Let’s get together

(new location)

(ISC)2 Cleveland Chapter Meeting  

Office 365 Security and Zero Trust Concepts

Tuesday, May 31, 2022 at 5:30 PM.

Email - it's the vector for many a cyber security threat --- spam, malware infested attachments or links, phishing emails that still trip up naïve unsuspecting coworkers, ransomware and more. Of course, email is a major communication channel in this part of the 21st century. James Hopkins of Improving will present on Microsoft Office 365 Security (or lack thereof?) and Zero Trust concepts.

Register soon because space is limited.

We hope you’re able to join us!

Start: 17:43

Attendees: 40, 6 first time

Sponsor: Improving

Security Friends

• CISA finds no evidence of Dominion voting machine exploited
• Ransomware group forces victims to pick 5 children and buy KFC (Goodwill ransomware group)
• VMware exploit released critical bypass vulnerability in multiple products
• MS to force better security for all azure ad tenants
• Intuit warns of QuickBooks phishing threating to suspend accounts
• Verizon data breach contains personal data of employees
• Saitama backdoor uses DNS tunnelling - breaks out of PC undetected
• Critical Pantsdown QCT vulnerability baseboard management controller
• Nearly 100k npm user creds stolen from GitHub breach

Topic 1 - Chapter Business

• Sponsored and meeting place for the rest of the year and through Q1 2023
• Virtual meetings will not be happening by the end of the year, per corporate
• Maintaining chapter expenses and business
• 3 chapter meetings per year, minimum
• Charging for meetings between sponsors, upwards of $25
• Members appreciate the diversity of topics
• Venue discussion - Improving, Brew Garden, Wild Eagle, David Kennedy

Topic 2 - MS O365 Security / Zero Trust (slides available) by James Hopkins from Improving

• MS is largest security provider in world, leader in 5 areas, per Gartner
• Zero Trust Principles - verify Explicitly, Use Least privilege, assume everything is a breach, log everything
• Zero Trust (ZT) applied - start with deny & no trust, use strong authentication with multifactor authentication, measure signals, monitor/report/alert/remediate, grant or adjust as appropriate
• Prior to ZT, was VPN or physical access for connectivity
• ZT need for change - interconnectivity, partners, remote work, data is multiple places
• Evolving landscape - security landscape as people know where to attack, security goes across multiple clouds
• ZT model - get signals from user/device/app feeds verify to apps/data
• Protect assets anywhere with ZT - user, device
• ZT architecture available from MS
• ZT tools - conditional access,
• ZT journey - identity, endpoints, data, apps, infrastructure, network
• 99.5% of compromises are through on-prem devices
• ZT leads to user access, modern SecOps, OT & datacenter, increases security & productivity
• Secure assets where they are instead of secure network
• Fed gave mandate implement ZT by 2024
• Conditional Access based on device risk - broken, enrolled, compliant
• Microsoft virtual training days - become trained then take test for certification
• Some states require reimbursement for users to use their own phone for MFA
• New product (Entra) coming out for multi cloud enviros
• Group policy wins over Intune
• Speaker: James Hopkins, James.Hopkins@Improving.com, or on LinkedIn

Job Postings

• C-Biz - Sr, Info Tech Analyst, 3rd party reviews, cbiz.com
• Parkplace Technologies - Security Engineer low level
• Baldwin Wallace Univ - Security Engineer
• Cuyahoga County - InfoSec, interns, analyst, and other IT positions
• Federal Reserve - various InfoSec in different districts

End: 19:44