April 12th, 2024 meeting

DATE:April 12th, 2024
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
TOPIC:Conducting Cyber Security Exercises – Sharing Knowledge From Training and Experience
PRESENTER: Gerry Sieracki (CISSP, Retired IT – OT – Cyber Security)
RECORDING: 

ABSTRACT

This presentation is the sharing of my knowledge gained from years of training and work experience in both the private and public sector. It will cover topics including planning, designing, conducting, post exercise debriefing, and more. It is designed to promote thinking about methods of conducting Cyber Security Exercises. The knowledge shared can also be applied to other types of exercises such as Disaster Recovery Exercises.

BIOGRAPHY

Gerry is a seasoned IT veteran with over 25 years of progressively responsible work in IT. He retired from work as a Network Administrator in the Critical Infrastructure Water Sector focusing on networking and cybersecurity. Gerry worked closely with external agencies such as the FBI, DHS and the SD-LECC on cybersecurity and other issues.


Gerry earned his CISSP in May 2015. Gerry is trained in the National Incident Management System (NIMS) and has additional training on physical security for Critical Infrastructure. Gerry has had training on developing Cyber Security and Incident Response Exercises. Gerry has designed and conducted several exercises, and participated in many more.

October 13th, 2023 meeting

DATE:October 13th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Sophos, 777 Dunsmuir St #1400, Vancouver, B.C. V7Y 1K4
Zoom Online meeting
TOPIC:Investigating the Reasons why Small and Medium Enterprises (SMEs) are not Using the Existing Cybersecurity Frameworks such as the NIST CSF: A Qualitative Exploratory Study Using the Delphi Data Collection Method
PRESENTER: Lloyd Jura, Ph.D., CISSP
RECORDING: 
This is an in-person event, with a Zoom session for remote participants. Guests must take the elevator to the 14th floor and go past reception to the 15th floor.

ABSTRACT

In this presentation, Dr. Lloyd Jura will talk about two things; his journey to obtaining a Ph.D. in Information Technology with a Cybersecurity concentration and secondly, he will present the findings of his research.


Dr. Jura’s exploratory qualitative study aimed to establish why small to medium enterprises (SMEs) are not adopting existing cybersecurity frameworks and establish motivating factors that SMEs can adopt by interviewing twenty-one cybersecurity subject matter experts. SMEs are not as prepared to deal with attacks as large enterprises and are not adopting cybersecurity frameworks like the NIST CSF. Current literature on cybersecurity framework adoption focused on large enterprises that excluded SMEs, even though breaches are increasingly happening to SMEs compared to large corporations. The research used the Self-determination Theory (SDT). SDT is one of the significant theories in human motivation, and its development and improvement over the years have been motivated by the desire to understand what motivates employees (Gagné, 2014). Self-determination Theory promotes “perceived autonomy, competence, and relatedness” (van Haastrecht et al. 2021, p. 1).

BIOGRAPHY

Dr. Lloyd Jura, an Assistant Professor at the New York Institute of Technology (NYIT) Vancouver Campus and an entrepreneur running Jura Technologies, Inc., is an accomplished expert in Governance, Risk, and Compliance (GRC) with over 25 years of industry experience. In his academic and professional pursuits, he aims to influence GRC and cybersecurity awareness training. Dr. Jura’s interdisciplinary background in information technology, business administration, and cybersecurity informs his research, focusing on governance, risk management, and compliance strategies in modern business environments. He is well-versed in frameworks like PCI-DSS, SOC 2, NIST CSF, and ISO 27001, and has led teams managing cybersecurity, data protection, and compliance programs in organizations such as Fraser Health Authority, ICBC, Vivonet, IBM Canada, and TELUS Security Solutions.

August 11th, 2023 meeting

DATE:June 9th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Virtual Meeting, Zoom registration link
TOPIC:FEARLESS – Why the business does not think cybersecurity is a problem
PRESENTER: Elson Kung (CISA, PMP)
RECORDING: 

ABSTRACT

Every day, our newsfeed is cluttered with news of ransomware, data exfiltration, stolen crypto, phishing, supplier attacks, and even DDoS. To us, there is no doubt that the cyber landscape is fraught with dangers. The organizations we are working so hard to secure are always only a hair away from becoming the next headline. As technology and security professionals, we know this. But what about the business? Are they just as aware of the threats? Are they prioritizing the organizations’ resources to fight cybercrime? If the answer is “No” to either of these questions, they are probably naive to the risk they face, and think that bad things can only happen to others, right? Certainly, they are negligent in their duties, and could care less about their organizations’ proprietary information, their customers’ PII, and their third parties’ information? Or are they simply arriving at the wrong conclusion despite having done their utmost due diligence?


In this session, we will consider the different frames of mind and explore potential solutions to correct the business’ view that cybersecurity deserves some, but not more attention. We will discuss how to steer them with effective operational and risk management approaches so they are just as vigilant as we are.

BIOGRAPHY

Elson Kung is the founder and consultant of Cactimo. He has hands-on and leadership experience in operational risk management, guiding businesses to implement effective controls to reduce a diverse array of risks including cyber security, third party, data privacy, financial reporting, regulatory compliance, resilience, and fraud. For over 25 years, he has worked in IT, various functions in the business, and the front-line of a company with $128 billion of assets and $2.5 billion of income in 2022.


A former president of ISACA Vancouver Chapter, he now serves on the board of BCG Counselling Group, the Provincial Security Advisory Council of BC, and is a Toastmasters area director. He also volunteers, runs, hikes and bikes.

April 9th, 2021 meeting

DATE:April 9th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Presentation 1: Why is phishing still an issue?
Presentation 2: Setting the CISO free
PRESENTER(S):  Presentation 1: Mike Fleck (Senior Director of Sales, Cyren)
Presentation 2: Rob Newby (CEO, Procordr)

Presentation 1 detail:

ABSTRACT

Why is phishing still an issue? Let’s take a look at the tactics attackers are using and discuss why these simple, yet sophisticated, tricks allow malicious messages to evade detection. Mike will share summary statistics about the scale and type of phishing attacks and also provide detailed examples of specific incidents.

BIOGRAPHY

Mike Fleck is the Senior Director of Sales Engineering at Cyren. With over 15 years of experience in information security, Mike holds patents for transparent encryption and automated encryption key management and has been featured in Security Week, Information Security Magazine, Information Management, and NBC News. Prior to Cyren, Mike was the Vice President of Identity Protection at 4iQ, a provider of dark web threat intelligence that helps to protect consumer identities and to investigate cybercriminals. Previously, Mike was the Vice President of Security at Covata Limited (ASX: CVT) where he directed US operations and global marketing. He joined Covata in 2017, by way of acquisition of CipherPoint which he co-founded in 2010 and was CEO. His vast experience with complex Fortune 500 and Federal Government environments includes technical leadership roles at Vormetric (acquired by Thales), High Tower Software (acquired by NetForensics), Predictive Systems (NASDAQ: PRDS), and Lockheed Martin.

Presentation 2 detail:

ABSTRACT

Cybersecurity is now front page news. Companies are exposed, and CISOs need to make strategic decisions. Lack of accountability can lead to large fines and even prison time for Board members, but they aren’t being appropriately informed. Rob Newby was a new CISO in this situation 2 years ago. His board was concerned, but about the wrong things.


Rob explains what we’re doing wrong now in Security, and what simple changes can be made for the better to fix issues in reporting, strategy, governance and the demand for skills.

BIOGRAPHY

Rob is a problem solver for UK and EMEA boards, as a CISO and Security Adviser Rob has returned failing programmes and projects to the critical path, including setting up and developing multiple lines of defence in parallel, defining and delivering measurable business value. He is now the CEO of UK Cybersecurity startup Procordr, delivering strategy and governance solutions to large enterprises He previously worked as a CISO to SmartDCC, Strategic Adviser to Group CISO at Admiral Group, and at Aviva Group, he was the CISO for General Insurance and Strategic Adviser to their UK CISO.

Friday, November 13, 2020 2pm to 4pm

Fri, Oct. 9, 2020 2:00pm — 4:00pm

DATE:November 13th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Cyberwarfare: The New “Colder” War
PRESENTER(S):  Kevin Murphy
Agenda:

2:00 pm – 2:15 pm  Welcome and announcements
2:15 pm – 2:45 pm  Featured Presentation
2:45 pm – 3:15 pm  Break
3:15 pm – 3:45 pm  Featured Presentation
3:45 pm – 4:00 pm  Q&A 

Abstract:  Is Cyberwarfare actually the next World War?  Modern cybersecurity threats have evolved into very effective disinformation campaigns and destructive ransomware. What can we collectively do to protect ourselves, our business, and our democratic institutions? Hint: the solution is more than just technology.

Biography:
Kevin was the VP of Cybersecurity Operations and Governance at IOActive.com, a retired US Air Force intelligence officer, and the former Director of Windows Security Architecture at Microsoft with over 25 years of experience in threat intelligence and information security. Kevin holds the CISM, CISSP, and CGEIT security certifications.