April 2025 Chapter Meeting: Cybercrimes and Cryptograms
The ISC2 New York City & Long Island Chapter presents: Cybercrimes and Cryptograms. Join us on-site in New York City or Long Island, or virtually, for our monthly Chapter event in April 2025 featuring a discussion on cybercrime by BluOcean Digital and a lecture on cryptograms used in common protocols by Ordinary Computing Co.
Additional details and registration information can be found at the registration link below. Chapter members can get their promo codes by logging into the Chapter website and going to their “My Page”. Non-members and the public are invited to attend and can register for a nominal fee. This event will qualify for two Continuing Professional Education (CPE) credits.
Agenda:
5:00 – 6:00 In-Person Registration, Networking and Event Setup
6:00 – 6:10 Welcome and Chapter Business
6:10 – 7:00 Ocean’s 1011: Think Like A Cyber Criminal to Protect Your Business in the Age of Digital Heists – BluOcean Digital
7:10 – 8:00 Modern Cryptographic Protocols – Ordinary Computing Co.
Presenter 1: Ocean’s 1011: Think Like A Cyber Criminal to Protect Your Business in the Age of Digital Heists
Topic Summary:
Cybercriminals today are more advanced than ever, and they’re no longer just stealing data—they’re bringing businesses to a standstill. Imagine your supply chain frozen, production halted, and customers unable to access services. This is happening now. But instead of just playing defense, what if you could think like the criminals themselves and stop them before they attack?
We are losing badly to cybercriminals. If we want to protect our companies and, honestly, our digital driven business growth, we need a shift. In this session, we’ll show you how to adopt a cybercriminal’s mindset to proactively defend your business.
We’ll leverage our research to show how today’s cyberattacks are very similar to an Ocean’s 11 heist. We will analyze real-world attacks like the one on a supply chain company where hackers didn’t just steal data —they disrupted the entire supply chain, causing millions in losses. We’ll also examine a cybersecurity product firm, where a software update error led to widespread system crashes across their customer base. Finally, we will look at an incident where a regulatory agency got breached and how a hacker’s action on the regulator’s social channels impacted global financial markets. These examples will highlight a critical shift: criminals are no longer just targeting data; they are shutting down core business operations, and their approach resembles the Ocean’s 11 heist.
The basic premise is that criminals understand your business, and you can’t protect what you don’t understand. The journey to beat cybercriminals isn’t just about technology—it starts by learning about your business, what it values, and how it operates. We will walk through specifics on the frameworks and data-driven insights security teams need to create context for effective collaboration between the CFO, Risk, Legal, and CISO teams. Simply knowing each other and holding meetings is not enough! You need a structured framework and actionable data to drive risk-based discussions and informed decisions aligned with business priorities.
By the end of this session, attendees will leave with a clear, actionable plan on how to think like a criminal and build a security program to protect and defend your business. Cybercriminals are constantly evolving, and the old ways of defending just aren’t enough anymore. This session will help attendees shift from defense to offense, using the attacker’s own strategies against them. Attendees will leave with tangible steps they can apply immediately to make their business too difficult, too costly, and too well-protected for cyber criminals to breach.
Speaker 1:
Vishal Chawla, Founder & CEO, BluOcean Digital
Vishal brings 30 years of cybersecurity expertise, combining his Big 4 experience as global cybersecurity leader and senior partner serving global fortune 100 clients in the financial services and healthcare industry.
He is now the founder and CEO of BluOcean Digital (located in Northern Virginia), where he created RiskGPS, a Cyber Risk Governance platform that helps companies dominate their competition by redefining cybersecurity as a critical strategic business asset. The groundbreaking approach revolutionizes cybersecurity for mid-sized companies by bridging the gap between technical cybersecurity measures and business mission-based objectives. By connecting specific actions to threats and business processes, RiskGPS protects, sustains, and amplifies critical outcomes with verifiable ROI. Vishal’s work has been published in The Wall Street Journal, NACD Directors, RMA, MIT Review, and many other publications.
Speaker 2:
Katie Reilly, Cybersecurity Risk Lead, BluOcean Digital
Katie Reilly is a Cybersecurity Risk Lead at BluOcean Digital leading efforts in developing and implementing robust security risk management strategies for organizations. In her prior experience as a security engineer she built solutions focusing on security operations, threat detection, and incident response across industries like insurance, technology, and mortgage servicing.
Presenter 2: An Introduction To Modern Cryptographic Protocols: Overview on cryptograms used in OAuth2, PKI, and Kerberos
Topic Summary:
Since the release of MIT’s Kerberos in 1988, computer scientists and software engineers have been leveraging cryptographic techniques to ensure integrity, confidentiality, and non-repudiation on computer networks and among human users.
In the span of nearly forty years, technology needs have evolved dramatically. The rise of the mainstream Internet motivated the adoption of Public Key Infrastructure (PKI), API-enabled applications required authentication flows made possible by OAuth2, and a need to establish identities across multiple trusted platforms popularized protocols such as SAML.
Today, while well-intentioned, application and end-user authentication experiences have never been more complex: multifactor applications, hybrid cloud environments, and a growing body of audit requirements all contribute to a confounding identity landscape.
The goal of this presentation is to demystify some of the most common cryptograms used in modern protocols, and help information security professionals further understand the meaning, best practices, and risks around handling said cryptograms.
We will focus on the following key topics:
– Differences between standard X.509 and PKCS12 formats for SSL certificates, as well as the role of the CSR in obtaining CA-signed content.
– Analyzing JSON Web Tokens (JWTs) commonly used in OAuth2 and SAML, while also understanding the associated risks and limitations.
– Revisiting Kerberos Ticket-Granting-Tickets (TGTs) as the underpinning of Layer 4 security (TLS) and challenges surrounding keytab management.
Speaker 1:
Brandon Mazey, CEO, Ordinary Computing Co.
Brandon Mazey brings a wealth of identity engineering experience primarily from the banking industry. Having built Royal Bank of Canada’s Infrastructure-As-A-Service solution in 2016, he served as Vice President of Identity & Trust and as an extensive contributor to passwordless identity systems at J.P. Morgan Chase.
Brandon completed his undergraduate studies in Computer Science and Journalism at New York University. In the spring of 2020, he completed his MSCS at NYU Tandon with an emphasis on cryptographic protocols. Brandon earned a CISSP from the ISC2 in the summer of 2023.
In February 2023, Brandon co-founded Ordinary Computing Co. — an open source software company dedicated to reinventing authentication experiences using cryptographic identity techniques. He also serves as a Director of Technology and AP Computer Science Instructor at St. Saviour High School in Park Slope, Brooklyn.
Speaker 2:
Jeremy Perez, CTO, Ordinary Computing Co.
Jeremy Perez is a Union College graduate with a double major in Computer Science and Mathematics. Jeremy spent three years at J.P. Morgan Chase as an apprentice Privileged Access Management (PAM) engineer.
Jeremy is pursuing a PhD in Applied Mathematics and co-founded Ordinary Computing Co. in February 2023.