Date(s) - Oct 12, 2017
8:30 am - 12:30 pm
Staybridge Suites (Airport South)
8:30 a.m Arrival, Check-in & Networking
8:45 a.m. ISSA Announcements
9:00 a.m. – Josh Finkelstein, “Google BeyondCorp for the rest of us”
9:50 a.m. Refreshment Break
10:10 a.m. – Justin Orcutt, “Managing IT Risk Beyond Core IT”
11:00 a.m. Refreshment Break
11:20 a.m. – GCA Microfocus/NetIQ, “Creating a Culture of Security Advocacy”
12:10 p.m. Concluding Remarks / Door Prizes
Lunch will be provided after the event!
Google BeyondCorp for the rest of us
It’s no secret that the network perimeter is blurry and expanding. Google sees little distinction between board rooms and bars, cubicles and coffee shops; all are untrusted under its perimeter-less security model called BeyondCorp. This new model verifies the trust of the user and the device before granting access to critical applications, every single time. Google made this radical change, after the major attack they suffered in 2011 (project aurora), to better manage today’s risks and business needs.
How does a company that doesn’t have the resources of Google achieve a similar security posture? What does BeyondCorp mean for the rest of us? Attend this session to discuss this topic with Josh Finkelstein Engineer at Duo Security. Duo is known for making multi-factor authentication radically easy and deployable in an hour. Duo recently launched Duo Beyond, the first commercial implementation of Google’s BeyondCorp security model. Duo worked with several customers such as Kayak and Tanium to design Beyond and make it accessible for everyone.
Speaker: Josh Finkestein, Engineer at Duo Security
Managing IT Risk beyond core IT
More and more organizations are operating outside the purview of the CIO or ISO. This includes leveraging applications or microsites that represent risk to the organization but are not identified yet by the organization as something that needs to be protected. During this event we will discuss how to develop an effective Risk Management program for Shadow IT. This includes how to build culture that allows this to happen and helping prioritize issues. During the session attendees will learn:
- Steps that can be taken to manage shadow IT
- Common strategies to building a shadow IR Risk Management Program
- How to gain visibility into rogue apps
- The importance of managing shadow IT
- Lessons learned from being in the trenches
Bio: Justin Orcutt, CRISC
Justin Orcutt is a member of NCC Group’s North American Assurance Practice. Prior to joining NCC Group Justin worked with a large national security and compliance firm. For the past several years Justin has worked with Fortune 500 companies to help design, implement, and validate IT security systems.
Justin is actively involved in the Atlanta chapter of the Information Systems Audit and Control Association (ISACA), the Technology Association of Georgia (TAG) and the Information System Security Association (ISSA). Justin is Certified in Risk and Information Systems Control (CRISC). Justin currently serves as Board of Advisor for Gwinnett Tech Cybersecurity Program and Board of Directors for TAG Young Professionals Society
Justin has been a guest speaker for several organizations from topics regarding Cloud security to Shadow IT.
Creating a Culture of Security Advocacy
Read through the job descriptions at your organization; which roles list security as a responsibility? Would it surprise you to learn that Accounts Payable job descriptions typically don’t contain the word “security” and they are often responsible for disbursing thousands, if not millions, of dollars? Monitoring employees and transactions with machine learning, security information and event management (SIEM), and endpoint management is only a start. Security needs to be woven into the culture of organizations, these days, security is everyone’s responsibility.
Every year, studies show that 95% of all attacks are the result of human error, such as the use of weak passwords, clicking on malicious email links, or becoming the victim of social engineering. Security professionals can help stem the tide and address the human factor by evangelizing security advocacy with employees and customers. In this session we will discuss:
- Creating a culture of security advocacy by championing employees, customers and partners through engagement in:
- Training and education programs
- Working with HR to identify and change roles critical to security
- Helping employees identify and secure high risk activities
- Risk management and incident response planning
- Processes and tools that everyone can use to manage and monitor security
- Analysts’ perspective of Security Advocacy
- We will conclude with a discussion of low cost, high impact programs and initiatives you can start today that will make a difference and create a culture of security advocacy.
Speaker Bio: Simon Puleo
Simon Puleo CEH (Certified Ethical Hacker) is an educator/trainer by day and a security researcher at night. In his role as a Global Enablement Specialist at Micro Focus he educates employees and customers on identity powered security with an emphasis in access control including multi-factor authentication and identity governance. Previous to Micro Focus, he was with HPE Enterprise Security enabling global sales in application security, encryption key management and SIEM. Simon is actively engaged in researching the cyber-threat landscape and sharing his insights in seminars and articles. He is a regular contributor to ITPS Magazine and the Micro Focus Blog.