Academic Relations Committee and Student Club Presidents Overview

 
 
Academic Relations Committee
Chair:  Eugene Levin                              Deputy: Barry Dynkin
 
Eugene.Levin@isacany.org
 
  
   
Barry.Dynkin@isacany.org
Academic Relations Committee
Charter
The Academic Relations Committee promotes student awareness of the audit, control, and Information Security
professions, identify member schools and maintain ongoing working relationships with School Advocates.
Objectives
Promote awareness of, and interest in, Chapter events by providing information on education and training offered
by the Chapter
Promote benefits of ISACA certifications and the positive impact on career and professional growth
Why Volunteer?
For Chapter Members
Mentor the next generation of IT Audit, Cybersecurity, Risk, Control, Governance professionals
Personal satisfaction of aiding in the development of students
Meet highly capable and motivated students. Identify candidates for future internships and employment.
Network with professors and deans
Experience ISACA’s academic side
Good for your health - volunteering has tremendous health benefits
For Students
The best way to network with 4100+ professionals in Metropolitan area
ISACA volunteering is good for your career, looks great on resume and LinkedIn profile
Become part of a community and make new friends
Student discounts. Many chapter activities are free for volunteers.
Volunteers
 Evelin Urbaez, 
Horizon Blue Cross Blue Shield
 Maisha Ahmed, 
Recent Graduate
 Silvia Paolini, 
New York Life Insurance
 Michael Shanahan, 
CVS Health
 Kristie Roman, 
Citi
 Ashton Laurent, 
NYC Cyber Defense
David Gianna, 
Wells Fargo
 Michael Newman, 
Signature Bank
 Ashrafur  Rahman, 
Baruch Cybersecurity Club
 Robert Gockley, 
Sumitomo Mitsui Trust Bank
 Jenny Jo, 
MJJT Consultants, Ltd
 Alexander Obraztsov, 
Société Générale
 Stewin Camargo, 
Scotiabank
 Joseph Donohue, 
ZeroDayLab
 Tatyana Lemberskaya, 
Société Générale
 Willie Session, 
Farmingdale State College
 Anthony Lunan, 
Baruch Cybersecurity Club
 Kenia Arias, 
A-FE Consulting LLC
 Academic Committee Volunteers meet every 1
st
 Thursday of the month
global.gotomeeting.com/join/794771145
Call 630-869-1013
Access code 794-771-145
Student
 
Club Presidents
Baruch College
Cybersecurity Club
Samad Sunny
St. Johns University
Audit Club
 
Pavle Dokic
Queens College
IT Audit and Cyber-Security Club
Richard Balram
Fordham University
Cybersecurity
 Club
Jingting “Rubyanne” Ye
Yeshiva University
Cybersecurity Club
Jared Weintraub
John Jay College of Criminal
Justice
Cybersecurity Club
Sonica Lama
City College
Grove School
 of Engineering
Cybersecurity Club
Adnan Mostafa
NYU Tandon
Cybersecurity Club
The OSIRIS Lab
Wolfgang von Stuermer
 Club Presidents meet every 2
nd
 Tuesday 8:30pm of the month
Academic Relations Call To Action
Student Cybersecurity Case Study Competition
 was launched on March 16th. 11 teams from Baruch College, Queens
College, John Jay College of Criminal Justice, and City College have answered the call and will be competing for the top 3
prizes. 7 finalist teams are now competing for the top 3 prizes. Please see 
slides 37-59 
for more details.
Looking for guest lecturers 
to help professor Solieri of Queens College to deliver IT Audit course in the Fall of 2020. See
slides 24-26
 
for more details.
Looking for IT Audit and Cybersecurity Summer Internships
Will your company have IT Audit and/or Cybersecurity internships in the summer? New York Metropolitan Chapter
sponsors seven (soon to be eight?) ISACA Student Groups with several hundred motivated and ambitious members who
are interested in IT Audit and Cybersecurity careers and will be looking for internships. There are 4160+ members of the
chapter working for at least 1215+ different companies. Please let me know if you come across any internship
opportunities and I will pass it to Student Club leadership.
Looking for Student Mentors
In the Fall of 2020 we plan to pilot a mentorship program with 10 female diversity mentees from Baruch Cybersecurity
Club. Please see 
slides 10-21 
for more information.
14 seasoned professionals volunteered so far. We are looking to scale mentorship program and I already have two more
universities that are interested in pairing students with chapter mentors. Please let me know if you are interested to be a
mentor.
Looking for Cybersecurity Experts for Guest Lectures at NYU
NYU Tandon Cybersecurity Club is looking for Cybersecurity Experts to deliver guest lectures in April and May every
Tuesday, 1pm at 370 Jay Street, Brooklyn, NY, room 1066, at the NYU Tandon School of Engineering. If you are interested
and have an interesting Cybersecurity topic to present, please contact Wolfgang von Stuermer 
wvs215@nyu.edu
 
  Sep 26: 
NY Metropolitan 2019 
Member Social 
and 
Volunteer Recruitment
  Nov 26
: 
Academic Relations Committee dinner: We discussed why we are interested in Academic Relations, our
 
areas of expertize, interests, availability, and how we can help in the development of student clubs.
  Feb 19, 2020: 
Break Bar Social
  
Apr 25: 
Student Cybersecurity Case Study Competition – stay tuned.
Academic Relations Chapter Events
Baruch Cybersecurity Club
 The student advocate:  
Professor Trevor Moores
 
 President:  
Samad Sunny
 linkedin.com/company/isgbaruch/
Past Activities
 A new Student Leadership installed in 2019
 
Jul 26
: Eugene and Barry had an introductory call with club’s president Bhavin Darji about Baruch Cybersecurity Club
 
Aug 15
: Karen, Barry, and a few other members of the board visited Baruch College for a dinner to introduce themselves
to the new Baruch Cybersecurity Club eBoard and Professor Moores.
Aug 27
: 
Convocation 2019
: Club Fest where a few members of the Baruch College’s ISACA Cybersecurity Club eBoard
introduced the club to Freshmen.
Sep 6
:  New York Metropolitan chapter, IQ4, and Baruch College reached an agreement to co-sponsor Cybersecurity
Apprenticeships for 30 students during Winter session.
 
Sep 12
: 
Eugene made a presentation 
about ISACA at the 
General Interest Meeting
.
 
Oct 3
: 
FinTech 
Fireside Chat
: Cyber and Risk/ 
Recruiting event 
with the Depository Trust & Clearing Corporation
.
 
Oct 17
: 
Time Equities Event
. Professionals from Time Equities Inc. shared their 
knowledge and experience 
in ransomware
and investments in real estate.
 
Oct 28
: Professor Moore selected and accepted students for Winter iQ4 apprenticeships.
 
Nov 7
: EY: 
Cybersecurity vs Cyber Resilience
Nazir Vellani who is a senior manager from EY had an interactive discussion with students
about Cybersecurity and Cyber Resilience.  Nazir also provided interview tips as a
hiring manager.
Baruch Cybersecurity Club 
- cont
 The student advocate:  
Professor Trevor Moore
 
 President:  
Samad Sunny
 linkedin.com/company/isgbaruch/
Past Activities
 
Nov 21
: Cybersecurity in Banking – 
Cyber from MUFG & Deutsche Bank
A panel discussion about Cybersecurity in Banking and interview/resume advice moderated by then President of
Baruch College’s ISACA Cybersecurity Club – Bhavin Darji
After the panel discussion there was a networking session with Directors, Hiring managers, and Vice Presidents of
respective divisions.
December
: 
ISACA Cybersecurity Club Baruch College
 
was recognized by ISACA Global as a Student Group of the month!
Dec 3
: Samad Sunny is announced as the acting president of the club. 
Jan 2020
: 30 Baruch College students participated in 
iQ4 apprenticeship program 
. The program was co-sponsored by
The New York Metropolitan Chapter, iQ4, and Baruch College.
Jan 10
: The ISACA Cybersecurity Club conducted eBoard election followed by a networking session with the elected
members outside campus at Sous Vide Kitchen – Café.
Jan 28
: Executive members took part in 
Baruch Officer Leadership Training 
organized by Baruch
Jan 30
: The ISACA Cybersecurity Club participated in 
Baruch Club Fair 
of the year, where the club
networked with students and shared information about ISACA and upcoming club events.
Feb 6
: Eugene made an ISACA presentation at the 
Spring 2020 General Interest Meeting
.
Mar 5
: 
Technology Risk Consulting with RSM 
90-min interactive session on RSM 
culture, service lines, followed by
networking.
June 3: 
Eugene and Sunny reviewed proposed amendments to club bylaws.
Baruch Cybersecurity Club 
- cont
 The student advocate:  
Professor Trevor Moore
 
 President:  
Samad Sunny
 linkedin.com/company/isgbaruch/
Planned Activities
TBD
: Innovation with KPMG – A co-sponsorship event with Beta Alpha Psi (BAP), a renowned business fraternity, geared
towards providing students with knowledge on KPMG’s leading technology innovation in audit, tax, and advisory.
TBD
: We will join Beta Alpha Psi again to host the muti-national network of accounting firms, RSM, to speak about their
use of technology in risk and management consulting.
 
TBD
: Deloitte’s Cybersecurity and Tech recruitment pipeline event debut  with Baruch – just like DTCC last semester!
ISACA Technology Fellowship Program
       Our Mission                                Our Vision
The ISACA Technology Fellowship
Program is geared towards promoting
diversity and inclusion on campus by
providing aspiring technology
professionals with the knowledge,
skills, and support necessary to excel
in the technology industry.
To bring inspiration and innovation to
every aspiring technology professional
and help in paving their path to
becoming leading technology industry
professionals. 
     
Program Goals                  Program Objectives
Diversity and Inclusion 
Engagement and Retention
Succession Planning/Leadership
Development
Build and Strengthen the Tech
Community on Campus
 
Career Planning and Development
Behavioral and Technical
Interview Skills  
Opportunity to Build a Cross-
Functional Professional Network 
Program Roles & Responsibilities
Mentor
Feedback on mentee’s strengths and
weaknesses
Explain changing demands of the tech
industry
Encourage two way exchange of
information
Encourage mentee to take calculated risks
Help mentee reach full potential
Mentee
Establish goals for mentorship program
Develop an action plan that focuses on
achieving specific goals and objectives for
the duration of the program
Actively schedule meetings and engage
with mentor
Attend quarterly events
Matching Method
The strengths and weaknesses of each
mentee participating in the mentorship
program will be evaluated to make the
best mentor and mentee matches. 
Mentees will be paired with mentors
whose strengths match the mentee’s
weaknesses. 
This way the mentee will be able to not
only earn valuable insight on the
technology industry and build their
strengths, but work on their weaknesses
also.
Program
Implementation
Begin: September 2020
End: April 2021 
Details:
One-on-one mentoring 
Monthly check-in
Quarterly events 
Quarterly Events
Quarter 1
 - September 2020
(Orientation)
Quarter 2
 - November 2020
(Thanksgiving Get-Together) 
Quarter 3
 - January 2021 (New Years
Meet-Up) 
Quarter 4
 - April 2021 (Graduation
Ceremony)
Quarterly Events (Continued)
Quarter 1
 - September 2020 (Orientation)
Program introduction, review upcoming program events, mentor & mentee
introductions, conduct a team-building exercise, announce mentor and mentee
matches, distribute questionnaire and action plan, and address any questions or
concerns.  
Quarter 2
 - November 2020 (Thanksgiving Get-Together) 
The mentorship program participants will come together for an evening full of
networking and much to be thankful for! 
Quarterly Events (Continued)
Quarter 3
 - January 2021 (New Years Meet-Up) 
The mentorship program participants will come together for an evening of
networking to start off the new year the right way!  
Quarter 4
 - April 2021 (Graduation Ceremony) 
A graduation ceremony will be held for our first cohort of the ISACA Technology
Fellowship Program where mentees will be awarded certificates for successfully
completing the fellowship program. Mentees who display exceptional
performance will be recognized and awarded for their dedication to the program.
Supporting
Resources
ISACA New York Metropolitan Chapter
  
As a leading ISACA chapter, our mission is to serve our membership by providing
world-class training, networking opportunities, and guidance while contributing
to the profession both locally and internationally.
ISACA Career Centre 
Access to resources to help direct your next career move 
Job openings for IT Audit, assurance, risk, security, cybersecurity, and
governance professionals 
Worldwide search-by-country, by certification 
Members can:
Post resumes/CVs in a searchable database 
Receive email notifications of new job listings 
Baruch College Starr Career Development Center 
The mission of the Starr Career Development Center is to provide comprehensive
career services to Baruch College undergraduates. We encourage students to
come to the Center from the time they are freshman through senior year
graduation and as alumni. The staff of the SCDC is dedicated to assisting students
and alumni in all aspects of their career development as they make decisions
about majors, apply to graduate and law school, prepare for internships and jobs,
and progress in their professions.
Volunteers
Eugene Levin
Barry Dynkin
Alexander Obraztsov
Bob Gockley
Michael Newman
Evelin Urbaez
Kristie Roman
Ashton Laurent
Rajesh Kumar
Michelle A. Schaap
Ilya Pozharsky
Sam Vohra
Barry Sears
Craig Harris
Timothy Sheng
ISACA Cybersecurity Club Baruch College
St.
 
Johns
 
University
 
Audit
 
Club
 The student advocate:  
Professor David Chan
; President:  
Pavle Dokic
Past Activities
 A new Student Group Board of Directors installed 2019. Club has about 30 members.
 
Oct 10
: Eugene, Barry and Wei met with Pavle Dokic and Professor Chan to discuss current club status
and next steps.
 
Nov 12
: Soft and Hard Skills needed for Career in Advisory Consulting.
 
Nov 19 
: Cyber Security and Internal Audit – presentation by Teena Bacchus.
 
2nd week of Dec
: 
Deloitte Audit Innovation Campus Challenge
Planned Activities
 Involve St. Johns University Audit club in joint events with other colleges, Emerging Professionals
committee, and New York Metropolitan Chapter membership events.
Queens College IT Audit and Cyber-Security Club
 The student advocate:  
Professor Steven Solieri 
 
President:  
Richard Balram
Past Activities
 
Oct 21
: Eugene, Barry and Wei had a call with and prof. Solieri to discuss current status and on next  steps.
 
Oct 23
: "ISACA IT Audit and Cyber-security Club" is approved as a student club/organization at Queens College.
Approximately 20 people are already interested.
 
Nov 4
: Eugene, Barry, Wei had a call with Richard Balram to discuss ISG ISACA international application and General
Interest Meeting on Wednesday, Dec 4th 12:15-1:30.
 
Nov 6
: Richard  have submitted the ISG application with ISACA international.
 
Nov 11
: Queens College IT Audit and Cyber-Security Club 
is officially recognized by ISACA
.
 
Dec 4
: 
Barry introduced ISACA at the General Interest Meeting.
 
Planned Activities
TBD
: 
POSTPONED
 
BKD Office Visit
 , Co-sponsorship with Ascend and World of Work
TBD
: 
POSTPONED
 
Canon U.S.A. HQ Office Visit
 , Co-sponsorship with Ascend and World of Work
TBD:
 POSTPONED
 
IT Audit presentation 
by 
Mr. 
Aadesh Gandhre
, Group Head of Audit - IT Americas and Latin America
Business, Chief Innovation Officer - US Audit at Société Générale
TBD
: 
POSTPONED
  
Presentation by 
Mr. Odrej 
Krehel
, PhD, CISSP, CEH, CEI , EnCE, Digital Forensics Lead, CEO and
Founder, LIFARS on “
Career in Digital Forensics and Case Studies
: Cryptocurrency Hacking and Nation States”
Queens College IT Audit Course
Professor Solieri is looking for 14+  
IT Audit practitioners for Fall 2020 
introductory  14 week IT Audit Course (
mostly grad students and some
undergrads) to deliver 1.5-2 hour lectures and demos.
“I would enjoy discussing my plans for the IT Audit class and hope you would provide some feedback and ideas to make it even better. My goal is to break the
course into 14 main subjects and to have one or two practitioners present a topic for the class (2 hours). Each week new practitioners will discuss the topic and
present/demonstrate how the topic can be carried out.  The semester is 14 weeks and consist of 2 hours 50 minutes each week. I will use the extra time each
class to discuss the submission of projects based on presentations and I will use the two additional weeks (classes) for testing and students presentations. I
would greatly appreciate ISACA's help in choosing the topics (using the CISA curricula) and finding good practitioners interested in assisting in the class. “
“Thank you so much for volunteering to assist me in the development of the IT Audit class at Queens College. It is amazing how many people are willing to help us
in our endeavor thanks to the mutual association with the Metropolitan Chapter of ISACA and the Educational Committee led by Eugene and Barry. We are truly
blessed by such outstanding people.
I have attached the ISACA CISA Domains and Sub-Domains that I would like to propose as a starting point. It is likely too aggressive, but it would be nice to be able
to aim for a higher goal as a starting point. I would be very happy with even achieving half this in our first iteration of the course.
My goal is to make the class "come alive" for the students and be a mixture of topic coverage via lecture and hands-on achievement by performing exercises in-
class and as a follow-up assignment. We can anticipate a computer lab setting with approximately 20-25 seats.
I am eager to know your thoughts and share possible experiences with others who have taught and delivered this content. While I am a CISA and keep my CPEs
current I have not be heavily practicing for almost 25 years and need the assistance of active practitioners to make the course current.
Thank you for your volunteerism and the guidance you will provide. I would also appreciate any SMEs that you can recommend to us for possible topical
coverage.”
“I am hoping for the following organization of each class:
1) Pre-readings available two weeks or so in advance,
2) Presentation by a Subject matter Expert (SME) for about 45-75 minutes,
3) Some small hand-on exercise in-class to get students on the right track (to be completed at home before the next week's class) with total time required of one
to three hours.
4) Possible follow-up presentations at the end of the semester via ZOOM/GoToMeeting or other media with the SMEs
This will give the students the theory, some practice of implementation or working with the theory, and then delivery using that theory with possible
presentation. ”
Dr. Steven A. Solieri, CPA, CMA, CIA, CISA
Queens College (CUNY)
Associate Professor
SASolieri@aol.com
Queens College IT Audit Course
PROSPECTIVE SYLLABUS  
 
Fordham University Cybersecurity Club
 The student advocate:  
Prof Thaier Hayajneh 
 
President:  
Jingting “Rubyanne” Ye
Past Activities
 
August
: Fordham University ISG was officially recognized by ISACA International.
 
Oct 7
: Eugene, Barry, Wei met with prof Hayajneh and Rubyanne to discuss Fordham’s
ISG.
 
Nov 4
: The first official club meeting. The club has 40 members. Working on getting
ISACA recognized as a club at Fordham.
 
Dec 10
: Cybersecurity Club 
website is ready
 and is announced on Instagram and
LinkedIn
.
 
Feb 27, 2020
: 
Eugene Levin 
and Chapter’s Immediate Past President 
Alexander Abramov
delivered a guest lecture to professor 
Tim Ryan
 IT Audit and Information Assurance
students at Fordham University Gabelli School of Business.
Planned Activities
 Start planning Spring semester events. Rubyanne is looking for Speaker – will let us know
topics she is interested in.
 Cyber mixer event - moved to Feb.
John Jay College of Criminal Justice Cybersecurity Club
 The student advocate:  
Professor Aftab Ahmad
; President: 
Sonica Lama
Past Activities
 
Oct 15
: 
First General Interest Meeting and Club Election. 
24 people attended.
 
Oct 29
: Eugene, Barry and Wei had a call with Sonica Lama (Pres), Arnold 
Moctezuma 
(VP), and prof. Ahmad  to
discuss current status and agree on next steps
 
Oct 30
: Emailed John Jay club a list of “Great Speakers” for a potential presentation.
 
Nov 11
: Sonica submitted ISACA International application.
 
Nov 11
: Director of the Center for leadership approved the ISACA Student Group by-laws and sent all the
documents to the Judicial Board.
 
Nov 12
: Connected Sonica with Cybereason which will help with speakers and demos in the Spring semester
once John Jay club gets approved.
 
Nov 20
: Cybersecurity Club was interviewed by John Jay College Judicial Board and is expected to approved at
the end of the semester.
 Nov 22
: ISACA International application is waiting to see Cybersecurity Club web site under John Jay student
clubs/organizations.
 
Dec 15
: John Jay has officially recognized ISACA Student group. Checking with ISACA Global regarding Web site
requirement alternatives.
 
Jan 22, 2020
: ISACA officially recognized ISACA Student group.
 
Feb 9
: Connected Sonica with  Jacob Berry , Principal Incident Response Specialist at Cybereason, a terrific
speaker election hacking, incident response, and careers in cybersecurity.
 
Feb 18
: 
John Jay Cybersecurity Club 
Spring 
General Interest Meeting
John Jay College of Criminal Justice Cybersecurity Club
 - cont
 The student advocate:  
Professor Aftab Ahmad
; President: 
Sonica Lama
Planned Activities
 Apr 8: 
Virtual Zoom Session with 
Mr. Abraham Rivera 
to learn about the opportunities at 
NYC Cyber Command
and explore the tips to land in cyber jobs during the college or after the graduation.
 
Apr 30: 
Virtual
 
Zoom
 
Presentation by 
Mr. Odrej 
Krehel
, PhD, CISSP, CEH, CEI , EnCE, Digital Forensics Lead, CEO
and Founder, LIFARS on “
Career in Digital Forensics and Case studies
 Cryptocurrency hacking and Nation States”
Here is the link to the recording: 
https://us02web.zoom.us/rec/share/-eMrA637zENOHZ3XyF-
YBat9L5umaaa8g3Af-qIJnR4ojqpq2lqHCk3lYuNP4mPF
 TBD
: Zoom Panel Discussion: FBI, CEO
 TBD:
 Presentation by 
Mr. Gotham Sharma 
on 
Access CYBER
: our cyber security list and how students can use it
to launch their careers. Link: 
https://www.accesscyber.org/
Yeshiva University Cybersecurity Club
 
The student advocate:  
Professor David Schwed
; President: 
Jared Weintraub
Past Activities
Jul 25
: Eugene and Barry had a call with David Schwed regarding potential ISG at Yeshiva University. Provided an
ISG welcome package and offered assistance.
Aug 27
: Barry presented ISACA at MS in Cybersecurity student orientation and got a very positive reception from
program director and Dean of YU Katz School Science and Health.
Oct 7
: Eugene, Barry, Wei met with prof Schwed, Malka to discuss Yeshiva’s ISG. Jared had technical difficulties so
Eugene had a separate conversation with Jared on October 10th.
Nov 26
:  Cybersecurity Club application is under final review by Yeshiva University. ISACA International application
is submitted.
Mar 2, 2020: 
Cybersecurity Club is recognized by Yeshiva University as a student organization.
Planned Activities
 
Waiting for Yeshiva University and ISACA International Approvals.
City College Cybersecurity Club
 
The student advocate:  
Dr Claude Brathwaite (acting)
 
President: 
Adnan Mostafa (acting)
Past Activities
Oct 2
: Karen, Barry and iQ4 team met with Dr. Ardie Walser, Associate Dean of Undergraduate &
Graduate Studies and Professor of Engineering to discuss ISACA Student Group opportunities on
campus.
Nov 19
: Eugene made an ISACA introduction to City College Grove School of Engineering students at the
General Interest Meeting. We have very strong support from City College officials and some students
already volunteered for club officer roles.
Dec 11
: Acting club President Adnan Mostafa met wit Dr Claude Brathwaite to discuss finding an
academic advisor for the club, and the process for creating student club and student web page at City
College.
Dec 19
: Adnan met with Samad Sunny (Baruch College Cybersecurity Club President) to get some tips
on running a successful student club
NYU Tandon Cybersecurity Club
 The student advocate:  
Brendan Dolan-Gavitt 
 
 President: 
Wolfgang von Stuermer
https://www.osiris.cyber.nyu.edu/
http://cyber.nyu.edu/
https://twitter.com/osirislab
The mission of The OSIRIS Lab and the Cybersecurity Club is educational. We invite with open arms, all who possess the
desire, the drive, and the dedication to learn about “The Cyber”, reciprocating in good faith the promise to provide for every
peer the knowledge and tools needed to explore their individual interest.
We run two events weekly: Cyber Security Club (CSC) and Hack Night for a more technical-skills focused approach.
CSC is a lecture series that we host at 1pm EST on Tuesdays where we provide pizza and bring in a "cyber security expert"
to give that week's guest lecture. These talks are usually framed so that people with very little prerequisite knowledge can
hop right in, but hopefully contain enough technical meat to interest a more advance crowd. We seek a diversity of speakers
to learn about a spectrum of cyber security and individual ideologies, approaches, and so much more.
Further we conduct research where our students determine what research projects they want to pursue. This results in
interesting tools, code repositories, blog posts, and even bug bounties.
Lastly, the OSIRIS Lab runs the annual CSAW global Capture the Flag (CTF) event, which is the largest student-run CTF
event existing.
The reason that the OSIRIS Lab exists is to provide an unrestricted space for those individuals to explore and collaborate on
exactly that which captivates them. To that end, the Lab is (almost) always open, and entirely student run.
NYU Tandon Cyber Fellowship Program
Building on over 150 years of technological leadership, New York University Tandon School of
Engineering today provides the opportunity to develop the same valuable skill-set as on-campus
students, entirely online.
In collaboration with industry partners on the NYU Tandon Advisory Council , 
The Cyber
Fellowship
 program is an elite, highly technical Cybersecurity Master's degree offering students a
scholarship that covers 
75% of their tuition
. NYU Cyber Fellows is a unique, affordable online
program designed to address the acute US shortage of trained, underrepresented technical
professionals. The program's sizable scholarship brings the total cost for this rigorous, highly-
technical education to approximately $16,000 for the entire program.
Additionally, NYU Tandon’s Department of Technology Management and Innovation offers an
online Management of Technology Master’s degree preparing professionals for 
management and
leadership 
roles focusing on the strategic, behavioral,  organizational, and 
social business
aspects.
Management of Technology (MOT) 
graduates are trained in entrepreneurship and
commercialization, global innovation and R&D strategy, leadership of distributed and virtual
organizations, and other high-growth, 21st-century opportunities.
Finally, for individuals with 
Non-STEM 
backgrounds looking to get into cybersecurity, or if those
looking to polish up computing and security skills, the NYU Tandon Bridge certificate program is
the best fit. This non-credit course is offered for the low price of
$1,850 and is available in 17 or 24-week formats with the same material taught in each. The only
difference is the hours students are expected to devote to the course each week.
Partnerships
iQ4
 
2019
: New York Metropolitan Chapter and iQ4 announced a partnership that allowed members of the chapter to earn CPEs by
volunteering as Cybersecurity Apprenticeship Mentors. In June 2019 Newsletter Alexander Abramov announced that around 690
CPEs were granted due to iQ4 mentoring.
 
Sept 6
: New York Metropolitan chapter, IQ4, and Baruch College reach an agreement to sponsor Cybersecurity apprenticeship
for 30 students during Winter session.
 
Sept 18
: Karen, Eugene and Barry have a dinner with Frank Cicio, Dennis O’Connel, Ed Moskal, and Debra Korner regarding the
concept of a Cybersecurity Center
 
Nov 1
: Discussion of New York Metropolitan Chapter and iQ4 collaboration.
 
Jan 2020
: 30 Baruch College Students have attended “Threat Within” – cybersecurity apprenticeship co-sponsored by
Metropolitan Chapter, iQ4, and Baruch college, led by Prof Moores.
 
Feb 20: 
Barry and Karen met with IQ4 leadership to continue the conversation about potential collaboration, Memorandum of
Understanding, etc. They “discussed a self sustaining model that would truly benefit students by funneling them into jobs and
ISACA clubs & memberships.  We are collaborating to work out the details and plan to meet in the next couple of weeks to
discuss.”
Emerging Professionals Committee
Nov 4
: Eugene, Barry and Megan Soriano (Chair of Emerging Professionals committee) discussed a potential networking event
with students in January. Options discussed: NYC SPIN (table tennis, billiards club), Break Bar NYC/Anger Room/Rage
Room/The Wrecking Club.
Dec 11
: Eugene, Barry, and Tatyana Lemberskaya met with Megan Soriano to discuss the next steps.
Jan 7
: The event was scheduled for Feb 19
th
 and capped for 75 people – half emerging professionals and half students. This
became the Break Bar Social (see slide 6) which sold out and became a major success.
Partnerships - cont
Cybereason
Oct 30
: Eugene, Barry and Wei met with Siobhan Alexander and Chris Taylor (point of Contact) to discuss how they can help
with putting together various demonstrations (like  election hacking tabletop) for student cybersecurity clubs.
Jan 7, 2020
: Eugene emailed Chris Taylor regarding hosting an election hacking event in NYC in April.
Feb 12: 
Eugene has connected Chris Taylor (Marketing Director) and Jess DeLuka (
Election Hacking Tabletop Simulation 
Event
Organizer) with David and Lev from Yeshiva University. There is a mutual interest to host the event at Yeshiva University. Follow
up call is scheduled for Monday, March 2
nd
.
Feb 12: 
Election Hacking Tabletop Simulation is preliminary scheduled for April and Yeshiva is checking facilities availability
however it is possible that all gathering will be put on hold due to COVID-19.
Yeshiva University
 
Feb 2
:
 Yeshiva University offered to partner with the Chapter and co-host some Cybersecurity events at their prime real estate
facilities at Lexington and 
 
33rd Street. They have a really nice conference hall that can accommodate up to 90 people where they
host various cybersecurity events like this: 
https://www.linkedin.com/pulse/blockchain-institutional-security-next-challenge-
securing-levin/
   and also a variety of class rooms.
Yeshiva University is interested in promoting their new MS in Cybersecurity program and will provide a venue free of charge.
Future Initiatives
 
April
:  Potential Election Hacking Tabletop demonstration by Cybereason
 
April 25
: Cybersecurity Student Case Study Competition
 
Fall 2020
: Mentorship pilot with Baruch Cybersecurity Club
 TBD
: Student Career Fair
Cybersecurity Case Study
Student Competition
Overview
37
Student Cybersecurity Competition was organized by ISACA New York
Metropolitan Chapter in collaboration with Academic Advisors of ISACA
Student Groups  affiliated with the chapter.
The competition took place in March – May 2020.
Teams of 4-6 students received Cybersecurity Case Study to analyze.
Competition was open to students of all majors, not just members of ISACA
Student clubs.
Students from different universities/colleges were allowed to form teams.
11 teams  from 4 colleges entered the competition.
Teams of 4-6 students received Cybersecurity Case Study to analyze.
After the first round of the competition Academic Advisors selected two best
teams from each college to compete in the final ISACA competition.
The final competition was judged by a panel of senior executives  and
luminaries which selected the top 3 winning teams.
Competition Results
38
ISACA New York Metropolitan Chapter Student Cybersecurity Case Study Competition
Quotes from the Judges and Academic Advisors
I was very much impressed with the effort and dedication the students put into this effort
What an exciting exercise! I believe the teams gave it a lot of thought, work and creativity. It was
a very close call and a tough choice in some cases.
The whole experience from creating the scenario to speaking with the teams has been very
uplifting. They as you said are all winners – great talents.
From my perspective, the results were an example of what I firmly believe in: the power of
combining business and technical/cyber expertise and how important it is to bring a range of
skills into managing resiliency effectively.
This is a great initiative from ISACA NY Chapter for encouraging students in cyber security
careers. All teams really took time to understand issues and came up with good analysis and
control recommendations. I am sure they learned a lot in the process.
It’s one thing to know the basics of how a cyber attack happens, it’s another to be able to wade
through the wreckage and be able to advise senior management on what they should do.
I am quite impressed with the exercise and the quality of the effort by the teams. The current
shortage of strong talent in the InfoSec space will be a temporary problem if enough students
with this level of skill come out of schools. Kudos to you and all the other academic
professionals.
39
Appendix
Important Dates
 
March 16
: Competition is announced and universities are invited to participate, teams are
formed.
 
March 23 and 25
: Competition kick off Q&A meetings with participating universities and
teams. Universities to provide info on how many teams plan to participate.
 
March 23: 
Cybersecurity Case Study is published.
 March 23 – April 24: 
Teams are working to conduct case study analysis. Teams are strongly
encouraged to use online collaboration tools like Skype or Google Hangout.
 
April 24: 
Universities will select top 2 best teams using the Rubric provided for the final
ISACA competition. Universities will provide info on which teams and the students that will
go to the final competition.
 
April 24-May 1
: Finalist teams must complete their PowerPoint presentations and record
team presentations of the case study analysis. Again, teams are strongly encouraged to use
online collaboration tools and not meet in person.
 May 1: 
Finalist teams must email their PowerPoint presentation and video recording to
ISACA NY Metropolitan panel of judges.
41
Important Dates
 
May 2: 
Eugene to send out welcome package to Judges that will include
 Zip of seven PDF and PowerPoint presentations
 Case Study, Questions and Answers
 Ranking Sheet that includes links to 10 minute YouTube recordings
 
May 2-10 EOD: 
Judges to review presentations, YouTube recordings, and rank anonymous (*) team submissions
from 1 to 7 using the Rubric and Scoring system (slide 4 and 5) as guidance. 
Judges to email Eugene Ranking
Sheet by May 10
th
 end of day.
May 11
: Eugene to average rankings to identify top 3 teams and schedule GoTo Meeting interviews with the top 3
teams for Sunday, May 17
th
 morning.
May 17:
10am-10:30am – Judges  discuss and agree on interviewing approach.
10:30-10:55am – Team A (TBD) interview
11:00-11:25 – Team B (TBD) interview
11:30-12:00 – Team C (TBD) interview
After the interviews Judges finalize 1
st
, 2
nd
, 3
rd
 place ranking of the winning teams and email Eugene their
decisions.
Week of May 18 and on:  
Winners are announced, information is posted at Chapter’s web site, LinkedIn group,
awards are sent out, feedback is collected on how to improve the competition for next year.
(*) All teams except one followed directions and did not disclose which college(s) they are from.
42
Invited Universities with Affiliated ISACA
Student Clubs
 
Baruch College, CUNY
 
John Jay College of Criminal Justice, CUNY
 Fordham University
 
Queens College, CUNY
 St. John’s University
 Yeshiva University
 
City College, Grove School of Engineering, CUNY
 New York University Tandon School of Engineering
Colleges highlighted in 
bold
 responded to the invitation and have student  teams participating in the
competition.
43
Team Prizes *
 1
st
 Place - $600 per student
 2
nd
 Place - $500 per student
 3
rd
 Place – $400 per student
 All students from the top 3 teams will get
 Diploma recognizing their achievement
44
Role of the Mentor
Student teams can reach out to mentors to
Ask questions
Seek case study clarifications
Ask for feedback
Case Study Analysis must be independent work of the students with no direct inputs
from the mentor.
Mentors will provide guidance on how they would tackle the real-world cases in their
own organizations so that you have a framework to build on.
45
Written and Video Presentation
 Written case study analysis should have at most 20 slides and must cover the following:
 Identify the threats and vulnerabilities inherent in the case.
 Consider how the NIST Cybersecurity Framework might apply.
 Recommend solutions to protect a company from similar attacks.
 Identify organizational constraints that affect the decision criteria.
 Provide an outline of the best cyber security solution.
 Document and present your proposal, aimed at the executive board level
.
 Video presentation must be at most 10 minutes long and include all team members.
46
Instructions on PowerPoint and
Video Presentation Submission
 
Post your recorded presentation on your YouTube channel and email a link and PowerPoint
presentation to Eugene.Levin@isacany.org.
  Video Recording format – output should be MP4
  Suggestion: PowerPoint slideshow + slide narration = MP4
  All team members must participate in the presentation.
 In the slides and the presentation please introduce your name and team’s name but 
not
which college you are from
.
Dropbox, academic advisors are invited and upload the file to the folder.
Dropbox, academic advisors are invited and upload the file to the folder.
47
Case Study Rubric
 Case study analysis and presentation will be evaluated based on how well they address the following (with
% weight):
 Brief summary of the case (5%)
 Identification of the root cause of the problem (5%)
 Priority of actions to be completed first (10%)
 Understanding of who is involved in the decision-making process (10%)
 Applicable laws that may be used to prosecute the threat actor (10%)
 Legal measures to be undertaken to fulfill regulatory obligations (10%)
 Likely effectiveness of controls used to contain the attack (20%)
 Any Public Relations (PR) implications (10%)
 Recommendations to the Company Board (20%)
48
Scoring System For Judges
 The rubric given in the previous slide should be marked according to the following scoring system (on a
scale of 1 to 10):
1.
Discussion missing, or fails to address the issue.
2.
--
3.
Some relevant points, but a lack of justification for the choices given.
4.
--
5.
Most of the relevant points included, with justification for most, but not all.
6.
--
7.
All relevant points included, and justified, but further elaboration required.
8.
--
9.
All relevant points included, justified, and clear discussion of choices made.
10.
--
49
Judges
Jessica Robinson
CISO - CEO,  Purepoint, Jessica@purepoint-international.com
Medha Bhalodkar
Chief Information Security Officer & Enterprise IT Risk Officer, Columbia University,
mb2075@columbia.edu
Radhika Bajpai
Google, Radhika.Bajpai@gmail.com
Gehan Dabare
MD of Cybersecurity, MUFG, gehan@dabare.com
Barry Dynkin
Co-Founder and President of Atlas Cybersecurity,  barry.dynkin@isacany.org
Alicja Cade
MD, CISO of GM, IBCM, GCIO & Americas, Credit Suisse,
alicja.cade@credit-suisse.com
Alex Bazay
CISO, Align, alex@bazay.com
Manny Cancel
SVP and CEO E-ISAC, North American Electric Reliability Corporation, mannycancel@hotmail.com
50
Academic Advisors
  Prof Trevor Moores
 
Baruch College
 
Trevor.Moores@baruch.cuny.edu
  Prof Steven Soliery
 
Queens College
 
sasolieri@aol.com
  Prof  Claude Brathwaite
 
City College
  
cbrathwaite@ccny.cuny.edu
  Prof  Muath Obaidat
 
John Jay College
 
mobaidat@jjay.cuny.edu
51
Mentors
  Walter Cook
   
Queens College
 
walt@d3intel.solutions
 Brian Mohr 
   
Queens College
 
brian@d3intel.solutions
 Mark S. Northrup
  
Queens College 
 
spider1msn@aol.com
 David Gianna
   
All Colleges
  
dgianna@yahoo.com
52
Queens College: 2 Teams
Team P.R.A.N.C.S
Richard Balram
  
richardabalram@gmail.com
Andrew Hana
  
andrewhana720@gmail.com
Paras Kumar
   
paraskumar61797@gmail.com
Nana Yaw
   
nyaw4956@gmail.com
FB Consultants
Nathaniel Samuels
  
nate.samuels98@gmail.com
Joshua Hwang
  
joshuahwang2@gmail.com
Matthew Panzenbeck
 
minigerman1898@gmail.com
Moses Parente
  
moses.parente@meca-nyc.org
Peter Sideris
   
petersideris17@gmail.com
53
Baruch College: 4 Teams
 
54
TBD
Angel Mauricio
  
vacacelamauricio@gmail.com
Ashfaque Zamam
 
ASHFAQUE.ZAMAN@baruchmail.cuny.edu
Daniel Gurvich
  
daniel.gurvich@barchmail.cuny.edu
Raez Tahmidur Rahman
 
RAEZMTAHMIDUR.RAHMAN1@baruchmail.cuny.edu
Winners
Bikranta Bista
  
bikranta.bista@baruchmail.cuny.edu
Guy Stanley Oriol
 
Guystanleyfil.oriol@baruchmail.cuny.edu
Joanne Lin
  
JOANNE.LIN3@baruchmail.cuny.edu
Jun Yi Li
  
junyi.li@baruchmail.cuny.edu
Md Kawsar
  
Md.kawsar1@baruchmail.cuny.edu
Sam (Jongshen) Lee 
 
jongshen.lee3@baruchmail.cuny.edu
Baruch Blitz
Ashrafur Rahman
 
ashrafur.rahman2@baruchmail.cuny.edu
Mohsin Masrur
  
mohsin.masrur@baruchmail.cuny.edu
Nujailah Noor 
  
NUJAILAH.NOOR@baruchmail.cuny.edu
Rida Rasheed
  
rida.rasheed@baruchmail.cuny.edu
Shermeen Khan
 
shermeen.khan@baruchmail.cuny.edu
Tomasz Horczak
 
tomasz.horczak@baruchmail.cuny.edu
Guardians of the Cyber Realm
Chanelle Vasquez
 
chanelle.vasquez@baruchmail.cuny.edu
Isaiah Hinton
  
ISAIAH.HINTON@baruchmail.cuny.edu
Kyle Gonzalez
  
KYLE.GONZALEZ@baruchmail.cuny.edu
Raisa Mashihat
  
RAISA.MASHIHAT@baruchmail.cuny.edu
Rehab Zaman
  
REHAB.ZAMAN@baruchmail.cuny.edu
Samad Sunny  
  
MDSAMAD.SUNNY3@baruchmail.cuny.edu
John Jay College of Criminal Justice: 4 Teams
FIRE BRIGADE
Michael Orlando
  
michael.orlando@jjay.cuny.edu
Veljco Bozic
  
veljko.bozic@jjay.cuny.edu
James Stefanik
  
james.stefanik@jjay.cuny.edu
Michael Martinez
  
michael.martinez09@gmail.com
THE SNIFFERS
Avi Bulka
  
Avi.bulka21@qmail.cuny.edu
Nila Singh
  
nila.singh@jjay.cuny.edu
Haley Mahony
  
haley.mahony@jjay.cuny.edu
Jiang Lim Choong
  
jianlim.choong@jjay.cuny.edu
INTERROGATION SQUAD
Joseph Brown
  
joseph.brown1@jjay.cuny.edu
Melissa Chan
  
melissa.chan@jjay.cuny.edu
Shihao Dong
  
shihao.dong@jjay.cuny.edu
Priya Thapa
  
priya.thapa@jjay.cuny.edu
Souhail Daoudi
  
souhail.daoudi@jjay.cuny.edu
THE ENFORCERS
Sonica Lama 
  
sonica.lama@jjay.cuny.edu
Rose Wong
  
rose.wong@jjay.cuny.edu
Gabrielle Anatole        
 
gabrielle.anatole@jjay.cuny.edu
55
Joint City/Baruch College Team
Team Soteria
  Gladys Veronica Juca gjucaca000@citymail.cuny.edu
  Faisal Alshaikh
 
falshai000@citymail.cuny.edu
  Aishwarya Minocha 
 
AISHWARYA.MINOCHA@baruchmail.cuny.edu
  Diya Sharma
  
DIYA.SHARMA@baruchmail.cuny.edu
  Ida Polishchuk 
 
IDA.POLISHCHUK@baruchmail.cuny.edu
56
Organizing Committee
Eugene Levin, ISACA NY Metropolitan Chapter, Chair of Academic Relations
Barry Dynkin, ISACA NY Metropolitan Chapter, Deputy Chair of Academic Relations
Wei Tschang, ISACA NY Metropolitan Chapter, Vice President
Trevor Moores, Baruch College
Alicja Cade, Managing Director, Chief Information Security Officer GM, IBCM, GCIO & Americas at Credit Suisse
Alexander Obraztsov, ISACA Academic Relations volunteer
Tatyana Lemberskaya, ISACA Academic Relations volunteer
57
Case Study
Va-Va-Voom Petroleum Company is a privately run, family funded organization – quite a rarity in the oil industry these days. The
company’s HQ is in Texas and it owns 3 oil rigs based in the Gulf of Mexico, very close to the marine reservation boasting
spectacular coral reefs.
The company, established in the 1950’s, has seen ups and downs in the markets but has always managed to overcome any
difficulties. However, the last 20 years have been particularly challenging. The owners have struggled to invest the modest profits in
to the maintenance of the company’s infrastructure, including IT, as the health and safety of oil rigs has been an utmost priority, in
particular post the Deep Horizon disaster. Oil prices have taken a bashing, due to the impact of pandemics, environmental concerns,
and with growing global competition.
The austerity has resulted in staff cuts, including IT as well as allowing some systems to reach their End-of-Life (EOL). The
management has plans to replace the systems, yet the complexity of in-house designed applications and databases means the
elimination of EOL infrastructure requires a significant re-write of the apps and a database re-design. The programmers who
designed some of the apps back in the 1990’s have retired and there is no system documentation, hence management is planning to
do a major system and architecture overhaul…when the time is right. In the meantime, the current CISO, recognizing the risk
exposure of EOL systems, has focused on investing the slim IT budget into perimeter defenses, including end-point protection, an
external pen-test program and user awareness training.
The small budget also means a small IT team – just 10 staff members to deal with all-things “cyber”, including governance, an
assurance program, product engineering, and incident management. Although the team is small, all team members are highly
qualified, holding key ISACA security qualifications as well as CISSP. Needless to say, the team is well aware of “good practice,”
including the importance of protecting national critical infrastructure, and all are increasingly worried the current environment
has inherent weaknesses. And then this happens …
58
Case Study – cont.
Phase 1, Simulation time: 00:00
During a business as usual Thursday morning, multiple users receive an email from HR asking them to validate their payroll data. The email
notes it is a standard procedure to perform a periodic validation to ensure that payroll is delivered on time.  The email has a link that points to a
Va-Va-Voom branded Web page with a form to enter details including the user’s email address and their single sign-on password to ensure
security of the data. Some users report the emails as phishing, but others click on the link and follow the instructions on the form….
 
Phase 2, Simulation time: 01:00
As the morning progresses staff in all locations start reporting their inability to access their desktops. They complain of their desktops and
folders being corrupted. The CISO, after some investigation, confirms a known malware attack on some of the users who clicked on the phishing
link.
The CISO receives a call from an oil rig maintenance vendor stating their company has suffered a similar attack, and they are suffering from a
total black out.
Phase 3, Simulation time: 01:45
It transpires the malware likely targeted a known vulnerability for which Microsoft released a patch
 to fix months ago
. But at Va-Va-Voom, only
50% systems were patched while 50% were left unpatched, due to EOL implications.
The CISO obtains intelligence from sector contacts that suggests the ransomware spreads using email as the attack vector. Once a person clicks
on the malicious link it quickly spreads across the network and locks other desktops. The attackers also hijack the login credentials.
 
Phase 4, Simulation time 02:00
The IT team confirms that if any staff clicks on a similar phishing email, the malware quickly spreads to vulnerable unpatched machines, and
then across the entire network.  It locks all systems, databases, and data….including the ability to shut off the fail-safe system across all
locations, by creating a “hole in the firewall” using admin credentials obtained through the phishing campaign. All screens are black, including
the safety monitoring systems at all 3 oil rigs. The platform staff are unable to control the pumps, pressure valves, or drills. Lives are at risk.
 
Phase 5, Simulation time: 02:05
The CISO’s phone is ringing – it’s CNN. The CEO also receives a call from FBI…
59
Case Study – Clarification Questions
General Case Questions
1.
Where are we entering the case study? Are we existing at time 0:00, 1:00, 1:45, 2:00, 2:05 or post?
2.
I have a question regarding the end of the case study. Does it end at 2:05?
3.
What is the role of our group? How do we fit in? Part of IT Team? Are we a 3rd Party Consultant?
Specific Case Questions
1. Which MS systems were un-patched (Operating Systems)
2. Do proper backups exist? Have they been tested? When was the last backup prior to the incident? Are the
backup systems on virtual systems? Have backups been air-gapped?
3. Has a ransom been demanded and if so how much?
4. What data has been compromised? (We trying to determine the value of the data (Legacy Data)
5. Was the data encrypted? If so, what level of encryption was utilized?
6. Which systems have been comprised? Mission-Critical Systems? Financial HR?
7. Which critical systems were EOL (End-of-Life)?
8. Have all legal and regulatory agencies been notified? Which agencies have responded with resources?
9. Has the Incident Response (IR) plan been followed?
10. Have Forensic Data been preserved?
11. Has SIEM (Security Information and Event Management) software been used and available?
12. Where is Va-Va-Voom Petroleum Company in enacting its BCP (Business Continuity Plan)?
13. Have the compromised systems been taken off-line?
60
Case Study – Answers
General
A general note as to the times in the case study: the simulation times are not clock times, they are relative times.
0:00 can be assumed to be anywhere between 8:00 and 10:00 AM CST. Thus 1:00 case time would be one hour later,
between 9:00 and 11:00 AM respectively.
(1) Entering the case study post 2:05.
(2) Yes, but you can choose to break down your response over multiple time periods, you don’t have to limit yourself
to what you will be doing at precisely 2:05.
(3) As 3rd party consultants.
Specific
Preamble: The answer to most of these questions could be "make any reasonable assumptions" which would provide
the latitude that can allow differences between teams and a more interesting set of interpretations for the judges to
assess. Where multiple plausible assumptions exist, you should either make clear what assumption you are making
and/or address both possible scenarios and how they would impact the company. For those questions that might
need a specific answer, I would suggest:
(3) Yes. 1 Bitcoin per machine.
(4) Widespread, including mission-critical systems, but you can’t be sure if they have exfiltrated the data, and thus
have access to it, or if they’ve merely encrypted it and locked you out of using the systems.
(6) as (4)
(7) as (4)
(8) No agencies have been notified by the company or its management as of 2:05.
61
Slide Note
Embed
Share

The Academic Relations Committee, headed by Eugene Levin with Barry Dynkin as Deputy, focuses on fostering student awareness in audit, control, and information security professions. The committee encourages engagement with member schools to promote ISACA certifications and career growth. Additionally, the Student Club Presidents meet regularly, representing various cybersecurity and IT audit clubs in different universities. These gatherings provide opportunities for networking, skill development, and community building among students interested in these fields.

  • Academic Relations Committee
  • Student Club Presidents
  • Cybersecurity
  • Information Security
  • Networking

Uploaded on Sep 21, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Academic Relations Committee Chair: Eugene Levin Deputy: Barry Dynkin Eugene.Levin@isacany.org Barry.Dynkin@isacany.org

  2. Academic Relations Committee Charter The Academic Relations Committee promotes student awareness of the audit, control, and Information Security professions, identify member schools and maintain ongoing working relationships with School Advocates. Objectives Promote awareness of, and interest in, Chapter events by providing information on education and training offered by the Chapter Promote benefits of ISACA certifications and the positive impact on career and professional growth Why Volunteer? For Chapter Members Mentor the next generation of IT Audit, Cybersecurity, Risk, Control, Governance professionals Personal satisfaction of aiding in the development of students Meet highly capable and motivated students. Identify candidates for future internships and employment. Network with professors and deans Experience ISACA s academic side Good for your health - volunteering has tremendous health benefits For Students The best way to network with 4100+ professionals in Metropolitan area ISACA volunteering is good for your career, looks great on resume and LinkedIn profile Become part of a community and make new friends Student discounts. Many chapter activities are free for volunteers.

  3. Volunteers Academic Committee Volunteers meet every 1st Thursday of the month Evelin Urbaez, Horizon Blue Cross Blue Shield Maisha Ahmed, Recent Graduate Silvia Paolini, New York Life Insurance Michael Shanahan, CVS Health Kristie Roman, Citi Ashton Laurent, NYC Cyber Defense David Gianna, Wells Fargo Michael Newman, Signature Bank Ashrafur Rahman, Baruch Cybersecurity Club Robert Gockley, Sumitomo Mitsui Trust Bank Jenny Jo, MJJT Consultants, Ltd Alexander Obraztsov, Soci t G n rale Stewin Camargo, Scotiabank Joseph Donohue, ZeroDayLab Tatyana Lemberskaya, Soci t G n rale Willie Session, Farmingdale State College Anthony Lunan, Baruch Cybersecurity Club Kenia Arias, A-FE Consulting LLC global.gotomeeting.com/join/794771145 Call 630-869-1013 Access code 794-771-145

  4. Student Club Presidents Club Presidents meet every 2nd Tuesday 8:30pm of the month Baruch College Cybersecurity Club Samad Sunny St. Johns University Audit Club Pavle Dokic Queens College Fordham University Cybersecurity Club Jingting Rubyanne Ye IT Audit and Cyber-Security Club Richard Balram NYU Tandon Cybersecurity Club The OSIRIS Lab Wolfgang von Stuermer John Jay College of Criminal Justice Cybersecurity Club Sonica Lama Yeshiva University Cybersecurity Club Jared Weintraub City College Grove School of Engineering Cybersecurity Club Adnan Mostafa

  5. Academic Relations Call To Action Student Cybersecurity Case Study Competition was launched on March 16th. 11 teams from Baruch College, Queens College, John Jay College of Criminal Justice, and City College have answered the call and will be competing for the top 3 prizes. 7 finalist teams are now competing for the top 3 prizes. Please see slides 37-59 for more details. Looking for guest lecturers to help professor Solieri of Queens College to deliver IT Audit course in the Fall of 2020. See slides 24-26for more details. Looking for IT Audit and Cybersecurity Summer Internships Will your company have IT Audit and/or Cybersecurity internships in the summer? New York Metropolitan Chapter sponsors seven (soon to be eight?) ISACA Student Groups with several hundred motivated and ambitious members who are interested in IT Audit and Cybersecurity careers and will be looking for internships. There are 4160+ members of the chapter working for at least 1215+ different companies. Please let me know if you come across any internship opportunities and I will pass it to Student Club leadership. Looking for Student Mentors In the Fall of 2020 we plan to pilot a mentorship program with 10 female diversity mentees from Baruch Cybersecurity Club. Please see slides 10-21 for more information. 14 seasoned professionals volunteered so far. We are looking to scale mentorship program and I already have two more universities that are interested in pairing students with chapter mentors. Please let me know if you are interested to be a mentor. Looking for Cybersecurity Experts for Guest Lectures at NYU NYU Tandon Cybersecurity Club is looking for Cybersecurity Experts to deliver guest lectures in April and May every Tuesday, 1pm at 370 Jay Street, Brooklyn, NY, room 1066, at the NYU Tandon School of Engineering. If you are interested and have an interesting Cybersecurity topic to present, please contact Wolfgang von Stuermer wvs215@nyu.edu

  6. Academic Relations Chapter Events Sep 26: NY Metropolitan 2019 Member Social and Volunteer Recruitment Nov 26: Academic Relations Committee dinner: We discussed why we are interested in Academic Relations, our areas of expertize, interests, availability, and how we can help in the development of student clubs. Feb 19, 2020: Break Bar Social Apr 25: Student Cybersecurity Case Study Competition stay tuned.

  7. Baruch Cybersecurity Club The student advocate: Professor Trevor Moores President: Samad Sunny linkedin.com/company/isgbaruch/ Past Activities A new Student Leadership installed in 2019 Jul 26: Eugene and Barry had an introductory call with club s president Bhavin Darji about Baruch Cybersecurity Club Aug 15: Karen, Barry, and a few other members of the board visited Baruch College for a dinner to introduce themselves to the new Baruch Cybersecurity Club eBoard and Professor Moores. Aug 27: Convocation 2019: Club Fest where a few members of the Baruch College s ISACA Cybersecurity Club eBoard introduced the club to Freshmen. Sep 6: New York Metropolitan chapter, IQ4, and Baruch College reached an agreement to co-sponsor Cybersecurity Apprenticeships for 30 students during Winter session. Sep 12: Eugene made a presentation about ISACA at the General Interest Meeting. Oct 3: FinTech Fireside Chat: Cyber and Risk/ Recruiting event with the Depository Trust & Clearing Corporation. Oct 17: Time Equities Event. Professionals from Time Equities Inc. shared their knowledge and experience in ransomware and investments in real estate. Oct 28: Professor Moore selected and accepted students for Winter iQ4 apprenticeships. Nov 7: EY: Cybersecurity vs Cyber Resilience Nazir Vellani who is a senior manager from EY had an interactive discussion with students about Cybersecurity and Cyber Resilience. Nazir also provided interview tips as a hiring manager.

  8. Baruch Cybersecurity Club - cont The student advocate: Professor Trevor Moore President: Samad Sunny linkedin.com/company/isgbaruch/ Past Activities Nov 21: Cybersecurity in Banking Cyber from MUFG & Deutsche Bank A panel discussion about Cybersecurity in Banking and interview/resume advice moderated by then President of Baruch College s ISACA Cybersecurity Club Bhavin Darji After the panel discussion there was a networking session with Directors, Hiring managers, and Vice Presidents of respective divisions. December: ISACA Cybersecurity Club Baruch College was recognized by ISACA Global as a Student Group of the month! Dec 3: Samad Sunny is announced as the acting president of the club. Jan 2020: 30 Baruch College students participated in iQ4 apprenticeship program . The program was co-sponsored by The New York Metropolitan Chapter, iQ4, and Baruch College. Jan 10: The ISACA Cybersecurity Club conducted eBoard election followed by a networking session with the elected members outside campus at Sous Vide Kitchen Caf . Jan 28: Executive members took part in Baruch Officer Leadership Training organized by Baruch Jan 30: The ISACA Cybersecurity Club participated in Baruch Club Fair of the year, where the club networked with students and shared information about ISACA and upcoming club events. Feb 6: Eugene made an ISACA presentation at the Spring 2020 General Interest Meeting. Mar 5: Technology Risk Consulting with RSM 90-min interactive session on RSM culture, service lines, followed by networking. June 3: Eugene and Sunny reviewed proposed amendments to club bylaws.

  9. Baruch Cybersecurity Club - cont The student advocate: Professor Trevor Moore President: Samad Sunny linkedin.com/company/isgbaruch/ Planned Activities TBD: Innovation with KPMG A co-sponsorship event with Beta Alpha Psi (BAP), a renowned business fraternity, geared towards providing students with knowledge on KPMG s leading technology innovation in audit, tax, and advisory. TBD: We will join Beta Alpha Psi again to host the muti-national network of accounting firms, RSM, to speak about their use of technology in risk and management consulting. TBD: Deloitte s Cybersecurity and Tech recruitment pipeline event debut with Baruch just like DTCC last semester!

  10. ISACA Technology Fellowship Program

  11. Our Mission Our Vision The ISACA Technology Fellowship Program is geared towards promoting diversity and inclusion on campus by providing aspiring technology professionals with the knowledge, skills, and support necessary to excel in the technology industry. To bring inspiration and innovation to every aspiring technology professional and help in paving their path to becoming leading technology industry professionals.

  12. Program Goals Program Objectives Diversity and Inclusion Engagement and Retention Succession Planning/Leadership Development Build and Strengthen the Tech Community on Campus Career Planning and Development Behavioral and Technical Interview Skills Opportunity to Build a Cross- Functional Professional Network

  13. Program Roles & Responsibilities Mentor Mentee Feedback on mentee s strengths and weaknesses Explain changing demands of the tech industry Encourage two way exchange of information Encourage mentee to take calculated risks Help mentee reach full potential Establish goals for mentorship program Develop an action plan that focuses on achieving specific goals and objectives for the duration of the program Actively schedule meetings and engage with mentor Attend quarterly events

  14. The strengths and weaknesses of each mentee participating in the mentorship program will be evaluated to make the best mentor and mentee matches. Matching Method Mentees will be paired with mentors whose strengths match the mentee s weaknesses. This way the mentee will be able to not only earn valuable insight on the technology industry and build their strengths, but work on their weaknesses also.

  15. Begin: September 2020 Program Implementation End: April 2021 Details: One-on-one mentoring Monthly check-in Quarterly events

  16. Quarterly Events Quarter 1 - September 2020 (Orientation) Quarter 2 - November 2020 (Thanksgiving Get-Together) Quarter 3 - January 2021 (New Years Meet-Up) Quarter 4 - April 2021 (Graduation Ceremony)

  17. Quarterly Events (Continued) Quarter 1 - September 2020 (Orientation) Program introduction, review upcoming program events, mentor & mentee introductions, conduct a team-building exercise, announce mentor and mentee matches, distribute questionnaire and action plan, and address any questions or concerns. Quarter 2 - November 2020 (Thanksgiving Get-Together) The mentorship program participants will come together for an evening full of networking and much to be thankful for!

  18. Quarterly Events (Continued) Quarter 3 - January 2021 (New Years Meet-Up) The mentorship program participants will come together for an evening of networking to start off the new year the right way! Quarter 4 - April 2021 (Graduation Ceremony) A graduation ceremony will be held for our first cohort of the ISACA Technology Fellowship Program where mentees will be awarded certificates for successfully completing the fellowship program. Mentees who display exceptional performance will be recognized and awarded for their dedication to the program.

  19. ISACA New York Metropolitan Chapter Supporting Resources As a leading ISACA chapter, our mission is to serve our membership by providing world-class training, networking opportunities, and guidance while contributing to the profession both locally and internationally. ISACA Career Centre Access to resources to help direct your next career move Job openings for IT Audit, assurance, risk, security, cybersecurity, and governance professionals Worldwide search-by-country, by certification Members can: Post resumes/CVs in a searchable database Receive email notifications of new job listings Baruch College Starr Career Development Center The mission of the Starr Career Development Center is to provide comprehensive career services to Baruch College undergraduates. We encourage students to come to the Center from the time they are freshman through senior year graduation and as alumni. The staff of the SCDC is dedicated to assisting students and alumni in all aspects of their career development as they make decisions about majors, apply to graduate and law school, prepare for internships and jobs, and progress in their professions.

  20. Eugene Levin Barry Dynkin Alexander Obraztsov Bob Gockley Michael Newman Evelin Urbaez Kristie Roman Ashton Laurent Rajesh Kumar Michelle A. Schaap Ilya Pozharsky Sam Vohra Barry Sears Craig Harris Timothy Sheng Volunteers

  21. ISACA Cybersecurity Club Baruch College

  22. St. Johns University Audit Club The student advocate: Professor David Chan; President: Pavle Dokic Past Activities A new Student Group Board of Directors installed 2019. Club has about 30 members. Oct 10: Eugene, Barry and Wei met with Pavle Dokic and Professor Chan to discuss current club status and next steps. Nov 12: Soft and Hard Skills needed for Career in Advisory Consulting. Nov 19 : Cyber Security and Internal Audit presentation by Teena Bacchus. 2nd week of Dec: Deloitte Audit Innovation Campus Challenge Planned Activities Involve St. Johns University Audit club in joint events with other colleges, Emerging Professionals committee, and New York Metropolitan Chapter membership events.

  23. Queens College IT Audit and Cyber-Security Club The student advocate: Professor Steven Solieri President: Richard Balram Past Activities Oct 21: Eugene, Barry and Wei had a call with and prof. Solieri to discuss current status and on next steps. Oct 23: "ISACA IT Audit and Cyber-security Club" is approved as a student club/organization at Queens College. Approximately 20 people are already interested. Nov 4: Eugene, Barry, Wei had a call with Richard Balram to discuss ISG ISACA international application and General Interest Meeting on Wednesday, Dec 4th 12:15-1:30. Nov 6: Richard have submitted the ISG application with ISACA international. Nov 11: Queens College IT Audit and Cyber-Security Club is officially recognized by ISACA. Dec 4: Barry introduced ISACA at the General Interest Meeting. Planned Activities TBD: POSTPONED BKD Office Visit , Co-sponsorship with Ascend and World of Work TBD: POSTPONEDCanon U.S.A. HQ Office Visit , Co-sponsorship with Ascend and World of Work TBD: POSTPONEDIT Audit presentation by Mr. Aadesh Gandhre, Group Head of Audit - IT Americas and Latin America Business, Chief Innovation Officer - US Audit at Soci t G n rale TBD: POSTPONEDPresentation by Mr. Odrej Krehel, PhD, CISSP, CEH, CEI , EnCE, Digital Forensics Lead, CEO and Founder, LIFARS on Career in Digital Forensics and Case Studies: Cryptocurrency Hacking and Nation States

  24. Dr. Steven A. Solieri, CPA, CMA, CIA, CISA Queens College (CUNY) Associate Professor SASolieri@aol.com Queens College IT Audit Course Professor Solieri is looking for 14+ IT Audit practitioners for Fall 2020 introductory 14 week IT Audit Course (mostly grad students and some undergrads) to deliver 1.5-2 hour lectures and demos. I would enjoy discussing my plans for the IT Audit class and hope you would provide some feedback and ideas to make it even better. My goal is to break the course into 14 main subjects and to have one or two practitioners present a topic for the class (2 hours). Each week new practitioners will discuss the topic and present/demonstrate how the topic can be carried out. The semester is 14 weeks and consist of 2 hours 50 minutes each week. I will use the extra time each class to discuss the submission of projects based on presentations and I will use the two additional weeks (classes) for testing and students presentations. I would greatly appreciate ISACA's help in choosing the topics (using the CISA curricula) and finding good practitioners interested in assisting in the class. Thank you so much for volunteering to assist me in the development of the IT Audit class at Queens College. It is amazing how many people are willing to help us in our endeavor thanks to the mutual association with the Metropolitan Chapter of ISACA and the Educational Committee led by Eugene and Barry. We are truly blessed by such outstanding people. I have attached the ISACA CISA Domains and Sub-Domains that I would like to propose as a starting point. It is likely too aggressive, but it would be nice to be able to aim for a higher goal as a starting point. I would be very happy with even achieving half this in our first iteration of the course. My goal is to make the class "come alive" for the students and be a mixture of topic coverage via lecture and hands-on achievement by performing exercises in- class and as a follow-up assignment. We can anticipate a computer lab setting with approximately 20-25 seats. I am eager to know your thoughts and share possible experiences with others who have taught and delivered this content. While I am a CISA and keep my CPEs current I have not be heavily practicing for almost 25 years and need the assistance of active practitioners to make the course current. Thank you for your volunteerism and the guidance you will provide. I would also appreciate any SMEs that you can recommend to us for possible topical coverage. I am hoping for the following organization of each class: 1) Pre-readings available two weeks or so in advance, 2) Presentation by a Subject matter Expert (SME) for about 45-75 minutes, 3) Some small hand-on exercise in-class to get students on the right track (to be completed at home before the next week's class) with total time required of one to three hours. 4) Possible follow-up presentations at the end of the semester via ZOOM/GoToMeeting or other media with the SMEs This will give the students the theory, some practice of implementation or working with the theory, and then delivery using that theory with possible presentation.

  25. Queens College IT Audit Course PROSPECTIVE SYLLABUS

  26. Fordham University Cybersecurity Club The student advocate: Prof Thaier Hayajneh President: Jingting Rubyanne Ye Past Activities August: Fordham University ISG was officially recognized by ISACA International. Oct 7: Eugene, Barry, Wei met with prof Hayajneh and Rubyanne to discuss Fordham s ISG. Nov 4: The first official club meeting. The club has 40 members. Working on getting ISACA recognized as a club at Fordham. Dec 10: Cybersecurity Club website is ready and is announced on Instagram and LinkedIn. Feb 27, 2020: Eugene Levin and Chapter s Immediate Past President Alexander Abramov delivered a guest lecture to professor Tim Ryan IT Audit and Information Assurance students at Fordham University Gabelli School of Business. Planned Activities Start planning Spring semester events. Rubyanne is looking for Speaker will let us know topics she is interested in. Cyber mixer event - moved to Feb.

  27. John Jay College of Criminal Justice Cybersecurity Club The student advocate: Professor Aftab Ahmad; President: Sonica Lama Past Activities Oct 15: First General Interest Meeting and Club Election. 24 people attended. Oct 29: Eugene, Barry and Wei had a call with Sonica Lama (Pres), Arnold Moctezuma (VP), and prof. Ahmad to discuss current status and agree on next steps Oct 30: Emailed John Jay club a list of Great Speakers for a potential presentation. Nov 11: Sonica submitted ISACA International application. Nov 11: Director of the Center for leadership approved the ISACA Student Group by-laws and sent all the documents to the Judicial Board. Nov 12: Connected Sonica with Cybereason which will help with speakers and demos in the Spring semester once John Jay club gets approved. Nov 20: Cybersecurity Club was interviewed by John Jay College Judicial Board and is expected to approved at the end of the semester. Nov 22: ISACA International application is waiting to see Cybersecurity Club web site under John Jay student clubs/organizations. Dec 15: John Jay has officially recognized ISACA Student group. Checking with ISACA Global regarding Web site requirement alternatives. Jan 22, 2020: ISACA officially recognized ISACA Student group. Feb 9: Connected Sonica with Jacob Berry , Principal Incident Response Specialist at Cybereason, a terrific speaker election hacking, incident response, and careers in cybersecurity. Feb 18: John Jay Cybersecurity Club Spring General Interest Meeting

  28. John Jay College of Criminal Justice Cybersecurity Club - cont The student advocate: Professor Aftab Ahmad; President: Sonica Lama Planned Activities Apr 8: Virtual Zoom Session with Mr. Abraham Rivera to learn about the opportunities at NYC Cyber Command and explore the tips to land in cyber jobs during the college or after the graduation. Apr 30: VirtualZoomPresentation by Mr. Odrej Krehel, PhD, CISSP, CEH, CEI , EnCE, Digital Forensics Lead, CEO and Founder, LIFARS on Career in Digital Forensics and Case studies Cryptocurrency hacking and Nation States Here is the link to the recording: https://us02web.zoom.us/rec/share/-eMrA637zENOHZ3XyF- YBat9L5umaaa8g3Af-qIJnR4ojqpq2lqHCk3lYuNP4mPF TBD: Zoom Panel Discussion: FBI, CEO TBD: Presentation by Mr. Gotham Sharma on Access CYBER: our cyber security list and how students can use it to launch their careers. Link: https://www.accesscyber.org/

  29. Yeshiva University Cybersecurity Club The student advocate: Professor David Schwed; President: Jared Weintraub Past Activities Jul 25: Eugene and Barry had a call with David Schwed regarding potential ISG at Yeshiva University. Provided an ISG welcome package and offered assistance. Aug 27: Barry presented ISACA at MS in Cybersecurity student orientation and got a very positive reception from program director and Dean of YU Katz School Science and Health. Oct 7: Eugene, Barry, Wei met with prof Schwed, Malka to discuss Yeshiva s ISG. Jared had technical difficulties so Eugene had a separate conversation with Jared on October 10th. Nov 26: Cybersecurity Club application is under final review by Yeshiva University. ISACA International application is submitted. Mar 2, 2020: Cybersecurity Club is recognized by Yeshiva University as a student organization. Planned Activities Waiting for Yeshiva University and ISACA International Approvals.

  30. City College Cybersecurity Club The student advocate: Dr Claude Brathwaite (acting) President: Adnan Mostafa (acting) Past Activities Oct 2: Karen, Barry and iQ4 team met with Dr. Ardie Walser, Associate Dean of Undergraduate & Graduate Studies and Professor of Engineering to discuss ISACA Student Group opportunities on campus. Nov 19: Eugene made an ISACA introduction to City College Grove School of Engineering students at the General Interest Meeting. We have very strong support from City College officials and some students already volunteered for club officer roles. Dec 11: Acting club President Adnan Mostafa met wit Dr Claude Brathwaite to discuss finding an academic advisor for the club, and the process for creating student club and student web page at City College. Dec 19: Adnan met with Samad Sunny (Baruch College Cybersecurity Club President) to get some tips on running a successful student club

  31. NYU Tandon Cybersecurity Club The student advocate: Brendan Dolan-Gavitt President: Wolfgang von Stuermer https://www.osiris.cyber.nyu.edu/ http://cyber.nyu.edu/ https://twitter.com/osirislab The mission of The OSIRIS Lab and the Cybersecurity Club is educational. We invite with open arms, all who possess the desire, the drive, and the dedication to learn about The Cyber , reciprocating in good faith the promise to provide for every peer the knowledge and tools needed to explore their individual interest. We run two events weekly: Cyber Security Club (CSC) and Hack Night for a more technical-skills focused approach. CSC is a lecture series that we host at 1pm EST on Tuesdays where we provide pizza and bring in a "cyber security expert" to give that week's guest lecture. These talks are usually framed so that people with very little prerequisite knowledge can hop right in, but hopefully contain enough technical meat to interest a more advance crowd. We seek a diversity of speakers to learn about a spectrum of cyber security and individual ideologies, approaches, and so much more. Further we conduct research where our students determine what research projects they want to pursue. This results in interesting tools, code repositories, blog posts, and even bug bounties. Lastly, the OSIRIS Lab runs the annual CSAW global Capture the Flag (CTF) event, which is the largest student-run CTF event existing. The reason that the OSIRIS Lab exists is to provide an unrestricted space for those individuals to explore and collaborate on exactly that which captivates them. To that end, the Lab is (almost) always open, and entirely student run.

  32. NYU Tandon Cyber Fellowship Program Building on over 150 years of technological leadership, New York University Tandon School of Engineering today provides the opportunity to develop the same valuable skill-set as on-campus students, entirely online. In collaboration with industry partners on the NYU Tandon Advisory Council , The Cyber Fellowship program is an elite, highly technical Cybersecurity Master's degree offering students a scholarship that covers 75% of their tuition. NYU Cyber Fellows is a unique, affordable online program designed to address the acute US shortage of trained, underrepresented technical professionals. The program's sizable scholarship brings the total cost for this rigorous, highly- technical education to approximately $16,000 for the entire program. Additionally, NYU Tandon s Department of Technology Management and Innovation offers an online Management of Technology Master s degree preparing professionals for management and leadership roles focusing on the strategic, behavioral, organizational, and social business aspects. Management of Technology (MOT) graduates are trained in entrepreneurship and commercialization, global innovation and R&D strategy, leadership of distributed and virtual organizations, and other high-growth, 21st-century opportunities. Finally, for individuals with Non-STEM backgrounds looking to get into cybersecurity, or if those looking to polish up computing and security skills, the NYU Tandon Bridge certificate program is the best fit. This non-credit course is offered for the low price of $1,850 and is available in 17 or 24-week formats with the same material taught in each. The only difference is the hours students are expected to devote to the course each week.

  33. Partnerships iQ4 2019: New York Metropolitan Chapter and iQ4 announced a partnership that allowed members of the chapter to earn CPEs by volunteering as Cybersecurity Apprenticeship Mentors. In June 2019 Newsletter Alexander Abramov announced that around 690 CPEs were granted due to iQ4 mentoring. Sept 6: New York Metropolitan chapter, IQ4, and Baruch College reach an agreement to sponsor Cybersecurity apprenticeship for 30 students during Winter session. Sept 18: Karen, Eugene and Barry have a dinner with Frank Cicio, Dennis O Connel, Ed Moskal, and Debra Korner regarding the concept of a Cybersecurity Center Nov 1: Discussion of New York Metropolitan Chapter and iQ4 collaboration. Jan 2020: 30 Baruch College Students have attended Threat Within cybersecurity apprenticeship co-sponsored by Metropolitan Chapter, iQ4, and Baruch college, led by Prof Moores. Feb 20: Barry and Karen met with IQ4 leadership to continue the conversation about potential collaboration, Memorandum of Understanding, etc. They discussed a self sustaining model that would truly benefit students by funneling them into jobs and ISACA clubs & memberships. We are collaborating to work out the details and plan to meet in the next couple of weeks to discuss. Emerging Professionals Committee Nov 4: Eugene, Barry and Megan Soriano (Chair of Emerging Professionals committee) discussed a potential networking event with students in January. Options discussed: NYC SPIN (table tennis, billiards club), Break Bar NYC/Anger Room/Rage Room/The Wrecking Club. Dec 11: Eugene, Barry, and Tatyana Lemberskaya met with Megan Soriano to discuss the next steps. Jan 7: The event was scheduled for Feb 19th and capped for 75 people half emerging professionals and half students. This became the Break Bar Social (see slide 6) which sold out and became a major success.

  34. Partnerships - cont Cybereason Oct 30: Eugene, Barry and Wei met with Siobhan Alexander and Chris Taylor (point of Contact) to discuss how they can help with putting together various demonstrations (like election hacking tabletop) for student cybersecurity clubs. Jan 7, 2020: Eugene emailed Chris Taylor regarding hosting an election hacking event in NYC in April. Feb 12: Eugene has connected Chris Taylor (Marketing Director) and Jess DeLuka (Election Hacking Tabletop Simulation Event Organizer) with David and Lev from Yeshiva University. There is a mutual interest to host the event at Yeshiva University. Follow up call is scheduled for Monday, March 2nd. Feb 12: Election Hacking Tabletop Simulation is preliminary scheduled for April and Yeshiva is checking facilities availability however it is possible that all gathering will be put on hold due to COVID-19. Yeshiva University Feb 2: Yeshiva University offered to partner with the Chapter and co-host some Cybersecurity events at their prime real estate facilities at Lexington and 33rd Street. They have a really nice conference hall that can accommodate up to 90 people where they host various cybersecurity events like this: https://www.linkedin.com/pulse/blockchain-institutional-security-next-challenge- securing-levin/ and also a variety of class rooms. Yeshiva University is interested in promoting their new MS in Cybersecurity program and will provide a venue free of charge.

  35. Future Initiatives April: Potential Election Hacking Tabletop demonstration by Cybereason April 25: Cybersecurity Student Case Study Competition Fall 2020: Mentorship pilot with Baruch Cybersecurity Club TBD: Student Career Fair

  36. Cybersecurity Case Study Student Competition

  37. Overview Student Cybersecurity Competition was organized by ISACA New York Metropolitan Chapter in collaboration with Academic Advisors of ISACA Student Groups affiliated with the chapter. The competition took place in March May 2020. Teams of 4-6 students received Cybersecurity Case Study to analyze. Competition was open to students of all majors, not just members of ISACA Student clubs. Students from different universities/colleges were allowed to form teams. 11 teams from 4 colleges entered the competition. Teams of 4-6 students received Cybersecurity Case Study to analyze. After the first round of the competition Academic Advisors selected two best teams from each college to compete in the final ISACA competition. The final competition was judged by a panel of senior executives and luminaries which selected the top 3 winning teams. 37

  38. Competition Results Team Name YouTube Link Ranking Place P.R.A.N.C.S https://youtu.be/Lc9QFvPENZ0 1.3 1st Place Soteria https://youtu.be/1ESpaJu6cPM 2.6 2nd Place Interrogation Squad https://youtu.be/DVr0YXNnTMU 2.9 3rd Place FB Consultants https://www.youtube.com/watch?v=kBD1y6QJ_WY 3.1 4th Place Winners https://youtu.be/I1qn17yhZEk 4.4 5th Place Cyber Blitz https://youtu.be/_e5_AbsHCkA 5.1 6th Place The Enforcers https://www.youtube.com/watch?v=j7COfPAw4jE&feature=youtu.be 5.4 7th Place ISACA New York Metropolitan Chapter Student Cybersecurity Case Study Competition 38

  39. Quotes from the Judges and Academic Advisors I was very much impressed with the effort and dedication the students put into this effort What an exciting exercise! I believe the teams gave it a lot of thought, work and creativity. It was a very close call and a tough choice in some cases. The whole experience from creating the scenario to speaking with the teams has been very uplifting. They as you said are all winners great talents. From my perspective, the results were an example of what I firmly believe in: the power of combining business and technical/cyber expertise and how important it is to bring a range of skills into managing resiliency effectively. This is a great initiative from ISACA NY Chapter for encouraging students in cyber security careers. All teams really took time to understand issues and came up with good analysis and control recommendations. I am sure they learned a lot in the process. It s one thing to know the basics of how a cyber attack happens, it s another to be able to wade through the wreckage and be able to advise senior management on what they should do. I am quite impressed with the exercise and the quality of the effort by the teams. The current shortage of strong talent in the InfoSec space will be a temporary problem if enough students with this level of skill come out of schools. Kudos to you and all the other academic professionals. 39

  40. Appendix

  41. Important Dates March 16: Competition is announced and universities are invited to participate, teams are formed. March 23 and 25: Competition kick off Q&A meetings with participating universities and teams. Universities to provide info on how many teams plan to participate. March 23: Cybersecurity Case Study is published. March 23 April 24: Teams are working to conduct case study analysis. Teams are strongly encouraged to use online collaboration tools like Skype or Google Hangout. April 24: Universities will select top 2 best teams using the Rubric provided for the final ISACA competition. Universities will provide info on which teams and the students that will go to the final competition. April 24-May 1: Finalist teams must complete their PowerPoint presentations and record team presentations of the case study analysis. Again, teams are strongly encouraged to use online collaboration tools and not meet in person. May 1: Finalist teams must email their PowerPoint presentation and video recording to ISACA NY Metropolitan panel of judges. 41

  42. Important Dates May 2: Eugene to send out welcome package to Judges that will include Zip of seven PDF and PowerPoint presentations Case Study, Questions and Answers Ranking Sheet that includes links to 10 minute YouTube recordings May 2-10 EOD: Judges to review presentations, YouTube recordings, and rank anonymous (*) team submissions from 1 to 7 using the Rubric and Scoring system (slide 4 and 5) as guidance. Judges to email Eugene Ranking Sheet by May 10th end of day. May 11: Eugene to average rankings to identify top 3 teams and schedule GoTo Meeting interviews with the top 3 teams for Sunday, May 17th morning. May 17: 10am-10:30am Judges discuss and agree on interviewing approach. 10:30-10:55am Team A (TBD) interview 11:00-11:25 Team B (TBD) interview 11:30-12:00 Team C (TBD) interview After the interviews Judges finalize 1st, 2nd, 3rd place ranking of the winning teams and email Eugene their decisions. Week of May 18 and on: Winners are announced, information is posted at Chapter s web site, LinkedIn group, awards are sent out, feedback is collected on how to improve the competition for next year. (*) All teams except one followed directions and did not disclose which college(s) they are from. 42

  43. Invited Universities with Affiliated ISACA Student Clubs Baruch College, CUNY John Jay College of Criminal Justice, CUNY Fordham University Queens College, CUNY St. John s University Yeshiva University City College, Grove School of Engineering, CUNY New York University Tandon School of Engineering Colleges highlighted in bold responded to the invitation and have student teams participating in the competition. 43

  44. Team Prizes * 1st Place - $600 per student 2nd Place - $500 per student 3rd Place $400 per student All students from the top 3 teams will get Diploma recognizing their achievement 44

  45. Role of the Mentor Student teams can reach out to mentors to Ask questions Seek case study clarifications Ask for feedback Case Study Analysis must be independent work of the students with no direct inputs from the mentor. Mentors will provide guidance on how they would tackle the real-world cases in their own organizations so that you have a framework to build on. 45

  46. Written and Video Presentation Written case study analysis should have at most 20 slides and must cover the following: Identify the threats and vulnerabilities inherent in the case. Consider how the NIST Cybersecurity Framework might apply. Recommend solutions to protect a company from similar attacks. Identify organizational constraints that affect the decision criteria. Provide an outline of the best cyber security solution. Document and present your proposal, aimed at the executive board level. Video presentation must be at most 10 minutes long and include all team members. 46

  47. Instructions on PowerPoint and Video Presentation Submission Post your recorded presentation on your YouTube channel and email a link and PowerPoint presentation to Eugene.Levin@isacany.org. Video Recording format output should be MP4 Suggestion: PowerPoint slideshow + slide narration = MP4 All team members must participate in the presentation. In the slides and the presentation please introduce your name and team s name but not which college you are from. Dropbox, academic advisors are invited and upload the file to the folder. Dropbox, academic advisors are invited and upload the file to the folder. 47

  48. Case Study Rubric Case study analysis and presentation will be evaluated based on how well they address the following (with % weight): Brief summary of the case (5%) Identification of the root cause of the problem (5%) Priority of actions to be completed first (10%) Understanding of who is involved in the decision-making process (10%) Applicable laws that may be used to prosecute the threat actor (10%) Legal measures to be undertaken to fulfill regulatory obligations (10%) Likely effectiveness of controls used to contain the attack (20%) Any Public Relations (PR) implications (10%) Recommendations to the Company Board (20%) 48

  49. Scoring System For Judges The rubric given in the previous slide should be marked according to the following scoring system (on a scale of 1 to 10): 1. Discussion missing, or fails to address the issue. 2. -- 3. Some relevant points, but a lack of justification for the choices given. 4. -- 5. Most of the relevant points included, with justification for most, but not all. 6. -- 7. All relevant points included, and justified, but further elaboration required. 8. -- 9. All relevant points included, justified, and clear discussion of choices made. 10.-- 49

  50. Judges Jessica Robinson CISO - CEO, Purepoint, Jessica@purepoint-international.com Medha Bhalodkar Chief Information Security Officer & Enterprise IT Risk Officer, Columbia University, mb2075@columbia.edu Radhika Bajpai Google, Radhika.Bajpai@gmail.com Gehan Dabare MD of Cybersecurity, MUFG, gehan@dabare.com Barry Dynkin Co-Founder and President of Atlas Cybersecurity, barry.dynkin@isacany.org Alicja Cade MD, CISO of GM, IBCM, GCIO & Americas, Credit Suisse, alicja.cade@credit-suisse.com Alex Bazay CISO, Align, alex@bazay.com Manny Cancel SVP and CEO E-ISAC, North American Electric Reliability Corporation, mannycancel@hotmail.com 50

Related


More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#