Metro Monthly - February 2025

Congratulations to ISACA NYM for receiving the

2025 Outstanding Chapter Achievement Award!

Upcoming Events & Activities

Upcoming Trainings

Upcoming Certification Prep Classes

For additional trainings, see the Training & Development section within this issue or visit the T&D webpage.

Message from the Chapter President

Dear Members,

Our chapter has been officially announced by ISACA Global as the recipient of the Outstanding Chapter Achievement Award for 2025!  This award is a testament to all of the effort that goes into putting on our amazing schedule of events, training, student clubs and competitions. Thank you for being part of our world class organization and continuing to support our program. If you want to be part of this award winning team, please check out our board election page!

New York Cybersecurity Summit

Date: March 6th, 2025

Save the date and join us for the 15th Official Cybersecurity Summit in New York, ranked among the Top 5 InfoSec Conferences Worldwide, held on Thursday, March 6, at the Sheraton New York Times Square Hotel.

Click here to register with code ‘CSS25-ISCACANY’ for a FREE pass (normally $250!).

Sincerely,

Tim Mortimer 

President@isacany.org

Thought Leadership with Farid

🚨 𝐂𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐀𝐥𝐞𝐫𝐭 𝐟𝐨𝐫 𝐓𝐞𝐜𝐡 & 𝐀𝐮𝐝𝐢𝐭 𝐏𝐫𝐨𝐬: 𝐂𝐨𝐝𝐞𝐟𝐢𝐧𝐠𝐞𝐫 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐓𝐚𝐫𝐠𝐞𝐭𝐬 𝐀𝐖𝐒 𝐒𝟑 𝐁𝐮𝐜𝐤𝐞𝐭𝐬! 🚨

🛡️ A recent ransomware campaign, 𝘊𝘰𝘥𝘦𝘧𝘪𝘯𝘨𝘦𝘳, is exploiting 𝐀𝐦𝐚𝐳𝐨𝐧 𝐖𝐞𝐛 𝐒𝐞𝐫𝐯𝐢𝐜𝐞𝐬 (𝐀𝐖𝐒) S3 buckets by leveraging 𝐒𝐞𝐫𝐯𝐞𝐫-𝐒𝐢𝐝𝐞 𝐄𝐧𝐜𝐫𝐲𝐩𝐭𝐢𝐨𝐧 𝐰𝐢𝐭𝐡 𝐂𝐮𝐬𝐭𝐨𝐦𝐞𝐫 𝐊𝐞𝐲𝐬 (𝐒𝐒𝐄-𝐂). This sophisticated attack integrates directly with AWS’s encryption infrastructure, 𝘮𝘢𝘬𝘪𝘯𝘨 𝘳𝘦𝘤𝘰𝘷𝘦𝘳𝘺 𝘪𝘮𝘱𝘰𝘴𝘴𝘪𝘣𝘭𝘦 𝘸𝘪𝘵𝘩𝘰𝘶𝘵 𝘱𝘢𝘺𝘪𝘯𝘨 𝘵𝘩𝘦 𝘳𝘢𝘯𝘴𝘰𝘮 𝘧𝘰𝘳 𝘵𝘩𝘦 𝘥𝘦𝘤𝘳𝘺𝘱𝘵𝘪𝘰𝘯 𝘬𝘦𝘺. 💥

🎯 𝐖𝐡𝐚𝐭’𝐬 𝐇𝐚𝐩𝐩𝐞𝐧𝐢𝐧𝐠?

🔑 Hackers use compromised AWS credentials to encrypt data directly with SSE-C.

💾 𝘖𝘯𝘤𝘦 𝘦𝘯𝘤𝘳𝘺𝘱𝘵𝘦𝘥, 𝘳𝘦𝘤𝘰𝘷𝘦𝘳𝘺 𝘪𝘴 𝘶𝘯𝘢𝘵𝘵𝘢𝘪𝘯𝘢𝘣𝘭𝘦 𝘸𝘪𝘵𝘩𝘰𝘶𝘵 𝘵𝘩𝘦 𝘢𝘵𝘵𝘢𝘤𝘬𝘦𝘳’𝘴 𝘥𝘦𝘤𝘳𝘺𝘱𝘵𝘪𝘰𝘯 𝘬𝘦𝘺.

⚠️ 𝐖𝐡𝐲 𝐈𝐭 𝐌𝐚𝐭𝐭𝐞𝐫𝐬?

🚨 Sensitive business data in the cloud is a prime target.

❌ Without proper safeguards, organizations risk permanent data loss or paying hefty ransoms.

🛠️ 𝐌𝐢𝐭𝐢𝐠𝐚𝐭𝐢𝐨𝐧 𝐒𝐭𝐫𝐚𝐭𝐞𝐠𝐢𝐞𝐬:

✅ 𝐒𝐭𝐫𝐞𝐧𝐠𝐭𝐡𝐞𝐧 𝐀𝐜𝐜𝐞𝐬𝐬 𝐂𝐨𝐧𝐭𝐫𝐨𝐥𝐬: Use strong passwords and enforce Multi-Factor Authentication (MFA). 🔐

📊 𝐌𝐨𝐧𝐢𝐭𝐨𝐫 𝐂𝐥𝐨𝐬𝐞𝐥𝐲: Regularly audit access logs and set up alerts for suspicious activities. 🔍

📂 𝐁𝐚𝐜𝐤𝐮𝐩 𝐒𝐦𝐚𝐫𝐭: Maintain regular offline backups of critical data to ensure recovery options outside of paying a ransom. 💾

💡 𝐏𝐫𝐨 𝐓𝐢𝐩: Regular audits and automated monitoring are your best defenses against evolving threats like 𝐂𝐨𝐝𝐞𝐟𝐢𝐧𝐠𝐞𝐫. 🤝

🔍 𝐊𝐞𝐞𝐩 𝐖𝐚𝐭𝐜𝐡𝐢𝐧𝐠: Stay vigilant and update your security protocols to stay ahead of the curve! 🌐

Always a pleasure connecting with you, New York!

Cyber Watch with Jay

Overview

The Cybersecurity Education Leader provides CSX-Fundamental (CSX-F) training for chapter members as well as Cybersecurity awareness updates and hot topics of interest to the membership. 

Current Hot Topics

Every month, the Cybersecurity Education Leader plans to provide the latest Cybersecurity industry updates related to IT Audit, Cyber Breaches and Threats, Cloud Technology, Data & Privacy, and Enabling Technology.

If you have any updates, you believe are worth noting, please email our chapter lead.

Industry Hot Topics

IT Audit Updates

Cyber Breaches & Threats

Cloud Technology

Data & Privacy

Enabling Technology

Jay Rofsky

Technology Committee Chair

Your Membership Hub

Membership Committee Chairs: Japneet Kaur & Sam Vohra

We’re excited to kick off the new year with a focus on learning, collaboration, and connection within our incredible ISACA member community. This year is already shaping up to be an exciting one, with a calendar full of engaging membership events designed to inspire and enrich.

In Q1, we’re starting strong with our Winter Membership Event, hosted in collaboration with BNY Mellon and Microsoft. This fireside chat will be an excellent opportunity to connect, learn, and set the stage for a successful year ahead.

Reflecting as we Kick Off 2025!

As we step into the new year, we take a moment to reflect on the connections we've made. The memories from our past events continue to inspire us.

In this special Membership edition, we’ve captured some of the highlights from our time together at recent events—enjoy reliving the moments!

There’s so much more to come in 2025, so get ready to SEE YOU SOON!

THANK YOU for sharing your presence with us.  Let’s remember that COLLABORATION at our events isn’t a dream, it’s a decision we make together!

If you have any topics that you would like the committee to present or would like to present at our upcoming events as a guest speaker, please write to membership@isacany.org

With appreciation,

The Membership Team

SheLeadsTech

SLT Committee Chair: Christeen Russell

2025 - The Era of AI

Join us on February 26th for a SheLeadsTech and One in Tech (DEI) in-person event hosted in collaboration with WiCyS New York Metro. Register here.

SheLeadsTuesdays

Save the date for the next SheLeadsTech virtual event on March 25 at 5:30 PM! Join our featured speaker, Brittany Manley, Senior Manager at IBM where she serves as the Business Information Security Officer (BISO) Delegate for the CIO’s Governance, Risk, and Compliance (GRC) program. Participants who attend the full session will earn 1.5 CPE credits. Registration details will be sent to all members soon.

SheLeadsTech Spotlight

This month’s SheLeadsTech Spotlight features Uma Rajagopal, a seasoned Information Security leader with over 25 years of experience. Uma has led security initiatives at Capital One and Amazon and contributed to national defense projects like the GeoEye-2 satellite program. She co-authored Toward a Zero Trust Architecture and authored Essential Security Fundamentals. Dedicated to mentorship and fostering diversity and inclusion, Uma gives back to the community through various non-profit and industry organizations. Read on for Uma’s words of wisdom on leadership and innovation in cybersecurity.

Training & Development

Committee Chairs: Kwongmei (May) To & Lance Flocco

Winter/Spring 2025 Training Schedule

EARLY BIRD REGISTRATION. Don’t wait. Save now!

Attention: To ensure you receive your CPE certificates for completed courses,

do not opt out of Cvent notification emails.

Certification Classes: New classes and program are in the progress of being scheduled, please visit our website for most updated links and registration.

Note: Exam review classes DO NOT include the actual certification/certificate exam fees. 

Please go to www.isaca.org and search exam to register for the exam Here.

CERTIFICATION EXAM PREP CLASSES 2025

All exam prep class are from 9am to 5pm EST

Special Announcements:

• All Training & review classes will be provided as a live broadcast webinar only. No onsite classes.
• Some classes will be offered self-paced based on live recordings
• For those who will be appearing in any exam from home, please be sure to use a personal laptop instead of a company laptop as there have been issues when doing so during the exam.
• Top exam scorers for the New York Metropolitan area will be honored.

The New York Metropolitan Chapter continues to offer certification and certificate exam review classes for CISA (new exam domains from 8/1/24), CISM, CRISC, CGEIT, CDPSE, CCAK and CCSK. In addition, we are also offering many new classes as well.

BE A FLAMINGO IN A CROWD OF PENGUINS!!! GET CERTIFIED TODAY!!

We the Education and Certification Committee is the Platform to make you become the Rainbow flamingo.

We look forward to seeing you!

If you have any topics that you would like the committee to present or would like to present a topic as a guest speaker, please write to education@isacany.org or certification@isacany.org.

Academic Relations

Committee Chairs: Ashley Mangar-Persaud & Iqra Malik

Case Study Key Dates

Please note, mentors who assist teams during the Cybersecurity Case Study competition will receive CPE credits.

Student Competition:

The Academic Relations Committee is underway in hosting the Cybersecurity Case Study Competition this Spring Semester. Please see below information regarding the competition. Sign-ups have officially closed as of Friday, January 31st, 2025, at 11:59 PM. The 22 participating teams will have the presentation materials due Friday, April 4, 2025. After that, we will be hosting the Final Debate in May (more details to come). 

VOLUNTEER OPPORTUNITIES

Join the ISACA New York Metropolitan Chapter in Making a Difference!

Are you ready to enhance the visibility of the IS audit, control, risk, privacy, and security professions? We're looking for passionate volunteers to help us drive change and create a safer digital world. Your skills and dedication can make a real difference. Sign up today using this form or email us at volunteers@isacany.org and be a part of something bigger!

JOB OPPORTUNITIES

Employers: List open positions on our website for FREE!  Openings are posted for 30 days unless you direct otherwise. Send position description and contact information to jobs@isacany.org. NOTE: Job postings can only be seen by registered users logged into our site.

ISACA NEW YORK METROPOLITAN BOARD MEMBERS

Chapter Officers

• Tim Mortimer - President
• Teena Bacchus - 1st Vice President
• Wei Tschang - 2nd Vice President
• Eugene Levin - Treasurer
• Alyssa Vumbaco - Corresponding Secretary
• Christina Cruz - Recording Secretary

Board of Directors

• Alex Bazay
• Christeen Russell
• Thomas McDermott
• Kwongmei To
• Lance Flocco
• Jay Rofsky
• JapNeet Kaur
• Lorraine Stefanick
• Krishna Nekkalapudi
• Iqra Malik
• Daria Emelianova 
• Ashley Mangar - Persaud
• Sam Vohra
• James Powers
• Farid Abdelkader (Immediate Past President)

INFORMATION AND COMMUNICATIONS

If you would like to follow us live, please join us and click Here

For other social media platforms, please visit the links below!

Please let us know your thoughts and suggestions about the content at corresponding.secretary@isacany.org

ISACA New York Metropolitan Chapter

954 Lexington Avenue #525

New York, NY 10021-5013

(646) 659 8313