an asset if your experience is supported by a business or technology degree and if you have industry recognized certifications such as a Certified Information Systems Security Professional (CISSP) and/or a Certified Information Systems Auditor (CISA) and/or a Certified Information Security Management (CISM) designation.

You can view this job posting and apply for the position through ICBC’s website up to March 31, 2021.

ICBC’s job is to make sure the car insurance system works for all British Columbians, today and in the future. If you want to make the most of your skills and expertise while growing your career, ICBC wants you. A career at ICBC is an opportunity to be part of a talented, diverse and inclusive team that is driven to serve its customers and community. You can expect a competitive salary, comprehensive benefits and a collaborative work environment. If you are reliable and dependable, contact ICBC today to be part of their talented and diverse team as they work together to create an insurance system that all can be proud of.

ICBC welcomes applications from all qualified job seekers. If you are a job seeker with a disability, please let ICBC know as adjustments can be made to help support you in delivering your best performance.