May 2022 Meeting Minutes

TedKozenko — Wed, 27 Jul 2022 23:27:01 GMT

Let’s get together

(new location)

(ISC)2 Cleveland Chapter Meeting

Office 365 Security and Zero Trust Concepts

Tuesday, May 31, 2022 at 5:30 PM.

Email - it's the vector for many a cyber security threat --- spam, malware infested attachments or links, phishing emails that still trip up naïve unsuspecting coworkers, ransomware and more. Of course, email is a major communication channel in this part of the 21st century. James Hopkins of Improving will present on Microsoft Office 365 Security (or lack thereof?) and Zero Trust concepts.

We hope you’re able to join us!

Start: 17:43

Attendees: 40, 6 first time

Sponsor: Improving

Security Friends

CISA finds no evidence of Dominion voting machine exploited
Ransomware group forces victims to pick 5 children and buy KFC (Goodwill ransomware group)
VMware exploit released critical bypass vulnerability in multiple products
MS to force better security for all azure ad tenants
Intuit warns of QuickBooks phishing threating to suspend accounts
Verizon data breach contains personal data of employees
Saitama backdoor uses DNS tunnelling - breaks out of PC undetected
Critical Pantsdown QCT vulnerability baseboard management controller
Nearly 100k npm user creds stolen from GitHub breach

Topic 1 - Chapter Business

Sponsored and meeting place for the rest of the year and through Q1 2023
Virtual meetings will not be happening by the end of the year, per corporate
Maintaining chapter expenses and business
3 chapter meetings per year, minimum
Charging for meetings between sponsors, upwards of $25
Members appreciate the diversity of topics
Venue discussion - Improving, Brew Garden, Wild Eagle, David Kennedy

Topic 2 - MS O365 Security / Zero Trust (slides available) by James Hopkins from Improving

MS is largest security provider in world, leader in 5 areas, per Gartner
Zero Trust Principles - verify Explicitly, Use Least privilege, assume everything is a breach, log everything
Zero Trust (ZT) applied - start with deny & no trust, use strong authentication with multifactor authentication, measure signals, monitor/report/alert/remediate, grant or adjust as appropriate
Prior to ZT, was VPN or physical access for connectivity
ZT need for change - interconnectivity, partners, remote work, data is multiple places
Evolving landscape - security landscape as people know where to attack, security goes across multiple clouds
ZT model - get signals from user/device/app feeds verify to apps/data
Protect assets anywhere with ZT - user, device
ZT architecture available from MS
ZT tools - conditional access,
ZT journey - identity, endpoints, data, apps, infrastructure, network
99.5% of compromises are through on-prem devices
ZT leads to user access, modern SecOps, OT & datacenter, increases security & productivity
Secure assets where they are instead of secure network
Fed gave mandate implement ZT by 2024
Conditional Access based on device risk - broken, enrolled, compliant
Microsoft virtual training days - become trained then take test for certification
Some states require reimbursement for users to use their own phone for MFA
New product (Entra) coming out for multi cloud enviros
Group policy wins over Intune
Speaker: James Hopkins, James.Hopkins@Improving.com, or on LinkedIn

Job Postings

C-Biz - Sr, Info Tech Analyst, 3rd party reviews, cbiz.com
Parkplace Technologies - Security Engineer low level
Baldwin Wallace Univ - Security Engineer
Cuyahoga County - InfoSec, interns, analyst, and other IT positions
Federal Reserve - various InfoSec in different districts

End: 19:44

topic May 2022 Meeting Minutes in Cleveland Chapter Discussion Forum

May 2022 Meeting Minutes