Raleigh ISSA May Chapter Meeting
Sponsored by: MobileIron
5:00 – 6:00pm B2B - Panel discussion on Careers in IT Audit, led by Terry Follmer, Director of IT Audit for Duke University
6:00 – 6:45pm ISSA Career Services (Executive conference room)
6:00 – 7:00pm Dinner
7:00 – 7:15pm Chapter Updates from the Board
7:15 – 8:30pm Presentation - MobileIron
TOPIC: Panel Discussion on Careers in IT Auditing
Moderator: Terry Follmer
As the Director of Internal Audits for IT at Duke University and Duke Medicine, Terry is responsible for all IT audit activities and reports to Mike Somich, the Executive Director of Internal Audits. Terry joined Duke in March 2014 and has 26 years of experience with 14 years as the Chief Audit Executive reporting to audit committees at publicly traded manufacturing and service organizations. Most recently he was the Director of Corporate Audit at the Boeing Company responsible for all IT audit engagements across the enterprise as well as all operational audits at Boeing Commercial Airplanes, Boeing Capital Corporation and the Engineering, Operations & Technology division which supports the enterprise. He previously served on the Board and Audit Committee of the YMCA of Greater Seattle as well as the Corporate Advisory Board to ALPFA’s Seattle Chapter.
Terry is a graduate of Saint Louis University where he received bachelor’s degrees in Accounting and Finance, and an MBA with area of emphasis in Information Technology. He has obtained the following professional certifications: Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Management Accountant (CMA), Certified Information Systems Auditor (CISA) and Six Sigma Green Belt.
7:15-8:30PM Main Presentation
TITLE: Mobile Data Loss Threats & Countermeasures
Current attack vectors indicate that malware, spyware, and other nefarious
attacks are targeting mobile devices for financial gain, cyber espionage,
or to simply damage company reputation. Additionally, the threat from the
inside has also increased, leading to intentional and unintentional data
leakage for many companies. This presentation will review best practices
and strategies for controlling the dissemination of data on mobile devices
by analyzing current mobile attack vectors and countermeasures.
- A review of the latest topical mobile threats
- Understand App risks and threats, and devise defense-in-depth
- Review MITM (Man-in-the-Middle) and Brute-force attacks and outline
- Protecting corporate email attachments and content from unwanted cloud Services
- Isolating work-related web sessions from personal to avoid pilfering of
data by malicious sites
- Using certificates to eliminate passwords, simplify access, and meet
strong authentication requirements
- Use of per-App VPN to isolate remote access and deter malware
Michael T. Raggo, CISSP, NSA-IAM, CCSI, ACE, CSI
MobileIron, Inc. | www.mobileiron.com
Michael T. Raggo (CISSP, NSA-IAM, CCSI, ACE, CSI), Security Evangelist, MobileIron, Inc. applies over 20 years of security technology experience and evangelism to the technical delivery of Mobile Security Solutions. Mr. Raggo’s technology experience includes mobile device security, penetration testing, wireless security assessments, compliance assessments, incident response and forensics, security research, and is a former security trainer. His publications include books for Syngress titled “Data Hiding” and McGraw Hill as a contributing author for “Information Security the Complete Reference 2nd Edition”, as well as multiple magazine and online articles. He is also a participating member of the PCI Mobile Task Force. Mr. Raggo has presented on various security topics at numerous conferences around the world (BlackHat, DefCon, SANS, Gartner, DoD Cyber Crime, OWASP, InfoSec, etc.) and has even briefed the Pentagon and FBI.