ISSA - NEU chapter

02/03/2020

On behalf of the 2020 ISSA Student Board, I would like to welcome everyone and kindly share a message with you from our student board President Vishal Maurya:

Sincerely,
~ Alexander Maki

02/01/2020

On behalf of the 2020 ISSA Student Board, I would like to kindly share a message with you from our new board President Vishal Maurya:

"Hello from the Cyber side. We are ISSA, here to help you with building professional relationships with the cybersecurity industry by keeping up with developments in information security/risk/privacy in the form of speaker events and workshops.

Our aim is to build a strong community and engage interested students to participate, learn, and understand the vital importance of Cybersecurity and how it is implemented in the real world.

Come join us in making this happen " ~ Vishal Maurya

Thanks for joining us, and stay tuned to this page for upcoming events!
Sincerely,
~ Alexander Maki

12/02/2017

Hey Guys, following are the updates on the upcoming event.
Location: Northeastern University, Snell Library
Room: 035
Event Schedule
1:00 - 1:40 -> Professor Long Lu (IoT and Mobile Security)
1:50 - 2:30 -> Solveig Galbo, Lauren Schmitt, Farshad Nayeri (Rise of Cybercrime and how it is reshaping anti-money laundering efforts)
2:40 - 3:20 -> Tejpal Garhwal (Application Security)
BREAK
3:30 - 4:10 -> Professor Jose Sierra
4:20 - 5:20 -> Panel Discussion (How to be a better Hacker)
Agenda Details
Topic 1
IoT and Mobile Security
Time: 1:00 – 1:40
Speaker: Professor Long Lu
Biography
Dr. Long Lu is an assistant professor in the College of Computer and Information Science. He is the director of the RiS3 Lab. Long’s research spans the broad area of systems and software security. His recent work is focused on application and operating system security for emerging platforms, such as mobile and IoT/CPS devices. He constantly publishes in the top-tier computer security conferences and is frequently invited to serve on their program committees. His research outcomes have been adopted by IBM, Microsoft, NEC, and Samsung. His work is currently funded by NSF, ONR, ARO, and AFRL.
Prior to joining Northeastern, he was an assistant professor of computer science at Stony Brook University. He holds a PhD in Computer Science from Georgia Tech. Long is a recipient of the NSF CAREER Award and the Air Force Faculty Fellowship.
Topic 2
Rise of Cybercrime and how it is reshaping anti-money laundering efforts
Time: 1:50 – 2:30
Speaker: Solveig Galbo, Lauren Schmitt, Farshad Nayeri
Biography
Farshad started his career in R&D at GTE Labs for Computer and Intelligent Systems where he designed scalable distributed applications. He then led the development of 100+ apps, most recently Perspective, an app that applies machine intelligence to create motion infographics. Furthermore, he has already transformed one FinTech company into a RegTech by helping them define their strategy and develop the first version of their product. Solveig Galbo has experience dealing with regulating payment services, electronic money, and within anti-money laundering and anti-terror financing. He has also been participating in negotiation and implementation of new European directives, hereunder the 2PSD.
Talk Summary
The regulatory status quo in the financial services industry is not sustainable. Banks have paid multi-billion dollar fines for compliance failures that they were ill equipped to detect or prevent. Even so, these fines are insignificant compared to the amount spent on efforts to avoid these problems. Annual costs associated with regulatory compliance are estimated to be well over $100 billion in the United States. The Wall Street Journal reports that financial regulations issued in just the past five years have cost $70.2 billion. Each of the top ten banks spends hundreds of millions of dollars on anti-money laundering compliance alone. The industry has been forced to address the continual growth in regulations through additional headcount and external consultants rather than innovative solutions due to the burden of maintaining legacy systems with components that are decades out of date. The status-quo is not sustainable. A new approach is needed.
This new approach requires a new relationship: a marriage between ‘reg’ and ‘tech’ points of view. Our partnership is a first example of this. Our story is about finding a common language that bridges legal considerations and computational solutions. We’ve learned how to build together. Not in opposition but in corporation. We believe this approach is the key to future of RegTech. In our talk, we will show some examples of the application of this approach.
Topic 3
Application Security
Time: 2:40 – 3:20
Speaker: Tejpal Garhwal
Biography
Tejpal Garhwal is the Application Security Architect in the leading Fortune 500 company that provides asset management and business processing solutions to education, healthcare, and government clients at the federal, state, and local levels.
He is focused on evolving the Application Security Program in his company to better support and empower application development teams that his company is embracing. He is responsible for the overall Application Security Program as well as the ex*****on of sub-initiatives that are aimed at secure coding training, static code analysis and pe*******on testing, metrics and governance.
Tejpal holds a BS in Mathematics and an MBA specialized in Global Business Management from NYIT. He recently received his GWAPT (GIAC Web Application Pe*******on Tester) certificate and is now busy preparing for CISSP certification.
Talk Summary
Current / recent cyber security posture
Application Security Principals / Disciplines
Application Security frameworks
How to be successful in implementing Application Security
Topic 4
The Smart World: A Security and Privacy Nightmare
Topic 5
Surprise Talk
Time: 3:30 – 4:10
Speaker: Professor Jose Sierra
Biography
Jose Sierra is an Associate Teaching Professor and Associate Director of Information Assurance and Cybersecurity Program at the College of Computer and Information Science. He earned his PhD at Carlos III University in 2000. Jose’s research areas include Authentication and Access control protocols, mobile payments protection, lightweight cryptographic protocols and IoT security. He has a very active publication record, with an important number of conference proceedings and journal papers. During his academic career, he has had the opportunity to research and work at several Universities, such as the British Bradford and Westminster, to well-established US ones like UC Berkeley and MIT.
Topic 6
Panel Discussion
Time: 4:20 – 5:20
Talk Summary
This will include the panel's experience in advising students on following areas
• Why hack?
• Courses, area of exposure, field of work
• Setting goals - how to find what you're good at.
• Setting up personal projects - collaborating with open source projects, collaborating with people in university.
• Participation in competitions - Do they help? How?
• Preparing for the industry - working on non - traditional skills.
• What to expect post Masters - Industry jobs, Academia roles.
• Community work - is a strong community of cyber professionals helpful? How?

11/27/2017

Hey Guys,

Just wanted to send out a quick update on the event which is going to take place on Nov 29th from 6 - 9 P.M. We have two guest speakers. Following are the details.

Location: SL 033

Topic: Finding the Few and Far Between from Public Domain: A Systematic Approach

Speaker: Roshan Thomas

Summary: Reconnaissance is the first stage of a hacking process. During this stage, the attacker collects as much information as possible about the target from publicly available sources. Most common sources used are search engines, social networks & technical forums. It’s during this stage the attacker identifies low hanging fruits and the weak spots of the target. The information collected in the reconnaissance stage is used in further stages to tailor attacks against a particular weak spot of the organization. In passive reconnaissance, the attacker tries to be as non-intrusive as possible to stay out of the target’s radar. Public domain data is the main source of information in this stage of an attack. The key motto of a passive reconnaissance is to identify the attack surface without triggering any alert. In this talk, I will be covering how a systematic approach in performing non-intrusive recon can help us find gems.

Topic: Security Issues in Software Defined Radio

Speaker: Harshad Sathaye

Summary: The talk will include a brief introduction of Software Defined Radio, things that can be done with SDRs. It will also include demonstration of some tools (GQRX and GNURadio), VHF Frequency Scanning (Local FM Stations, NOAA Weather Feeds), ADS-B reception (It is legal), Recordings of law enforcement's wireless communications and ATC communications from India and an overview of the security risks associated with SDRs (SDRs as a threat agent).

We will also be conducting the new board member elections for ISSA on December 2nd. If anyone is interested to be part of the organization, feel free to nominate yourself or others who you feel would fit the role using the link: https://orgsync.com/59172/forms/294239

On 2nd Dec, we are also planning to organize a much bigger event which will include interesting technical talks and round table discussion wherein the panel will consist of industry professionals as well as experts in different areas of security from the university. Details will be sent out very soon.

Hope everyone is excited! We are just as excited to see you all there. Shoot me or any of the board members a mail in case there are any questions regarding the events.

You must login to view this content. OrgSync is your way to connect to organizations, communicate with other members, and explore your community

11/21/2017

The ISSA - NEU will be conducting two major events in the coming month.

1. Nov 29th

We plan to have talks on security and finalize board nominations for the next year.

2. Dec 2nd (1PM to 6PM)

We plan to have many speakers for the event - including well known faulty and industry professionals followed by a panel discussion on "How to become better hackers"

The panel will discuss on how to be better in security and maximize learning in the university and prepare for the industry.

More details will follow. Please stay tuned.

11/23/2016

ISSA Elections on December 1st

You must login to view this content. OrgSync is your way to connect to organizations, communicate with other members, and explore your community

10/31/2016

Interested in joining the ISSA board? Officer positions are generally held for one year, with elections in December. The ISSA board plans events throughout the semester including speaker series, workshops and other sessions on information security. Board members must be graduate students at Northeastern University.
https://docs.google.com/a/husky.neu.edu/forms/d/e/1FAIpQLSc5xU6TC-GcWCMW5tzdZ6ipsRFUiokw-drqmPciTvXl6BSfPw/viewform?c=0&w=1

10/26/2016

Some references

1] https://www.offensive-security.com/metasploit-unleashed/msfvenom/
2] http://www.hackingtutorials.org/metasploit-tutorials/metasploit-commands/

msfvenom is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance. Note: msfvenom has replaced both msfpayload and msfencode as of June 8th, 2015.

09/07/2016

ISSA New England Meeting on September 15th at Microsoft in Cambridge!

OrgSync is a Campus Engagement Network that connects your students to organizations, programs, and departments on campus in a private online community.

09/02/2016

All, we need to formally elect an new Treasurer as Apoorv needs to step down. Sundanda has volunteered to take the position, but we need to vote on it. Please do so below.

https://orgsync.com/59172/polls/46039

OrgSync is a Campus Engagement Network that connects your students to organizations, programs, and departments on campus in a private online community.