In this session we will be discussing the state of cybersecurity in the engineering industry and commonalities in organizations that experience compromises. DGC will be sharing their experiences performing penetration testing, vulnerability assessments, and IT general controls reviews throughout the industry, and what companies can do to prevent the most common types of attacks. In addition to what we’re seeing technically, we’ll discuss our observations on IT governance and investment in cybersecurity.
Nick DeLena, CISSP, CISA, CRISC, CDPSE: Nick is a Principal in the Business Advisory Group and leads the IT Risk Assurance & Advisory practice. He has more than 20 years of experience providing IT compliance and cybersecurity expertise to clients. Nick is a frequent contributor to industry and trade publications on topics such as cybersecurity, third-party risk, and regulatory compliance, among others. He is a graduate of Suffolk University with a Bachelor of Science in Business Administration with concentrations in Computer Information Systems and Finance, and a graduate of the IE Brown Executive MBA program, jointly administered by Brown University and IE Business School in Spain.
Nick also holds several leading certifications including the Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Data Privacy Solutions Engineer (CDPSE), Security+, ISO 27001 Lead Implementer, and the AICPA's SOC for Service Organizations Advanced Practitioner, among others. Nick is on the Board of Directors of the National Defense Industrial Association’s New England Chapter and is a member of the Information Technology Critical Infrastructure Sector of InfraGard, a partnership of the FBI and private sector.
Scott Goodwin, C|EH, OSCP, OSWP: Scott is a Manager in the firm’s Business Advisory Group and a team member of the IT Risk Assurance & Advisory practice. He has extensive experience including vulnerability assessment, infrastructure and application penetration testing and social engineering. Scott has achieved his Certified Ethical Hacker (C|EH), Offensive Security Certified Professional (OSCP), and Wireless Professional (OSWP) certifications and has uncovered several previously unidentified vulnerabilities in commercial software during client penetration testing engagements and research (CVE-2018-11628, CVE-2019-7004, CVE-2019-19774, CVE-2020-12679, CVE-2020-13998, CVE-2020-5132, and CVE-2021-27032). These vulnerabilities were registered with MITRE and assigned Common Vulnerabilities and Exposures (CVE) numbers to enable information sharing within the information security industry. Scott regularly engages in information security research, and leverages industry-leading tools to identify and mitigate information security risks within an organization.
This meeting is open to employees of ACEC/MA Member Firms.
If your firm is an ACEC/MA member, YOU are an ACEC/MA member.
ACEC/MA members only pay the ACEC/MA member rate for registration. Check the ACEC/MA Member Directory to see if your firm is an ACEC/MA member. If your firm is an ACEC/MA member, you are a member.
Important: You must use the account, including the username and password, of the individual you wish to register.
IMPORTANT: Altering your name or contact information during registration will overwrite your record in our membership database. Please do not share your login information with anyone else.
If you have additional questions regarding registration, contact us at 617/227-5551 or firstname.lastname@example.org.
Registration is processed through the ACEC/MA associated website, www.engineers.org. ACEC/MA is supported by the staff of The Engineering Center Education Trust.