What we’re about
Information Systems Security Association (ISSA) is a not-for-profit, international professional organization of information security professionals and practitioners. It was founded in 1984 by Sandra M. Lambert and Nancy King (albeit work on its establishment started in 1982). ISSA promotes the sharing of information security management practices through educational forums, publications and networking opportunities among security professionals. ISSA is present in more than one hundred countries, including Europe and Asia, with more than 10,000 members.
As the founding chapter of ISSA, ISSA Los Angeles (ISSA-LA) has become the premier catalyst and community resource in Southern California for improving the practice of information security. The Chapter provides various training classes and lectures for information Security and IT professionals throughout the year and at the annual Summit. We accomplish this by providing:
- Education, networking and support to information security practitioners
- IT practitioners with information security responsibilities
- Information security vendors
- Outreach, advocacy and education to the broader Los Angeles community
ISSA-LA meets monthly for lunch and dinner and regularly collaborates with other IT and InfoSec organizations, having joint meetings with ISACA, OWASP, the Cloud Security Alliance, HTCIA, and the Association of IT Professionals to name a few.
Upcoming events
2
Unmasking DNS Threats & Cybersecurity Considerations for Medical Devices
Burton Chace Park, 13650 Mindanao Way, Marina del Rey, CA, USYou must register and pay to attend: https://www.eventbrite.com/e/unmasking-dns-threats-cybersecurity-considerations-for-medical-devices-tickets-1690082685809
### Topic One : Cybersecurity and AI Considerations for U. S. Medical Devices
From design and development to post-market considerations, the U.S. Food and Drug Administration requires that rigor be evident to ensure the patient safety of medical devices employing digital health solutions, including those that are AI-enabled. This talk provides an overview of those requirements as detailed in two recently finalized FDA guidance for industry publications and tips for demonstrating compliance when preparing premarket submissions, as well as during post-market assessments.
Speaker One: Diane Kulisek
Diane Kulisek is a Quality Systems and Regulatory Affairs Consultant to the Medical Device Industry with more than 20 years of hands-on experience. She has worked to ensure the safety of a wide range of medical devices, incorporating critical software, most notably those for cardiac applications such as a total artificial heart (Syncardia) and cardiac rhythm management (CRM) devices, including pacemakers and implantable defibrillators(Abbott). She has also contributed to the development of compliant design portfolios for critical software as a medical device (SaMD), specifically, ICU monitoring software (Philips).
As manager of quality systems for Johnson & Johnson, Diane drove the qualification of software as part of clinical sterilization processing equipment and developed the software validation master file for non-deliverable software used throughout the organization.
Diane has a Master of Science in Engineering and has long maintained certifications as a Manager of Quality/Organizational Excellence and as a Quality Engineer from the American Society for Quality (ASQ).
### Topic Two: Unmasking DNS Threats to the Healthcare Industry
The Domain Name System (DNS) is often called the “phonebook of the Internet,” but beneath its surface lies one of the most exploited attack vectors in healthcare. Cybercriminals abuse DNS to launch ransomware, steal protected health information (PHI), and disrupt clinical operations.
We’ll explore real-world healthcare scenarios where DNS has been weaponized for command-and-control, data exfiltration, and phishing that targets frontline staff. Attendees will learn how DNS abuse threatens patient safety and compliance, and why it is a blind spot in many hospital and research environments.
Key takeaways include:
- How attackers exploit DNS to compromise healthcare systems
- Techniques to detect and stop DNS abuse before it impacts care delivery
- The role of DNS security in a healthcare-focused Zero Trust model
Whether you’re a healthcare IT leader, security professional, or clinical informatics specialist, this session will equip you to better defend against one of the most trusted—but most abused—protocols on your network.
Speaker Two: Chris Usserman
Chris Usserman brings over 35 years of US Intelligence Community (IC) and Cybersecurity expertise, specializing in both offensive and defensive cyber operations. Currently at Infoblox, Chris is pivotal in collaborations with CISA, the Department of Defense and extended partner nations to actively shape global cybersecurity strategies and enhance international cyber defenses.
His career includes a decade at Lockheed Martin’s Advanced Technology Labs conducting cyber capabilities applied research, 14 years in Air Force Intelligence, 10 years in IC cyber operations, and over 11 years consulting on ‘Applied Intelligence’ to bolster cybersecurity postures for government and industry partners.
Chris excels at engaging and enlightening audiences with the latest cyber threat capabilities, employing more robust cybersecurity frameworks, and sharing his unique experiences about how threat actors think and act.
9 attendeesAligning Risk and Security to What the Business Really Wants
Hermosa Brewing Company, 1342 Hermosa Avenue, Hermosa Beach, ca, USYou must register and pay to attend: https://www.eventbrite.com/e/aligning-risk-and-security-to-what-the-business-really-wants-tickets-1764167184539
### Come and network with your friends, make new friends, and hear a great speaker. A buffet dinner will be served and drinks will be available.
Topic One: Beyond Checklists: Aligning Risk and Security to What the Business Really Wants
Security isn’t just about patching holes or passing audits, it’s about knowing where to aim your resources and when to stop. Too often, even well-funded programs stall because they’re chasing every vulnerability without a clear sense of what actually matters to the business.
This session will unpack what it really takes to align security with your organization’s risk appetite. We’ll talk about bridging the gap between security, IT, and the board, shifting from “we don’t want a breach” to defining a true north star that drives strategy, budget, and execution.
You’ll learn how to:
● Translate business risk appetite into actionable security priorities
● Recognize when “enough” risk mitigation is truly enough
● Build strategies that consider budget, IT readiness, and long-term maturity (not just frameworks)When done right, risk alignment transforms security from a reactive cost center into a disciplined driver of resilience and growth. If you’ve ever wondered, “How do I know my security strategy is aligned, or if we even have one?” this talk is for you. Expect candid insights, real-world examples, and practical takeaways for security leaders at every stage.
Speaker One: Gus Anagnos
Gus Anagnos is the Chief Operations Officer and CISO at Cyber Defense Group (CDG), where he oversees corporate strategy, delivery operations, account management, and customer success. With over 25 years of transformative leadership experience, Gus has excelled in translating technology into business value.
Previously, Gus served as the CISO at USC, leading key security initiatives and implementing a comprehensive cybersecurity program. Gus has also held senior roles at Synack, Inc., eBay, PayPal, IndyMac Bancorp, Marsh & McLennan and General Motors Corporation, establishing transformative programs and working with Fortune 500 companies and government agencies. He has a bachelor's degree in finance and an MBA.
4 attendees
Past events
192
Group links
Organizers
Members
1,196
