Date(s) - Jun 10, 2016
11:45 am - 1:15 pm
Presenter: Jeff Sauntry
Mr. Sauntry is a Managing Principal at Cigital with P&L responsibilities for five states in the Southeastern US, including Florida. Over the span of the two and half decades he has held senior management roles leading software engineering teams for large Independent Software Vendors (ISVs – Novell & Computer Associates), telecommunications (AT&T Consulting), service providers (Unisys & STMS) and big three consulting firms (KPMG and PWC). He currently holds the following industry certifications: CISSP, PCIP, CISM, CCFE & CFE. He is a fellow Floridian that lives in Bradenton, FL. When he isn’t helping customers solve tough security problems he enjoys digital photography, sport bikes and introducing people to the many awesome aquatic opportunities the Sunshine State has to offer. As a certified commercial captain he loves to hosts on or under the water adventures leveraging his rating as a PADI Master Scuba Diver Trainer to certify new scuba divers.
Presentation: Justifying the Correct Security Spend
Demonstrating and quantifying the value or ROI for security expenditures is a tough and never-ending battle. Like every other competing capital expenditure or operating expense, each organization must try to balance investing in the right amount of security to satisfy the organization’s risk appetite while meeting an ever increasing set of regulatory and privacy requirements.
Leveraging open source assessments, utilizing industry specific peer-comparisons, and analyzing emerging industry trends are great ways to build a business case for appropriate budget allocation for strategic initiatives & tactical security projects. During this presentation we will explore some of the key considerations for determining whether you should address an organizational capability shortcoming by building the capability organically in-house, or teaming with an external firm or Subject Matter Expert (SME). Capturing the correct metrics, determining the original source of security vulnerabilities introduction, and creating continuous feedback improvement processes can provide critical data points that an organization can utilize to demonstrate and measure the effectiveness and value of specific security initiatives. Finally, we will discuss the opportunity to reduce the cost of remediation by addressing certain security concerns at optimal stages of application/platform deployment.
The output of this discussion will provide attendees with the insight and means to answer senior management’s most frequent question – Are we spending the right amount on information security? In the interest of adhering to the allotted time for this presentation, we will focus primarily on application security, secure software development life cycle (SSDLC), PCI DSS v 3.2 requirements, and security testing; but the approach and recommendations are applicable to a wide range of security initiatives.
11:45 AM Arrival, Check-in & Networking & Lunch
12:00 PM Chapter President Message, Sponsor message, upcoming meetings
12:10 PM Speaker presentation
1:10 PM Prize Drawing & Wrap up
Parking: Free on-site