NJ ISACA SheLeadsTech

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Follow One In Tech's SheLeadsTech^TM program here.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NJ ISACA’s SheLeadsTech^TMProgram
Kick-Off at SECON 2019

Shaiesta Tawa & Lily Shue, Co-Chairs, SheLeadsTech^TMNJ ISACA

NJ ISACA kicked-off its SheLeadsTechTM program on May 21st, 2019 at SECON 2019, the Social Engineering Awareness Conference, which was hosted at Kean University, Union, NJ. Numerous attendees participating in the SheLeadsTech^TM track were of diverse backgrounds. Some of the items discussed during the session are highlighted below.

Mizba Tawa, President of the NJ ISACA Chapter, gave a brief description of ISACA’s global initiative, the SheLeadsTech^TMProgram. She called attention to the objective of the program, which is to increase the representation of women in technology leadership roles and the overall tech workforce. Details of the program were discussed and how it will engage in efforts to reach its goals. SheLeadsTech^TM will aim to educate employees, allies, and professionals alike to overcome unconscious biases against women in the workforces. It is a program built to prepare current and upcoming female leaders for the digital future through training and skill development programs. Further, the program intends to build strategic partnerships beyond ISACA to support this unique challenge globally.

The keynote speaker was Emma Arakelyan, CEO & Co-Founder of Orion Worldwide, LLC. Emma advocated ISACA's SheLeadsTech^TMprogram as an important initiative that provides guidance and encouragement to all women in the field. She stated it is essential to motivate women to take a proactive action in building a career in the cyber space. She believes this is the right time for women to build new careers as most Fortune 500 companies are taking serious steps in engaging women in leadership roles. As the discussion furthers, and initiatives are taken globally, women have increasingly unique opportunities to build on their strengths in the technology sector. However, the question of how to get there still lingers. Emma indicated the path is as simple as 3 key words: care, grow, and lead. Expanding on those, she campaigned for women to push beyond their comfort zones, build their brand, become a caring leader, and most importantly, learn and deeply engage in the new technologies that will shape the future, which was the perfect segue into our next speaker.

Following Emma’s motivational words, Dr. Lynn Costantini, Deputy Director of the Center for Partnership and Innovation at the National Association of Regulatory, engaged our event attendees by calling action upon the growing need of women within the technology sector. The title of her presentation, “Lost in Cyber Space, Women in the Tech Workforce” accurately depicted the sentiment women feel when it comes to being a part of the tech workforce. Dr. Lynn indicated that although cyber space is growing, there are fewer and fewer women entering the field. There just isn’t enough representation of women in technology leadership roles nor in the workforce. She urged that women should start exploring various opportunities offered by the advancing cyber related profession and work towards assuming leadership positions. Not having enough women in technology is a serious domestic issue and should be prioritized as such. It has grown to be more than a conversation, and rather can be classified as an existential issue for our industry. There are steps that can be taken to further advance women in technology, which is what our panel touched upon in their discussion.

The closing of the SheLeadsTech^TM track at SECON consisted of a panel of well established women within IT. Panelists included were NJ ISACA’s President, Mizba Tawa, who is also the Director of Global IT Risk Management at Prudential, Jennifer Bayuk, the CEO of Decision Framework Systems, Inc., Jody Raines, Manager of Cybersecurity at the NJ Board of Public Utilities, and Prabha Jha, Principal for Security Risk & Compliance at Verizon. Lily Shue, Managing Partner at LMS Associates, was the moderator for the event. The conversation encouraged an interactive discussion highlighting opportunities for women in IT.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

What Women Bring to the Table: The Men’s Perspective
Sept 25, 2019
The Pines Manor, Edison, NJ

Continuing the SheLeadsTech^TM conversation, NJ ISACA welcomed Michael Geraghty, the Chief Information Security Officer for the State of New Jersey, as the keynote. As the challenges of labor shortages increase within technology, we need to focus on diversifying the field and workplace opportunities. The question everyone seems to be asking is whether there is a skills gap or lack of interest that is serving as the primary obstacle. Geraghty presented that these challenges may be overcome by understanding that there are essential personnel competencies that precede any technical or cybersecurity knowledge. He noted that a strong foundation of personal effectiveness and workplace competencies will induce characteristics that are usually sought in tech professionals, such as analytical thinking. More so, we need to educate the workforce of tomorrow that skills can be attained, should this foundation pre-exist.

The panel discussion consisted of distinguished men that provided great insight about how gender parity and all forms of diversity can be achieved within the technology space. Brian DePersiis, the moderator, began with pointing out that if you are not part of the solution, then you are contributing to the problem. Panelists Michael Cangemi, Michael Chirico, Thomas McDermott, and Prasad Tenjerla all believed in the power of mentoring and providing ample opportunities to women and other underrepresented individuals in order to grow and establish themselves professionally.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SheLeadsTech^TM at Middlesex County Academy for Science, Mathematics,
Engineering, and Technology

Another aspect of NJ ISACA’s SheLeadsTech^TM initiative is to provide presentations that educate and inform the younger generation about cybersecurity and the ample career opportunities the field offers. NJ ISACA’s President, Mizba Tawa, held the first of these presentations at the Middlesex County Academy for SMET (MCTVS) in conjunction with the school’s Cybersecurity Club. Providing additional insight to the diversity of cybersecurity as a profession, Krista Valenzuela from the NJ Cybersecurity and Communications Integration Cell of the Office of Homeland Security and Preparedness spoke to the Current State of Cyber Crimes.

John P. Jeffries, Principle of MCTVS, promotes a very encouraging environment for students at the Academy. He was very supportive of the presentation and allowed students the opportunity to attend during school. Students and faculty alike were surprised to learn about the different tactics bad actors implement in the cyberspace and the opportunities present to help protect the cyber realm of today and tomorrow.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Cyber Awareness Program at Middlesex County Academy for STEM

ISACA New Jersey Chapter continues to implement their newly formed initiative of bringing cybersecurity awareness to high-school students. The program's overall goal is to promote cyber-awareness to ensure cyber-safety and open up the generation of tomorrow to consider vast opportunities in the field. There is an expanding skills gap that needs to be filled by both men and women alike. The SheLeadsTech^TM program has been designed to provide inclusive opportunities to both genders, as well as encourage and promote women in the field.

On January 3rd, 2020, NJ ISACA's SheLeadsTech Committee invited the (ISC2) New Jersey Chapter to speak about cybersecurity dangers and career opportunities at the Middlesex County Academy for STEM. Presenters were Niloufer Tamboly, (ISC2) NJ Chapter President, and Sanjeev Dayal, (ISC2) NJ Chapter Board Director.

Students were exposed to the NIST Cybersecurity Framework, the core methodology most cyber professionals use. As Mrs. Tamboly explained, the Framework provides a common language and systematic method for managing cybersecurity risk. It has been designed to integrate industry standards and best practices to help organizations manage their cybersecurity risks through the 5 key elements of Identify, Protect, Detect, Respond, and Recover. With the Framework's implementation, organizations are able to understand their cybersecurity risks and overall posture to help them create customized measures to reduce these risks. There are tremendous career opportunities for cyber analysts around these 5 key elements.

(l to r)
Mizba Tawa, NJ ISACA Chapter President
Sanjeev Dayal, (ISC2) NJ Board Director
Niloufer Tamboly, (ISC2) NJ Chapter President

Mrs. Tamboly further emphasized how rapidly the field is expanding and the growing skills gap with it. The need for experts will continue to increase as new technologies develop, such as the ever-growing industry of online gaming. With this transition, she brought insight of the tactics utilized in the breach of the popular online game, Fortnite, a game students were able to resonate with. Students were able to take away these simple elements of the breach:

HOW – EPIC Games left an old, unsecured page accessible to hackers whom were able to log onto players' accounts without a password.
WHAT – Hackers accessed the accounts of users to purchase in-game items with victims' payment information. Bad actors could also listen in on in-game conversations undetected
THE RISK – Unfiltered access to players' account information, including credit cards and payment information. Further, dangerous implications of eavesdropping on conversations undetected, especially concerning children.

It is important to stay cyber-safe. With the right protective measures, individuals can secure themselves and their information from possible breaches. As a transition into the next presentation, some tips were shared corresponding to the conversation surrounding Fortnite's breach:
MITIGATION EFFORTS – Players who choose to utilize in-game communication should only engage in game relevant
conversation. Private chats should be set-up, when able, with only known friends.

Continuing the conversation, Sanjeev Dayal emphasized simple, yet effective recommendations for students to remain cyber-safe. Some key recommendations included:

Have strong passwords.
Do not use the same password across multiple platforms.
Utilize Multi-Factor Authentication where available
Don't utilize public Wi-Fi services. Instead, rely on VPNs or personal mobile hot-spots.
Set social media profiles to private. This can help reduce tactics for phishers.
Avoid posting or sharing personal information online.
Never open attachments from unknown entities.

He urged everyone to stay vigilant online for attempts of social engineering, phishing, scams, and fraud. Students were also reminded that everything posted online stays forever. It was further advised to always think before posting or sharing anything online.

Aside from these risks, Mr. Dayal cautioned on cyber-bullying. Cyberbullying is a growing problem and has become an issue because the Internet is fairly anonymous. Hackers can very well be cyberbullies if they act with the intent of damaging the victim's reputation. They may even demand payment in return for not publicly sharing sensitive data.

Cybersecurity and cyberbullying can be related in the form of cybercrime. Implementing the recommendations noted before can minimize the chances of becoming a victim. Any instances of cyberbullying should be documented and reported to the appropriate authorities.

Although 100% security cannot exist, steps can be taken to protect your online identity to reduce the likelihood of these unfortunate occurrences. The cyber realm can invite unwarranted dangers, however it is up to individuals and organizations alike to be cyber resilient.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~