Announcing our Latest Keynote – Dr. Lisa Bradley

Featured

Dr. Lisa Bradley is currently the Senior Program Manager for NVIDIA’s Product Security Incident Response Team (PSIRT). Her responsibilities include the management and resolution of product security vulnerabilities involving all NVIDIA products. She has 5+ years of experience leading PSIRT programs as she previously worked at IBM for 17 years. Lisa has served as a spokeswoman for many tech-related events including 2016-2018 FIRST PSIRT Technical Colloquium, 2017 FIRST Annual Conference, the Security Journey White Belt modules, and helped develop the FIRST PSIRT Services Framework and Training Videos. Lisa received her BA degree in both Mathematics and Computer Science from SUNY Geneseo. She also has a Masters and PhD in Applied Mathematics from NC State University. Outside of her role with NVIDIA, Lisa has been an adjunct professor at local universities for the past 12 years.

First Keynote Announced – Bradley Nix

Featured

We are excited to announce our first keynote for the 2018 ISACA Information Security & Risk Conference – Mr. Bradley Nix, Senior Advisor, US Department of Homeland Security – National Cybersecurity and Communications Integration Center (NCCIC) and former Acting Director of the US-CERT.

Brad Nix joined the Department of Homeland Security (DHS) in 2014 and has served as the Deputy Director and Acting Director of the United States Computer Emergency Readiness Team (USCERT). In this capacity, he ensured the day-to-day operations aligned with the strategic focus on cybersecurity within the U.S. government. He led efforts to improve the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks. In his current position, he is the senior advisor to NCCIC leadership, lending his expertise to the overall management and strategy of U.S. government’s 24/7 hub for cybersecurity information exchange, incident response, and coordination. Prior to joining DHS, Mr. Nix served six years as the first Chief Information Security Officer (CISO) at the U.S. Department of Agriculture (USDA) Food and Nutrition Service.

Mr. Nix has 20 years of IT and consulting experience with both small and large enterprise security programs with a focus on information security program development
and assessments; governance, architecture, technical vulnerability assessments; and
product assessments.Mr. Nix holds a master’s degree in Management Information Systems from the University of Virginia, and a bachelor’s degree in Business Administration from James Madison University. He is a Certified Information Systems Security Professional (CISSP) and an American Council for Technology / Industry Advisory Council (ACTIAC) Fellow and former ACT-IAC Executive Committee Vice President at Large.

First round of speakers announced!!

We are thrilled to announce our first round of presenters for the 2018 ISACA Information Security & Risk Conference. We have had an overwhelming number of speakers submit some amazing talks. We still have the second round open until August 17, 2018 – so feel free to submit a talk. Here are the list of presenters. We will be publishing their abstracts and bios shortly.

  • Michael Wylie, Corporate Blue (US)
    • The Costly Mistakes of Being Unprepared
    • Fly Twitter Airlines
  • Tarek Habib, KPMG LLP (Canada)
    • A practical approach to business resilience: crisis management, business continuity and disaster recovery
  • Sunny Jamwal, MNP (Canada)
    • Subsistence* Living using PowerShell and WMI
  • Tim Dickinson, Sailpoint (Canada)
    • The Identity Utopian Trifecta: the power of identity context
  • David Chmielewski, illumio (US)
    • Stop Cyber Threats with Adaptive Micro-Segmentation
  • Andrew Kozma, Halifax Regional Police Department (Canada)
    • Aligning your security program to meet organizational objectives
  • Patrick McBride, Claroty (US)
    • The Perfect Storm – a look at operational technology security
  • Victoria McIntosh, Bloom Management Solutions (Canada)
    • Mirror, Mirror, on the Wall, Is Facial Recognition the Right Authenticator for All?
  • Darryl McLeod, Securicy (Canada)
    • The Security Questionnaire: To Do or Not To Do
  • Jamie Rees, NB Power (Canada)
    • Cybersecurity apprenticeship – tackling the talent gap
  • Wilco Van Ginkel, a3i (Canada)
    • Trust or not to trust in AI – that’s the question!
  • Lilly Chalupowski, GoSecure (Canada)
    • Don’t RAT me Out
  • Erik Denis, University of New Brunswick (Canada)
    • From the trenches: security case studies
  • Elaheh Samani, Google (Canada)
    • What is my “Cute kitten” really doing?! A recipe to dissect Chrome Extensions.
  • Anthony English, Mariner Security Solutions
    • Third Party Due Diligence
  • Keith Rayle, Fortinet (US)
    • Swarm vs. Hive – The Cyberwarfare Landscape of Today
  • Roger G. Johnston, Right Brain Sekurity (US)
    • How to Have Lousy Security: A Vulnerability Assessor’s
      Perspective
  • Shira Shamban / Grant Asplund, Dome9 (US)
    • Gone in 127 Minutes – Why Ephemeral Infrastructures Need Native Visibility, Security and Compliance

Training Session Announcement

We are thrilled to announce our last track in our full-day training sessions being held on October 31, 2018. We are excited to have Sandy Fadale, veteran ISACA CRISC, CGEIT and CISM certification instructor teaching the course Governance leading practices – How to setup governance in your organization.

IT governance provides a structure for aligning IT strategy with business strategy. By following a formal framework, organizations can produce measurable results toward achieving strategies and goals. A formal program also takes stakeholders’ interests into account, as well as the needs of staff and the processes they follow. In the big picture, IT governance is an integral part of overall enterprise governance. IT governance and GRC are practically the same thing. GRC is the parent program, what determines which framework is used is often the placement of the CISO and the scope of the security program.

Organizations today are subject to many regulations governing the protection of confidential information, financial accountability, data retention and disaster recovery, among others. They’re also under pressure from shareholders, stakeholders and customers. To ensure they meet internal and external requirements, many organizations implement a formal IT governance program that provides a framework of best practices and controls. Both public- and private-sector organizations need a way to ensure that their IT functions support business strategies and objectives. And a formal IT governance program should be on the radar of any organization in any industry that needs to comply with regulations related to financial and technological accountability.

In this day-long course, you will learn about:

  • Frameworks for Governance- Ensure the definition, establishment and management of a framework for the Governance of Enterprise IT in alignment with the mission, vision, and values of the organization.
  • Strategic Management – Ensure that IT enables and supports the achievement of enterprise objectives through the integration and alignment of IT strategic plans with enterprise strategic plans.
  • Benefit’s Realization – Ensure that information technology (IT) – enabled investments are managed to deliver optimised business benefits and that benefit realization outcome and performance measures are established, evaluated and progress is reported to key stakeholders.
  • Risk Optimization – Ensure that an IT risk management framework exists to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework.
  • Resource Optimization – Ensure the optimization of IT resources, including information, services, infrastructure, and applications, and people to support the achievement of enterprise objectives.

Sandy Fadale, CISM, CGEIT, CRISC, CISA, CBCP, I.S.P., is a solutions-oriented Global IT Risk, Security, Policy and Compliance Senior Leader with notable success directing a broad range of corporate security initiatives while participating in planning and implementation of information-security, governance, risk and compliance management solutions in direct support of business objectives for Mariner Security Solutions a division under Mariner Partners.